DARPA, the U.S. military’s R&D arm, announced this week that it will pay US $2 million to the winner of its Cyber Grand Challenge, a contest aimed at developing an automated network defense system that actively searches for and identifies vulnerabilities and patches them on the fly. “Today, our time to patch a newly discovered security flaw is measured in days,” Mike Walker, DARPA program manager, told Kaspersky Threatpost. “Through automatic recognition and remediation of software flaws, the term for a new cyberattack may change from zero-day to zero-second,” says Walker.
U.S. Government Snooping
Germany says the United States may have spied on Chancellor Angela Merkel’s mobile phone.
Mexico condemns alleged NSA hacking of its president’s e-mail.
Lawyers at the Electronic Frontier Foundation say that a secret bill being discussed in both houses of the U.S. Congress would ensure the continued collection of Americans’ records and shore up the legal basis for domestic spying.
Critical Infrastructure in the Crosshairs
Bugs in equipment used to run the U.S. Emergency Alert System, which sends out notifications in the case of a natural disaster or other serious situation, could still let an attacker send fake alerts—three months after a researcher reported the vulnerabilities.
A hacker armed with an antenna can wreak havoc on unpatched industrial automation software vital to operations in the oil and gas industries and in water and electric utilities from as far as 50 kilometers away.
In Other Cybercrime News…
Obamacare exchange contractors had past security lapses.
The credit bureau Experian appears to have sold an unknown amount of highly sensitive personal information to the operator of an online identity theft service.
A U.S. federal court in Idaho recently ordered a software developer's computer seized and its contents copied without prior notice because the developer described himself as a "hacker" on his website
The International Atomic Energy Agency announced yesterday that it found malicious software on a number of its machines.
Microsoft and Symantec are pushing for a uniform way to vet companies and individuals around the world in order to stem the alarming growth in malware signed with fraudulently obtained keys and code-signing certificates.
Apple released more than 100 security updates to fix holes in eight different products including iTunes media player, the Safari browser, and the most recent iteration of its mobile operating system, iOS 7.
Cisco rolled out three patches for multiple products yesterday, addressing vulnerabilities that could’ve led to denial of service (DoS) attacks or data theft.
Six Romanians and one Albanian have been indicted on allegations that they operated a multimillion-dollar cyber fraud scheme selling nonexistent cars, boats, and other high-value items through eBay and other sites.
Willie Jones is an associate editor at IEEE Spectrum. In addition to editing and planning daily coverage, he manages several of Spectrum's newsletters and contributes regularly to the monthly Big Picture section that appears in the print edition.