Suit: 185K spyware images sent to rental computersSuit: 185K spyware images sent to rental computers
An interesting article in Yahoo News tech section : PITTSBURGH (AP) — Spyware installed on computers leased from furniture renter Aaron’s Inc. secretly sent 185,000 emails containing sensitive information — including pictures of nude children and people having sex — back to the company’s corporate computers, according to court documents filed Wednesday in a class-action lawsuit.
According to the filings, some of the spyware emails contained pictures secretly taken by the rental computers’ webcams or other sensitive information including Social Security numbers, social media and email passwords, and customer keystrokes, the Federal Trade Commission determined last year.
To read more click here:
Old School Malware Writers Resurface With ‘MiniDuke’ Cyberattack
an interesting article in Fobes about malwware: Have old school malware writers resurfaced? According to Kaspersky Lab CEO Eugene Kaspersky they have, and they are behind the newest cyber attack against governments in Europe through a malware code the Russian internet security firm dubbed “MiniDuke.”
In a statement on their Securelist website, Kaspersky said miniduke is a very unusual cyberattack. I remember this style of malicious programming from the end of the 1990s and the beginning of the 2000s. I wonder if these types of malware writers, who have been in hibernation for more than a decade, have suddenly awoken and joined the sophisticated group of threat actors active in the cyberworld. These elite, ‘old school’ malware writers were extremely effective in the past at creating highly complex viruses, and are now combining these skills with the newly advanced sandbox-evading exploits to target government entities or research institutions in several countries.
To read more click here:
FedRAMP is proving to be a tough test for cloud providers
An interesting article By Rutrell Yasin on GNC.com:
Being granted approval to offer cloud services under the federal government’s FedRAMP cloud security program appears to be a more rigorous process than some cloud providers anticipated.
Of the more than 80 cloud providers who have applied to go through the FedRAMP certification, more than half are not yet ready to go through the process, according to Kathy Conrad, principal deputy associate administrator with the General Services Administration’s Office of Citizen Services and Innovative Technologies.
FedRAMP, the Federal Risk Authorization Management Program, is based upon trust. “The essence of that trust,” Conrad said, “is the rigor and the integrity of its security assessment that then can be leveraged across government.” The government intentionally designed FedRAMP certification to be rigorous and does not plan to make it easier, she said.
FedRAMP “is not a process for those who are looking for a quick and easy security assessment,” Conrad said. Instead, the average security assessment for systems that are not cloud-based takes about six months, and it is no quicker for FedRAMP and cloud systems, she said.
Conrad spoke to an audience of government and industry representatives Feb. 12 at the Cloud/Gov conference held by the Software and Information Industry Association in Washington, D.C.
Read more here.
A Closer Look at How FEDRAMP Certification Assures Cloud Security
A Closer Look at How FEDRAMP Certification Assures Cloud Security
How does FedRAMP establish baseline security controls in driving migration to the cloud?
| Webcast: | |
| When: | Thursday, March 14th at 2pm EST |
| Location: | Your Desktop |
| Cost: | FREE |
Join this complimentary exclusive webcast to hear Mr. Dave McClure, Associate Administrator, Citizen Services and Innovative Technology, General Services Administration (GSA), as he leads a dynamic discussion about the FedRAMP program.
You will learn:
- What the security standards mean to agencies cloud investment
- How FedRAMP will assess security authorization documentation available to successfully prepare for review
- How the FedRAMP security authorization process aligns with the NIST 800-37 risk management framework
Revealed: Stuxnet “beta’s” devious alternate attack on Iran nuke program
by Dan Goodin
Researchers have uncovered a never-before-seen version of Stuxnet. The discovery sheds new light on the evolution of the powerful cyberweapon that made history when it successfully sabotaged an Iranian uranium-enrichment facility in 2009.
Stuxnet 0.5 is the oldest known version of the computer worm and was in development no later than November of 2005, almost two years earlier than previously known, according to researchers from security firm Symantec. The earlier iteration, which was in the wild no later than November 2007, wielded an alternate attack strategy that disrupted Iran’s nuclear program by surreptitiously closing valves in that country’s Natanz uranium enrichment facility. Later versions scrapped that attack in favor of one that caused centrifuges to spin erratically. The timing and additional attack method are a testament to the technical sophistication and dedication of its developers, who reportedly developed Stuxnet under a covert operation sponsored by the US and Israeli governments. It was reportedly personally authorized by Presidents Bush and Obama.
Source: Ars Technica
Smartphones, Foolish Security Choices
An Interesting article from information week in there Security section: People with smartphones could be smarter in their security practices. One smartphone user in every four, according to security firm AVG Technologies, stores intimate photos on a smartphone or tablet, a practice that makes a lost or stolen device a potential privacy problem.
AVG didn’t specifically define “intimate” in its survey. “The mobile survey asks whether or not people have intimate photos of themselves on their smartphone or tablet, allowing the definition of ‘intimate’ to be purely up to the respondents’ interpretation of that word,” a company spokeswoman said in an email.
to read more Click here:
