Saturday, February 28, 2015

MITRE Malicious Insiders

MITRE Malicious Insiders:



Malicious insiders, who have legitimate access to an organization's network, pose a serious threat to an organization.

HIMSS Security Survey | Privacy & Security | HIMSS

... the greatest "security threat motivator" they encounter is that of healthcare workers potentially snooping into the electronic health information of friends, neighbors, spouses or co-workers.

http://www.himss.org/ResourceLibrary/genResourceDetailPDF.aspx?ItemNumber=28270

SecureScan: Free Cloud-based Vulnerability Scanner | Tripwire

More connected devices mean more opportunity for compromise. Tripwire® SecureScan makes it easy for smaller organizations to know exactly which devices are on their networks.

http://www.tripwire.com/securescan/

Schneier on Security: Regin Malware

https://www.schneier.com/blog/archives/2014/12/corporate_abuse.html

"...We want, and need, our antivirus companies to tell us everything they can about these threats as soon as they know them, and not wait until the release of a political story makes it impossible for them to remain silent."

Friday, February 27, 2015

Links Found between NSA, Regin Spy tool and QWERTY Keylogger in NSA

"Regin" is a highly advanced, sophisticated piece of malware the researchers believe was developed by nation state ...

http://www.wikileaks-forum.com/nsa/332/links-found-between-nsa-regin-spy-tool-and-qwerty-keylogger/33070/


From My iPhone

check-and-secure | powered by cyscon GmbH!

check-and-secure | powered by cyscon GmbH!: This web service is a free online tool provided by cyscon GmbH and Vodafone. Based on the results we lead you through a variety of checks step by step.

Thursday, February 26, 2015

Spam Uses Default Passwords to Hack Routers — Krebs on Security

If successful, the attacker's script would modify the domain name system (DNS) settings on the victim's router, adding the attacker's own DNS server as the primary server while leaving the secondary setting as-is. 

http://krebsonsecurity.com/2015/02/spam-uses-default-passwords-to-hack-routers/

Wednesday, February 25, 2015

Transpacific Airline Settlement > mainpage > Claim Form

Transpacific Airline Settlement > mainpage > Claim Form:



if you bought a ticket for air travel from one of the Defendants or Co-Conspirators; the ticket included at least one flight segment between the U.S. and Asia or the U.S. and Oceania (Australia, New Zealand or the Pacific Islands); your purchase was made between January 1, 2000 and the Effective Date*, and you were not reimbursed for your purchase by someone else.

Everyday Risk Assessment

Everyday Risk Assessment: This 30-minute lesson is designed to introduce you to risk management concepts and practices at the U.S. Customs Service.

USATODAY.com - Schwarzenegger took sexual harassment course

USATODAY.com - Schwarzenegger took sexual harassment course: Gov. Arnold Schwarzenegger, whose campaign was dogged by allegations of sexual misconduct, volunteered to take a two-hour course about preventing sexual harassment earlier this year.

Tuesday, February 24, 2015

Monday, February 23, 2015

“SSL hijacker” behind Superfish debacle imperils large number of users | Ars Technica

“SSL hijacker” behind Superfish debacle imperils large number of users | Ars Technica: "In fairness to Komodia and Superfish, many applications—some provided by Microsoft or trusted security companies—install custom root certificates on end user machines."



'via Blog this'

Saturday, February 21, 2015

Businesses Need Rapid Incident Detection & Response- Why Obama’s Cybersecurity Proposal Misses the Mark | InfoSec Insights

Businesses Need Rapid Incident Detection & Response- Why Obama’s Cybersecurity Proposal Misses the Mark | InfoSec Insights: "the 30-day window is nothing more than rhetoric trying to mask the underlying problem- lack of proper investment in Intel-Detection-Response (IDR) capabilities."



'via Blog this'

A Hacker Personality Quadrant - The Security Skeptic

A Hacker Personality Quadrant - The Security Skeptic: ""Hacking is a late-modern transgressive craft.""



'via Blog this'

Anthem Hackers Tried To Breach System As Early As December

Anthem Hackers Tried To Breach System As Early As December: "Investigators now believe the hackers somehow compromised the credentials of five different tech workers, possibly through some kind of "phishing" scheme that could have tricked a worker into unknowingly revealing a password or downloading malicious software."



'via Blog this'

Superfish Uninstall Instructions - Lenovo Support (US)

Superfish Uninstall Instructions - Lenovo Support (US): "Please download and run the Automatic Removal tool executable to ensure complete removal of Superfish and Certificates for all major browsers."



'via Blog this'

Friday, February 20, 2015

LastPass - LastPass Superfish Checker

LastPass - LastPass Superfish Checker: News broke on Wednesday, February 18th that Lenovo devices had shipped with adware that may compromise secure connections to websites and leave sensitive consumer information exposed

Check if you trust the Superfish CA

Check if you trust the Superfish CA: Check below. If you see an image with "YES" written on it,
you have a problem. Do the test with all browsers installed.

Un experto afirma que los ataques de los hackers precisan de control

Un experto afirma que los ataques de los hackers precisan de control / Sputnik Mundo: Los ataques de los hackers contra las infraestructuras de defensa estatal, incluyendo las instituciones militares, se han tornado tan efectivos, que los programas da�inos han de ser controlados en modo especial, al mismo nivel que las armas de exterminio en masa, declar�Arti�m Bar�nov, analista de virus de ESET Russia.

Hacker Says He Was Hit With 44 Felonies After He Declined to Work With FBI

"Fundamentally this represents the FBI trying to recruit by indictment."

http://www.slate.com/blogs/future_tense/2015/02/19/hacker_says_he_was_hit_with_44_felonies_after_he_declined_to_work_with_fbi.html


From My iPhone

Thursday, February 19, 2015

U.S. Terrorism Agency to Tap a Vast Database of Citizens - WSJ

U.S. Terrorism Agency to Tap a Vast Database of Citizens - WSJ:



December 13, 2012:



"Now, NCTC can copy entire government databases—flight records, casino-employee lists, the names of Americans hosting foreign-exchange students and many others. The agency has new authority to keep data about innocent U.S. citizens for up to five years, and to analyze it for suspicious patterns of behavior. Previously, both were prohibited. Data about Americans "reasonably believed to constitute terrorism information" may be permanently retained."

Monday, February 16, 2015

Cybersecurity Sharing: The Latest Fad or a Real Security Breakthrough?

Cybersecurity Sharing: The Latest Fad or a Real Security Breakthrough?:



"Unless the stated goal is to identify bad actors more swiftly, and sanction them with greater precision and immediacy, we’re not going to deter the kind of attacks that provoked this new initiative."



'via Blog this'

Report Connects Elite Hacking Group to NSA-Linked Cyberweapons | SecurityWeek.Com

Report Connects Elite Hacking Group to NSA-Linked Cyberweapons | SecurityWeek.Com: "the Equation Group has infected thousands, “even tens of thousands,” of victims, in more than 30 countries worldwide, "



'via Blog this'

9 Confessions From A Former Enterprise Rental Salesman – Consumerist

9 Confessions From A Former Enterprise Rental Salesman – Consumerist: 9 tips, 5 pages of insider info about how the car rental game really works.

Cyber-security experts judge '$1bn bank hack' report - BBC News

But security experts are split over the severity of the alleged breaches, and on how much cash was stolen.

http://m.bbc.com/news/technology-31487258


From My iPhone

Maikel Zweerink / WhatsSpy-Public | GitLab

Maikel Zweerink / WhatsSpy-Public | GitLab: "WhatsSpy Public (not to confuse with WhatsSpy) is an web-oriented application that tracks every move of whoever you like to follow. This application is setup as an Proof of Concept that WhatsApp is broken in terms of privacy."



'via Blog this'

WhatDaHell, WhatsApp? Student claims 'stalker' tool shows security flaws • The Register

WhatDaHell, WhatsApp? Student claims 'stalker' tool shows security flaws • The Register: "A newly discovered security flaw in WhatsApp allows anyone to track a user’s status, regardless of their privacy settings, a student claims."



'via Blog this'

How to Protect Your Business Against Fraud | Inc.com

How to Protect Your Business Against Fraud | Inc.com: three-fourths of the crimes against businesses in the U.S. were carried out by insiders.

Sunday, February 15, 2015

Security services capable of bypassing encryption, draft code reveals | UK news | The Guardian

Security services capable of bypassing encryption, draft code reveals | UK news | The Guardian: "The publication of the draft code follows David Cameron’s speech last month in which he pledged to break into encryption and ensure there was no “safe space” for terrorists or serious criminals which could not be monitored online by the security services with a ministerial warrant, effectively spelling out how it might be done."



'via Blog this'

Forbes, Jason Hope Point to Big Data Mistake in Industrial IoT

Forbes, Jason Hope Point to Big Data Mistake in Industrial IoT: ""The key will be to gain access to this older data, so predictive apps and devices can have a full range of data with which to make predictions.""



'via Blog this'

LexisNexis, Retail Workers Get Nod For $2.38M Settlement - Law360

LexisNexis, Retail Workers Get Nod For $2.38M Settlement - Law360: "A Pennsylvania federal judge has given preliminary approval to a $2.38 million settlement in a proposed class action claiming LexisNexis Risk Solutions Inc. illegally distributed damaging information about retail workers to current and potential employers.
Under the settlement, LexisNexis has suspended its Esteem database"



'via Blog this'

Jamie Bartlett: The coming online privacy revolution - Index on Censorship | Index on Censorship

Jamie Bartlett: The coming online privacy revolution - Index on Censorship | Index on Censorship: "This trend towards decentralised, encrypted systems has become an important aspect of the current crypto-wars."



'via Blog this'

How the NSA is improving security for everyone | Network World

NSA is also expected to secure and protect sensitive information, and as part of that role NSA security experts have launched a program to integrate more commercial off-the-shelf products.

http://www.networkworld.com/article/2880477/security0/how-the-nsa-is-improving-security-for-everyone.html


From My iPhone

Saturday, February 14, 2015

Friday, February 13, 2015

Common Sense Guide to Mitigating Insider Threats, 4th Edition

Common Sense Guide to Mitigating Insider Threats, 4th Edition: This fourth edition of the Common Sense Guide to Mitigating Insider Threats provides the most current recommendations of the CERT� Program (part of Carnegie Mellon University's Software Engineering Institute), based on an expanded database of more than 700 insider threat cases and continued research and analysis. 144 pages

Personal weather stations can expose your Wi-Fi network | ITworld

Personal weather stations can expose your Wi-Fi network | ITworld:



In the latest Internet of Things security blunder, personal weather station devices made by Netatmo were found sending users’ Wi-Fi passwords back to the company over unencrypted connections.

Executive Order -- Promoting Private Sector Cybersecurity Information Sharing | The White House

Executive Order -- Promoting Private Sector Cybersecurity Information Sharing | The White House:



"The purpose of this order is to encourage the voluntary formation of such organizations, to establish mechanisms to continually improve the capabilities and functions of these organizations, and to better allow these organizations to partner with the Federal Government on a voluntary basis.



 Such information sharing must be conducted in a manner that protects the privacy and civil liberties of individuals, that preserves business confidentiality, that safeguards the information being shared, and that protects the ability of the Government to detect, investigate, prevent, and respond to cyber threats to the public health and safety, national security, and economic security of the United States."



'via Blog this'

Critical Fixes for the Computer Fraud and Abuse Act | Electronic Frontier Foundation

Critical Fixes for the Computer Fraud and Abuse Act | Electronic Frontier Foundation: Violations of contractual obligations like a website's terms of service must not be the basis for criminal charges.

ESET Security Day London | ESET Security Days 2015 | Live the Experience

ESET Security Day London | ESET Security Days 2015 | Live the Experience: The first ESET Security Day of 2015 is taking place in London at Millbank Tower, overlooking the stunning views of the Thames river and Westminster.

Tuesday, February 10, 2015

Work Starts on National Breach Notification Law - HDM Top Stories Article | Health Data Management

Work Starts on National Breach Notification Law - HDM Top Stories Article | Health Data Management: “When a breach is discovered, one of the first things a company must do is to conduct a risk assessment to determine the type of data that has been accessed and the risk that potential fraudulent use of the data could entail,” testified Elizabeth Hyman, an executive vice president of public advocacy at CompTIA. “This risk assessment is a vital component to a company’s data breach response, and, depending upon the seriousness of the breach, may take some time to complete. We therefore ask that a federal standard ‘starts the clock’ on a notification requirement only after the risk assessment has been completed.”

Health Data Experts Praise Nod to Cybersecurity in SOTU Speech - iHealthBeat

Health Data Experts Praise Nod to Cybersecurity in SOTU Speech - iHealthBeat: Lisa Gallagher, vice president of technology solutions at the Healthcare Information and Management Systems Society, said Obama's State of the Union address was a signal to lawmakers that the federal government believes cybersecurity is a sector that requires further action. She said, "It's the administration coming out saying, 'We recognize the threat.'"

Dear Lawmakers, Your New Breach Notice Laws Should Address These Issues | Data Privacy Monitor

Dear Lawmakers, Your New Breach Notice Laws Should Address These Issues | Data Privacy Monitor: If a national law is enacted, below are practical issues companies face when they attempt to comply with breach notification laws that should be addressed.

The Challenge of Health Care Fraud - The NHCAA

The Challenge of Health Care Fraud - The NHCAA: n 2011, $2.27 trillion was spent on health care and more than four billion health insurance claims were processed in the United States. It is an undisputed reality that some of these health insurance claims are fraudulent. Although they constitute only a small fraction, those fraudulent claims carry a very high price tag.

The National Health Care Anti-Fraud Association (NHCAA) estimates that the financial losses due to health care fraud are in the tens of billions of dollars each year.

Proving Your Identity At The Doctor’s Office

Proving Your Identity At The Doctor’s Office: the move to EMR does leave sensitive medical information at a higher risk for identity theft and data breaches. This could mean more criminals using your health insurance for themselves or worse, using sensitive health information about you to inflict other types of damage.

What's behind the dramatic rise in medical identity theft? - Fortune

What's behind the dramatic rise in medical identity theft? - Fortune: A decentralized U.S. health system, increasing digitization of records, and demand in the black market are fueling a surge in thefts.

Most Organizations Don't Properly Secure Sensitive Data, Report Finds

Most Organizations Don't Properly Secure Sensitive Data, Report Finds: According to the report, 63 percent of organizations today do not have a fully mature method to control and track sensitive data.

Protected Trust | How HIPAA may be affected by Obama's cybersecurity proposal - Protected Trust

Protected Trust | How HIPAA may be affected by Obama's cybersecurity proposal - Protected Trust: Brian Evans, senior managing consultant at IBM Security Services, told the source that he has never seen an instance when shared information has prevented a breach. This means that some believe the proposal wouldn’t help protect health records from being breached, but would still reveal personal information to the government.

43% of companies had a data breach in the past year

43% of companies had a data breach in the past year: A staggering 43% of companies have experienced a data breach in the past year, an annual study on data breach preparedness finds.

JISSec — Journal of Information System Security

JISSec — Journal of Information System Security: The Journal of Information System Security (JISSec) is a scholarly publication and an outlet for research in information system security.

The Rising Cost Of Medical Identity Theft And Data Breaches | ID Experts

The Rising Cost Of Medical Identity Theft And Data Breaches | ID Experts: article from Government Healthcare IT, ID Experts examines the $234 billion world of medical ID theft.

Researcher Releases 10 Million Usernames And Passwords In Fight Against Obama's War On Hackers - Forbes

Hmmmm

http://www.forbes.com/sites/thomasbrewster/2015/02/10/10-million-passwords-published-fight-against-obama-war-on-hackers/

The Sami of Northern Europe – one people, four countries

Human rights.. .

http://www.unric.org/en/indigenous-people/27307-the-sami-of-northern-europe--one-people-four-countries

JAMA Network | JAMA Internal Medicine | Medical Cannabis Laws and Opioid Analgesic Overdose Mortality in the United States, 1999-2010Medical Cannabis Laws and Opioid MortalityMedical Cannabis Laws and Opioid Mortality

Send this out...

http://archinte.jamanetwork.com/Mobile/article.aspx?articleid=1898878

From My iPhone

New Retail Fraud Survey reports shrink up by 22.2% - Retail Knowledge | Retail Knowledge

New Retail Fraud Survey reports shrink up by 22.2% - Retail Knowledge | Retail Knowledge: "Launched this month at the Retail Fraud Show, the UK Retail Fraud Survey sponsored by Kount has reported that shrink levels have increased by over 22.2% in 2014, rising from 0.9% of sales last year to 1.1% this year. Other figures show that the major area of online loss remains, overwhelmingly, from the fraudulent use of credit cards (43%), followed again by third party fraud payment (15%)."



'via Blog this'

LexisNexis, Retail Workers Get Nod For $2.38M Settlement - Law360

LexisNexis, Retail Workers Get Nod For $2.38M Settlement - Law360: "A Pennsylvania federal judge has given preliminary approval to a $2.38 million settlement in a proposed class action claiming LexisNexis Risk Solutions Inc. illegally distributed damaging information about retail workers to current and potential employers.
Under the settlement, LexisNexis has suspended its Esteem database"



'via Blog this'

LexisNexis Settles Esteem Retail Theft Database Class Action Lawsuit

LexisNexis Settles Esteem Retail Theft Database Class Action Lawsuit: "LexisNexis Risk Solutions Inc. has agreed to settle a class action lawsuit alleging its Esteem “retail theft contributory database” wrongfully labels job seekers as criminals even if they have not been convicted of a crime. "



'via Blog this'

Obama’s proposed changes to the computer hacking statute: A deep dive - The Washington Post

Obama’s proposed changes to the computer hacking statute: A deep dive - The Washington Post:



Orin Kerr: My views are somewhat mixed, but on the whole I’m skeptical of the Administration’s proposal. On the downside, the proposal would make some punishments too severe, and it could expand liability in some undesirable ways. On the upside, there are some notable compromises in the Administration’s position.

Sunday, February 8, 2015

Friday, February 6, 2015

New Smartphone Accessory Detects HIV in 15 Minutes : Tech : Chinatopix

Researchers say that after testing performed by Rwanda healthcare workers, the device accurately pinpointed the antibodies and produced a sensitivity score of 92 to 100 percent.

http://www.chinatopix.com/articles/35909/20150206/smartphone-accessory-detects-hiv-in-15-minutes.htm


From My iPhone

Wednesday, February 4, 2015

SC Congress Call for Speakers 2015 - SC Magazine

SC Congress Call for Speakers 2015 - SC Magazine: "2015 SC Congress Toronto will again feature cutting-edge sessions and dialogue coming from Canada's top industry professionals - with an audience consisting of up to 1,000 primarily senior information security and technology professionals in both the public and private sectors."



'via Blog this'

eCrime 2015 | APWG

eCrime 2015 | APWG: For 2015 APWG will combine it's Spring and Fall meetings into one four day event that will bridge the gaps between cybersecurity operations, research and consumer messaging.

Cost of retail crime skyrockets nearly 30 percent | CSO Online

Cost of retail crime skyrockets nearly 30 percent | CSO Online: ""Dishonest and fraudulent employees were responsible for $18.01 billion by value of shrinkage," said the report."



'via Blog this'

Graph of U.S. Measles Cases | History of Vaccines - Mobile

Check stats...

http://m.historyofvaccines.org/content/graph-us-measles-cases

BBC News - Cybersecurity: Defending 'unpreventable' cyber attacks

This is where I would find fault with Sony - not in the breach itself, but in not detecting it quickly, and failing to prevent the exfiltration of large amounts of data," says Rick Holland, a security and risk management analyst at Forrester Research.

http://www.bbc.com/news/business-31048811

TEN TANGERINE DREAM ALBUMS TO BLOW YOUR MIND | The Echoes Blog

"These are the signature Dream albums, the blueprint for every retro-space artist out there, the sound that influenced ambient, techno, and more."

https://echoesblog.wordpress.com/2010/02/17/ten-tangerine-dream-albums-to-blow-your-mind/