Tag Archives: today

[ISN] Cyberinsurance Resurges In The Wake Of Mega-Breaches


http://www.darkreading.com/perimeter/cyberinsurance-resurges-in-the-wake-of-mega-breaches/d/d-id/1316306 By Kelly Jackson Higgins Dark Reading 10/2/2014 Insurance policies customized for cyberattack protection are on the rise as businesses worry they could be the next Target. The string of data breaches at Target, Home Depot, JPMorgan Chase, and so many other major brands has reinvigorated the cyberinsurance industry. Cyberinsurance, which originally was rolled into other insurance policies or even considered unnecessary and ineffective, is enjoying a resurgence of late. Policy purchases have more than doubled in the past year, according to new data from The Ponemon Institute: 10% of companies held cyberinsurance policies in 2013, but 26% do in 2014. Kirstin Simonson, underwriting director for Travelers Global Technology, says US premiums today are estimated at around $1 billion, and it won’t be long before they reach $2 billion. [...]

Tags: , , , , , , , , , ,

[ISN] Elijah Wood’s New Movie Is a Prophetic Thriller About Celebrity Hacking

http://www.wired.com/2014/10/open-windows/ BY ANGELA WATERCUTTER Wired.com 10.02.14 Open Windows is kind of a weird movie; it’s viewed almost entirely through a series of computer windows on a laptop screen. It’s also kind of a prophetic movie; it’s about a young actress named Jill Goddard, the target of a hacker who infiltrates her smartphone and laptop—and her life. But instead of stealing the contents of the starlet’s private life, the hacker in Open Windows, out on VOD today, makes a young fan, Nick (Elijah Wood), his unwitting accomplice by giving him access to the actress’ phone and the ability to watch her through surveillance cameras. And, unlike IRL celebrity phone hacks, Nick doesn’t use his access to snatch nude selfies of Goddard (Sasha Grey) and post them online; instead, he tries to save her from the skeeze targeting her. The concept, which may remind viewers of a modern-day Rear Window, was actually vaguely inspired by the movie Closer (more on that later) and has been in the works for a couple years, but writer/director Nacho Vigalondo (Timecrimes) and his star are aware it’s coming at a time when hacks like the one that hit Jennifer Lawrence and other (mostly female) stars are making headlines. Though the problem of online harassment—both of celebrities and civilians—is nothing new. “There’s always a lack of privacy, there’s always an infringement that is possible with the internet,” Wood says. “We’ve read these stories time and time again, this just happens to be the latest infringement.” [...]

Tags: , , , , , , , , , ,

[ISN] Hackers cut deal to work for gov’t

http://phnompenhpost.com/national/hackers-cut-deal-work-gov%E2%80%99t Buth Reaksmey Kongkea The Phnom Penh Post 1 October 2014 Two members of “hacktivist” group Anonymous Cambodia convicted of computer hacking yesterday will be spared further jail time. Instead, they have been ordered to put their “excellent” IT skills to use combating cybercrime in the Ministry of Interior. Bun King Mongkolpanha, 21, alias “Black Cyber”, and Chou Songheng, 20, alias “Zoro”, were found guilty of IT offences under two articles of the criminal code at Phnom Penh Municipal Court yesterday morning and sentenced to two years in prison. But their sentences were reduced to five months and 20 days – the amount of time they have already spent in prison since being arrested in April – and they are to be released today. The two former SETEC Institute students are to soon begin paid work fighting cybercrime with the same Interior Ministry department that worked with the FBI to arrest them after an eight-month investigation. [...]

Tags: , , , , , , , ,

[ISN] Home Depot: 56M Cards Impacted, Malware Contained

http://krebsonsecurity.com/2014/09/home-depot-56m-cards-impacted-malware-contained/ By Brian Krebs Krebs on Security Sept 18, 2014 Home Depot said today that cyber criminals armed with custom-built malware stole an estimated 56 million debit and credit card numbers from its customers between April and September 2014. That disclosure officially makes the incident the largest retail card breach on record. The disclosure, the first real information about the damage from a data breach that was initially disclosed on this site Sept. 2, also sought to assure customers that the malware used in the breach has been eliminated from its U.S. and Canadian store networks. “To protect customer data until the malware was eliminated, any terminals identified with malware were taken out of service, and the company quickly put in place other security enhancements,” the company said via press release (PDF). “The hackers’ method of entry has been closed off, the malware has been eliminated from the company’s systems, and the company has rolled out enhanced encryption of payment data to all U.S. stores.” That “enhanced payment protection,” the company said, involves new payment security protection “that locks down payment data through enhanced encryption, which takes raw payment card information and scrambles it to make it unreadable and virtually useless to hackers.” [...]

Tags: , , , , , , , , , , , , ,

[ISN] Federal Cybersecurity Director Found Guilty on Child Porn Charges

http://www.wired.com/2014/08/federal-cybersecurity-director-guilty-child-porn-charges/ By Kim Zetter Threat Level Wired.com 08.26.14 As the acting cybersecurity chief of a federal agency, Timothy DeFoggi should have been well versed in the digital footprints users leave behind online when they visit web sites and download images. But DeFoggi—convicted today in Maryland on three child porn charges including conspiracy to solicit and distribute child porn—must have believed his use of the Tor anonymizing network shielded him from federal investigators. He’s the sixth suspect to make this mistake in Operation Torpedo, an FBI operation that targeted three Tor-based child porn sites and that used controversial methods to unmask anonymized users. But DeFoggi’s conviction is perhaps more surprising than others owing to the fact that he worked at one time as the acting cybersecurity director of the U.S. Department of Health and Human Services. DeFoggi worked for the department from 2008 until January this year. A department official told Business Insider that DeFoggi worked in the office of the assistant secretary for administration as lead IT specialist but a government budget document for the department from this year (.pdf) identifies a Tim DeFoggi as head of OS IT security operations, reporting to the department’s chief information security officer. [...]

Tags: , , , , , , , , , , , , ,

[ISN] Why our lack of understanding on China may be the biggest risk

http://www.csoonline.com/article/2597397/advanced-persistent-threats/why-our-lack-of-understanding-on-china-may-be-the-biggest-risk.html By George V. Hulme CSO Aug 25, 2014 If you don’t understand the capabilities and motivations of your adversaries – you can’t expect to be very successful in managing your relationship with them, negotiating, or defending against their advancements. This is especially true today when it comes to nation-state cyber threats, according to Lt. Col. (ret) William Hagestad II. Hagestad spoke as the opening keynote this week past weekend at the security conference BSides MSP, held just outside of Minneapolis. If your organization doesn’t understand the nature of the information security and intellectual property threats that face enterprises today, and how to defend IT systems, data, and intellectual property – the years upcoming are liable to be very jarring. While Hagestad is a widely known expert on Chinese cyber conflict capabilities, and has written two books on the subject, “21st Century Chinese Cyber Warfare” (2012) and “Operation Middle Kingdom: China’s Use of Computers & Networks as a Weapon System” (2013) – his core message this week is that the U.S.’s lack of understanding of what or who China is and how to deal with the nation may actually be its biggest risk when it comes to the growing power. [...]

Tags: , , , , , , , , , , , , , ,

[ISN] Amazon Expands Its Cloud Services to the U.S. Military

http://www.defenseone.com/technology/2014/08/amazon-expands-its-cloud-services-us-military/92090/ By Frank Konkel Nextgov.com August 21, 2014 Amazon Web Services has become the first commercial cloud provider authorized to handle the Defense Department’s most sensitive unclassified data. Today’s announcement that AWS has achieved a provisional authority to operate under DOD’s cloud security model at impact levels 3-5 is a major win for the company, as it allows DOD customers to provision commercial cloud services for the largest chunks of their data. In technical speak, the provisional ATO granted by the Defense Information Systems Agency means DOD customers can use AWS’ GovCloud – an isolated region entirely for U.S. government customers – through a private connection routed to DOD’s network. DOD customers can now secure AWS cloud services through a variety of contract vehicles. In layman’s terms, AWS is the first company with the ability to take any and all of DOD’s unclassified data to the cloud. [...]

Tags: , , , , , , , , , , , , ,

[ISN] 5 cool new security research breakthroughs

http://www.networkworld.com/article/2466795/security0/5-cool-new-security-research-breakthroughs.html By Bob Brown NetworkWorld Aug 19, 2014 University and vendor researchers are congregating in San Diego this week at USENIX Security ’14 to share the latest findings in security and privacy, and here are 5 that jumped out to me as being particularly interesting. *On the Feasibility of Large-Scale Infections of iOS Devices Georgia Tech researchers acknowledge that large-scale iOS device infections have been few and far between, but they claim weaknesses in the iTunes syncing process, device provisioning process and file storage could leave iPhones, iPads and other Apple products vulnerable to attack via botnets. The bad guys could get to the iOS devices via a compromised computer, they say, to install attacker-signed apps and swipe personal info. The researchers came to their conclusion after examining DNS queries within known botnets. *XRay: Enhancing the Web’s Transparency with Differential Correlation Columbia University researchers introduce XRay, a tool designed to give web users more insight into which of their personal data is being used to target them with ads. The researchers will present at USENIX a prototype of XRay, which has already been posted online as an open source system for others to explore. Initially, the system can be used to explain targeting in Gmail ads, Amazon recommendations and YouTube video suggestions.“Today we have a problem: the web is not transparent. We see XRay as an important first step in exposing how websites are using your personal data,” says Assistant Professor of Computer Science Roxana Geambasu. [...]

Tags: , , , , , , , , , , , , , , , , , ,