Tag Archives: value

[ISN] Cybercom: Big Data Theft at OPM, Private Networks is New Trend in Cyber Attacks

http://freebeacon.com/national-security/cybercom-big-data-theft-at-opm-private-networks-is-new-trend-in-cyber-attacks/ By Bill Gertz Washington Free Beacon July 27, 2015 The commander of U.S. Cyber Command said last week that the Office of Personnel Management hack of millions of records of federal workers shows a new trend toward using Big Data analytics for both nation-state and criminal cyber attacks. “One of the lessons from OPM for me is we need to recognize that increasingly data has a value all its own and that there are people actively out there interested in acquiring data in volumes and numbers that we didn’t see before,” said Adm. Mike Rogers, the Cyber Command commander and also director of the National Security Agency. The theft of 22.1 million federal records, including sensitive background information on millions of security clearance holders, will assist foreign nations in conducting future cyber attacks through so-called “spear-phishing,” Rogers said, declining to name China as the nation state behind the OPM hacks. Additionally, China is suspected in the hack uncovered in February of 80 million medical records of the health care provider Anthem, which would have given it access to valuable personal intelligence that can be used to identify foreign spies and conduct additional cyber attacks. […]




Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] Mad John McAfee: ‘Can you live in a society that is more paranoid than I’m supposed to be?’

http://www.theregister.co.uk/2015/06/04/mad_mcafee/ By Alexander J Martin The Register 4 June 2015 Infosec 2015 – John McAfee delivered a surprisingly non-controversial keynote speech to the London Infosec Conference on Wednesday afternoon, lauding the value of privacy, doing so – to the concern of his bewildered audience – whilst seemingly tickling himself through the cloth of his pocket. McAfee’s talk was essentially a rant against governments’ security-compromising activities, summed up by his statement: “We cannot allow a fearful government to create weaknesses in the very software we are trying to protect. By putting backdoors in the software, we have given hackers the access we are trying to prevent.” Easily the rockstar of infosec, McAfee took to the stage fashionably late – though his audience had remained comfortable, being plied with free alcohol, free food and an enjoyable musical set (wasted on Infosec’s more senior attendees) during their wait. The man himself, a young 70-year-old in a handsome navy suit, looking and seeming much like a millionaire version of Matthew McConaughey’s Rust Cohle, was quick to address what he regarded as the major political influences upon security and explicitly criticised governments’ notions of backdooring software. A strong approach to a conference which has always had plenty of government security bods attending. “Take control of your lives,” McAfee urged Infosec. “Say ‘I am going to be responsible for myself, at least to some extent.’ Governments cannot protect you.” […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] KPMG: Institutional investors have no faith in company boards over cyber security

http://www.techworld.com/news/security/kpmg-investors-have-no-faith-in-company-boards-over-cyber-security-3607927/ By Antony Savvas Techworld.com Apr 16, 2015 Institutional investors believe the majority of the companies they have invested millions in are not up to the job when it comes to delivering cyber security, according to KPMG research. KPMG also found that 79 percent of investors would be discouraged from investing in a business that has been hacked. The findings revealed that investors believe less than half of the boards of the companies that they currently invest in have adequate skills to manage cyber risk. Furthermore, they believe that 43 percent of board members have unacceptable skills and knowledge to manage innovation and risk in the digital world. This sentiment was mirrored in a recent KPMG survey of FTSE 350 businesses, which found that 39 percent of boards and management agreed they were severely lacking in their understanding of the area. Malcolm Marshall, global leader of KPMG’s cyber security practice, said: “Investors see data breaches as a threat to a company’s material value and feel discouraged in investing in a business that has had its sensitive information compromised.” […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] Bain to buy Blue Coat for about $2.4 billion

http://www.reuters.com/article/2015/03/10/us-bluecoat-m-a-bain-idUSKBN0M615V20150310 BY GREG ROUMELIOTIS Reuters.com March 10, 2015 Bain Capital LLC will acquire Blue Coat Systems Inc from fellow private equity firm Thoma Bravo LLC in a deal that the network security company said on Tuesday would value it at about $2.4 billion, including debt. The deal comes amid strong demand for cybersecurity technology following a spate of high-profile breaches that have crippled businesses and rattled conglomerates such as Sony Corp and Target Corp. “This is a land-grab market opportunity, and private equity as well as larger tech players, have a strong appetite for vendors that play in this $15 to $20 billion market opportunity,” said FBR Capital Markets analyst Daniel Ives. […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] Inside HACK: The Sought-After Cyber Security ETF – ETF News And Commentary

https://finance.yahoo.com/news/inside-hack-sought-cyber-security-180006948.html By Sweta Killa Zacks.com Jan 20, 2015 The cyber security industry has gained immense popularity in recent years and is the fastest-growing corner of the broad technology space. This is because cyber-attacks on enterprises and government agencies are widespread with growing Internet usage, raising the need for more stringent cyber security from hackers. Hacking has become more sophisticated, dangerous and harder for companies (and even governments) to stop. According to the report from the Global State of Information Security Survey 2015, cyber attacks across the globe have risen about 66% over the past five years and 48% from 2013. Some of the well-known companies in the recent spate of data breaches include Target (TGT), eBay (EBAY), Home Depot (HD), AT&T (T) and JPMorgan Chase (JPM). The situation will likely to worsen in 2015, as hackers will continue to adopt advanced techniques and strategies to infiltrate networks hiding their tracks (read: PureFunds to Stop Hackers with This Cyber Security ETF). Solid Long-Term Prospects As per McAfee, cyber-warfare and espionage attacks are expected to increase in frequency. Attacks on Internet of Things (IoT) devices will rise rapidly due to whopping growth in the number of connected objects, poor security and the high value of data on IoT devices. And new mobile technologies will allow more mobile attacks. […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] Obama wants Congress to increase prison sentences for hackers

http://arstechnica.com/tech-policy/2015/01/obama-wants-congress-to-increase-prison-sentences-for-hackers/ By David Kravets Ars Technica Jan 14 2015 The Obama administration, currently engaged in a war of words with North Korea over the recent hacking of Sony Pictures Entertainment, is calling on Congress to increase prison sentences for hackers and to expand the definition of hacking. During next week’s State of the Union address, the president is set to publicly urge increased prison time and other changes to the Computer Fraud and Abuse Act—the statute that was used to prosecute Internet activist Aaron Swartz before he committed suicide in 2013. At issue is the Computer Fraud and Abuse Act (CFAA), passed in 1984 to bolster the government’s ability to nab hackers who destroy or disrupt computer functionality or who steal information. In general, the CFAA makes it illegal to “knowingly and with intent to defraud, accesses a protected computer without authorization, or exceeds authorized access, and by means of such conduct furthers the intended fraud and obtains anything of value, unless the object of the fraud and the thing obtained consists only of the use of the computer and the value of such use is not more than $5,000 in any 1-year period.” […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] CarolinaCon-11 call for papers/presenters

Fowarded from: Vic Vandal h4x0rs, stuff breakers, InfoSec pros, g33k girls, international spies, and script kidz, CarolinaCon-11, also referred to as “The Last CarolinaCon As We Know It”, will occur on March 20th-22nd 2015 in Raleigh NC (USA). We are now officially accepting speaker/paper/demo submissions for the event. If you are somewhat knowledgeable in any interesting field of hacking, technology, robotics, science, global thermonuclear war, etc. (but mostly hacking), and are interested in presenting at CarolinaCon-11, we cordially invite you to submit your proposal. Please send; – your name or handle/alias – the presentation name/title – a brief topic abstract (1-2 paragraphs) – the estimated time-length of your presentation – a brief bio (100% optional item, but if your talk is chosen it saves the time and trouble of asking for it later) ….via e-mail to: speakerscarolinacon.org *NOTE: All submissions are due BY January 1, 2015. However we may be making some early selections again this year from amongst the submissions, so please be timely in submission if you’re committed to being part of the elite cadre of chosen presenters. We value diversity so please don’t hesitate to propose your ideas no matter how outlandish. If you present at the Con, you will receive; – free CarolinaCon admission for you and one guest – one free CarolinaCon-11 T-shirt (l33t) – free transportation between RDU airport and the conference hotel (if needed) – minimal fame, glory, and possibly even notoriety – mad props and much love from our staff and attendees ATTENDEES: If you are interested in attending, watch this space for more details: www.carolinacon.org …and don’t forget to mark the March 2015 dates on your calendar. If you have any important (as in not-dumb and not-chinese-spam) inquiries about the event you can send email to: infocarolinacon.org We look forward to seeing you at our 2015 event. SPONSORS and/or VENDORS and/or ADVERTISERS: We don’t accept any so please don’t bother asking. Capitalism (what you vendor/sponsor types do) and philanthropic knowledge-sharing (what we do) don’t mix at CarolinaCon by design. We keep our admission price to the bare minimum to cover our venue and equipment expenses. All of our staff are volunteers who generously donate their time and energy. All of our presenters generously donate their time and talent. The only items sold at CarolinaCon are a limited quantity of single-design CarolinaCon t-shirts….and we only make and sell those because attendees and staff want them (and because they’re cool). Peace, Vic


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] ARRL Probing Web Server Breach by Hackers

http://www.infosecnews.org/arrl-probing-web-server-breach-by-hackers/ By William Knowles @c4i Senior Editor InfoSec News October 10, 2014 Last month a web server at ARRL Headquarters was breached by an unknown party. ARRL IT Manager Mike Keane, said that League members have no reason to be concerned about sensitive personal information being leaked, and assures members that there’s nothing of financial value on the compromised server. Some ARRL servers were taken offline and isolated from the Internet when the hack was discovered. Some web functions were temporarily disabled. The ARRL expects to restore service by close of business, on Wednesday, October 8, 2014 ARRL’s Mike Keane stressed that it is highly unlikely that any sensitive information was compromised. Any information the hacker might have been able to glean from the ARRL server, he said, is already publicly available — data such as names, addresses, and call signs that appear in the FCC database. The hacker may have been able to obtain site usernames and passwords that were established prior to April 2010, and that have not been changed since then. ARRL members who have not changed their ARRL website passwords since early 2010 should do so at this as soon as possible. […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail