[ISN] Evident.io encourages startups to boost AWS security

http://www.cloudpro.co.uk/cloud-essentials/cloud-security/5177/evidentio-encourages-startups-to-boost-aws-security By Clare Hopping Cloud Pro June 25, 2015 Evident.io has announced a startup and small business AWS Cloud Security platform to help those without a dedicated security resource ensure their Amazon cloud infrastructure is protected. Adrian Sanabria, an analyst with 451 Research, commented: “The rise of cloud computing has enabled small businesses to grow and thrive with affordable cloud infrastructure and powerful cloud-based tools, but it’s also created unprecedented security threats.” He explained that startups often set up multiple severs in the cloud before even thinking about the security implications this has, employing a security expert or buying even basic equipment for the office. It’s this ‘cloud-first’ attitude that can get organisations into trouble when it comes to securing their systems. “The biggest risk with cloud infrastructure, especially for ‘cloud-first’ businesses, is the management plane,” he commented. […]




Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] Sony Pictures: Inside the Hack of the Century, Part 1

https://fortune.com/sony-hack-part-1/ By Peter Elkind Fortune.com June 25, 2015 A cyber-invasion brought Sony Pictures to its knees and terrified corporate America. The story of what really happened—and why Sony should have seen it coming. A special three-part investigation. On Monday, Nov. 3, 2014, a four-man team from Norse Corp., a small “threat-intelligence” firm based in Silicon Valley, arrived early for an 11:30 a.m. meeting on the studio lot of Sony Pictures Entertainment, in the Los Angeles suburb of Culver City. They were scheduled to see Sony’s top cybersecurity managers to pitch Norse’s services in defending the studio against hackers, who had been plaguing Sony for years. After a quick security check at the front gate and then proceeding to the George Burns Building on the east side of the Sony lot, the Norse group walked straight into the unlocked first-floor offices of the information security department, marked with a small sign reading info sec. There was no receptionist or security guard to check who they were; in fact, there was no one in sight at all. The room contained cubicles with unattended computers providing access to Sony’s international data network. The visitors found their way to a small sitting area outside the office of Jason Spaltro, Sony’s senior vice president for information security, settled in, and waited. Alone. For about 15 minutes. “I got a little shocked,” says Tommy Stiansen, Norse’s co-founder and chief technology officer. “Their Info Sec was empty, and all their screens were logged in. Basically the janitor can walk straight into their Info Sec department.” Adds Mickey Shapiro, a veteran entertainment attorney who helped set up the meeting and was present that day: “If we were bad guys, we could have done something horrible.” […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] Why an Arms Control Pact Has Security Experts Up in Arms

http://www.wired.com/2015/06/arms-control-pact-security-experts-arms/ By Kim Zetter Security Wired.com June 24, 2015 SECURITY RESEARCHERS SAY a proposed set of export rules meant to restrict the sale of surveillance software to repressive regimes are so broadly written that they could criminalize some research and restrict legitimate tools that professionals need to make software and computer systems more secure. Critics liken the software rules, put forth by the US Commerce Department, to the Crypto Wars of the late ’90s, when export controls imposed against strong encryption software prevented cryptographers and mathematicians from effectively sharing their research abroad. At issue is the so-called Wassenaar Arrangement, an international agreement on which the proposed US rules are based. Other countries are in the process of developing their own rules around the WA, potentially putting researchers overseas in the same troubled boat as ones in the US. To clarify why people are alarmed about the WA and the proposed US rules, we’ve compiled a primer on what they are and why they could harm not only researchers and security companies but the state of computer security itself. […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] EFCC arraigns two for hacking into bank’s internet network

http://nationalmirroronline.net/new/efcc-arraigns-two-for-hacking-into-banks-internet-network/ By Matthew Irinoye National Mirror June 25, 2015 The Economic and Financial Crimes Commission, EFCC yesterday arraigned two men for allegedly attempting to hack into the internet network of Enterprise Bank Plc. The suspects include Ola Lawal, Abass Ajide while the third person Olumide Kayode was said to be at large. The defendants who were arraigned before Justice Lateef Lawal-Akapo, on a four count charge offence bordering on conspiracy to defraud, felony, stealing and forgery pleaded not guilty to the four count charge. EFCC counsel, Mr. Seidu Atteh, said that the suspects conspired to defraud Enterprise Bank and hacked into the bank’s network with their laptop computer, router model and grabber/ key logger to obtain the password of key operations staff through the Central Processing Unit (CPU). He said the defendants aimed to access the network of the bank without authority to conduct fraudulent transactions. Atteh alleged that the defendants wanted to access the CPU to conduct fraudulent transactions and transfer unauthorised money into other accounts. […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] Hacker Drama Mr. Robot Is Scary, Paranoia-Inducing, and Awesome

http://gizmodo.com/hacker-drama-mr-robot-is-scary-paranoia-inducing-and-1713408001 By Bryan Lufkin Gizmodo June 24, 2015 If you could hack into an evil corporation’s bank account and shuffle its wealth to the 99%, would you? That’s the Anonymous-era quandary a young, brilliant hacker grapples with in the new USA drama, Mr. Robot, which premiers tonight at 10 p.m. I got a chance to hang out with the cast as they were filming in New York. The pilot’s been up on YouTube for a few weeks now, though—something unusual and refreshing for a cable show—and if you haven’t watched yet, watch. Here’s the gist: Main character Elliot (Rami Malek) is an antisocial computer genius who works at a cybersecurity firm that protects a sinister, Enron-like megacorp. But he moonlights as a vigilante hacker, busting scum like kiddie porn wranglers for fun. One day, he’s drafted by an underground hacker group that’s led by Mr. Robot, played by a scruffy Christian Slater. He asks Elliot to help him unleash cyber doom on Elliot’s uber-rich client in a digital Robin Hood-like raid of history book proportions. Talking to the cast, it sounds like prepping for their hacker roles scared the crap out of them. They talked about putting tape over their laptop webcams, paranoid that someone could hack into it to look at and listen to them. […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] A Review of Common HIPAA Technical Safeguards

http://healthitsecurity.com/news/a-review-of-common-hipaa-technical-safeguards By Elizabeth Snell Health IT Security June 26, 2015 HIPAA technical safeguards are just one piece of the larger health data security plan that covered entities and their business associates must put together. However, it is a very important aspect. Over the next few weeks, HealthITSecurity.com will discuss some common examples of all three HIPAA safeguards, and how they could potentially benefit healthcare organizations. Not all types of safeguards are appropriate or necessary for every covered entity. But by having a comprehensive understanding of what is required by HIPAA and the HITECH Act, and how various safeguards can be used, organizations will be able to identify which ones are most applicable. From there, they can create and implement the right data security protections for their daily workflow and ensure they maintain HIPAA compliance. As previously mentioned, HIPAA technical safeguards are an important part to keeping sensitive health data secure. Whether a small primary care clinic is debating health data encryption options or a large HIE is considering BYOD for employees, understanding the basics of HIPAA technical safeguards is essential. What are HIPAA technical safeguards? The HIPAA Security Rule describes technical safeguards as ““the technology and the policy and procedures for its use that protect electronic protected health information and control access to it.” However, an important note is that the Security Rule does not require specific technology solutions. Rather, healthcare organizations need to determine reasonable and appropriate security measures for their own needs and characteristics. […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] Why Cyber War Is Dangerous for Democracies

http://www.theatlantic.com/international/archive/2015/06/hackers-cyber-china-russia/396812/ By MOISÉS NAÍM The Atlantic June 25, 2015 This month, two years after his massive leak of NSA documents detailing U.S. surveillance programs, Edward Snowden published an op-ed in The New York Times celebrating his accomplishments. The “power of an informed public,” he wrote, had forced the U.S. government to scrap its bulk collection of phone records. Moreover, he noted, “Since 2013, institutions across Europe have ruled similar laws and operations illegal and imposed new restrictions on future activities.” He concluded by asserting that “We are witnessing the emergence of a post-terror generation, one that rejects a worldview defined by a singular tragedy. For the first time since the attacks of Sept. 11, 2001, we see the outline of a politics that turns away from reaction and fear in favor of resilience and reason.” Maybe so. I am glad that my privacy is now more protected from meddling by U.S. and European democracies. But frankly, I am far more concerned about the cyber threats to my privacy posed by Russia, China, and other authoritarian regimes than the surveillance threats from Washington. You should be too. Around the time that Snowden published his article, hackers broke into the computer systems of the U.S. Office of Personnel Management and stole information on at least 4 million (and perhaps far more) federal employees. The files stolen include personal and professional data that government employees are required to give the agency in order to get security clearances. The main suspect in this and similar attacks is China, though what affiliation, if any, the hackers had with the Chinese government remains unclear. According to the Washington Post, “China is building massive databases of Americans’ personal information by hacking government agencies and U.S. health-care companies, using a high-tech tactic to achieve an age-old goal of espionage: recruiting spies or gaining more information on an adversary.” […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] The US Navy’s warfare systems command just paid millions to stay on Windows XP

http://www.networkworld.com/article/2939254/the-us-navys-warfare-systems-command-just-paid-millions-to-stay-on-windows-xp.html By Martyn Williams IDG News Service June 22, 2015 The U.S. Navy is paying Microsoft millions of dollars to keep up to 100,000 computers afloat because it has yet to transition away from Windows XP. The Space and Naval Warfare Systems Command, which runs the Navy’s communications and information networks, signed a US$9.1 million contract earlier this month for continued access to security patches for Windows XP, Office 2003, Exchange 2003 and Windows Server 2003. The entire contract could be worth up to $30.8 million and extend into 2017. The first three of those products have been deemed obsolete by Microsoft, and Windows Server 2003 will reach its end of life on July 14. As a result, Microsoft has stopped issuing free security updates but will continue to do so on a paid basis for customers like the Navy that are still using those products. […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail