Trending Security News

An eventful week with plenty coming out of the Black Hat conference, the Microsoft Blue Hat prize, publication of the EWI Cybersecurity Summit Report, and more, covered below.

Black Hat USA 2011

With Black Hat USA 2011 running this week there were plenty of stories about cyber threats – everywhere from programmable logic controllers, to SCADA equipment, to insulin pumps. Amidst all of this came the McAfee-dubbed “Operation Shady RAT,” which Vanity Fair called an “unprecedented cyber-espionage campaign and intellectual property bonanza,” while others say the hacking claims are overblown (ComputerWorld).  Other big news at Black Hat, Microsoft announced its new BlueHat Prize for innovative research on computer security defense. Some Black Hat reading highlights:

• Microsoft Launches $200,000 Security Innovation Contest – PC World
• Securing Mobile Devices May Be an Impossible Task, say researchers at Black Hat – Threat Post
• Researcher demos attacks on Siemens industrial control systems – CNET News
• Energy grid operators warned of vulnerabilities that could give up control – Government Computer News
• How easily can a power plant be hacked? Very – MSNBC
• Researchers warn of SCADA equipment discoverable via Google – CNET News
• Over Half Of SAP Servers On The Internet Are Vulnerable To Attack, Researcher Says – InfoSecNews
• Insulin pumps, monitors vulnerable to hacking, researcher reports at Black Hat – MSNBC
• Banks Face Ongoing Cyber Threats – InformationWeek
• McAfee: 'Shady RAT' hackers compromised 72 organizations in 14 countries since 2006 – Computerworld
• The United States was the main target of cyber attacks that were part of "Operation Shady RAT" – MSNBC
• China Is Behind Shady RAT, Experts Say – Dark Reading
• Microsoft sets up $250,000 security research prize – ZDNet

Security Research & Intelligence

• Study: Cybercrime Becoming More Costly, More Frequent For Enterprises – Dark Reading
• One more reason why passwords are no darn good – Government Computer News
• Huge Decline in Fake AV Following Credit Card Processing Shakeup – Krebs on Security
• Counterfeit Windows XP Breeding Malware – InformationWeek

Government, Legislation & Policy

• White House Chooses CIO – Hillicon Valley
• Senators unveil international cybercrime bill – Hillicon Valley
• Former CIA official cites rise in government cybersecurity awareness – Tech Target

Cyber Law Enforcement

• Spam king Sanford Wallace indicted for Facebook spam – Computerworld
• Identity thief gang busted for stealing $1 million – MSNBC
• Alleged Anonymous Member Topiary Appears in London Court – Threat Post
• Police probe into claims of computer hacking by Murdoch's News International

Blog Picks

• Announcing the BlueHat Prize for Advancement of Exploit Mitigations – MSRC Blog
• Black Hat 2011: Macs in the age of the APT - Naked Security – Sophos
• Fact-Based Network Security: Defining ‘Risk’ – Securosis
• The Death of .NET and the Power of Perception - Rob Enderle

Microsoft Security in the News

• Internet Explorer users have low IQ? Media hoaxed by bogus research – Naked Security – Sophos
• MSRC Report Shows Security Progress – PC Magazine
• Microsoft incorrectly claims drop in vulnerabilities that allow remote code execution – Network World
• Microsoft Launches $200,000 Security Innovation Contest – PC World
• Microsoft BlueHat Prize: A new twist on security research incentives – ZDNet
• Over $250,000 in Prizes for Next Gen Security Technology - Microsoft BlueHat Contest – Softpedia
• Microsoft Offers $200,000 Prize For Silver Bullet Against Hackers – Forbes
• Microsoft improves the protection of its geographic location database – Heise Online

Microsoft Research, Papers and Media

• Cybersecurity/Internet Health
  • Rethinking the Cyber Threat (paper)
  • Collective Defense: Applying Public Health Models to the Internet (paper)
  • Video: Collective Defense: Enabling Healthy Devices (video)
• Security Intelligence
  • Battling the ZBot Threat (paper)
• Trustworthy Computing
  • Imagine Video: Microsoft Trustworthy Computing (video)
• Cybersecurity/Trusted Supply Chain:
  • Supply Chain Risk Management keynote at the East-West Institute’s Second Worldwide Cybersecurity Summit (video)
  • Cyber Supply Chain Risk Management: Toward a Global Vision of Transparency and Trust (paper)
  • Toward a Trusted Supply Chain: A Risk Based Approach To Managing Software Integrity (paper)