More evidence is beginning to emerge that the Adobe Reader zero-day bug revealed recently is being used in targeted attacks against companies and federal agencies. Researchers recently have come across fresh samples of malware exploiting the vulnerability by using files crafted to draw in employees of federal contractors and other related organizations.
Browsing Category: Critical Infrastructure
Executives for some of the world’s largest oil companies stressed that cyber attacks against their companies are becoming more strategic and happening more frequently at a conference last week, according to a report today from the BBC.
Cyber security analysts at private sector firms in the U.S. say they have linked a string of devastating hacks of military networks and defense contractors to a small cadre of hacking groups within China, and are pushing the U.S. government for the green light to strike back.
Attackers have been going after various pieces of the DNS infrastructure for a long time now, and it’s not unusual for there to be somewhat organized campaigns that target certain vertical industries or geographic regions. But researchers lately have been seeing an interesting pattern of compromises in which attackers somehow add new names to existing domains and use those sub-domains to piggyback on the good reputation of the sites and push counterfeit goods, pills and other junk. And now they’re using the attack to push exploits via the Black Hole Exploit Kit.
Another certificate authority in The Netherlands has been hacked, though this time the attack does not appear to have affected the certificate-issuing operations of Gemnet, a subsidiary of KPN. The company, which does business with the Dutch government among other organizations, said it has taken its Web site offline while it investigates the attack.
The FBI says that more than 2.5 million systems infected with the DNSChanger malware connected to DNS servers set up by the authorities in the week following a crackdown on a global criminal network dubbed Ghost Click.
According to a new report from the Government Accountability Office, federal cybersecurity workforce initiatives are in need of better planning and coordination, particularly with regards to human capital.
The security industry has no shortage of hard problems to solve, but the one that’s getting the most attention right now is finding a way to improve, or ideally, replace, the CA infrastructure. The latest in what has become a series of recent proposals to help shore up the certificate authority system comes from a pair of Google security researchers who have laid out a plan for providing auditable public logs of certificates as well as proofs for each certificate that’s issued.
The United States Department of Homeland Security cried foul yesterday morning, debunking claims from both the Illinois Statewide Terrorism and Intelligence Center (STIC) and Applied Control Solutions that a water station in Illinois was hacked earlier this month.
A flurry of reports late last week described an attack on an unnamed Springfield, Ill. water treatment facility where the plant’s supervisory control and data acquisition software (SCADA) were compromised by Russian computers.
Was The Three Character Password Used To Hack South Houston’s Water Treatment Plant A Siemens Default?
Siemens said on Tuesday that it is working with the U.S. Department of Homeland Security to investigate a cyber intrusion into a water treatment plant in South Houston, Texas, but couldn’t confirm that a default, three digit password hard coded into an application used to control the company’s SCADA software played a role.