The sharing of information on threats and attacks between government agencies and companies in the private sector has been tried numerous times and in many different ways over the last decade, with varying degrees of success. The need for information flowing in both directions likely is more pressing than ever right now, with high-level attacks targeting critical infrastructure systems and utilities every day, but much of that data in the government realm remains classified and few enterprises are eager to reveal details, either. As the attacks continue, officials say there may be a need for a new mechanism to get the information flowing.
One of the main problems when it comes to information sharing programs is that the data on new threats and attacks needs to be shared as the attacks are happening, and that’s difficult to accomplish. In the middle of an attack, security teams and incident-response groups are concerned with stopping the attack, discovering what systems have been compromised and determining whether any data was stolen. Packaging up the information on what happened, even if it’s readily accessible, and making it available for others is typically a low priority.
Read more on ThreatPost
- Hopes for federal cybersecurity standards fading (pcadvisor.co.uk)
- White House orders spy agencies to share cyberthreat intel with companies (nbcnews.com)
- DOD Seeks Ways to Streamline Information Sharing (defense.gov)
The latest security studies are in, and here are the analyses from seCURE Connexion…
- Android malware has overgrown, with an extreme growth by the end of July to the month of August, and into September and October. Get protected now with the latest in mobile security, so your smartphone can stay secure from the dangers of the app world.
- Another rise for Android issues, would be apps that act like aggressive adware, by collecting way too much personal information. It is continuously a problem, dealing with apps that collect a load of personal information, and some have worried about identity theft.
- Vendors of software have seen a continual rise in vulnerabilities for the past couple of years. However, Apple seems to have the worst problem, but so does Google. Both companies have seen varying degrees of intensity and quantity of attacks, and it’s to question that Microsoft is seeing a break in the action. The good part is, Microsoft only shown half as many vulnerabilities as Google, and only one-quarter as many as Apple. Though these numbers are only speculative, based on looking over the lists of the past few months.
- Some of the major malware on Windows systems have included Trojan.ZeroAccess, Worm.Conficker, and more.
- Corporate and government entities have seen an extreme rise in the number of cyberattacks. Worries about a cyberwar are continually heating up, and it’s unknown the origin of most of the attacks.
- According to the Symantec Internet Security Threat Report (ISTR), 400 million new variants of malware were created in 2011, which is an average of 33 million new variants of malware a month, or an average of one million new variants a day.
Overall, the spectrum of cyberattacks has increased on an extreme level, whether it’d be cyberwar related, or cybercrime. It’s definitely best to consider this declared war, and work constantly to protect our computers and our own livelihood.
The New York Times reported about the damages of the attacks on Saudi Aramco, a Saudi Arabian oil firm. The article stated the following, blaming Iran for the attacks on Saudi Aramco along with supporting evidence:
That morning, at 11:08, a person with privileged access to the Saudi state-owned oil company’s computers, unleashed a computer virus to initiate what is regarded as among the most destructive acts of computer sabotage on a company to date. The virus erased data on three-quarters of Aramco’s corporate PCs — documents, spreadsheets, e-mails, files — replacing all of it with an image of a burning American flag.
United States intelligence officials say the attack’s real perpetrator was Iran, although they offered no specific evidence to support that claim. But the secretary of defense, Leon E. Panetta, in a recent speech warning of the dangers of computer attacks, cited the Aramco sabotage as “a significant escalation of the cyber threat.” In the Aramco case, hackers who called themselves the “Cutting Sword of Justice” and claimed to be activists upset about Saudi policies in the Middle East took responsibility.
Intelligence officials are still investigating the nature of the RasGas hack also, because it is related to this attack, which involved a malware called Shamoon.
The investigations of Saudi Aramco and RasGas, Qatar’s top natural gas firm, are coming together. Most of the cyberattacks this year have been aimed at erasing data on energy companies’ computers. More updates to come.
- How hackers attacked Saudi oil company’s computers (seattletimes.com)
- US Increasingly Convinced Iran Behind Attack On Saudi Aramco (techweekeurope.co.uk)
- Shamoon Virus that Attacked Saudi Aramco is the Most Dangerous to Date (oilprice.com)
Adobe has released a critical update for Shockwave Player after several serious vulnerabilities were found.
- Users of 188.8.131.527 and earlier versions should now update to version 184.108.40.2068 – Update Now
- Updates are available for Windows and Mac systems.
- There is no active propagation of exploits.
- Check to see if you have Shockwave Player.
- Shockwave Player is not the same as Adobe Flash Player, which update October 8.
- Check release notes.
- Uncheck the Norton Security Scan, if it shows.
To protect against vulnerabilities, it is best to have a good internet security software, not FREE antivirus! Check here:
Say you are on the Gmail login page and the web browser, as always, has auto-filled the username and passwords fields for you.
This is convenient because you can sign-in to your account with a click but because you have not been typing these saved passwords for a while now, you don’t even remember the Gmail password anymore.
All web browsers, for security reasons, mask the password fields in login forms behind asterisk characters thus making it impossible for passersby to see your secret string.
There’s however an easy workaround that will let you convert those asterisks into the actual password and you don’t need any external utilities or bookmarklets for this. Here’s how: