[ISN] F.B.I. Informant Is Tied to Cyberattacks Abroad

http://www.nytimes.com/2014/04/24/world/fbi-informant-is-tied-to-cyberattacks-abroad.html By Mark Mazzetti The New York Times April 23, 2014 WASHINGTON




Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] Stolen laptops mean $2M in mega fines

http://www.healthcareitnews.com/news/stolen-laptops-mean-2m-mega-fines By Mike Miliard Managing Editor Healthcare IT News April 23, 2014 Serving notice that “covered entities and business associates must understand that mobile device security is their obligation,” the HHS Office for Civil Rights has settled with two organizations for a combined $1,975,220 penalty after their unencrypted computers were stolen. That’s a big number. And that’s because it’s meant to drive home the point that unencrypted laptops and mobile devices pose significant risks to the security of patient information, said Susan McAndrew, OCR’s deputy director of health information privacy. “Our message to these organizations is simple: Encryption is your best defense against these incidents,” she said. The biggest of the two settlements was levied against Concentra Health Services, after OCR opened an investigation following a breach report that an unencrypted laptop was stolen from one of its facilities, the Springfield Missouri Physical Therapy Center. […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] Bug can cause deadly failures when anesthesia device is connected to cell phones

http://arstechnica.com/security/2014/04/bug-can-cause-deadly-failures-when-anesthesia-device-is-connected-to-cell-phones/ By Dan Goodin Ars Technica April 22, 2014 Federal safety officials have issued an urgent warning about software defects in an anesthesia delivery system that can cause life-threatening failures at unexpected times, including when a cellphone or other device is plugged into one of its USB ports. The ARKON anesthesia delivery system is used in hospitals to deliver oxygen, anesthetic vapor, and nitrous oxide to patients during surgical procedures. It is manufactured by UK-based Spacelabs Healthcare Ltd., which issued a recall in March. A bug in Version 2.0 of the software running on the device is so serious that it could cause severe injury or death, the US Food and Drug Administration warned last week in what’s known as a Class I recall. In part, the FDA advisory read: Reason for Recall: Spacelabs Healthcare is recalling the ARKON Anesthesia System with Version 2.0 Software due to a software defect. This software issue may cause the System to stop working and require manual ventilation of patients. In addition, if a cell phone or other USB device is plugged into one of the four USB ports for charging, this may also cause the System to stop working. This defect may cause serious adverse health consequences, including hypoxemia and death. Spacelabs Healthcare received one report related to the software defect. There has been no injuries or deaths associated with this malfunction. […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] It’s Not Beijing’s Hackers You Should Be Worried About, It’s Moscow’s

http://complex.foreignpolicy.com/posts/2014/04/22/it_s_not_beijing_s_hackers_you_should_be_worried_about_it_s_moscow_s By Shane Harris Foreign Policy April 22, 2014 When U.S. officials warn of the threat foreign cyber spies pose to American companies and government agencies, they usually focus on China, which has long been home to the world’s most relentless and aggressive hackers. But new information shows that Russian and Eastern European hackers, who have historically focused their energies on crime and fraud, now account for a large and growing percentage of all cyber espionage, most of which is directed at the United States. Individuals and groups in eastern Europe, and particularly in Russia and Russian-speaking countries, are responsible for a fifth of all cyber spying incidents in the world, according to a global study of data breaches conducted by Verizon, published on Tuesday. The spies are targeting a range of companies as varied as the global economy itself, and are stealing manufacturing designs, proprietary technology, and confidential business plans. The cyber spies steal information on behalf of their governments in order to manufacture cheaper versions of technologies or weapons systems, or to give their home country’s corporations a leg up on their foreign competitors. The report is based on information provided by computer security companies as well as the U.S. Secret Service and the Department of Homeland Security. Last year, it attributed nearly all incidences of cyber espionage


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] Self-taught hackers rule

http://www.csoonline.com/article/2146363/security-leadership/self-taught-hackers-rule.html By Taylor Armerding CSO Online April 23, 2014 Ilio Kolochenko, CEO of High-Tech Bridge, a Swiss information security company, gave the keynote address on governments’ role in cybersecurity this past Sunday at the Regional cybersecurity Summit in Oman. Before his speech, he talked with CSO about why self-taught hackers are generally superior to those who go through a formal certification program, and why compliance with cybersecurity standards will remain low unless governments make it very painful to ignore it. A recent story in The Independent said the UK’s Government Communications Headquarters (GCHQ), through approval of certain Master’s programs, had created, “the first certified degrees for spies.” Is it accurate to call a degree in cybersecurity a degree in spying? I’d say not. Obviously some governments’ activities may be reasonably called “spying”, but we should not forget that national security experts are required to use intrusive techniques to protect the nation’s interests. […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail