[ISN] Zambia: First Cyber Security Lab Unveiled

http://allafrica.com/stories/201407300414.html By Chusa Sichone Times of Zambia July 30, 2014 VISITING International Telecommunications Union (ITU) deputy secretary-general Houlin Zhao has launched the first-ever cyber security laboratory in Zambia, which will enable law-enforcement agencies to combat Information Communication Technology (ICT)-related crimes. The laboratory is based at the Zambia Police Service headquarters in Lusaka, whose refurbishment and procurement of equipment was done by the Zambia Information and Communication Technology Authority (ZICTA) at a cost of K700,000. Mr Zhao said that cyber crime was a fast-growing phenomenon as more and more criminals were exploiting connectivity, convenience and anonymity of the Internet to commit various crimes that had no borders. “Due to the increased expertise and number of attackers, this laboratory will surely have a key role to play in supporting the Government in addressing cyber security-related issues at the national and regional levels as well as the global level,” he said. […]




Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] Commentary: Cyber Deterrence Is Working

http://www.defensenews.com/article/20140730/DEFFEAT05/307300017/Commentary-Cyber-Deterrence-Working By Jason Healey Defense News July 30, 2014 Despite the mainstream view of cyberwar professionals and theorists, cyber deterrence is not only possible but has been working for decades. Cyberwar professionals are in the midst of a decades-old debate on how America could deter adversaries from attacking us in cyberspace. In 2010, then-Deputy Defense Secretary Bill Lynn summed up the prevailing view that “Cold War deterrence models do not apply to cyberspace” because of low barriers to entry and the anonymity of Internet attacks. Cyber attacks, unlike intercontinental missiles, don’t have a return address. But this view is too narrow and technical. The history of how nations have actually fought (or not fought) conflicts in cyberspace makes it clear deterrence is not only theoretically possible, but is actually keeping an upper threshold to cyber hostilities. The hidden hand of deterrence is most obvious in the discussion of “a digital Pearl Harbor.” In 2012, then-Defense Secretary Leon Panetta described his worries of such a bolt-from-the-blue attack that could cripple the United States or its military. Though his phrase raised eyebrows among cyber professionals, there was broad agreement with the basic implication: The United States is strategically vulnerable and potential adversaries have both the means for strategic attack and the will to do it. But worrying about a digital Pearl Harbor actually dates not to 2012 but to testimony by Winn Schwartau to Congress in 1991. So cyber experts have been handwringing about a digital Pearl Harbor for more than 20 of the 70 years since the actual Pearl Harbor. […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] Utilities ignorant of IT security despite pounding by hackers: Ponemon

http://www.cso.com.au/article/551228/utilities_ignorant_it_security_despite_pounding_by_hackers_ponemon/ By David Braue CSO Online (Australia) 30 July, 2014 Security pundits have warned of the imminent hacking threat to critical infrastructure providers, but a new Ponemon Institute survey of infrastructure operators suggests the threat is already here. The survey found 86 per cent of executives reporting they suffered at least one security breach, leading to a loss of confidential information or disruption of their operations, over the past 12 months. The A/NZ figure was considerably higher than the nearly 70 per cent of executives globally reporting an attack, suggesting that this region has fallen behind the world in terms of data protection. Fully 24 per cent of respondents said the security breaches were due to an insider attack, or to negligent privileged IT users. Despite such a high rate of security incidents, only 17 per cent of companies in the Critical Infrastructure: Security Preparedness and Maturity report – which was sponsored by Unisys and included 599 IT and IT security executives at infrastructure companies in 13 countries – had deployed most of their IT security program. […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] Nigeria: Over 25 Million Payment Cards in Nigeria At Risk

http://allafrica.com/stories/201407300373.html BY PRINCE OSUAGWU AllAfrica.com 30 JULY 2014 Unless quick measures are put in place, your digital wallet, particularly the payment cards which you so much treasure, may sadly be like the proverbial basket used to store water. If recent developments are anything to go by, only God will prevent hackers from being smarter than you. Do you know why? Microsoft server 2003 and 2003 R2, which supports the platform, will come to the end of their life circles by July 2015. This is a normal support life cycle policy for Microsoft. The implication of this expected development is that over 25 million electronic payment cards issued by 23 Nigerian banks could be at risk of malicious and targeted attacks by cyber criminals. With unconfirmed reports that banks in Nigeria, already lost N40 billion to online fraud cases in 2013 alone, when Microsoft’s extended support period for these products cuts off, next year, which means that there may not be updates and patches for combating security issues, loss of compliance and regulatory certifications for banks, vulnerability may widen. Industry practitioners have also expressed fears that the end of support period will also mean that support on applications and programmes will come to an end for any organisation, datacentre or server running this Operating System (OS) after the stipulated date. This lack of compliance, according to them, may come with a huge risk for local financial services partnership with global Payment Platforms like Visa, MasterCard among others. Meanwhile, of the 25million e-payment cards in circulation, 18 million were issued by Verve, a local card operator, which has over the years built up strategic partnerships with MasterCard and Visa, for various co-branded cards. However, all hope is not lost for organisations that are proactive. Chief Executive Officer, Wragby Business Solutions & Technologies Limited, Mr Gbenga Iluyemi, admitted that the end of Windows 2003 support life circle will impact on payment platforms that run on the Operating System, but added that it is only if they did not quickly migrate to the latest version. […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] Hilton Turns Smartphones Into Room Keys

http://www.informationweek.com/mobile/mobile-business/hilton-turns-smartphones-into-room-keys/d/d-id/1297618 By Thomas Claburn InformationWeek.com 7/29/2014 Hilton Worldwide plans to allow guests to check-in and choose their rooms using mobile devices, and even to unlock their hotel rooms. By the end of the year, Hilton says it will offer digital check-in and room selection at 11 of its brands, across more 4,000 properties. The service will be available to Hilton HHonors members in more than 80 countries, the company said. “We analyzed data and feedback from more than 40 million HHonors members, as well as guest surveys, social media posts, and review sites, and it’s clear that guests want greater choice and control,” said Geraldine Calpin, SVP and global head of digital at Hilton Worldwide, in a statement. Calpin cited a company-commissioned study conducted by Edelman Berland that indicates some 84% of business travelers want the ability to choose their own room. Calpin said Hilton is enabling guests to select rooms, room types, and room numbers, subject to availability, using mobile devices. […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] OIG audit criticizes HHS access controls

http://www.fiercehealthit.com/story/office-inspector-general-audit-criticizes-hhs-access-controls/2014-07-29 By Susan D. Hall FierceHealthIT.com July 29, 2014 The U.S. Department of Health and Human Services must improve its security procedures for granting access to physical facilities as well as computer applications and files, according to an audit from the HHS Office of Inspector General that found security controls inadequate. The audit looked at how well the agency complied with Homeland Security Presidential Directive-12, which lays out access-management policy for government workers and contractors. It covered program and system-specific controls, encryption, change controls, Web vulnerability management and physical security. It found five areas it categorized as high risk and one


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] Riverside announces security breach

http://www.dailypress.com/health/dp-nws-security-breach-riverside-20140729,0,1160235.story By Prue Salasky dailypress.com July 29, 2014 Newport News-based Riverside Health System has announced a security breach at Cancer Specialists of Tidewater, a Riverside-owned practice with offices in Virginia Beach, Suffolk and Chesapeake. More than 2,000 patients have potentially been affected by a team member accused of identity theft. The female employee charged, a medical assistant at the practice from August 2012 to June 2014, is no longer employed by Riverside. The health system says it is assisting the Chesapeake Police Department in an investigation. Riverside bought Cancer Specialists in 2007, but its name never changed to reflect its ownership. According to a news release, it does not believe the employee obtained credit card information from any of Riverside’s electronic systems; however, as a precaution, it is contacting patients of the practice whose records were accessed by the team member. It is offering free three-bureau credit monitoring to those 2,000 patients and to staff at the practice. “Keeping patient information protected is vital at Riverside. We have a robust compliance program and ongoing monitoring in place. We are looking at ways to improve our monitoring program with more automatic flags to protect our patients,” said Peter Glagola, Riverside spokesman. “We apologize for any issues this incident may have caused.” […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail