A U.S. Department of Defense Inspector General report released this week outlines the inadequate cybersecurity practices being used to protect the United States' ballistic missile defense systems (BMDS ). Ballistic missile defense systems are used by the U.S.A. to counter short, medium, intermediate and long range ballistic missiles that target the United States of America. As these systems are controlled by computers and software, they are at risk for being targeted by state-sponsored attacks that attempt to gain control of the systems, damage them, or steal classified information & source code. On March 14, 2014, the DoD Chief Information Officer stated that the DoD must implement National Institute of Standards and Technology (NIST) security controls to protect their systems, which includes BMDS. In a heavily redacted report by the DoD, it has been shown that BMDS facilities have failed to utilize required security controls such as multifactor authentication, vulnerability assessment and mitigation, server rack security, protection of classified data stored on removable media, encrypting transmitted technical information, physical facility security such as cameras and sensors, and did not perform routine assessments to make sure that these safeguards were in place. There's more posted on OUR FORUM. 

A new sample of the Shamoon data-wiping malware has been discovered in the wild, after a period of silence that lasted for about two years. Shamoon was first seen in attacks against Saudi Aramco oil provider in 2012 when it erased data on more than 35,000 computer systems belonging to the company. Four years later, it was spotted in attacks against private organizations in the same region that perpetuated until January 2017. In a report sent to BleepingComputer, the research team from Chronicle (cybersecurity subsidiary of Google's parent company, Alphabet Inc.) says that the new strain was uploaded to VirusTotal on December 10, from Italy. It consisted in the dropper and two modules, Wiper and Network, Brandon Levene, head of applied intelligence at Chronicle told us. They handle the disk wiping activity and the communication with the command and control (C2) server. Levene says that the author(s) of the new Shamoon dropped some resources that were removed some resources that were used to replace the destroyed files, a capability that still exists, though. The alternative to this is to overwrite to data and the hard disk MBR with random data. The variant analyzed by Chronicle has the trigger date and local time set to December 7, 2017, 23:51. The researchers note that this is about one year before it was uploaded to the VirusTotal platform. Further details posted on OUR FORUM.