Information Security News
by Dan Goodin
Israel experienced a serious hack attack on its electrical grid that officials are still working to repel, the head of the country's energy minister said Tuesday.
"The virus was already identified and the right software was already prepared to neutralize it," Israeli Energy Minister Yuval Steinitz told attendees of a computer security conference in Tel Aviv, according to this article published Tuesday by The Times of Israel. "We had to paralyze many of the computers of the Israeli Electricity Authority. We are handling the situation and I hope that soon, this very serious event will be over … but as of now, computer systems are still not working as they should."
The "severe" attack was detected on Monday as temperatures in Jerusalem dipped to below freezing, creating two days of record-breaking electricity consumption, according to The Jerusalem Post. Steinitz said it was one of the biggest computer-based attacks Israel's power infrastructure has experienced, and that it was responded to by members of his ministry and the country's National Cyber Bureau. The energy minister didn't identify any suspects behind the attack or provide details about how it was carried out.
Congressional oversight leaders are requiring most federal agencies to audit their networks to see if they use Juniper-manufactured firewalls that for four years contained an unauthorized backdoor for eavesdropping on encrypted communications.
Members of the House of Representatives Committee on Oversight and Government Reform gave the agencies until February 4 to produce documents showing whether they use Juniper's NetScreen line of firewall appliances. The committee is also requiring agency heads who used the vulnerable devices to show how they learned of the eavesdropping threat and whether they fixed it prior to the release of last month's patch. That update removed the unauthorized code from ScreenOS, the operating system that manages NetScreen firewalls.
The Committee on Oversight and Government Reform is the chief oversight body for the US House of Representatives, with broad authority to investigate most matters pertaining to federal agencies. Committee members informed agency heads of the eavesdropping-related investigation involving Juniper hardware in letters dated late last week.
It's time for CISOs to take security training to the next level
IT World Canada
First, the piece offers some sage advice to infosec pros: Don't push this stone uphill. If directors and the C-suite understand the need for security awareness training, they'll find you some time and resources to do it. Second, if you have the ...
CISOs should take security training seriously
Insurers Getting Smarter About Assessing Cyber Insurance Policy Risks
As that happens, customers could experience some pain as insurance companies get wise to the red flags of poor information security practices. But overall, this maturation could mean good things for cyber-insurance customers and the infosec world as a ...
Peerlyst Launches a SecureDrop to Advance Information Security
PR Newswire (press release)
26, 2016 /PRNewswire/ -- Peerlyst, the preeminent information security community, is today pleased to announce the launch of its own SecureDrop, providing information security professionals with a secure, anonymous portal for submitting information and ...
PayPal Servers Compromised via Well-Known Java Deserialization Bug
The bug is an exploitation of the Java deserialization issue that's been around for over a year, but only this past autumn came to the forefront of the infosec community. The problem relies on the way developers handle user-supplied serialized data in ...
Posted by InfoSec News on Jan 26http://healthitsecurity.com/news/what-are-top-hipaa-compliance-concerns-obstacles
Posted by InfoSec News on Jan 25Forwarded from: Vic Vandal <vvandal (at) well.com>
Posted by InfoSec News on Jan 25http://www.theregister.co.uk/2016/01/26/juniper_us_government/
Posted by InfoSec News on Jan 25http://www.networkworld.com/article/3025944/security/broad-use-of-cloud-services-leave-enterprise-data-vulnerable-to-theft-report-says.html
Posted by InfoSec News on Jan 25http://www.computerworld.com/article/3026243/security/symantec-partner-caught-running-tech-support-scam.html