Security News
The 25+ year gap between IT and Operational Technology security means that OT networks have few, if any, modern security controls in place, as many of these Industrial Control Systems are legacy assets that were not designed with security in mind and were previously isolated, until digital transformation came along. With asset visibility to identify vulnerabilities and suspicious behavior, continuous threat monitoring to detect and track threats that cross the IT/OT boundary, and secure remote access solutions with strict controls over sessions, we can jumpstart the process of closing the IT/OT security gap.
The U.S. government on Wednesday announced the launch of another bug bounty program conducted in collaboration with hacker-powered cybersecurity platform HackerOne. Hack the Army 3.0, whose goal is to help the U.S. Army secure its digital assets and protect its systems against cyberattacks, takes place between January 6 and February 17, and it's open to both millitary and civilian white hat hackers.
The campaign's starting point is an email with an embedded malicious attachment - either in the form of a ZIP file containing an LNK file or a Microsoft Word document - that triggers an infection chain via a series of steps to download the final-stage payload. Aside from identifying three different infection chains, what's notable is the fact that one of them exploited template injection and Microsoft Equation Editor flaw, a 20-year old memory corruption issue in Microsoft Office, which, when exploited successfully, let attackers execute remote code on a vulnerable machine even without user interaction. What's more, the LNK files have a double extension and come with document icons, thereby tricking an unsuspecting victim into opening the file.
The Army command dedicated to defending against hackers and other online threats celebrated its move into a new $366 million headquarters in Georgia on Thursday. Created a decade ago, the Army Cyber Command had been spread across Army installations in three states before consolidating at Fortitude Hall, its new home at Fort Gordon in Augusta.
In 1965, Gordon Moore published a short informal paper, Cramming more components onto integrated circuits. Based on not much more but these few data points and his knowledge of silicon chip development - he was head of R&D at Fairchild Semiconductors, the company that was to seed Silicon Valley - he said that for the next decade, component counts by area could double every year.
A report published recently by the U.S. Army describes North Korea's cyber warfare capabilities and provides information on various units and their missions. In terms of computer warfare, the Army says North Korea primarily conducts these types of attacks because they represent a low-cost and low-risk method for targeting the enemy's computers, they can be used to counter the enemy's superior conventional military capabilities, and they can "Upset the status quo with little fear of retaliation."
Army researchers have been awarded a patent for inventing a practical method for Army wireless devices to covertly authenticate and communicate. The researchers, including Drs. Paul Yu and Brian Sadler from the U.S. Army CCDC's Army Research Laboratory and Prof. Rick Blum and Dr. Jake Perazzone from Lehigh University, have invented a method to perform two tasks simultaneously: verifying the authenticity of wireless communications and communicating secret information.
Capita's 2017 decision to implement bespoke IT systems on a £1.3bn British Army recruiting contract led to nearly 25,000 fewer applications to join the military in the following year, new figures have revealed. The switching-on of bespoke Defence Recruiting System IT systems contributed to the lowest number of wannabe Army recruits signing up since 2013 as well as a drop of 22 per cent in the number of applicants.
The British Army has raised a new regiment that will take charge of its in-house security operations centre, a move calculated to make cyber defence a more mainstream part of all things armed and camouflaged. The Ministry of Defence stated that 13 Sigs will "Provide the basis of the new Army Cyber Information Security Operations Centre, focusing on the protection of Defence's cyber domain."
An approach to network security that will enhance the effectiveness and timeliness of protection against adversarial intrusion and evasion strategies, has been identified by the Army's corporate laboratory researchers in collaboration with the University of California, Riverside. To rapidly protect Army systems from attack in ways that don't require massive amounts of manual intervention, the researchers have developed and approach called SymTCP. What is SymTCP?