Cyber Defence
Follow
Find
2.9K views | +0 today
Cyber Defence
Your new post is loading...
Your new post is loading...
Rescooped by Vicente Pastor from Advanced Threats,Intelligence Technology,CyberSecurity
Scoop.it!

British Intelligence Agency Inspired by Israeli Approach to Recruiting Technology High-Fliers

British Intelligence Agency Inspired by Israeli Approach to Recruiting Technology High-Fliers | Cyber Defence | Scoop.it
British spymasters are taking a leaf out of Israel’s book by launching a scheme that would permit the country’s smartest web experts and technology entrepreneurs to be hired on short-term contracts to tackle global security threats.

Via Paulo Félix, Constantin Ionel Milos / Milos Constantin
more...
No comment yet.
Scooped by Vicente Pastor
Scoop.it!

2015: the year of cyber security action, not words | Information Age

2015: the year of cyber security action, not words | Information Age | Cyber Defence | Scoop.it
In 2015, how can we turn a broader awareness of cyber security issues into action?
more...
No comment yet.
Scooped by Vicente Pastor
Scoop.it!

Cyber War, Free Speech, and National Security - The Diplomat

Cyber War, Free Speech, and National Security - The Diplomat | Cyber Defence | Scoop.it
Time for a debate on the tension between free speech and national security in the age of cyber warfare.
more...
No comment yet.
Rescooped by Vicente Pastor from Surfing the Broadband Bit Stream
Scoop.it!

Fingerprint 'cloned from photos'

Fingerprint 'cloned from photos' | Cyber Defence | Scoop.it
Hacker Jan Krissler claims to have cloned the fingerprint of a German politician using standard photographs taken at an event.

Via Chuck Sherwood, Senior Associate, TeleDimensions, Inc
more...
No comment yet.
Scooped by Vicente Pastor
Scoop.it!

​Denmark invests $75mn in offensive cyber division – report - End the Lie - Independent News

​Denmark invests $75mn in offensive cyber division – report - End the Lie - Independent News | Cyber Defence | Scoop.it
Reuters / Dado Ruvic The Danish Defence Intelligence Service (FE) has stated its readiness to launch cyberattacks against hostile states and organizations, according to Politiken daily.
more...
No comment yet.
Scooped by Vicente Pastor
Scoop.it!

Encryption, ransomware, iPhone hacks and nation-state attacks: Cyber-security predictions for 2015

Encryption, ransomware, iPhone hacks and nation-state attacks: Cyber-security predictions for 2015 | Cyber Defence | Scoop.it
Cyber-attacks are increasing and we talk to the cyber-security experts about what to expect in 2015
more...
No comment yet.
Scooped by Vicente Pastor
Scoop.it!

Denmark prepares to wage cyber warfare - The Local Denmark

Denmark prepares to wage cyber warfare - The Local Denmark | Cyber Defence | Scoop.it
After seeing defence secrets and sensitive business information fall into the hands of foreign hackers, Denmark is ready to strike back.
more...
No comment yet.
Scooped by Vicente Pastor
Scoop.it!

How India must deal with cyberwar - Financial Express

How India must deal with cyberwar - Financial Express | Cyber Defence | Scoop.it
A scenario-based mapping of a national strategy to deal with the emerging knowledge- and information-driven war-form
Vicente Pastor's insight:

Scenario-based planning for India national strategy. That sounds really familiar to me from certain course... Is the scenario depicted a plausible possibility in 5 years?

more...
No comment yet.
Scooped by Vicente Pastor
Scoop.it!

Cyber conflict is a 21st century hall of mirrors - CBS News

Cyber conflict is a 21st century hall of mirrors - CBS News | Cyber Defence | Scoop.it
Who was really behind the Sony hack? Too bad we can't put 007 on the case.
more...
No comment yet.
Scooped by Vicente Pastor
Scoop.it!

Cyber-attacks on South Korean nuclear power operator continue - The Guardian

Cyber-attacks on South Korean nuclear power operator continue - The Guardian | Cyber Defence | Scoop.it
Firm says nuclear power plants are operating safely and are secure from attack, and it has stepped up its cybersecurity
more...
No comment yet.
Scooped by Vicente Pastor
Scoop.it!

Cyberattacks used security software to cover their trail

Cyberattacks used security software to cover their trail | Cyber Defence | Scoop.it
State-sponsored hacking attempts frequently rely on specially written software, but that's a risky move. Unless it's well-made, custom code can be a give
more...
No comment yet.
Scooped by Vicente Pastor
Scoop.it!

Kogonuso: Tor Responds To The Cyber Attack On Its Network, Allegedly Executed By The Same Hacker Gang That Took Down Xbox Live And PlayStation Network

Kogonuso: Tor Responds To The Cyber Attack On Its Network, Allegedly Executed By The Same Hacker Gang That Took Down Xbox Live And PlayStation Network | Cyber Defence | Scoop.it
Tor Responds To The Cyber Attack On Its Network, Allegedly Executed By The Same Hacker Gang That T... http://t.co/mbYC5RhtiM
more...
No comment yet.
Scooped by Vicente Pastor
Scoop.it!

How a North Korean cyber attack could cripple Britain

How a North Korean cyber attack could cripple Britain | Cyber Defence | Scoop.it
GUY WALTERS imagines what would happen if North Korea successfully launched a full-scale cyber attack on Britain, bringing the nation to its knees.
Vicente Pastor's insight:

Would it be possible? Could this fictional story become true in UK or any other country? What do you think?

more...
No comment yet.
Scooped by Vicente Pastor
Scoop.it!

North Korea, Iran, Syria – asymmetric cyberwar is here to stay - Techworld.com

North Korea, Iran, Syria – asymmetric cyberwar is here to stay - Techworld.com | Cyber Defence | Scoop.it
Until last week very few beyond a handful of security titles, a few cybersecurity vendors and the middle pages of the New York Times paid much attention to the growing issue of small nations with big cyber-ambitions.
more...
No comment yet.
Scooped by Vicente Pastor
Scoop.it!

Sony condemns 'vicious' cyber attack

Sony condemns 'vicious' cyber attack | Cyber Defence | Scoop.it
Sony has publicly condemned the "vicious" cyber attack that led to it suspending the release of its film The Interview.
more...
No comment yet.
Rescooped by Vicente Pastor from Advanced Threats,Intelligence Technology,CyberSecurity
Scoop.it!

The Biggest Security Threats We'll Face in 2015 | WIRED

The Biggest Security Threats We'll Face in 2015 | WIRED | Cyber Defence | Scoop.it
As the clock strikes midnight on the new year, so begins the countdown to a new round of security threats and breaches that doubtless will unfold in 2015

Via Institute for Critical Infrastructure Technology, Constantin Ionel Milos / Milos Constantin
Vicente Pastor's insight:

And, as it is usual during this time of the year, one more article on predictions for 2015.

more...
Institute for Critical Infrastructure Technology's curator insight, January 4, 9:51 AM

As the clock strikes midnight on the new year, so begins the countdown to a new round of security threats and breaches that doubtless will unfold in 2015. But this year will be a little different. In the past, when we’ve talked about threat predictions, we’ve focused either on the criminal hackers out to steal credit card data and banking passwords or on the activist hackers out for the lulz (and maybe to teach corporate victims a lesson).

But these days, no threat predictions are complete if they don’t address the looming threats posed by nation-state attacks, like the ones exposed by Edward Snowden. It’s been said repeatedly that when a spy agency like the NSA undermines a system to gain access for its own use, it makes that system more vulnerable to attack by others. So we begin this list with that in mind.

Nation-State Attacks

We closed 2014 with new revelations about one of the most significant hacks the NSA and its partnering spy agency, the UK’s GCHQ, are known to have committed. That hack involved Belgium’s partly state-owned telecom Belgacom. When the Belgacom hack was first exposed in the summer of 2013, it was quickly hushed up. Belgian authorities made nary a sound of protest over it. All we knew was that the spy agencies had targeted system administrators working for the telecom in order to gain access to special routers the company used to manage customer cell phone traffic. New revelations about the Regin malware used in the hack, however, show how the attackers also sought to hijack entire telecom networks outside of Belgium so they could take control of base stations and monitor users or intercept communications. Regin is clearly just one of many tools the spy agencies have used to undermine private company networks. These and other efforts the NSA has employed to undermine encryption and install backdoors in systems remain the biggest security threat that computer users face in general.

Extortion

Controversy still swirls around the Sony hack and the motivation for that breach. But whether the hackers breached Sony’s system to extort money or a promise to shelve The Interview, hacker shakedowns are likely to occur again. The Sony hack wasn’t the first hacker extortion we’ve seen. But most of them until now have occurred on a small scale—using so-called ransomware that encrypts a hard drive or locks a user or corporation out of their data or system until money is paid. he Sony hack—possibly perpetrated by hacktivists or nation-state-backed hackers aided by a disgruntled insider, according to the government and various alternative theories—is the first high-profile extortion breach that involved threats of data leaks. This kind of hack requires more skill than low-level ransomware attacks, but could become a bigger problem for prominent targets like Sony that have a lot to lose with a data leak.

Data Destruction

The Sony hack announced another kind of threat we haven’t seen much in the U.S.: the data destruction threat. This could become more common in 2015. The attackers behind the breach of Sony Pictures Entertainment didn’t just steal data from the company; they also deleted it. It’s a tactic that had been used before in attacks against computers in South Korea, Saudi Arabia and Iran—in South Korea against banks and media companies and in Saudi Arabia and Iran against companies and government agencies involve in the oil industry. Malware that wipes data and master boot records to render systems inoperable. Good data backups can prevent an attack like this from being a major disaster. But rebuilding systems that are wiped like this is still time-consuming and expensive, and you have to make sure that the backups you restore are thoroughly disinfected so that lingering malware won’t re-wipe systems once restored.

Bank Card Breaches Will Continue

In the last decade there have been numerous high-profile breaches involving the theft of data from millions of bank cards—TJX, Barnes and Noble, Target and Home Depot to name a few. Some of these involved hacking the point-of-sale systems inside a store to steal card data as it traversed a retailer’s network; others, like the Barnes and Noble hack, involved skimmers installed on card readers to siphon card data as soon as the card was swiped. Card issuers and retailers are moving to adopt more secure EMV or chip-‘n’-PIN cards and readers, which use an embedded microchip that generates a one-time transaction code on in-store purchases and a customer-entered PIN that makes stolen data less useful to card thieves. As a result, card breaches like this are expected to decline. But it will take a while for chip-‘n’-PIN systems to be widely adopted.

Though card issuers are slowly replacing old bank cards with new EMV cards, retailers have until October 2015 to install new readers that can handle the cards, after which they’ll be liable for any fraudulent transactions that occur on cards stolen where the readers are not installed. Retailers no doubt will drag their feet on adopting the new technology, and card numbers stolen from older DNV cards can still be used for fraudulent online purchases that don’t require a PIN or security code. There’s also a problem with poor implementation; cards stolen in the recent Home Depot hack show that hackers were able to exploit chip-‘n’-PIN processing systems because they were poorly implemented. With the shift to EMV cards, hackers will simply shift their focus. Instead of going after retailers for card data they’ll simply target card processors that handle payroll accounts. In recent hacks involving the theft of $9 million and $45 million, hackers broke into the networks of companies responsible for processing pre-paid card accounts for payroll payments. After artificially increasing the balance and withdrawal limit on a handful of payroll accounts, mules around the world then cashed out the accounts through hundreds of ATM withdrawals in various cities.

Third-Party Breaches

In recent years we’ve seen a disturbing trend in so-called third-party hacks, breaches that focus on one company or service solely for the purpose of obtaining data or access to a more important target. We saw this in the Target breach when hackers got into the retailer’s network through an access point used by a heating and air-conditioning company that did business with Target. But this is low-level compared with more serious third-party breaches against certificate authorities and others that provide essential services. A breach of a certificate authority—such as one involving a Hungarian certificate authority in 2011—provides hackers with the ability to obtain seemingly legitimate certificates to sign malware and make it look like legitimate software. Similarly, a breach of Adobe in 2012 gave the attackers access to the company’s code-signing server, which they used to sign their malware with a valid Adobe certificate. Third-party breaches like these are a sign that other security measures have increased. Hackers need to resort to stealing certificates because operating systems like Windows now come with security features that prevent certain code from installing on them unless it’s signed with a legitimate certificate. These kinds of breaches are significant because they undermine the basic trust that users have in the internet’s infrastructure.

Critical Infrastructure

Until now, the most serious breach of critical infrastructure we’ve seen occurred overseas in Iran when Stuxnet was used to sabotage that country’s uranium enrichment program. But the days when critical infrastructure in the U.S. will remain untouched are probably drawing to a close. One sign that hackers are looking at industrial control systems in the U.S. is a breach that occurred in 2012 against Telvent, a maker of smart-grid control software used in portions of the U.S. electrical grid as well as in some oil and gas pipeline and water systems. The hackers gained access to project files for the company’s SCADA system. Vendors like Telvent use project files to program the industrial control systems of customers and have full rights to modify anything in a customer’s system through these files. Infected project files were one of the methods that Stuxnet used to gain access to Iran’s uranium-enrichment systems. Hackers can use project files to infect customers or use the access that companies like Telvent have to customer networks to study the customer’s operations for vulnerabilities and gain remote access to their control networks. Just like hackers used third-party systems to gain access to Target, it’s only a matter of time before they use companies like Telvent to gain access to critical industrial controls—if they haven’t already.

Scooped by Vicente Pastor
Scoop.it!

US Cyber Command is recruiting - AirForceTimes.com

US Cyber Command is recruiting - AirForceTimes.com | Cyber Defence | Scoop.it
U.S. Cyber Command this year is recruiting and training airmen to join one of the Air Force's 39 cyber mission force teams that will be established over the next two years.
more...
No comment yet.
Scooped by Vicente Pastor
Scoop.it!

FBI investigating US companies for engaging in cyber war - RT

FBI investigating US companies for engaging in cyber war - RT | Cyber Defence | Scoop.it
The US government is reluctant to intervene when companies are hacked, but the FBI is investigating whether American companies are engaging in revenge hacking using private firms in violation of the law.
Vicente Pastor's insight:

As always, the term "cyberwar" is used very fast by some journalists without having into account the necessary prerequisites for using the term.

more...
No comment yet.
Scooped by Vicente Pastor
Scoop.it!

Cybersecurity is #1 Business Priority for 2015 | David B. Grinberg | LinkedIn

Cybersecurity is #1 Business Priority for 2015 | David B. Grinberg | LinkedIn | Cyber Defence | Scoop.it
Are U worried about #Cybersecurity in #NewYear? Read my blog @LinkedInPulse http://t.co/3GFd8HRMe7 @ChuckDBrooks http://t.co/4FjDyNW71V
more...
No comment yet.
Scooped by Vicente Pastor
Scoop.it!

Al Qaed Arr: Bristol bus timetable hacked by terrorists (who thought they would cause travel chaos in 'the West') - Telegraph

Al Qaed Arr: Bristol bus timetable hacked by terrorists (who thought they would cause travel chaos in 'the West') - Telegraph | Cyber Defence | Scoop.it
Cyber terrorists thought the TravelWest website was for a more influential website promoting travel around the Western world - not the West Country
more...
No comment yet.
Rescooped by Vicente Pastor from IT Support and Hardware for Clinics
Scoop.it!

Cybersecurity Hindsight And A Look Ahead At 2015

Cybersecurity Hindsight And A Look Ahead At 2015 | Cyber Defence | Scoop.it
Editor's note: Yoav Leitersdorf and Ofer Schreiber are partners at YL Ventures, which invests early in cybersecurity, cloud computing, big data and..

Via Technical Dr. Inc.
Vicente Pastor's insight:

I would be really interested in being exposed to the announced automated incident response solutions. Automation, as always, works up to a certain degree. Human intervention cannot be completely eliminated (at least within the current status of reasearch) for all tasks. This type of announces make lots of people think that those solutions work autonomously without the need for a number of people to continuously maintain and configure them. But more automation means also more people maintaining and tuning the solution. What do you think?

more...
No comment yet.
Rescooped by Vicente Pastor from @The Convergence of ICT & Distributed Renewable Energy
Scoop.it!

UK wants hot tech grads to do spy work before building startups

UK wants hot tech grads to do spy work before building startups | Cyber Defence | Scoop.it
The British government is considering a program that would see the most promising tech graduates spend some time working for the GCHQ signals intelligence agency, the U.K.’s equivalent to the NSA, before they move into the private sector.

Via Chuck Sherwood, Senior Associate, TeleDimensions, Inc
more...
Newcastle Web Consulting's curator insight, January 6, 7:16 AM

In short, part of the attraction lies in the idea of making money out of GCHQ’s in-house spy tech. In Israel, some Unit 8200 technologies have ended up being commercialized through startups created by former members. The Cabinet Office reckons the same could be done in the U.K., particularly around cybersecurity technologies — Cabinet Office boss Francis Maude visited Israel in November and, I am told, came away with lots of ideas around “digital and cyber”.

Rescooped by Vicente Pastor from War Games
Scoop.it!

How Should U.S. Respond to Sony Breach?

How Should U.S. Respond to Sony Breach? | Cyber Defence | Scoop.it
Seeking a measured response to an attack on a non-critical infrastructure company requires carefully balancing a strong message to North Korea with one that doesn't

Via Emilio
more...
No comment yet.
Scooped by Vicente Pastor
Scoop.it!

South Korea nuclear operator says cyberattacks continue, reactors safe

South Korea nuclear operator says cyberattacks continue, reactors safe | Cyber Defence | Scoop.it
SEOUL (Reuters) - South Korea's nuclear power operator said on Sunday that cyberattacks on non-critical operations at the company's headquarters are continuing but the country's nuclear power plants are...
more...
No comment yet.
Rescooped by Vicente Pastor from @The Convergence of ICT & Distributed Renewable Energy
Scoop.it!

What we know about North Korea's cyberarmy

What we know about North Korea's cyberarmy | Cyber Defence | Scoop.it
Snippets of information about the secretive regime's cyberops have leaked out over the years

Via Chuck Sherwood, Senior Associate, TeleDimensions, Inc
more...
No comment yet.