cybersecurity posts on CNET

cybersecurity

Cybersecurity forces align as FireEye acquires Mandiant

Two well-known companies that deal with Internet security have joined forces.

Anti-malware firm FireEye announced Thursday that it acquired data breach responder Mandiant for roughly $1 billion, based on the current value of FireEye shares. This deal could have broad implications for competing cybersecurity firms and even for governments that have been criticized for monitoring users on the Web.

"Organizations today are faced with knitting together a patchwork of point products and services to protect their assets from advanced threats," FireEye CEO David DeWalt said in a statement. "Together, the size and global reach of FireEye and … Read more

NSA slapped malware on 50,000+ networks, says report

A new slide culled from the trove of documents leaked by Edward Snowden shows where the NSA placed malware on more than 50,000 computer networks worldwide, according to Dutch media outlet NRC.

The NSA management presentation slide from 2012 shows a world map spiderwebbed with "Computer Network Exploitation" access points.

Like all the NSA slides we've seen so far, this one is unlikely to win a Powerpoint beauty pageant anytime soon.

Not that this should distract anyone from the profoundly disturbing implications of this US government malware map that's being reported by a Dutch news … Read more

US government releases draft cybersecurity framework

The National Institute of Standards and Technology released its draft cybersecurity framework for private companies and infrastructure networks on Tuesday. These standards are part of an executive order that President Obama proposed in February.

The aim of NIST's framework (PDF) is to create guidelines that companies can use to beef up their networks and guard against hackers and cybersecurity threats. Adopting this framework would be voluntary for companies. NIST is a non-regulatory agency within the Department of Commerce.

The framework was written with the involvement of roughly 3,000 industry and academic experts, according to Reuters. It outlines ways … Read more

NSA searched phone records in violation of court requirements, documents say

Tuesday saw more disconcerting news about the US National Security Agency, as a clutch of newly declassified documents reportedly showed that the NSA searched Americans' phone call records without paying heed to court-ordered requirements and misrepresented the secret call-tracking program to legal officials.

The roughly 1,800 pages of documents, released today in response to a Freedom of Information Act lawsuit by the Electronic Frontier Foundation, show, according to various reports, that from May 2006 to January 2009 the NSA investigated nearly 18,000 phone numbers -- but that only 2,000 of those involved a court-mandated "reasonable, articulable … Read more

Amid NSA uproar, encryption-standards body defends process

NIST, the group that oversees encryption standards in the US, said Tuesday that it "would not deliberately weaken a cryptographic standard." The statement comes amid concern that the National Security Agency may have meddled with a method adopted by the group, in order to gain a back door for surveillance.

"Recent news reports have questioned the cryptographic standards development process at NIST," reads a statement issued today by the National Institute of Standards and Technology. "We want to assure the IT cybersecurity community that the transparent, public process used to rigorously vet our standards is … Read more

White House to offer companies cybersecurity incentives

With the goal of avoiding a massive cyberattack on U.S. infrastructure, the White House has proposed a handful of incentives to get power plants, water companies, and transportation networks to join a national cybersecurity program.

"The systems that run our nation's critical infrastructure such as the electric grid, our drinking water, our trains, and other transportation are increasingly networked," the White House wrote in a blog post Tuesday. "As with any networked system, these systems are potentially vulnerable to a wide range of threats, and protecting this critical infrastructure from cyber threats is among our … Read more

Defcon to feds: 'We need some time apart'

The federal government is persona non grata at this year's Defcon.

For the first time in the 21-year history of the famed hacker's convention, government employees are being asked to stay away, albeit in a polite fashion.

Defcon founder Jeff Moss, aka The Dark Tangent, posted the following request late Wednesday on the event's site:

Feds, we need some time apart.

For over two decades DEF CON has been an open nexus of hacker culture, a place where seasoned pros, hackers, academics, and feds can meet, share ideas and party on neutral territory. Our community operates in … Read more

Obama, China president to talk hacking -- report

President Barack Obama and his Chinese counterpart, Xi Jinping, will have a serious discussion on cybersecurity at a summit they're holding today in California, according to a new report.

Speaking to an unidentified U.S. official, Reuters reported Friday that Obama will ask that Xi assures him that China takes seriously the gripes the U.S. has with its alleged hacking efforts. It's believed that for years, China has been hacking into U.S. government and company servers and gaining access to classified information. Over the last several months, however, more of the details on that alleged hacking … Read more

China's military to train on digital warfare

China, often linked to alleged cyberattacks, is apparently training military forces on digital combat and "informationalized" war.

According to state-sponsored news agency Xinhua, the People's Liberation Army plans to launch digital war games next month focused on developing new combat forces that specialize in cyberwarfare.

The news agency says this will be the first time the army "has focused on combat forces including digitalized units, special operations forces, army aviation and electronic counter forces." Drills will be carried out late next month at the Zhurihe training base in northern China.

The army's general staff … Read more

SoftBank gives U.S. right to OK Sprint board member -- report

In a further attempt to ease national security concerns over its proposed acquisition of Sprint, Japan-based SoftBank has agreed to give the U.S. government the right to approve one of the members SoftBank would appoint to Sprint's board of directors, according to a report.

The U.S.-approved board member would make sure a SoftBank-owned Sprint honored whatever security agreement is hammered out with U.S. regulators, The Wall Street Journal reported late Wednesday, citing unnamed sources.

Regulators are also seeking oversight of Sprint's network equipment purchases to prevent gear from Chinese suppliers Huawei Technologies and ZTE … Read more