04 May 12. The Syrian government is using Skype as a channel to infect activists’ systems with malware, installing Trojans and backdoors, according to security firm F-Secure. The evidence comes from a hard drive sent for analysis.’The activist’s system had become infected as a result of a Skype chat. The chat request came from a fellow activist. The problem was that the fellow activist had already been arrested and could not have started the chat. Initial infection occurred when the activist accepted a file called MACAddressChanger.exe over the chat. This utility was supposed to change the hardware MAC address of the system in order to bypass some monitoring tools. Instead, it dropped a file called silvia.exe which was a backdoor — a backdoor called “Xtreme RAT.” Xtreme Rat is a full-blown malicious Remote Access Tool.'(Source: Slashdot.com)
11 May 12. DOD Announces the Expansion of Defense Industrial Base (DIB) Voluntary Cybersecurity Information Sharing Activities. The Department of Defense in partnership with the Department of Homeland Security announced important developments in defense industrial base cyber security activities. After a year-long Defense Industrial Base (DIB) cyber security pilot, the DoD’s Voluntary DIB Cyber Security/ Information Assurance (CS/IA) Program is now available to all eligible DIB companies. In addition, DIB Enhanced Cyber security Services (DECS) will become part of the expanded program. These activities enhance and supplement existing cyber security capabilities to help safeguard sensitive DoD information that is maintained on DIB company unclassified information systems.
“The expansion of voluntary information sharing between the department and the defense industrial base represents an important step forward in our ability to catch up with widespread cyber threats,” said Ashton Carter, deputy secretary of defense. “Increased dependence on Internet solutions have exposed sensitive but unclassified information stored on corporate systems to malicious probes, theft, and attacks. This expanded partnership between DoD and the defense industrial base will help reduce the risk of intrusions on our systems.”
The United States continues to face a significant risk that critical defense information residing on DIB networks and systems can be compromised by malicious cyber actors resulting in potential economic losses or damage to United States national security. The Department of Defense is actively engaged in multiple efforts to foster mutually beneficial partnerships with the DIB to protect Department of Defense information residing on or passing though DIB systems. These expanded partnering opportunities will advance and support the administration’s efforts to improve
07 May 12. Despite the ongoing concern about the escalating pace of cyber attacks, a new set of standing rules of engagement for cyber operations — policy guidelines that would specify how the Pentagon would respond to different types of cyber attacks — is being delayed by a debate over the role of the U.S. military in defending non-military networks, sources said. The new policy, in the works for years and set to be completed in the next several months, according to Defense Department officials, is meant to update rules put in place in 2005. Those rules were of a limited scope, specifying a response to attacks against only military and government networks. This time, the department is looking for more latitude as it considers how to defend critical infrastructure and private corporations, with the division of responsibility between DoD and the Department of Homeland Security (DHS) contested. (Source: Defense News)
09 May 12. ARINC Engineering Services, LLC announced has been named as a prime contractor to provide tactical communications infrastructure services under the Department of Homeland Security (DHS) Tactical Communications Contract Vehicle (TacCom), a multiple award Indefinite Delivery/Indefinite Quantity (ID/IQ)