Cyber Arms Intelligence Report for July 19th
Top story is the new Windows Zero Day Exploit, a nasty little critter that exploits windows shortcuts. China is making headline news again. The majority of the stories are about its growing cyber security force. Also, a talk about the Chinese cyber army entitled, “The Chinese Cyber Army: An Archaeological Study From 2001 to 2010” has been pulled from the Blackhat security conference for sensitivity issues. Check it out:
Windows Zero Day Exploit
Sophos Labs has released a YouTube video of the new Windows Zero-Day shortcut vulnerability with rootkit. According to an article on The Register:
Security shortcomings in the Windows shortcut (.lnk files) are being exploited by the Stuxnet rootlet, an information stealing threat that targets industrial and power plant control systems. The malware – which has been detected in the wild – executes automatically if an infected USB stick is accessed in Windows Explorer.
The attack features rootkit components designed to hide the presence of the information-stealing payload on compromised systems. The digital certificate, assigned to legitimate firm Realtek Semiconductor, used to sign the rootkit components in the malware was revoked by VeriSign last week following discovery of the attack.
China’s Cyber Threat Growing
China is directing “the single largest, most intensive foreign intelligence gathering effort since the Cold War” against the United States, according to a report released yesterday by Medius Research… Intelligence gathering “is a core mission of the People’s Liberation Army (PLA).” This is substantiated by numerous PLA documents, including one that described “seizing control of an adversary’s information flow as a prerequisite to air and naval superiority.”
Talk on Chinese Cyber Army Pulled From Black Hat
The presentation was to be delivered by Wayne Huang, CTO of Armorize, an application security company with R&D operations in Taiwan. The talk was billed as an in-depth, historical look at the offensive capabilities and operations of China’s so-called cyber-army. The description of the presentation on the Black Hat site promises an interesting presentation.
Cyberwarrior Shortage Threatens U.S. Security
The cyber manpower crisis in the United States stands in sharp contrast to the situation in China, where the training of computer experts is a top national priority. In the most recent round of the International Collegiate Programming Contest, co-sponsored by IBM and the Association for Computing Machinery, Chinese universities took four of the top 10 places. No U.S. university made the list.
Air Force streamlines Cybersecurity hiring for 680 open positions
The Air Force today said its managers hiring civilian federal employees for certain cybersecurity openings can use a streamlined method to rapidly fill more than 680 positions. Known as Schedule A, it lets Department of Defense jobseekers with disabilities to be considered for jobs without using the traditional competitive procedures.
White House meeting aimed at asserting Cybersecurity leadership
The White House meeting on cybersecurity held on Wednesday appears to have been as much about assessing progress on the president’s cybersecurity agenda as it was on showing executive branch leadership on the issue.