Why Hackers Aren’t Afraid of Us
Why Hackers Aren’t Afraid of Us
Why Hackers Arenât Afraid of Us
The United States has the most fearsome cyberweaponry on the planet, but we won’t use it for fear of what will come next.
US warns of North Korea cyber campaign, days after historic summit
US warns of North Korea cyber campaign, days after historic summit
US warns of North Korea cyber campaign, days after historic summit
The US Department of Homeland Security said that it has identified malicious cyber activity by the North Korean government, according to a new report released on Thursday, just days after the historic summit between President Donald Trump and North Korean dictator Kim Jong Un.
US warns of North Korea cyber campaign, days after historic summit
Apple to undercut popular law-enforcement tool for cracking iPhones
Apple to undercut popular law-enforcement tool for cracking iPhones
Apple to undercut popular law-enforcement tool for cracking iPhones
Apple Inc said on Wednesday it will change its iPhone settings to undercut the most popular means for law enforcement to break into the devices.
Apple to undercut popular law-enforcement tool for cracking iPhones
Healthcare Hacking Trends on the Dark Web | Cynerio
Healthcare Hacking Trends on the Dark Web | Cynerio
Healthcare Hacking Trends on the Dark Web | Cynerio
by Cynerio Research | Jun 11, 2018 | Vulnerabilities |
REMEMBER EQUIFAX?
From Jill Schlesinger (my high school classmate)
Remember how freaked out we all were nine months ago, after the Equifax data breach? Human nature is a tough enemy, when it comes to your personal data security and privacy. When a news event flares up, we pay attention and then as the issue recedes, we can get a bit complacent. That’s why June, aka National Internet Safety Month, and the recently enacted European Union General Data Protection Regulation (“GDPR”) make now a perfect time for a refresher on cyber security and privacy.
White House confirms its chief of staff was hacked
White House confirms its chief of staff was hacked
White House confirms its chief of staff was hacked
A personal email account of White House Chief of Staff John Kelly was hacked,
Chinese Hackers Steal Sensitive Data on U.S. Subs and Missiles from Military Contractor, Report Says
Chinese Hackers Steal Sensitive Data on U.S. Subs and Missiles from Military Contractor, Report Says
A contractor may not have done enough to protect vital U.S. military data. Read Full Yahoo News Article Here.
For insight into this shocking revelation, we asked Salvatore Stolfo, CTO of Allure Security, for comment. Allure specializes in technology that tracks the flow of documents in and out of the company (or government agency) firewall. Sal is a tenured Columbia University professor in computer science who founded Allure with a $10M DARPA grant to research ways to stop data from leaking from government agencies.
According to Sal, “The government and its defense contractors ought to know better on how to protect our nation’s secrets.The question I have is, how long did it take for the contractor to notice the theft, and how long did that contractor take to inform the government of the breach? Fast time-to-detection is necessary to secure our nation’s secrets. Placing the data on unsecured networks is obviously not best practices, especially when working with a third-party contractor. Once that happens, agencies have no way of knowing who is accessing this information. There is technology on the market that should be used whenever government agencies are working with contractors. For example, had deception technology been used to plant convincing fakes, or decoy documents, alongside real documents, the theft would have netted the attackers bogus materials along with real materials, causing them to be uncertain as to what they actually did steal. Also, the use of beacons could have detected in real time when unsanctioned individuals were attempting to remotely open or download the files.”
Experts warn it’s ‘only a matter of time’ before hackers hijack a plane midflight
Experts warn it’s ‘only a matter of time’ before hackers hijack a plane midflight
Experts warn it’s ‘only a matter of time’ before hackers hijack a plane midflight
The US government fears itâs only âa matter of timeâ before an airliner is hacked midflight leading to a potentially âcatastrophic disaster.â Security experts are now reportedly in a race against tâ¦
Experts warn it’s ‘only a matter of time’ before hackers hijack a plane midflight
Stop Throwing Away Your Historical Security Data – Uplevel Security
Stop Throwing Away Your Historical Security Data – Uplevel Security
Stop Throwing Away Your Historical Security Data – Uplevel Security
Historical data can help security teams better understand the evolution of threats within their environments
Stop Throwing Away Your Historical Security Data – Uplevel Security
Experts Weigh In On the ENCRYPT Act
Lawmakers seek standardized national encryption policy — FCW
Chase Gunther posted yesterday in FCW.com that there’s a push on Capitol Hill looks to preempt a possible patchwork of data encryption policies varying from state to state. Read Full Article Here.
As Gunther noted, “The ENCRYPT Act (an acronym for Ensuring National Constitutional Rights for Your Private Telecommunications) would preempt state and local government efforts to implement disparate policies.
The bill, introduced June 7 by Reps. Ted Lieu (D-Calif.), Mike Bishop (R-Mich.), Suzan DelBene (D-Wash.) and Jim Jordan (R-Ohio), would instead create a single, standardized national policy.
According to Ted Lieu, “Any discussion of encryption and law enforcement access to data needs to happen at the federal level, Encryption exists to protect us from bad actors, and can’t be weakened without also putting every American in harm’s way.”
This is a potentially significant piece of legistation that will have an impact on the cyber security industry. Experts weigh in:
Craig Young, computer security researcher for Tripwire’s Vulnerability and Exposure Research Team (VERT), commented, “This is a nice direct bill to protect state governments from compelling companies to take actions which dilute or circumvent security functions in their products or services. This includes that states are not allowed to ban products or services on the basis that they employ strong encryption.
He added, “This is an incredibly important set of protections, but I am left wondering why they couldn’t take this a step further by applying the same restrictions to the federal government. The risk of government mandated backdoors can have serious detriment for companies looking to compete in the global technology markets regardless of what level of government is demanding the backdoor.”
Cybersecurity experts from CipherCloud, STEALTHbits Technologies, and Virsec also shared their views. Anthony James, CMO at CipherCloud remarked, “The trend towards government access to your encrypted data has picked up speed. Many states within the U.S. are moving forward on policies that would essentially enable “back doors” into encrypted data sets. At the top of their well-intended agenda is support for law enforcement on a variety of challenges including, of course, terrorism. This new legislation for a national encryption policy is trying to avoid the various states from implementing their own legislation and instead, position one clear and more easily implemented national policy.”
James also expressed a view that, “Despite the noble objective of nationally standardized encryption in support of law enforcement and counter-terrorist activity, the use by government of forced disclosure, whether at the state level or the federal level, can move the control of your data into someone else’s hands. ‘Back doors,’ or special APIs that access your data at various points of being used within applications, can also easily circumvent basic protection such as ‘at rest’ encryption for your databases.”
He added, “The only way to maintain firm control over your confidential data is to implement Zero Trust end-to-end encryption. This level of protection, for example, will not allow anyone using a backdoor into one of your 3rd party provided cloud applications to access your data without your explicit knowledge, and approval. Only your decision to deliver your data encryption keys to the requesting party will expose the data.”
According to Gabriel Gumbs, vice president of product strategy at STEALTHbits Technologies. “The re-introduction of legislation to not force technologies to implement security backdoors is an unfortunate necessity. Undoubtedly any backdoor that is introduced will be available to both law enforcement and bad actors alike, collectively making us less secure.”
Willy Leichter, vice president of marketing at Virsec explained, “It seems like a positive move to have a standardized national encryption policy. However, this doesn’t solve the basic collision of interests around encryption – law enforcement wants broader access, while privacy experts (and most of the security industry) don’t want to neuter the effectiveness of encryption. This group seems to understand that encryption is a fundamental building block of most digital business, and weakening it, for whatever reasons, can be disastrous.”