Tag Archives: verizon

[ISN] DHS Contract Expands Anti-Hacker EINSTEIN Protection to Every Agency

www.nextgov.com/cybersecurity/2015/12/dhs-contract-expands-anti-hacker-einstein-protection-every-agency/124308/ By Aliya Sternstein Nextgov.com December 8, 2015 Internet Service Provider CenturyLink has won a multiyear contract worth up to $10.8 million dollars to fill gaps in a governmentwide firewall, according to the Department of Homeland Security. The deal was inked to complete a goal of making so-called EINSTEIN 3A network protections available to all civilian agencies by Dec. 31, a DHS official told Nextgov on Tuesday. It also conforms to a sweeping cyber shape-up plan the White House launched in October, following an Office of Personnel Management hack that exposed background check records on 21.5 million Americans applying for access to classified materials and their families. Right now, EINSTEIN 3A’s intrusion-blocking services are only offered to agencies receiving telecommunications services from CenturyLink, AT&T or Verizon. Agencies that connect to the Internet through Sprint, Level 3 or other providers are not protected. […]




Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] Report: Target failed to execute security basics

http://www.networkworld.com/article/2988502/security/report-target-failed-to-execute-security-basics.html By Tim Greene Network World Oct 1, 2015 Verizon consultants probed Target’s network for weaknesses in the immediate aftermath of the company’s 2013 breach and came back with results that point to one overriding – if not dramatic – lesson: be sure to implement basic security best practices. In a recent KrebsOnSecurity post, Brian Krebs details Verizon’s findings as set down in a Target corporate report. The findings demonstrate that it really is important to put in place all the mundane security best practices widely talked about, and that without them even the best new security platforms can’t defend against breaches. Here are six things Target did wrong both before and immediately after the breach that contributed to the theft of information from 40 million credit and debit cards. […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] Most corporate risk due to just 1% of employees

http://www.csoonline.com/article/2975914/application-security/most-corporate-risk-due-to-just-1-of-employees.html By Maria Korolov CSO Aug 26, 2015 Just 1 percent of employees are responsible for 75 percent of cloud-related enterprise security risk, and companies can dramatically reduce their exposure at very little additional cost by paying extra attention to these users. According to newly-released research by CloudLock, which analyzed the behavior of 10 million users during the second quarter of this year, these users are sending out plain-text passwords, sharing files, accidentally downloading malware, clicking on phishing links, using risky applications, reusing passwords, and engaging in other types of dangerous behaviors. These users include both rank-and-file employees as well as super-privileged users, software architects, and non-human accounts used to perform automated tasks. According to the most recent Verizon data breach report, the two biggest attack vectors, responsible for more than two-thirds of all breaches last year, involved stolen credentials or phishing. […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] It’s Not Beijing’s Hackers You Should Be Worried About, It’s Moscow’s

http://complex.foreignpolicy.com/posts/2014/04/22/it_s_not_beijing_s_hackers_you_should_be_worried_about_it_s_moscow_s By Shane Harris Foreign Policy April 22, 2014 When U.S. officials warn of the threat foreign cyber spies pose to American companies and government agencies, they usually focus on China, which has long been home to the world’s most relentless and aggressive hackers. But new information shows that Russian and Eastern European hackers, who have historically focused their energies on crime and fraud, now account for a large and growing percentage of all cyber espionage, most of which is directed at the United States. Individuals and groups in eastern Europe, and particularly in Russia and Russian-speaking countries, are responsible for a fifth of all cyber spying incidents in the world, according to a global study of data breaches conducted by Verizon, published on Tuesday. The spies are targeting a range of companies as varied as the global economy itself, and are stealing manufacturing designs, proprietary technology, and confidential business plans. The cyber spies steal information on behalf of their governments in order to manufacture cheaper versions of technologies or weapons systems, or to give their home country’s corporations a leg up on their foreign competitors. The report is based on information provided by computer security companies as well as the U.S. Secret Service and the Department of Homeland Security. Last year, it attributed nearly all incidences of cyber espionage


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] Your Privacy Is Not Our Responsibility, Says Verizon Exec

http://www.tomsguide.com/us/marcus-sachs-verizon-interview,news-17618.html By Jill Scharr Tom’s Guide SEPTEMBER 30, 2013 “If you’re worried about it, do something about it. Take security on yourselves, and don’t trust anybody else to do it.” At a recent security conference in New York City, that was the advice Marcus Sachs, Verizon’s vice president of national security policy, had for people upset about Verizon’s connections to the U.S. National Security Agency (NSA). Verizon is one of the large U.S. telecommunications providers closely linked to the National Security Agency’s widespread surveillance and data collection programs, according to documents leaked by former NSA contractor Edward Snowden. News that Verizon supplies the NSA with customer phone records on an “ongoing, daily basis” broke in June 6, 2013. It was the first story to examine the top-secret NSA documents Snowden had recently handed to documentary filmmaker Laura Poitras and journalist Glenn Greenwald. […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] Why the state of application security is not so healthy

http://www.csoonline.com/article/740164/why-the-state-of-application-security-is-not-so-healthy By George V. Hulme CSO Online September 23, 2013 Application security is an alarming and persistent problem: Nearly one-third of all breaches can be attributed to attacks against web applications, and both web application and database attacks account for most records breached every year. That’s according to the Verizon 2013 Data Breach Investigations Report, which looked at 47,000 reported security incidents and 621 confirmed data breaches during the year prior to the report. Web applications – because they are so easy to exploit and provide access into enterprise data – have long been top targets of attackers. That’s why it’s so surprising, or at least disappointing, that so many organizations pay application security such little attention. For instance, our 2012 Global Information Security Survey, which was conducted by CSO and CIO magazines and PricewaterhouseCoopers and asked 12,052 business and technology executives about their organizations’ security efforts. The survey found that only 35 percent of those questioned actually include application security in their internal security policies. Fortunately, not every company is so lax. Consider Menlo Park, CA-based medical image sharing startup Image32. Founded in 2011, Image32 aims to help ease patient and doctor pain when it comes to sharing medical images such as X-Rays, CT Scans, and MRIs. “If all of your care takes place within the same hospital building, sharing these images among doctors is typically no trouble at all,” says Image32 founder and CEO Bob Pellican. “However, because of security concerns, once a patient goes to another medical building, they will most likely need to copy all of their images to a CD or DVD and carry them around from specialist to specialist,” he says. […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] Hack Turns Verizon Femtocell Into Spy Tool

http://www.pcmag.com/article2/0,2817,2421782,00.asp By Chloe Albanesius PCMag.com July 15, 2013 A pair of researchers this week revealed a vulnerability within Verizon Wireless femtocells that allowed hackers to spy on the carrier’s customers. Tom Ritter and Doug DePerry from iSEC Partners told Reuters that the glitch within the femtocells, which boost wireless signals in areas with poor reception, allowed for spying on text messages, photos, and phone calls. A software update rolled out by Verizon fixed the issue uncovered by iSEC, but the duo said that talented hackers could find ways to further breach the femtocells, according to Reuters, including those offered by other carriers. In a statement, Verizon Wireless said it routinely monitors its devices for security issues, but is sometimes approached by third parties that have uncovered other security issues. iSEC “identified an issue that was fixed in March of this year on all Network Extender devices,” the company said. “The fix prevents the Network Extender from being compromised in the same manner. There were no reports of any customer impact.” […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] Possible breach of DHS employee data has an unusual twist

http://gcn.com/articles/2013/06/03/dhs-data-breach-employee-info.aspx By William Jackson GCN.com Jun 03, 2013 The Homeland Security Department has notified some employees that personally identifiable information used for security clearances and stored in a third-party database could have been exposed to unauthorized users. The notifications came after DHS was alerted to a vulnerability in the vendor software by a “law enforcement partner.” According to a public notice the vulnerability could have been in place for as long as four years but has been addressed after being identified. The department said there is no evidence that the information, which included Social Security numbers and dates of birth, had been improperly accessed, although it is investigating what, if any, personally identifiable data might have been accessed since 2009. The fact that law enforcement was involved raises the possibility that a breach occurred. DHS officials have declined to comment on the incident beyond the public notice. It is not surprising that DHS was notified by a third party of the vulnerability. Most vulnerabilities are discovered by legitimate “white hat” researchers, who usually report them to the software vendor before they are publicly disclosed. In this case, it was law enforcement rather than researchers that appear to have discovered the problem. Whether it was part of an active investigation into a security breach is not known. Many security breaches go unnoticed by victims. According to the Verizon 2013 Data Breach Investigation Report, 69 percent of breaches analyzed in the report were discovered by external parties, and 66 percent of breaches took months or longer to discover. […] ______________________________________________ Visit the InfoSec News Security Bookstore Best Selling Security Books and More! http://www.shopinfosecnews.org


Facebooktwittergoogle_plusredditpinterestlinkedinmail