IBM Acquire Resilient Systems and Gain Security Expert Bruce Schneier

IBM has announced today that they will be acquiring Resilient Systems and as well as the company, they will be bringing one of the biggest names in the security world on board, Bruce Schneier.

Resilient Systems specialize in developing an incident response platform that orchestrates and automates incident response processes in the case of cyber incidents including security breaches and loss of devices carrying vital data. Integrating the talents and platform of Resilient Systems into IBM Security gives them the first fully end-to-end system that combines analytics, forensics, vulnerability management and incident response in the industry said IBM.

Part of the deal for the acquisition includes plans by IBM to bring on board Resilient’s full staff of around 100 people, including Bruce Schneier, cryptography and security expert and CTO of Resilient. Exactly when the deal would be closed was not revealed by IBM, nor were any further details of the terms between the two companies.

This is just the latest step by IBM to bolster their abilities in the field of security, already hiring over 1000 security experts in the last year and appointing Mark van Zadelhoff as the manager of the security division. Monday also saw the launch of IBM X-Force Incident Response Services which aims to work with clients to assist them in planning for, managing and responding to cyber attacks. The Resilient Incident Response Platform, as well as IBM’s QRadar Security Intelligence Platform, will both be a key part of these services, with the technologies planned to be integrated across IBM’s full security portfolio.

In the modern corporate world, where it is quickly becoming a case of how to respond to and handle cyber-attacks instead of just defending against them, the acquisition of Resilient helps IBM to provide an even greater security service to their customers.

Hyatt Hotels Hit by Hacker

Today Hyatt Hotels issued a warning to their visitors in the wake of a cache of malware being discovered on their customer payment system being discovered. This isn’t the first hotel chain to suffer security issues recently, with Hilton, Mandarin Oriental, Starwood and Trump Collection all having suffered issues with the security of their payment systems.

The security breach was made public by Hyatt’s Global President of Operations, Chuck Floyd, in a post on their official website. While there was no mention of exactly when the issue was discovered, he reported that the problem had been fixed and the system in place have had their security strengthened. Previous customers have been encouraged to check their credit card statements in case of unauthorized use of their payment details.

A lot of the details regarding the incident still remain unclear and unmentioned by Hyatt. They neither confirmed nor denied whether the malware led to the leaking of any customer data. Hyatt is currently investigating the issue fully with the help of leading third-party cybersecurity experts. The results of this investigation will be posted on Hyatt’s website.

Operating in 52 countries and with 627 hotels in their portfolio, the potential impact of this hack is huge if it led to the leak of customers’ personal and payment details. Thankfully, only around half of their properties were impacted by the malware, with franchised hotels managing to be unaffected.

University Network “Janet” Struck by Cyber Attack

Universities in the UK have been struck by a DDOS attack which caused major outages to the Janet network. This network serves over 18 million users and provides UK education bodies with a highly reliable and supposedly secure network. The cyber attacks “have resulted in reduced connectivity and disruption” in a statement on network provider, Jisc’s Facebook page. Jisc executive director Tim Kidd explained:

“We understand the importance of connectivity to colleges, universities and other public sector organisations,”

“We are doing everything in our power to ensure normal service in resumed as soon as possible, and in the meantime to minimise any disruption that users of the Janet network may be experiencing. We apologise for any inconvenience caused.”

According to the BBC, the University of Manchester sent out an e-mail after hearing complains from staff and students about connectivity problems which reads:

“By flooding the service with excessive network traffic, an attacker is attempting to exceed the capacity of the service, which causes the service to run slowly or become unavailable,” 

Apparently, the DDOS attacks have managed to disrupt the Janet network for two days and counting! This isn’t an ideal situation and means many students cannot complete their coursework or look online for reading materials. Realistically, you wouldn’t expect a huge government funded network to fall so easily to a DDOS attack and illustrates the system’s vulnerabilities. Hopefully, the network team can learn from this escapade and find better ways to fight cyber attacks in the future. It’s quite clear though that DDOS attacks are on the rise.

TalkTalk Website Struck by Cyber-Attack

The Metropolitan Police Cyber Crime unit has launched an investigation after the major UK internet and phone provider was hit by a “significant and sustained cyberattack” on Wednesday. At the current time, it is unclear as to the full extent of the attack, however, TalkTalk has released a guide with more information on the attack and advise their customers to be aware that some data may have been leaked. Alarmingly among this list are credit card and bank details, which when correlated with other potentially leaked account details such as names and email addresses could expose many of TalkTalk’s 4 million strong customer base to unauthorized access to finances and other identity fraud.

This isn’t the first time this year that TalkTalk has been affected cyber attacks that resulted in theft of customer data, when its associated firm Carphone Warehouse was the target of an attack that resulted in close to half a million TalkTalk Mobile customers being affected.

All of this is bad news for TalkTalk, which is already struggling with poor customer satisfaction, its Broadband division scoring only 48% in Which? magazines latest customer satisfaction survey. And while TalkTalk now assure customers their site is once again secure, the recurring leaks of data by the company are sure to hurt trust with their customers.

Are you a TalkTalk customer who has been affected by these attacks and are you concerned about the security of your details with the company in future? Let us know in the comments below and remember to check out Talk Talk’s advice on the incident.

Hack Targets Email System Of The Pentagon

NBC news is reporting information which has been supplied by US officials who have stated that Russia has launched a “sophisticated cyber attack” with the aim being the Pentagon’s Joint Staff unclassified email system.

The email system has since been shut down by being taken offline for almost two weeks. The attack happened “sometime” around July the 25th 2015, this has affected around 4,000 military and civilian personnel who work for the joint chief of staff. I love how specific highly trained government officials are behaving concerning this possible intrusion.

Sources have briefed NBC News that the hack relied on “some kind of automated system that rapidly gathered massive amounts of data and within a minute distributed all the information to thousands of accounts on the Internet”. There is suspicion that Russian hackers planned and implemented the cyber attack via encrypted accounts on social media.

The phrase, “oh here we go again” comes to mind with these types of cyber attacks, which conjure a feeling of Déjà vu or Groundhog Day depending on your movie of choice. If governments, companies and infrastructures intend to keep information stored within networks and connected devices, then it needs to be secure. It’s absurd that it keeps happening over and over again; it’s almost deciding which foot to shoot and ending up shooting both.

Officials have stressed at this time no classified information has been compromised, hopefully this will not change. There is also the unknown factor of whether this has been orchestrated by hackers on behalf of the Russian government. I expect more information to be placed in the public domain within the coming days, or it will be forgotten by a new hack from a far-flung country. Who knows, at this stage nothing is surprising.

Thank you NBC News for providing us with this information

Image courtesy of masteringfilm

CyberBerkut Release Video Purporting to Show Staged Videos From IS

Right, not sure what to make of this, but this has appeared on a few tech sites in the last few hours, according to online hacktivist CyberBerkut, who are claiming to have released a video which purports to be from Senator John McCain’s laptop and (ALLEGEDLY) shows what looks to be a stage-managed version of IS executions.

According to the information, Senator McCain did visit Ukraine in the last week where CyberBerkut are based, according to them; they somehow accessed his laptop for this information. Again, allegedly.

Below is the statement which CyberBerkut has placed onto their website

We CyberBerkut received at the disposal of the file whose value cannot be overstated! Dear Senator McCain! We recommend you next time in foreign travel, and especially on the territory of Ukraine, not to take confidential documents. In one of the devices of your colleagues, we found a lot of interesting things. Something we decided to put: this video should become the property of the international community!”

I am not going to comment but to only give the information which is available to the story as of writing, expressing an opinion on such unproven allegations would be disrespectful to the families and friends who have lost loved ones to these barbaric acts.

Propaganda, protest or truth, this is the information circulating

Information attributed to cyber berkut

Image Courtesy of cyberwarzone

Hackers Took Up Residence Inside Government PC for a Year!

I recently wrote an article which looked at the Cyber attack and subsequent theft of 4.2 million American Federal data of employees which was transferred from the Office of Personnel Management to an external source. At the time it seemed to be a well orchestrated planned attack which granted criminals access to a government network for a brief period of time, the word brief in this case is very much redundant now, as  new information has come to light.

This attack on the Personnel Management’s security-clearance computer system which is slightly different to the personal database was first breached in June, 2014 according to new information. This effectively means that hackers had access to a sensitive system for at least a year. Hackers had access to the personal database for 4 months before this intrusion was detected. The confirmation came from Stewart Baker who is a former National Security Agency general counsel. There is also strong speculation that these Hacks had originated from China, which means if true, this is one of the most sensitive pieces of information to be reached by state-sponsored hackers.  If these virtual intruders stayed any longer, officials would be asking them to pay rent.

There lays the murky layers of state organized crimes, if true, China will deny responsibility, but as we all know, China has farmed hacking and infiltration out to factory designed hackers who are still on the payroll, but the Chinese government can deny this as it was not directly them.

Perhaps it’s time for the US government to invest in protecting its citizens rather than placing them under virtual surveillance, if this information leakage continues; private citizens will find themselves virtually held in a different country.

Thank You The Washington Post for providing us with this information

Image courtesy of huffingtonpost

The Resale Cost Of Stolen Data

Crime doesn’t pay. Cyber crime on the other hand pays handsomely according to the current resale price tag associated with the data breach, which led to 4.2 million American Federal data of employees being transferred from the Office of Personal Management to as yet unknown source. Analysis has identified places within various dark net marketplaces which are reselling the data from as little as 50 cents to $10 (£6.30) Now I know what you’re thinking, “You cannot become rich over 10 bob” Very true, you can’t, But experts have placed a total value of every single piece of data which had been breached to nearer $140 million dollars (£88,186,198.86)

These so-called “sets” contain every piece of information from a particular person which includes name and birth etc. While scanning through the information it becomes clear the fly is very much in the ointment for people up to no good, at first glance you would think all these identities are genuine which they are, but if you had your information stolen you would correct this, If you had a password hacked then you would change it, this is exactly what has happened with the data. Once someone suspects they have been breached, they make plans to correct it. The odds are for every 10 pieces of information which are sold for $10 each, only one will work.

It’s shocking but not surprising that sensitive data as personal as in this case did not have a better protection mechanism, it’s also clear this data was not encrypted if criminals have had access to it. I also think companies who hold sensitive information about our identities need to invest to build infrastructure to cope with it, otherwise essentially every single person could be cloned. Only time will tell if this data breach was indeed state-sponsored or a lone wolf acting with criminal intent

Thank You Vocativ for providing us with this information

Image Courtesy of Kennisalliantie

Baby Formula? There’s a Cyber attack For that!

Hackers are portrayed as technical marvels who apparently, according to various media outlets sit in a dark room and infiltrate top-secret government networks in order to steal information or plunder vast financial institutions before running off, ok flying off, ok clicking a mouse button and pressing shut down, but still making off with their ill-gotten gains.

Well according to the Albuquerque Journal, no I haven’t made this name up, have reported that three teenage boys who attend V. Sue Cleveland High have allegedly orchestrated a Cyber Attack into the Enfamil baby formula website using a school computer and their own device. The synopsis of the story centres on the three boys who had a little bit of free time while attending their school’s robotics class, while looking at various websites they allegedly came across the Enfamil live chat site and in their wisdom, or lack of, decided to harass the forum members with various questions which started benignly but became more aggressive.

This continued from May 13 – 18 until Enfamil informed them they would be blocked, well that did not go down well as allegedly the three boys posted the website of Enfamil on a hacker website which in turn allegedly took the site down.

With the information presented so far, I do feel the three teenagers were only partly culpable for the alleged Cyber Attack; yes they posted the website on a Hacker forum but they did not undertake the Cyber Attack themselves but rather asked others to carry out the attack which does sound like a DDoS technique.

I also feel a comment by the district that Enfamil was not blocked by the Internet Filter because it did not fall into a banned category to be laughable. Many websites which are hacked are not prohibited or inappropriate i.e. Sony, although The Interview could have been blocked for being utter drivel. It also demonstrates the Internet can place people or in this case teenagers in an artificially powerful position where actions can result in real world consequences.

Thank You Albuquerque Journal for providing us with this information

Image Courtesy of ElectroKami

Hola CEO Responds to Botnet Controversy

Hola, the peer-to-peer (P2P) VPN provider, was recently accused of allowing its customers’ network to be used to form botnets to launch malicious cyber-attacks. A group of researchers, under the banner Adios, discovered that up to 47 million people could have been inadvertently providing hackers with enough bandwidth to launch massive DDoS attacks. Now, Hola’s CEO Ofer Vilenski has spoken out about the controversy, insisting that accusations of negligence against the company are unfair, denying that its customers form part of a botnet, and that its policy for sharing user bandwidth through P2P was transparent from the start.

“There have been some terrible accusations against Hola which we feel are unjustified,” Vilenski said in a post on Hola’s website. He went on to explain what he calls the “three issues” regarding the allegations:

1. Hola is about sharing resources

We assumed that by stating that Hola is a P2P network, it was clear that people were sharing their bandwidth with the community network in return for their free service. After all, people have been doing that for years with services like Skype. It was not clear to all our users, and we want it to be completely clear.

We have changed our site and product installation flows to make it crystal clear that Hola is P2P, and that you are sharing your resources with others. This information is now “in your face” – and no longer appears only in the FAQ.

2. Does Hola make you part of a botnet?

No! Hola makes its money by selling its VPN service to businesses for legitimate commercial purposes, such as brand monitoring (checking the prices of their products in various stores), self test (checking how their corporate site looks from multiple countries), anti ad fraud (ensuring that the adverts are not inserted enroute to use), etc.

There was some concern that by selling our VPN services to enterprise customers, we were possibly exposing our users to cyber criminal traffic that could get them in trouble (Thus the ‘botnet’ accusation). The reality is that we have a record of the real identification and traffic of the Luminati [Hola’s commercial name] users, such that if a crime is committed, we can report this to the authorities, and thus the criminal is immediately identified. This makes the Hola/Luminati network unattractive to criminals – as opposed to Tor for example, which provides them complete anonymity for free.

Last week a spammer used Luminati by posing as a corporation. He passed through our filters and was able to take advantage of our network. We analyzed the incident, and built the necessary measures in our processes to ensure that such incidents do not occur, and deactivated his service. We will cooperate with any investigation of the incident to ensure that he will be punished to the fullest extent.

3. Vulnerability of the Hola client

Part of the growing pains of creating a new service can be vulnerability to attack. It has happened to everyone (Apple iCloud, Snapchat, Skype, Sony, Evernote, Microsoft…), and now, to Hola. Two vulnerabilities were found in our product this past week. This means that there was a risk of a hacker being able to operate remote code on some devices that Hola is installed on. The hackers who identified these issues did their job, and we did our job by fixing them. In fact, we fixed both vulnerabilities within a few hours of them being published and pushed an update to all our community. We are now undergoing an internal security review, as well as an external audit we have committed to with one of the big 4 auditing companies’ cyber auditing team.

It’s a strong defence, but is contradicted by the findings of numerous security firms that the VPN is still riddled with security holes that can be easily exploited by hackers.

Image courtesy of TechRadar.

UK Government Exempt From Laws Making Hacking Illegal

The UK government has adapted existing anti-hacking laws to allow British intelligence and security agencies to legally hack and launch cyber attacks, according to campaigners.

Human rights watchdog organisation Privacy International was in the process of launching legal action against the UK government for unlawful spying by use of hacking and cyber attacks until Parliament changed the law in order to protect themselves. The change not only protects existing actions, but also “grants UK law enforcement new leeway to potentially conduct cyber attacks within the UK,” according to Privacy International. While Privacy International still intends to bring a case against the UK government for its actions, it will now be launched on the basis of “hypothetical facts”.

This marks the second time that the UK has rewritten online surveillance laws to protect its interests: back in February, a revised code of practice for GCHQ gave “UK spy agencies sweeping powers to hack targets, including those who are not a threat to national security nor suspected of any crime,” Privacy International said.

“The underhand and undemocratic manner in which the Government is seeking to make lawful GCHQ’s hacking operations is disgraceful,” Eric King, deputy director of Privacy International, said.

“Hacking is one of the most intrusive surveillance capabilities available to any intelligence agency, and its use and safeguards surrounding it should be the subject of proper debate.”

“Instead, the government is continuing to neither confirm nor deny the existence of a capability it is clear they have, while changing the law under the radar, without proper parliamentary debate.”

Last week, GCHQ began recruiting hackers, seeking those who could engage in “computer network operations against terrorists, criminals and others posing a serious threat to the UK”.

Thank you The Independent for providing us with this information.

North Korea’s Internet Appears to Be Under Cyber Attack

North Korean internet has never been very stable, nor is it accessible to many of the citizens. It’s more a tool for North Korea to have access to the outside world and their connections, or so it is thought. They are currently suffering one of the worst outages in recent memory, suggesting that the country may be enduring a mass cyber attack. This comes just shortly after Obama’s response to the Sony hacking.

“I haven’t seen such a steady beat of routing instability and outages in KP before,” said Doug Madory, director of Internet analysis at the cybsecurity firm Dyn Research, according to Martyn Williams of the excellent blog North Korea Tech. Madory explained, “Usually there are isolated blips, not continuous connectivity problems. I wouldn’t be surprised if they are absorbing some sort of attack presently.”

There of course are other possible reasons for the outtake, and with a country like North Korea we can’t really expect a public statement, nor really trust any. Remember they sent a man to the sun and back during a night flight? One other possibility is that China simply has cut them off to prevent more conflicts to arise with them in the middle, as North Korea’s internet is routed through China. There’s also the possibility of routine maintenance, but lot of security companies that monitor the current events all point towards an cyber attack.

Where it originates from, is anyone’s best guess. It could be one of the lawless hacking groups or even a government entity somewhere.

Thanks to VOX for providing us with this information

Image courtesy of VOX

The FBI Warns Businesses about Iranian Cyber Attack Against Energy, Defense, Education

The US Federal Bureau of Investigation has warned businesses, energy companies, and educational institutions that they should be made aware of a possible organised cyber attack by Iranian hackers.

The FBI has even warned middle schools that this could hit them, but hasn’t stated if the Iranian government would be behind the attack, but the US agency has said that the cyber attacks are originating from within Iran, with some security experts stating it could be a state-sponsored attack. Cylance, a security firm, believes it could be a state-sponsored attack with Cylance Chief Executive Stuart McClure saying that the attack “underscores Iran’s determination and fixation on large-scale compromise of critical infrastructure.”

Cylance claims to know of 50 victims of this Iranian cyber attack, something that has hit 16 countries including Canada, China, England, France, Germany, India, Israel, Kuwait, Mexico, Pakistan, Qatar, Saudi Arabia, South Korea, Turkey, United Arab Emirates, and the US.

Source: Electronista.

Sony Hires Mandiant, a Forensics Unit, to Clean Up After Cyber Attack

Mandiant, FireEye Inc.’s forensics unit, has been recruited by Sony Pictures Entertainment to restore and strengthen its computer network in the wake of a cyber attack that resulted in five unreleased movies being leaked online. The FBI has opened an investigation into the incident.

Last Monday, Sony’s system went down, replaced by a red skull and the phrase “Hacked by the #GOP”. The GOP in this instance is not the nickname for the US Republican Party, but a hacker group known as Guardians of Peace. Though Sony have refused to comment on the extent to which their servers have been compromised, e-mails to Sony employees have been bouncing back with a message asking the sender to call the person in question, as the system was “experiencing a disruption”.

Mandiant has a track record at responding to such attacks, having performed a similar role after the Target Corp attack in 2013.

Source: Reuters

FBI Informant Leads Attacks on Turkish Government

A hacker who turned to being an FBI informant in order to avoid prison has been leading cyber attacks on Turkey.

Hector Xavier Montague, or better know under the alias Sabu, has been working with the FBI since his arrest in 2011 after being charged for cyber crimes. Sabu was looking at getting 20 years in prison but was able to make a deal. During this time Sabu has managed to stop over 300 cyber crimes and also take down 8 of the world’s biggest hackers from anonymous.

Now it seems that he has also been targeting the Turkish government whilst under US supervision. Court documents show that his hacking group, Antisec, teamed up with Redhack, a politically motivated Turkish group. Sabu apparently led the attacks and even recruited Jeremy Hammond who is number one on the FBI cyber crime list. Chat records show Sabu asking Hammond to take down a number of government websites, and to forward any access to Redhack.

When Hammond was able to access the details to more than 10 Turkish government servers, he handed all the details to a Redhack member saying: “Get into the boxes and do what you do”.

The FBI are insisting that all of this was done under the attorney general’s guidelines, but Sabu has been given a one year supervision order for his part and Hammond has been given 10years in prison.

Thanks to Sky for supplying us with this information.

Image courtesy of Tap Scape

Security Experts Call for Government Action against Cyber Threats

Alarmed by the ever rising amount of cyber attacks around the world and industry, more and more security experts see aggressive government action as the best hope to avoid a disaster.

A lot of the experts are still outraged by the extend of U.S internet-spying exposed by Edward Snowden, but they are even more concerned about enemies with the same capabilities; Sabotage, data wipes and theft of defence and trade secrets. These threats and fears were the core subject at this years Black Hat security convention.

Dan Geer held the keynote speech and went straight for national and global policy issues. He said the U.S. government should require detailed reporting on major cyber breaches, much in the same way it’s done with deadly diseases. Critical industries such as banks should be stress tested to see if they can handle it.

“We’re so day-to-day that we forget we’re a piece of a bigger system, and that system is on the edge of breaking down.”, said Blackhat founder Jeff Moss

Speaking on his own behalf, Geer also called for exposing software vendors to product liability suits if they do not share their source code with customers and bugs in their programs lead to significant losses from intrusion or sabotage. “Either software houses deliver quality and back it up with product liability, or they will have to let their users protect themselves”.

In an interview after the keynote speech, Geer said that he hadn’t seen any encouraging signs from the White House or members of Congress, but the alternative would be waiting until the next major event. He added that he hoped it wouldn’t be a catastrophic event.

Chris Inglis, who retired this year as deputy director of the NSA, said “disaster could be creeping instead of sudden, as broad swaths of data become unreliable.” “Some of Geer’s ideas, including product liability, deserved broader discussion, doing nothing at all is a worse answer”.

Some said more disclosures about cyber attacks could allow insurance companies to set reasonable prices. The cost of cyber insurance varies, but $1 million in yearly protection might cost$25,000. The demand for cyber insurance has increased a lot following the high-profile data breaches such as Target or eBay, but the insurance agencies say they need more data for to calculate the rates.

With the new ideas presented by Geer and his colleagues, the government wouldn’t gain more control of the Internet itself. The root of the problem is with the ever rising number of severe flaws in software, that allow hackers to break in at will.

Geer said the United States should try to corner the market for software flaws and outspend other countries to stop the cyber arms race. The government should then work to fix the flaws instead of hoarding them for offensive attacks.

Thank you Reuters for providing us with this information.

Image courtesy of Blackhat.

U.S Homeland Security Contractor Hacked

U.S. Investigations Services (USIS), a company based in Falls Church in Virginia, has been the victim of what is said to be a state-sponsored cyber attack. USIS performs background check for the U.S. Department of Homeland Security (DHS) among other. The attack probably involved the theft of personal information about DHS employees.

DHS said it had suspended all work with the company pending an investigation by the FBI. A “multi-agency cyber response team is working with the company to identify the scope of the intrusion,” DHS spokesman Peter Boogaard said in a statement to Reuters.

“At this time, our forensic analysis has concluded that some DHS personnel may have been affected, and DHS has notified its entire workforce, out of an abundance of caution, to advise them to monitor their financial accounts for suspicious activity,” Peter Boogaard said, adding that employees whose data had likely been compromised would be informed.

Even though the government officials don’t believe that the breach has affected non-DHS employees, the Office of Personnel (OPM) Management also suspended the work with USIS. In a statement on the USIS website it reads, “We are working collaboratively with OPM and DHS to resolve this matter quickly and look forward to resuming service on all our contracts with them as soon as possible.” “We will support the authorities in the investigation and any prosecution of those determined to be responsible for this criminal attack”.

USIS is the biggest commercial provider of background investigations to the federal government, having over 5,700 employees and providing services in all U.S. states and territories as well as abroad.

Thank you Reuters for providing us with this information

Images courtesy of Homeland Security

Microsoft Launches Security and Threat Information Sharing Platform Named Interflow

Microsoft plans on providing new and more efficient ways for security professionals to effectively and swiftly respond to potential threats. This is why the company has just launched the closed preview of a platform named Interflow, designed with cybersecurity in mind.

The platform is said to have been announced in a Microsoft blog post, having stated that it is a product of collaboration with the Microsoft Active Protections Platform. Interflow is designed to “take industry specifications to create an automated feed of machine-readable threat information that can be shared across industries and groups”. Also, Microsoft has stated that users decide which information or feeds are shared with the communities and even which community is required to be established.

Up until now, Microsoft has been testing the platform internally having its own security teams assessing the threats. However, Microsoft states that the platform is available to other companies as well who desire to test and even participate in improving it. The company has also stated that it plans on making Interflow available to all MAPP groups in the future.


In terms of specifications, Microsoft said that Interflow supports a number of open specifications, such as STIX (Structured Threat Information eXpression), TAXII (Trusted Automated eXchange of Indicator Information), as well as CybOX (Cyber Observable eXpression). Given the latter, the platform should integrate with existing systems and avoid potential data locking.

Given that threats and cyber attacks are increasing in number, security is becoming every company’s main priority and being able to respond to cyber attacks at the same time they occur is the best solution in order to have a greater chance of successfully protecting the company network and systems.

Thank you TheNextWeb for providing us with this information
Video courtesy of Microsoft TechNet

eBay Admits User Data Was Hacked Into – Two Months Ago

eBay, one of the most popular websites globally is urging users to change their passwords after it was discovered that their corporate network was attacked and a small number of employee login credentials was stolen. Following the discovery, eBay are stressing that no financial data was accessed and until users passwords have been changed, no activity is permitted on their account.

What is shocking however is the revelation that this attack happen two months ago in the late part of February to early March although they have said that the discovery of the unauthorised access was only made a couple of weeks ago after the compromised employee credentials was discovered. Additionally eBay has spoken out stating that they take customer privacy and security very seriously and they are performing a deep analysis into how the attack was performed and how the data was accessed, with the aim to ensure that this does not happen again.

Starting from now, each and every eBay user will be notified via email that they will need to change their passwords and that any associated PayPal accounts are also safe and secure as this is all stored securely on an encrypted network separate to that of eBay’s user databases.

Whilst users are in the process of changing their passwords, some users will face the error message as seen below whilst the eBay network is put under a very heavy load, however users are reassured that they can try again later and their accounts cannot be used until the passwords are changed.

Whilst this is one of the worst attacks to happen to the business, as with all sites we strongly advise that your passwords are changed on a regular basis and if you use the same password on other sites, you should look into changing these as well to prevent any further issues down the line.


Skype Taunted By Hackers

Although no user information was stolen during the latest cyber attack, Microsoft is still reeling in damage from the attack made by the Syrian Electronic Army on Wednesday. The publicity minded group S.E.A choose to target Skype’s blog, Facebook page and Twitter account posting messages reading “Stop spying on people” and “Hacked by Syrian Electronic Army.. Stop Spying”. These attacks come at the start of a new year after the 2013 mid year surveillance controversy brought to light by former NSA contractor Edward Snowden.

Information leaked by Snowden showed that Skype installed a “backdoor” that enabled the NSA to monitor Skype Video and Audio Calls. Officials in Luxembourg where Skype is based at, are looking into whether Skype has shared information with NSA on its Luxembourgian users. Skype isn’t the only one in hot water at the moment over these “back doors”, with Yahoo, Facebook and Apple also reportedly having “back doors” that allow the NSA surveillance over users online presence and conversations. It’s not just the Microsoft owned Skype that was targeted, with Skype’s Facebook profile having a broader message posted on it’s page saying;

“Don’t use Microsoft emails (Hotmail, Outlook), they are monitoring your accounts and selling it to the governments. More details soon. #SEA”

This isn’t the first high profile attack the Syrian Electronic Army has achieved, with the SEA claiming credit for hacking websites such as Twitter, The New York Times, Thompson Reuters and the BBC. they have also claimed credit for hacking the messaging app Viber.

Thanks to CNET for the information provided

Images Courtesy of Canberra Times and AppleFrance

Hackers Hit The Washington Post’s Severs

For the second time in three years The Washington Post’s servers have been hacked, with hackers gaining access to employee usernames and passwords. The Washington Post suspects that the hacker or hackers may be from anywhere in Asia but suspect that Chinese hackers were behind this intrusion as well as an attack in 2011 on the newspapers job-seeker database, as well as month long breaches at The New York Times and The Wall Street Journal. The reason for this suspicion being that the latest intrusion started from a sever used by the newspaper’s foreign staff. Although The Washington Post and all it’s employees use encrypted passwords, the company has recommended to all it’s employees to change their usernames and passwords straight away.

Washington Post spokeswoman Kris Coratti had this to say;

“This is an ongoing investigation, but we believe the attack lasted no longer than a few days at the most”

As stated before, this isn’t the first time The Washington Post has found itself vulnerable to cyber attacks. With the attack in June 2011 securing hackers about 1.27 million usernames and e-mail addresses belonging to those people who were registered and looking for employment on The Washington Post Jobs Website at the time of the attack. However like in the most recent case no personal information was taken or affected.  We will post more information as it becomes available.

Thank you CNET for providing us with this information.

Image courtesy of youtwitface.

U.S. & China To Setup A Joint Cyber Security Team

U.S. Secretary of State John Kerry said that the United States and China has agreed that both the countries need to work on Cyber Security. This would be an area where both the countries, especially China, will be able to earn each other’s trust and cooperation, as told by China’s Foreign Minister Wang Yi.

It wasn’t too long ago when both countries have accused eachother of series of cyber attacks. It was recently when U.S. said that the attacks originated from China, and they have targetted U.S. government corporates using computer networks to steal data from the respected sectors. It was also been said by a security firm that China has a secret military facility unit which is most likely where the attack originated from. China on the other hand claimed that it was a series of a large-scale attack, but it was then officials and business executives who attended China- U.S. Internet industry forum in Beijing said that both parties need to find a common ground.

Under Secretary of State of Economic Affairs Robert Hormats said in the forum,”It’s important to have a dialogue on this, but it’s also important that the dialogue be a means to an end, and the end is really ending these practices.”

Kerry said that “[Cyber Security] affects the financial sector, banks, financial transactions, every aspect of nations in modern times are affected by the use of cyber networking and obviously all of us – every nation – has an interest in protecting its people, protecting its rights, protecting its infrastructure”.

Its still unclear if U.S. will be allowed Chinese made hardware to be used in government sectors, especially in NASA, Judiciary and police departments.

Source: Reuters

U.S. To Ban Purchase And Use Of Chinese-Made IT Systems And Electronics

After a growing concern over Chinese “Cyber Sabotage” attacks, a law will be introduced which will stop U.S. government agencies such as NASA, Department of Justice and Commerce Departments from buying Information Technology systems from China unless the federal law enforcement agency will give an approval.

It was only last year when the intelligence committee told the U.S. telecom companies not to do business with Huawei Technologies and ZTE as the influence that the Chinese government has over the companies will pose a threat to the United States. This could be a big blow to Chinese-based computer maker Lenovo in the future as well, especially if they cannot sell their systems to government agencies and personnel.

A provision was added in a 240-page report to introduce a law stating that government agencies are required to make a cyberattack assessment risk with the law enforcement agencies when buying technology from China. It is also mentioned that it involves “any risk associated with such systems being produced, manufactured or assembled by one or more entities that are owned, directed or subsidized” from China.

Many top officials and President Barack Obama condemned the cyber attacks originating from China and made it clear during an interview with ABC news that these cyber attacks are absolutely sponsored by governments.

Chinese President Xi Jinping however said that U.S. needs to avoid making groundless accusations and start working together to resolve the problem. They can also challenge this decision as a violation of World Trade Organization rules, but that may be a futile attempt as the Chinese are not the members of WTO who set international trading rules.

It also should be noted that a U.S. based security company said that there is a Chinese military unit which is most likely behind the series of cyber attacks on the United States.

Source: Reuters

3 Things You May Not Know About Network Security

Rick Delgado is a freelance writer who specializes in technology advancement and network forensics. He enjoys keeping up with the latest gadgets and anticipating the next breakthroughs.

As the physical world has moved digital, so have criminals. Before, it would have been difficult for a thief to steal important information from a company. They would have to break in to the office itself. Now however, everything is stored online and if a company isn’t careful that information could be easily accessible by outsiders.

Just as you would want to make sure your home has the best security system possible to protect the assets inside, companies need to make sure their online information is securely locked up. If you think that online attacks couldn’t possibly happen to your company, think again. Consider the following three aspects of network security that many people overlook.

1. It is cheaper to prevent cyber-attacks than wait to fix them

A study of U.S. companies revealed that out of the companies affected by cyber-attacks, most ended up paying close to $3.8 million a year to fix the problem. Those companies could have saved a lot of money if they had been a little more cautious.  It may seem like a big investment at first, but network security will pay off in the long run.

2. Loss of information due to theft accounts for the highest external cost for businesses

Businesses are always looking for ways to increase productivity in the workplace. They come up with fancy ideas like rewards programs, weekly interviews or even throwing office parties. While these all may be helpful, companies also need to consider how they can prevent situations that will drastically disrupt productivity.

Imagine what would happen if on a busy workday, the entire office was shut down. It could result in a loss of important clients, big sales, or a number of other things. If your company network is infiltrated with a virus your company could be out for several days.

In addition to loss of work time, reports have shown that information theft can add up to almost half of all external costs for many companies.  Disruption or loss of productivity as a result of fixing the problem is the next highest cost. If companies knew these statistics they would likely put a stronger effort into establishing an effective network security system.

3. Hackers also want to get into your computers at home

While every business should take necessary precautions to protect their information, don’t forget about your home computer as well. Just because you don’t have classified documents saved to your home network, it doesn’t mean no one wants access to it. Hackers or crackers will often look to take control of a home network so they can then launch attacks on other networks without being traced. Even though their final target may be a large corporation or a government agency, working through your network will give them the cover they want.

There are also people who simply want to cause trouble. If you don’t have strong security they could access and change information or even reformat your hard drive.

Image courtesy of Information Technology Group