[ISN] “H4CKERS WANTED” report: NSA not having trouble filling cybersecurity jobs

http://www.networkworld.com/article/2364271/security0/h4ckers-wanted-report-nsa-not-having-trouble-filing-cybersecurity-jobs.html By Ellen Messmer NetworkWorld June 18, 2014 While there’s a notion that a dearth of cybersecurity professionals the shortage is most acute at the “high end” where $250,000 salaries are not uncommon for those who combine technical and managerial skills. That’s according to the RAND Corp. report today on the topic, which also looked at how well the National Security Agency and other military-focused agencies were recruiting cybersecurity pros. The ‘H4CKERS WANTED” report from RAND, the non-profit policy think tank funded by the U.S. government and private endowment, looked at whether cybersecurity jobs are going unfilled, especially in the federal government, and if so, why. Co-authored by Martin Libicki, David Sentry and Julia Pollak, the RAND report reaches the conclusion that in the spectrum of the tasks that cybersecurity professionals might do, two types stand out as hard to find and recruit. In addition to the managerial job often thought of as the “chief information security officer” these days, it’s also the talented geeky few who can figure out that highly stealthy attacks are occurring or who can find “the hidden vulnerabilities in software and systems that allow advanced persistent threats to take hold of targeted systems.” Demand for cybersecurity skills in general began rising within the last five years, the report says, not because hackers are attacking networks more but because the defenders of those networks are far more aware of the hackers and are eager to employ someone who can set up ways to detect and stop them. In addition, the rise of state-sponsored stealthy cyber-espionage—and in some cases, even hard-hitting attacks suggestive of cyberwar




Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] Taking time to build out a strong health IT security program

http://healthitsecurity.com/2014/06/17/taking-time-to-build-out-a-strong-health-it-security-program/ By Patrick Ouellette Health IT Security June 17, 2014 Department of Health and Human Services (HHS) Chief Regional Civil Rights Counsel Jerome Meites recently predicted that there would be a considerable uptick in HHS data breach penalties within the next year, according to thehill.com. “Knowing what’s in the pipeline, I suspect that that number will be low compared to what’s coming up,” Meites said, adding that he wasn’t speaking on the behalf of HHS. Meites’ comments should be the latest reminder to healthcare organizations that they should be prepared with transparent security programs in the face of upcoming HIPAA audits. Anahi Santiago, Chief Information Security Officer (CISO) and Privacy Officer at Einstein Healthcare Network, explained to HealthITSecurity.com how much of the work that she did years ago within her organization has helped keep it equipped for a potential federal visit. In building her security program over her 9 ½ years at Einstein, Santiago said she has used pieces of a variety of different security frameworks as reference points. She sees all of the frameworks crossing paths and having similarities, so having a mix of the different frameworks makes the most sense. We started with the NIST framework and weren’t overly-prescriptive with it; we used it as a baseline and have taken some pieces from COBIT and ISO, and we’ve certainly started to lean toward utilizing HITRUST. I would love, at some point, to transition the organization fully to HITRUST. But we recognize that no one framework is a good fit for the organization; especially in healthcare you recognize that no one framework will be a one-size-fits-all. […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] ‘Anonymous’ hackers threaten to target regional oil & gas firms tomorrow

http://www.emirates247.com/news/emirates/anonymous-hackers-threaten-to-target-regional-oil-gas-firms-tomorrow-2014-06-19-1.553415 By Joseph George emirates247.com June 19, 2014 The UAE’s Adnoc and Enoc are among the list of oil, gas, and energy companies that may come under cyber-attacks on June 20 or closely after that, security firm Symantec has warned. According to Symantec, a hacker group called Anonymous, which recently threatened to hack corporate sponsors of the Fifa World Cup, has threatened to launch cyber-attacks against oil, gas, and energy companies, specifically the petroleum industry in the Middle East, before, during, and after June 20, 2014. Anonymous had issued a similar threat last year. According to Symantec, this year’s attack is also called “Operation Petrol” and is directed against the US dollar being used as the currency to buy and sell oil. The hackers are also threatening to target government websites of Saudi Arabia, Kuwait and Qatar. […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] Google’s Famous Security Guru Found An Embarrassing Hole In Microsoft’s Products

http://www.businessinsider.com/microsoft-security-versus-google-guru-2014-6 By Julie Bort Business Insider June 18, 2014 On Tuesday, Microsoft warned that it was issuing an emergency patch to fix a dangerous flaw in its software. This is notable for a few reasons. Microsoft rarely releases these kinds of urgent patches, only nine of them so far in 2014. It normally saves all patches for one mega patch day once a month. The software in question affects almost all of Microsoft’s family of security software. That means that the software Microsoft designed to protect computers from hackers can be hacked. In this case, it can be turned off, and from there, the hacker could do more harm. The person who found the flaw was none other than Microsoft’s security nemesis, Tavis Ormandy. […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] Hacker taunts arrested comrade after someone drops dime to FBI

http://arstechnica.com/tech-policy/2014/06/hacker-taunts-arrested-comrade-after-someone-drops-dime-to-fbi/ By Sean Gallagher Ars Technica June 18 2014 Continuing variations on a theme, the FBI has arrested yet another alleged “hacktivist” based on information provided by a confidential informant. This time, FBI agents from the bureau’s Chicago field office nabbed Timothy Justin French, who the Justice Department claims was a member of a group called NullCrew. Another alleged NullCrew member, a juvenile offender, was arrested by the Royal Canadian Mounted Police based on information passed by the FBI. Based on a statement from a member of NullCrew who remains at large, the arrests weren’t a big surprise. Calling French and the other hacker “skids” (script kiddies), the NullCrew member mocked their poor operational security and failure to cover their own digital tracks. And in a reference to the LulzSec case, the poster said that French missed “what should’ve been the most fucking obvious thing ever: don’t let just any asshole in the crew, and don’t give them the keys to the fucking kingdom. The FBI got someone to get you fuckers, and you deserved it. I’ve already taken care of that little problem—if it walks like Sabu and talks like Sabu…” French, who the FBI claims is known by the usernames “Orbit,” “crysis,” and a number of other IRC, Skype, and Twitter handles, was arrested on June 11 at his home in Morristown, Tennessee. He is accused, along with other members of NullCrew, of launching “computer attacks that resulted in the release of computer data and information, including thousands of username and password combinations,” according to a statement issued by the Justice Department. French and NullCrew’s alleged activities were exposed by a confidential informant who was invited into the group’s conversations on CryptoCat and Skype and in Twitter direct messages. “Nullcrew members discussed past, present, and future computer hacks, shared current computer vulnerabilities and planned targets, and discussed releases of their victims’ information,” the Justice Department said in its release. And apparently the informant volunteered the information to the FBI. “The witness has assisted with the investigation primarily in an effort to help the FBI, the affidavit stated. […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail