Hackin9
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 

Israel experienced a serious hack attack on its electrical grid that officials are still working to repel, the head of the country's energy minister said Tuesday.

"The virus was already identified and the right software was already prepared to neutralize it," Israeli Energy Minister Yuval Steinitz told attendees of a computer security conference in Tel Aviv, according to this article published Tuesday by The Times of Israel. "We had to paralyze many of the computers of the Israeli Electricity Authority. We are handling the situation and I hope that soon, this very serious event will be over … but as of now, computer systems are still not working as they should."

The "severe" attack was detected on Monday as temperatures in Jerusalem dipped to below freezing, creating two days of record-breaking electricity consumption, according to The Jerusalem Post. Steinitz said it was one of the biggest computer-based attacks Israel's power infrastructure has experienced, and that it was responded to by members of his ministry and the country's National Cyber Bureau. The energy minister didn't identify any suspects behind the attack or provide details about how it was carried out.

Read 2 remaining paragraphs | Comments

 

(credit: Jeremy Brooks )

Congressional oversight leaders are requiring most federal agencies to audit their networks to see if they use Juniper-manufactured firewalls that for four years contained an unauthorized backdoor for eavesdropping on encrypted communications.

Members of the House of Representatives Committee on Oversight and Government Reform gave the agencies until February 4 to produce documents showing whether they use Juniper's NetScreen line of firewall appliances. The committee is also requiring agency heads who used the vulnerable devices to show how they learned of the eavesdropping threat and whether they fixed it prior to the release of last month's patch. That update removed the unauthorized code from ScreenOS, the operating system that manages NetScreen firewalls.

The Committee on Oversight and Government Reform is the chief oversight body for the US House of Representatives, with broad authority to investigate most matters pertaining to federal agencies. Committee members informed agency heads of the eavesdropping-related investigation involving Juniper hardware in letters dated late last week.

Read 4 remaining paragraphs | Comments

 
[security bulletin] HPSBGN03537 rev.1 - HPE IceWall Federation Agent and IceWall File Manager running libXML2, Remote or Local Denial of Service (DoS)
 
[security bulletin] HPSBGN03536 rev.1 - HP IceWall Products running OpenSSL, Remote and Local Denial of Service (DoS)
 

It's time for CISOs to take security training to the next level
IT World Canada
First, the piece offers some sage advice to infosec pros: Don't push this stone uphill. If directors and the C-suite understand the need for security awareness training, they'll find you some time and resources to do it. Second, if you have the ...
CISOs should take security training seriouslyMIS Asia

all 3 news articles »
 

Insurers Getting Smarter About Assessing Cyber Insurance Policy Risks
Dark Reading
As that happens, customers could experience some pain as insurance companies get wise to the red flags of poor information security practices. But overall, this maturation could mean good things for cyber-insurance customers and the infosec world as a ...

and more »
 

Peerlyst Launches a SecureDrop to Advance Information Security
PR Newswire (press release)
26, 2016 /PRNewswire/ -- Peerlyst, the preeminent information security community, is today pleased to announce the launch of its own SecureDrop, providing information security professionals with a secure, anonymous portal for submitting information and ...

and more »
 
WP Easy Gallery v4.1.4 Stored XSS Vulnerability
 
[SECURITY] [DSA 3453-1] mariadb-10.0 security update
 
glibc catopen() Multiple unbounded stack allocations
 
Magento 1.9.x Multiple Man-In The Middle
 

Softpedia News

PayPal Servers Compromised via Well-Known Java Deserialization Bug
Softpedia News
The bug is an exploitation of the Java deserialization issue that's been around for over a year, but only this past autumn came to the forefront of the infosec community. The problem relies on the way developers handle user-supplied serialized data in ...

 

David Balaban
Tech Cocktail
David Balaban is a computer security researcher with over 10 years of experience in malware analysis and antivirus software evaluation. David runs the Privacy-PC.com project which presents expert opinions on the contemporary information security ...

and more »
 

Posted by InfoSec News on Jan 26

http://healthitsecurity.com/news/what-are-top-hipaa-compliance-concerns-obstacles

By Elizabeth Snell
Health IT Security
January 25, 2016

Maintaining HIPAA compliance should always be a key area for leaders in
the healthcare industry, but as technology continues to evolve, there are
numerous factors coming into play that could affect how organizations keep
patient data secure.

But what type of obstacles are standing in provider's’...
 

Posted by InfoSec News on Jan 25

Forwarded from: Vic Vandal <vvandal (at) well.com>

CarolinaCon-12 will be held on March 4th-6th, 2016 in Raleigh NC. For the
cheap price of $40 YOU could get a full weekend of talks, hacks, contests, and
parties. Regarding the price increase to $40, it was forced due to ever-rising
venue costs. But we promise to provide more value via; great talks, great side
events, kickass new attendee badges, cool giveaways, etc.

We've...
 

Posted by InfoSec News on Jan 25

http://www.theregister.co.uk/2016/01/26/juniper_us_government/

By Chris Williams
The Register
26 Jan 2016

A bunch of US government departments and agencies – from the military to
NASA – are being grilled over their use of backdoored Juniper firewalls.

The House of Representatives' Committee on Oversight and Government Reform
fired off letters to top officials over the weekend, demanding to know if
any of the dodgy NetScreen devices...
 

Posted by InfoSec News on Jan 25

http://www.networkworld.com/article/3025944/security/broad-use-of-cloud-services-leave-enterprise-data-vulnerable-to-theft-report-says.html

By Patrick Nelson
Network World
Jan 25, 2016

Data theft is a very real and growing threat for companies that
increasingly use cloud services, says a security firm.

Workers who widely share documents stored in the cloud with clients,
independent contractors, or even others within the company are creating...
 

Posted by InfoSec News on Jan 25

http://www.computerworld.com/article/3026243/security/symantec-partner-caught-running-tech-support-scam.html

By Gregg Keizer
Computerworld
Jan 25, 2016

Tech support scammers are known for their cheek -- making unfounded claims
that PCs are infected to scare consumers into parting with their money --
but a Symantec partner took nerve to a new level, a security company
claimed last week.

According to San Jose, Calif.-based Malwarebytes,...
 
Internet Storm Center Infocon Status