Cybersecurity Report: August 11, 2015

Screen shot 2015-04-14 at 12.19.10 AMFBI Understaffed to Ward off Cybersecurity Attacks, Report Says

Last week, the U.S. Department of Justice released a report that revealed some weaknesses in Next Gen Cyber, The Federal Bureau of Investigation’s cybersecurity program begun in 2012. Next Gen Cyber originally has a budget of $314 million and a total of 1,333 full-time jobs (including 756 agents), while the DOJ also asked for an $86.6 million increase in funding for 2014 to support this Initiative. The FBI had in total 52 open positions of the 134 computer scientists it was authorized to employee under the Initiative. However, it is getting a lukewarm reception from private companies and individuals who have privacy concerns. Besides, lower salaries as compared to the private sector and stringent rules about past drug use were other main problems faced by the FBI hiring.

FDA Warns of Cybersecurity Vulnerabilities of Hospira Infusion System

The U.S. Food and Drug Administration and pharmaceutical company Hospira announced last week that they were aware of cybersecurity vulnerabilities associated with the company’s Symbiq Infusion System. These devices are usually used in hospitals and nursing homes to allow for continuous delivery of general infusion. Hospira insisted in a statement that there had been no known breaches of their devices. However, the company was still working to provide its Symbiq customers with another layer of security for the devices. The FDA also mentioned that the devices were no longer being manufactured or distributed, recommending that healthcare facilities transition to other infusion systems as soon as possible.

Cybersecurity Bill Could ‘Sweep Away’ Internet Users’ Privacy, Agency Warns

Last Monday, the Department of Homeland Security (DHS) claimed that the controversial new surveillance bill Cybersecurity Information Sharing Act (CISA) could sweep away important privacy protections. CISA encourages private companies to share their sensitive corporate data with the government to prevent future cyber attacks and fortify national cybersecurity. However, this may raise serious privacy issues within private sectors. Privacy concerns have long been significant in the private sector, where the use of personal data at scale is largely unregulated. Data brokers like Experian are anxious about losing the ability to aggregate vast quantities of personal data and have been lobbying against the bill, calling it “the Darth Vader bill.”

J.P. Morgan to Accelerate Timeline for Cybersecurity Spending Boost

J.P. Morgan Chase & Co. expected to increase spending on cybersecurity in the upcoming years, accelerating its initial timeline of the spending growth in information security. According to a quarterly regulatory filing from the bank, its annual cybersecurity budget is expected to double this year, which would bring this year’s spending figure to about $500 million, marking a huge leap from $250 million in 2014. J.P. Morgan also expected its cybersecurity spending to remain at around $500 million in 2016  and will probably also remain the same or see an increase in the next four years. The bank is also working on strengthening its partnerships with government, law enforcement agencies and third-party service providers.

China to Embed Internet Police in Tech Firms

The Chinese government plans to embed cybersecurity police units at major Internet companies and websites to help prevent crimes such as fraud and spreading of rumors. China’s Ministry of Public Security didn’t reveal the name of companies that will have the new police units, but it is likely that the three e-commerce giants, Alibaba Group, Tencent and Baidu, will be on the list. It isn’t clear yet whether the cyberpolice units would apply to international, as well as domestic, tech companies operating in China. These physical police units at Web firms are part of Beijing’s broader efforts to exert greater control over China’s Internet.

 

Cybersecurity Report: August 4, 2015

security_planFiat Chrysler to Recall 1.4 Million Vehicles in U.S. to Prevent Hacking

FCA US LLC, formerly Chrysler Group LLC, announced on Friday that Fiat Chrysler will recall 1.4 million vehicles in US to install software to prevent hackers from gaining remote control of the engine, steering and other systems. According to federal officials, this is the first such action of its kind. This announcement was made several days after cybersecurity researchers succeeding in using a wireless connection to turn off a Jeep Cherokee’s engine as it drove. The National Highway Traffic Safety Administration also said on Friday that it would investigate whether FCA’s solution to upgrade software was enough to protect consumers from hackers.

It Looks Like the US Government Just Got Hacked Again – and This Time Anonymous is Claiming Responsibility

Last Wednesday, a group of hackers, who claimed to be a part of Anonymous, said that it had successfully hacked the US Census Bureau, compromising over 4,200 workers’ data in the process. The data alleging to be stolen includes the usernames, work email addresses and office phone numbers of the government department’s staff. The hackers claimed that the purpose behind this cyber attack is to protest the Transatlantic Trade and Investment Partnership (TTIP) and Trans-Pacific Partnership (TPP) trade negotiations. These trade negotiations are originally designed to improve trade relations and lower barriers between participating nations. However, it has also led to concerns within Europe that free, state-run health services could be privatised.

United Airlines Pays Out ‘Bug Bounties’ to Clean Up Security Gaps

United Airlines has paid out “bug bounties” to cybersecurity experts who found and exposed weaknesses in the airline’s website.The original announcement on the “bug bounties” program was announced in May, only a few weeks before the latest several technical glitches that grounded flights for nearly one and a half hour. According to United officials, the Chicago-based carrier borrowed the “bug bounty” idea from technology companies in Silicon Valley, which offers rewards to anyone being able to identify cybersecurity gaps. The United would give 1 million reward miles to whoever could find a loophole that allowed hackers to execute computer codes at the United website from a remote server. This reward equals to about three first-class round-trip tickets from US to Europe.

Planned Parenthood Confirms Attack from Anti-Abortion Hackers

Planned Parenthood confirmed on Monday that anti-abortion hackers had tried to compromise the information systems of the organization, potentially exposing sensitive data of their employees. A hacker called “E” claimed partial responsibility of the attack, saying that the hackers had pilfered internal files, emails and worker information. These hackers were also threatening to decrypt and unveil the organization’s internal emails next. According to the hackers, the attack was mainly aimed at “seeking to reclaim some sort of lulz for the years and thousands of dollars that Planned Parenthood have wasted and made harvesting your babies,” which could be regarded as an support of the recent appeal on stripping Planned Parenthood of its federal fundings.

Controversial Cybersecurity Bill Called CISA Likely Delayed Until Fall

Cybersecurity Information Sharing Act, or CISA, a bill that encourages private companies to share data with the federal government, is expected to be delayed until this September. The bill’s co-author, Sen. Dianne Feinstein, California Democrat argued that CISA could “incentivize the sharing of cybersecurity threat information between the private sector and the government and among private sector entities.” However, this bill is strongly opposed by privacy advocates. Earlier this week, digital rights groups including American Civil Liberties Union and the Electronic Frontier Foundation opened a website containing details on the cyber bill and a free service in which visitors could have their concerns automatically routed to the fax machines in all 100 US senator’s offices. As of Wednesday morning, more than a quarter-million faxes had already been sent. It was said that the grassroots effort might be the major reason for the Capitol Hill to postpone the bill.

 

It’s Never All About That Base: Three Non-Firewall Add-ons You Should Have For Website Security

Web application firewall
SiteLock prevents harmful visitors and malicious attacks on your website.

Viruses used to be the only cyber security issue that companies worried about. With cyber threats increasing in variety, protecting your website is no longer about installing a basic firewall. You also need to consider all the right add-ons in all the right places to develop a multi-layered security plan.

To help you start your own deployment, below are three non-firewall add-ons that you should have in order to develop a comprehensive website security plan.

  1.      DDoS Attack Protection

Will your customers blame their slow internet connection when they have to wait 10 seconds for a page to load on your website? They might, but chances are they’ll also blame you. Long loading times are one of the major issues that turn customers away from a website. Recent research by Kissmetrics revealed that even a one second page delay could potentially cost businesses $2.5 million in sales each year. Simply upgrading your server may not be enough – instead, a slow website may be the result of a DDoS attack, which is executed by having multiple computers on multiple networks sending large amounts of requests to your website simultaneously, in an attempt to crash it.

Although DDoS attacks are hard to prevent, there are still solutions to mitigate the threat. One effective tool is the SiteLock TrueShieldTM Web Application Firewall. It offers the most comprehensive DDoS protection solution in the industry. This tool can target vital components of comprehensive DDoS attacks by providing application level, infrastructure and DNS protection, adding multiple security layers to your online business.

  1.      CDN Deployment

A DDoS solution will protect you from malicious attacks, but what about the large traffic that comes from actual legitimate users? Unexpected large traffic, no matter where it comes from, can compromise your website and leave it vulnerable to attacks, which may cost you millions in lost revenue.

One thing you can do to improve the speed of your website under peak traffic is to deploy a Content Delivery Network that can deliver cached web content to users based on their locations, through a network of servers located globally.  To help you with your own deployment,  SiteLock offers the TrueSpeed CDN. It dynamically caches content every five minutes and is effective in increasing website speed by an average of 50% to maximize its performance.

  1.      Website Scanner

Now that you have your external security layers for speed optimization and protection ready, you should start monitoring your website 24/7 and make sure that all customer activities happening there are also secure. One of the most effective and efficient ways to achieve this goal is by employing a website scanner that runs in the background and can immediately identify and remove malware and vulnerabilities. A good website scanner can also ensure network security by monitoring FTP and file exchange, protecting your database from SQL injections, and checking ports on your server to make sure only appropriate visitors gain access to your website.

If you are expecting a comprehensive website scanner that integrates both detection and removal functionality, Sitelock INFINITY will be a good choice. It provides well-designed and continuous scanning, including 24/7 monitoring, automatic detection and automatic removal. It will help mitigate cyber attacks, and more importantly, protect your customer’s valuable data 24/7.

Virus is no longer the only cybersecurity issue that companies worry about. The recent Kaspersky Lab cyber attack, the major OPM data breach and the government’s new policies on fortifying cyber security protocol at workplace all push the corporate IT team to develop a more comprehensive security plan to protect proprietary data from threats coming both from the inside and the outside. It’s time to have something beyond the base, for this is the best way to counter increasingly rampant cyber attacks in this dangerous cyberspace.

Cybersecurity Report: July 28, 2015

malware surgesUCLA Health Hacked, 4.5 Million Victims

Last week, hackers broke into UCLA Health, the hospital network of the University of California, Los Angeles,acquiring access to database with sensitive records of 4.5 million people and potentially affecting four hospitals and 150 offices across Southern California. According to the university, the potential breached information included names, medical information, SSN, Medicare numbers, health plan IDs, birthdays and physical addresses.The network made this announcement two months after the data breach was discovered. The hospital group is now offering affected staffs and patients one year of identity theft recovery services.

National Security Agency Teaches Students Ethical Hacking, Cybersecurity

The National Security Agency is offering middle- and high school students in the United States the opportunity to learn cracking secured passwords. The agency supports dozens of free summer camps nationwide, named GenCyber summer camp, educating young students about entry-level knowledge on responsible hacking, cracking and cyberspace defense. According to a report from The New York Times, over 1,400 young students chose to join the dozens of free NSA-supported overnight and day camps nationwide. The goal of the camp is to lure potential recruits and trigger interests in the field of cybersecurity. NSA officials stated that developing the future cyberspace workforce is a national security concern.

Israel and U.S. Issue Joint Statement on Cybersecurity Coordination

Last week, Alejandro Mayorkas, the U.S. Deputy Secretary of Homeland Security, traveled to Israel to meet with Israeli Minister of Public Security Gilad Erdan and representatives from other department to discuss the cybersecurity challenges facing both countries. They specifically discussed opportunities for joint investment in cybersecurity and signed a joint statement confirming their commitment to promoting cooperation and information sharing on cybersecurity and cyber research and development.

Cybersecurity Intern Accused in Huge Hacking Bust

Last Wednesday, the U.S. Justice Department announced a massive international bust of Darkode, an online black market for hackers. Morgan Culbertson, a 20-year-old sophomore at Carnegie Mellon University from Pittsburgh, was accused of creating a malicious malware that infects Android phones, steals data and controls the device. According to federal investigators, Culbertson was the creator of the infamous “Dendroid” malware that allows anyone who pay the fee — $300 — could turn any legitimate Android app into malware and allowed hackers to remotely take screenshots, photos, videos and audio recordings.

Canadian Government Assigns $142M to National Cybersecurity Program

According to Steven Blaney, Public Safety Minister of Canada, the Canadian Federal Government has allocated over $142 million in new funding for national cybersecurity programs. The money will be added to the previously budgeted funds for use against data breaches, website hacks, and online fraud targeting non-federal government systems deemed essential. This government release refers to the economic cost of cybercrime, which includes $29 million from only fraud in 2013. The funds also increase the total cybersecurity investment by the Canadian government by $142.6 million from $94.4 million to $237 million over the next five years.

Cybersecurity Report: July 21, 2015

Website SecurityOPM Director Katherine Archuleta Steps Down

Office of Personnel Management Director Katherine Archuleta resigned last Friday, a day after revealing that the recent data breach of employee information was much larger than originally thought and had probably affected 22.1 million current, former and prospective US government employees and their family members. Archuleta’s departure has been confirmed in an email she sent to OPM staff. Beth Cobert, previously the U.S. chief performance officer and a deputy director at OPM, has taken over as the acting director of OPM since last Saturday.

Army National Guard Struck by Data Breach

Last Friday, officials of Army National Guard alerted its current and former members that a data breach might have exposed private information of members since 2004 because files containing personal information was inadvertently transferred to a non-DoD-accredited data center by a contract employee. The breach may have leaked members’ names, full Social Security addresses, dates of birth and home addresses. According to National Guard, there was little evidence that the incident was related to cybercrime. The National Guard Bureau has set up a website and a call center for members who are worrying about their information following the breach.

The Latest Security Law Illustrates The Chinese Government’s Love-Hate Relationship with The Internet

Last week,Chinese government published the latest People’s Republic of China Cybersecurity Law, which directs a number of decrees at entitles providing “critical information infrastructure.” The term is likely to refer to any technology company that is in a certain scale and with a certain amount of user data, such as big tech companies like Apple, Baidu and Huawei. Many of the provisions in the law, also has yet to be formally pass, requires tech companies to provide basic protections for users, such as not selling user data to third parties without permissions. Other sections reflects the government’s focus on tightening policies for China’s internet companies. These policies include measures that allow state to cut off the internet to “protect national security,” and measures that require users to use their real names to register for certain services.

Boston to Beef Up Cybersecurity Measures

Boston is now developing a next-generation firewall to protect the Hub from cyberattacks, which is a part of an effort to spend $3.5 millions through 2020 to beef up cybersecurity in the coming years. The new firewall will add to the city’s existing cybersecurity tools and is expected to be fully operational by the end of the year. The rest of the money will be partially used to improve the network’s ability to continue operating in the event of an outage or a glitch. Although Boston hasn’t had any breaches it is aware of, but there are third parties constantly scanning the city’s networks looking for vulnerabilities. The city’s million-dollar plan aims at protecting Boston from cyber attacks of all sizes coming from any place.

Facebook Program Inspires Young Girls to Try Cybersecurity Careers

Partnering with San Jose State University’s Jay Pinson STEM Education program and CyberGirlz, Facebook created an after-school program and specialized camps to provide underserved female students  with support, encouragement and baseline understanding of security principles, hoping to inspire more girls to pursue a career in cybersecurity sphere before they get into high school. Each of the 38 girls participated in the camp received free blue Facebook HP computers to make sure that they were able to continue their coding work after the camp. Alex Stamos, Facebook’s Chief Security Officer, shared with the participants on how the cybersecurity area is hoping to welcome more female professionals and encouraged students to participate in bug bounty programs to get practices.Members from the Girls Who Code group also participated in the camp.

Cybersecurity Report: July 15, 2015

Website protection
Protect your website from hackers and cybercrime.

Hacktivist Group AnonOpsIndia Hacks BSNL Website, Days After Hacking Nation’s PAN Database

As a protest against the Indian government’s recent push on net neutrality and Digital India, AnonOpsIndia, a hacktivist group, compromised BSNL (Bharat Sanchar Nigam Limited) Telecommunications’ websites on Friday. Prior to the BSNL hack, AnonOpsIndia, usually referred as “Anonymous India,” has already compromised the nation’s PAN database and a coal-sector website last week. In the BSNL attack, the group replicated the entire database of the organization which had sensitive information of over 30 million users. The group described the main purpose of the attack as below, “When the government stops listening to the people, it’s time to wake them up. There will be no #DigitalIndia until and unless government of India stops their surveillance projects & make their systems secure.”

Mastercard Testing Facial Recognition Security App

Mastercard is testing a smartphone app that uses facial recognition to verify online purchases. Users can hold their phones up to the face level to approve transactions. This is not the first time facial recognition was used in verification of online purchases. When Google first tried this technique on Android phones, problems were quickly surfaced. For example, people could simply take a photo of somebody else and present it to the camera to unlock the phone. Although Mastercard’s app requires users to blink to prove that they are human, people could still spoof this by animating photographs. Until now, Mastercard’s facial recognition trial has involved 500 users in U.S.. Security experts think that the facial recognition technique should to be an extra layer of security, such as a companion with a PIN, instead of the only security guard of online transactions.

WikiLeaks: US Spy Agency Targeted Top Brazilian Officials

WikiLeaks, the whistleblowing website, published a National Security Agency list of 29 Brazilian government phone numbers that the American spy group monitored. Aside from the list of numbers, which included the number of Brazilian President Dilma Rousseff, NSA was also found to have been targeting top political and financial officials. According to The Intercept, the publication that first reported the WikiLeaks data, the surveillance was alleged to start no later than 2011 and there was no indication that the eavesdropping had stopped. This latest WikiLeaks disclosure was followed by the website’s recent releases about the surveillance of U.S. on German and French government officials.

Cyber Attack on Edinburgh City Council

It was recently released that the database of Edinburgh City Council was compromised in a malicious cyber attack happened at the end of June. More than 13,000 email addresses were stolen. The council assured those affected that no other personal data were accessed, but there would be a potential increase in spam or phishing emails. The incident was reported to both the Information Commissioner and the UK Government’s Computer Emergency Response Team. According to a council spokesman, preventative measures have been taken by the web service providers to make sure that the risks associated with attacks are carefully dealt with.

Outages at NYSE, United Airlines, WSJ.com Expose Digital Vulnerabilities

On Wednesday morning, the New York Stock Exchange suddently halted all trading due to unexplained technical problems, United Airlines grounded all 4,900 worldwide flights, and the WSJ.com returned a 504 error indicating some systematic error on tne news organization’s servers. Operations at WSJ.com, United and NYSE were all back to normal in a couple of hours. None of the officials from these three organizations, neither does White House Press Secretary Josh Earnest, has acclaimed that the outage was part of a cyber attack. NYSE officials have been working with the Department of Homeland security, the Securities and Exchange Commission and the Treasury Department to resolve the situation.

 

How VPS Hosting Can Help Secure Your Website

pciHosting your website on a Virtual Private Server (VPS) can be a great way to improve your website’s security when compared to shared hosting. Why?

Think of shared hosting as sharing an apartment – it’s economical, but roommates can often bring on unnecessary trouble. If a thief steals some of your roommate’s belongings, chances are they’ll steal yours as well. Similarly, if a hacker injects website malware into another website on the same server as yours, it can affect your website as well.

With a VPS, your website has its own partitioned space, operating system and (usually) unique IP address, isolating it from cyber attacks. A VPS also provides access to the console, something that shared hosting usually doesn’t allow, which can be helpful when removing malware.

Neill Feather, President of SiteLock, has written a blog post explaining more security benefits of a VPS and website firewall on IT Toolbox – you can read it by clicking here.

Cybersecurity Report: July 7, 2015

 

Screen shot 2015-04-14 at 12.19.10 AMGAO Sees Room for Improvement in Bank Cyber Security Exams

A new report from the U.S. Government Accountability Office (GAO) suggests that U.S. banking regulators must hire and train more examiners with technology expertise to give more useful cyber security recommendations to small and mid-sized banks. According to GAO, many U.S. credit unions are vulnerable to cyber threats from outside vendors that help run their businesses, because their overseer, the National Credit Union Administration (NCUA) lacks authority to review technology practices of those companies. It is reported that GAO has long been pushing to expand the NCUA’s authority, but credit unions themselves and their vendors have been resistant to the idea, calling it a regulatory overreach.

ATF Executive Investigated for Possible Employee Data Breach

Scott Sweetow, a deputy assistant director for strategic intelligence and information at Bureau of Alcohol, Tobacco, Firearms and Explosives (ATF) headquarters in Washington, is under investigation for allegedly sending employee information to his personal email account. It was not immediately clear how many employees were affected by the possible breach. Sweetow stated that this allegation was the result of an intentional damage to his reputation and he was very guarded about any work products he may be working. Besides, ATF would not discuss specific personnel issues, actions, or the existence of ongoing investigations.

FFIEC Cybersecurity Assessment ‘Tool’ Goes Live

On Tuesday, the Federal Financial Institutions Examination Council (FFIEC) released a new tool to help financial institutions identify their level of risk to a cyber-attack and also gauge their ability to manage and control their own specific threat levels. The two-part tool is a user’s guide that leads institutions through the self-assessment procedure. The first part is the “Inherent Risk Profile,” which catalogues an institution’s technology and connection types and other facets of its risk characteristics. The second part is the assessment on the institution’s cyber risk management, threat intelligence and how it would respond to a cyber-attack.

Ireland Gears Up for Cyber War – New Strategy to Protect Critical Infrastructure

The government of Ireland has published the country’s National Cybersecurity Strategy that outlines how Ireland will defend its computer networks and sensitive infrastructure (such as water and electricity) in the event of a cyberattack. The strategy acknowledges that on a national level, Ireland faces a more complex set of risks than other countries due to the presence of a large number of data-centric companies, including Amazon, Google, Facebook, Microsoft, Apple, IBM and others. These companies have many data centers that are already in Ireland or are expecting to be deployed in Ireland in the near future.To address the concern of cybersecurity, the Irish government has established the National Cybersecurity Center(NCSC) within the Department of Communications. This center will be in charge of securing government networks and critical national infrastructure, such as electricity, water, transportation, telecoms, commerce and health.

‘Digital Amnesia’ Growing Among Americans

In a recent Kaspersky Lab survey of 1,000 Americans aged 16 or older, the researcher found that people are increasingly relying on their devices for many things, and seem lost without a digital assistant. This “symptom” is referred to as “digital amnesia” or “Google effect,” which has resulted in a dependence on digital devices connected to the internet, with most people unable to commit simple information to memory. About 91% of respondents said that they used the Internet as an online extension of their brain. A researcher from this study said that the digital amnesia is likely to extend beyond online facts to include personal information, such as the parents’ number, the siblings’ numbers, etc.

Cybersecurity Report: June 29, 2015

prevent data breachHackers Ground Polish LOT Airline Flights

LOT, the Polish national airline, announced on Sunday that it cancelled 10 flights due to the cyber attack towards its ground computer systems at Warsaw’s Okecie airport. The cyber attack took down LOT’s ground computer systems for 5 hours during which time 10 flights were cancelled impacting over 1,400 passengers who had planned to travel to Dusseldorf, Hamburg, Copenhagen, and some internal flights within Poland.  LOT stated that no ongoing flights or other airport computer systems were affected and the flights already in the air to scheduled to land at Warsaw were at no risk.

US to Raise Breach of Government Records at Talks with China

This Monday, The United States began the annual security talks with China and an official said that the US government representative would raise directly the major data breach at OPM during the discussion. Prior to the talk, China had openly denied involvement in the break-in, but Obama administration officials had said that they are increasingly confident that China’s government, instead of hackers, was responsible. The annual talk was around topics including cyber security, maritime security, military relations, missile defence, nuclear policy and space security. This talk was followed by a two-day Cabinet-level discussion on security and economy starting on Tuesday.

Popular Security Software Came Under Relentless NSA and GCHQ Attacks

According to Edward Snowden, the National Security Agency and the British Government Communications Headquarters have worked to subvert anti-virus and other security software to track users and infiltrate networks. These two agencies were alleged to have reverse engineered software products and monitored web and email traffic to carefully thwart anti-virus software and obtain information about security software and their users. The Moscow-based security solution provider Kaspersky Lab received especially careful examination. Both NSA and the British agency have studied Kaspersky Lab’s software for weaknesses and obtaining sensitive customer information by monitoring software activities.

WikiLeaks: NSA Snooped on French Leaders

According to Wikileaks, the whistleblower website,the US National Security Agency (NSA) has been spying on French President Jacques Chirac, Nicolas Sarkozy and Francois Hollande in 2006-2012, Wikileaks says. Wikileaks began to publish the files under the heading “Espionnage Elysee” on Tuesday. These files were said to derive from directly targeted NSA surveillance of the communications of multiple French leaders. It is unclear whether the material comes from data stolen from former NSA contractor Edward Snowden.Wikileaks carried a statement by its founder, Julian Assange, who said: “The French people have a right to know that their elected government is subject to hostile surveillance from a supposed ally.”

Almost Half of Leading Websites Fail Security and Privacy Tests

The non-profit organization Online Trust Alliance conducted a study that audited 1,000 websites, including websites of 50 leading Internet of Things device makers and other leading retailers, banks, social media, news and government bodies. According to the survey, 46% of the respondents were found vulnerable to known online security threats, 76% failed the security assessment, while only 20% scored highly enough to qualify for the OTA’s Online Trust Honor Roll. The OTA evaluated these websites based on criteria in mainly three categories: consumer protection, privacy and security. According to the result of the study, Twitter topped the overall ratings three years in a run.

Cybersecurity Report: June 23, 2015

Screen shot 2015-04-14 at 12.19.10 AMCybersecurity Pros Warn Against Insider Threats

A recently released Insider Threat Report collected data from over 500 cybersecurity professionals to examine industrial efforts against insider threats. According to the report, although there has been a rise of insider threats over the last 12 months, organizations are not fully prepared for it yet. The report also examined which user categories showed the largest threat, the most vulnerable applications and data, common launch points for attacks, budget trends and more.

White House pushes ‘30-day Cybersecurity Sprint’ after massive breaches

Last Friday, the White House launched a new security program, dubbed the “30-day Cybersecurity Sprint”, to fortify cyber security protocol across the government and encourage agencies to take specific initiatives over the next month to beef up the protection of proprietary information and prevent future hacking towards federal systems. These initiatives include: fixing cybersecurity vulnerabilities, tightening policies and practices for privileged users, implementing multi-factor authentication procedures and so on.

Cybersecurity Threats Plague Energy Groups

On the energy conference by Wyoming Infrastructure Authority, Michael Bobbitt, a supervisory special agent with the FBI, stated that the energy industry is facing significant threats from hackers, groups that intended to steal proprietary information and even terrorists. Energy industry should pay special attentions to hackers who were especially interested in stealing intellectual property, such as a proprietary way to drill a well. Besides, hackers could also manipulate corporate equipment remotely and lead to real-world physical damages. To prevent this, energy companies should take more efforts in protecting data security both from external threats and from internal threats.

Cardinals Investigated for Hacking Into Astros’ Database

Employees of the St. Louis Cardinals are under investigation by FBI and Justice Department due to the allegation of hacking into databases of Houston Astros to steal player information and track player development. The subpoenas have been issued on the Cardinals and Major League Baseball for electronic correspondence. This attack would be the first known case of corporate espionage in which a professional sports team hacked the network of another.

Uber’s Petition Website Hacked To Redirect To Lyft Homepage

Over the weekend, cyber security research Austin Epperson exploited a vulnerability in Uber’s petition website and leveraged it to change the content of some petitions and redirect visitors to Lyft’s homepage. The researcher then warned the company to be more cautious when using petition websites since they might be vulnerable to malicious hackers. Both Uber and Epperson stated that the customer information was never at risk.

 

 

Follow

Get every new post delivered to your Inbox.

Join 58 other followers

%d bloggers like this: