Computer hackers have managed to breach some of the top secret systems within the Ministry of Defence, the military’s head of cyber-security has revealed.

Major General Jonathan Shaw told the Guardian the number of successful attacks was hard to quantify but they had added urgency to efforts to beef up protection around the MoD’s networks.

“The number of serious incidents is quite small, but it is there,” he said. “And those are the ones we know about. The likelihood is there are problems in there we don’t know about.”

READ MORE …

IBM today rolled out a comprehensive package of software and services to help customers handlegrowing mobile device-based workforces.

IBM’s Mobile Foundation pulls together a number of its recent technology acquisitions to offer a package of mobile cloud integration, device management and applications development offerings.  For example, Mobile Foundation includes the Websphere Cast Iron server that lets mobile clients tie into the cloud services Cast Iron, which IBM bought in 2010, supports such as Salesforce.com, Amazon, and  SAP.

In the news: The sizzling world of asteroids

Mobile Foundation, introduced at IBM’s  also includes development and integration tools from Worklight – technology IBM acquired earlier this year.  The Worklight platform is suitable for developing mobile applications for and includes software development kits for iOS, Android, Blackberry and Windows mobile devices.

READ MORE …

The U.S. Air Force Academy won this year’s Cyber Defense Exercise (CDX), gaining its third trophy since the annual competition began in 2001.

The cybersecurity skills and ingenuity of students from the U.S. service academies, the Air Force Institute of Technology, and the Royal Military College of Canada were put to the test by the National Security Agency’s top information assurance professionals. NSA’s Information Assurance Directorate sponsors the annual event, often characterized as the Superbowl for future cyber defenders.

“CDX is a one-of-a-kind opportunity for some of the finest students in the nation to show off their cyber skills to NSA’s leading practitioners,” said Tony Sager, Chief Operating Officer in the Information Assurance Directorate. “Cybersecurity is a team sport. The nation needs the best and brightest to help us outthink and defeat our adversaries’ new ideas.”

READ MORE …

A secure communications channel set up to prevent misunderstandings that might lead to nuclear war is likely to expand to handling new kinds of conflict — in cyberspace.

The Nuclear Risk Reduction Center, established in 1988 under President Ronald Reagan so that Washington and Moscow could alert each other to missile tests and space launches that could be mistaken as acts of aggression, would take a central role in an agreement nearing completion between U.S. and Russian negotiators.

READ MORE …

The FBI’s Internet Crime Complaint Center’s (IC3) warns of a rise in what it calls “new twists to previously-existing cyber scams.”  The warnings center on investment and advertising scams as well as a release of exploit software as the latest trends in trying to separate you from your money or personal information.

Investment scam: The IC3 continues to receive complaints involving subjects who have obtained the names and social security numbers of individuals for illegal purposes. Subjects use the information to defraud the US government by electronically submitting a fraudulent tax return to Internal Revenue Service for a hefty refund. The prevalence of such complaints mirrors the recent surge in tax fraud cases involving identity theft.

READ MORE …

READ MORE …

At one time or another, we’ve all accidentally hit the “send” button on an email, or sent it to someone we didn’t intend to. But this instance is particularly bad.

On Friday, more than 1,300 employees of London-basedAviva Investors walked into their offices, strolled over to their desks, booted up their computers and checked their emails, only to learn the shocking news: They would be leaving the company.

“I am required to remind you of your contractual obligations to the company you are leaving,” the email said. “You have an obligation to retain any confidential information pertaining to Aviva Investors operations, systems and clients.”

READ MORE …

A Canadian company that makes equipment and software for critical industrial control systems planted a backdoor login account in its flagship operating system, according to a security researcher, potentially allowing attackers to access the devices online.

The backdoor, which cannot be disabled, is found in all versions of the Rugged Operating System made by RuggedCom, according to independent researcher Justin W. Clarke, who works in the energy sector. The login credentials for the backdoor include a static username, “factory,” that was assigned by the vendor and can’t be changed by customers, and a dynamically generated password that is based on the individual MAC address, or media access control address, for any specific device.

Attackers can uncover the password for a device simply by inserting the MAC address, if known, into a simple Perl script that Clarke wrote. MAC addresses for some devices can be learned by doing a search with SHODAN, a search tool that allows users to find internet-connected devices, such as industrial control systems and their components, using simple search terms.

READ MORE …

British and US authorities have moved to seize 36 domain names associated with websites being used to traffic in stolen payment card data. The UK’s Serious Organised Crime Agency (SOCA) said in a release issued today that the sites used Automated Vending Carts, a type of Web e-commerce software that allowed criminals to rapidly sell large volumes of credit card and banking account data.

According to a report by Computerworld UK’s Anh Nguyen, two men in Britain were arrested on April 24 in a connected case. They were alleged to have made large-scale purchases of stolen payment data from AVC sites, and an AVC site operator in Macedonia was arrested by the Macedonian Ministry of the Interior’s Cyber Crime Unit.

According to SOCA, the agency has been monitoring the development and use of AVC sites worldwide. Its efforts, in concert with the FBI and law enforcement agencies in Germany, the Netherlands, Ukraine, Australia, and Romania, resulted in the recovery of 2.5 million “items of compromised personal and financial information” over the past 2 years. The agency claims that the identification of those exposed details prevented more than £500 million ($809.3 million) in financial fraud.

READ MORE …

Is your hypervisor safe?

Hypervisors–such as VMware ESXi and Xen–provide the platform on which virtualized guest operating systems run, and are therefore a core component of any business’s virtual infrastructure. But they’re also apotential security weak point. A 2010 study from IBM, notably, found that 35% of all vulnerabilities in a virtualized environment could be traced to the hypervisor.

Those vulnerabilities are cause for concern in the wake of VMware’s Monday confirmation that source code dating to 2003 and 2004 had been publicly released by a hacker billing himself as Hardcore Charlie. Furthermore, he said the release was a “sneak peak” of the 300 MB of VMware source code he said is in his possession, which he said will be publicly released May 5.

READ MORE …