Welcome!

Government Cloud Authors: Zakia Bouachraoui, Liz McMillan, Elizabeth White, Pat Romanski, Dana Gardner

Blog Feed Post

Cell phone amplifiers can be hacked, DISA adding extra certs for cloud vendors and more

By

DISAHere are the top cyber news and stories of the day.

  • At Commerce Dept., false alarm on cyberattack cost almost $3 million – The Commerce Department was recently hit by a cyber attack, one it deemed “so vicious that the agency’s entire computer network had been put at risk.” The Commerce Department even had 200 employees “spend months without e-mail or access to Internet servers and databases.” This cut out communications to regional offices, and cost untold dollars in lost productivity. They also spent almost $3M on destroying ‘infected’ machines. However, the attack was merely a small infection on six machines, which could have easily been cleaned up by routine antivirus programs. This attack, and the reactions, demonstrate how important accurate diagnosis is. Via Washington Post, more here.
  • Malware campaign strikes Asian, European governments – It is sometimes nice to see that the US is not the only target of cyber attackers. “Trend Micro says it detected a targeted attack that sent malware-laden emails to representatives of 16 European countries and some Asian governments.” These emails are allegedly from the Chinese defense ministry, but those allegations have not been verified. Via ComputerWorld, more here.
  • Cell phone amplifiers can be hacked – Recently, some security researchers have found it possible to hack Verizon femtocells and siphon off personal data, directly from the device. They can record phone calls, take users’ browser history and grab text messages. Verizon claims they became aware of these vulnerabilities last year and have since fixed them, but it seems odd that they were still able to control the devices. Via SFGate, more here.
  • The ban on feds at Defcon draws a mixed reaction – In the past, Defcon has been a place where government folks and hackers of all sorts can meet on a common ground. However, after the PRISM news, it seems they are no longer welcome. This is unfortunate, because the event could have been a way for the government to reach out, and start to mend relationships, but that day will have to wait. Via ComputerWorld, more here.
  • Chinese APT Worked through Cloud – “The Chinese Advanced Persistent Threat (APT) group that targeted The New York Times last year used Dropbox and WordPress to carry out its missions, said researchers from Cyber Squared in a new report.” Dropbox allowed them to better anonymize themselves, and to move past some security measures. The attacks then used a WordPress blog for command and control, effectively hiding in plain sight. Via ISS Source, more here.
  • DISA cloud contractors face strict security standards –  ”The Defense Information Systems Agency anticipates up to 10 awards on a potential $450 million contract to provide cloud computing services to Defense Department agencies. But to make the cut, vendors will need to go through two vigorous certification processes in which government officials test whether their cloud offerings meet strict security standards.” DISA is instituting a second certification process which will occur after vendors pass the FedRAMP standard. With only a few vendors FedRAMP certified, they have a leg up on the competition. The final RFP for this project is due in August, with awards slated for March 2014. Via Federal Times, more here.
  • Governments are Big Buyers of Zero-Day Flaws – According to a recent NYT article, hackers are pouring over millions of lines of code, just looking for Zero-day exploits. They aren’t turning them into developers, but rather selling them to governments, often for hundreds of thousands of dollars. “The hackers in question run the company known as Revuln, and like France-based Vupen, it finds or acquires zero-day vulnerabilities that it can sell on to the highest bidder. Vupen charges its customers an annual subscription fee of $100,000 merely to see its catalog of flaws – and then charges extra for each vulnerability.” Via InfoSecurity, more here.

Read the original blog entry...

More Stories By Bob Gourley

Bob Gourley writes on enterprise IT. He is a founder of Crucial Point and publisher of CTOvision.com

IoT & Smart Cities Stories
Every organization is facing their own Digital Transformation as they attempt to stay ahead of the competition, or worse, just keep up. Each new opportunity, whether embracing machine learning, IoT, or a cloud migration, seems to bring new development, deployment, and management models. The results are more diverse and federated computing models than any time in our history.
At CloudEXPO Silicon Valley, June 24-26, 2019, Digital Transformation (DX) is a major focus with expanded DevOpsSUMMIT and FinTechEXPO programs within the DXWorldEXPO agenda. Successful transformation requires a laser focus on being data-driven and on using all the tools available that enable transformation if they plan to survive over the long term. A total of 88% of Fortune 500 companies from a generation ago are now out of business. Only 12% still survive. Similar percentages are found throug...
Over the course of two days, in addition to insightful conversations and presentations delving into the industry's current pressing challenges, there was considerable buzz about digital transformation and how it is enabling global enterprises to accelerate business growth. Blockchain has been a term that people hear but don't quite understand. The most common myths about blockchain include the assumption that it is private, or that there is only one blockchain, and the idea that blockchain is...
Where many organizations get into trouble, however, is that they try to have a broad and deep knowledge in each of these areas. This is a huge blow to an organization's productivity. By automating or outsourcing some of these pieces, such as databases, infrastructure, and networks, your team can instead focus on development, testing, and deployment. Further, organizations that focus their attention on these areas can eventually move to a test-driven development structure that condenses several l...
The term "digital transformation" (DX) is being used by everyone for just about any company initiative that involves technology, the web, ecommerce, software, or even customer experience. While the term has certainly turned into a buzzword with a lot of hype, the transition to a more connected, digital world is real and comes with real challenges. In his opening keynote, Four Essentials To Become DX Hero Status Now, Jonathan Hoppe, Co-Founder and CTO of Total Uptime Technologies, shared that ...
At CloudEXPO Silicon Valley, June 24-26, 2019, Digital Transformation (DX) is a major focus with expanded DevOpsSUMMIT and FinTechEXPO programs within the DXWorldEXPO agenda. Successful transformation requires a laser focus on being data-driven and on using all the tools available that enable transformation if they plan to survive over the long term. A total of 88% of Fortune 500 companies from a generation ago are now out of business. Only 12% still survive. Similar percentages are found throug...
Never mind that we might not know what the future holds for cryptocurrencies and how much values will fluctuate or even how the process of mining a coin could cost as much as the value of the coin itself - cryptocurrency mining is a hot industry and shows no signs of slowing down. However, energy consumption to mine cryptocurrency is one of the biggest issues facing this industry. Burning huge amounts of electricity isn't incidental to cryptocurrency, it's basically embedded in the core of "mini...
Dion Hinchcliffe is an internationally recognized digital expert, bestselling book author, frequent keynote speaker, analyst, futurist, and transformation expert based in Washington, DC. He is currently Chief Strategy Officer at the industry-leading digital strategy and online community solutions firm, 7Summits.
Digital Transformation is much more than a buzzword. The radical shift to digital mechanisms for almost every process is evident across all industries and verticals. This is often especially true in financial services, where the legacy environment is many times unable to keep up with the rapidly shifting demands of the consumer. The constant pressure to provide complete, omnichannel delivery of customer-facing solutions to meet both regulatory and customer demands is putting enormous pressure on...
IoT is rapidly becoming mainstream as more and more investments are made into the platforms and technology. As this movement continues to expand and gain momentum it creates a massive wall of noise that can be difficult to sift through. Unfortunately, this inevitably makes IoT less approachable for people to get started with and can hamper efforts to integrate this key technology into your own portfolio. There are so many connected products already in place today with many hundreds more on the h...