Renewed cyber-attacks by the Anonymous group, the cyber-security strategy plan from the Department of Defense and Microsoft's Patch Tuesday release were the most prominent developments in the past week's IT security news.
In case anyone was getting a
little complacent thinking that perhaps the worst of the attacks by the
"hacktivist" collective Anonymous were behind us, the group had a small
surprise for members of the United States military.
Anonymous breached
consulting firm Booz Allen Hamilton and dumped log-in information for 90,000
military and government personnel, including US CENTCOM, SOCOM, the Marine
Corps, Air Force facilities, Department of Homeland Security, Department of
State and private-sector contractors. The attack, dubbed
Military Meltdown Monday by Anonymous, also compromised some source code
and other files.
That wasn't the only
Anonymous activity, as the group released personal information belonging to
biotechnology seed company Monsanto to protest its "evil business
practices." Anonymous promised a wiki-like format to make it easier to sift
through all the documents they stole.
In response to Anonymous'
attacks and to add greater urgency to work on federal cyber-security
legislation,
Sen. John McCain (R-Ariz.) requested a new temporary subcommittee be
established to specifically focus on data breaches against federal agencies and
contractors, data leaks of sensitive government data and to reconcile various
drafts of cyber-security legislation. Congressional lawmakers also heard
testimony that revealed some foreign suppliers were
embedding backdoors or malware in the various hardware used in consumer
electronics sold in the U.S.
The Department of Defense
officially unveiled its
strategy for operating in cyber-space this week. The unclassified version
of the strategy document listed various defensive measures the DOD would take
to keep its systems and key infrastructure safe from cyber-attackers.
Some elements had already
appeared in speeches by various government officials over the past few months.
However, at least one high-ranking military officer,
Marine General James Cartwright, vice president of the Joint Chiefs of
Staff, criticized the plan for being too defensive and not having enough
offensive elements.
Microsoft fixed a critical
Bluetooth vulnerability and various Windows kernel bugs as part of its
July Patch Tuesday update. The company released four patches-one critical
and three important-fixing 22 issues in the update release. Microsoft also
officially ended support for Vista Service Pack 1 and Office XP.
A
PDF flaw in iOS, which allowed users of iPhones, iPads and iPod Touches to
visit the JailbreakMe Website and jailbreak the device, has been closed. Apple
issued a patch to close the issue, which security experts warned could have
been exploited by malicious developers to compromise mobile devices by tricking
users with specially-crafted PDF files.
The next major update on the
radar is from Oracle as part of its
quarterly CPU (critical patch update) release, which will fix 78
vulnerabilities. Oracle's CPU will be on July 19.
Cisco updated
its IronPort Security products to specifically combat spear-phishing and
targeted email attacks, as more cyber-criminals are increasingly relying on these
tactics to compromise users. Criminals are also using the attacks to
compromise user Webmail accounts such as Gmail, Hotmail and Yahoo Mail to
send out spam, a report found. Instead of trying to fight back by building up
botnets, attackers are finding alternative methods to send out spam, according
to the report.
Verizon enhanced its
cloud-based identity-management service with multiple two-factor authentication
systems and digital-signing capabilities for customers to secure internal Web
applications and external facing portals.
Email
Print
