Leadership Solutions

Strategic News


Google security veteran warns AI cyber defenses won't help

Google security veteran Heather Adkins warned artificial intelligence powered cyberdefenses won't help thwart cyberattacks adding that companies are better off paying a bunch of junior engineers to patch vulnerabilities all day
SC Magazine

CCleaner used to spread backdoor to 2 million plus users

The free computer maintenance app CCleaner, distributed by Avast subsidiary Piriform, maybe have exposed more than 2 million computers to a multistage malware payload that if exploited could have allowed the computers to be controlled remotely.
SC Magazine

Report: Without safeguards, Internet and IoT may create surveillance states in near future

A catastrophic worldwide cyberattack, the emergence of an IoT-enabled surveillance state, and the weakening of encryption were among the chief security and privacy fears expressed by experts who were polled for a sweeping new report about the internet and its future impact on mankind.
SC Magazine

Monero cryptocurrency miners silently placed on Pirate Bay visitor CPUs

In an effort to generate more revenue for the site, The Pirate Bay is quietly running Monero cryptocurrency on the CPU's of its visitors, much to their disapproval.
SC Magazine

Top 10 most desired traits for cybersecurity job candidates

Finding a good candidate, or possibly any candidate, to fill one of the thousands of open cybersecurity positions available is one of the greatest challenges facing security executives today. So with that in mind, SC asked some of the top names in the industry what traits they look for in a job applicant.
SC Magazine

How Do Police Officers View Private Security?

A report from the Security Research Initiative (SRI) discusses findings from responses from more than 1,000 serving police officers on attitudes towards the private security sector (private security suppliers and corporate security departments).
Security

EC-Council Announces Fully Proctored, Hands-On Penetration Testing Exam

EC-Council announced the release of the new, fully-proctored Licensed Penetration Tester (LPT) certification, which will be launched at Hacker Halted, 2017.
Security

Dr. Walter Copan Nominated to Lead NIST

Walter Copan has been nominated by President Donald Trump to be the new under secretary of commerce for standards and technology and director of the National Institute of Standards and Technology.
Security

The Equifax Breach Was Likely Preventable

The frequency and scope of security breaches continues to grow. The most recent, involving the Equifax credit bureau, is larger in scale and likely more damaging, than any we have seen in the past. The recent Equifax data breach involved thieves making off with highly sensitive personal information including the Social Security and credit card numbers of at least 143 million people. The most troubling aspect of this data breach is that it was likely to have been easily preventable.
Security

Paul Vixie: How CISOs Can Use DNS to Up Security

BLACK HAT USA 2017 -- FarSight CEO and DNS master Paul Vixie visits the Dark Reading News Desk to explain how enterprises, not just telecoms and infrastructure providers, can use DNS to improve cybersecurity.
DARKReading

Equifax Exec Departures Raise Questions About Responsibility for Breach

Disclosed details suggest a failure by the technology team but senior executives and the board are not above responsibility as well, experts say.
DARKReading

Connected Cars: Security Challenges in the Automotive Industry

Breakthroughs in technology mean that connected cars are shunning physical keys in favor of digital, smartphone-based entry systems.
SECURITY today

Hidden Backdoor in CCleaner Security App Has Infected 2.3 Million People

Hackers have hidden a backdoor in a security application called CCleaner. So far it has 2 billion downloads and has infected 2.3 million people and counting.
SECURITY today

London Underground Train Blast Being Treated as Terrorism

Police are calling the detonation of an "improvised explosive device" on a Tube in south-west London an act of terrorism.
SECURITY today

Organizations struggle to maximize the value of threat intelligence

Amidst growing concerns of large-scale cyber attacks, 84 percent of organizations participating in a Ponemon Institute survey indicated threat intelligence is “essential to a strong security posture.”
HelpNetSecurity

U.S. Businesses Spend $2.66 to Combat Every Dollar of Fraud

Every dollar of fraud to merchants and firms in the retail and financial services sector is estimated to cost $2.66 on average, said a new fraud report
Secuity

Audit says California Schools’ Active-Shooter Response is Inadequate

A state audit has found that California K-12 schools are unprepared for incidents of gun violence.
Security

The Most Influential People in Security 2017

Impacting enterprises, communities and nations, these 21 leaders are making a difference throughout the security industry.
Security

Dragonfly APT group may be prepping to sabotage U.S. power facilities, report warns

An APT group fixated on infiltrating energy facilities in North America and Europe has turned up the juice lately on its operations, possibly signaling a shift from intelligence gathering to industrial sabotage, a new blog post warns.
SC Magazine

WikiLeaks reveals the CIA's Protego missile control system

WikiLeaks took a break from posting CIA hacking tools as it has done for the last six months to instead publish four hardware/software manuals along with 37 additional documents, purportedly from the processor maker Microchip Technology, that discuss a missile control system.
SC Magazine

Cybersecurity executive changes

Former FireEye CEO Dave DeWalt and Retired General David Patraeus have been named to Optiv Security board of directors. DeWalt, who also is the former CEO at McAfee, will serve as vice chairman. Petraeus, chairman of the KKR Global Institute, is the former director of the CIA.
SC Magazine

Instagram buys up Doxagram domains to stop hackers

To thwart hackers who created Doxagram, a searchable website that houses and sells information stolen from six million Instagram users, many of them celebrities, Instagram and Facebook began buying up Doxagram domains.
SC Magazine

Facebook says Russian troll farm bought, placed ads during 2016 campaign

After issuing repeated denials, Facebook said Wednesday that an internal investigation found a Russian "troll farm" bought ads from the social media giant that and apparently planted them, some in targeted markets, "to focus on amplifying divisive social and political messages across the ideological spectrum — touching on topics from LGBT matters to race issues to immigration to gun rights," company CSO Alex Stamos wrote in a blog post.
SC Magazine

Security flaw affects 750,000 Estonian ID cards

An international group of cryptographers has flagged a serious security vulnerability in the chip embedded in Estonian ID cards, the country’s Information System Authority has announced.
HelpNetSecurity

Researchers reverse 320 million hashed passwords

CynoSure Prime, a “password research collective”, has reversed the hashes of nearly 320 million hashed passwords provided by security researcher Troy Hunt through the Pwned Passwords searchable online database.
HelpNetSecurity

Employee Theft Cost US Businesses $1.13 Million in Losses

US businesses impacted by employee theft lost an average of $1.13 million last year, according to the 2017 Hiscox Embezzlement Study.
Security

US Government Ranks #16 out of 18 Industries in Cybersecurity

SecurityScorecard’s annual U.S. State and Federal Government Cybersecurity Report paints a very grim picture of the government’s cyber health status.
Security

Google to Unveil New Titan Computer Chip

In an effort to better compete against Amazon and Microsoft in the cloud computing space, Google will reveal the technical details of its new security feature, the Titan computer chip.
Security Today

IC Realtime to Unveil its Next Generation Products at CEDIA Expo

At the 2017 CEDIA Expo, IC Realtime will unveil new Thermal Imaging, Corrosion Resistant, Multi-Sensor and 4K cameras.
Security Today

Hanwha Techwin America Appoints New President

Hanwha Techwin America (HTA), a global supplier of IP and analog video surveillance solutions, announced the appointment of company veteran Mr. Kichul (K.C.) Kim as the new president for the Americas.
Security Today

Courthouse Shooting Sparks Security Reviews

After an ambush shooting outside a courthouse in Steubenville, Ohio, lands a judge in the hospital, neighboring Belmont County is rethinking security standards.
Security Today

Industrial Robots IoT Cybersecurity Nightmare

Nearly 50 vulnerabilities have been found in industrial collaborative robots which can be configured enable the robots to spy on their surroundings or cause physical harm to workers.
Security Today

The Price of Security

According to an exclusive report from USA Today, the Secret Service can no longer afford to pay its agents to protect the President of the United States.
Security Today

LA Metro to Test New Security Screening Systems Designed to Detect Threats in Seconds

The Los Angeles Metropolitan Transportation Authority, also known as Metro, has teamed up with TSA and Evolv Technology to test a new weapon screening system.
Security Today

DHS to Boost Cybersecurity of First Responders' Tech

The Department of Homeland Security is realizing that any piece of technology, even networks used by first responders, can be hacked.
Security Today

Why Multi-Sensor Cameras Are Trending for Mainstream Applications

Multi-sensor cameras are the hot trend in today’s surveillance market with growth rates surpassing conventional camera form factors.
Security Today

Drone Maker Steps Up Security after U.S. Army Ban

Chinese drone maker DJI is tightening data security after the U.S. Army ordered its members to stop using the company’s unmanned aerial drones.
Security Today

Critical Infrastructure: Using Fiber Optic Sensing to Address Threats

For businesses, institutions and governments, securing sensitive areas and facilities is a constant concern. Standard practice today is to use barriers and visual monitoring and even security guards. But, these approaches may prove insufficient or not cost-effective.
Security Today

Facebook Doles Out $100K Prize for Internet Defense Prize

A team of researchers today was awarded a $100,000 prize from Facebook for their work in detecting spearphishing attacks.
Dark Reading

Microsoft Report: User Account Attacks Jumped 300% Since 2016

Most of these Microsoft user account compromises can be attributed to weak, guessable passwords and poor password management, researchers found.
Dark Reading

Explaining rapid sea level rise along the East Coast

Sea level rise hot spots — bursts of accelerated sea rise that last three to five years — happen along the U.S. East Coast thanks to a one-two punch from naturally occurring climate variations, according to a new study.
Homeland Security News Wire

At least 13 killed, dozens injured in a terrorist attack in Barcelona, Spain

At least thirteen people were killed and scores injured when a terrorist drove a rented van into a crowded sidewalk in one of Barcelona’s busiest streets.
Homeland Security News Wire

The Benefits of Using Thermal Cameras

Thermal imaging cameras provide the most effective 24/7 monitoring solution available in the video surveillance market today.
Security

20% of Americans Report Their Workplace is Hostile or Threatening

The American workplace is physically and emotionally taxing, with workers frequently facing unstable work schedules, unpleasant and potentially hazardous working conditions, and an often hostile social environment, according to a new study.
Security

Debit Fraud Loss Rates Decline After Chip Cards Introduced

According to the 2017 Debit Issuer Study, commissioned by PULSE, U.S. financial institutions substantially increased issuance of chip debit cards in 2016 and experienced reduced fraud losses.
Security

The 2017 Safest Cities in America

Niche, a company that researches and collects reviews on cities, recently ranked the safest cities in the US.
Security

Most Americans Support Tech. that Alerts Police to Location During an Emergency

U.S. consumers largely support sharing personal data with police or healthcare providers via smart devices, but enthusiasm varies depending on why and by whom the data is collected and how it is to be used, according to the 2017 Unisys Security Index™.
Security

Adapting Security to Manage Digital Risk

Organizations today are embarking on their own distinct journeys of digital transformation as advances in new technologies like 5G and AI change the face of business.
Security

New Texas Law to Allow Open Carry of Swords, Machetes

As of September, adults in Texas will be legally allowed to openly carry knives with blades longer than 5.5 inches.
Security

Organizations With Maturing Training Programs See Benefits with Compliance

In the 2017 Ethics & Compliance Training Benchmark Report from Navex Global, 48percent of respondents said their training programs were maturing – meaning they have a basic plan for the year that covers risk and role-based topic assignments.
Security

Using Location Data to Protect Your Employees

As a security leader, you can use location data to protect your employees from local threats, quickly distributing valuable information to your people that will keep them safe, informed and connected as an event transpires.
Security

IRS Reports Major Drop in Identity Theft, Fraudulent Tax Refunds

After teaming up with tax preparers, the IRS has seen a major drop in the number of identity theft victims, says IRS Commissioner John Koskinen.
Security

Most Companies Failing to Measure Cybersecurity Effectiveness and Performance

More than half of respondents to a survey scored an “F” or “D” grade when evaluating their efforts to measure their cybersecurity investments and performance against best practices.
Security

HBO Victim in Latest Cyberattack

HBO Chairman and CEO Richard Plepler has confirmed that the popular network has fallen victim to the latest cyberattack. The network has been hit by hackers specifically targeting HBO's original programming. Plepler was able to confirm that scripts from the popular program Game of Thrones were leaked as well as unreleased episodes of Room 104 and Ballers.
Security Today

Security Industry Veteran Establishes Autonomous Security Association

In order to promote and advance autonomous security vehicles –ground, marine, and aerial– a security industry veteran is announcing the formation of the Autonomous Security Association.
Security Today

Scotland's Biggest Arts Festival to See Increased Security

It’s no secret that large events these days are a target for terrorism. In the wake of terrorist attacks in London and Manchester, Scotland is picking up the slack and increasing security at one of the country’s largest arts festivals.
Security Today

California Transit Buses Get New Security

In an effort to make rides more secure for passengers, assist law enforcement and determine liability in accidents, all the Golden Gate transit buses now have new security camera systems.
Security Today

Get Ready for the 2038 'Epocholypse' (and Worse)

A leading security researcher predicts a sea of technology changes that will rock our world, including the Internet of Things, cryptocurrency, SSL encryption and national security.
DarkReading

Ransomware Attack on Merck Caused Widespread Disruption to Operations

New information released last week by pharmaceutical giant Merck reveals that a cyberattack that hit the company on June 27 caused significantly more disruption to its operations than many might have assumed.
DarkReading

Iranian Hackers Ensnared Targets via Phony Female Photographer

US, Indian, Saudi Arabian, Israeli, Iraqi IT, security, executives in oil/gas and aerospace swept up in elaborate social media ruse used for cyber espionage operations.
DarkReading

Anthem Hit with Data Breach of 18,580 Medicare Members

Third-party service provider for the insurer discovered one of its employees allegedly engaged in identity theft of thousands of Anthem Medicare members.
DarkReading

New optical device detects drugs, bomb-making chemicals

Scientists searching for traces of drugs, bomb-making components, and other chemicals often shine light on the materials they’re analyzing. This approach is known as spectroscopy, and it involves studying how light interacts with trace amounts of matter. One of the more effective types of spectroscopy is infrared absorption spectroscopy, which scientists use to sleuth out performance-enhancing drugs in blood samples and tiny particles of explosives in the air.
Homeland Security News Wire

Top 5 cybersecurity facts, figures and statistics for 2017

These top level numbers summarize the cybersecurity industry over the past year and indicate what's in store for the next five years.
CSO Online

UN Survey Says Cybersecurity is a Global Struggle

Only about half of all countries have a cybersecurity strategy or are in the process of developing one, according to a new UN report.
Security

Majority of Hate Crime Victimizations Go Unreported

U.S. residents experienced an average of 250,000 hate crime victimizations each year from 2004 to 2015 and the majority of these were not reported to police, the Bureau of Justice Statistics (BJS) announced.
Security

HID Global Acquires Arjo Systems to Expand Its Government ID Business with Physical and Digital Identity Solutions

HID Global announced that it has acquired Arjo Systems SAS, a provider of physical and digital identity solutions for secure government ID applications.
Security Today

Private Key for Original Petya Ransomware Released

Good news for some ransomware victims: The master key used to encrypt the original versions of Petya ransomware has been released.
Data Breach Today

Sabre Says Stolen Credentials Led to Breach

Travel industry giant Sabre said Wednesday an intruder using stolen account credentials for its widely used reservations software had access to payment card details and personal information over a seven-month period.
Data Breach Today

Using Analytics to Crack Down on ID Fraud

Analytics can play a critical role in cracking down on identity fraud, says Shaked Vax, Trusteer products strategist at IBM Security, who explains how to use the latest tools to identify network intruders.
Data Breach Today

Assessing File Sharing and Cloud Computing Risks

Federal regulators are reminding healthcare organizations not to overlook the security risks related to collaborative file sharing tools and other cloud-based services.
Data Breach Today

GDPR: Getting Past the 'Fake News'

"Fake news" isn't just a political concept. It's also a component of the marketing hype about Europe's General Data Protection Regulation, says Jonathan Armstrong of the law firm Cordery. How can security leaders cut through the hype and focus on what's truly important to their business?
Data Breach Today

Military testing behavioral ID technology that would replace CAC card

The Pentagon has finally inked a deal to pilot behavioral biometric technology to identify those using its computer networks, more than a year after then-CIO Terry Halvorsen first pledged to get rid of the ubiquitous Common Access Card.
fed scoop

As the MGT Act faces the Senate, are you ready for what’s next?

If recently passed Federal IT Acquisition Reform Act legislation is the stick that Congress is using to push agencies toward modernization, MGT is the first carrot Congress is willing to give out to bring agencies up to speed.
fed scoop

NotPetya: How to Prep and Respond if You're Hit

NotPetya: How to Prep and Respond if You're Hit
DarkReading

IoT Physical Attack Exploit to be Revealed at Black Hat

Security researcher Billy Rios plans to demonstrate how an exploit can cause an IoT device to launch a physical attack against a human.
Dark Reading

IRS to Launch Educational Phishing Series

The Internal Revenue Service is preparing to launch an educational series on phishing attacks and related warning signs.
Dark Reading

The SOC Is Dead…Long Live the SOC

The traditional security operations center can't deal with present reality. We must rethink the concept in a way that prepares for the future.
Dark Reading

Trump backtracks on U.S.-Russia cyber unit, says it cannot happen

U.S. President Donald Trump on Sunday backtracked on his push for a cyber security unit with Russia, tweeting that he did not think it could happen, only hours after promoting it following his talks with Russian President Vladimir Putin.
Reuters

Wells Fargo says closer to reaching $142 million phony accounts settlement

A California judge has granted a preliminary approval for Wells Fargo & Co's agreement to pay $142 million, and perhaps more, to customers whose credit scores were harmed by its employees creating fake accounts in their names, the bank said on Sunday.
Reuters

Security Systems Maintenance: The Sleeping Dog That Could Wake Up and Bite You

Hospitals, schools and universities must develop systems and processes to track when their protection technologies require repairs.
Campus Safety

NYC mayor reveals plan to add 10,000 cybersecurity jobs over the next decade

New York City Mayor Bill de Blasio on Thursday unveiled a ten-year plan to introduce 100,000 jobs with annual salaries of $50,000 or greater by strategically investing in multiple industries, with a strong emphasis on cybersecurity.
SC Magazine

$130K settlement against CoPilot for breach violation

Following its delay in notifying patients affected by a data breach, CoPilot Provider Support Services will pay $130,000 as a condition of its settlement with New York Attorney General Eric Schneiderman, according to a post on Modern Healthcare.
SC Magazine

Regs slam electoral office after data theft of ALL Hong Kong voters

Hong Kong electoral officials have been slammed by the south Asian city state's data protection regulator after it failed to prevent the theft of laptops containing the information of all of Hong Kong's 3.7 million voters.
SC Magazine

Mirai botnet army could have been larger, more destructive: report

The massive Mirai distributed denial of service (DDoS) attack that took down Dyn DNS last fall leading knocking out dozens of high-profile websites could have been much worse if the malicious actors had done a bit more research.
SC Magazine

Erebus ransomware attack demanded $1.62 million from South Korean firm

South Korean firm NAYANA was hit with a Linux ransomware attack that demanded an unprecedented 550 Bitcoins (BTC) or $1.62 million ransom.
SC Magazine

Theft Takes a Toll on Retailers' Bottom-Line Profits

More than 438,000 shoplifters and dishonest employees were apprehended in 2016 by just 23 large retailers who recovered more than $120 million from these thieves, according to the 29th Annual Retail Theft Survey by Jack L. Hayes International.
Security

GW Center for Cyber and Homeland Security Call for New Class of Senior Fellows

The GW Center for Cyber and Homeland Security (CCHS) at the George Washington University is pleased to announce that it is currently seeking applicants for a new class of senior fellows for a two-year term that will begin in the fall of 2017.
Security

Consumers Prioritize Convenience Over Security While on Vacation

A survey has found that despite the benefits experienced from unplugging, most individuals prefer to stay connected.
Security

2016 EU terrorism: 142 failed, foiled, and completed attacks; 142 victims killed

In 2016, a total of 142 failed, foiled and completed attacks were reported by eight EU member states.
Homeland Security News Wire

Van Plows Into Crowd Near London Mosque in Suspected Terror Attack

Prime Minister Theresa May on Monday vowed to crack down on extremism of all kinds, trying to soothe Muslim fears after a driver rammed a van into a crowd of worshipers in what police were treating as the latest in a string of terrorist attacks.
Wall Street Journal

Nikkei nears two-year high as U.S. hi-tech rebound boosts mood

Japan's Nikkei rose more than 1 percent to hit a near two-year high on Tuesday following a rebound in U.S. hi-tech shares as investors bet on solid growth in the economy and corporate profits globally.
Reuters

Sensitive data on 198 million US voters exposed online

For at least two whole weeks, a database containing information on 198 million potential US voters – more than half of the American population – lay exposed on the internet, accessible to anyone who stumbled upon it while looking for unsecured assets.
Help Net Security

Keys, tokens and too much trust found in container images

While the risks of 3rd party code are well known, the risks of using 3rd party containers are more obscure. In this article I will discuss one such risk: the introduction of 3rd party secrets; and look at examples from public registries.
Help Net Security

Wal-Mart Employees are Now Making Deliveries

Wal-Mart is testing an app that matches online order delivery addresses with its employees' driving routes home so the workers can deliver packages ordered online as they drive home.
Security Magazine

Fraud Has Decreased Nearly 35% Since 2016

Ecommerce fraud as a percent of sales dollars has been declining across the board, except for two industries, since the first quarter of 2016.
Security Magazine

How is Your Physical Security?

The Board of Directors and C-level executives of organizations are increasing their monitoring and influence on their enterprise’s (physical and cyber) security measures.
Security Magazine

Top 10 CISO Benefits of Participating on Customer Advisory Boards

In their perpetual battle against external cyber threats, understanding and addressing evolving regulations and gathering resources to meet escalating security demands, Chief Information Security Officers (CISOs) are a busy, if not overburdened, bunch these days.
Security Magazine

OneLogin hacker swiped AWS keys, can decrypt stolen data

OneLogin is reporting its recent data breach was made possible when a hacker obtained access to a set of Amazon Web Service keys through a third-party vendor.
SC Magazine

C-suite: Cybersecurity is #1 issue, ISA report

It's been a topic of discussion for some time: Cyber threats are serious risks to enterprises and it is the responsibility of the boards to provide oversight.
SC Magazine

China's controversial cybersecurity law goes into effect

China's new cybersecurity law went into effect on June 1, subjecting companies to stringent data privacy and protection guidelines, even as key questions linger around how it will be enforced, how easily businesses will be able to comply, and how much compliance will cost.
SC Magazine

Carnegie Mellon releases ransomware best practices

Carnegie Mellon's Software Engineering Institute released a set of Best Practices for ransomware prevention and response.
SC Magazine

The Internet of Things Invades Physical Security

The physical security space is changing, with emerging threats, new criminal techniques, terrorism and hostile activism just of few of the drivers of change.
Security Magazine

Survey Reveals Employers Caught in a Tangled Web of Federal, State and Local Laws

The Littler Annual Employer Survey, 2017 reveals that the change occurring in Washington, D.C., and in local governments – combined with technological advances and shifts in how work is performed – is creating an unprecedented level of uncertainty in the workplace.
Security Magazine

Syria, Mexico Most Deadliest Conflict Zones

Mexico has surpassed both Iraq and Afghanistan to become the world’s most violent country after Syria, says a study by the International Institute for Strategic Studies (IISS).
Security Magazine

Senate Intel committee grills FBI's McCabe on election hack investigation

Acting FBI Director Andrew McCabe said during a U.S. Senate Intelligence Committee hearing today that James Comey's removal as FBI director by President Donald Trump will have no impact on that agency's investigation of Russian influence in the 2016 election, which he labeled as having the highest priority within the agency.
SC Magazine

Nemucod delivering credential-stealing trojan, Palo Alto

Researchers at Palo Alto Networks have spent the past five months examining a malware campaign that uses the Nemucod downloader to ultimately deliver a trojan that siphons out credentials, according to a post on the company blog.
SC Magazine

HID Global launches IoT Solutions to Offer Organizations a NEw Level of Asset Management and Equipment Monitoring

HID Global announced its extended portfolio of innovative Internet of Things solutions (IoT) with its latest offerings that help organizations take the leap to a new level of asset and equipment management.
Security Today

Cyber Risk: Lessons Learned from the Netflix Breach

Last week, 10 new episodes of the popular Netflix Original show “Orange is the New Black” were leaked as a result of an attack on the streaming service’s postproduction company, Larson Studios. This breach and act of extortion further exposed a critical chink in enterprise cybersecurity that will continue to be a cause of similar detrimental cyber breaches if appropriate measures are not taken to defend against them.
Security Today

Spirit Airlines Flight Cancellations Lead to Passenger Brawl

About 300 Spirit Airlines flights have been cancelled over the past seven days, leaving thousands of passengers angry. The airlines say the cancellations are due to its own pilots, and are currently suing them in a federal court.
Security Today

Cisco patches leaked 0-day in 300+ of its switches

Cisco has plugged a critical security hole in over 300 of its switches, and is urging users to apply the patches as soon as possible because an exploit for it has been available for a month now.
Help Net Security

Chinese hackers ordered to pay $9 million over insider trading

Three Chinese citizens, who have obtained millions from illicit stock trades based on insider information they stole from two US law firms by hacking, have been ordered to give back the money (including money given to Hong’s mother) and pay over $5 million in civil penalties.
Help Net Security

US to expand carry-on laptop ban to flights from Europe

The Department of Homeland Security is planning to ban US-bound air travelers from Europe and the UK from carrying laptops and other large electronic devices in their hand luggage.
Help Net Security

Data security disruptions can have cascading negative impacts

Nine in 10 global cybersecurity and risk experts believe that cyber risk is systemic and that simultaneous attacks on multiple companies are likely in 2017, according to AIG.
Help Net Security

Most companies falsely believe their Active Directory is secure

A majority of companies falsely believe their Active Directory (AD) is secure, according to a new survey conducted jointly by Skyport Systems and Redmond Magazine.
Help Net Security

White supremacists dramatically increase recruitment efforts on U.S. college campuses

White supremacists, emboldened by the 2016 elections and the current political climate, are currently engaged in an unprecedented outreach effort to attract and recruit students on American college campuses.
Homeland Security News Wire

Tom Ridge Says Corporate Boards Still Unprepared for Challenge of Cybersecurity

Former Homeland Security secretary Tom Ridge says the majority of corporate boards and CEOs are unprepared for the challenges posed by rising cyber risk.
Wall Street Journal

Corporations ‘Not Prepared’ for Mobile Breach

The increasing use of mobile devices at work only increases the threat of security breaches. A survey form Check Point and Dimensional Research found that 64 percent of respondents said they are doubtful that their organizations can defend against a mobile cyber attack.
Information Age

DHS Cyber Tool Finds Huge Amount of 'Shadow IT' in U.S. Agencies

New Continuous Diagnostics and Monitoring (CDM) tools being deployed at U.S. government agencies found huge numbers of uncatalogued and unmanaged computer devices connected to federal networks.
CyberScoop

Internet Atlas Maps the Physical Internet to Enhance Security

Researchers at the University of Wisconsin-Madison (UW-Madison) have developed Internet Atlas, which they say is the first-ever detailed worldwide map of the Internet.
University of Wisconsin-Madison News

DHS Chief: Terror Risk as High as on 9/11

Department of Homeland Security Secretary John Kelly on April 18 said that the risk of a terror attack on the U.S. was "as threatening today" as it was on 9/11.
CNN

95 Percent of Enterprises Found Employees Actively Seeking Ways to Bypass Corporate Security Protocols

Dtex Systems' Insider Threat Intelligence Report reveals key security trends driven by malicious and negligent insiders that include a cross section of employees, contractors, and partners with access to corporate endpoints, data, and applications.
Yahoo Finance

Macron campaign hit by massive hack

A "massive and coordinated" hack was carried out against France's Emmanuel Macron's campaign, staffers said in a statement late Friday.
SC Magazine

Russian Fatboy ransomware-as-a-service offers customer support over Jabber

The malware, discovered by Recorded Future and dubbed “Fatboy”, uses The Economist's Big Mac Index as a reference. The ransomware changes the amount of money it charges, so that victims in areas with a higher cost of living will be charged more to have their data decrypted.
SC Magazine

Consumers Trust Biometrics for Mobile Banking and Payments

Eight in 10 bank customers want biometric authentication beyond the fingerprint in their mobile banking and payment apps, and 42% said they refuse to use mobile banking or payment apps that don’t have biometric authentication, according to a new survey.
Security Magazine

Bee colonies-inspired tool to help dismantle terrorist cells, criminal social networks

Researchers have designed an algorithm, inspired by the intelligent and social behavior of bee colonies, which allows law enforcement to attack and dismantle any type of social network that poses a threat, whether physical or virtual, such as social networks linked to organized crime and jihadist terrorism.
Homeland Security News Wire

Latest science on sea level rise projections: In support of California policy guidance

An estimated 75 percent of California’s population lives in coastal counties. Sea-level rise, already underway, threatens hundreds of miles of roads and railways, harbors, airports, power plants, wastewater treatment plants, coastal wetlands, beaches, dunes, bluffs, and thousands of businesses and homes.
Homeland Security News Wire

Cities inland could be reshaped by migration from sea-level rise

When Hurricane Katrina struck Louisiana in 2005, cities inland saw an influx of evacuees escaping the storm and its aftermath. Now, a new study predicts that this could happen again as a result of sea-level rise.
Homeland Security News Wire

Researchers Link Robots into Surveillance Teams

Researchers at Cornell University are developing a system to enable teams of robots to share information as they move around and, if necessary, get help in interpreting what they see, enabling them to conduct surveillance as a single entity with many eyes.
Security Magazine

Workers like to circumvent corporate cybersecurity policies, study

Dtex Systems researchers found that 95 percent of enterprises surveyed had employees who are actively circumventing corporate security protocols.
Security Magazine

When flashlights attack, Android passwords get stolen

Another malicious app has finagled its way into the Google play store in the disguise of a seemingly benevolent flashlight app.
Security Magazine

Monster rivalry forming between IoT botnets Mirai and Hajime

The Mirai malware that has created massive botnets out of hijacked Internet of Things devices has met a formidable opponent in Hajime, a rival IOT worm whose intent may possibly be to declaw Mirai.
Security Magazine

Struts and Shadow Brokers exploits among the 299 fixed by Oracle patch

April 19 may now be known as Oracle Patch Day with the company issuing and record 299 critical security fixes, including several that patch issues that can be exploited by some of the leaked NSA tools.
Security Magazine

Google Won't Trust Symantec and Neither Should You

News that Google may be imposing a series of restrictions in Chrome against digital certificates issued by Symantec is but the latest and most remarkable salvo in a dispute that stretches back years.
DarkReading

Snowden Says Mass Surveillance Programs 'Are About Power'

Edward Snowden shared his views of the implications of mass surveillance programs and the government's objective in implementing them.
DarkReading

Amnesia botnet targeting DVRs, Palo Alto report

Over a quarter of a million devices used with DVRs around the globe are susceptible to a new botnet its discoverers have dubbed Amnesia.
SC Magazine

Report: Chinese APT compromised trade association's website to keep tabs on members

A Chinese hacking group is accused of compromising the website of the National Foreign Trade Council in an apparent attempt to spy on the U.S. trade association's members in the days leading up to a key summit between President Donald Trump and Chinese President Xi Jinping.
SC Magazine

A Cyber Bill of Rights

The U.S. Bill of Rights was written to protect individual liberties and to limit the powers of an overarching government but some privacy advocates fear courts may need reeducating as to how those principles apply in the digital age.
SC Magazine

Evolving Cybersecurity Threat Landscape Shifts Hiring Patterns Toward Specialization

The conversation around allegations that Russian hackers stole data and thousands of emails from the Democratic National party during the ramp up to the recent election is only escalating.
Security Magazine

The Danger Within: Confronting the Insider Threat

Insider threat programs are necessary to allow the organization to prevent, detect, respond to and deter insider threats.
Security Magazine

How Americans Manage Their Passwords

According to a Pew Research study, the vast majority of Americans keep track of their passwords using much more traditional methods – specifically, by memorizing them or by writing them down on a piece of paper.
Security Magazine

Ineffective Communication Weakening Travel Risk Programs

Travel risk is a top priority among European companies, yet travel security risk mitigation programs are seen as undermined due to communication inefficiencies.
Security Magazine

Why is the Security Industry Failing?

Another year, another set of records broken. 2016 saw the most breaches, the most records breached, and the largest single breach – at least according to one report. News of the latest breach barely registers over the din of others.
Security Today

FBI Director: No Evidence of Wiretap

In a hearing with the House intelligence committee to speak on Russia’s involvement and coordination with Trump’s Campaign in the past election, FBI Director James Comey told representatives that there was “no evidence to support” Trump’s tweets that claim former President Obama wiretapped Trump Tower during the election cycle.
Security Today

Panel of Industry Execs to Discuss the Impact of the IoT at ISC West 2017

The Internet of Things (IoT) raises many new issues for security professionals. Attendees who register for “The Pros and Cons of the Internet of Things” seminar at ISC West 2017 will come away with insights on new developments in networked solutions for the security industry and how they are impacting today’s systems.
Security Today

Stopping the Post-EMV Surge in Online Fraud

According to data from ACI Worldwide, while online transactions grew in the U.S. by 12 percent, there was a 43 percent increase in online fraud.
Security Today

Consumers Are Passing Off Security Responsibility to Others: Gemalto

A new report from security firm Gemalto concludes that consumers are putting the responsibility for protecting their personal data in the hands of the organizations holding their data, rather than themselves.
ZDNet

Bitcoin Exchange Crackdown: Two Employees Plead Guilty

Two men in Florida have pleaded guilty to helping operate an unlicensed bitcoin exchange, Coin.mx, as a result of a wide-ranging government investigation into a massive scheme that involved hacking into multiple financial institutions, including JPMorgan Chase.
Bank Info Security

Defending Against Cyber Threats During M&As

Companies involved in mergers and acquisitions are increasingly targeted with cyberattacks that could potentially derail the deals, says Bryce Boland of FireEye (see: Inside An Elite APT Attack Group).
Bank Info Security

NIST Issues Draft of Revisions to Cybersecurity Framework

The National Institute of Standards and Technology has published a draft of its first revision to its cybersecurity framework, describing it as an update, not a major overhaul.
Bank Info Security

Sorry, Drone Deliveries Aren’t Coming Soon

Don’t hold your breath for drones to deliver soap, batteries, or other goods to your house anytime soon. Unless, that is, you happen to be taking part of a staged-drone delivery test.
Fortune

(ERA) Perspective: Pitfalls to Avoid When Implementing Enterprise Risk Management Processes

Establishing enterprise risk management processes for any entity involves common pitfalls including the failure to link risk management to strategy setting, discussed here by Jim DeLoach and Shawn Seasongood of consulting firm Protiviti Inc. Additionally, areas of focus for insurers in particular are included.
Business Insurance

Privacy and Security are Biggest Concerns about the Business Use of Drones

From package delivery to props in major sporting events, drones continue to play major roles in everyday life. But are enterprises prepared for “The Rise of the Drones” in their operations?
Security Magazine

Most Violent and Property Crimes in the U.S. go Unsolved

Only about half of the violent crimes and a third of the property crimes that occur in the United States each year are reported to police.
Security Magazine

U.S. authorities raid Caterpillar's Illinois facilities

Federal law enforcement officials conducting a criminal probe of heavy machinery manufacturer Caterpillar Inc searched three of its facilities on Thursday, prompting a sharp sell-off in the company's stock.
Reuters

Cloudflare Breach Had Potential To Be Much Worse

A security lapse at content distribution network provider Cloudflare that resulted in customer data being leaked publicly for several months was bad - but had the potential to be much worse.
DarkReading

Yahoo Fallout Underscores the New Reality in Cyber Security

Yahoo's CEO Marissa Mayer won't be getting certain bonuses, according to a filing with the SEC on Wednesday, as the fallout from the massive security breach continues to roil the company.
Fox Business

43% of companies had a data breach in the past year

A report released Wednesday finds that the size of computer security breaches at U.S. companies is increasing, and that more than a quarter of companies don't have a computer security plan in place.
USA Today

Fuzzy logic to help drones land themselves on moving platforms

The buzzword in drone research is autonomous — having the unmanned aerial vehicle do most or all of its own flying. Researchers are using artificial intelligence, called fuzzy logic, to get drones to navigate and land themselves on moving platforms.
Homeland Security News Wire

Game theory insights could improve cyberwarfare strategy

Whether a nation should retaliate against a cyberattack is a complicated decision, and a new framework guided by game theory could help policymakers determine the best strategy.
Homeland Security News Wire

ISIS’s “industrialized” martyrdom resembles Japan’s use of kamikaze pilots: Report

ISIS’s suicide attacks resemble Japan’s use of kamikaze pilots in the Second World War, says a new study which looked at nearly 1,000 ISIS suicide operations in one year.
Homeland Security Newswire

Howard Schmidt leaves indelible influence on cybersecurity

Howard A. Schmidt, former White House cybersecurity coordinator, executive director of SAFECode and trusted SC Media editorial advisory board member, passed away Thursday.
SC Magazine

CryptoLocker bursts onto scene again, targeting Europe and U.S.

Researchers have spotted a sudden resurgence of the Windows-based ransomware CryptoLocker early this year, specifically identifying clusters of attacks targeting Italy, Dutch-speaking victims, and even the U.S.
SC Magazine

Congress warned of AI, robot threats

With Skynet and "I, Robot" seeming less like science fiction and more like an eventual reality thanks to tech advancements, Atlantic Council's Cyber Statecraft Initiative Senior Fellow Jason Healey warned members of Congress Wednesday of the threats posed by robotic soldiers and artificial intelligence that could enable cyberespionage or worse.
SC Magazine

Google pumps up Chrome security for macOS

Users of Apple's macOS system will begin seeing more warnings as they browse or attempt to download files, according to a Google blog.
SC Magazine

Anonymous Hacker Takes Down More than 10,000 Dark Web Sites

More than 10,000 Web sites were taken down in an attack launched over the weekend that was aimed at sites hosting child pornography, according to reports.
Enterprise Security Today

University Student Gets 3 Years' Probation in Cybercrime

Carnegie Mellon University student who developed and sold malicious software through an online cybercriminal marketplace that allowed others to remotely control Google Android smartphones has been sentenced to three years' probation.
Enterprise Security Today

HPE Buys Niara for Beefing Up Security through Analytics

Businesses need smarter tools to battle today's wide ranging and fast-evolving IT security threats, which is the reason Hewlett Packard Enterprise (HPE) has added a company called Niara to its arsenal.
Enterprise Security Today

Where did the idea of an ‘Islamic bomb’ come from?

The heavily freighted idea of an “Islamic bomb” has been around for some decades now. The notion behind it is that a nuclear weapon developed by an “Islamic” nation would automatically become the Islamic world’s shared property – and more than that, a “nuclear sword” with which to wage jihad.
Homeland Security News Wire

Consumers ignorant of tracking methods used by online advertisers

A recent study published by researchers from Syracuse University’s School of Information Studies (iSchool) reveals that the general public has a poor understanding of the workings of online behavioral advertising, and the privacy implications behind the information that advertisers gather.
Homeland Security News Wire

Facebook Takes Search Warrant Challenge to NY's Top Court

Facebook and Manhattan prosecutors went to New York state's highest court Tuesday to settle a legal dispute over search warrants for users' accounts, a closely watched case with big implications for online privacy.
Enterprise Security Today

Revised Cybersecurity Executive Order Seen as More Moderate

A heavily revised draft of President Donald Trump's executive order on cybersecurity lays out initiatives to build upon the previous administration's IT security programs rather than to radically change them.
Data Breach Today

Kaspersky: Banks, Governments, Telcos Hit by Fileless Malware

Russian security vendor Kaspersky Lab says hackers using fileless malware to stay undetected have compromised as many as 140 banks, government organizations and telecommunications companies.
Data Breach Today

Former US Contractor Indicted in Theft of Classified Material

A 52-year-old former U.S. Navy officer and longtime government contractor who allegedly hoarded an enormous stash of classified data in his house and car was indicted by a federal grand jury on Feb. 8, the Justice Department says.
Data Breach Today

What Security Professionals Can Learn From Epidemiologists

Just like epidemiologists studying disease outbreaks, cybersecurity professionals can benefit from identifying and mitigating certain behaviors, says Dr. Elizabeth Lawler, an epidemiologist who is CEO of Conjur, a data security firm.
Data Breach Today

As ATM Attacks Rise, Banking Group Improves Incident Tracking

Banks are seeing intensifying attacks against their cash machines, which has prompted an industry group to collect more fine-grained detail on the incidents for defenders.
Data Breach Today

Hackers Stole Credit Card Information From Thousands of Arby’s Customers

Hackers have stolen customer credit card information from an unknown number of Arby’s restaurants, according to a report on Thursday.
Fortune

Yahoo Faces SEC Probe Over Data Breaches

U.S. authorities are investigating whether Yahoo Inc.’s two massive data breaches should have been reported sooner to investors, according to people familiar with the matter, in what could prove to be a major test in defining when a company is required to disclose a hack.
Wall Street Journal

Protesters, Oil Companies Gear Up for Next Round at Standing Rock

Protesters opposed to the Dakota Access Pipeline are gearing up for a new round of clashes after the inauguration of President Donald Trump. So are oil companies—and the private security firms they have hired to police the protests.
Wall Street Journal

The Watchful Eye of Retail Surveillance in the Digital Age

Video surveillance, remote monitoring and facial recognition are critical security tools in retail security and loss prevention.
Security Magazine

Many organizations still opt for 'good enough' cybersecurity

Late last year, ESG published a research report titled, Through the Eyes of Cyber Security Professionals, in collaboration with the Information Systems Security Association (ISSA). As part of this report, 437 cybersecurity professionals and ISSA members were asked if they’d experienced a number of types of security incidents
NetworkWorld

How Automation Technology is Solving the Security Staffing Shortage Issue

As cybersecurity incidents continue to increase in both complexity and frequency, businesses of every size in every industry and in just about every country across the globe are recognizing the glaring need for stronger defense strategies.
Security Magazine

Most Americans Fail Cybersecurity Best Practices

Even after being hacked, most Americans fail to properly protect their online personal information online.
Security Magazine

Infrastructure-as-a-Service Predictions for 2017

It's likely that your approach to cloud infrastructure adoption was cautious at first. You may have limited your focus to rapid provisioning, or reducing equipment and operational costs.
Enterprise Security Today

Lloyds Bank Accounts Targeted in Huge Cybercrime Attack

Lloyds Banking Group suffered an online attack lasting two days as cyber criminals attempted to block access to 20m UK accounts.
Enterprise Security Today

Microsoft Says Windows 7 Is Now Dangerously Insecure

Microsoft is now calling out anyone who passed on the update and still using Windows 7, especially those in an enterprise setting. It says that operating system is outdated, and even with patches, it's not secure enough.
Enterprise Security Today

Sophisticated Phishing: Beware the Latest Gmail Phishing Attack

Hackers have reportedly devised a new phishing method which seems to be tricking even the most experienced and tech savvy users into revealing their account details.
Enterprise Security Today

AlphaBay dark web marketplace users compromised

About 218,000 unencrypted private messages posted to the AlphaBay dark web marketplace have been accessed and released to the public, according to several posts on Reddit.
SC Media

Stupid Bowl: ISP jeopardizes subscribers' Wi-Fi networks by encouraging NFL-themed passwords

A large U.S. cable company fumbled its attempt to engage customers this week when it advised subscribers to change their Wi-Fi passwords to either GO_NEWENGLAND" or "GO_ATLANTA" to support their Super Bowl team of choice.
SC Media

Facebook adds Privacy Basics to help secure accounts

Facebook is celebrating Data Privacy Day by introducing the new Privacy Basics feature to control who see what its users share on the platform.
SC Media

Two researchers report 200 bugs in Trend Micro tools

Trend Micro may be one of the world's biggest vendors of cybersecurity solutions, but that hasn't made it immune from hacks into its software, according to a report on Forbes.
SC Media

DHS designate U.S. election infrastructure as a Critical Infrastructure Subsector

The Department of Homeland Security has added the U.S. election infrastructure to the list of protected critical infrastructure sectors of the economy.
Homeland Security News Wire

Russia waging disinformation war against Sweden: Report

Researchers from the Swedish Institute of International Affairs, Sweden’s leading foreign policy institute, have written that Russia has been using fake news, false documents, and disinformation as part of a coordinated campaign to influence public opinion and decision-making in Sweden.
Homeland Security News Wire

Gun violence research dramatically underfunded, understudied compared to other leading causes of death in U.S.

More than 30,000 people die each year from gun violence in the U.S., a higher rate of death than any industrialized country in the world.
Homeland Security News Wire

St. Jude's cardiac devices vulnerable to hacking: FDA

The FDA confirmed that St. Jude Medical’s implantable cardiac devices are vulnerable to hacking. Once hackers gain access to the device, they could deplete the battery or administer incorrect pacing or shocks.
Homeland Security News Wire

Off-grid power in remote areas will require special business model to succeed

Around the world, more than 1.2 billion people lack access to basic electricity service.
Homeland Security News Wire

High likelihood of large-scale terrorist attacks in 2017: WEF

The World Economic Forum (WEF) said that large-scale terrorist attacks – not only lone-wolf attacks — are among the likely threats for which states must prepare in 2017.
Homeland Security News Wire

Ground-breaking discovery for world food security

Researchers have made a discovery that could help conquer the greatest threat to global food security – pests and diseases in plants.
Homeland Security News Wire

Homeland Security Looks To Blockchain To Track People, Goods Across Borders

Blockchain ledgers could better secure cameras and sensors monitoring the movement of travelers and trade goods
Homeland Security News Wire

Security Qualifications Fraud 'Public Safety Risk'

The head of an exam board is warning that undetected qualifications fraud in the security industry is becoming a "risk to public safety".
BBC News

Detecting And Mitigating

Insider threat has become an increasingly prevalent concern for organizations, and the damage from breaches caused by current or former employees, contractors or partners misusing access credentials can be devastating.
Security Today

What To Watch For With Ransomware: 2017 Edition

Varied delivery methods, stronger encryption, and publicized code drove a 400-percent increase in the number of ransomware families found between January and September of 2016.
DarkReading

Worldwide IoT spending to reach $1.29 trillion in 2020

Worldwide IoT spending is forecast to reach $737 billion in 2016 as organizations invest in the hardware, software, services, and connectivity that enable the IoT.
Help Net Security

Security strategies for IoT top the CSO agenda

Nearly half of organizations are investing in a security strategy for the Internet of Things (IoT), according to the PwC Global State of Information Security survey of more than 10,000 participants in 133 countries.
siliconrepublic

Energy Department warns of ‘imminent’ cyberattack on power grid

There is an "imminent danger" of cyberattacks targeting privately owned infrastructure used to deliver electricity to U.S. homes, hospitals, and businesses, according to the U.S. Energy Department's Quadrennial Energy Review.
FedScoop

CIOs will thwart cybersecurity threats with behavioral analytics in 2017

CIOs will invest in new analytics technology that can anticipate and identify a variety of cyberthreats in 2017.
CIO

Bringing boards up to cyber speed

The National Association of Corporate Directors (NACD) recently released a Cyber-Risk Oversight Handbook in an effort to set standards for corporate board leadership.
CSO Online

Cops to increasingly use digital footprints from IoT devices for investigations

According to Mark Stokes, Scotland Yard's head of digital, cyber and communications forensics unit, cops are being trained to rely on evidence from IoT devices.
Network World

Dangerously Connected: The complexities of personal devices in the workplace

The BYOD (bring your own device) issue gives IT managers and internet security contractors plenty to fret over.
Utah Business

HHS Warns of Terrorist Attacks on Hospitals

The United State Department of Health and Human Services sent a letter to officials in the public health sector warning of potential terrorist attacks.
Campus Safety

The lie-detecting security kiosk of the future

Researchers have created a robotic security kiosk to help border security agents determine whether travelers coming into Canada may have undisclosed motives for entering the country.
Phys Org

State election systems to get more federal aid for security

Citing increasingly sophisticated cyber bad actors and an election infrastructure that's "vital to our national interests," Homeland Security Secretary Jeh Johnson is designating U.S. election systems critical infrastructure, a move that provides more federal help for state and local governments to keep their election systems safe from tampering.
AP

Polis, Yoder to Drop Bill Keeping Emails Privacy Act Today

Today, Reps. Jared Polis (D-Colo.) and Kevin Yoder (R-Kan.) reintroduced the Email Privacy Act, legislation that modernizes America’s digital privacy laws by establishing protections against warrantless searches of private emails.
JaredPolis

U.S. Reacting at Analog Pace to a Rising Digital Risk, Hacking Report Shows

Of the many questions left unanswered by the American intelligence agencies’ accusation that Russia’s president, Vladimir V. Putin, led a multilayered campaign to influence the 2016 presidential election, one stands out: Why did it take the Obama administration more than 16 months to develop a response?
New York Times

STATE: Investigation Finds Foreign Nation Was Behind Major Anthem Cyber Breach

The California Department of Insurance on Friday released the examination findings and settlement agreement concerning the cyber security breach of health insurance giant Anthem Inc., which compromised 78.8 million consumers' records.
Lake County News

The Curious Case Of L.L. Bean And The Rise Of Social Brand Shaming And Consumer 'Brandgerism'

It’s one thing to boycott a company as a way to press them to change a bad business practice, like Nike and Apple’s violation of child labor laws, Chik-fil-A’s alleged anti-gay hiring practices or Amazon’s repressive employment conditions at its warehouses.
Forbes

Cloud Security Leads List of Top 10 Hard-to-Find Tech Skills

Cloud security is now the most difficult IT skill for employers to find in the job market, according to analysis of the top 10 hardest-to-find technology skills by Burning Glass Technologies.
Security Magazine

What the Most Common Passwords of 2016 List Reveals

According to a new study, nearly 17 percent of users are safeguarding their accounts with “123456.”
Security Magazine

eBay Launches eBay Authenticate to Prevent Counterfeiting

eBay is developing a new authentication program for some of its higher-end items to create a network of professional authenticators it can use to verify that products are legitimate.
Security Magazine

Many Companies Unprepared for Location-Based Security Incidents

A large percentage of organizations have an emergency communication plan, but they take too long to implement, says a new study.
Security Magazine

Profiles of Individual Radicalization in the United States (PIRUS) database released

The National Consortium for the Study of Terrorism and Responses to Terrorism (START) has released its latest data tool, the Profiles of Individual Radicalization in the United States (PIRUS) dataset.
Homeland Security News Wire

Obama Signs Bill Elevating Cybercom to Full Command

President Barack Obama signed Friday the National Defense Authorization Act, legislation that includes a provision he opposes to leave the leader of the newly-elevated U.S. Cyber Command as the head of the National Security Agency as well.
Gov Info Security

Who Is Trump's Top Security Adviser Tom Bossert?

Trump Taps Bossert as Assistant to the President for Homeland Security and Counterterrorism
Gov Info Security

The Urgent Need to Recruit More Cybersecurity Pros

As cybercriminals continue to wage more sophisticated, well-funded attacks, it's more urgent than ever to attract qualified professionals to careers in cybersecurity, says Symantec CTO Dr. Hugh Thompson.
Bank Info Security

'Crime as a Service' a Top Cyber Threat for 2017

In an audio interview, Steve Durbin, managing director of the Information Security Forum, offers a forecast of the top security threats for the year ahead, including the ramping up of attacks fueled by "crime-as-a-service" offerings.
Bank Info Security

Anti-surveillance clothing blocks security cameras’ facial-recognition software

New anti-surveillance clothing has been developed, allowing wearers to prevent security cameras which use facial recognition technology from recognizing them. The clothing uses complex colored patterns of digitalized faces, and parts of faces, to overload and trick facial recognition software.
Homeland Security News Wire

Restoring power to a grid facing a cyberattack

Currently, utility companies in North America have procedures and capacity to handle localized power outages caused by events such as extreme weather and high usage on hot days.
Homeland Security News Wire

New Obama report warns of changing ‘threat environment’ for the electricity grid

At a time of heightened focus on U.S. cybersecurity risks, the Energy Department released a comprehensive report on the nation’s rapidly changing electrical grid Friday that calls for new action to protect against evolving threats.
Washington Post

NIST Guide Provides Way to Tackle Cybersecurity Incidents with Recovery Plan, Playbook

The U.S. National Institute of Standards and Technology (NIST) has released its Guide for Cybersecurity Event Recovery to help organizations develop, test, and improve their cybersecurity recovery plans.
NIST

The Enemy Within: Bribes Bore a Hole in the U.S. Border

Almost 200 employees and contract workers of the Department of Homeland Security over the last 10 years have taken nearly $15 million in bribes while protecting U.S. borders and enforcing immigration laws, according to a New York Times review of court records and internal agency documents.
New York Times

Dog fight: Start-ups take aim at errant drones

The consumer drone market is expected to be worth $5 billion by 2021, with drones sporting a range of features from high-definition cameras to GPS.
Reuters

Promised “Gun Enforcement Division” Officially Launches In Baltimore

The Baltimore Sun Share to FacebookShare to Twitter (12/7) reports that Maryland State Attorney Marilyn J. Mosby announced the official launch of a unit of “elite” prosecutors and detectives on Wednesday.
The Baltimore Sun

Hacked Yahoo Data Is for Sale on Dark Web

The records of more than 1 billion users of Yahoo email that were hacked around 2013 began to be quietly offered for sale last August, according to Andrew Komarov, chief intelligence officer at InfoArmor, an Arizona cybersecurity firm, who monitors the dark corners of the internet inhabited by criminals, spies, and spammers.
New York Times

Stronger gun laws linked to decreased firearm homicides

Stronger firearm laws are associated with reductions in firearm homicide rates, concludes a study which reviewed all available articles published in peer-reviewed journals from January 1970 to August 2016 that focused specifically on the connection between firearm homicide and firearm laws.
Homeland Security News Wire

Advanced anti-drone protection and neutralization system unveiled

Elbit Systems will use the Israel HLS & Cyber Conference, taking place this week in Tel Aviv, to unveil its ReDrone system, a solution for protection of closed air spaces, national infrastructures, and other critical areas against hostile drones penetrating the protected perimeter.
Homeland Security News Wire

Caution about emerging technologies is compatible with science

Precautionary approaches to governance of emerging technology, which call for constraints on the use of technology whose potential harms and other outcomes are highly uncertain, are often criticized for reflecting “risk panics,” but precaution can be consistent with support for science.
Homeland Security News Wire

2017 Security Innovation in U.S. Bank Stadium, Where Technology Is King

U.S. Bank Stadium is not just a location, but an epicenter of security technology, excitement and Minnesota pride.
Security Magazine

Combating Complacency: Getting the Most Out of Your Data Breach Response Plan

This fall, the Ponemon Institute released its Fourth Annual study, Is Your Company Ready for a Big Data Breach? on data breach corporate preparedness, which revealed that 52 percent of companies experienced data breaches just this past year alone.
Security Magazine

Highly lucrative Ransomware as a Service attacks poised to accelerate in 2017

Ransomware can be likened to global warming. It’s been around for years, but it’s now becoming an epidemic which needs serious attention.
Help Net Security

Citizens will share personal data with smart city programs by 2019

The rapid pace of technological and societal change has given government CIOs a new sense of urgency and a willingness to experiment with smart city and open data initiatives, according to Gartner.
Help Net Security

Mitigating internal risk: Three steps to educate employees

IT security is usually focused on how to prevent outsiders with malicious intent from causing harm to your IT systems and data.
Help Net Security

Russian DNC Hackers Tied to Ukrainian Artillery App Hack

The same family of malware that was used to hack into U.S. Democratic National Committee systems has also been found infecting an Android app used by artillery units defending eastern Ukraine after Russia invaded Crimea in 2014, according to the cybersecurity firm Crowdstrike.
Data Breach Today

Russian DNC Hackers Tied to Ukrainian Artillery App Hack

The same family of malware that was used to hack into U.S. Democratic National Committee systems has also been found infecting an Android app used by artillery units defending eastern Ukraine after Russia invaded Crimea in 2014, according to the cybersecurity firm Crowdstrike.
Data Breach Today

Online Bank Fraud Mastermind Failed to Cover Tracks

Memo to would-be cybercriminals: Want to move stolen money internationally to bank accounts that you control? Need to route funds to a few money mules to get it laundered? Don't do it from a system tied to an IP address registered to your home.
Data Breach Today

BA Blamed for Major Breach of Insurer's Data

Community Health Plan of Washington, a not-for-profit insurance company, says a security vulnerability on the computer network of a business associate that provides it with technical services resulted in a breach affecting nearly 400,000 individuals.
Data Breach Today

The Urgent Need to Recruit More Cybersecurity Pros

Symantec CTO Hugh Thompson Offers 2017 Threat Assessment
Data Breach Today

US-Backed Effort to Ease Software Export Limits Fails

The Obama administration has failed to reach agreement with 40 other nations on modifying a non-binding export control agreement that it says could hurt cybersecurity.
Data Breach Today

Senators Call for Select Panel to Probe Hacks Said to Sway Vote

Leading this latest edition of the ISMG Security Report: The growing momentum in Congress to establish a select committee to investigate breaches the American intelligence community has tied to the Kremlin to influence the U.S. presidential election.
Data Breach Today

Governors Recommend Aligning State Privacy Laws with HIPAA

The National Governors Association, in a new road map for improving nationwide secure health data exchange, proposes that states attempt to better align their privacy laws to the federal HIPAA Privacy Rule to help remove legal barriers.
Data Breach Today

Ohio Gov. Signs Campus Carry Bill into Law

Ohio Governor John Kasich signed a bill that could allow licensed guns onto public college campuses Monday.
Campus Safety

Student Data Hacked at U. of Nebraska

Officials at the University of Nebraska Lincoln campus announced the school was the victim of a large computer security breach Tuesday.
Campus Safety

Russian Hackers Run Record-Breaking Online Ad-Fraud Operation

Cybercriminals out of Russia are behind a newly discovered massive online advertising fraud operation hiding in plain site that steals up to $5 million per day from big-name US advertisers by posing as some 6,000 major US media sites including The Huffington Post, Fortune, ESPN, CBS Sports, and Fox News, and generating fake ad impressions.
Dark Reading

Annual Guarding Report: Industry Faces a 'Watershed Moment'

The security officer industry is facing major changes, as consolidation alters the landscape.
Security Magazine

Edge360 Deploys Global Situational Awareness Platform for the Department of State

Edge360 has begun the worldwide rollout of the PSIM solution as part of a recently awarded $73 Million contract from the Department of State.
Security Today

Innovations, Solutions and a Renewed Sense of Pride

It’s an exciting time to be in the security industry, as evidenced by the successful year we have seen in regards to technology innovations, mergers and acquisitions, and a renewed sense of pride in the industry.
Security Today

Online Exclusive: Facebook Isn't Safe!

When employees use corporate networks to access social media such as Facebook, they open the door to a new set of security concerns.
Security Today

Former ASG Security President and CEO Joe Nuccio joins ADT as Senior Vice President, Business Development

ADT today announced that Joe Nuccio has joined the company as Senior Vice President, Business Development.
Security Today

Presidential commission calls for collaborative action to combat cyber threats

The president's Commission on Enhancing National Cybersecurity today released a 100-page report that called for greater cooperation between the government, the private sector, educational institutions and even individual Americans with the goal of protecting and defending the nation's critical cyber infrastructur hie
SC Magazine

Technology helping malicious business on the dark web grow

The “dark web” has long had an ominous appeal to Netizens with more illicit leanings and interests. But given a broadening reach and new technologies to access this part of the web and obfuscate dealings here, the base of dark web buyers and sellers is likely growing.
SC Magazine

Russian intelligence claims to bust up pending banking cyberattack

The Russian intelligence service said it has stopped a planned cyberattack on that nation's banks that was slated to launch on December 5.
SC Magazine

Where Cybercriminals Go To Buy Your Stolen Data

What malicious sites provide both free and paid access to stolen credit cards, company databases, malware and more?
Dark Reading

Protecting the Internet from weaknesses of many “connected” devices

As an increasing number of devices — from cars to light bulbs to kitchen appliances — connect with computer networks, experts are raising concerns about privacy and security.
Homeland Security Newswire

Time is running out for NTP

Everyone benefits from Network Time Protocol, but the project struggles to pay its sole maintainer or fund its various initiatives
InfoWorld

Actively exploited Firefox, Tor Browser 0-day patched, update now!

Mozilla and the Tor Project have released security updates that fix the Firefox 0-day flaw that was spotted being exploited to de-anonymize Tor Browser users.
Help Net Security

San Francisco transport system ransomware attacker also extorted other US-based businesses

The ransomware attack that hit the San Francisco Municipal Transportation Agency last Friday is just one of many mounted by the same attacker.
Help Net Security

65% of social engineering attacks compromised employee credentials

Social engineering is having a notable impact on organizations across a range of industrial sectors in the US.
Help Net Security

“Lurking malice” found in cloud hosting services

A study of twenty major cloud hosting services has found that as many as 10 percent of the repositories hosted by them had been compromised -- with several hundred of the "buckets" actively providing malware.
Homeland Security News Wire

Microsoft Warns of PLATINUM Hacker and Password Attacks

Microsoft’s latest Security Intelligence Report highlights the tactics of the PLATINUM hacking group, which seeks to steal intellectual property related to government interests.
eweek

Should NSA and cyber command have separate leadership?

The National Security Agency is the nation’s digital spying organization. U.S. Cyber Command is a military unit focused on cyberwarfare. Does it make sense for one person to lead them both at the same time?
Homeland Security News Wire

Combatting antibiotic resistance

CDC has awarded more than $14 million to fund new approaches to combat antibiotic resistance, including research on how microorganisms naturally present in the human body (referred to as a person’s microbiome) can be used to predict and prevent infections caused by drug-resistant organisms.
Homeland Security News Wire

Companies Complacent About Data Breach Preparedness

Despite the growing likelihood that organizations will experience a security incident, most executives are not updating or practicing their data breach preparedness plans, according to a recently released study.
CIO

New Privacy Rules Mean Some Companies Will Sue the Government Next Year, Report Says

Security experts warn that the recent cyberattack that took down more than 1,200 websites is a sign of things to come, as individual hackers as well as state-sponsored adversaries have easy access to powerful attacks.
Wall Street Journal

U.S. Bank Regulator Notifies Congress of Major Data Security Breach

A U.S. bank regulator on Friday disclosed a data breach involving a former agency employee's unauthorized removal of more than 10,000 records.
Wall Street Journal

Healthcare Suffers Security Awareness Woes

Weak security practices are putting patient data at risk, new SecurityScorecard report shows.
Dark Reading

45% of Consumers Have Been a Victim of Cybercrime

Leading research company Opinium surveyed 3,457 consumers across the U.K., U.S., Germany, France, Italy, Denmark, Spain, Sweden, and the Netherlands to gauge perceptions, attitudes, and experiences regarding online fraud, security, and cybercrime.
Security Magazine

Many U.S. dams are obsolete, costly, aging, and unsafe

As is the case with much of America’s aging infrastructure, many of the country’s estimated two million dams are obsolete, costly, aging, and unsafe.
Homeland Security News Wire

Counting 11 million undocumented immigrants is easier than you think

News organizations widely report that there are 11 million unauthorized immigrants living in the United States.
Homeland Security News Wire

NICE framework provides resource for stronger cybersecurity workforce

NIST released a resource that will help U.S. employers more effectively identify, recruit, develop, and maintain cybersecurity talent.
Homeland Security News Wire

The risk of cyber 9/11 or cyber Pearl Harbor exaggerated: Expert

Addressing the implications of cybersecurity threats for the stability of international world order, an expert acknowledged that states will find it difficult to maintain cybersecurity in an increasingly porous and congested cyberspace, but said that cyber-experts exaggerate the threat to essential state infrastructures.
Homeland Security News Wire

Cybersecurity requires better collaboration between private, public sectors

A key difference between cybersecurity threats and other security threats is the mismatch between public and private capabilities and levels of authority in responding to these threats.
Homeland Security News Wire

The effects of conspiracy theories

As a global population we are awash with conspiracy theories.
Homeland Security News Wire

Wastewater disposal induced 2016 Magnitude 5.1 Oklahoma earthquake

Distant wastewater disposal wells likely induced the third largest earthquake in recent Oklahoma record, the 13 February 2016, magnitude 5.1 event roughly thirty-two kilometers northwest of Fairview, Oklahoma. at the time, the Fairview earthquake was the largest event in the central and eastern United States since a 2011 magnitude 5.7 struck Prague, Oklahoma.
Homeland Security News Wire

Is someone really trying to find out if they can destroy the Internet?

A prolonged Internet outage prevented access to major sites like Twitter, Netflix, Spotify, and the New York Times on Friday.
Homeland Security News Wire

U.S. DMCA Rules Updated to Give Security Experts Legal Backing to Research

The U.S. government has updated and published a new list of exemptions to the Digital Millennium Copyright Act.
ZDNet

NSA Appears to Have Missed 'Big Red Flags' in Suspect's Behavior

Charges against NSA contractor Harold Martin of stealing government documents and mishandling classified information over two decades are raising questions about the government's ability to police employees and contractors who hold clearances.
New York Times

Accenture Says One-Third of Corporate Cyber Attacks Succeed

About one-third of targeted attempts to breach corporations' cyber defenses succeed, but three-quarters of executives remain confident in their security strategies, according to Accenture's survey of 2,000 security officers.
Bloomberg Technology

Between 300,000 and 600,000 guns are stolen in U.S. every year – an average of 1,600 every day

Between 300,000 and 600,000 are stolen in the United States every year – for an average of more than 1,600 guns stolen every day, or more than one every minute.
Homeland Security News Wire

Seventy million more firearms added to U.S. gunstock over past twenty years

The estimated number of privately owned guns in America grew by more than seventy million — to approximately 265 million — between 1994 and 2015.
Homeland Security News Wire

Twitter goes down and believers in conspiracy theories pounce

witter service in Japan and parts of the United States was down earlier today (Monday), shortly after WikiLeaks claimed that its servers had been subjected to a cyberattack.
Homeland Security News Wire

China adopts cyber security law in face of overseas opposition

China adopted a controversial cyber security law on Monday to counter what Beijing says are growing threats such as hacking and terrorism, but the law triggered concerns among foreign business and rights groups.
Reuters

Business Security Confidence Contradicts High Success Rate Of Attacks

One in three cyberattacks results in a security breach, but most organizations are confident in their defense strategies, according to a new Accenture report.
Dark Reading

IRS Seeing 'Dramatically' Fewer ID Theft Victims

The number of people who reported being victims of identity theft in affidavits to the IRS has “fallen dramatically” this year, IRS Commissioner John Koskinen said Thursday.
The Hill

China’s New Cybersecurity Law Rattles Foreign Tech Firms

Foreign companies operating in China have been worried since China's government approved a broad new cybersecurity law aimed at tightening and centralizing state control over information flows and technology equipment.
Wall Street Journal

Does Quantum Computing Bring Security Promise?

Quantum computing and big data analytics offer great leverage against growing cyberthreats, according to U.S. National Nuclear Security Administration (NNSA) CIO Wayne Jones.
FCW

Do Smartphone Trade-Ins Threaten Corporate Security

According to a recent report by Blancco Technology Group, 32 percent of mobile users are willing to trade in their old phones to help pay for a new device, while another 23 percent would sell their old phones outright.
NetworkWorld

Why Light Bulbs May Be the Next Hacker Target

Researchers report in a new paper that they have uncovered a flaw in a wireless technology that is often included in smart home devices like lights, thermostats, and many of the components of the "smart home" of the future.
New York Times

7 Security Lessons The Video Game Industry Can Teach IoT Manufacturers

The Internet of Things has alarming holes in security. The industry should look to video games for some answers.
Dark Reading

US Should Help Private Sector 'Active Defense,' But Outlaw Hacking Back, Says Task Force

he US government should explicitly prohibit private entities from "hacking back," but empower them to use other methods of so-called active defense against threat actors, according to members of the Active Defense Task Force at the George Washington University's Center for Cyber and Homeland Security (CCHS) in a report today
Dark Reading

Poor election cybersecurity abounds

Could the presidential election be hacked? Given the latest embarrassing breach of even the supposedly most secure of enterprises, yet another insider theft within the National Security Agency (NSA), a better question is how can it be hacked, according to IT security experts queried by SCMagazine.com.
SC Magazine

Dark web, not so dark, study

Despite its reputation as a nefarious terminal for illicit activities, the dark web is mostly legal, says a new research report from Terbium Labs.
SC Magazine

Mac and Jeez! When will enterprise wake up to MacOS security threat?

A malvertising campaign has been discovered on Google AdWords, targeting Macs. Should businesses be getting up to speed with Mac threats?
SC Magazine

U.S. Violence Rates Flat Last Year

Violent crime levels did not rise last year in the United States, according to the National Crime Victimization Survey (NCVS), which is administered by the Justice Department.
Security Magazine

Cyber Threats - Strategic and Operational Risks

The cyber threats we experience today have become frequent, complex and challenging. As such, their impact on organizations have increased substantially.
Security Magazine

Microsoft Says Russian DNC Hackers Targeted Zero-Day Flaws

Microsoft says a zero-day flaw in Windows that was publicly revealed by Google - before a patch was ready - was being exploited by Russian hackers via spear-phishing attacks.
CareersInfo Security

Why Is Healthcare Sector So Vulnerable to Cyberattacks?

A lack of understanding among senior leaders about the seriousness of cyber threats and a shortage of experienced information security staff are two key factors that make the healthcare sector vulnerable to cyberattacks, says Dave Summitt, CISO of the H. Lee Moffitt Cancer Center and Research Institute in Tampa, Fla.
CareersInfo Security

Android spyware targets business executives

Overreliance on smartphones, both in out personal and professional lives, is a reality for many of us. These devices hold a lot of sensitive information – information that could be worth a lot to some people, especially if you are a high-positioned executive in a thriving business.
Help Net Security

Cisco transforms endpoint security with AMP for Endpoints

Cisco unveiled a new approach to endpoint security. AMP for Endpoints offers a path to more effective endpoint security.
Help Net Security

NICE framework: Resource for a strong cybersecurity workforce

The U.S. Commerce Department’s National Institute of Standards and Technology (NIST) released a resource that will help U.S. employers more effectively identify, recruit, develop and maintain cybersecurity talent.
Help Net Security

Small Business, Big Management Liability Risk

Management liability lawsuits pose a threat to companies both large and small.
Risk & Insurance

A variety of trends on the video horizon

According to industry experts, there are a wide variety of trends on the horizon for video surveillance from both a technology and business perspective.
Security Info Watch

DDoS attack Friday hits Twitter, Reddit, Spotify and others

The East Coast was under siege on Friday morning from a large-scale distributed denial of service (DDoS) attack that brought down more than a dozen prominent websites, including Twitter, Spotify, Netflix, GitHub, Amazon and Reddit. The initial attack was followed later in the day by at least two more waves of attack.
SC Magazine

Hacker 'drags and drops' 43.4 million Weebly user accounts in mega breach

Web hosting service Weebly has confirmed a major data breach, following a LeakedSource.com report stating that 43.4 million accounts were stolen from the company's main database in February 2016. This number would effectively comprise Weebly's entire 40 million-plus customer base.
SC Magazine

Zero days used in attacks on DNC, Podesta

More details are emerging about the culprits behind hacks of the Democratic National Committee (DNC) and campaign staffers working for Hillary Clinton.
SC Magazine

Cyber attacks targeting DoD contractor, OPM, and U.S. aircraft carrier linked to China

A Chinese cyber attack targeting a U.S. Defense Department contractor was linked to the OPM hack and a separate attack targeting government officials on a U.S. aircraft carrier was also attributed to China.
SC Magazine

Calls for creating centralized congressional focus on homeland security

In preparation for the organization of the 115th Congress, the co-chairs of the Blue Ribbon Study Panel on Biodefense last week delivered a letter to Congressman Pete Sessions (R-Texas), chair of the Committee on Rules, asking that special consideration be given to the jurisdiction of the House Committee on Homeland Security.
Homeland Security News Wire

Half of All American Adults are in a Police Face Recognition Database

Half of American adults – more than 117 million people – are in a law enforcement face recognition network, according to a report released today by the Center on Privacy & Technology at Georgetown Law.
Security Magazine

DoD' “Hack the Pentagon” follow-up initiative

The Defense Department has awarded a contract to HackerOne and Synack to create a new contract vehicle for DoD components and the services to launch their own ”bug bounty” challenges, similar to the “Hack the Pentagon” pilot program, with the ultimate objective to normalize the crowd-sourced approach to digital defenses, Pentagon officials announced today.
Homeland Security News Wire

Digi Security Systems Partners with Axis Communications to Widen Camera Selection

Digi Security Systems announces that it has partnered with Axis Communications to offer customers an even wider range of video security camera products suitable for customers across all industries and applications.
Security Today

9 Sources For Tracking New Vulnerabilities

Keeping up with the latest vulnerabilities -- especially in the context of the latest threats -- can be a real challenge. Real-time analysis and proactive response to these new threats is only possible using real-time feeds of the latest and greatest vulnerability data.
Dark Reading

T&T Faces Political Barrage

AT&T Inc.’s blockbuster $85.4 billion deal to buy Time Warner Inc. promises to reshape the media landscape—if the companies can navigate a series of obstacles, including possible opposition from U.S. antitrust authorities and objections by lawmakers and media and telecom rivals.
Wall Street Journal

Major US DNS provider hit with DDoS, part of the Internet becomes unreachable

US-based DNS provider Dyn has suffered a massive DDoS attack earlier today, and it resulted in many websites being completely or intermittently inaccessible for a few hours.
HelpNetSecurity

Hacking 3D manufacturing systems demonstrated by researchers

Researchers from three universities combined their expertise to demonstrate the first complete sabotage attack on a 3D additive manufacturing (AM) system, illustrating how a cyber attack and malicious manipulation of blueprints can fatally damage production of a device or machine.
HelpNetSecurity

Low GDPR preparedness represents revenue threat

The results of Symantec’s State of European Data Privacy Survey, which was conducted through interviews with 900 business and IT decision makers across the UK, France and Germany, shows 91 percent of respondents have concerns about their ability to become compliant.
HelpNetSecurity

Businesses urged to create a culture of cybersecurity

As the world becomes more connected, all organizations face growing risks for cybersecurity attacks: the number of breaches exposing more than 10 million identities went up 125 percent from 2014 to 2015, and 429 million identities were exposed in breaches in 2015.
Security InfoWatch

Bosch announces technology integration with Software House

Bosch Security Systems, Inc. announces seamless integration of its IP and high definition (HD) cameras and recording solutions with Tyco Security Products’ C•CURE 9000 security and event management platform from Software House.
Security InfoWatch

FDA says cooperation is essential on cybersecurity

If medical devices have cybersecurity problems, the U.S. Food and Drug Administration doesn't want to stand in the way of companies moving quickly to fix them.
Security InfoWatch

Terror in Texas: Homegrown plots now focus of anti-terror investigators

The young father stashed circuitry components, a soldering iron and wireless remotes in his west Houston apartment with plans to detonate homemade bombs in local shopping malls, according to court documents.
Security InfoWatch

Data Breach Digest: A collective effort is needed to truly protect breach victims

According to a consumer study conducted by the Ponemon Institute in 2014, nearly a third of respondents noted they discontinued their relationship with a company following a data breach due to the way the company responded to the breach.
Securitry InfoWatch

Connected car threats endanger corporate and municipal vehicle fleets; experts make policy recommendations

Security and privacy concerns surrounding connected car technologies impact not only consumer automobiles but entire fleets of corporate and municipal vehicles used for transportation, logistics, law enforcement and other business and government needs.
SC Magazine

Patch Tuesday: Microsoft patches five zero day vulnerabilities

Microsoft today issued 10 bulletins covering 45 vulnerabilities, including 5 zero days for this month's Patch Tuesday update, the first using the company's new update methodology.
SC Magazine

Backdoor threatens Diffie-Hillman encryption used in hundreds of millions of messages

It took two months, but employing as many as 3,000 CPUs, researchers have found a way to place backdoors in the cryptographic keys that protect websites, virtual private networks and internet servers, according to Ars Technica.
SC Magazine

Top five email phishing attack lures revealed and how to prevent them

Phishing remains one of the top threats seen by organisations today. Threat actors use various social engineering tricks to convince users that their requests for information or money transfers are legitimate.
SC Magazine

What to Do About Drones? Detect, Identify, Respond

Drones (UAVs) have been around for many years, but with the wide adoption that is beginning to occur new conflicts have arisen that are causing heightened awareness of the potential threat that this technology can pose to physical security and critical infrastructure.
Security Magazine

Ensuring the Safe Passage of Goods

American ports, terminals, ships, refineries and their support systems are vital components of our nation’s critical infrastructure, national security and economy.
Security Magazine

Campus Security Moves to the Fore at Colleges and Universities

College campuses historically have been shy about emphasizing their security policies and procedures, not wanting anxious parents or prospective students to think that a visible security force, camera equipment or other evidence of being watchful means their students are particularly vulnerable.
Security Magazine

Verizon's Yahoo Breach Question: What's 'Material'?

Verizon is reportedly awaiting the full results of a digital forensic investigation into the record-setting Yahoo data breach to ascertain whether it will revise its $4.8 billion bid to buy the search firm.
Data Breach Today

US Government Accuses Russia of Election Hacking

In an unprecedented move, the U.S. intelligence community has blamed the Russian government for attempting to interfere in U.S. elections by hacking and leaking documents.
Data Breach Today

More Congressional Scrutiny of FTC's LabMD Case

Two Republican U.S. Senate subcommittee chairmen are demanding answers from the Federal Trade Commission about the "due process afforded" LabMD in the agency's data security enforcement case against the now-shuttered cancer testing laboratory.
Data Breach Today

Dropbox's Layered Approach to Password Security

Dropbox has battened down its security hatches. There's good reason: The company was one of many this year that have faced nightmarish news that rumors of a password breach were, in fact, true. It's still unclear how Dropbox and companies including Yahoo, LinkedIn, MySpace and Twitter were hacked, or why the stolen data only circulated more widely several years after the intrusions.
Data Breach Today

Growing Hacker Breach Tally: What's to Blame?

Hacker attacks continue to account for the vast majority of health data breach victims this year, according to the latest federal tally.
Data Breach Today

“Security fatigue” may cause computer users to feel hopeless and act recklessly

NIST says that a new study from the National Institute of Standards and Technology (NIST) found that a majority of the typical computer users they interviewed experienced security fatigue that often leads users to risky computing behavior at work and in their personal lives.
Homeland Security News Wire

Egypt to use retinal scan system for Cairo airport security

Egypt will soon announce a tender for a new security system for Cairo Airport employees involving retinal scans, in an attempt to meet Russian conditions to resume flights to Egypt, Egyptian Aviation officials have said.
Security Today

Ransomware's busy week with new varieties and updates being debuted

With the massive Yahoo! data breach grabbing the cybersecurity headlines of late, it might be easy to forget criminals are still busy pushing ransomware with two new varieties being recently introduced and a one older type being revamped. Kaspersky Labs and Bleeping Computer officially unveiled Trojan-Ransom.Win32.Xpan and Princess Locker, respectively.
SC Magazine

Privacy orgs file brief against U.S., allies on bulk surveillance

A coalition of privacy organizations are suing the United States and several U.S. allies for cooperating with the National Security Agency's (NSA) bulk data collection program, which they say violates the European Convention on Human Rights.
SC Magazine

Is Microsoft exposing the supply chain by hardening the enterprise Edge?

Microsoft has announced it is to harden the Edge browser for enterprise users. The hardware-based sandboxing provided by Windows Defender Application Guard for Windows 10 Enterprise will serve to isolate Edge from malicious code.
SC Magazine

Ensuring the Safe Passage of Goods

Areas of security focus within the seaport environment include cybersecurity, physical security and other miscellaneous security risks.
Security Magazine

UK Launches Security and Defense Innovations Accelerator

Britain’s Ministry of Defence (MOD) launched an innovation initiative that will establish a new defense and security accelerator.
Security Magazine

Global Cybersecurity Market to See Significant Growth in APAC, Latin America

While the U.S. continues to dominate – with more than 80 percent share of the global market in 2015 – a recent report by Zion Market Research forecasts Asia Pacific and Latin American regions to experience considerable future growth in demand for cybersecurity solutions.
Security Magazine

Cybercriminals' Superior Business Savvy Keeps Them Ahead

Rick Holland of Digital Shadows visits the Dark Reading News Desk at Black Hat to explain how the attackers' superior business agility, faster change management, specialized job force, lower barriers to entry and bulletproof hosting keeps them ahead of the good guys.
DarkReading

Yahoo Hacked by Cybercrime Gang, Security Firm Reports

The record-breaking Yahoo breach wasn't perpetrated by nation-state attackers, as Yahoo has claimed, but rather by a group of "professional blackhats from Eastern Europe" who are also suspected of stealing and reselling customer data from LinkedIn, MySpace and Tumblr, according to a new report from the security firm InfoArmor
Data Breach Today

Fancy Bear's Sloppy Mac Malware

A new kind of malicious software for Apple Mac computers is believed to have been developed by the same Russia-linked hacking group that allegedly struck the Democratic National Committee and the World Anti-Doping Agency.
Data Breach Today

Why Cybercrime Is On the Rise; Update on Threat Info Sharing

The latest ISMG Security Report leads off with a discussion with DataBreachToday Executive Editor Mathew J. Schwartz on why online cybercrime is growing.
Data Breach Today

Victims of 2012 Colorado theater massacre ordered to pay $700,000

Four years after James Holmes set off tear gas grenades and shot multiple firearms into the premiere of "The Dark Knight Rises" at an Aurora, Colorado, theater, a group of survivors must pay the theater $700,000.
WSB-TV News

Security advisories issued for VMware

Multiple security issues" were patched for a number of VMware products, according to a company security advisory.
SC Magazine

20 Questions Security Leaders Need To Ask About Analytics

The game of 20 questions is a great way to separate vendors that meets your needs from those who will likely disappoint.
DarkReading

NIST Unveils a Cybersecurity Self-Assessment Tool

The National Institute of Standards and Technology has issued a draft of a cybersecurity self-assessment tool.
Security Magazine

Government Officials Optimistic About Benefits of Smart Cities

Government Officials Optimistic About Benefits of Smart Cities
Security Magazine

The Ransomware Dilemma: Is Paying Up a Good Idea?

The ongoing fight against ransomware attacks and the cyber criminals perpetuating this menace is more than a full-time job. In a cyber world without boundaries, ransomware has become a worldwide problem where no organization is immune to victimization.
Security Magazine

Tackling rumors during crises

The proliferation of rumors during a crisis can hinder efforts by emergency personnel trying to establish facts.
Homeland Security News Wire

Medical Device Security Disclosure Ignites an Ethics Firestorm

Security firm MedSec claimed on Aug. 25 that pacemakers and other health care products from St. Jude Medical contain flaws that leave them vulnerable to hacks. However, the firm is also cashing in on the disclosure by partnering with an investment firm that is betting against St. Jude Medical's stock.
Computerworld

U.S. Cyber Command Director: We Want 'Loud,' Offensive Cyber Tools

The U.S. Cyber Command is looking for tools distinctly different from the ultra-stealth exploits used by the intelligence community.
fedscoop

Active Shooters in the Workplace: Is the Hospitality Industry Ready?

Workplace shootings are occurring at an alarming rate, but many employers have yet to address these scenarios in their safety training programs
Lexology

Security Pros Lack Confidence in Ransomware Recovery

Only 34 percent of IT Pros are “very confident” they could recover from a ransomware infection without losing critical data.
Security Magazine

Allows for Quick, Enhanced and Adaptable Surveillance

This mobile surveillance system is purpose-built to assist public safety personnel in the coverage of urban events and incidents, especially those of a chaotic or changing nature, such as large sporting events or city-wide festivals.
Security Magazine

Healthcare Institutions Ramping Up Data Security Prescriptions

Hospitals and medical centers face a panoply of threats and challenges around data security, yet the healthcare field has not yet responded as quickly as others, according to chief information security officers (CISOs) and others close to such institutions.
Security Magazine

Developing Low-Profile Surveillance for High-Profile Security

In the continually moving environment of a casino, adding covert surveillance tools proves an unobtrusive way to get unobstructed images.
Security Magazine

2016 DDoS Attack Trends By The Numbers

As inevitable as death and taxes, distributed denial of service (DDoS) attacks against the enterprise continue as strong as ever.
Dark Reading

Dropbox commended for its handling of massive data breach involving 68M users

What started out last week as a warning by Dropbox to its users that some login data may have been compromised has exploded into a massive data breach with an estimated 68 million Dropbox user credentials being exposed on the web, but industry insiders say the company has handled the problem quite well.
SC Magazine

40 apps containing DressCode malware family found on Google Play

Forty applications in the Google Play store contain a new family of malware, dubbed DressCode.
SC Magazine

ShadowGate malvertising campaign casts giant shadow across multiple continents

An malvertising campaign with an unusually expansive reach was targeting potentially millions of users in the U.S., Europe, Asia Pacific and the Middle East, infecting victims with ransomware before researchers at Cisco's Talos division took steps to shut down the operation this past month.
SC Magazine

How victims of terror are remembered distorts perceptions of safety

From 2002 through 2015, eighty Americans were killed in terrorist attacks. The fifty-seven killed in 2016 almost equals the total of the previous thirteen years.
Homeland Security News Wire

A chip that checks for sabotage, flags defects

With the outsourcing of microchip design and fabrication a worldwide, $350 billion business, bad actors along the supply chain have many opportunities to install malicious circuitry in chips.
Homeland Security News Wire

8 Surprising Statistics About Insider Threats

Even though insider threat events are typically much more infrequent than external attacks, they usually pose a much higher severity of risk for organizations when they do happen
Dark Reading

Despite Billions Spent on Cybersecurity, Companies Aren't Truly Safe From Hacks

Private-sector companies spent more than $75 billion on security software last year, but analysts say the increased spending has not made private-sector systems much safer.
Computerworld

Ashley Madison Misled Users With a Fake Security Award

On Aug. 22, privacy officials in Canada and Australia found that the Ashley Madison website used deceptive and confusing practices to make customers believe the service was secure.
CIO

New Approach Needed to IT, Says NIST's Top Cyber Scientist

Ron Ross, the top cybersecurity scientist at the U.S. National Institute of Standards and Technology, on Tuesday told the U.S. Commission on Enhancing National Cybersecurity the coming cybersecurity crisis can only be addressed by building "more trustworthy secure components and systems.
fedscoop

Mobile Bank Heist: Hackers Target Your Phone

Cyberthieves are using malicious software programs to steal banking credentials from unsuspecting consumers when they log onto their bank accounts via their mobile phones, according to law-enforcement officials and cybersecurity specialists.
The Wall Street Journal

Groups Urge FCC to Create Cyber, Privacy Rules for Vehicle Communications

Several consumer groups have urged the FCC to grant a request to create cybersecurity and privacy rules for vehicle-to-vehicle communications because the messages will make vehicles vulnerable to cyberattacks.
Politico Pro

Report: 82 Percent of Hospitals Fear They Aren't Prepared for Mobile Cyberattacks

ighty-two percent of hospitals have expressed concern about their ability to protect mobile devices, patient data, and infrastructure from cyberattacks, according to a Spyglass Consulting Group survey released on Aug. 22.
TechRepublic

Occupying the Prairie: Tensions Rise as Tribes Move to Block a Pipeline

Energy Transfer Partners, the Texas-based company building the Dakota Access pipeline, calls the project a major step toward the United States’ weaning itself off foreign oil.
New York Times

Corporate Directors Focusing on Cybersecurity

Corporate boards are getting more involved in the cybersafeguards at their companies as data breaches continue to grab headlines. Boards sometimes view cyberthreats as an information technology department problem, and may feel that they are not knowledgeable enough to oversee cybersecurity efforts.
San Diego Union Tribune

Security Training at Most Companies Is Woefully Lacking

Seventy-eight percent of small and mid-size businesses conduct security training only once a year, or less, even though human error and lack of internal security awareness are the biggest sources of data breaches and risk to organizations, according to Shred-It's 2016 Security Tracker survey.
info security

Despite Billions Spent on Cybersecurity, Companies Aren't Truly Safe From Hacks

China on Tuesday launched the first-ever quantum-communications satellite into orbit, the end product of a five-year project that could position China at the forefront of a key area of hard-science research and expand the range of unbreakable communication.
The Wall Street Journal

Despite Billions Spent on Cybersecurity, Companies Aren't Truly Safe From Hacks

Last year, private sector companies globally spent more than $75 billion on security software to safeguard their systems and data, a figure that is expected to grow about 7 percent annually, according to Gartner and other analyst firms.
Computerworld

So your company’s been hacked: How to handle the aftermath

After a company has been hacked and the hack has been discovered to be a harmful one, top executives and IT leaders normally huddle in a room to assess the loss. It's usually not a pretty scene.
Computerworld

Proposed ‘social media ID, please' law draws outrage

A plan by the U.S. government to require some foreign travelers to provide their social media IDs on key travel documents is drawing outrage.
Computerworld

Mass shootings driven by "media contagion": Study

The prevalence of mass shootings has risen in relation to the mass media coverage of them and the proliferation of social media sites that tend to glorify the shooters and downplay the victims, a new study finds.
Homeland Security News Wire

In dirty bomb prevention, Texas fails a crucial test

The clandestine group's goal was clear: Obtain the building blocks of a radioactive "dirty bomb" — capable of poisoning a major city for a year or more — by openly purchasing the raw ingredients from authorized sellers inside the United States.
Homeland Security News Wire

If two countries waged cyber war on each another, here’s what to expect

Imagine you woke up to discover a massive cyberattack on your country. All government data has been destroyed, taking out healthcare records, birth certificates, social care records and so much more.
Homeland Security News Wire

Ransomware locks experts in debate over ethics of paying

In yet another sign that business is booming in the underworld of ransomware, Trend Micro has reported that the number of new ransomware families it observed in the first half of 2016 has already surpassed the total number observed in 2015 by 172 percent.
SC Magazine

Latest Locky version on the loose

A new version of Locky ransomware has been spotted now sporting an improved delivery mechanism, better obfuscation which combined make it more difficult for anti-malware scanners to spot.
SC Magazine

Data Security—What You Don’t Know Can Hurt You

In today’s ever expanding IT ecosystem, how do you know whether your data is really secure? It’s a critical question.
Data Breach Security

POS Malware Hits Two Hotel Chains

Two hotel chains are warning that they've suffered point-of-sale malware infections that compromised customers' payment card data. Both say they were alerted to related card fraud by the U.S. Secret Service and that they're now assisting law enforcement agencies' investigations.
Data Breach Today

Healthcare Hacker Attack Victim Tally Soaring

Hacker attacks recently added to the Department of Health and Human Services' Office for Civil Rights "wall of shame" tally of major health data breaches affected a total of more than 8 million victims.
Data Breach Today

Bill Zalud, Security Magazine Editor Emeritus, Passes

It is with deep regret we announce that Bill Zalud, Editor Emeritus of Security magazine, passed away Monday, August 8, 2016. The entire Security magazine family greatly mourns his loss.
Security Magazine

Study Reveals Majority of Visual Hacking Attempts are Successful

Organizations around the world are at risk of sharing highly sensitive information through visual hacking in business office environments.
Security Magazine

Survey Says EMV Pushing Aside Other Payment Initiatives

Reducing credit and debit card fraud by implementing EMV chip card acceptance has become retailers’ top payment issue in 2016, but retailers are also busy with new data security enhancements such as point-to-point encryption and tokenization to better protect payment card data.
Secuity Magazine

"Media Contagion" is Factor in Mass Shootings

People who commit mass shootings in America tend to share three traits: rampant depression, social isolation and pathological narcissism, according to a paper presented at the American Psychological Association’s annual convention that calls on the media to deny such shooters the fame they seek.
Security Magazine

Paxton Net2 Access Control Integrates with Intreba’s Visitor Management System, Arke

Paxton has announced the integration of its networked access control system, Net2, with Intreba’s visitor management solution, Arke. The integration provides a personalized and user-friendly service to fulfill differing visitor requirements at various sites.
Security Today

Employee awareness training: Key component of IT security initiatives

IT projects are most effective when they take into account people, processes, and technology.
Help Net Security

Physical Security: Are We Protecting People or Trapping Them?

Although access control solutions can save lives, when inappropriately deployed, they could prevent or delay evacuation, placing more people in harm’s way.
Campus Safety Magazine

Atl. Police Request Access to Private Surveillance Cameras

The Brookhaven Police Department in Georgia is asking residents and businesses to provide the department with access to footage captured on their video surveillance cameras.
Campus Safety Magazine

Low-Cost Ways to Improve Your Campus Security

Here's six ways to bolster your campus' security measures at little to no cost.
Campus Safety Magazine

New Locky using WSF spotted in Brazilian underground

A new variant of Locky ransomware using Windows Scripting Files (WSF) as a downloader, Trend Micro researchers observed.
SC Magazine

Iran investigating possible cyber angle on oil fires

Iran's Supreme National Cyberspace Council is investigating whether a recent string of oil and petrochemical fires were caused by a cyberattack.
SC Magazine

New Scylex financial crimeware strives to be the next Zeus

If Zeus was the king of banking trojans, then newcomer Scylex is looking to claim Zeus' old perch atop the Mt. Olympus of financial malware.
SC Magazine

Cisco patches vulnerability in its IOS XR Software

Cisco has released an update to patch a vulnerability in its IOS XR Software for Cisco ASR 9001 Aggregation Services Routers that could lead to a denial of service condition.
SC Magazine

Brazil Fires Security Firm for Olympics

With less than a week to go before the 2016 Rio Olympics begin, the Brazil Ministry of Justice terminated its contract with private security firm Artel, citing “incompetence and irresponsibility.”
Security Magazine

Risk Management Solution Helps Address Cyber and Business GRC Needs

This solution is designed to allow organizations to address their specific governance, risk and compliance (GRC) needs and challenges, regardless of size or GRC maturity level.
Security Magazine

Embezzlement Report: Why Good Employees Go Bad

Embezzlement is not just a problem for large enterprises – businesses with fewer than 150 employees were 10 times more likely to be victimized by fraud than those with 250-500 employees, according to the 2016 Hiscox Embezzlement Study.
Security Magazine

White Houses Releases Federal Cyber Response Guidelines

Amid the federal investigation into the massive email leak from the Democratic National Convention, the White House issued guidance for the first time on how government agencies should respond to large-scale cyber incidents.
Homeland Security Today

Streamlined Security Software Could Mean More Hacks

The mass adoption of data encryption software, such as Secure Sockets Layer (SSL)-based programs, has left companies more vulnerable to data breaches as hackers learn to compromise larger systems.
Homeland Security Today

How To Stay Safe On The Black Hat Network: ‘Don’t Connect To It’

Black Hat attendees may have changed their titles and now carry business cards but hackers gotta hack and there's no better place to do it than Black Hat.
DarkReading

Crypto Malware: Responding To Machine-Timescale Breaches

The game has changed again with hackers' ability to steal your data at record speeds and cripple your organization before the first alert.
DarkReading

Data: The New Player

The insurance industry is on the brink of transformation. The unprecedented amount of capital present (including alternative capital) and the rash of consolidations in brokerage firms and insurance enterprises (U.S. companies, international companies, Lloyd’s syndicates) are among the reasons.
Risk & Insurance

QRLJacking: A new attack vector for hijacking online accounts

We all know that scanning random QR codes is a risky proposition, but a newly detailed social engineering attack vector dubbed QRLJacking adds another risk layer to their use.
Help Net Security

Interpol arrests Nigerian scam mastermind who stole $60 million

The head of an international criminal network behind thousands of online frauds has been arrested in a joint operation by INTERPOL and the Nigerian Economic and Financial Crime Commission (EFCC).
Help Net Security

The growing threat of ransomware: Lucrative, low-risk and easy to use

Recent headlines are testament to the growing popularity of ransomware attacks on businesses and consumers alike.
Help Net Security

U.S. proposals could allow foreign warrants to US firms

The White House is discussing proposals with U.S. allies that could allow foreign governments to serve search warrants requesting email and wiretap information to US companies.
Security Magazine

Jailbird: Cardinals exec who hacked Astros sentenced to 46 months in the grand slammer

The former St. Louis Cardinals baseball executive who illegally hacked into the Houston Astros' computer systems in order to gather intelligence and obtain an unfair advantage was sentenced in Houston yesterday to 46 months in federal prison.
Security Magazine

Jailbird: Cardinals exec who hacked Astros sentenced to 46 months in the grand slammer

The former St. Louis Cardinals baseball executive who illegally hacked into the Houston Astros' computer systems in order to gather intelligence and obtain an unfair advantage was sentenced in Houston yesterday to 46 months in federal prison.
Security Magazine

TSA Employees Increasingly Cited For Misconduct

Nearly half of the entire Transportation Security Administration (TSA) workforce—a total of 26, 878 employees—were allegedly involved in misconduct between fiscal years (FY) 2013 and 2015, putting the security of the flying public at risk, according to a recent report by the Majority Staff of the House Committee on Homeland Security.
Homeland Security Today

Houses Passes Four Critical Homeland Security Bills

The House of Representatives on Monday passed four homeland security bills to protect the United States against the wide array of ever-evolving threats facing the homeland today.
Homeland Security Today

Top Cyber Expert on Rethinking Approach to IT Security

ISMG Vice President and Editorial Director Tom Field and Arbor Network's Sam Curry - who spoke at the just-concluded ISMG Fraud and Breach Prevention Summit in Boston - discuss how organizations are rethinking their approach to evolving cyberthreats
Data Breach Today

Fed's Fast Payment Effort Won't Change After SWIFT Heists

The Federal Reserve's strategy for oversight of the U.S. migration toward faster payments won't change in the wake of the heists that exploited international SWIFT payments, says Marianne Crowe of the Fed in Boston.
Data Breach Today

Will Faster Payments Mean Faster Fraud?

Will the advent of faster payments in the U.S. open new doors for fraud? That's been a question on the minds of many fraud and security experts in the wake of recent attacks that compromised global transactions processed through the interbank messaging platform known as SWIFT.
Data Breach Today

Putting Your Organizational Values Where Your Risks Are

Even when we work for an organization that has a highly functional ERM process, and senior leaders are actively engaged in the identification, management and mitigation of risks, can and/or should compliance and risk officers be leaders in helping them set their priorities?
Risk & Insurance

Understanding advanced evasion techniques

There are a lot of insidious players on the loose, burrowing their way into corporate networks. Some bang on the front door and demand a ransom for the data they kidnap.
SC Magazine

White paper: 100 new ransomware families ID'd in 2015, as campaigns adopt APT tactics

If the threat that ransomware poses to your corporate systems hasn't already been keeping you awake, the researchers at Symantec have added some more nightmare-fuel in the form of a new white paper.
SC Magazine

Ransomware Victims Rarely Pay The Full Ransom Price

Victims of ransomware scams almost never need to pay full sticker price to get their encrypted data back.
Dark Reading

TSA Misconduct is Threatening Security of Flying Public

TSA Misconduct is Threatening Security of Flying Public
Security Magazine

Amnesty International Unveils Security App for Rio Olympics

Amnesty International has launched a new smartphone application to help document firearm use in Rio de Janeiro for the 2016 Olympic games.
http://www.securitymagazine.com/articles/87252-amnesty-international-unveils-security-app-for-rio-olympics

TSA, American Airlines Testing Airport Security Technology

The TSA and American Airlines, through a joint initiative, will install new screening technology, including automated security screening lanes and CT scanners, at select American Airlines hubs nationwide this fall.
Security Magazine

The New Wolves of Wall Street

A new class of cyber criminals is targeting companies’ private information.
Risk & Insurance

Doubts Buzz Around Rio Olympics

The threat of Zika continues to prompt calls for the cancellation of the 2016 Olympic Games.
Risk & Insurance

New Tools to Bolster Reputation Risk Management

The American Law Institute (ALI) is formalizing governance law principles that will include legal strategies to signal stakeholders and enhance institutional reputations for governance, risk management and compliance.
Risk & Insurance

Wendy's Hackers Took a Bite Out of 1,000+ Restaurants

Fast-food chain Wendy's says a cyberattack that stole payment card details affected 1,025 U.S. restaurants owned by franchisees, a far higher figure than first estimated.
Data Breach Today

Rethinking Endpoint Security

Datacenter administrators have something in common with attackers - privilege. Isolating security from the data being secured is the Goldilocks zone of security - isolation and context, together.
Data Breach Today

Ashley Madison Seeks Security Reboot

The company behind infidelity-focused online dating website Ashley Madison - tagline: "Life is short, have an affair" - has revealed that it's facing an investigation by the U.S. Federal Trade Commission, nearly one year after hackers dumped personal information on millions of its members
Data Breach Today

Study: Most Companies Can't Protect Confidential Documents

A majority of companies are unable to prevent employees from sharing confidential documents, according to a Fasoo study.
CSO Online

Is Your Hospital's Communications System Ready for the Next Big Emergency?

Updated emergency communications systems designed to meet hospitals’ unique needs are crucial to maintain real-time communication during emergency situations.
Campus Safety Magazine

Cyber Bank Heists No Surprise as Online Security Lags Behind: Expert

The internet is not equipped to provide the necessary security to counter cybercrime, according to internet security expert Sir David Omand in response to the Bangladesh bank heist.
CNBC

U.S. Cyber Command Struggles to Retain Top Cybersecurity Talent

Despite renewed efforts to attract new cybersecurity talent, U.S. Cyber Command is grappling with stiff competition from private firms in recruiting and retaining a skilled workforce.
CIO

Orlando Shooting Plays Into FBI’s Homegrown-Terror Worries

FBI Director James Comey disclosed new details Monday concerning the background of Omar Mateen, the gunman authorities say killed 49 people at Pulse nightclub in Orlando.
Wall Street Journal

Boards Ready to Fire Over Bad Security Reporting

Chief information security officers could lose their jobs if boards think their CISOs are poorly communicating security concerns, according to 59 percent of board members surveyed by Bay Dynamics.
CSO Online

A Computer Security Start-Up Turns the Tables on Hackers

Area 1 Security, a startup founded by former NSA analyst Oren Falkowitz, is trying to tap into private servers to monitor the activities of hackers.
New York Times

Cybercrime Market Sells Servers for as Little as $6 to Launch Attacks

An underground online forum known as xDedic is selling access to more than 70,000 compromised servers, enabling buyers to carry out widespread cyberattacks around the world, according to Kaspersky Lab researchers.
Reuters

FICO To Launch Corporate Security Score

FICO, the company known for consumer credit rating services, will launch a new product that rates the security of corporations.
Pymnts.com

77 Percent of Organizations Unprepared for Cybersecurity Incidents

There has been little improvement in cybersecurity preparedness in the last three years, according to research from NTT Com Security's 2016 Global Threat Intelligence Report.
SC Magazine

Aviation Security Needs to Be Stepped Up, Echo Industry Executives

Emirates Airline President Tim Clark said on June 2 that the recent attacks on commercial aviation prove that the security structures currently in place to protect passengers are insufficient.
Wall Street Journal

Orlando Colleges Increasing Security on Campus Following Terror Attack

While there are no specific or credible threats to any of the campuses in the Orlando area, campus safety officials felt it necessary to beef up police presence on campuses and assure students that support services are available.
Security Today

Common Password is Revealed in Massive Twitter Heist

In a massive recent theft of Twitter usernames and passwords involving nearly 33 million customers, “123456” was by far the most commonly used password, according to security company LeakedSource.
Security Today

Symantec to Buy Blue Coat for $4.65 Billion

For its next move since jettisoning storage firm Veritas and becoming a pure-play security vendor, Symantec will now buy network and cloud security firm Blue Coat from private-equity owners Bain Capital, obtaining a replacement CEO in the process.
Data Breach Today

Zbot: Cybercrime's New Super Infrastructure?

Researchers have watched a botnet composed mostly of compromised computers in the Ukraine and Russia become a growing hive of criminal fraud activity, playing a role in everything from ransomware and click fraud to spam bots and supporting stolen payment card marketplaces.
Data Breach Today

Morgan Stanley's SEC Penalty Called Inadequate

The $1 million penalty that the Securities and Exchange Commission imposed on Morgan Stanley for its failure to prevent a now former employee from compromising some 730,000 client accounts is too low to send a strong message to financial services firms about the need for stronger cybersecurity and internal fraud controls, security experts say.
Data Breach Today

Retailers: Don't Require Us to Meet Bank Security Standards

The Retail Industry Leaders Association is battling against passage of a national data security and breach notification bill known as the Data Security Act of 2015, or H.R. 2205, arguing it would unreasonably require retailers to meet some of the same security standards as banks, says Austen Jensen, the group's vice president of government affairs.
Data Breach Today

Audio Report: Updates on Infosec Europe, NIST Framework

In this edition of the ISMG Security Report, DataBreachToday Executive Editor Mathew Schwartz reports from the floor of the Infosecurity Europe conference in London on the top concerns of security practitioners, including ransomware.
Data Breach Today

Wendy’s Credit Card Breach Worse Than Earlier Thought

The credit card breach at Wendy’s is likely to be way beyond the officially reported figure of “fewer than 300,” says KrebsOnSecurity, citing fraud and banking community sources.
Dark Reading

NIST to refine Cybersecurity Framework after comments from stakeholders

The National Institute of Standards and Technology (NIST) is developing a minor update of its Cybersecurity Framework based on feedback from its users. In the just-released Cybersecurity Framework Feedback: What We Heard and Next Steps, NIST is announcing that a draft of the update will be published for comment in early 2017.
Homeland Security News Wire

Testing NYC subway biodefenses

Researchers took to the New York City subway system 9-13 May to study how a surrogate for a biological agent, such as anthrax, might disperse throughout the nation’s largest rapid transit system as a result of a terrorist attack or an accidental release.
Homeland Security News Wire

27 Percent of Cloud Apps Present Significant Risks to the Enterprise

Twenty-seven percent of third-party cloud apps are classified as high risk, says a new report.
Security Magazine

Ports Need to Rethink Criminal Activity

Port computer systems are vulnerable to criminal organizations looking to steal, smuggle or commit espionage.
Risk & Insurance

Let’s Encrypt CA inadvertently leaks users’ email addresses

Let’s Encrypt, the non-profit Certificate Authority (CA) that helps website administrators switch from HTTP to HTTPS quickly and effortlessly, has accidentally leaked 7,618 email addresses of its users.
Help Net Security

IAHSS Study Reveals Dramatic Drop in U.S. Hospital Violent Crime Rate

Violent crimes within hospitals dropped by 68 percent in 2015, according to a report by the International Association for Healthcare Security and Safety Foundation.
Campus Safety Magazine

J.P. Morgan’s CIO on the Bank’s Security Game Plan

In a recent interview with the Wall Street Journal, J.P. Morgan CIO Dana Deasy discussed the bank's security plan to ensure that its $9.4 billion technology budget remains safe.
Wall Street Journal Online

Enterprises Rely on 'Blind Trust' When It Comes to Cloud Security, Survey Finds

Close to half of security personnel “simply trust” their cloud providers' security tools without further verification, according to a survey of 100 IT decision makers and security experts by Enterprise Management Associates (EMA).
Fierce IT Security

Ransomwhat? 43 Percent Don't Know What Ransomware Is

A study by Kaspersky Lab found that 43 percent of consumers in the United States and Canada do not know what ransomware is.
BetaNews

North Korea Linked to Digital Attacks on Global Banks

Security researchers believe the recent increase in digital breaches on Asian banks is tied to North Korea. If confirmed, it would be the first known cause of a nation using digital tactics for financial gain.
New York Times

5 Strategies to Prevent Fraud, Waste, and Abuse

Billions of taxpayer dollars are lost due to waste, fraud, and abuse, according to the Deloitte Public Sector Research report, which offers preventative and corrective strategies for the problem.
Government Technology

Beware The Risk of Ransomware

Ransomware has been a growing problem in 2016, with more than 800 reports as of April, according to the Internet Crime Complaint Center (IC3).
Federal Times

Report Shows Murders Are Up in Many U.S. Cities

There was a nine percent increase in homicides across dozens of U.S. cities over the first three months of 2016, compared with the same period last year, according to a new report from the Major Cities Chiefs Association.
Security Magazine

SEC Says Cyber Security Biggest Risk to Financial System

Cyber security is the biggest risk facing the financial system, SEC Chair Mary Jo White said on Tuesday.
Reuters

RIC Officials Wary of Government Analysis of Risks Posed by Airport Employees

In the wake of various criminal activities in airports, such as gun smuggling, drug smuggling, and terrorism, the government is conducting a "vulnerability assessment" of U.S. airports, to be completed by the end of April.
Richmond Times

Cybercriminal Business Model Vulnerable to Intervention

Cybercrime may be more common than ever, but its business model is vulnerable on many fronts, according to a new Hewlett Packard Enterprise report.
CSO Online

House to Vote to Expand Cyber Workers, Small Business Help

House lawmakers this week will vote on helping recruit and train more cyber workers and defend small businesses against cyberattacks.
Politico Pro

Companies Get Creative to Relieve Shortage of Security Professionals

While many companies are offering larger salaries and better benefits, others are trying fractional IT security positions and more intelligent systems as a remedy to the shortage of security professionals.
eWeek

Terror Stalks Commuters as Foiled Plots Show Transit Is Target

A Bloomberg News review of a terrorism database shows that public transit has become the main target for bombings, shootings, and other attacks in the West.
Bloomberg

When Employees Market Passwords for Profit: Four Business Security Challenges and Strategies to Combat Them

Employees are developing a new, alternative income market, and it poses a direct security threat to employers.
National Law Review

Execs: We’re not responsible for cybersecurity

More than 90 percent of corporate executives said they cannot read a cybersecurity report and are not prepared to handle a major attack, according to a new survey.
CNBC

Intel tech chief: 'Ransomware' attackers setting sights on these

Cybercriminals using "ransomware" are shifting their sights from individual targets to bigger ones, Intel Security Group's Steve Grobman said Monday.
CNBC

Total tech anonymity not good for society: Isaacson

Major forms of communication should not be beyond the reach of the law, Walter Isaacson said one day after the Justice Department said it had broken into an iPhone used by one of the San Bernardino shooters.
CNBC

Americans support Apple over Feds in privacy debate: Survey

Apple is gaining ground in winning the hearts and minds of the American public in the battle with the federal government over encryption.
CNBC

A new report from the National Center for Education Statistics (NCES) found crime in U.S. schools and college campuses has declined over the past two decades, but also revealed certain disturbing trends.
Security Magazine

Enterprises at Risk from Accidental Insider Threats

A recent survey from Kaspersky Lab found that 29 percent of all businesses had reported accidental disclosures by insiders as their biggest source of data loss
Security Magazine

Into the Deluge: The Evolution of Cyberthreats to Law Firms

Cyber attacks in the legal industry are starting to look less like case-specific spectacles perpetrated by nation-states and activist cabals, and more like a daily assault by burglars and common criminals.
Legaltech News

Breaches: Why Are U.S. Banks, Retailers Frequent Targets?

The U.S. financial services and retail sectors had more data breaches in 2015 than any other business sectors worldwide, according to Verizon's 2016 Data Breach Investigations report.
Bank Info Security

Verizon DBIR: Over Half Of Data Breaches Exploited Legitimate Passwords In 2015

Financial sector suffered the most breaches last year, followed by the accommodation/hotel sector.
Dark Reading

Malware Disrupts Business Operations at Michigan Public Utility

A ransomware attack continues to impact the administrative services of the public utility serving Lansing, Mich. The Lansing Board of Water & Light (BWL), which shut down its administrative computers to prevent the spread of the malware, is still cleaning up its administrative systems and working to restore corporate email and other systems.
eWeek

Third Party Risk on the Rise; Risk Mitigation is Low Priority

A new survey from the Ponemon Institute has found that third party risks are increasing in organizations across the country.
Security Magazine

The Two Biggest Security Threats to Corporate Laptop Users

The two biggest security threats facing company networks could be laptops and the software that runs on them.
WindowsITPro

Persistent Tracking of Endpoint Devices Takes on Insider Threats

Absolute, a security and data risk management solution provider, has developed Endpoint Data Discovery (EDD), a system that enables organizations to locate and protect specific sensitive data on endpoint devices even when they are outside the enterprise network.
GCN Magazine

U.S. Cyberwar Against ISIS Could Use Methods and Tactics Criminals Use Against Enterprises

A cyberwar with the Islamic State could involve tools and tactics that corporate security professions must fight every day.
CIO

Insider Threats: A Bigger Risk Than You Think

The term "insider threats" often refers to individuals who use their knowledge of or access to an organization and its systems to perpetrate fraud, sabotage, theft, or a violent act.
Wall Street Journal

Making Security the Business of Everyone in the Company

How can companies balance the requirements of convenience and security? By making security everyone's business.
ZDNet

Researchers Nab Millions of Stolen Credentials for Gmail, Hotmail, Yahoo, Banking

A hacker handed over millions of stolen credentials for Google, Microsoft and Yahoo email accounts, as well as thousands for banking, manufacturing and retail, in exchange for researchers liking and voting up his social media page.
Computerworld

University of Texas Security Study to Be Completed by Late Summer

A comprehensive evaluation of safety and security protocols has been ordered at the University of Texas' flagship campus after the first murder in 50 years took place, President Gregory Fenves has announced.
Security InfoWatch

Threat Hunting' on the Rise

Rather than waiting for the inevitable data breach to happen, many organizations say they have begun more actively seeking bad actors and malicious activity on their networks.
DarkReading

Feds' Trust in Agency Cybersecurity Erodes

Only 8 percent of federal employees feel very confident in their agency's ability to protect information systems from cyberattacks, according to a new survey from Dell Security and the Government Business Council
GCN Magazine

Cyberattackers Find Coveted Openings in Easy-to-Fix Network Vulnerabilities

Preventing cyberattacks is a difficult task for many companies, according to the Vistage CEO confidence index. It found that in the first quarter of 2016, 41 percent of small and mid-sized businesses said they were not prepared for a cyberattack.
Legaltech News

U.S. Cyberattacks Target ISIS in a New Line of Combat

The U.S. is for the first time directing the military's Cyber Command to mount computer-network attacks, now being used alongside more traditional weapons, in a new line of combat again the Islamic State.
New York Times

Drone Manufacturers Work to Combat Growing Terror Threat

Recently, a drone collided with a British Airways flight landing at London's Heathrow Airport.
Fox News

Compromised Credentials Still to Blame for Many Data Breaches

Compromised credentials are the cause of almost 25 percent of all data breaches, while account hijacking and malicious insiders also rate as top threats, according to the Cloud Security Alliance (CSA).
Help New Security

Jury Awards EHR Vendor $940 Million in Trade Secrets Case

Epic Systems Alleged Consultancy Inappropriately Downloaded Documents
Healthcare Info Security

IT Professionals Underestimate Impact of Business Partner Security

In a new study, 81 percent of IT professionals reported being confident in their ability to protect sensitive customer data.
Security Magazine

Chief Risk Officers Needed to Battle Rising Corporate Espionage

A growing number of organizations are adding a new member to the C-suite—the chief risk officer (CRO)—and the rise of these executives is having a direct impact on the security programs at enterprises.
CSO Online

After Brussels Attacks, Airports Look to Israel for Tips on Security

Security agencies around the world are taking cues from Israel regarding airport security strategies.
USA Today

Imagining The Ransomware Of The Future

Cisco Talos Labs researchers recently released a report describing ransomware that can encrypt and lock 800 servers, 3,200 workstations, and the vast majority of an organization's data in one hour.
DarkReading

Compliance Executives Nervous as Regulatory Climate Shifts

DOJ and SEC statements driving CCO concerns over changes in compliance regulations and scrutiny
Security Magazine

Nike Shoes Among Most Counterfeited Goods in the World

The market for fake goods is on the rise, with international trade in counterfeited or pirated products valued almost a half a trillion dollars.
Security Magazine

The 50 most violent cities in the world

Latin America holds the undesirable distinction of having the most cities on the Mexico Citizens Council for Public Security's annual ranking of the world's most violent cities.
Business Insider

Former FPL Manager Accused of Trading Nuclear Secrets in Chinese Spy Case

Federal court records reveal that a former manager with Florida Power & Light (FPL) traded nuclear information for cash to help one of China's nuclear power companies.
Miami Herald

Only a Third of Companies Know How Many Vendors Access Their Systems

The average company's network is accessed by 89 different vendors per week, according to a recent report by Bomgar.
CSO Online

Why One Cybersecurity Firm Says China Has Soured on Conventional Hacking

In September 2015, U.S. President Barack Obama and Chinese President Xi Jinping announced that had reached a deal to end state-supported hacking of corporate records for economic benefit.
The Wall Street Journal

9 Years Prison, $1.7 Million Fine For Malicious Insider

A former IT engineer for a Dallas law firm was sentenced to 115 months in prison and ordered to pay $1.697 million in restitution for a destructive computer attack he committed against his former employer in 2011.
DarkReading

Manufacturers Suffer Increase In Cyberattacks

The manufacturing sector is now one of the most frequently hacked industries, second only to healthcare, a new report says.
DarkReading

FBI Warns Of Business Email Fraud Spike

FBI warns US companies about rising email scams that have cost businesses up to $2.3 billion since 2013
DarkReading

Captives See Growth for Terrorism Risk

Captives can cover risks excluded from conventional terrorism policies and cover the potential gap under the Terrorism Risk Insurance Act.
Risk&Insurance

Shootings overtake bombings

Mass shootings in public places have overtaken bombings as the major terrorism threat, with IS-linked attacks striking within Western countries, according to Aon.
Reactions

Toyota, Other Major Japanese Firms Hit by Quake Damage, Supply Disruptions

This is the second time this year Toyota has been affected by a global supply chain disruption.
Fortune

Event Security Tips and Tactics For Public Safety Officers

Making a security plan for events, practicing it and changing it according to new technology is the only way to ensure execution.
Campus Safety Magazine

Senate Passes Bill to Boost Travel Security After Brussels

The Senate on Tuesday overwhelmingly approved legislation that would boost domestic travel security in the wake of the Brussels attacks and authorize the programs of the Federal Aviation Administration through September 2017.
Reuters

Government Reveals Details About Energy Grid Hacks

Hackers have stolen sensitive information from American energy companies -- and have planted malware in the energy grid with the intent to turn off the lights in the future.
CNN Money

Drug Fraud Scheme Includes Criminal HIPAA Violations

A former pharmaceutical district manager faces sentencing in July after pleading guilty to criminal HIPAA violations for his part in a complex fraud scheme involving drug maker Warner Chilcott.
Bank Info Security

6,013 Breaches Reported in the U.S. Since 2005

The Identity Theft Resource Center (ITRC) has seen a 397 percent increase in data exposure incidents across financial services, business, education, government, and healthcare sectors since it began monitoring and tallying U.S. security breaches in 2005.
Help Net Security

Pentagon Doesn't Have its Ducks in a Row When it Comes to Protecting US Infrastructure, Says GAO

Pentagon doesn't have its ducks in a row when it comes to protecting US infrastructure, says GAO
Fierce GovernmentIT

New Yorker sentenced to 16 years for trying to buy ricin

t was a scary scenario: Chinese national Cheng Le, living in New York City, attempted to order ricin through the so-called dark Web.
Homeland Security News Wire

Smartphone App Lets Anyone Report ‘Suspicious People’ In ‘Transitional’ St. Louis Neighborhood

A wealthy New Orleans real estate developer has created “Uber for cops,” an app that allows anyone with a smartphone to report nonviolent criminals, drug dealers, homeless people and others they feel may be “suspicious.”
ThinkProgress

The past, present, and future of ransomware

The rise of ransomware over the past year is an ever growing problem.
Homeland Security News Wire

Unusual Ploy in Anthem Breach Case Fails

A recent federal court ruling against a bold motion by health plan Anthem Inc., which is fighting a consolidated class-action lawsuit in the wake of its massive data breach, spotlights some of the very complex questions that are at the center of many data breach cases.
Healthcare Info Security

Fracking linked to most induced earthquakes in western Canada

A survey of a major oil and natural gas-producing region in Western Canada suggests a link between hydraulic fracturing or “fracking” and induced earthquakes in the region.
Homeland Security News Wire

Fracking-related quakes make central U.S. as vulnerable as California to tremor damage

For the first time, new USGS maps identify potential ground-shaking hazards from both human-induced and natural earthquakes.
Homeland Security News Wire

Ransomware: Is It Ever OK to Pay?

Many security experts urge organizations to prepare defenses against ransomware infections, as well as backup recovery strategies, so they don't have to answer that question (see Ransomware Epidemic Prompts FBI Guidance).
Bank Inf Security

FBI, DHS warn grid operators about cyber threats to power grid

The FBI and DHS are warning infrastructure operators about the potential cyberattacks on the U.S. power grid.
Homeland Security News Wire

Microgrids to enhance diversity, reliability, resilience

For more than 100 years, the United States electrical grid operated on a one-way delivery model: power generation, transmission, and distribution in response to user demand.
Homeland Security News Wire

ISIS uses mustard gas against Syrian forces in battle for airport

ISIS has used mustard gas against Bashar al-Assad’s forces in battles at a key airport in eastern Syria.
Homeland Security News Wire

Do Workers Have a False Sense of Security? New CareerBuilder Survey Looks at Security in the Workplace

While some workplace disasters can be avoided – such as oversleeping for a meeting or missing a major deadline – others are beyond anyone's control.
PR Newswire

Cyber-Execs: Expect a Cataclysmic Cyber-Terror Event Within 2 Years

Terrorists are capable of launching a catastrophic cyberattack on the U.S., and could do so within the upcoming year, according to 63 percent of respondents to a recent Thycotic survey.
info security

Worst-Case Scenario for Grid Outage Due to Cyberattack Is One to Two Weeks: NERC

The North American Electric Reliability Corp. (NERC) said that physical attacks on electric substations are potentially more damaging than a cyberattack.
The Wall Street Journal

Zika virus “scarier than we initially thought”: U.S. health officials

Dr. Anne Schuchat from the Centre for Disease Control and Prevention (CDC) said the Zika virus is more of a threat than previously thought.
Homeland Security Newswire

The past, present, and future of ransomware

The rise of ransomware over the past year is an ever growing problem.
Homeland Security News Wire

Privacy advocacy groups ask NSA to halt changes to data sharing rules

More than thirty organizations sent a letter to the Director of National Intelligence and the Director of the National Security Agency, urging them to halt reported changes to the rules governing when and how the NSA can share the data it collects through overseas surveillance.
Homeland Security News Wire

Business Interruption due to a Breach is Top Cyber Risk Concern

Business interruption due to a breach is top cyber risk concern, according to Aon’s 2016 Captive Cyber Survey Report.
Security Magazine

Study Finds U.S. Universities Failing in Cybersecurity Education

A new study has found that not one of the top 10 U.S. computer science programs (as ranked by the U.S. News & World Report in 2015) requires a single cybersecurity course for graduation.
Security Magazine

FBI, DHS warn grid operators about cyber threats to power grid

The FBI and DHS are warning infrastructure operators about the potential cyberattacks on the U.S. power grid. The FBI and DHS have launched a nationwide campaign to alert power companies and security firms, a campaign which includes briefings and online Webinars.
Homeland Security News Wire

DHS: AIRPORT WORKERS SUSPECTED OF TERROR TIES HAVE ALL BEEN VETTED

Relax. After reports surfaced last month that dozens of private airline employees may have had terror ties, Homeland Security Secretary Jeh Johnson this week set the record straight: “It’s not that they’re suspected terrorists.
Frontpage

MSP wary of too little staffing for beefed-up airport security

The U.S. Senate vote to buttress security at the nation's airports comes as the Twin Cities airport is still reeling from long waits in March for screening.
StarTribune

Credential exchange enabled on DHS info sharing network

Federal, state and local government users of the Homeland Security Information Network now have a simpler way to verify their identities for secure information sharing.
GCN Magazine

Ransomware Will Spike As More Cybercrime Groups Move In

Look for a sharp uptick in the quantity and quality of ransomware this year as more organized cybercrime groups employ ransomware, thanks to the huge success other criminals have had monetizing these attacks, security experts say.
DarkReading

5 Strategies to Mitigate the Impact of Workplace Violence

Workplace violence is an issue that is beginning to get more attention, but remains underreported and misunderstood.
Security Magazine

NIST Cybersecurity Framework Adoption Hampered By Costs, Survey Finds

Security pros consider the NIST framework an industry best practice, yet half of its adopters say its complete implementation involves a high level of investment.
DarkReading

Cybercrime: A Black Market Price List From The Dark Web

There's no better lesson in the mechanics of a free market than watching a black market at work.
DarkReading

Should airports move security checkpoints further out to prevent terror attacks?

Two terrorist bombings inside Brussels' airport terminal Tuesday is prompting talk of moving security checkpoints outside such buildings in the United States.
Security InfoWatch

2 more Southern California hospitals attacked by hackers using ransomware

Two more Southern California hospitals have been attacked by hackers who infiltrated their computer systems with ransomware and demanded payment to unlock the data, officials said.
Security InfoWatch

Data security concerns fuel IT investment decisions

According to the results of a recent survey sponsored by IT services provider Datalink and conducted by IDG Research Services, 70 percent of companies now rank data security as their top priority when it comes to investing their IT dollars.
Security InfoWatch

Verizon Confirms Breach Affecting Business Customers

Verizon Enterprise Solutions, which regularly assists clients in responding to data breaches, admits it's suffered its own breach, reportedly affecting 1.5 million business customers.
Data Breach Today

7 Iranians Indicted for DDoS Attacks Against U.S. Banks

The Justice Department has unsealed indictments against seven Iranians - allegedly working on behalf of the Iranian government, including the Iranian Revolutionary Guard Corps, a branch of Iran's armed forces - who are suspected of conducting distributed denial-of-service attacks against dozens of American banks as well as attempting to seize control of Bowman Dam outside New York City.
Data Breach Today

Hospital Ransomware Attacks Surge; So Now What?

Ransomware attacks against hospitals are becoming commonplace this year, with at least five incidents revealed in recent weeks.
Data Breach Today

Silicon Valley: Crypto Debate Continues

Despite the recent move to put the FBI-obtained court order against Apple on hold, the crypto debate is far from over.
Data Breach Today

Brussels Attacks Raise New Worries About Travel Security

The explosions that rocked a publicly accessible part of Brussels’ main airport Tuesday reignited an aviation-industry debate over whether airports can be better secured, and at what cost to travel.
Wall Street Journal

U.S. Says ‘Outside Party’ Could Unlock Terrorist’s iPhone

Government testing a way to unlock the phone of San Bernardino gunman Syed Rizwan Farook without Apple’s help
Wall Street Journal

Small banks face the greatest risk from hackers

Cyberattacks on the country’s largest banks, from JPMorgan Chase & Co. to Bank of America Corp., grab the headlines.
Boston Globe

5 Strategies to Mitigate the Impact of Workplace Violence

Workplace violence is an issue that is beginning to get more attention, but remains underreported and misunderstood.
Security Magazine

Cubs up the Security at Wrigley Field

The Cubs will open Wrigley Field to fans two and a half hours before game time for the home opener on April 11 because of new security measures.
Security Today

Brussels Attacks Spotlight Need for More Security at Nuclear Plants

The world can talk about nothing other than the security of our transit systems since the attacks on a Belgian airport and metro station, but through the transit chatter comes a new vulnerability that has security experts worried: nuclear plants.
Security Today

Hospital Falls Victim to Hackers

Hackers continue to take advantage of the weak security systems hospitals have in place. This time, it was Methodist Hospital in Kentucky.
Security Today

Case Study: A Community Bank Deploys Biometrics

Cambridge Savings Bank, a $3.2 billion community institution in Massachusetts, is incorporating biometrics into its online and mobile banking platforms as a way to limit, and in some cases remove, the need for username and password authentication.
Bank Info Security

OIG: VA Must Address InfoSec Weaknesses

A watchdog agency's audit of the Department of Veterans Affairs makes nearly three dozen recommendations for how the VA should address "material weakness" in its information security program, ranging from issues concerning identity and access management to incident response.
Bank Info Security

POS Remote Access: A Worry for Merchants

Risks posed by third parties are an ongoing problem for U.S. merchants because some point-of-sale vendors are overlooking basic security measures.
Bank Info Security

Former National Security Adviser, Ex-IBM CEO to Head Obama's Cybersecurity Panel

Tom Donilon, Sam Palmisano Tapped to Lead Commission on Enhancing National Cybersecurity
Bank Info Security

University encourages students to network on campus to avoid extremism

Groups of violent extremists attempt to recruit teenagers and young adults who show signs of vulnerability, according to an interactive FBI website shared by the University of Texas Police Department on Facebook.
The Daily Texan

Hacker Reveals Personal Information of Miami Cops, Judges

You would think that police have enough to worry about, but in Miami they now frightened by the idea that their personal information is now searchable online.
Security Today

TSA Prepares for Millions of Spring Break Travelers

Transportation Security Administration (TSA) is trying to keep up. The problem only gets worse in the month of March, the month of Spring Break.
Security Today

Drones to be Banned at U.S. Open

The United States Golf Association and Homeland Security officials would like to prohibit the use of drones in and around the Oakmont Country Club in Plum, a suburb of Pittsburgh, Penn. in an effort to prevent possible terrorist attacks and vandalism during the U.S. Open.
Security Today

Feds Counter Apple's Arguments Over iPhone 'Backdoor'

In a filing rebutting Apple's appeal of a court order requiring the company to help the FBI unlock the iPhone used by a shooter in the San Bernardino massacre, the Justice Department says Apple's rhetoric is "false" and "corrosive" to the institution that safeguards Americans' liberty and rights.
Data Breach Today

Encryption Compromise: A Fleeting Dream

The U.S. Justice Department's appeal of a court order that the government can't compel Apple to unlock an iPhone used by an accused drug dealer is significant because it sets in motion a process that could lead to a Supreme Court ruling on whether mobile device makers must give law enforcement a backdoor to circumvent encryption.
Data Breach Today

VA Gov. McAuliffe on Cybersecurity

Virginia Gov. Terry McAuliffe has a message for state leaders across the nation: Cybersecurity has to be a top item on their policy platforms. And, by the way, he very much intends to make Virginia the cyber capital of the United States.
Data Breach Today

Selecting the Right Sized Integrator for your Enterprise

Smaller integration firms are quickly filling the gaps left by national integration giants, often with custom-tailored and flexible security systems. Which one is right for your enterprise?
Security Magazine

Why Doodling Trumps Text Passwords

Rutgers University researchers have performed the first study of free-form gesture passwords for smartphones in the field.
Security Magazine

Home Depot Will Pay $19.5 Million for 2014 Data Breach

Home Depot agreed to pay at least $19.5 million to compensate U.S. consumers harmed by a 2014 data breach affecting more than 50 million cardholders.
Security Magazine

Report Highlights Supply Chain Issues

A new report highlights the issues facing supply chain executives. The report, from APICS and Michigan State University, investigates the current business practices of more than 50 supply chain organizations and identifies critical issues.
Security Magazine

Only 1 in 7 CISOs has Access to the CEO

Cybersecurity is now front and center on organizations’ boardroom agendas, but most CISOs have yet to earn a seat at the table.
Security Magazine

The Evolution of Crisis Communications in the Social Media Age

Establishing your enterprise as a trusted source of information during an emergency now demands the savvy use of social media.
Security Magazine

Automakers In The Hotseat For Vehicle Cybersecurity

As new-model vehicles increasingly come equipped with third-party applications and Internet connectivity, the majority of consumers say the car manufacturers are liable for the safety and security of their cars.
DarkReading

OpenSSL flaw disclosure: Right thought, wrong time

The researchers who recently disclosed the OpenSSL vulnerability could have waited for the update to be available first.
InfoWorld

U.S. captures head of ISIS chem weapons unit; targets ISIS chem weapons

U.S. Special Forces operating in Iraq captured the head ISIS chemical weapons unit.
Homeland Security News Wire

Judge sides with Apple over feds in New York

A federal magistrate-judge in New York City has ruled that the U.S. government can't force Apple to hack an iPhone to investigate a drug dealer.
CNNMoney

Cyber Impact - Why physical and IT security are converging

In essence, physical security is now converging with IT security. With today’s technology evolving at blinding speed, this blurring of the boundaries was inevitable.
Security Today

Honeywell Acquires RSI Video Technologies

Honeywell announced that it has acquired privately held RSI Video Technologies (RSI), a leading global provider of intrusion detection systems for commercial and residential security applications under the brand Videofied®, for approximately $123 million.
Security Today

Euro 2016 Security Budget Increased After Paris Attacks

The organizers of Euro 2016, the European men’s football championship, have increased the budget for the tournament by 15 percent in the aftermath of the Paris terrorist attacks.
Security Today

Selecting the Right Sized Integrator for your Enterprise

Smaller integration firms are quickly filling the gaps left by national integration giants, often with custom-tailored and flexible security systems. Which one is right for your enterprise?
Security Magazine

Payment Data Breach Risks Increase as New Payment Methods Emerge

Fifty-four percent of respondents in The Global Study on the State of Payment Data Security, conducted by the Ponemon Institute on behalf of Gemalto, have had a security or data breach involving payment data an average of four times in the past two years.
Security Magazine

Pentagon to tap private industry for background check IT system

WASHINGTON (Reuters) - The U.S. Defense Department plans to hire private contractors to develop a $600-million-plus computer system for a new background check agency being set up after a security breach last year exposed the personal data of nearly 22 million people, a top official told Reuters.
Yahoo Finance

Recognizing and overcoming insider threats

Cyber attacks can come from anywhere. It could be a nation state trying to unlock your recent break-through in advanced manufacturing techniques or perhaps a competitor trying to discover your sales prospect list.
SC Magazine

US DoD funds Carnegie Mellon project to hack Tor

Researchers at Carnegie Mellon University (CMU) were behind an attack on Tor that was used to identify cyber-criminals, according to claims by the Tor project backed up a court filing.
Sc Magazine

Microsoft security technology used to disable itself

Microsoft's Enhanced Mitigation Experience Toolkit (EMET) is a free security tool that provides Windows and applications with an extra layer of security. It should make it difficult for hackers to attack both known and unknown vulnerabilities in the operating system, installed programs or plug-ins.
SC Magazine

Mega Mess: Records Escape from Disposal Truck

While hacker attacks increasingly pose threats to the electronic patient data held by healthcare sector organizations, yet another healthcare provider has reported a major breach involving the improper disposal of paper and film records.
Data Breach Today

DHS Issues Guidance on How to Share Cyberthreat Data

Seeing Is Believing: Visualizing Best Ways to Share Threat Info
Data Breach Today

Career boost: Break into data science

The high demand for data scientists has many IT pros contemplating a lucrative career shift.
InfoWorld

Exclusive: Go inside a security operations center

A tour of managed security services provider Alert Logic reveals how proactive monitoring detects breaches and accelerates incident response.
InfoWorld

Developers: APIs are crucial to business, but tough to get right

A survey of API developers claims security, customer satisfaction, and speed of deployment are among the biggest challenges.
InfoWorld

Taking Situational Awareness to a New Level: Innovation, Technology and Citizen Stakeholders

Situational awareness solutions and Actionable Intelligence®are two pieces of the overall security picture. Collecting the data is simply not good enough in today’s environment.
Security Magazine

Anatomy Of An Account Takeover Attack

How organized crime rings are amassing bot armies for password-cracking attacks on personal accounts in retail, financial, gaming, and other consumer-facing services.
Dark Reading

Breach Stats: Improving From Abysmal To Just Awful

IT organizations are getting better at identifying data breaches more quickly and breach statistics are seeing ever-so-slight improvements, according to two new reports out this week.
Dark Reading

The Police Foundation Releases Use-of-Force Infographic

Police use of force is a topic of considerable concern today. The Police Foundation adds to the discussion by releasing an infographic intended to educate the public by visually describing the complex considerations that determine when police use of force is lawful, even when it may appear otherwise.
prweb

In cybersecurity bid, Obama wants to retire outdated government systems

The White House says it's working to increase the security of the federal government's computer and data systems after high-profile hacks at various agencies, including a recent breach at the Justice Department.
CNN

These are the 20 most dangerous cities in the world, in one map

Caracas in Venezuela is the most violent city in the world, according to an annual report by the Mexico Citizens Council for Public Security.
i100

Coercing Companies to Name Security-Savvy Directors

Bipartisan legislation before Congress, if enacted, could put pressure on publicly traded companies to add individuals with cybersecurity expertise to their boards of directors.
Gov Info Security

Roadmap for Identity Management in the Modern Organization

oin Brad Zehring from Centrify as he explores use cases for the modern enterprise and demonstrates how privileged identity management as a service delivers: Secure access for remote employees; Controlled access for outsourced IT (without managing more identities);Centralized management of privileged identities across cloud, mobile and datacenter
Bank Info Security

Only 11% of Corporate Directors Say Boards Have High Level of Cyber-Risk Understanding

Recent breaches showcase a growing need for cyber-risk oversight in the boardroom
National Association of Corporate Directors

Security Pros Worried About Stolen Credentials, Alert Volumes

A rapid7 report released Wednesday revealed most security organizations receive more alerts than they can handle, and that organizations are concerned about spotting stolen credentials.
CSO Online

Some Officers Bristle at Recall of Military Equipment

The Obama administration has issued hundreds of notifications to law enforcement agencies, telling them to give back various federal surplus military equipment by April 1.
New York Times

Anonymous' Targets Michigan, Activates #OpFlint

The Anonymous hactivist group has launched the "OpFlint" campaign, promising online attacks directed toward Michigan Gov. Rick Snyder's administration in response to the Flint water emergency.
Government Technology

What is the dark net, and how will it shape the future of the digital age?

The dark net has continued to make headlines over the last decade as a mysterious part of the internet where criminals lurk and engage in illegal activities, all from the privacy of home computers.
ABC News

DHS: Social Engineering Is a Persistent Threat for Agencies

Social engineering continues to be instrumental for successful intrusions of information technology systems, especially as the Internet continues to provide more entry points, according to a Dec. 16 advisory from the U.S. Department of Homeland Security's National Cybersecurity and Communications Integration Center (NCICC). In addition, successful intrusions only provide more incentives for follow-up social engineering projects.
FierceGovernmentIT

Courts Poised to Reshape Landmark Computer Crimes Act

Federal judges this year are expected to rule in four cases that could determine what behavior should be prosecuted under the Computer Fraud and Abuse Act and what penalties those convicted of violations should face.
Politico Pro

Faulty Ransomware Renders Files Unrecoverable, Even By the Attacker

A cybercriminal has developed a ransomware program based on proof-of-concept code released online, but made a mistake on the implementation, causing victims' files to be completely unrecoverable, according to Trend Micro researchers.
NetworkWorld

Most Americans support smart guns: Survey

Nearly 60 percent of Americans, if they buy a new handgun, are willing to purchase a smart or childproof gun — a weapon that is only operable in the hands of an authorized user — new Johns Hopkins Bloomberg School of Public Health-led research suggests.
Homeland Security News Wire

How dangerous people get their guns

The San Bernardino massacre is unique in several respects, but it does bring into focus an important issue with broad relevance: how do dangerous people obtain guns, and what should the police and courts be doing to make those transactions more difficult?
Homeland Security News Wire

Murders Jumped 6 Percent in First Half of 2015, FBI Says

Murders rose 6.2 percent in the first half of 2015, according to new data from the FBI. Violent crime increased 1.7 percent and property crimes decreased 4.2 percent.
Wall Street Journal

A breach is coming -- is your agency ready?

Information security incidents involving federal agencies rose from 5,503 in fiscal 2006 to 67,168 in fiscal 2014, according to the Government Accountability Office.
Federal Computer Week

Cybercriminals Will Remain Victorious in 2016, Relief Expected in 2018

In 2016, a more diverse group of criminals will display a greater variety of motives and desired destructive outcomes as they attack traditional targets, such as financial services, retail, and government agencies, as well as non-traditional ones, including power plants, consumer sites, and applications.
ITProPortal.com

5 Accused of Stealing Drug Secrets From GlaxoSmithKline

Five people, including two research scientists, were indicted by federal prosecutors in Philadelphia on charges of stealing trade secrets about drugs to treat cancer and other diseases from British drug giant GlaxoSmithKline.
New York Times

Hacked casino sues cybersecurity firm

Affinity Gaming is suing Trustwave, the cybersecurity firm it hired, in a lawsuit that appears to be the first of its kind.
The Hill

Energy Will Fund $23M in Cybersecurity Research

The Department of Energy announced it will award $23 million for electricity grid cybersecurity research and development.
Politico Pro

Hackers Love the Internet of Things Because Security Doesn't Sell Toasters

The process of breaching Internet of Things (IoT) devices is sometimes uncomfortably easy for experts.
Inverse

Beware the Millennials: New Year Brings Need for New Security Measures

Millennials account for one-third of the US workforce, and with that comes alarmingly poor security habits.
Government Health

On The Books

Threat assessment teams are in place at most universities to investigate concerning behavior or potentially dangerous situations.
Security Today

The 'Mind-Boggling' Risks Your City Faces From Cyberattackers

Every year, the U.S. Federal Emergency Management Agency asks states to rank how prepared they are for various sorts of disasters.
MarketWatch

Tackling mental illness early: the people being taught to spot warning signs

Thousands are being trained to offer timely help to those at risk, including teenagers, corporate lawyers and firefighters
The Guardian

Police crisis-intervention training helps improve odds everyone goes home safe

Training in how to approach such people can improve the odds that everyone will walk away safe. - See more at: http://www.vindy.com/news/2016/jan/23/warren-police-receive-crisis-interventio/#sthash.yrIyGQE7.dpuf
Vindy.com

Cyber Insurance for Business Continuity

Cyber insurance covers more than the cost of breaches of data privacy; it can play a role in protecting against the cost of a cyberattack that disrupts business operations, explains insurance specialist Tim Burke.
Bank Info Security

Survey: 2 in 3 School Public Safety Departments Don't Have Enough Staff

K-12 respondents of Campus Safety magazine's 2015 Salary Survey echo many of the pay, department staffing levels, and weapons status trends revealed by college and hospital protection professionals. Schools and school districts are paying their novice sworn and nonsworn officers more than they did in 2011, when Campus Safety conducted its previous salary survey.
Campus Safety Magazine

Chicago's 'Run and Hide' Aviation Cops Ask Mayor for Guns

The union representing aviation police officers at Chicago's two airports is requesting permission for officers to carry guns. Matt Brandon, secretary-treasurer of Local 73 of the Service Employees International Union, sent a letter to Mayor Rahm Emanuel asking that permission be granted because aviation police officers (APOs) are an "integral part of the security of these airports."
CNN

Rarely Patched Software Bugs in Home Routers Cripple Security

Despite patches and fixes, recent events have shown that there can still be bugs in the system once they have been released into the world.
Wall Street Journal

Cyberattacks Against Critical Manufacturers Nearly Doubled in 2015: Government Report

Cyberattacks on the nation's critical manufacturing sector nearly doubled in the year ending Sept. 30, 2015, according to the Department of Homeland Security's Industrial Control Systems Cybersecurity Emergency Response Team, or ICS-CERT.
The Washington Times

Self-drive cars ready to overtake

German car maker Mercedes-Benz has unveiled the world’s first mass-produced vehicle that can automatically speed up and change lanes to overtake a car after the driver presses a button — and can be driven with hands off the steering wheel for roughly a minute, even on roads without lane markings.
Weekly Times

The Stalking and Harassment Assessment and Risk Profile (SHARP)

Even if law enforcement isn't calling it stalking, officers are responding to many stalking-related incidents.
Police Chief Magazine

Cybersecurity as a Competitive Advantage

Cybersecurity strategies must align with business objectives, but that's difficult because most boards of directors don't understand security, says Lance Hayden, managing director at the consultancy Berkeley Research Group.
Bank Info Security

Cyber Literacy is a Two Way Street: CISOs, CEOs Have Much to Teach Each Other

Most experts agree that the majority of CEOs and other executives have basic cyber awareness, but are limited in their knowledge of cybersecurity and imminent threats
Wall Street Journal

Does a data breach really affect your firm’s reputation?

A data breach is a public relations and financial disaster. Companies often spot the intrusion too late, and respond inadequately, resulting in falling sales and journalist outrage.
CSO Online

Europe Sets Up Digital ‘SWAT’ Team for Aviation Cyber Threats

Patrick Ky, Europe's top air safety official, said he is hiring a group of high-level computer experts to combat looming cyber threats to aviation.
Wall Street Journal

The most innovative and damaging hacks of 2015

This past year saw several major hacking incidents that illustrated the never-ending arms race between hackers and security professionals.
InfoWorld

White House Preps 'Blue Skies' Plan on Cybersecurity

The National Security Council is preparing "Blue Skies," a far-reaching cybersecurity effort that calls for creating an elite cybersecurity squad to assist federal agencies in emergencies, augmenting the government's ranks of security specialists, and replacing obsolete systems.
Politico Pro

Online collaboration technologies may be exposing more than realized

While the benefits of externally hosted collaboration technologies are generally acknowledged, there are a number of risks and security threats that are usually neither well-understood nor formally accepted.
Government Computer News

Campus Standards

Colleges and universities encounter distinct challenges when faced with the task of standardizing security protocol, procedures, and technologies.
Security Today

Cisco Reports Rapid Rise of Unauthorized Cloud Usage

New data from Cisco Systems Inc. suggests that employees route around corporate networks to a startling extent, posing risks for security and data governance.
Wall Street Journal

Pharmacy Delivery Vans Targeted by Drug Thieves

Delivery vans that transport prescription painkillers from warehouses to pharmacies and hospitals are the targets of an escalating number of thefts across the country, STAT has learned.
STAT

Essential Traits of Successful CISOs

What's it take to be a successful CISO? Mark Dill, former longtime information security director at the Cleveland Clinic, says it comes down to being patient, persistent and perceived as practical.
Career Info Security

The Four Big Problems With Security Metrics

Metrics can be very useful, but only if they track the things that matter.
DarkReading

Project 'Gridstrike' Finds Substations To Hit For A US Power Grid Blackout

Turns out free and publicly available information can be used to determine the most critical electric substations in the US, which if attacked, could result in a nationwide blackout.
DarkReading

ISIS instructs Western followers on how to avoid detection by police

ISIS is a sophisticated terrorist organization, as its savvy use of social media shows.
Homeland Security News Wire

U.K. unprepared for terror attacks outside London: Experts

Security experts in the United Kingdom have expressed concerns about whether the United Kingdom has sufficient resources to respond to acts of terrorism outside of London.
Homeland Security News Wire

5 Security Trends to Watch in 2016

2015 was a record year for information and cyber security. Dozens of new vulnerabilities were uncovered, and government organizations, businesses and individuals continued to find themselves victim to high-profile data breaches.
Security Today

Survey Says a Quarter of Companies Would Pay Ransom to Hackers

Nearly a quarter of companies (24.6%) say they would be willing to pay hackers a ransom to prevent a cyberattack, a new survey finds.
Security Magazine

Modest Growth in InfoSec Employment

Ignorance isn't bliss when mulling IT security employment numbers. Reliable data specifying the number of people employed in the United States in the cybersecurity field is hard to find.
Data Breach Today

Fitbit Hack: What Are the Lessons?

Hackers have reportedly gained access to the accounts of dozens of Fitbit wearable fitness device users.
Data Breach Today

Flaw allows malicious OpenSSH servers to steal users' private SSH keys

Qualys researchers have discovered two vulnerabilities in the popular OpenSSH implementation of the secure shell protocol, one of which (CVE-2016-0777) could be exploited by attackers to extract users' private cryptographic keys.
Help Net Security

250 Hyatt hotels around the world hit with PoS malware

In late December, the Hyatt Hotels Corporation announced that they found malware on computers that operate the payment processing systems for Hyatt-managed locations, but offered no details about how long the compromise went on and which hotels have been affected.
Help Net Security

CWA hackers breached US DNI Clapper's email, broadband account

Crackas With Attitude (CWA), a group of hackers with a pro-Palestinian agenda, have hit another high-rank US intelligence chief.
Help Net Security

Compromised credentials a leading concern for most security pros

90% of organizations are worried about compromised credentials, though 60% say they cannot catch these types of attacks today, according to a new survey by Rapid7. 62% of organizations are receiving more alerts than they can feasibly investigate.
Help Net Security

Chipotle to close all restaurants on Feb. 8 for food safety meeting

Chipotle is shutting down all of its stores nationwide for a few hours next month to hold a national staff meeting about food safety.
CNNMoney

93 Percent of Corporate Security Officials Say Human Behavior Presents Greatest Threat

According to a recent report based on in-depth interviews with 28 corporate security officials, 93 percent of respondents said human behavior presents the biggest threat to their organizations' security, up from 88 percent in a similar survey in 2014.
eSecurity Planet

How Effective Are Existing University Emergency Operations Plans?

Eighty-six percent of respondents in the Margolis Healy Campus Safety Survey 2015indicated that their university has developed an emergency operations plan that addresses threats specific to their institution. However, only 54.7 percent said their university had conducted a comprehensive hazard and vulnerability assessment, which is often instrumental in developing an effective all-hazards emergency operations plan.
Security Magazine

Beyond Compliance, Utilities Remain Vulnerable

While utility enterprises are taking steps to detect and deter physical security threats, preventing damage and enabling recovery remain significant challenges, according to The State of Physical Grid Security 2015.
Security Magazine

Identity Thieves' Methods and Demographics are Changing

As identity theft and fraud become major moneymakers for criminals, the profile of a typical identity thief is changing.
Security Magazine

De-anonymizing code authors by analyzing executable binaries

A group of researchers that have previously proven that it's possible to de-anonymize programmers by analysing the source code of programs they have created, have now demonstrated that a good result can be also be achieved by analyzing executable binaries of those programs.
Help Net Security

Ukranian Power Grid Hacked

A power blackout that recently affected about 1.4 million Ukrainians has been tied to an espionage Trojan called BlackEnergy.
Data Breach Today

Is OCR Scrutinizing Those with Multiple Breaches?

Is the agency that enforces HIPAA doing enough to make sure that organizations that have had multiple smaller health data breaches are taking steps to improve security?
Data Breach Today

2016: Year of Cyberthreat Info Sharing

For half a decade, Congress debated, but never enacted, cyberthreat information sharing legislation. Then, this past December, Congress approved and President Obama signed the Cybersecurity Act of 2015.
Data Breach Today

Tool improves government computer network security

Government agencies, along with state and local governments, could receive a helping hand from a computer network security tool developed by computer scientists and engineers at DOE’s Lawrence Livermore National Laboratory.
Homeland Security News Wire

Oregon siege: the U.S. militia movement is resurgent – and evolving

For several days now, a small group of armed men have occupied an office of the National Wildlife Refuge in southeastern Oregon, 300 miles from Portland.
Homeland Security News Wire

One Third of CEOs Aren't Regularly Briefed on Cyber Security Issues

A survey from Dimensional Research/CyberArk polled 304 global IT security professionals and found that one third of CEOs and 43 percent of management teams are not regularly briefed on cyber security issues.
eSecurity Planet

Terror attacks in Paris and California expose modern society’s lack of resilience

Our complex global society lacks resilience. The root cause of our vulnerability is the structure of the global economy: highly interconnected, complex, and filled with turbulence.
Homeland Security News Wire

FBI unable to break 109 encrypted messages Texas terror attack suspect sent ahead of attack

FBI director James Comey told lawmakers this week that one of the suspects in the foiled terror attack in Garland, Texas, in May had exchanged 109 messages with sources in a “terrorist location” overseas ahead of the attack.
Homeland Security News Wire

Rise of drug-resistant infections to cost millions of lives, trillions of dollars

Drug-resistant infections could kill an extra ten million people across the world every year by 2050 if these infections are not tackled.
Homeland Security News Wire

Concerns over attacks on the U.S. electrical grid increase after Paris attacks

In the aftermath of the 13 November attacks in Paris, U.S. government agencies involved with grid security and utilities are preparing to thwart a major attack on the U.S. electrical grid.
Homeland Security News Wire

Criminals acquire guns through social connections, not through theft or dirty dealers

Criminals are far more likely to acquire guns from family and acquaintances than by theft, according to two new studies.
Homeland Security News Wire

Police more likely to be killed on duty in states with high gun ownership: Study

Camden and Newark, New Jersey, are perceived as two of the most violent cities in the nation, yet New Jersey’s police officers are among the least likely to get shot on the job.
Homeland Security News Wire

Consumers Won't Shop with Breached Firms – Report

A survey by digital security firm Gemalto shows that about two-thirds of global consumers refuse to shop with a brand that experienced a data breach.
Infosecurity Magazine

Perimeter Inversion: Turning Digital Security Inside Out

Almost since its inception, digital security has followed a perimeter model, which may seem like the Maginot Line of cybersecurity. Now, however, as more time is spent outside the firewall, security must also go beyond it.
Dark Reading

Silicon Valley Faces Showdown as Lawmakers Fume Over Encryption

Lawmakers attending a briefing with FBI director James Comey expressed growing frustration Thursday as technology companies continue to resist Congressional efforts to curb encrypted communications.
Wall Street Journal

DARPA on the Hunt for 'Early Warning' Cyberattack Detection Technology

DARPA will gather potential proposers next week to give industry more information on its cyber threat monitoring needs in advance of solicitations under an agency announcement known as the Rapid Attack Detection, Isolation and Characterization, or RADICS, program.
FierceGovernmentIT

NIST Wants More Feedback on Cybersecurity Framework

The U.S. National Institute of Standards and Technology (NIST) wants more information on how its cybersecurity framework is being used by the private sector and what changes could be made to improve it in the future.
Fedscoop

Terrorist Activity in 2015 Causing Spike in Travel Anxiety - Report

A survey from the Chief Marketing Officer Council, the GeoBranding Center, and AIG Travel has found that one out of four travelers altered plans this year due to safety, security, or health concerns.
Stuff.co.nz

10 Critical Protocols for Enhanced School Terrorism Preparedness

There are several emergency preparedness measures that can enhance the ability of school and public safety officials to respond to potential terrorist attacks.
Campus Safety

U.S. Cyber Criminal Underground a Shopping Free-For-All

A new report indicates that the cyber criminal underground in North America are more like a shopping mall than a covert, secretive operation.
CIO

Congress Eyes Social-Media Companies as Terror Fears Mount

Under a bill introduced by lawmakers on Tuesday, social-media companies would be required to report terrorist activity on their sites.
Wall Street Journal

US Security Companies See Uptick In Demand After Mass Shootings

Following last week’s shooting in San Bernardino, California, U.S. security companies are seeing a hike in demand for their services.
International Business Times

Top Malware Families Targeting Business Networks

Conficker, Sality, and Cutwail were the most common malware families being used to attack organizations' networks in October, according to Check Point.
Help Net Security

NYC to Provide Security Officers at Private Schools

New York City Mayor Bill de Blasio has agreed to a $19.8 million bill designed to improve school security.
Campus Safety Magazine

Feds to Roll Out New Terror Alert System

Federal officials announced on Monday they will unveil a new terror threat system in upcoming days.
The Hill

Study Finds Tight School Security Can Have Negative Consequences

Security measures in American high schools can have unintended consequences that hinder, rather than help students learn, according to a new study from the University at Buffalo titled "Student Suspensions and Arrests: The Role of School Security."
Security Magazine

NIST at Work on New Data Safety Guide

The National Institute of Standards and Technology (NIST) has launched a new project to help organizations prepare for and recover from data attacks.
FierceGovernmentIT

How Often Do Mass Shootings Occur? On Average, Every Day, Records Show

On average, shootings that injured or killed at least four people in the United States occurred at a rate of about one a day this year, according to information compiled from news reports.
New York Times

Chinese Government Has Arrested Hackers It Says Breached OPM Database

The Chinese government announced it arrested a group of hackers allegedly responsible for the massive cyberattack on the Office of Personnel Management earlier this year.
The Washington Post

2015 Mass Shootings: Security Experts Advise Companies to Re-Evaluate Safety Following a Series of Deadly Attacks

Several mass shootings in America over the past year have occurred in workplace settings, prompting companies to take a second look at security systems to prevent employees from coming in harm’s way.
IBTimes

U.S. Can't Access NSA Phone Records in California Terror Case

The recent shutdown of the NSA mass surveillance program has prevented the FBI from accessing and analyzing five years' worth of phone records for the married couple blamed for the recent shootings in San Bernardino, Calif. Under the new USA Freedom Act, authorities were able to obtain only about two years' worth of calling records.
Associated Press

The Future of Information Security in the Government

A new report from Intel Security and the Digital Government Security Forum (DGSF) suggests the government and wider public services increasingly rely on robust information security to realize the benefits of the digital revolution over the next decade, characterized by an explosion of data.
Help Net Security

Post-Paris, a Fundamental Rethink of Corporate Security Is In Order

The recent attacks in Paris should push business leaders to incorporate security concerns into everyday operations, writes Bill Udell, a former CIA operations officer and the Los Angeles-based Senior Managing Director for crisis and security consulting at Control Risks.
Forbes

Weaponized Docs Top Banking Threats: Invincea

Weaponized Microsoft Word documents were the most common threats discovered by cybersecurity firm Invincea in October, the company said in its latest trends report.
Credit Union Times

Are State and Local Governments Ready for CDM?

A recent study by the Ponemon Institute found that the cybersecurity posture of state and local governments falls short of that of federal agencies, especially when it comes to the ability to prevent, detect, contain, and recover from cyberattacks.
Government Computer News

The Role We Must Own

Unfortunately, campus shootings are not a new issue and the recent (or seemingly continual) spate of incidents reinforces the need to take a holistic approach to the risk, i.e., it is not a law enforcement issue alone.
Risk & Insurance

A decade of data breaches analyzed – what you can learn to protect your organization

Data breaches are commonplace and inevitable. And with the average cost of a data breach now calculated as $217 per lost or stolen record, the need to protect data has never been stronger.
IT Governance

The Role We Must Own

Unfortunately, campus shootings are not a new issue and the recent (or seemingly continual) spate of incidents reinforces the need to take a holistic approach to the risk, i.e., it is not a law enforcement issue alone.
Risk & Insurance

What is 'Sleeper Fraud,' And Why Must Banks Beware?

The surge in data breaches has left millions of consumer records and personally identifiable information compromised, giving fraudsters all they need to open fraudulent accounts aimed at scamming banking institutions out of big dollars.
Bank Info Security

Critical Infrastructure: Better Cybersecurity Metrics Needed

With the heightened threat of cyber-attacks on America's critical infrastructure, a congressional watchdog says federal agencies need to adopt better metrics to determine the cyber risks specific industries they monitor face.
Bank Info Security

Cybersecurity: The CEO's Responsibilities

Many CEOs and boards of directors are failing their companies by not truly understanding their cybersecurity risks, says Steve Durbin, managing director of the Information Security Forum, a global not-for-profit organization focused on cybersecurity and information risk.
Bank Info Security

Information Security Risk and the Need for Quantitative Ratings

Credit rating models transformed the way we do business and have existed for almost a century. Now, these same models are inspiring a new way of managing vendor security risk by using externally collected security data to assess and quantify security performance.
Bank Info Security

Moody's Warns Cyber Risks Could Impact Credit Ratings

Credit rating agency Moody's Corp. warns that cyber defenses as well as breach detection, prevention and response will be higher priorities in its analysis of the creditworthiness of companies across all sectors, including healthcare and financial services.
Bank Info Security

Security Breach at Toy Maker Exposes Data on Children

A maker of digital toys for children said it had been hacked, putting the personal information of five million people, including children, at risk.
Security Today

NSA Ends Bulk Phone Data Collection

At the end of November, the U.S. intelligence ceased its bulk collection of telephone metadata. Instead, the government will move to a more “focused and targeted” approach in gathering intelligence, the Office of the Director of National Intelligence said in a statement.
Security Today

BEI Security Announces SmartFence

BEI Security president David Iffergan announced the company will be releasing their new product, SmartFence, at the Hi-Tech Defense Industry Fair in Deajeon, South Korea from December 1 through the 4.
Security Today

Ohio Statehouse Adds Metal Detectors, Bans Backpacks

Metal detectors have been installed at three entrances to the Ohio Statehouse as part of increased security measures.
Security Magazine

OSHA Issues Tools to Help Prevent Workplace Violence in Healthcare

The Occupational Safety and Health Administration launched a new webpage to provide employers and workers with strategies and tools for preventing workplace violence in healthcare.
Security Magazine

Data Breach Forecast Global Predicts Cyberconflicts and Hactivism in 2016

Cyberattacks will continue to menace healthcare and other business sectors next year, according to the Experian Data Breach Industry Forecast
Security Magazine

Mobile Access Brings New Opportunities to Dealers and Integrators

With the growing adoption of mobile access control for physical security applications, smart cards and phones used as credentials are converging into centralized identity management systems.
Security Magazine

Target Reaches Settlement with Banks

Target Corp. has reached a proposed $39.4 million settlement with a group of banking institutions that sued the retailer over fraud losses and expenses suffered as a result of Target's December 2013 data breach.
Data Breach Today

Report: Insiders Still Top Breach Threat

While cyberattacks will continue to menace healthcare and other business sectors next year, organizations can't afford to overlook addressing risks tied to insiders, who are responsible for most data breaches, says Michael Bruemmer of Experian Data Breach Resolution.
Data Breach Today

China: Chinese Criminals Hacked OPM

The Chinese government concedes the attack on U.S. Office of Personnel Management computers emanated from China, but it contends the culprits were criminals, not individuals working for the Chinese government or military. Some experts in the United States aren't buying the Chinese government's explanation.
Data Breach Today

FEMA’s Decentralized IT Environment Overly Complex, Difficult To Secure, Costly To Maintain, IG Says

According to a new Department of Homeland Security (DHS) Inspector General (OIG), audit report, the Federal Emergency Management Agency’s (FEMA) information technology (IT) environment remains overly complex, difficult to secure and costly to maintain. While FEMA has made progress since the OIG’s 2011 information technology audit, much remains unresolved.
Homeland Security Today

Intelligence Officials Worried About Paris-Style 'Copy Cats;' Obama Says No Attack Indications

As US counterterrorism officials warned local law enforcement to be alert to individuals who appear to be scouting “soft targets” to attack, as well as a potential Paris-style attack by “copy cat” killers, President Obama assured that, “right now, we know of no specific and credible intelligence indicating a plot on the homeland."
Homeland Security Today

Global Terrorism Increased by 80% in 2014

A new report says that terrorism continues to rise, with over 32,000 people killed in terrorist attacks in 2014, the highest number recorded.
Security Newswire

Report Discusses The New Face of Identity Theft

A new report says that the five states with the largest number of identity theft offenders are Florida, California, Texas, New Jersey and Georgia.
Security Newswire

U.S. Stadium Security Expert Reacts to Paris Attacks

When terrorists attacked several locations in Paris last Friday night — including the Stade de France stadium where a friendly soccer match was taking place — U.S. venues immediately took notice.
Security Magazine

House Passes Bill To Address Glaring Aviation Security Gaps

the House passed legislation Tuesday that would require the Transportation Security Administration (TSA) to consult with the Aviation Security Advisory Committee (ASAC) before making any changes to the prohibited items list, which includes items such as knives and firearms.
Homeland Security Today

Will FTC Ruling Impact Future Data Security Cases?

Former FTC Attorney Discusses Implications of LabMD Case Dismissal
Data Breach Today

Why Fraudsters Have Shifted to 'Shimming' Attacks

As U.S. merchants shore up physical point-of-sale security by upgrading their terminals to accept EMV chip cards, attackers are turning their aim toward unattended self-service terminals, such as ATMs and self-service gas pumps.
Data Breach Today

Inside the largely unexplored world of mainframe security

The security of mainframe computers - the so-called "big iron", which is mainly used by large organizations for critical applications, bulk data and transaction processing - is not a topic that has garnered much interest from the public.
Help Net Security

Anonymous shutters 5.5K pro-ISIS Twitter accounts

On its #OpParis Twitter account, the activist group Anonymous claimed it took down 5,500 pro-ISIS Twitter accounts.
SC Magazine

NSA warns of growing danger of cyber-attack by nation states

The deputy director of the US National Security Agency (NSA), Richard Ledgett, has warned of the increasing danger of destructive cyber attacks by states.
BBC

The Average Organization Experiences 9 Insider Threats Each Month

Skyhigh Networks recently analyzed the actual cloud usage of 23 million employees, and found how user behavior puts organizations at risk and how catching and managing this behavior can help reduce the risk of data loss.
Help Net Security

What Can We Expect From 2016? A Growth in Online Extortion, Hacktivism and Mobile Malware

Trend Micro expects to see a more offensive posture taken toward cybersecurity in 2016, with government entities expanding legislation to a global defense model, which will allow for more successful arrests, prosecution and convictions
Help Net Security

Terror Threat Snapshot: Homegrown ISIS-Linked Arrests Increase

The House Homeland Security Committee has released its Terror Threat Snapshot for November, and the report shows that the global and U.S. threat posed by the Islamic State and ongoing conflicts around the world are on the increase.
In Homeland Security

Hacking of ‘Unregulated Data’ Poses Big Risk to Firms

There are several types of data, the storage and transmission of which, the government has decided to regulate. These include things like medical records or personally identifiable information.
Wall Street Journal

House Passes Bill to Prevent Security 'Insider Threats

Under legislation passed by the House Monday, the Department of Homeland Security (DHS) would be required to establish a program to identify and neutralize threats from rogue employees.
The Hill

Survey CISOs See Cybersecurity Progress

A new Southern Methodist University survey of 40 executives from across the public and private sectors, mostly chief information security officers, finds that support for cybersecurity is growing in organizations.
FedScoop

The 6 Types of Cyberattacks and Top 5 Defenses

The Department of Homeland Security's Gregory Touhill discussed the cyberthreats federal agencies are facing and best practices for defense after participating in a simulation of managing post-breach response.
Federal Times

In the Dark Over Power Grid Security

In his book "Lights Out," journalist Ted Koppel questions what would happen if the power went out in a number of states affecting millions of people.
Sunday Morning

SAFE Act Introduced to Protect Domestic Violence Survivors in the Workplace

Senator Patty Murray (D-WA) announced the introduction of the Security and Financial Empowerment (SAFE) Act of 2015, building on the Violence Against Women Act.
Security Magazine

2013 Attack on Metcalf, California Power Grid Substation Committed by “an Insider”: DHS

A 2013 sniper attack on a Metcalf, California energy grid substation may have been committed by someone on the inside, according to a senior DHS official.
Homeland Security News Wire

In our Wi-Fi world, the internet still depends on undersea cables

Not many people realize that undersea cables transport nearly 100 percent of transoceanic data traffic.
Homeland Security News Wire

The FBI isn't wrong; sometimes you will have to pay the ransom

Last week, during the 2015 Cyber Security Summit in Boston, Special Agent Joseph Bonavolonta said that the FBI's advice for some Ransomware attacks is to pay the ransom.
CSO Online

Study Highlights Poor Employee Security Habits

A new study on employee cybersecurity habits from CompTIA found that 17 percent of some 1,200 surveyed U.S. employees plugged an unfamiliar USB drive into their own devices.
Sc Magazine

Capital One Launches SwiftID, a Way to Bypass Security Questions With Just a Swipe

On Oct. 23, Capital One launched SwiftID, a two-factor authentication solution for users of its Capital One Wallet app and website. SwiftID takes the place of the security questions used by many websites to authenticate users when they forget their passwords or extra authentication is required for some reason.
TechCrunch

CIOs Reporting Directly to CFOs Can Create Massive Cybersecurity Headaches

Many companies are lacking the necessary funds to upgrade critical systems, according to a new study from the Georgia Tech Information Security Center.
Business Insider

FBI Chief Again Says Ferguson Having Chilling Effect on Law Enforcement

FBI Director James B. Comey has recently warned that police in the United States have become more reluctant to do their jobs aggressively since the incidents in Ferguson and the use of smartphones. Comey told police officials in Chicago at a conference of the International Association of Chiefs of Police that major U.S. cities are seeing a violent crime wave that may partly be due to “gun shy” police officers who are afraid of being recorded on video and accused of police brutality.
The Washington Post

Cyberthreats, Cyberattattacks Will Only Increase Over Time: Experts

The growing dependency of an increasing number of organizations on the Internet has also served to increase the number of targets for hackers, particularly those organizations that have not given sufficient attention to safeguarding their networks.
Homeland Security News Wire

Ransomware Alert: Client Data at Risk for Lawyers and Accountants!

Ransomware malware is increasingly being downloaded by unsuspecting employees.
Lexology

"Researchers Find 85 Percent of Android Devices Insecure

Mobile phone carriers chronically fail to issue patches, so many vulnerabilities linger without getting fixed for months or years.
threat post

1 in 4 Organizations Have Experienced an APT

More than 28 percent of organizations have experienced an advanced persistent threat (APT) attack, according to a new study from ISACA.
Help Net Security

Villanova Univ. to Begin Arming Campus Police

Villanova University will transition to an armed University Police Force and “will have the same authority and undergo the same specialized training as those in public law enforcement,” according to a letter written by the president.
Campus Safety

Facebook to Warn You of Targeted Attacks - Check This Security Setting Anyway

Facebook has announced it will notify users it suspects of being targeted by nation states and urge them to take necessary precautions.
Naked Security

A 'Cyber Pearl Harbor' Could Mean New Security Mandates

Rep. Gerry Connolly (D-Va.), has warned that if firms do not put in place stronger cybersecurity defenses, Congress could impose new regulations that could rankle the industry.
CIO

U.S. Firms Fight Global Cyberweapon Deal

Many U.S. companies are against an international effort to prevent cyberweapons from reaching malicious regimes because they say it well upend the way they use and sell legitimate spyware.
Wall Street Journal

Coast Guard Official: Cyber Incidents With Physical Consequences Impacting the Maritime Transportation System

Cyber threats a real and active at the nation's ports, according to Rear Adm. Paul Thomas with the US Coast Guard.
FierceGovernmentIT

Millennials Don't Trust Government With Their Online Information

Twenty-two percent of Internet users ages 16 to 35 have "none" or "a little" trust in their government's online data security, according to an Intercede survey of U.S. and U.K. citizens.
Nextgov

Report Warns of Chinese Hacking

An American cybersecurity firm says that it has uncovered evidence that China has violated a recent agreement between Washington and Beijing that neither country would condone economic espionage.
Wall Street Journal

Lehigh Joins in Power-Grid Project to Prevent Cyberattacks

Researchers from Lehigh University, the University of Arkansas-Fayetteville, the University of Arkansas-Little Rock, Florida International University, and Carnegie Mellon University has been awarded a $12.2 million grant to develop methods to protect the nation's electric grid from cyber-attacks.
The Morning Call

White House, Congress Spar Over Cyber Deterrence

Although armed services lawmakers want the U.S. to make Cold War era-style threats to America's cyber adversaries, many cyber analysts say it would be counterproductive to promise a specific response to any particular cyberattack.
Politico Pro

Retailers Losing 1.32% of Revenue to Fraud

Merchants are losing an increasing amount of revenue to fraud, the LexisNexis True Cost of Fraud study shows.
Security Magazine

Quarter of Firms Can't Tell How Hackers Get in

Although most large companies have experienced a breach in the past 12 months, 23 percent of them do not know how the hackers gained access, according to a new survey sponsored by DomainTools
CSO Online

2013 attack on Metcalf, California power grid substation committed by “an insider”: DHS

A senior DHS official last Wednesday revealed that a 2013 sniper attack on a Metcalf, California energy grid substation – which the top U.S. electrical utility regulator has called "the most significant incident of domestic terrorism involving the grid that has ever occurred" -- may have been committed by someone on the inside.
Homeland Security Newswire

Application Attacks Against Clouds Up 45 Percent

Application attacks against clouds rose 45 percent last year, according to a new Alert Logic report based on an analysis of 1 billion security events in the IT environments of more than 3,000 enterprise customers.
CSO Online

Too Many Healthcare Employees Complacent About Security

Non-technical health care employees are too complacent about the possibility of a data breach, according to a new survey from Trustwave Holdings, Inc.
CSO Online

Report Says Business Leaders Gaining on Cybersecurity Risks

Business leaders are increasingly evaluating cybersecurity practices, and trying to develop innovative technologies that can help reduce enterprise risks and improve performance, according to the recently released Global State of Information Security Survey 2016.
Security Magazine

Fake LinkedIn Profiles Lure Unsuspecting Users

Hackers have linked to more than 200 legitimate LinkedIn profiles belonging to individuals working in the defense, telecommunications, government, and utility sectors, according to researchers from the Dell SecureWorks Counter Threat Unit.
InfoWorld

Protecting the U.S. power grid from cyberattacks

In the first half of Fiscal Year 2015, the Industrial Control Systems Cyber Emergency Response Team (ICS-CERT), part of the Department of Homeland Security, responded to 108 cyber incidents impacting critical infrastructure in the United States.
Homeland Security Newswire

Improve cybersecurity in energy delivery

Cyber networks support many important functions within energy delivery systems, from sending data between a smart meter and utility to controlling oil or gas flow in a pipeline.
Homeland Security Newswire

As Campus Fears Rise, So Do Efforts to Enact School Gun Laws

Earlier this month, Calif. Gov. Jerry Brown signed a law that would ban concealed weapons on school campuses.
New York Times

Though Less Publicized, Data Leaks Are More Prevalent Than Data Breaches

About 80 percent of information security professionals have experienced a data leak, according to a new Enterprise Management Associates (EMA)/FinalCode study.
government technology

DOJ Creates New Post to Oversee Domestic Terror Cases

The U.S. Department of Justice has created a new office to coordinate investigations into domestic terrorism, a top official said on Oct. 14, after a series of violent shootings have incited new fears about homegrown terror.
The Hill

Companies Need to Start Making Security Part of Their Brands, Experts Say

As cybersecurity concerns increase among consumers, security experts say that companies must take the issue seriously, or risk losing business, especially when it comes to the Internet of Things (IOT).
Technology Fox News

Predictive Policing Substantially Reduces Crime in Los Angeles During 21-Month Period

A team of scholars at UCLA devised a mathematical model to determine where the LAPD should deploy officers, and the project led to substantially lower crime rates during a recent 21-month period. Starting in 2011, the researchers analyzed crime trends to determine whether their model could predict when and where major crimes would occur in real time.
Homeland Security Newswire

NIST Tackles Email Security With a Two-Faceted Approach

The National Institute of Standards and Technology (NIST) is seeking to tackle email security issues with two new projects.
NIST

Cost Of Cybercrime Reaches $15 Million Annually Per Org

Ponemon Institute study details annual costs incurred by organizations with over 1,000 employees.
Dark Reading

Lack of Access Controls, Poor Password Policy Behind Target Breach, Says Internal Report

IT security pros are always emphasizing the need for strong password. That need came into the spotlight due to an internal Target breach report recently obtained by security blogger Brian Krebs.
FierceITSecurity

AT&T: Corporate IT Attacks Up 458 Percent in 2014

The number of times hackers tried to find security weaknesses in corporate IT systems rose 458 percent in 2014, according to AT&T's new Cybersecurity Insight Report.
LightReading

Market for Stolen Data Is Hotbed of Innovation, Brian Krebs Says

Hackers selling stolen data on the dark Web are a powerful source of business innovation, says cybersecurity reporter Brian Krebs.
Wall Street Journal

Healthcare Firms Three Times More Likely to See Data Breaches

According to a Raytheon|Websense report, companies in the healthcare sector are three times more likely to encounter data theft than the average firm.
CSO Online

Cyber and Reputation Risks Remain Top Concerns for Enterprises

Among potential risks to business operations, most firms consider cyber and IT risks to be the most likely, with the greatest impact, according to the 2015 International Business Resiliency Survey by Marsh.
Security Magazine

Alleged Oregon Shooter Discharged from Army After Suicide Attempt

Law-enforcement officials familiar with the investigation into the shooting at Umpqua Community College in Roseburg, Ore., last Thursday say the alleged shooter, Christopher Harper-Mercer, had earlier been discharged from the Army following a suicide attempt.
Wall Street Journal

Iranian Hackers May Be Lurking on LinkedIn, Report Says

Cybersecurity researchers have discovered a network of fake LinkedIn profiles that may have been used by hackers in Iran to form relationships with potential victims, according to a new report by Dell SecureWorks Inc.
Wall Street Journal

California Bans Concealed Guns on College Campuses

California Gov. Jerry Brown signed legislation that will ban the carrying of concealed guns on school and university campuses in the state.
Security Magazine

E*Trade, Dow Jones: 7 Breach Lessons

Two more firms in the financial services sector - E*Trade Financial and Dow Jones - have announced that they suffered data breaches that appeared to target not payment card data, but rather contact details for their customers or subscribers (see E*Trade, Dow Jones Issue Breach Alerts).
Data Breach Todau

T-Mobile Customers Hacked in Experian Breach: What You Need to Know

A massive data breach at Experian, one of the country's major credit rating bureaus that companies use to conduct credit checks, has exposed the personal information of as many as 15 million T-Mobile consumers, according to the mobile carrier.
ABC News

How job recruiters screen you on LinkedIn

There are 277 million users on LinkedIn, according to the company’s latest results, and many of them — though not all — are probably competing for the same jobs.
Market Watch

The growing link between intelligence communities and academia

The events of September 11 2001 were a catalyst for change in the intelligence profession.One noticeable change: The number of universities offering an intelligence studies-related degree has grown from a handful to few dozen.
Homeland Security News Wire

Bidding for Breaches, Redefining Targeted Attacks

A growing community of private and highly-vetted cybercrime forums is redefining the very meaning of “targeted attacks.”
DFI News

SCADA Vulnerability on the Rise

Recent reports show that industrial control systems (ICS) and supervisory control and data acquisition (SCADA) systems are increasingly at risk from cyber attacks, posing a threat to critical infrastructure and industry.
EE Times

Columbian University Installs Turnstiles to Improve Access Control

The University of Antioquia in Columbia installed four Boon Edam Trilock-75 turnstiles to boost physical security on campus.
Campus Safety

Staying Current With Building-Security Technology

A growing trend in building security is a holistic approach to security solutions, from what is being decided to who’s doing the deciding, Universal Protection Service’s business development manager Christy Gramann tells GlobeSt.com.
GlobeSt.com

Strategy, Risk Oversight Are Lead Areas of Boardroom Focus

The 2014 Board Practices Report: Perspectives from the Boardroom, addresses a range of board structural and financial topics, cybersecurity and data analytics, among other issues.
Wall Street Journal

Stop Wasting Your IT Budget on the Wrong Security Threats

A survey of 460 IT security professionals at July's Black Hat USA conference found a disconnect between the issues respondents said they were most concerned about, and what they spent the most time and budget addressing.
Tech Republic

Survey: Many Agencies Suffer Frequent Insider Hacking Attempt

Forty-five percent of federal agencies had employees or contractors that tried to access or exfiltrate unauthorized data during the last year, according to a recent MeriTalk survey of 150 federal IT managers.
Federal Times

Cyberattack 101: Why Hackers Are Going After Universities

With their vast stores of personal data and expensive research, universities are prime targets for hackers looking to graduate from swiping credit card numbers.
NBC News

Cybersecurity Poses Challenge to Accountants

A new report from Pace University and the U.S. arm of the Association of Chartered Certified Accountants (ACCA USA) says that accountants need to take a leading role in cybersecurity in order to protect the sensitive corporate and personal data they work with.
Accounting Today

5 Common Types of Unauthorized Access and How to Combat Them

Before purchasing an access control system, you must have a comprehensive understanding of what you need that system to do.
Secuity Magazine

Parking Spaces

The federal Bureau of Justice Statistics has reported that more than seven percent of violent victimization in the U.S. occur in parking lots or garages — commercial, noncommercial, or apartment and townhome facilities — and more than 11 percent of property crimes occur in these same lots.
Secuity Today

A Driver’s License Won’t Get You Through Airport Security if You Live in These States

At some point in 2016, driver's licenses from several states will not longer be considered sufficient to clear airport security and board an airplane. Residents of New York, New Hampshire, Minnesota, Louisiana, or American Samoa will need a passport to fly domestically.
Money

Corebot Cleverly Written Botnet Malware With Growth Potential

Corebot is a new type of botnet malware that researchers believe has the potential to develop into a significant threat.
Network World

Survey: Corporate Security Battle Is Being Lost

A recently released enterprise security survey by corporate security vendor Centrify Corp. has revealed that 59 percent of U.S. information technology managers have shared access credentials with other employees "somewhat often.
EnterpriseTech

China Seeks Out Unlikely Ally: U.S. Tech Firms

Chinese President Xi Jinping's visit to the United States this week will first involve meetings with tech executives in Seattle rather than government officials in Washington.
Wall Street Journal

Technology That Predicts Your Next Security Fail

Predictive analytics uses publicly available and privately sourced data to attempt to determine future actions.
CIO

SEC to Launch Second Round of Cyber Exams, Issues Risk Alert

The SEC on Tuesday released a set of questions for advisers and broker-dealers to answer regarding their cybersecurity preparedness, as the agency starts conducting its second round of cyber-related exams.
Think Advisor

The World’s Riskiest Tourist Attractions for Mobile Devices

Skycure has released a report which detailed a study of the world's most popular tourist attractions, identifying actual network threats occurring from mobile devices over the past year.
Security Magazine

Law Firms to Spend $6.9M to Keep Client Data Secure

Law firms are predicted to spend more than $6.9 million on information security in 2015, or 1.92 percent of their gross annual revenues, according to a survey of large law firms.
Bloomberg BNA

Insider Threats, Organizational Rigidity Pose Challenges for U.S. National Security: Study

According to Stanford professor Amy Zegart, U.S. national security is facing increasing challenges from insider threats and organizational rigidity.
Homeland Security News Wire

This Program Lets You Snap a Photo of Whoever's Trying to Hack You

A new program called LogMeOnce is giving users the option to take a picture of whoever is trying to access the accounts they've registered with the service.
Washington Post

Bumpy rash, achy joints, inflamed eyes? There’s a new disease in town

Never heard of the Zika virus? That may change soon. Almost unknown in humans until the past decade, Zika is now spreading fast through South America and Oceania, and it may soon knock on our doors, too.
Washington Post

3 Out of 4 Organizations Admit They Aren't 'Resilient' to Cyberattacks

A survey by the Ponemon Institute of more than 600 IT professionals in the United States found that just 25 percent of respondents rated their organization as highly resilient.
Fortune

Why Cybercrime Now Exceeds Conventional Crime

Online crime worldwide is increasingly displacing conventional forms of property crime, such as burglary and robbery.
Bank info Security

Criminals receive 1,425 percent return on investment from malware attacks: Report

Trustwave yesterday released its 2015 Trustwave Global Security Report which analyzes the top cybercrime, data breach, and security threat trends from 2014.
Homeland Security News Wire

Online Exclusive: Complying with Stringent Requirements

Governments are having to change their compliance standards and to increase the storage and analysis of this data.
Security Today

Survey: Executives Lack Confidence In Cybersecurity Posture

Security executives are increasingly aware of the cyber threats that could undermine the security of their organizations.
Homeland Security Today

Federal Agencies Continue To Experience Alarming Number Of Insider Cyber Threats

Despite a concerted effort to minimize insider threats, however, nearly half of federal agencies were targets of insider threats in the past year, according to a recent report by MeriTalk is a public-private partnership focused on improving the outcomes of government IT.
Homeland Security Today

8 Lessons to Learn from the Sony Breach

Last year, Sony Pictures Entertainment suffered one of the largest and most public cybersecurity breaches in history.
Security Magazine

The Most Influential People in Security 2015

Every year, Security magazine honors top security executives and leaders who positively impact the security industry, their organization, their colleagues and peers, as well as the national and global security landscape.
Security Magazine

6 Reasons Why Content is King in Command Centers

Building or upgrading a command center usually starts with facilities and equipment – ergonomic desks and chairs, LED displays and computers – as opposed to the content that supports the mission of command center staff. This approach does a disservice to your command center team by not prioritizing content that supports efficient risk management for your organization.
Security Magazine

5 Common Types of Unauthorized Access and How to Combat Them

Before you evaluate or purchase an access control system, it is critical to have a good understanding of what you need such a system to do.
Security Magazine

Survey Finds Organized Retail Crime Still Prevalent Across the Industry

According to the National Retail Federation’s 11th annual Organized Retail Crime Survey, which polled 67 senior retail loss prevention executives, nearly all (97%) retailers surveyed report that they have been a victim of ORC in the past year, up from 88.2 percent who said so last year.
Security Magazine

Study Shows How Security Impacts Employee Productivity

A study by Dell examines enterprise security's impact on productivity including the mobile workforce and passwords.
Security Magazine

Obama Threatens Sanctions Against China If Hacks Continue

President Obama characterizes the hacking of American businesses by Chinese hackers as an "act of aggression" against the United States and promises his administration will take action against the Chinese if they don't stop.
Data Breach Today

Second Russian Pleads Guilty in Massive Hacker Attack

A second Russian has pleaded guilty in connection with the largest U.S. hacking scheme, which resulted in the theft of more than 160 million payment card numbers.
Data Breach Today

Why Cybercrime Now Exceeds Conventional Crime

Online crime worldwide is increasingly displacing conventional forms of property crime, such as burglary and robbery.
Data Breach Today

New point-of-sale malware distributed by Andromeda botnet

Cybercriminals are casting increasingly wider nets in their search for new point-of-sale systems to infect.
CSO

Attack on Hacking Team spills global cyber-spying secrets

A dramatic breach at an Italian surveillance company has laid bare the details of government cyberattacks worldwide, putting intelligence chiefs in the hot seat from Cyprus to South Korea.
CBS News

More Retailers Hit by New Third-Party Breach?

CVS, Rite-Aid, Sam's Club, Walmart Canada and other large retail chains have suspended their online photo services following a suspected hack attack against a third-party service provider that may, in some cases, have resulted in the compromise of payment card data.
Bank info Security

Federally funded network anomaly-detection technology licensed to Ernst & Young

The Department of Homeland Security (DHS) Science and Technology Directorate (S&T) the other day announced that another cybersecurity technology has been licensed for commercialization.
Homeland Security News Wire

CISOs facing boards need better business, communication skills

As information security becomes a more important topic of interest, CISOs are increasingly asked to step up and brief boards on cyber issues
CSO

Absolute Collaborates with RSA to Offer Enhanced Endpoint Data Collection & Remediation

Absolute Software Corporation announced it has joined the RSA Ready Technology Partnership program.
Security Today

Malware's Stinging Little Secret

What do successful but separate malware attacks against banking customers around the world, as well as the White House and health insurer Anthem, all have in common?
Data Breach Today

Security Sector Business Roundup

There have been a number of recent, interesting business moves in the security space, from a range of companies, including Symantec and Cisco, plus Crowdstrike, Proofpoint, Fidelity National Information Services - better known as FIS - and Zscaler.
Data Breach Today

3 Steps to Evaluate Your Supply Chain Preparedness

Your supply chain is the lifeline of your business, but it also can be a significant vulnerability during a hurricane or a natural catastrophe or other event such as a cyber-attack, strike or delay.
Security Magazine

Just How Versatile is RFID Technology?

Not surprisingly, radio frequency identification (RFID) and that technology’s “little sister” real-time location systems (RTLS) seem to be everywhere doing just about everything.
Security Magazine

Redefining security visualization with Hollywood UI design

Most security interfaces today leave a lot to be desired, and many security pros are gaming enthusiasts, accustomed to a sharp and engaging virtual world.
Help Net Security

Maintaining security during your healthcare merger or acquisition

With continuous changes in the information security landscape and high profile breaches being announced on a seemingly weekly basis, healthcare providers need to ensure they are properly securing protected health information (PHI).
Help Net Security

BitTorrent clients can be made to participate in high-volume DoS attacks

A group of researchers have discovered a new type of DoS attack that can be pulled off by a single attacker exploiting weaknesses in the BitTorrent protocol family.
Help Net Security

Five points of failure in recovering from an attack

An over emphasis on defense is leaving the financial sector exposed to cyber attack.
Help Net Security

How innovation is disrupting the energy industry

We are currently witnessing shifts in major industries as a result of rapid technological innovation and industry interconnectivity.
World Economic Forum

How will China’s innovation change the world?

From the streets of Shanghai to Shenzhen’s technology incubators, to Beijing’s start-ups, innovation in China is thriving at a rate never seen before.
World Economic Forum

City of Lakeland, FL Chooses Genetec Technology to Improve Security

The City of Lakeland in Florida has recently standardized its security operations with Genetec Security Center, a unified security platform that combines video surveillance, access control and automatic license plate recognition systems into one central monitoring and management platform.
Security Today

Universal Protection Service to Acquire Guardsmark

https://security-today.com/articles/2015/08/04/universal-protection-service-to-acquire-guardsmark.aspx
Security Today

AMAG Technology Releases Symmetry CompleteView 4.5 Video Management System

AMAG Technology announces the release of Symmetry CompleteView Video Management System version 4.5 and four new Symmetry PowerProtect NVRs.
Security Today

Meeting The Needs Of A Changing Homeland Security Landscape

Meeting The Needs Of A Changing Homeland Security Landscape
Homeland Security Today

Multifactor Authentication Slowly Gaining Traction Amid Increasing Cyberattacks

Although multifactor authentication is becoming increasingly popular among companies looking for ways to improve their cybersecurity posture amid the increasing number of sophisticated and damaging cyber attacks, the password-only model of security is still going strong.
Homeland Security Today

Disrupting trust models: An evolution in the financial services sector

The way we interact with service providers – whether travel organisations, music suppliers or retailers – has changed to be almost unrecognisable from five years’ ago.
Help Net Security

File-stealing Firefox bug exploited in the wild, patch immediately!

The bug, reported by security researcher Cody Crews, allows attackers to violate Firefox' same origin policy and inject script into a non-privileged part of the built-in PDF Viewer. The flaw can be exploited to steal local files from a victim's computer.
Help Net Security

Pentagon's unclassified email system breached, Russian hackers blamed

Pentagon's Joint Staff unclassified email system, used by 4,000 military and civilian personnel, has been compromised by attackers, and it has been taken offline until the threat is dealt with.
Help Net Security

Macs can be permanently compromised via firmware worm

Security researchers Xeno Kovah and Trammell Hudson have discovered several flaws in the firmware installed on Apple computers, and have created a worm that can silently infect them and change the firmware in question to achieve persistence in the system.
Help Net Security

Fake "Windows 10 Free Upgrade" emails deliver ransomware

It didn't take long for malware peddlers to take advantage of the huge interest users have shown into Windows 10.
Help Net Security

Malicious advertisements surge! 260% spike in 2015

RiskIQ announced at Black Hat USA 2015 its latest findings on the prevalence of malvertising across the nearly two billion publisher pages and 10 million mobile apps it monitors per day.
Help Net Security

Malvertisers abused Yahoo’s ad network for days

A large-scale malvertising attack abusing Yahoo’s ad network has been hitting visitors of the Internet giant's many popular and heavy-traffic sites for nearly a week.
Help Net Security

Two Charged in 2011 Cyber Breach at Michaels Retailer

Two men were criminally charged over their alleged roles in a conspiracy to steal 94,000 credit and debit card numbers from Michaels Stores Inc.
Security Magazine

Addressing Cybersecurity and the Insider Threat

In the wake of massive data breaches such as those at the U.S. government’s Office of Personnel Management, health insurer Anthem and retailer Target, an enterprise’s initial reaction might be to tighten the security around networks and data.
Security Magazine

Identity Theft Tops Nation's Top Ten Consumer Complaints

Identity theft topped the list of fastest-growing complaints to state and local consumer protection agencies last year, according to the latest report from the annual survey conducted by Consumer Federation of America (CFA) and the North American Consumer Protection Investigators (NACPI).
Security Magazine

Security Officer Company Universal Protection Service Acquires Guardsmark

Universal Protection Service, a division of Universal Services of America and a portfolio company of Warburg Pincus and Partners Group, announced this week that is has acquired Memphis-based competitor Guardsmark. Together, these companies create the largest U.S.-owned security company.
Security Magazine

Android Security Flaw Leaves 950 Million Phones Vulnerable

Hackers could easily intercept someone’s phone without their authorization by sending a message, taking control of the device, and then deleting the message; thus eliminating any evidence of the hack.
Security Today

Cybercriminals are preying on existing vulnerabilities to plan future attacks

Solutionary performed a broad analysis of the threat landscape, which unearthed several key findings. They identified several campaigns targeting the bash vulnerability during the latest quarter - more than 600,000 events from 138 countries.
Help Net Security

Researchers devise passive attacks for identifying Tor hidden services

A group of MIT researchers have devised two attacks that could identify, with a high degree of certainty (88%), an anonymous hidden service or client.
Help Net Security

German prosecutors charge news Web site with treason over leaks of surveillance plan

German authorities have launched a treason investigation into a news Web site which had reported on government plans to broaden state surveillance of online communications.
Homeland Security NewsWire

Chemical plants provided incorrect information about toxic release risks: GAO

A new report from the Government Accountability Office (GAO) recommends that federal agencies should more carefully verify information provided by chemical facilities and improve compliance with safety standards.
Homeland Security News Wire

Communities near chemical plants should develop preparedness, response plans: Experts

Researchers found that despite the 2007 passage of the Chemical Facility Anti-Terrorism Standards (CFATS), only a few chemical facilities have completed the necessary security measures implementation.
Homeland Security News Wire

By Nearly Any Measure, Sunny South Florida is Tops in Fraud

Over the past decade or so, the three most populous South Florida counties - Miami-Dade, Broward and Palm Beach - have become less renowned for old-school "Miami Vice"-style drug shootouts than for scammers stealing hundreds of millions from the government, banks and individuals by using laptops, stolen identities and fake medical procedures.
Continuity Insights

U.S. military bases vulnerable to cyberattacks on their power, utility systems

U.S. military bases are at risk for cyberattacks against the bases’ power grid and other utility systems, according to a new report on defense infrastructure from the Government Accounting Office.
Continuity Insights

Adultery site Ashley Madison hacked, user data leaked

A group or individual known as The Impact Team claimed to be behind the attack and that it had data on all of Ashley Madison's 37 million users and its partner sites, Cougar Life and Established Men, all owned by Canada's Avid Life Media (ALM).
CNBC

Lawsuit says TSA Needs Formal Regulations for Full-Body Scanners

A federal lawsuit said the TSA should develop formal regulations for its full-body scanners.
Security Magazine

MN Lawmakers Want Access to Railroad Emergency Plans

Some Minnesota lawmakers and railroad safety advocates are concerned that new disaster plans are not being released to the public.
Security Magazine

STANLEY Security Debuts New Vertical and Centralized Operations Team

STANLEY Security announced the establishment of its new Vertical & Centralized Operations (VOPS) team and supporting Network Operations Center.
Security Today

AES Corporation Announces Issuance of a New U.S. Patent

AES Corporation, a manufacturer of private wireless mesh alarm communication networks, is pleased to announce that the United States Patent and Trademark Office has issued U.S. Patent No. 8,072,945 for AES Link Layered Networks.
Security Today

Breach Investigation Focuses on PNI

Experts Offer Insights on Thwarting Fraudsters
Data Breach Today

New Legislation Introduced to Replace Clery Act

Missouri Sen. Claire McCaskill has introduced pending legislation in the Senate called the Campus Safety and Accountability Act (CASA), intended to supplant or simplify the Clery Act.
Security Magazine

10 Steps to a Better Catastrophe Response Plan

Catastrophic events – both natural and man-made – occur in many forms and may severely affect a company’s ability to conduct its normal business.
Security Magazine

Ensuring Security and Compliance in a BYOD World

IT security is complicated enough. The widespread adoption of BYOD mobile devices and the overall consumerization of IT promise to complicate security efforts exponentially.
Security Magazine

Online Exclusive: A Perspective on Glass and the Terrorist Threat

The threat of terror, real or imagined, has focused the minds of building owners, architects, engineers, technologists and planners to better design buildings that can withstand a whole new array of risks.
Security Today

DHS S&T licenses third cybersecurity for commercialization

The Department of Homeland Security (DHS) Science and Technology Directorate (S&T) yesterday announced that another cybersecurity technology has been licensed for commercialization.
Homeland Security News Wire

Will ID Protection Offer Set New Standard?

Blue Cross Blue Shield plans' groundbreaking offer, in the wake of mega-breaches, of extended ID protection to all of the more than 106 million individuals covered by their insurance could set new expectations for breach response, some security experts predict.
Data Breach Today

Hacking of Government Computers Exposed 21.5 Million People

WASHINGTON — The Obama administration on Thursday revealed that 21.5 million people were swept up in a colossal breach of government computer systems that was far more damaging than initially thought, resulting in the theft of a vast trove of personal information, including Social Security numbers and some fingerprints.
The New York Times

The Stock Market Bell Rings, Computers Fail, Wall Street Cringes

Problems with technology have at times roiled global financial markets, but the 223-year-old New York Stock Exchange has held itself up as an oasis of humans ready to step in when the computers go haywire.
The New York Times

FBI Director: Potential July 4 Terror Plots Disrupted

Federal Bureau of Investigation Director James Comey on Thursday said a number of plots near the July 4 holiday by suspects inspired by Islamic State were disrupted by a spate of arrests, adding that law-enforcement officials are continuing to pursue leads as the militant group uses social media in a bid for followers.
Wall Street Journal

Cyber attack on U.S. power grid could cost economy $1 trillion: report

A cyber attack which shuts down parts of the United States' power grid could cost as much as $1 trillion to the U.S. economy, according to a report published on Wednesday.
Reuters

FBI Chief Punches Back On Encryption

James Comey, director of the Federal Bureau of Investigation, said Monday the country needs to have a “robust debate” about the use of message encryption by technology firms, warning that Islamic State militants and other terrorist groups could use this method to recruit “troubled Americans to kill people.”
Homeland Security Today

Comey again denounces default encryption in editorial

FBI Director James Comey again backed his stance against default encryption in an editorial published Monday on Lawfare.
SC Magazine

Analysts find exploits in Hacking Team leaks, investigate zero-day attacks

Researchers have found that a trove of leaked data belonging to Italian firm Hacking Team includes exploits, some of which target zero-day vulnerabilities.
SC Magazine

Illinois insurer says software error resulted in data exposure

Illinois-based Trustmark Mutual Holding Company is notifying an undisclosed number of individuals that a software error resulted in emails containing their personal information being sent to the wrong insurance carrier clients.
SC Magazine

DHS Interoperable Communications Bill Signed Into Law By President

Monday, the DHS Interoperable Communications Act (HR 615), which requires the Department of Homeland Security’s (DHS) Under Secretary for Management to maintain interoperable communications among the components of the department was signed into law by President Obama.
Homeland Security Today

USD Creates New Cyber Security Center

The University of San Diego will create a center that will address cyber-security issues and offer graduate degree programs.
Security Magazine

Minimizing Risks from Contractors and Temporary Employees

Businesses and government agencies see value in using temporary workers, contractors and subcontractors. Nothing could go wrong. Right?
Security Magazine

New Ebola Cases Raise Concern of Potential New Outbreak

Three new cases of Ebola have been confirmed in Liberia, following the death of a teenager from the virus on June 28 and after the West African nation had been declared Ebola Free back in May.
Firestorm

Gun Cell Phone Case Will Get Someone Killed

Cell phone cases come in all shapes, sizes, colors and designs. A new design, however, caught our attention at Firestorm.
Firestorm

New York Stock Exchange Blames Shutdown on 'Configuration Issue' as Dow Falls

The Dow Jones Industrial Average took a triple digit hit today after trading on the New York Stock Exchange (NYSE) was halted for three and a half hours.
ABC News

United Airlines Will Pay Bug Hunters in Air Miles

United Airlines has announced it will reward anyone who is capable of proving a remote code execution on any of its planes’ Wi-Fi networks in airline miles. This announcement comes after both the FBI and TSA asked airlines to start looking for theoretical hacks to their in-flight Wi-Fi.
Security Today

Security Firm Discloses Details of Amazon Fire Phone Vulnerabilities

The operating system update released in May by Amazon for its Fire Phone resolves three vulnerabilities discovered by researchers at information security consultancy MWR InfoSecurity.
Security Week

Honeywell, Intel Team on Industrial Cyber Security

Honeywell Process Solutions (HPS) and Intel Security said this week that they will combine forces to boost protection of critical industrial infrastructure and the “Industrial Internet of Things” (IIoT).
Security Week

Default SSH Keys Expose Cisco's Virtual Security Appliances

Cisco warned on Thursday that as a result of default encryption keys in three of its security products, customers are at risk of an unauthenticated remote attacker being able intercept traffic or gain access to vulnerable systems with root privileges.
Security Week

FAA panel to focus on top cybersecurity risks to aircrafts

An advisory committee formed by the U.S. Federal Aviation Administration (FAA) aims to develop international design and testing standards that will thwart cyberattacks against aircrafts.
SC Magazine

Study: Click-fraud malware often leads to more dire infections

Although often considered relatively innocuous, click-fraud malware infections could be the start of serious enterprise security issues.
SC Magazine

Malware on Tactical Assault Gear website targets customer information

North Carolina-based LC Industries, Inc., which operates the Tactical Assault Gear website, is notifying thousands of customers that malware discovered on the website was being used to gain access to personal information.
SC Magazine

Employee with California bank puts customer loan data at risk

An employee with California-based Bank of Manhattan Mortgage Lending handled mortgage loan files stored on a removable disk drive in a manner contrary to the bank's policies and instructions, possibly leading to the unauthorized disclosure or use of customer information in the files.
SC Magazine

Fourth of July Terror Warning Issued by FBI, Homeland Security

Federal authorities have warned local law enforcement officials across the country about a heightened concern involving possible terror attacks targeting the July 4th holiday.
Security Magazine

OSHA to Increase Enforcement at Hospitals, Nursing Homes over Work-Related Injuries

The U.S. Department of Labor's workplace safety division is increasing its enforcement efforts in hospitals and nursing homes.
Security Magazine

DOD’s Infrastructure Capabilities Must Be A Priority For Chemical And Biological Defense, GAO Says

From North Korea’s weapons of mass destruction (WMD) program to the 2014 Ebola virus outbreak, the United States faces—and will continue to face—a number of ever-evolving chemical and biological threats that threaten to undermine the peace, stability and security of the nation.
Homeland Security Today

China, U.S. Plan Cyber 'Code of Conduct'

At the end of a two-day China-U.S. strategic summit in Washington, U.S. Secretary of State John Kerry said June 24 that both sides had agreed on the need to create and abide by a new cyber "code of conduct."
Data Breach Today

Survey: 75 percent of companies have significant risk exposure

A misallocation of resources may account for nearly 75 percent of the respondents in RSA's inaugural Cybersecurity Poverty Index believing that their companies have significant cybersecurity risk exposure, results of the survey indicated.
SC Magazine

AeroGrow says malware likely compromised payment card data

Colorado-based AeroGrow International, Inc. is notifying an undisclosed number of individuals who shopped on its website – AeroGarden.com – that malware was likely used to infiltrate AeroGrow's online servers, and that payment card data may have been compromised.
SC Magazine

Incumbent TSA Leader Shares Worries about Airport Security

Coast Guard Vice Adm. Peter Neffenger has said that he plans to fully identify any gaps in airport security and close them if he is to be confirmed by the Senate to lead the TSA.
Security Today

Online Exclusive: Who's Minding Your Surveillance Systems' Performance?

Video surveillance has undergone a rapid evolution in recent years. What was once a high-tech luxury has grown into a crucial element of physical security.
Security Today

International Operation Takes Down Cyber Fraudsters; Duqu Returns

This week, a joint international operation led to the dismantling of a group of cybercriminals active in Italy, Spain, Poland, the United Kingdom, Belgium and Georgia who are suspected of committing financial fraud involving email account intrusions.
Homeland Security Today

How To Check The Box … And Box-Out The Hackers - Identity Has Become The New Security Perimeter

Recent high profile attacks ranging from Sony Pictures Entertainment and Anthem, Inc. to the Office of Personnel Management and the United States Postal Service have accentuated the massive vulnerabilities that exist in the present security framework.
Homeland Security Today

The Unmanned Helping Hand: The Role Of UAVs In Disaster Recovery

While privacy and safety concerns lead the fight against the developing equipment, the ability to have a rapidly deployable eye-in-the-sky can provide vital assistance to first responders in emergency and disaster responses -- providing unprecedented situational awareness to those making decisions and allocating the limited assets available.
Homeland Security Today

Analysis: Ponemon Breach Cost Study

Larry Ponemon, founder and chairman of the Ponemon Institute, offers an in-depth analysis of the results of the organization's 10th study of the costs of data breaches, which found, for example, that rapid growth in hacker attacks is leading to escalating costs.
Data Breach Today

Cisco to Launch New Security Platform

Organizations are awash in security-related information, but too often they use too little of it - at least until it's too late. In part, that's because trying to link data from disparate security tools - such as firewalls, sandboxes, intrusion protection systems, anti-virus and identify management tools - by using back-end integration isn't always successful, and thus is not stopping data breaches, says Martin Roesch, chief architect for security at Cisco Systems.
Data Breach Today

Report: OPM Breach Found During Demo

The massive data breach at the U.S. Office of Personnel Management reportedly wasn't discovered by U.S. government sleuths - or the Department of Homeland Security Einstein intrusion detection system - but rather during a product demo.
Data Breach Today

Trade secrets allegedly sold to China by Temple physics chair

The chair of Temple University's physics department has been charged with four counts of wire fraud after allegedly selling trade secrets to China, according to the U.S. Justice Department.
South Jersey Times

Breach Of OPM Employee Records Raise More National Security Concerns, Officials Say

The theft of up to 4 million sensitive federal employees’ records maintained by the Office of Personnel Management (OPM) likely had a lot more to do with a foreign government’s spying and espionage activities than anything else, US counterintelligence authorities told Homeland Security Today on background because they aren’t authorized to officially discuss the matter.
Homeland Security Today

Canada Expands Biometric Screening Measures To Better Protect Its Borders PM Announces

Canadian Prime Minister Stephen Harper announced Thursday that a number of new measures that will increase the safety and security of Canadians are being implemented to protect Canada’s borders.
Homeland Security Today

Highlighting the Hotsheet: Cargo Theft Spikes Dramatically in Q1 2015

CargoNet announced the Q1 statistics for cargo theft and they were dramatic: a full $23 million worth of property was stolen, $14 million more than during the same period last year
Security Today

Insurer Seeks Breach Settlement Repayment

Columbia Casualty, a cyber-insurer that paid more than $4 million, plus defense attorney expenses, to settle a class action suit that was filed against its client, Cottage Health, in the wake of a 2013 data breach is now trying to claw back the payments.
Data Breach Today

Report: NSA Expanded Internet Spying

The National Security Agency secretly expanded its warrantless surveillance of Americans' international Internet traffic to seek evidence of malicious computer hacking, according to documents leaked by former NSA contractor Edward Snowden, Pro Publica and The New York Times report.
Data Breach Today

Small businesses surveyed on EMV awareness, many still unclear on liability shift

A survey of management-level employees at small businesses in the U.S. found that 42 percent were unaware of the EMV liability shift deadline this October.
SC Magazine

Texas Lawmakers Pass Bill Allowing Guns on College Campuses

Students and faculty members at public and private universities in Texas could be allowed to carry concealed handguns into classrooms, dormitories and other buildings under a bill passed by the Texas Legislature.
Security Magazine

Making the CSO the Next Enterprise Leader

Congratulations, security executives, soon you will officially be the “corporate rock-star.”
Security Magazine

HOUSTON FLOODING - BUSINESS IMPACT

In a recent Firestorm and Black Swan webinar, Michelle Colosimo, Black Swan Solutions Director, explains the financial impact of closing down an airport for a day.
Firestorm

State-Sponsored Cybercrime: A Growing Business Threat

It’s not just governments that are feeling the disastrous effects of state-sponsored cyber warfare and crime.
Dark Reading

US Banks Close Branches Along Mexico Border to Prevent Money Laundering

Major US banks have recently closed branches along the southern border with Mexico in an attempt to crack down on money laundering, a reflection of the ease with which Mexican drug traffickers can legitimize illicit proceeds north of the border.
In Sight Crime

Nasty Police Scareware Triples Ransom If Users Try to Unlock Device on Their Own

A stubborn piece of police scareware holds Android devices hostage until a fee is paid via Money Pak and PayPal My Cash transfers, and it increases the ransom to $1,500 / €1,400 if users attempt to unlock the device on their own.
Softpedia

IRS cut its cybersecurity staff by 11% over four years

The Internal Revenue Service, which disclosed this week the breach of 100,000 taxpayer accounts, has been steadily reducing the size of its internal cybersecurity staff as it increases its security spending.
Computerworld

IRS believes massive data theft originated in Russia

The Internal Revenue Service believes that a major cyber breach that allowed criminals to steal the tax returns of more than 100,000 people originated in Russia, Rep. Peter Roskam confirmed to CNN on Thursday.
CNNMoney

Most Organizations Still Unable to Identify Phishing Emails, Survey Finds

Recent research has shown that individuals and organizations continue to be susceptible to email phishing, failing to correctly identify phishing emails and clicking on malicious links.
Homeland Security Today

Millennials Represent Greatest Risk to Corporate Data

The Millennial generation poses a greater risk to data security than other categories of users, according to an Absolute Software survey of 762 North American adults.
eweek

Survey Finds Median Employee Theft Loss of $280,000 for US Organizations

According to the 2015 Hiscox Embezzlement Watchlist, United States organizations with less than 500 employees experienced a median loss of $280,000 per year due to employee theft.
Security Magazine

An Elephant in the Living Room

Employers and security managers are becoming increasingly aware of potential security threats, but one area is still a concern because of how easily hackers can utilize it.
Security Today

Financial Firms Grapple With Cyber Risk in the Supply Chain

Last year saw a record high of 783 data breaches, the Identity Theft Resource Center reports, and access to systems through compromised third parties or subcontractors was the second most common cause of IT breaches in 2013 and 2014.
Wall Street Journal

Employees Still Visit Dangerous Sites at Work, Despire Awareness of Risk

A new study conducted by market researchers Vanson Bourne and published by security firm Blue Coat finds that despite being "fully aware" of the risks, many employees still visit inappropriate websites while at work.
FierceCIO

Average Cost of Computer Breach is $3.79 Million

A Ponemon Institute and IBM survey revealed that the average cost of a computer breach at large companies globally was $3.79 million.
USA Today

Bots Now Outnumber Humans on the Web

Bot traffic has surpassed human traffic on the Internet, according to a Distil Networks report.
CSO Online

PSA Security Network Announces New National Deployment Program

PSA Security Network unveiled a new platform for its National Deployment Program, bringing real time integrator search and mapping capabilities online to PSA integrators.
Security Today

Online Exclusive: How Perimeter Security is Improving Rail Transportation Security

An emerging effective and cost-efficient solution to help freight rail carriers improve security is integrated security technology including smart thermal cameras, PTZ tracking solutions and target-mapping display software.
Security Today

United Airlines Will Pay Bug Hunters in Air Miles

United Airlines has announced it will reward anyone who is capable of proving a remote code execution on any of its planes’ Wi-Fi networks in airline miles.
Security Today

Hacker leaks sensitive info of millions of Adult FriendFinder users

Information of over 3.5 million users of dating site Adult FriendFinder has been stolen and leaked online, and is being used by spammers, scammers and phishers, a Channel 4 investigation into the Deep Web has revealed.
Help Net Security

Trojanized, info-stealing PuTTY version lurking online

A malicious version of the popular open source Secure Shell (SSH) client PuTTY has been spotted and analyzed by Symantec researchers, and found to have information-stealing capabilities.
Help Net Security

U.S. Charges 6 Chinese with Insider Theft

Federal authorities have indicted six Chinese nationals for economic espionage, and apprehended the ringleader, a Chinese professor, accusing him of pilfering trade secrets from the computer systems of two American high-tech companies, where he and a co-conspirator once worked.
Data Breach Today

Massive 'Logjam' Flaw Discovered

Numerous websites, mail servers and other services - including virtual private networks as well as "all modern browsers" - that rely on Transport Layer Security have a 20-year-old flaw that could be exploited by an attacker "to read and modify any data passed over the connection."
Data Breach Today

IBIA Says Expanding PreCheck Should Be Based On Strong, Proven Security Standards

The Transportation Security Administration's (TSA) exclusive use of biographic data solutions “in its prospective attempt to expand the PreCheck travel screening program” is “strongly” being questioned by the International Biometrics & Identification Association (IBIA
Homeland Security Today

Cyber Experts Warn Airlines Should Be In A Cyber Panic Over Potential Vulnerabilities

“I really believe in this. This is serious shit,” exclaimed The Security Awareness Company CEO and veteran cybersecurity guru Winn Schwartau in response to recent concerns terrorists or malicious actors could hack into the computerized systems of passenger aircraft and take control of them.
Homeland Security Today

Most Organizations Still Unable To Identify Phishing Emails, Survey Finds

Despite a number of reports over the last year indicating phishing scams continue to be a primary method of accessing personal information and breaching an organization, individuals continue to take the bait.
Homeland Security Today

How a hacker could hijack a plane from their seat

Reports that a cybersecurity expert successfully hacked into an airplane’s control system from a passenger seat raises many worrying questions for the airline industry.
Homeland Security News Wire

DHS S&T completes Virtua Shooter robotic device, delivers it to ICE

The U.S. Department of Homeland Security (DHS) Science and Technology Directorate (S&T) the other day announced the successful completion of a robotic device that tests multiple types of handguns and ammunition.
Homeland Security News Wire

Subway's New Anti-Theft Measure Sprays Dyes on Thieves

Subway will be soon adding an extra measure of security to protect its tens of thousands of franchise locations around the country, reports WATE. Instead of extra alarms or bells, the new security system, manufactured by SelectDNA actually sprays intruders, robbers, or other criminals, with a chemical that marks offenders as they try to exit the shop, reports Fox News.
Security Magazine

New Law Will Allow Teachers to Carry Guns in Oklahoma Schools

A bill signed into law this week will allow certain school employees in Oklahoma to carry guns on school property.
Security Magazine

Cyber Attacks on News Organizations: ISIS Changes Tactics to Win Mindshare

As part of its arsenal of battlefield tactics, the Islamic State (ISIS) has added cyber-attacks to its list.
Security Magazine

Hackers Have Figured Out How to Steal from Starbucks Cards

According to multiple users, hackers who get a username and password can steal money through a Starbucks’ card until the customer or credit-card company stops them. Thieves can transfer the balance onto a card they hold, wait for the Starbucks’ card to reload, then repeat the process over and over.
Security Today

Sensitive customer data leaked following mSpy data breach

mSpy, a company that sells "customized and user-friendly mobile and computer monitoring solutions," has apparently suffered a data breach.
Help Net Security

Plan OK'd to Drill into BP's Ill-Fated Macondo Reservoir

Deep-water drilling is set to resume near the site of the catastrophic BP PLC well blowout that killed 11 workers and caused the nation's largest offshore oil spill five years ago off the coast of Louisiana.
Continuity Insights

MKS Makes a Big Industry Splash at ISC West 2015

Kicking off their 30th year as a company, the newly rebranded MKS (Micro Key Solutions) made a big splash within the industry during ISC West 2015. The first recognition was for MKS President, Victoria Ferro who was selected by the Women’s Security Council as one of the Woman of the Year in the Security Industry.
Security Today

Statue of Liberty Evacuated

The Statue of Liberty and Liberty Island were evacuated Friday afternoon due to reports of a suspicious package, law enforcement officials said.
Security Today

Verizon Data Breach Study Finds Olds Flaws Still Dangerous

The 2015 edition of the DBIR provides insight into the state of cyber-security in 2014
Security Today

100,000 web shops open to compromise as attackers exploit Magento bug

A critical vulnerability found in Magento, the most popular content management system for e-commerce sites, is being exploited by hackers to get their hands on users' personal and payment card information, Ars Technica reports.
Help Net Security

High-profile data breaches made most CEOs re-examine security programs

There has been increased board- and C-level interest in information security programs in light of recent high-profile data breaches such as those affecting Sony, Anthem and JP Morgan, the results of a Netskope survey have revealed.
Help Net Security

RSA 2015: In the healthcare industry, security must innovate with business

The cost per healthcare record stolen in a data breach in 2014 was $359, a figure that Frank Kim, CISO with the SANS Institute and former executive director of cyber security with Kaiser Permanente, said he found alarming.
SC Magazine

Microsoft expands bug bounty program to include Project Spartan

Microsoft announced plans on Wednesday to expand its bug bounty program to include Project Spartan, the company's new browser, and Azure, the company's cloud platform.
SC Magazine

Data at risk for 9,000 individuals following unauthorized access to SRI Inc. website

Indiana-based SRI Incorporated – which conducts tax sales, deed sales and foreclosure sales relating to the recoupment of delinquent tax for local governments – is notifying roughly 9,000 individuals that their personal information may be at risk.
SC Magazine

Banks Try to Block Target Settlement

A group of financial institutions affected by the 2013 Target data breach that exposed at least 40 million payment cards is asking a court for a preliminary injunction to block the proposed settlement between the retailer and MasterCard that would provide $19 million to card issuers.
Data Breach Today

Beyond HIPAA Risk Assessments: Added Measures for Avoiding PHI Breaches

Last year, several high profile security incidents occurred at healthcare organizations where a HIPAA Risk Assessment (HSRA) had previously been conducted.
Data Breach Today

Chandler Says Leadership is Critical in Avoiding Ethical Disasters

Dr. Robert Chandler, Director of the Nicholson School of Communications at the University of Central Florida, discussed the impact of ethical disasters and the role of upper management in preventing them at the 2015 Continuity Insights Management Conference on Tuesday, April 21.
Continuity Insights

Water Scarcity Could Become an Emerging Topic for BC Pros

Forbes discussed potential consequences of water scarcity, including terrorism, supply chain disruption and competitive advantage, that would impact business continuity and resilience professionals.
Continuity Insights

The Rise of the Chief Security Officer: What it Means for Corporations and Customers

At the urging of the board, CEOs are putting a premium on hiring a first-rate Chief Security Officer (CSO) to lead the charge to protect company and consumer data.
Forbes

Implementing new food safety measure hampered by lack of funding

Roughly forty-eight million Americans have food-borne illness each year, and according to the Centers for Disease Control and Prevention, 128,000 of them are hospitalized, and 3,000 die.
Homeland Security News Wire

Insider Breach Costs AT&T $25 Million

AT&T is paying a hefty price - $25 million - for call center employees in Mexico, Colombia and the Philippines accessing personally identifiable information from some 278,000 customer accounts without authorization.
Bank info Securityi

Anti-Hacker Executive Order: 5 Concerns

Declaring a national emergency over hack attacks, President Obama signed an executive order authorizing the government to impose sanctions on hackers.
Bank Info Securityi

U.S. grid vulnerable to cyber, physical attacks

The U.S. electric grid remains vulnerable to cyber and physical attacks, putting millions of households at risk from outages that could last a few days or weeks.
Homeland Security NewsWire

California imposes first mandatory water restrictions in state history

Standing on a patch of brown grass in the Sierra Nevada mountains, which is usually covered with several feet of snow at this time of the year, California governor Jerry Brown announced the first mandatory water restrictions in state history.
Homeland Security News Wire

Extended Oregon drought raises concern over states water security

Facing the fourth straight year of drought, Oregon officials are worried that the state’s water security may be in jeopardy, as is already the case in California, which has just announced its first-ever mandatory water restrictions.
Homeland Security News Wire

Water scarcity a contributing cause of wars, terrorism in the Middle East, North Africa

The UN defines a region as water stressed if the amount of renewable fresh water available per person per year is below 1,700 cubic meters.
Homeland Security News Wire

Police department pays ransom after hackers encrypt department's data

Last December, cyberterrorists hacked into servers belonging to the Tewksbury Police Department, encrypted the data stored, and later asked for a $500 bitcoin ransom to be paid before department officials could regain control of their files.
Homeland Security News Wire

China increasing significantly funding for cyber warfare capabilities

U.S. intelligence officials have warned that China is increasing significantly its investment in cyber warfare programs in an attempt to compete with the U.S. military.
Homeland Security News Wire

Accounting Fraud, Meet the SEC's 'Robocop"

Companies are also leveraging data analytics to find their own accounting problems before the government does.
Corporate Counsel

Disconnect Between Audit Committee and Audit Executives, Survey Shows

Chief audit executives and audit committee members see internal audit priorities differently, according to an annual Grant Thornton survey.
CGMA Magazine

8 Steps to Stronger Information Risk Management

How CFOs can balance the risk/reward equation to spark CEOs' interest in information risk management decisions?
CFO

OECD releases draft mandatory disclosure

Countries should require mandatory disclosure of certain tax planning strategies from both companies and tax advisers, the Organisation for Economic Co-operation and Development (OECD) recommended in a draft proposal issued on Thursday.
CGMA Magazine

3 steps to a more socially responsible supply chain

Prioritising sustainability issues in the supply chain yields a number of quantifiable benefits to organisations, including increased competitiveness.
CGMA Magazine

HID Global Unveils ActivID Tap Authentication Solution

HID Global introduced the ActivID Tap Authentication platform for convenient and secure multi-factor authentication to cloud applications and web services.
Security Today

Blend of old and new techniques help attackers dodge detection, report says

The report, which zeroes in on eight behavioral and technique-based trends regarding cybercrime, found that cybercrime has become easier as threat actors can rent exploit kits, take advantage of malware-as-a-service (MaaS) and even use subcontractors to create and execute attacks aimed at stealing data.
SC Magazine

Russian hackers executed the US State Department, White House network breaches

The October 2014 breaches of some of the computer systems of the US State Department and the White House have been executed by Russian hackers, unnamed US officials familiar with the investigation told CNN reporters.
Help Net Security

Cyber crooks go after enterprise millions with Dyre malware, social engineering

An experienced and resource-backed cybercrime gang" is using the relatively new Dyre/Dyreza banking Trojan coupled with effective social engineering to steal millions from businesses, IBM Security Intelligence researchers John Kuhn and Lance Mueller warned.
Help Net Security

Are you prepared for dealing with a breach?

RSA, The Security Division of EMC, released the results of a new global breach readiness survey that covered thirty countries and compared those global results with a survey of the Security for Business Innovation Council (SBIC), a group of top security leaders from the Global 1000.
Help Net Security

About 40 percent of lone-wolf terrorists are driven by mental illness, not ideology: Researchers

Researchers have long studied the relationship between mental illness and terrorism, particularly lone-wolf terrorists.
Homeland Security News Wire

IT security spending grows, but confidence in cyber protection measures does not

A new report looking at how organizations view the future of cyberthreats and these organizations’ current defenses, found that while IT spending is increasing, confidence in the efficacy of cyber protection is declining.
Homeland Security News Wire

IBM will invest $3 billion in new IoT unit

IBM plans to invest $3 billion over the next four years to create an Internet of Things (IoT) business unit along with a cloud-based platform to help build (IoT) solutions.
SC Magazine

Infostealer Laziok targets energy companies

Energy sector companies based in the Middle East are the most recent targets of a reconnaissance campaign aimed at infecting systems to gather information about companies' inner-workings, according to Symantec researchers.
SC Magazine

Brink's cash management unit in India being eyed for acquisition

A host of potential buyers have lined up to buy global security and protection company Brink’s’ cash management business in India, as the Richmond, Virginia (US)-headquartered firm looks to hive off the unit as part of global strategic review.
Security Today

3 Big-Picture Themes CISOs Should Track At Interop

Preparations are well underway for staging one of the biggest Interop conferences yet.
InformationWeek

Yahoo releases e2e encryption source code and launches 'on-demand' passwords

Yahoo took advantage of South by Southwest's (SXSW) opening weekend this week to make major announcements surrounding its security protocol. Primarily, the company announced its new “on-demand” passwords, and followed up with news that its end-to-end encryption source code for Yahoo Mail was available on GitHub.
SC Magazine

U.S. senator introduces bill aimed at federal breach notification standard

U.S. Sen. Mark Kirk will be introducing a bill aimed at putting a place a federal breach notification standard that all organizations companies across the nation would have to abide by. The legislation would require companies to notify its customers if more than 1,000 credit card numbers are compromised in the breach, a number which he finds reasonable, according to the Alton Daily News.
SC Magazine

Genetec and Prism Skylabs Help Retailers Gain In-store Insights

Genetec, a manufacturer of unified IP security solutions, announced that its flagship security platform, Security Center, now supports the Prism analytics package from Prism Skylabs, to provide cloud-based, business intelligence tools for retailers.
Security Today

A billion data records leaked in 2014

2014 was the year when "designer vulnerabilities" emerged, when breaches and security incidents were being announced so fast that we struggled to keep up, when old financial malware began being used to hit new targets.
Help Net Security

Search for vulnerable servers unearths weak, thousands-times repeated RSA keys

A group of researchers from the Information Security Group from Royal Holloway, University of London, wanted to see how many TLS servers still supported the weak, export-grade (512-bit) RSA public keys a week after the public disclosure of the FREAK flaw. On March 3, the number of vulnerable HTTPS servers reached around 26 percent of the total. A week later less than 10 percent of them did.
Help Net Security

What pokes holes in virtual environments?

While most companies believe virtualization technology is a strategic priority, there are clear risks that need to be addressed. Ixia surveyed more than 430 targeted respondents in South and North America (50 percent), APAC (26 percent) and EMEA (24 percent).
Help Net Security

Class Action Lawsuit Filed Against Uber for Data Breach

Ride-hailing service Uber has been hit with a proposed class-action lawsuit over a recently disclosed data breach involving the personal information of about 50,000 drivers, Reuters reports.
Security Magazine

The CSO’s New Role: Guarding Company Reputation

The highly-publicized data breaches of 2014 changed the role of corporate security professionals as we know it. Now, more than ever, security IT issues have high-priority business impact and, as a result, companies face tougher expectations around protecting individuals affected by a data breach.
Security Magazine

Investigation Finds Hundreds of Airport Security Badges Missing

An investigation found hundreds and potentially thousands of airport security badges are unaccounted for across the country.
Security Today

Mall of America Heightens Security after Al-Shabab Threat

The Mall of America has heightened its security efforts after a video claiming to be posted online by a Somali group affiliated with al Queda called for attacks against the mall, according to a report.
Security Today

U.S. Government Contracts with Quebec Biotech Company to Make Anti-Ebola Drug

A Quebec City biotech company has been awarded a contract to make a ZMapp-like product to fight Ebola.
Continuity Insights

Critical vulnerabilities affecting SAP business critical apps

Onapsis released five security advisories detailing vulnerabilities in SAP BusinessObjects and SAP HANA enterprise software.
Help Net Security

Clapper: Cyberthreats to Worsen

National Intelligence Director Blames Iran for Casino Hack

The director of national intelligence, James Clapper, paints a grim picture of the cyberthreats the nation faces, saying as bad as 2014 was, 2015 and the coming years will be worse.
Data Breach Today

NEWS ALERT: Hacktivists claim to have accessed files from private U.S.-based defense group

In an email sent to an SC Magazine editorial executive, a group identifying itself as CyberBerkut – reported pro-Russian hacktivists – said it had gained access to files on the mobile device of a Green Group official who “recently visited Kiev as a member of American military delegation.”
SC Magazine

Researchers investigate link between Axiom spy group, Anthem breach

When news of the Anthem breach first surfaced, investigators claimed that malicious tools, linked exclusively to Chinese cyber attackers, were used against the health insurer. Now, an Arlington, Va.-based security firm has released its own research that expands on these findings.
SC Magazine

Benefits, costs of hydraulic fracturing

Hydraulic fracturing and horizontal drilling have had a transformative, positive effect on the U.S. economy, producing societal gains that likely outweigh negative impacts to the environment and human health from an economic perspective, according to a new paper.
Homeland Security News Wire

Poor decision-making may lead to cybersecurity breaches

Recent high-profile security breaches, such as those at Target, Anthem Inc., and Sony Pictures, have attracted scrutiny to how the seemingly minor decisions of individuals can have major cybersecurity consequences.
Homeland Security News Wire

U.S. Sees Major Q4 Spikes in Cargo Thefts

The 2014 SC –ISAC Q4 report details a major surge in the volume of cargo thefts in the U.S. According to the report, “We had been seeing a somewhat downward trend in the incidents, but this trend has stopped and reversed.”
Security Today

Hackers Stole from 100 Banks

Kaspersky Labs reported that it has uncovered how hackers surreptitiously installed spying software on bank computers, eventually learned how to mimic bank employee workflows and used the knowledge to make transfers into bank accounts they had created for this theft, said CNN Money.
Security Magazine

Lawmakers seek to create single food safety agency to improve oversight

Lawmakers are seeking to pass a bill which would a single food safety agency to replace the current multi-agency system, which critics say is "hopelessly fragmented and outdated.
Homeland Security News Wire

Growing demand for cyber insurance, especially by small and mid-size businesses

Technology startup firms are leading the way in ensuring not only the security of their customers, but their own security as well. American businesses are expected to pay $2 billion for cyber insurance premiums in 2014, a 67 percent increase from just one year earlier.
Homeland Security News Wire

Breach index: Mega breaches, rise in identity theft mark 2014

A global study found that more than one billion records were compromised in data breaches last year.
SC Magazine

Ransomware delivered via fake Chrome and Facebook emails, tied to PayPal phishing

Researchers with Trend Micro are seeing upgraded CTB-Locker ransomware being delivered in fake Google Chrome and Facebook emails as part of an attack that is also tied to a PayPal phishing campaign.
SC Magazine

16 million mobile devices infected by malware

Security threats to mobile and residential devices and attacks on communications networks rose in 2014, threatening personal and corporate privacy and information.
Help Net Security

Corporate users hit with fake Microsoft email delivering sneaky malware

A well-crafted and extremely legit-looking spam email campaign is currently targeting corporate users around the world, ultimately leading the victims to difficult-to-detect malware that downloads additional malicious programs on the target's computer.
Help Net Security

CIO of Year' on Defending Against Hackers

Bolstering defenses against phishing, malware and remote attacks, as well as broader implementation of encryption and a rollout of multifactor authentication, are among this year's information security priorities at the University of Michigan Hospitals and Health Centers, says CIO Sue Schade.
Data Breach Today

Obama to Issue Cybersecurity Executive Order

President Obama has gone to Silicon Valley to pitch his cybersecurity agenda and issue an executive order to encourage more private sector information sharing.
Data Breach Today

Zero days' last up to six months for some malware

The majority of new malware is added to antivirus signature databases within 24 hours of first appearance, and 93 percent is detected within a month, but it can take as long as six months for antivirus to catch the remaining 7 percent, according to a new study by Atlanta-based security vendor Damballa, Inc.
CSO Online

CISOs cut out of cyber-insurance decision making, study suggests

Most large enterprises in the UK still aren't managing risk through dedicated cyber-insurance policies and the few that do buy based on recommendations by legal rather than IT departments, an analysis by non-profit the Corporate Executive Programme (CEP) has found.
CSO Online

Massive breach at health care company Anthem Inc.

Anthem, the nation's second-largest health insurance company, is the latest target of a security breach. Eighty million customers, including the company's own CEO, are at risk of having their personal information stolen.
US Today

TurboTax Temporarily Suspended E-Filings on Fraud Concerns

The largest online tax-software company in the U.S. temporarily halted electronic filing of all state returns after more than a dozen states spotted criminal attempts to obtain refunds through its systems.
Wall Street Journal

Why Fraud Is Shifting to Mobile Devices

As a result of the explosive growth in worldwide use of smart phones, mobile malware will play a much bigger role in fraud this year, predicts Daniel Cohen, who heads up the anti-fraud services group at security firm RSA, which just released its 2014 Cybercrime Roundup report.
Data Breach Today

Sony Exec Steps Down After Breach

In the aftermath of the Sony Pictures Entertainment cyber-attack in late November 2014, Amy Pascal is stepping down as co-chairman of the film studio.
Data Breach Today

Tax fraud concerns prompts TurboTax developer to pause state e-filings

Intuit – developer of TurboTax, QuickBooks and Quicken – announced on Friday that it is working with state governments to address a growing tax fraud problem.
SC Magazine

Attackers exploit zero-day flaw in popular WordPress plug-in

WordPress sites with the plug-in Fancybox-for-WordPress should apply a critical security update released Thursday that fixes a vulnerability already exploited by attackers.
CSO Online

Some hackers are unknowingly gathering intel for the NSA

The U.S. National Security Agency and its intelligence partners are reportedly sifting through data stolen by state-sponsored and freelance hackers on a regular basis in search of valuable information.
CSO Online

Who's Hijacking Internet Routes?

Information security experts warn that Internet routes are being hijacked to serve malware and spam, and there's little you can do about it, simply because many aspects of the Internet were never designed to be secure.
Data Breach Today

Report Claims Russians Hacked Sony

Russian hackers, using spear-phishing attacks, successfully breached the network of Sony Pictures Entertainment in November 2014, and continue to have on-demand access to Sony's network, according to a new report from cybersecurity firm Taia Global.
Data Breach Today

How Much Is Cyber Crime Costing U.S. Businesses?

Frankly, it’s costing U.S. businesses more than other nations’ enterprises worldwide, according to data collected in the 2014 Cost of Cyber Crime Study: United States from the Ponemon Institute and HP Enterprise Security.
Security Magazine

Adobe rolling out new Flash Player version, includes fix for latest zero-day bug

Adobe began rolling out Flash Player 16.0.0.305 on Wednesday for users who have auto-update enabled.
SC Magazine

NAFCU asks Congress to create bipartisan data breach working group

As the number of data breaches continues to grow and increase in severity and as the White House throws its weight behind data beach notification legislation, a credit union organization has beseeched Congress to create a bipartisan data breach working group.
SC Magazine

Payment cards targeted in attack on pet supplies website

Tennessee-based ValuePetSupplies.com is notifying several thousand customers that unauthorized persons accessed its servers and installed malicious files to capture personal information – including payment card data – entered into its website.
SC Magazine

Future Cyber Security Army Needs More Than Just Programmers

Securing financial information, personal data and proprietary plans along government, corporate and personal networks will require filling the growing demand for skilled cyber security professionals with a diverse pipeline of talent, including consulting,
Security Today

Court Rules in Favor of Breached Retailer

A breached retailer has won a court ruling against its payments processor and merchant bank, setting a $500,000 cap on how much it must pay for a point-of-sale breach it suffered in late 2012. Now the processor and bank must pick up the rest of the breach-related tab.
Data Breach Today

Cybersecurity readiness: Widening gulf between perception and reality

Attackers have become more proficient at taking advantage of gaps in security to evade detection and conceal malicious activity, according to Cisco.
Help Net Security

Will 2015 bring a stronger focus on IT security?

2014 has seen more high-profile targeted attacks with motivations of stealing information, making a statement and permanently destroying sensitive/valuable data.
SC Magazine

Nike Lawsuit Against Former Designers Will Test Company Security Initiative

Athletic sportswear maker Nike filed suit on Dec. 8 in Multnomah County, Ore., Circuit Court against three of its former designers on grounds that they misappropriated Nike's trade secrets to launch a competing business venture with Adidas.
National Law Review

NSA's Rogers Calls for More Forceful Response to Cyberattacks

The government should more forcefully respond to foreign countries that engage in cyberattacks, because some hackers have come to believe there is minimal risk in stealing U.S. government or corporate data, according to NSA director Navy Adm. Mike Rogers.
Wall Street Journal

Survey: Security Is by Far the Top Spending Priority for CIOs in 2015

Security will be CIOs' top spending priority in 2015, with heightened cyberattack concerns possibly slowing cloud adoption, according to a Piper Jaffray survey.
CSO Online

Sony Hack Prompts U.S. Review of Public Role in Company Security

In the aftermath of the cyberattack on Sony Pictures Entertainment, U.S. officials are questioning when the government should step in to help private companies fight hackers, according to National Security Agency Director Michael Rogers.
Bloomberg

The Security Pitfalls of Airport Worker Access

After more than 150 guns were discovered in a smuggling ring on Delta Air Lines in December of last year, security officials are turning towards those who work at airports and the access they have.
Security Today

President Obama wants Congress to pass federal data breach notification legislation

President Barack Obama on Monday proposed strengthening laws against identity theft by requiring notification when consumer information is hacked, providing more free access to credit scores and protecting students' private data.
Security InfoWatch

Study: Majority of enterprises breached in first half of 2014, regardless of vertical

From January to June of 2014, 100 percent of retail organizations had their systems breached, as did 100 percent of agriculture, auto/transportation, education, and healthcare/pharmaceutical organizations, according to a new study.
SC Magazine

Study Shows Employee Theft Involves Money and is Rarely Reported

A study of 314 small business owners in Cincinnati found that 40 percent of thefts in small businesses are of money. The study also found that 64 percent of small businesses have experienced employee theft, only 16 percent of those reported the incident to police.
Security Magazine

Sony Hackers Threaten Attack on US News Media

The Sony hackers have set their sights on attacking a news organization, according to a report.
Security Magazine

Microsoft Protests Bug Disclosure By Google

After Google discloses Win 8.1 vulnerability two days prior to planned patch, Microsoft argues in favor of vulnerability publication schedules.
InformationWeek

Revenues for private contract security services to rise, study finds

According to a study recently published by The Freedonia Group, global revenues for private contract security services are expected to increase by nearly 7 percent per year to $267 billion in 2018.
Security InfoWatch

Russian hackers stole millions from banks, ATMs

Tens of millions of dollars, credit cards and intellectual property stolen by a new group of cyber criminals.
Help Net Security

Digital crime landscape in 2015

Based on its work this year in the fields of cyber security and financial crime, BAE Systems Applied Intelligence and Scott McVicar, its Managing Director of Cyber Security, offer these top five predictions for the digital crime landscape in 2015
Help Net Security

Quality Control and Measurement of Business Continuity Management Systems: Final Survey Results

In 2013 Continuity Central conducted a survey to explore quality control methods that are being used within business continuity management systems. This survey has now been repeated to see how the trends in this area have changed.
Continuity Central

DHS IT Security Suffers From Noncompliance, Inspector General Audit Finds

The Department of Homeland Security’s (DHS) Office of Inspector General (OIG) disclosed in a new 62-page audit report that DHS “has made progress to improve its information security program, but noncompliance by several DHS component agencies is undermining that effort.”
HSToday.US

Mental Illness & Terrorism

About 40 percent of lone-wolf terrorists are driven by mental illness, not ideology: Researchers
Homeland Security News Wire

Survey: Losses from holiday return fraud to cost retailers $3.8B

According to the National Retail Federation's 2014 Return Fraud Survey, retailers estimate that losses from return fraud will cost them $3.6 billion this holiday season.
Security InfoWatch

Report: Another security clearance investigation contractor hacked

Federal officials say the private files of 48,439 workers may have been compromised by a computer breach at government contractor KeyPoint Government Solutions Inc.
Security InfoWatch

Shock, dismay and disappointment: P&C insurance industry's reaction to TRIA news

Despite strong encouragement from the insurance industry and business groups around the country, the U.S. Senate has adjourned for the year without passing the Terrorism Risk Insurance Program Reauthorization Act of 2014 (TRIPRA).
Property Casualty 360

How to Implement an Optimized Video Surveillance Plan for Protecting Business Assets

The use of global security technology continues to skyrocket and extend better service to businesses. The global market for video surveillance equipment grew more than 12 percent in 2014, reaching $15.9 billion in sales.
Security Today

7 Lessons from Target's Breach

One Year Later, What Retailers, Bankers Have Learned.
Data Breach Today

Bill OK'd to Enhance NIST Cybersecurity Role

With cybersecurity already a NIST priority, as evidenced by its publication of the cybersecurity framework, the Cybersecurity Enhancement Act would codify existing practices.
Data Breach Today

Cloud security: Do you know where your data is?

The rapid move towards virtualization and cloud infrastructure is delivering vast benefits for many organizations. In fact, Gartner has estimated that by 2016, 80% of server workloads will be virtualized.
Help Net Security

North Korea Denies Role in Sony Hack

North Korea released a statement Sunday that clearly relished a cyberattack on Sony Pictures, which is producing an upcoming film that depicts an assassination plot against Pyongyang's supreme leader.
Security Magazine

Board Members Unhappy With Information on IT, Cyber Security

A new survey of more than 1,000 directors at public companies by the National Association of Corporate Directors (NACD) showed that 52.1 percent say they are not satisfied with the quantity of the information provided by management on cyber security and IT risk.
FierceCFO

Study: Role of Security Directors Changing

A recent study by ASIS International and the Institute of Finance & Management, "The United States Security Industry," includes a profile of security directors and the challenges they face.
Security InfoWatch

Hacked vs. Hackers: Game On

Over the last 12 years, there has been a more than 10,000-fold increase in the number of new digital threats, and cryptographer Paul Kocher and other security experts attribute the problem to a lack of liability and urgency.
New York Times

Most U.S. Companies Under Cyberattack

More than four in five U.S. companies have experienced a cyberattack in the last year, according to the results of a new Malwarebytes survey of IT decision makers.
ReadWrite

Contractor Rejected for Employment Allegedly Infected Power Firm's Network

The Cleveland man was indicted for sending malware designed to destroy data on computers at Eaton, after the company did not hire him for a position.
Nextgov

Hackers attacked the U.S. energy grid 79 times this year

Hackers attacked the U.S. energy grid 79 times this year, gaining the opportunity to potentially flip off switches.
CNNMoney

Foreign Powers Steal Data on Critical U.S. Infrastructure, NSA Chief Says

National Security Agency Director Adm. Michael S. Rogers said Nov. 20 that several foreign countries have infiltrated the computers of critical industries in the U.S. to steal information that could be used in the planning of a destructive attack.
Washington Post

U.S. Orders Electric Utilities to Secure Sites From Attack

The Federal Energy Regulatory Commission on Thursday adopted a rule that requires U.S. power companies to identify and take steps to secure key transmission substations and other hubs that could cause major problems if they were out of service.
Wall Street Journal

Hacker Group Targets Email Accounts of CFOs, Others

A group of financially sophisticated cyber-criminals has been hacking into the email accounts of CFOs of publicly traded companies and others with access to market-moving information, according to the cyber-security firm FireEye.
CFO

Tattletales Embraced as Whistle-Blower Programs Gain Support

Whistle-blowing as a means to police corporate misconduct is gaining support.
New York Times

The Future of Financial Reporting Part 2

One initiative that has been moving forward in the U.S. is the development by the SEC of a data mining system called the Accounting Quality Model” (AQM), otherwise known in the industry as “Robocop."
feiDaily

In Defense of the Enterprise Against Criminal Hackers

One of the most prevalent ways that that attackers breach systems is by using a method called SQL injection.
Forbes

Airport Raids Target Fraudsters

"Big Data" Operation Snares 118 Suspected Ticket Fraudsters
Bank info Security

Secret Manuals Show the Spyware Sold to Despots and Cops Worldwide

The manuals describe Hacking Team’s software for government technicians and analysts, showing how it can activate cameras, exfiltrate emails, record Skype calls, log typing, and collect passwords on targeted devices.
The Intercept

Hackers well-versed in Wall Street vernacular hack publicly traded companies

Security firm FireEye’s recent reporton a group of hackers who have been infiltrating e-mail correspondence from more than 100 organizations, differs from the company’s previous reportson cyber criminals operating from China or Russia.
Homeland Security Newswire

Study finds spike in cost of retail crime in the U.S.

According to the results of the annual Global Retail Theft Barometer released on Thursday, losses from shrink, which includes shoplifting, employee or supplier fraud and administrative errors, costs retailers around the world more than $128 billion last year, $42 billion of which was from the U.S. alone.
Security InfoWatch

Study finds spike in cost of retail crime in the U.S.

According to the results of the annual Global Retail Theft Barometer released on Thursday, losses from shrink, which includes shoplifting, employee or supplier fraud and administrative errors, costs retailers around the world more than $128 billion last year, $42 billion of which was from the U.S. alone.
Security Info Watch

The Mercenarieis: Ex-NSA Hackers and Their Corporate Clients

Ex-NSA hackers and their corporate clients are stretching legal boundaries and shaping the future of cyberwar.
Slate

SECRET MANUALS SHOW THE SPYWARE SOLD TO DESPOTS AND COPS WORLDWIDE

The manuals describe Hacking Team’s software for government technicians and analysts, showing how it can activate cameras, exfiltrate emails, record Skype calls, log typing, and collect passwords on targeted devices.
The Intercept

Hacker Group Targets Email Accounts of CFOs, Others

A group of financially sophisticated cyber-criminals has been hacking into the email accounts of CFOs of publicly traded companies and others with access to market-moving information, according to the cyber-security firm FireEye.
CFO

Tattletales Embraced as Whistle-Blower Programs Gain Support

Whistle-blowing as a means to police corporate misconduct is gaining support.
New York Times

Sleep Deprivation Is Killing You and Your Career

Pushing late into the night is a health and productivity killer.
Forbes

The Future of Financial Reporting Part 2

One initiative that has been moving forward in the U.S. is the development by the SEC of a data mining system called the Accounting Quality Model” (AQM), otherwise known in the industry as “Robocop.”
fei Daily

In Defense Of The Enterprise Against Criminal Hackers

I’m sitting here on a Sunday evening reading about more data breaches. This has transformed from something of note to a common occurrence. Days that end in “y” is that thought that sticks with me. So, what is the underlying problem here? Are the attackers really that good? Or are we collectively failing to defend our perimeters?
Forbes

Airport Raids Target Fraudsters

A massive international operation has resulted in the arrest of 118 people - many at airports - on suspicion of using fake tickets, or using stolen card data to purchase airline tickets.
Bank Info Security

U.S. national security prosecutors shift focus from spies to cyber

The U.S. Justice Department is restructuring its national security prosecution team to deal with cyber attacks and the threat of sensitive technology ending up in the wrong hands, as American business and government agencies face more intrusions.
Reuters

Visionworks notifies 75K Maryland customers of missing database server

Visionworks notifies 75K Maryland customers of missing database server Texas-based eye care services provider Visionworks is notifying as many as 75,000 customers who received services at its Jennifer Square location in Annapolis, MD that an investigation is underway to locate a missing database server potentially containing their personal information.
SC Magazine

Survey Says 90 Percent of Americans Feel They Have Lost Control of Their Personal Information on the Web

More than 90 percent of Americans feel they’ve lost control over how their personal information is collected and used by companies, according to the results of a survey by the Pew Research Center.
Security Today

Guardly Enterprise E911 Solution Improves Active Shooter Response

Guardly announced that its Enterprise E911 solution for smartphones can now be used to enable faster, more effective response during active shooter incidents.
Security Today

NOAA Reveals Four Websites Compromised

The National Oceanic and Atmospheric Administration has revealed that four of its websites were compromised by a cyber-attack.
Data Breach Today

Russian Malware 'Blackenergy' Infiltrates Us Critical Infrastructure

Industrial control systems used to operate US critical infrastructure have been compromised by a destructive Russian hacking campaign that has been going on since 2011, according to the Department of Homeland Security (DHS).
HSToday.US

AT&T Ditches Tracking Header Program; Verizon Still Refuses

Julia Angwin reported late Thursday that AT&T is dropping their tracking supercookie program. This comes in the wake of massive customer pressure over the discovery that AT&T and Verizon were quietly inserting unique tracking identifiers in their customers' web browsing and app data, by means of an HTTP header.
Eff.org

Nurses Strike Over Patient Care Standards, Ebola

As many as 18,000 nurses went on strike Tuesday and picketed in front of Kaiser Permanente facilities in Northern California to express their concerns about patient-care standards and Ebola.
Continuity Insights

NIST Releases Guide for Threat Intelligence Sharing Efforts

The paper, titled 'Guide to Threat Information Sharing', is aimed at providing guidance for improving the effectiveness of cyber-security efforts through strong information sharing practices.
Global

Survey of Risks and Competencies Released

The Security Industry Survey of Risks and Professional Competencies has been released by the ASIS Foundation and the University of Phoenix. The survey exposes the talent and training needs of the security industry.
Security Management

Cybersecurity: Why It's Not Just About Technology

"Governing" reports that organizations -- both private and public -- need to build a culture of risk management from the ground up to safeguard their systems from cyberattacks.
Governing

Supreme Court Weighs Whistleblower Protections

The U.S. Supreme Court on Tuesday heard oral arguments in a case involving an air marshal, Robert MacLean, who was fired for revealing reduced protection on Las Vegas flights despite a potential terrorist threat
The Wall Street Journal

Even with Crisco, Cargo Theft is no Joke

Cargo theft costs about $30 billion annually, and Florida accounted for nearly 25 percent of U.S. cargo thefts reported between March and May, according to the state's Department of Transportation.
Tampa Bay Times

Banks Ready New Defense Against Hackers

A group backed by the nation's biggest banks plans to launch the Soltra Edge platform on Dec. 2 to enable financial firms to more quickly communicate about potential cyber breaches.
Wall Street Journal

How Companies Blow it With Security Breaches

McKinsey & Co. Global Managing Director Dominic Barton said he sees three common mistakes companies make when they have a security breach. The first is an inability to make efficient decisions.
The Wall Street Journal

Nearly Half of Holiday Shoppers Won't Shop at Breached Retailers

A new CreditCards.com survey that asked credit and debit card holders if they would shop this holiday season at retailers where personal information has been exposed found that 45 percent of respondents answered "definitely not" or "probably not."
MarketWatch

Lone Wolves' Responsible for Disproportionate Number of U.S. Terrorist Acts, Research Finds

New research suggests that lone wolf terrorists are responsible for a disproportionate number of terrorist attacks in the U.S. While lone wolves only represent about 8 percent of all terrorists in the United States, they were involved in about 25 percent of incidents since 1980, according to an Oct. 29 research brief from the National Consortium for the Study of Terrorism and Responses to Terrorism (START).
Fierce Homeland Security

Internet Experts: 'Widespread Harm' Likely From Cyberattack in Next Decade

The Pew Research Center and Elon University's Imagining the Internet Center recently conducted a survey of more than 1,600 computer and Internet experts on the future of cyberattacks and found most respondents believe there is a significant threat.
Philadelphia Inquirer

Government Hands Down New Cyber Framework

The Obama administration has issued a cyber threat information-sharing framework designed to help government and industry officials better identify and stop cyberattacks.
The Hill

Security Firms Tie Russian Government to Utilities Hacks

Cyberattacks involving malware infections of three popular human-machine interface (HMI) systems used by utilities in North America are believed to have been the work of Russian hackers, cybersecurity firms said Oct. 30.
Bloomberg

House CISO Talks Threat Landscape, Challenges With Information Sharing

U.S. House CISO Darren Van Booven says he experiences many of the same challenges his private-sector counterparts do in their efforts to protect their IT assets from cyberattacks, including how much information to divulge about attacks and vulnerabilities
CIO Journal

Lack of federal authority makes fashioning coherent national Ebola policy difficult

Earlier this week, the Centers for Disease Control and Prevention(CDC) issued new guidelines on how states should deal with travelers from Ebola-stricken regions, but a lack of federal authority to mandate such guidelines has led to conflicting strategies, varying from state to state, which includes mandatory at-home quarantine for some travelers.
Homeland Security News Wire

New report details Russia’s cyber-espionage activities

Researchers at FireEye, a Silicon Valley-based computer security firm, are connecting the Russian government to cyber espionage efforts around the world.
Homeland Security News Wire

Georgia Tech releases 2015 Emerging Cyber Threats Report

In its latest Emerging Cyber Threats Report, Georgia Tech warns about loss of privacy; abuse of trust between users and machines; attacks against the mobile ecosystem; rogue insiders; and the increasing involvement of cyberspace in nation-state conflicts.
Homeland Security News Wire

Evaluating readiness: A must-do security assessment

Assessing the readiness of an organization to handle various types of situations extends well beyond typical emergency preparedness planning.
Security InfoWatch

Banks Demand That Law Firms Harden Cyberattack Defenses

In response to recent cyberattacks, big banks are demanding law firms that they work with take additional steps to protect sensitive bank information.
Wall Street Journal

Study: Cyberattacks Up 48 Percent in 2014

The number of dedicated cyberattacks rose 48 percent in 2014, totaling 42.8 million, according to a new PricewaterhouseCoopers study.
The Hill

Regular Online Attacks Hit 40% of US Citizens, Microsoft Study Shows

Forty percent of U.S. adults have experienced weekly or daily attempts to access their personal data while using a PC online, according to a Microsoft survey.
ComputerWeekly.com

Symantec Sees Rise in High-Traffic DDoS Attacks

A recent Symantec study found a 183 percent increase in Domain Name System (DNS) amplification attacks from January through August.
CSO

Wearable Devices Pose Security Risk as Use Is Stretched"

A former National Security Agency official this week warned about the unanticipated security and privacy risks that employers are likely to face as wearable medical devices find their way into the workplace.
Wall Street Journal

U.S. National Security Prosecutors Shift Focus From Spies to Cyber

The Justice Department's national security prosecution team is shifting its focus to cyber threats and preventing sensitive technology from ending up in the wrong hands.
Reuters

Cybersecurity Help Coming for Franchises

The Hill reports that several industry groups are teaming up to help franchise businesses learn more about cybersecurity.
The Hill

China Steals Confidential Data on the Vulnerabilities of Major U.S. Dams

National Weather Service hydrologist Xiafen Chen was arrested Oct. 20 for allegedly breaching an Army database that contained sensitive files on U.S. dams
Homeland Security News Wire

Hacking Trail Leads to Russia, Experts Say

The cybersecurity firm FireEye on Tuesday will release the results of an investigation into what it says are cyberattacks sponsored by the Russian government.
Wall Street Journal

In West, ISIS Finds Women Eager to Enlist

A growing number of young Muslim women from the West are attempting to join radical Islamist groups, such as the Nusra Front and the Islamic State (IS).
The New York Times

US 'Foreign Fighters' Could Have Passports Revoked, but May Still Have Right to Re-Enter

The secretary of state may revoke the passports of U.S. citizens who fight in terrorist groups overseas, but this may not keep them from re-entering the country, two Congressional Research Service (CRS) reports suggest.
FierceHomelandSecurity

Hackers Are Using Gmail Drafts to Update Their Malware and Steal Data

In his career-ending extramarital affair that came to light in 2012, General David Petraeus used a stealthy technique to communicate with his lover Paula Broadwell: the pair left messages for each other in the drafts folder of a shared Gmail account. Now hackers have learned the same trick. Only instead of a mistress, they’re sharing their love letters with data-stealing malware buried deep on a victim’s computer.
Wired

Deloitte releases paper on vetting leaks, avoiding costly hoax

Deloitte, a major player in financial consulting and enterprise risk services, has released research that can help companies determine if they've been the victim of a data leak – or the casualty of an online hoax
SC Magazine

NSA Chief Warns Companies Against Revenge Hacking

Businesses, under siege from hackers looking to steal sensitive information, increasingly want to take matters into their own hands. But the head of the National Security Agency is warning them not to become hackers themselves.
Nextgov

Today Apple CEO Discusses Privacy Talks with Chinese Government

Apple CEO Tim Cook has acknowledged talks with Ma Kai, China’s vice premier, regarding the discussion of the protection of users’ information.
Security Today

Layering EMV chip, tokenization, encryption bolsters card payment security

While Error! Hyperlink reference not valid. chip technology continues its roll out in this country, a whitepaper from the Smart Card Alliance Payments Council contends that payment industry stakeholders can better protect against card fraud by layering EMV chip and two other security technologies, encryption and tokenization.
SC Magazine

Unencrypted discs missing, Arizona State Retirement System notifies 44,000

The Arizona State Retirement System (ASRS) is notifying nearly 44,000 individuals enrolled in ASRS dental plans that two unencrypted discs containing their personal information – including Social Security numbers – were sent to a benefits company in Missouri, but were not received.
SC Magazine

Retailers Facing Intensified Cyberthreat This Holiday Season

After the Year of the Retail Breach, retail's annual holiday shopping season "freeze" on new technology and some security patching is just around the corner.
Dark Reading

Espionage Hacks Tied to Russians

Information security experts say espionage-focused attackers, apparently operating from Russia, have been using phishing e-mails and malware in multi-stage attacks designed to evade detection and steal political and military secrets.
Data Breach Today

'Social Resilience' Has Major Impact on Community Preparedness

An Associated Press-NORC Center for Public Affairs Research survey suggests that those factors — collectively termed "social resilience"— have a big impact on how prepared communities feel for disasters such as Superstorm Sandy, and are seen as more valuable in a crisis than even government.
Continuity Insights

Attackers Breach PoS Systems of Delaware Ferry Service

The Delaware River and Bay Authority (DRBA) published a data security event notice on Friday to warn people who have made purchases at Cape May-Lewes Ferry terminals and vessels that their payment card data might have been compromised.
Security Week

Can We Talk: Creating a Common Language for Cybersecurity

Experts are hopeful that a new framework released by the National Institute of Standards and Technology will give agencies a method to evaluate the security of their computing environments against their peers.
Government Technology

IBM Says Most Security Breaches are Due to Human Error

IBM has released a report that discusses the characteristics that are usually seen in cyberattacks, as well as which industries are being commonly targeted by cybercriminals.
Tech Republic

Enterprises Will Move from Perimeter Defense to Risk-Based Security, Says Gartner

Enterprises as a whole are likely to move away from the concept of the 100-percent secured environment and perimeter defense to a risk-based model of security, according to a new Gartner report.
FierceITSecurity

Banks Harvest Callers' Voiceprints to Fight Fraud

Financial firms and call centers are increasingly turning to voice biometric technology to help screen calls for potential fraud.
Associated Press

The Morning Risk Report: Business Leaders' Cybersecurity Divide

Relentless attacks from hackers have C-suites and boards of directors divided on what measures to take and how much to spend on beefing up cybersecurity.
Wall Street Joutnal

Hydraulic fracturing caused earthquakes in Ohio

Hydraulic fracturing triggered a series of small earthquakes in 2013 on a previously unmapped fault in Harrison County, Ohio, according to a new study
Homeland Security News Wire

FBI Warns Industry of Chinese Cyber Campaign

The FBI on Wednesday issued a private warning to industry that a group of highly skilled Chinese government hackers was in the midst of a long-running campaign to steal valuable data from U.S. companies and government agencies
The Washington Post

Researcher Builds System to Protect Against Malicious Insiders

Virginia Polytechnic Institute and State University professor Daphne Yao is developing algorithms that can alert companies when an employee might be acting maliciously on their network.
Computerworld

The Role of Chief Security Officer Is More Vital Than Ever

Security leaders sound off: The CSO role may look different in every organization, but in an increasingly connected and open society, it's a critical one.
Government Technology

U.S. should emulate allies in pushing for public-private cybersecurity collaboration

Israeli Prime Minister Benjamin Netanyahu announced last month the formation of a national cyber defense authority to defend civilian networks under the leadership of the Israel National Cyber Bureau.
Homeland Security News Wire

Disaster preparation business booms

Concerns about future manmade and natural disasters are driving the U.S. market for survival kits.
Homeland Security News Wire

U.S. Cyber Command Plans to Recruit 6,000 Cyber Professionals, as U.S. Mulls Offensive Cyber Strategy

U.S. Cyber Command is planning to step up its efforts to protect the nation's networks from cyberattackers.
Homeland Security News Wire

Jihadi Online Chatter Discusses Using Ebola as Weapon Against the West

There has been a growing number of discussions on jihadist social media Web sites about the possibility of terrorists using poisons and virulent pathogens such as Ebola in attacks against the United States and other Western nations, reports the Middle East Media Research Institute (MEMRI).
HSToday.US

Cyberattacks on State Databases Escalate

A continuing disconnect exists between state officials and their IT security officers, even as major breaches of state databases become more frequent, according to a new report from NASCIO and Deloitte & Touche.
Pew Charitable Trusts

Insider Threat to Critical Infrastructure 'Underestimated,' Says DHS

Even strong preventative programs may not be able to completely remove the threat of a malicious insider to critical infrastructure, according to a December 2013 report from the Department of Homeland Security (DHS).
Fierce Homeland Security

"Many ‘Loopholes’ in Cyber Insurance Policies, L’Oreal CISO Says

Companies are investing millions of dollars in insurance policies to protect themselves from cyber security breaches. Zouhair Guelzim, chief information security officer of L’Oreal Americas, a subsidiary of the L'Oreal Group, says the market is fraught with high premiums, incomplete coverage, and costly mistakes.
Wall Street Journal Online

Cyberattacks Trigger Talk of 'Hacking Back

The continuing attacks on U.S. corporate networks are firing talk among some executives and officials of going on the offensive, or "hacking back," against those that hack their systems.
Washington Post

007 Nemesis Le Chiffre Bolsters France in Cyber Attacks

France is enforcing a new cybersecurity law aimed at defending vital businesses, in response to growing concerns about U.S. and Chinese technology.
Bloomberg

'Shellshock' Attacks Could Already Top 1 Billion: Report

The Shellshock vulnerability is dangerous because it can be exploited to remotely execute code on affected machines, which could lead to malware injections, data theft and server hijacking.
Security Week

Banks Face Rising Threat From Cyber Crime

Banks must now contend with a new type of cyber crime called vishing, which is similar to phishing but aims to trick people out of their money using someone's voice instead of an email.
Financial Times

"Report: Cost of Cybercrime Up 10% This Year

Average cybercrime costs for U.S. companies have risen almost 10 percent from last year, according to a new report.
Politico Pro

Cybersecurity Experts Pin Hopes on Cyber Insurance Market

The Obama administration hopes the growth of cyber insurance will encourage companies to improve cybersecurity practices.
Politico Pro

Boeing urges airlines to be vigilant of cyber security threats

LONDON: Airline bosses ignore cyber security concerns at their peril, and must ensure that thorough mitigation plans are in place to deal with potential hacking of their systems, as aircraft move ever closer to becoming fully e-enabled. This was the warning given to the industry by Boeing’s chief engineer cabin and network solutions, John Craig, during Aircraft Commerce magazine’s recent Aircraft e-Enablement conference in London.
Runway Girl Network

Yahoo Claims a Server Attack was not the Shellshock Bug

Yahoo has fixed a bug in their system which was initially discovered by hackers who were attempting to exploit the Shellshock bug on the company’s network. According to a report, Yahoo made a statement issuing the attack.
Security Today

Infected ATMs give away millions of dollars without credit cards

Kaspersky Lab performed a forensic investigation into cybercriminal attacks targeting multiple ATMs around the world. During the course of this investigation, researchers discovered the Tyupkin malware used to infect ATMs and allow attackers to remove money via direct manipulation, stealing millions of dollars.
Help Net Security

How Technology Helps Mitigate Risk at Sporting Events

Out of sheer necessity, sports security has been evolving rapidly since the Boston Marathon bombing, and most sports security professionals refer to that particular event as a turning point.
Security Magazine

Malware Attacks Drain Russian ATMs

Interpol Warns Attacks Could Spread Worldwide. Criminals have infected at least 50 ATMs in Eastern Europe, including Russia, with malware that enables them to drain ATMs of their cash via "jackpotting" attacks, netting attackers millions of dollars.
Data Breach Today

Dallas Ebola Patient Dies

DALLAS—The Liberian man who was diagnosed with Ebola in Dallas, the first case of the deadly disease in the U.S., died on Wednesday morning, the hospital treating him announced.
Wall Street Journal

Active Shooter/Mass Casualty Incidents

The FBI has released a study of 160 active shooter incidents that occurred between 2000 and 2013 throughout the U.S.

FBI Facial Recognition SystemCompleted

The FBI’s Next Generation Identification (NGI) system that we spoke about in April is fully operational and includes a controversial feature known as Interstate Photo System (IPS).
Security Today

Highlighting the Hotsheet: 2nd Quarter Cargo Theft Update

DHS identified transportation systems as one of 16 critical infrastructures to nation's supply chain and cargo theft as a constant threat to stability.
Security Today

Senate: China hacked military contractor networks

China's military hacked into computer networks of civilian transportation companies hired by the Pentagon at least nine times, breaking into computers aboard a commercial ship, targeting logistics companies and uploading malicious software onto an airline's computers, Senate investigators said Wednesday.
Security InfoWatch

Home Depot: 56 Million Cards Breached

Home Depot says an estimated 56 million payment cards were exposed in the data breach at its U.S. and Canadian stores.
Data Breach Today

Gartner: 75 percent of mobile apps will fail security tests through end of 2015

The bulk of mobile applications (75 percent) will fail basic security tests over the next 15 months or so – through the end of 2015 – leaving businesses vulnerable to attack and violations of their security policies, according to a report from Gartner.
SC Magazine

Workplace Violence: OSHA Findings of "Willful Violation"

On August 11, 2014, OSHA fined Brooklyn-based Brookdale University Hospital and Medical Center $78,000 because of dozens of incidents in which patients and visitors assaulted employees, one of which left a nurse with severe brain injuries.
Threat Assessment Group (TAG, Inc.)

What security experts think about Apple Pay

Some of the comments that Help Net Security received from the security community on Apple's Apple Pay, a new category of service that works with iPhone 6 and iPhone 6 Plus through a NFC antenna design, a dedicated chip called the Secure Element, and the security and convenience of Touch ID.
Help Net Security

Home Depot investigates possible payment card breach

Home Depot is the latest retailer to begin investigating a possible data breach.
SC Magazine

PG&E Faces $1.4 Billion for Deadly California Pipeline Blast

California regulators want PG&E Corp.’s utility to pay $1.4 billion in fines and penalties over a fatal natural gas pipeline explosion in San Bruno, California.
Wall Street Journal

Apple Not Hacked In Celebrity Nude Photo Breaches

Apple confirmed that stolen and leaked private photos of several celebrities were not due to a breach in its iCloud nor Find my iPhone services.
Dark Reading

New Security Breach at Metcalf Substation, Site of 2013 Sniper Attack

An electrical substation near San Jose, Calif., that was the target of a sniper attack that caused $15 million worth of damage and destroyed 17 transformers last April, experienced a new security breach on Wednesday that saw burglars cutting through the fence line to steal construction equipment.
NBC Bay Area

Breach of Homeland Security Background Checks Raises Red Flags

A breach at US Investigations Services (USIS) this month exposed the background-check records of 25,000 Department of Homeland Security staffers, including undercover investigators.
Dark Reading

Cybersecurity and the National Association Of Corporate Directors

Metropolitan Corporate Counsel recently sat down with National Association of Corporate Directors (NACD) Director of Research Robyn Bew to discuss how cybersecurity is a current area of focus for the association.
Metropolitan Corporate Counsel

DHS Cybersecurity Program Finds Few Takers

The U.S. Department of Homeland Security was directed by President Obama last year to launch a program to share classified and unclassified cybersecurity data to 16 critical infrastructure sectors.
Government Technology

Dangerous Economy Thrives in South Africa's Abandoned Gold Mines

South Africa has become the world capital of illegal gold mining, with tens of thousands of former miners wandering abandoned mine shafts, risking injury, death, or arrest to look for the precious metal.
Wall Street Journal

DHS Seeks to 'Mature' Program to Ensure Security, Safety of High-Risk Chemical Facilities

The Homeland Security Department is seeking input on developing better security standards for high-risk chemical plants.
FierceHomelandSecurity

21% of Manufacturers Hit by Intellectual Property Theft

One in five manufacturing firms in a recent survey reported a loss of intellectual property in a cyberattack in the past year due such things as malware, software vulnerabilities, and information leaked on mobile devices.
ComputerWeekly.com

Feds admit cooperation remains obstacle with corporations, cyber threats

A key to reducing cyber crime is getting victims - often major corporations - to cooperate with authorities, two top federal law enforcement officials said on Wednesday during visits to Pittsburgh.
Trib Live News

How the Role of CSO is Changing

In this podcast recorded at Black Hat USA 2014, Rick Howard, CSO at Palo Alto Networks, talks about the role of the CSO and how it's fundamentally changing.
Help Net Security

What can we learn from the top 10 biggest data breaches?

While some may be suffering from “breach fatigue” and becoming jaded, it’s more important than ever to take cyber threats seriously.
Help Net Security

Hospital Security Breach Steals Data from 4.5 Million Patients

According to a report, hackers have stolen personal information belonging to patients who received treatment at several Central Florida hospitals.
Security Today

UPS announces breach impacting 51 U.S. locations

More than 50 of The UPS Store's U.S. locations were found to have malware on their computer systems, and in some cases, it's been present since mid-January.
SC Magazine

Illicit Medicines Made Up the Bulk of Seizures by Customs Enforcement Agencies Worldwide

The World Customs Organization's (WCO) Illicit Trade Report finds that illicit pharmaceutical products made up more than three quarters of the contraband that was intercepted by customs enforcement agencies around the world last year.
HSToday.US

Dow Corning Battles Counterfeiters of its Silicone Sealants

Law enforcement in the Chinese city of Wuxi have broken up a counterfeiting ring that sold fake Dow Corning silicone sealant.
Security Magazine

Chief Information Security Officers Viewed as Scapegoats in C-Suite Survey

A survey found that most C-suite executives blame chief information security officers for cyber security lapses, but a significant portion of CIOs and others say CISOs should not be held accountable for cyber security purchasing decisions.
Bloomberg BNA

Protecting the Nation's Electric Grid From Terrorist Attacks is a Top Priority

A report by the Washington-based Congressional Research Service said the U.S. electric grid may be vulnerable to a terrorist attack, and the Federal Energy Regulatory Commission has proposed regulations to protect the grid, largely prompted by last year's armed attack that took out high-voltage transformers in California.
Business Insurance

Military Companies Brace for Rules on Monitoring Hackers

Defense Department contractors are preparing for new regulations mandating they report data breaches to the Pentagon and subsequently provide the government access to their networks.
Bloomberg

86 Percent of Hackers Don't Worry About Repercussions

Thycotic has released the results of a survey that provided some rare insight into the beliefs and motivations of hackers.
Help Net Security

City CIOs Battle Surge of Politically Motivated Cyberattacks

Ferguson, Mo., is the latest U.S. city to become the target of hacktivists linked to the Anonymous hacker collective.
The Wall Street Journal

Behavior Patterns That Can Indicate an Insider Threat

Organizations that pay attention to the red flags that appear during the planning stages of insider threats such as trade secret theft, workplace shootings, and the sabotaging of information systems may be able to prevent these threats from being perpetrated.
Wall Street Journal

The Internet of Things Brings Far-Reaching Security Threats

U.S. Defense Advanced Research Project Agency (DARPA) program manager Randy Garrett warns the advent of the Internet of Things (IoT) will create a large number of new threat vectors that could be exploited by malicious hackers.
CIO

7 Emerging Technology Risks

Experienced risk professionals know that in the real world, claims and losses are inevitable. After all, it’s called Risk Management, not Risk Avoidance.
Risk and Insurance

Cyber security: ugly gorillas and the fiduciary board

The frequency of cyber breaches, the reputational and financial effects of breaches, and their prevalence have become manifest.
idaho Business Review

1.2 Billion Unique Credentials, 500 Million Email Addresses Stolen by Russian Cyber Gang

After a research of more than seven months, a security company from the United States discovered that a Russian cyber gang managed to collect 1.2 billion unique credentials from more than 420,000 websites and FTP locations.

Emerging POS Attacks Target Small Merchants

A new point-of-sale malware strain known as Backoff has been linked to numerous remote-access attacks, putting small merchants at greatest risk, according to an alert from federal authorities.
Bank Info Security

Sovereign Citizens Seen as Top Terrorist Threat by US Law Enforcement

A new survey of U.S. law enforcement entities by the National Consortium for the Study of Terrorism and Responses to Terrorism (START) finds that the sovereign citizens movement is seen as the leading threat to U.S. communities, ahead of both Islamist extremists and militia/patriot groups
RT

Researchers Find About 25 Security Vulnerabilities Per Internet of Things Device

The market for Internet of Things devices is estimated to reach $1 trillion by 2020, when 26 billion units are expected to comprise the IoT. However, HP Security Research says 70 percent of today's 10 most popular types of IoT smart devices are vulnerable to being hacked or compromised, and each device has about 25 vulnerabilities.
Computerworld

US Homeland Security Contractor Acknowledges Computer Breach

A company that performs background checks for the U.S. Department of Homeland Security said on Wednesday it was the victim of a cyber attack, adding in a statement that "it has all the markings of a state-sponsored attack."
Reuters

Security Holes Found In Some DLP Products

It's a case of a security tool harboring security vulnerabilities: A pair of researchers has discovered multiple flaws in commercial and open-source data loss prevention (DLP) products.
InformationWeek

New PCI Guidance for Third-Party Risks

Council Offers Best Practices to Prevent Payments Breaches
Data Breach Today

Teen researcher publishes PayPal 2FA bypass exploit

Joshua Rogers, a teenage whitehat based in Australia, has found an extremely simple way to bypass PayPal's two-factor authentication feature.
Help Net Security

DefCon: Traffic control systems vulnerable to hacking

Traffic control systems used in the U.S. and other countries can be hacked to cause significant traffic problems, or can even be “bricked” to cause millions of dollars in damages to infrastructure.
SC Magazine

Gemalto acquires SafeNet for $890 million

A Dutch digital security company, announced plans to acquire U.S.-based SafeNet for $890 million.
SC Magazine

What's Trending Now

Based on our interactions with many security practitioners, the following is a snapshot of what we see trending from December 2013-May 2014.
SEC

Scientists urge making critical infrastructure more resilient to solar storms

Scientists predict the probability of a massive solar storm striking the Earth in the next decade to be 12 percent. The 23 July 2012 solar storm was pointed away from Earth and blasted safely into space, but had it been directed towards Earth, it would have produced the worst geomagnetic storm in more than four centuries, causing extensive electricity problems that could take years to resolve.
Homeland Security Newswire

Georgia Tech Launches Early Warning System for Cyberthreats

The Georgia Tech Research Institute (GTRI) developed the open source system called BlackForest, which will complement the institute's malware and spear-phishing intelligence systems.
NetworkWorld

Terror Threats at Chemical Plants Underestimated

A report from the Senate Homeland Security Committee's Republican staffers has concluded that the Chemical Facility Anti-Terrorism Standards (CFATS) program is a failure and that it is not helping to protect the U.S. from a chemical terrorist attack.
Wall Street Journal

Rising Cargo Thefts Prompt New Security Solutions

http://www.hstoday.us/briefings/industry-news/single-article/rising-cargo-thefts-prompt-new-security-solutions/2b7831973e958832bdd262fe62d6bb41.html
Homeland Security Today

Monsanto Faces Dual Threat After Intellectual Property Theft

The seed company Monsanto is one of a number of companies that face serious threats from hackers, according to Fontbonne University cybersecurity professor Al Carlson.
CBS St. Louis

Understanding Vulnerabilities Key to Improving U.S. Cybersecurity Posture

A new report from the Center for a New American Security diagnoses some of the cybersecurity challenges facing the U.S. government and offers possible ways of addressing those challenges.
Homeland Security Today

Survey Confirms AETs are Real and Dangerous Threats

IT security professionals around the world are facing challenges in their efforts to protect against advanced persistent threats (APTs) that use advanced evasion techniques (AETs) to hide their presence within a network, according to a new McAfee survey.
Tech Republic

Survey: Corporate Security Thwarted by Dialog Failure Between IT Dept. and Management

The responses to a recent Ponemon Institute survey of 4,881 IT and security professionals offer a glimpse into the state of cybersecurity efforts at companies around the world.
Network World

Report: Explosion of Electric Grid-Connected Devices will Complicate Security

The growing use of smart-grid technology and the integration of more devices into the nation's electric system could complicate efforts to secure the nation's electric grid, according to a report by the nonpartisan policy organization the Center for the Study of the Presidency and Congress.
Fierce Homeland Security

The Growing Threat of Network-Based Steganography

Researchers at the Hungary-based Laboratory of Cryptography and System Security have uncovered Duqu, an unusual form of steganography-based malware that embeds itself in Microsoft Windows machines, gathers information about industrial control systems, and then transmits it to its command-and-controlcenter.
Technology Review

Testing Your APT Response Plan

ISACA's Robert Stroud says one of the best ways enterprises can defend themselves against advanced persistent threats (APTs) is to develop and aggressively vet planned responses to APTs in the same way they create and vet business continuity plans.
GovInfoSecurity.com

Illinois Governor Signs 'Ban the Box' Hiring Legislation

Illinois Gov. Pat Quinn has signed a law requiring employers to evaluate a job applicant's skills before inquiring about criminal history.
Progress Illinois

Botnets Gain 18 Infected Systems Per Second

According to industry estimates, botnets have caused over $9 billion in losses to US victims and over $110 billion in losses globally.
Help Net Security

Survey: 53 percent change privileged logins quarterly

A survey of IT security professionals revealed that most individuals stick to a infrequent schedule for updating privileged credentials.
SC Magazine

Sony to Shell out $15M in PSN Breach Settlement

Sony has agreed to a $15 million preliminary settlement in hopes of quashing even heftier costs associated with its massive PlayStation Network hack three years ago.
SC Magazine

'Masquerading': New Wire Fraud Scheme

A new impersonation scheme is taking aim at business executives to perpetuate ACH and wire fraud, says Bank of the West's David Pollino, who explains steps institutions should take now to protect their customers.
Data Breach Today

Michael's Breach Lawsuits Dismissed

In a 20-page ruling, U.S. District Judge Elaine Bucklo says the six plaintiffs named in the consolidated suits failed to prove that they suffered "actual economic damage" as a result of using their credit and debit cards at Michaels during the time of the breach.
Data Breach Today

Target Request to Halt Discovery Denied

A federal judge has denied Target's motion to halt the discovery process in the class action lawsuits filed against the retailer in the wake of its December 2013 data breach.
Data Breach Today

Medical groups: Shootings underscore risks of workplace violence

Pennsylvania Psychiatric Society and Pennsylvania Medical Society officials Friday expressed sympathy and offered advice for those affected by Thursday’s shootings at Mercy Fitzgerald Hospital’s Sister Marie Lenahan Wellness Center that resulted in the death of a caseworker, the wounding of a psychiatrist and the critical injury of a psychiatric patient who is the suspected perpetrator.
Daily Times News

Hackers exploiting Internet Explorer to expose security flaws on a huge scale

Exploits can expose software and security systems, researchers warn, helping hackers attack remote machines undetected
The Guardian

"Lawmakers, Experts Urge Tougher Safety Measures at Government Labs

A U.S. House subcommittee held a hearing July 16 that focused on the recent problems at government-run labs associated with the handling of dangerous microbes, such as anthrax and smallpox.
Wall Street Journal

Florida City Considers Allowing Electrified Fences

The St. Petersburg, Fla., City Council is debating whether or not to allow businesses to install electrified fences in parts of the city. The city council was divided on matters of safety and security for businesses.
Security InfoWatch

Google’s Project Zero Targets Cybersecurity Research

Google announced July 15 that it will launch a new cybersecurity research effort called Project Zero. The project is intended to improve security throughout the Internet and reduce the number of people affected by cyberattacks.
Wall Street Journal

Businesses Are Deprioritizing Information Security

Although 86 percent of executives are aware of legal requirements surrounding confidential data, 20 percent never performed a security audit, according to a new survey of small-business owners and c-suite executives by Shred-It.
Help Net Security

SEC Launches Investigations of Hacked Firms

The SEC has opened investigations of multiple companies in recent months examining whether they properly handled and disclosed cyberattacks. The focus is on whether the companies adequately guarded data and informed investors about the breaches, say insiders
Bloomberg

Drilling for Opportunity

The U.S. energy market, particularly for oil and natural gas, is expected to grow significantly in the coming years, providing an excellent opportunity for security professionals to help protect production and processing facilities
Security Today

NIST Goes Global With Cyber Framework

NIST has been sending delegations around the world to discuss its framework describing how governments and commercial sectors can collaborate to respond to cyberthreats.
FCW

Why 'Data in the Dark' is the No. 1 Worry for IT Managers

A recent Ponemon Institute survey of 1,587 IT professionals responsible for protecting sensitive or confidential structured and unstructured data has found a lack of knowledge about where such data resides is their biggest security concern.
eWeek

97 Percent of Key Industries Doubt Security Compliance Can Defy Hackers

New research suggests that just 3 percent of information technology leaders at utilities and other critical infrastructure businesses believe security standards and rules can reduce threats to the systems running their operations.
Nextgov

Expert: U.S. Utilities Unprepared for EMP Threats

An electromagnetic pulse (EMP) event could potentially wipe out 90 percent of the U.S. population if the resulting blackout lasted longer than a year, warns Dr. Peter Pry, executive director of the Task Force on National and Homeland Security. "
Security InfoWatch

CHINESE HACKERS PURSUE KEY DATA ON U.S. GOVERNMENT WORKERS

CHINESE HACKERS PURSUE KEY DATA ON U.S. GOVERNMENT WORKERS
The New York Times

63% OF BUSINESSES DON'T ENCRYPT CREDIT CARDS

In its third study on unencrypted card data, SecurityMetrics found that 63.86% of businesses store the unencrypted 16-digit sequence on the front of credit cards, also known as the Primary Account Number (PAN)
Help Net Security

LEW: CYBERATTACKS AIM TO DISRUPT U.S. FINANCIAL SYSTEM

The hundreds of cyberattacks against U.S. banks and other institutions in recent years represent a targeted attempt to more broadly disrupt the U.S. financial system, Treasury Secretary Jack Lew said on Wednesday.
Reuters

AUTOMOBILE INDUSTRY ACCELERATES INTO SECURITY

The Alliance of Automobile Manufacturers and the Association of Global Automakers today officially announced plans to address growing concerns over security weaknesses and vulnerabilities in new and evolving vehicle automation and networking features that could put cars at risk for nefarious hacking. The industry is in the process of forming a voluntary mechanism for sharing intelligence on security threats and vulnerabilities in car electronics and in-vehicle data networks -- likely via an Auto-ISAC (Information Sharing and Analysis Center), the officials say.
Dark Reading

RANSOMWARE: 5 THREATS TO WATCH

As Windows software vulnerabilities have gradually decreased in the wake of Microsoft's secure development lifecycle approach to writing code, the bad guys have been forced to raise the bar and get more creative. Enter ransomware, a nasty form of malware that not only infects your machine but also locks you out of it -- and in many cases, encrypts the data so you can't retrieve it.
Dark Reading

Cybersecurity Fears Drive SMBs to Third-Party Payment Services

Small merchants are less willing to handle transactions involving credit card or personal consumer data because of cybersecurity and cost issues, and are turning to third-party payment services.
Network World

Survey: Corporate Security Thwarted by Dialog Failure Between IT Dept. and Management"

The responses to a recent Ponemon Institute survey of 4,881 IT and security professionals offer a glimpse into the state of cybersecurity efforts at companies around the world.
Network World

The responses to a recent Ponemon Institute survey of 4,881 IT and security professionals offer a glimpse into the state of cybersecurity efforts at companies around the world.

Pennsylvania State University (PSU) researchers performed experiments examining how people with high-status job assignments assessed security and privacy and how impulsive or patient they were in making decisions.
Penn State News

Report Says 5 Percent of Organizational Revenues Lost to Internal Theft

A survey of Certified Fraud Examiners (CFEs) found that companies around the world lose about 5 percent of their annual revenues to occupational fraud.
Security Magazine

Millennial Enterprise Excellence

....I believe that there is a tremendous groundswell of new mindsets and talent being developed below all the bad press of gaming systems, iPhones and other technologies. I observe my son and his friends interacting globally and suddenly realize that essentially, this interconnected network of geographically dispersed teens entertaining themselves within graphically represented processes could most likely become the way we work in the near future.
Industry Week

Details Emerge of Boeing Hack
FBI: Chinese Nationals Stole Data on C-17 Transport

Three Chinese nationals seeking to make "big bucks" broke into the computers of Boeing and other military contractors, stealing secrets on transport aircraft, a U.S. criminal complaint says.
Info Risk

Strategic Planning: Program Life Cycle

This is an abbreviated portion of the Security Executive Council's strategic planning process that can be used to assist in building your security strategic plan.
SEC

Hard Proof That Wiping Your Phone Doesn't Actually Delete Everything

Have you ever sold an old smartphone on eBay? You might be interested to know that the apps, photos and even Google searches on your phone can still be recovered — even if you performed a factory reset.
Mashable

Controversial Cybersecurity Bill Known As CISA Advances Out Of Senate Committee

The Senate Select Committee on Intelligence voted Tuesday to approve a controversial cybersecurity bill known as the Cyber Information Sharing Act (CISA).
Forbes

Chinese Journalists Warned Not to Work With Foreign Media

The Chinese government, which already maintains tight restrictions on the country’s media, has issued new warnings to local journalists not to cooperate with foreign news agencies.
Sinosphere

Chinese Hackers Pursue Key Data on U.S. Workers

Chinese hackers in March broke into the computer networks of the United States government agency that houses the personal information of all federal employees, according to senior American officials.
New York Times

Banks Dreading Computer Hacks Call for Cyber War Council

Wall Street’s biggest trade group has proposed a government-industry cyber war council to stave off terrorist attacks that could trigger financial panic by temporarily wiping out account balances, according to an internal document.
BloombergBusinessweek

How the Target Breach Has Affected Small Business Data Security

Small and medium-sized businesses may think they're immune to the kinds of attacks that wreaked havoc on Target last year, but they're susceptible to the same nefarious forces – sometimes even more so, as they can lead hackers to a bigger prize.
CIO

Chemical Facility Security, Border Security, Emergency Communications Bills Passed by House

On Tuesday, the U.S. House of Representatives passed a quartet of homeland security bills focusing on the security of chemical plants, emergency communications, and border security.
Homeland Security Today

Europeans a Focus of Enhanced Search for Extremists

Eight European nations on Tuesday agreed to enhance surveillance of Europeans who went to Syria, or are at risk of going, to fight with Islamic extremists in the civil war.
Wall Street Journal

Security Weakness Found in Wi-Fi Enabled LED Light Bulb

Researchers at Context Information Security have identified a security vulnerability affecting a brand of Wi-Fi-enabled energy efficient light-emitting diode (LED) light bulb made by LIFX.
Help Net Security

Hackers Find Open Back Door to Power Grid With Renewables

Cybersecurity experts say that the addition of renewable energy sources such as solar and wind along with the move towards smart meters are creating new cybersecurity vulnerabilities for the electric grid in the U.S. and some other countries.
Bloomberg

"Chinese Woman Charged in Trade Secrets Theft Case

FBI agents in Des Moines, Iowa, on July 1 arrested a Chinese woman who allegedly conspired to steal trade secrets from seed corn companies in the U.S.
AP

Oil Industry Forms Clearinghouse for Cyberattack Data

The American Petroleum Institute recently announced that it has established the Oil and Natural Gas Information Sharing and Analysis Center, in which cybersecurity experts will analyze malicious software attacks on networks used to run energy infrastructure such as offshore rigs, refineries, and pipelines.
Security InfoWatch

Corporate Boards Race to Shore Up Cybersecurity

Corporate boards are waking to cyberthreats, grappling with security issues they once relegated to technology experts.
Wall Street Journal

Cybersecurity: Monitoring Risk in the Supply Chain

Outsourcing providers may promote themselves as trusted partners to their clients, but when it comes to cybersecurity risk, financial services firms would be wise to treat them as an extension of their own business.
FinOps Report

PayPal Two-Factor Authentication Broken

Security researchers have discovered a way to bypass the two-factor authentication in PayPal's iOs and Android apps.
Dark Reading

For Audit Committees, a Growing Role in Cybersecurity

High-profile retail data breaches, the discovery of the Heartbleed vulnerability, and a slate of regulatory developments have made cybersecurity a top priority for board and audit committees.
Wall Street Journal

Samsung Says Insurance to Cover Costs From Brazil Theft

Samsung Electronics reports that its insurance will cover most of the costs associated with Monday's theft of truckloads of merchandise from its factory in Campinas, Brazil.
Bloomberg

New Background Check Survey Reveals Security Issues in the Screening Process

The 2014 HireRight Employment Screening Benchmark Report has found that 72 percent of security and HR professionals had found concerns related to applicants or employees using thorough background checks.
Security InfoWatch

Cyber-Attacks Seen Defrauding Brazilian Payment System of Billions"

Cybercriminals have infiltrated Brazil's Boleto Bancário online payment system to steal potentially billions of dollars, according to RSA. Nearly 200,000 computers in Brazil have been infected in order get access to payment vouchers with an estimated value of $3.75 billion, RSA has determined
eWeek

Blackphone In The Wind: Officially Ships To Market

Blackphone is the first smartphone built with the user’s privacy as its core mandate.
Forbes

Cyberspying Campaign Comes With Sabotage Option

New research from Symantec spots US and Western European energy interests in the bull's eye, but the campaign could encompass more than just utilities.
InformationWeek

Cyberthreat Bill Backers Threatened

The hacktivist group Anonymous, in its latest posting, is threatening the "loved ones" of supporters of a Senate cyberthreat information sharing bill that critics contend weakens privacy protections.
GovInfoSecurity.com

NATO updates cyber defence policy as digital attacks become a standard part of conflict

Reflecting how all international conflicts now have some digital component, NATO has updated its cyber defence policy to make it clear that a cyber attack can be treated as the equivalent of an attack with conventional weapons.
ZDNet

Anti-Hacking Team Sees 'Red Threat' Unless Firms Share Data

In an 11-story office building in the Washington suburbs, hundreds of U.S. cybersecurity analysts work around the clock to foil hackers.
BloombergBusinessweek

School Security Plans Should Prepare Students to Expect the Unexpected

According to the National Center for Education Statistics, in 2011 the highest percentages of students most afraid of an attack or being harmed while at school were children between the ages of 12-18.
Security InfoWatch

Two Months Later, Heartbleed Patching Stalls Out With 300k Servers Still Vulnerable

Efforts to patch servers vulnerable to the Heartbleed bug have more or less ceased, according to Errata Security's Robert Graham. Graham had previously performed two scans of servers over 443 since Heartbleed was discovered in April. In
PC World

Hedge Fund Hackers Disrupting Trades for Profits, BAE Says

Hackers disrupted high-speed trading at a large unnamed hedge fund and rerouted data that might be used to make money in rogue stock-market transactions, said Paul Henninger, global product director for BAE Systems Applied Intelligence
Bloomberg

U.S. Ambassador Baucus Says China Cyber Theft is a Threat

The U.S. Ambassador to China, Max Baucus, said June 25 that the cyber theft of trade secrets by state actors in China has become a major threat to the U.S. economy and national security
Bloomberg

Card Fraud Impacts 1 in 4 Consumers Worldwide

One in four consumers worldwide have been the victim of card fraud in the last five years, according to a survey of consumers in 20 countries by ACI Worldwide and the Aite Group
Help Net Security

5.5 Billion Users of Mobile and Wearable Biometrics by 2019: Goode Intelligence

There will be 5.5 billion worldwide users of mobile and wearable biometric technology by 2019, according to a new Goode Intelligence report.
Biometric Update

Employers Have an Obligation to Address Workplace Violence

The Occupational Safety and Health Administration estimates that about two million U.S. workers are victims of workplace violence each year and about 10 percent of workplace fatalities are homicides.
Tallahassee Democrat

Montana Health Record Hackers Compromise 1.3 Million People

Officials say hackers gained access to a computer server tied to the Montana Department of Public Health and Human Services in early May, potentially exposing the data of patients, agency employees, and contractors.
Reuters

Gartner: Top Trends in IT Security Technology

Gartner analysts who spoke at the organization's recent Security and Risk Management Summit say there are several trends that will change the way IT security is practiced.
Network World

Do Consumers REALLY Care about Payments Privacy and Security?"

A May 2014 research study by idRADAR found that risk managers typically know consumers are concerned with security, but at the same time consumers are not active in adopting strong practices to safeguard their online privacy and security.
Portals and Rails

Hacker Tactic: Holding Data Hostage

Organizations are taking some novel approaches to addressing the threat from increasingly sophisticated cyberattackers who seek to steal their sensitive information.
New York Times

DHS Investigating Havex Trojan Which Targets Energy Companies

The Department of Homeland Security (DHS) on June 25 reported that it is currently investigating whether the Havex Trojan may have been used in earlier breaches in critical infrastructure
Wall Street Journal

PG&E Will Begin Metcalf Substation Security Upgrades This Year

The California electricity provider PG&E said June 18 that it plans to spend $100 million over the next three years on security improvements at an unspecified number of substations.
Contra Costa Times

Ukraine Suspects Terrorism in Pipeline Explosion

The explosion occurred only a day after the Russian energy company Gazprom announced that it would be cutting off natural gas supplies to Ukraine due to a dispute regarding pricing.
New York Times

Meet Bob, Britain's First Robotic Security Guard

Bob, the first robotic security guard in the United Kingdom, is helping G4S to help secure its headquarters in Gloucestershire. When the metal minder spots something out of place, he stores the information on his internal hard-drive and quickly reports it to his human counterparts.
Daily Mail

Popular HTTPS Sites Still Vulnerable to OpenSSL Connection Hijacking

Malicious hackers could potentially exploit a new vulnerability in OpenSSL to decrypt and modify traffic to and from some of the most popular websites, according to experts.
IDG News Service

Security Barometer - What is the Driving the Disconnect with the C-Suite?

A recent survey conducted by the Risk and Insurance Management Society (RIMS) and Marsh LLC found the following top risks in 2014 as determined by the C-Suite respondents compared to risk professional respondents:
SEC

Security and Threat Information Exchange Platform Launched by Microsoft

To help make response time even quicker, reducing the amount of time it takes to respond to a threat, Microsoft launched Interflow, a security and threat information exchange platform that allows quick communication between cybersecurity professionals who respond to cyber threats, hoping to give security professionals an edge.
Security Today

Senate committee passes FISMA reform bill

Legislation aimed at modernizing the 12-year-old Federal Information Security Management Act (FISMA) has passed a vote by the Senate Homeland Security and Governmental Affairs Committee on June 25 and is headed to the Senate floor.
SC Magazine

Increased Security Risks At Nnsa Sites, Says New GAO Audit Report

Increased Security Risks At Nnsa Sites, Says New GAO Audit Report Despite the implementation of security reforms at US nuclear weapons and research and development facilities from 2009 to 2012 that “generally varied among National Nuclear Security Administration (NNSA) sites … some of these efforts helped manage security costs and enhance productivity … but may also have increased security risks and reduced security performance at the Y-12 National Security Complex (Y-12) in Tennessee and other NNSA sites, depending on how the sites implemented the reforms,” a new government audit report said.
HSToday.US

Center for Disease Control and Prevention Workers May Have Been Exposed to Anthrax

The Centers for Disease Control and Prevention says some of its staff in Atlanta may have been accidentally exposed to dangerous anthrax bacteria because of a safety problem at one of its labs.
Continuity Insights

Undetected malware concerns two-thirds of small business owners, survey finds

The biggest security concern for small businesses is undetected malware, according to a survey – conducted by CSID and Research Now – of 505 owners of U.S. companies with one to 99 employees.
SC Magazine

Twitter Disables TweetDeck After Security Breach

Twitter said Wednesday it fixed a security vulnerability in its TweetDeck application and turned the service back on following a breach that affected users for a few hours.
Wall Street Joutnal

P.F. Chang's confirms breach in credit card data

P.F. Chang's China Bistro said there has been a breach involving data from customers' credit and debit cards used at its restaurants, confirming a report out earlier last week.
USA Today

600,000 customer details compromised at Domino’s

Today’s news that 600,000 customer records have been stolen from Domino’s France and Belgium yet again raises questions about just how seriously large corporations and big brands are taking data protection.
Help Net Security

Technology sites "riskier" than illegal sites in 2013, according to Symantec data

The “riskiest” pages to visit in 2013 were technology websites, according to data from users of Norton Web Safe, which monitors billions of traffic requests and millions of software downloads per day.
SC Magazine

Class-action filed against payroll company Paytime over massive data breach

A class-action complaint has been filed by Kraemer, Manes & Associates LLC and Carlson Lynch LTD against Paytime, a Pennsylvania-based payroll company that experienced a massive data breach in April.
SC Magazine

“Human error” contributes to nearly all cyber incidents, study finds

Even though organizations may have all of the bells and whistles needed in their data security arsenal, it's the human element that continues to fuel cyber incidents occurring, according to one recent study.
SC Magazine

More than 500 AT&T users victims of security breach

An undisclosed number of AT&T wireless customers has had their accounts broken into, exposing sensitive personal data including Social Security numbers and dates of birth, according to the company.
The Columbus Dispatch

Senate Panel to Examine 'Stalking Apps

Sen. Al Franken (D-Minn.) will hold a hearing next week on “stalking apps,” which can secretly track people through their smartphones.
The Hill

U.S. Treasury's Top Terrorism Cop: How Financial Tools Fight Foes

As the United States continues to reduce its formal military presence in the war on terror, the administration plans to rely more on financial tools to aid counterterrorism efforts, says Treasury Undersecretary for Terrorism and Financial Intelligence David Cohen.
Wall Street Journal

Study Reveals DHS Cyber Initiative Needs to Pick Up the Pace

A new study examining the progress of the Department of Homeland Security’s (DHS) Continuous Diagnostics Mitigation (DHS-CDM) program, which standardizes security monitoring across the federal government, indicated that while implementation of CDM has been impressive so far, federal security managers are anxious to pick up the pace.
Homeland Security Today

Cargo Theft: 2013 in Review

The Supply Chain and Information Sharing and Analysis Center (ISAC) has released its 2013 Cargo Theft report, which shows a drop in the total number of reported cargo thefts for the first time since 2005.
Security Today

ONVIF and SIA Announce Memorandum of Understanding on Access Control Standards

A Memorandum of Understanding has been signed by ONVIF and the Security Industry Association (SIA), under which the two will work cooperatively toward the development of Internet Protocol-based interoperability standards in access control.
Security Today

What are the Top Security Concerns of Senior IT Executives?

Two polls of the senior IT security executives who attended Courion's recent annual user conference found that cyberattacks carried out by insiders are common at some organizations, and executives are finding it difficult to reduce the threat of such attacks.
Help Net Security

NSF Dear Colleague Letter--Cybersecurity Education EAGERs

The U.S. National Science Foundation (NSF) Directorate for Education and Human Resources and Directorate for Computer and Information Science and Engineering have released a Dear Colleague Letter announcing interest in using Early Concept Grants for Exploratory Research (EAGERs) to foster collaboration between the cybersecurity research and computing education research communities.
CCC Blog

Make Your Case

Obtaining funding for security projects can be difficult, but if security managers learn how to present a strong and interesting business case, they can improve their chances of having their funding request approved.
Security Management

Security Guard Industry Lacks Standards, Training

A study by Michigan State University criminologists that was published in Security Journal has found that many states lack adequate training standards for security guards.
MSU Today

University Researchers Test Cyber-Defense for Nation's Power Grid

Researchers at North Carolina State University (NCSU) and the University of North Carolina, Chapel Hill have developed a prototype software-based system that would coordinate the activity of networked computers during a cyber attack.
CSO Online

Large Electric Utilities Earn High Security Scores

New data from BitSight Technologies shows that major electric utilities rank as among the most secure organizations.
Dark Reading

Study Says Amazon, Groupon Among Sites with Worst Password Security

Even after the Heartbleed bug, some of the most popular websites aren't taking password security seriously, according to a study. More than 80 percent of websites that were examined had subpar password security standards, according to Dashlane's Password Security Roundup report.
CNBC

Rooting Out Fraud

On May 6, Florida-based Baptist Health System Inc. was the latest in a long line of organizations to resolve a federal lawsuit accusing it of violating the False Claims Act (FCA).
Risk & Insurance

Riskier business: Travelers index exposes worries, lack of planning

The business environment is becoming riskier, and companies don’t feel they are prepared to manage the risks they believe are the most serious.
Risk Network

Senate Panel Confronts Backlog of Chemical Facility Security Plans

At a recent Senate Committee on Homeland Security and Governmental Affairs hearing, the Department of Homeland Security (DHS) reported it has taken steps to speed the process of completing the reviews of the approximately 3,120 chemical facility security plans.
Homeland Security Today

Experts Fear Major Attack Only Way to Stir Corporate Action on Cyber Security

The number of reports of cyber incidents the Department of Homeland Security's Industrial Control Systems Cyber Emergency Response Team responded to nearly doubled last year from 2012, but critical infrastructure companies remain reluctant to spend the money needed to upgrade their aging equipment.The number of reports of cyber incidents the Department of Homeland Security's Industrial Control Systems Cyber Emergency Response Team responded to nearly doubled last year from 2012, but critical infrastructure companies remain reluctant to spend the money needed to upgrade their aging equipment.
Insurance Journal

Study Says Amazon, Groupon Among Sites with Worst Password Security

Even after the Heartbleed bug, some of the most popular websites aren't taking password security seriously, according to a study.
CNBC

Why the Security Talent Gap is the Next Big Crisis

Security experts believe that the next national security crisis will be related to the growing security talent gap, which could potentially leave companies at risk of losing the battle against online criminals because they will not have the manpower to handle attacks.
Security

Cyber Crooks are Winning Tech War, and Silicon Valley is Losing

During the National Venture Capital Association's annual meeting on May 14, a panel of cybersecurity experts commented that tech companies in Silicon Valley are under frequent attack from foreign countries and groups looking to take advantage of potential vulnerabilities.
Wall Street Journal

Hackers Ramp Up Computer Attacks That Demand 'Ransom'

Hackers operating on the Internet's "Dark Web" are spreading a new, more sophisticated generation of the malicious software known as "ransomware," anonymously shaking down anyone with an unprotected computer, from lawyers and cops to small businesses.
USA Today

Cybersecurity Options Lag Behind Hackers' Abilities

A computer hacker once told a congressional committee that he could take out the entire Internet in a half-hour. That was back when the World Wide Web was in its infancy and Google didn't even exist yet.
Stars and Stripes

FBI PLANS CRACKDOWN ON CYBER CRIME, WITH ARRESTS IMMINENT

The Federal Bureau of Investigation will aggressively crack down on cyber crime over the next few weeks, with a bureau official advising the public to anticipate indictments, searches, and multiple arrests
Reuters

US RETAILERS SET UP CENTER FOR CYBER INTELLIGENCE SHARING

The US Retail Industry Leaders Association (RILA), along with several of America's most recognized retail brands, launched the Retail Cyber Intelligence Sharing Center (R-CISC).
Net Security

FBI SEEKS LICENSE TO HACK BOT-INFECTED PCS

A Department of Justice proposal would make it easier for FBI investigators to hack into remote devices that have had their location purposefully obscured or that are acting as part of a botnet.
Dark Reading

STUDY: DATA BREACHES MAKE HUGE IMPACT ON BRAND REPUTATION

Consumers rank data breaches and poor customer service high in their effects on brand perception.
Dark Reading

NEW NIST GUIDANCE: HOW TO BAKE SECURITY INTO CRITICAL SYSTEMS

The government's standards-making body on Tuesday announced guidelines for agency technologists and industry engineers on how to bake security into critical systems.
Nextgov

NIST SEEKS COMMENTS ON MAJOR REVISION TO INDUSTRIAL CONTROL SYSTEMS SECURITY GUIDE

The National Institute of Standards and Technology (NIST) has issued for public review and comment a proposed major update to its Guide to Industrial Control Systems (ICS) Security
NIST

States Lack Expertise, Staff to Deal With Cyberthreats to Utilities

Federal utility regulators and electric utility industry safety groups are increasingly aware of how vulnerable the national electric grids are to cyberattack, but the state commissions that regulate local utilities have responded to the growing risks slowly.
Homeland Security News Wire

What Chemical Facilities Need to do to Protect CVI

In order to protect Chemical-terrorism Vulnerability Information (CVI), the Department of Homeland Security (DHS) established rules for determining what qualifies as CVI, who has access to CVI, how it must be protected, stored, and transmitted.
Israel Foreign Affairs

UF a Showcase for Orlando Firm's Campus-Security App

Orlando, Fla., startup TapShield LLC has designed a mobile app that draws on cloud-based computing, GPS, and social media to connect users to campus security at colleges and universities.
Orlando Sentinel

Most Security Professionals Helpless to Stop Data Theft, Study Shows"

A recent study by the Ponemon Institute has found that 63 percent of IT security professionals have concerns about their ability to prevent data theft due to shortcomings in their current security systems.
Computer Weekly

Consumers Ditch Their Breached Retailers, Banks and Doctors

One-third of consumers stop shopping at retailers that have been breached, and 24 percent of consumers say they will leave banks or credit card companies that have been breached, according to a Javelin Strategy & Research survey.
Dark Reading

Meet the Fed's First Line of Defense Against Cyber Attacks

The U.S. Federal Reserve's first line of defense against cyberattacks is the National Incident Response Team (NIRT), which includes about 100 closely monitored employees who sift through the Fed's networks daily looking for indications of hacking.
Foreign Policy

The Internet of Things Likely to Drive an Upheaval for Security

The Internet of Things will catalyze a major paradigm change in IT security on a scale even larger than the shift to mobile, according to a new analysis by Gartner.
Computerworld

There's No Such Thing as a Good Data Breach

Limiting data breaches is complicated by myriad state and territorial laws with different breach notification requirements, incomplete notification disclosures, and suspicions that breaches are underreported or even not disclosed at all, writes the Atlanta Fed's David Lott.
Portals and Rails

Security Officers to Receive Firearms at Mo. Hospital

Derek Conz, the security team leader at Heartland Regional Medical Center in Missouri, says that 13 security guards will be authorized to carry and use a .9-millimeter pistol during patrol duty on the hospital's campus beginning May 1
St. Joseph News-Press

Keeping the Campus Healthy

Baptist Health Care Network is the largest, non-governmental employer in northwest Florida, with employees and physicians totaling more than 6,000.
Security Today

U.S. Officials Told Lawmakers Israel’s Industrial Espionage Efforts in U.S. 'Crossed Red Lines'

Officials from the Department of Homeland Security (DHS), the State Department, the FBI, and the National Counterintelligence Directorate said that Israel goes to far in its efforts to spy on the United States.
Homeland Security News Wire

Hackers Capture Dynamic Data to Prepare for Effective, Stealthy Attacks"

Cybersecurity experts are warning organizations about the threat from cyberattacks that use offensive forensics techniques to steal data stored in a computer's memory.
CSO Online

Hackers Stole Doctors’ Tax Refunds By Breaking In To Payroll Software

Last week, we shared the scary news that a ring of tax refund fraudsters appeared to have filed tax returns on behalf of hundreds of doctors and other health care professionals, harvesting their refunds.
Consumerist

Encryption in the cloud is scarcer than you think

Ponemon Institute report shows more encryption across cloud environments, but only a modest increase over the years.
InfoWorld

Cyber firms look to move the electrical grid

At a keynote speech in Washington last month, former CIA director Leon E. Panetta warned that cyberspace is the "battlefield of the future."
The Washington Post

Phishing Attacks on Telco Customers Grow

Phishing attacks targeting telecommunication companies' customers, which result in account takeovers, are on the rise, according to the Federal Bureau of Investigation and the Internet Crime Complaint Center.
Bank info Security

Phishing Attacks on Telecommunication Customers Resulting in Account Takeovers Continue

The schemes involve using automated telephone calls, or vishing, and SMS texts, or smishing, to lure customers to phishing sites that replicate telecommunication companies' sites, requesting the victims' log-in credentials and the last four digits of their Social Security numbers.
FBI

The Marketing of Heartbleed

Engineers at the security company discovered on April 4 the flaw in the cryptographic protocol OpenSSL and christened it the Heartbleed bug (see: Heartbeat Bug: What You Need to Know).
Bank info Security

2014 Data Breach Investigations Report

Read an excerpt from the 2014 Data Breach Investigations Report.
Verizon

Cybersecurity: Top Priorities in 2014

Cybersecurity frameworks, supply chain risks and malicious insiders - these are among 2014's hot topics, according to Alan Brill, senior managing director at Kroll Advisory Solutions.
Bank info Security

NCCIC: Combating the Insider Threat

From the National Cybersecurity and Communications Integration Center (NCCIC): Threats, to include sabotage, theft, espionage, fraud, and competitive advantage continue to materialize from those considered to be insiders of an organization.
US Department of Homeland Security

Innovative U.S. cybersecurity initiative to address cyberthreats

Cyberattacks on computer networks around the world reached 1.7 billion in 2013, up from 1.6 billion in 2012.
Homeland Security News Wire

GOOGLE EMBEDS CAMERA IN SMART CONTACT LENS

Earlier this year, Wired.co.uk wrote about Google's invention of a smart contact lens that could monitor blood glucose levels through tear fluid. Now, the tech giant has invented another pair of lenses with an in-built camera.
wired.com.uk

Top Information Security Threats in the Near Future

Each year, the Internet Security Forum, a nonprofit association that researches and analyzes security and risk management issues, releases its 'Threat Horizon' report to provide members with a forward-looking view of the biggest security threats over a two-year horizon. Here are the top 10 threats through 2016.
CIO

Proposal to Prevent Grid Attack Lacks Power, Critics Say

Critics say that the North American Electric Reliability Corp.'s proposed rules for protecting the power grid are not strong enough, partly because they do not include specific suggestions made by federal regulators following the 2013 attack on a substation near San Jose, Calif.
Wall Street Journal

From Shoplifting to Cyber Security, Businesses Advised to Check the Locks

While more than $35 million of goods are stolen from U.S. retailers every day — costing businesses more than $13 billion a year — external theft is just one of a host of security threats businesses face
South Coast Today

Big Bucks Going to Universities to Solve Pressing Cybersecurity Issues

The U.S. Federal Emergency Management Agency announced a three-year, $800,000 grant to several universities to research ways to prepare for, detect, and respond to cyberattacks.
Network World

Americans Report a Big Jump in Personal Data Theft

Eighteen percent of U.S. adults with Internet access say their personal information was stolen in a data breach, according to a Pew Research Center survey, up from 11 percent in July.
Washington Post

Chase Ramps Up Security: Is It Enough?

The nation's largest financial institution, JPMorgan Chase, is taking an appropriate leadership role by describing how it's ramping up its security efforts, say analysts, who assess the bank's plans for three cybersecurity centers.
Bank info Security

Heartbleed Bug: The Latest Alerts

Mobile applications can be as vulnerable to the Heartbleed bug as websites, warns security vendor Trend Micro.
Bank info Security

National Retail Federation to Establish Cybersecurity Program

The National Retail Federation (NRF), the world’s largest retail trade association, has announced plans to create a retail and merchant industry information sharing and analysis center that will help companies deal with cyber threats.
Softpedia

All the passwords you should change because of Heartbleed, in one handy graphic

The Heartbleed security flaw was fixed in the newest version of OpenSSL, but you should still change your passwords on all of the sites affected by the bug.
VB News

These Sites Tell Which of Your Accounts Have Been Hacked

Heartbleed, the massive flaw in web encryption recently made public, is just one of the unending stream of vulnerabilities that enables hackers to steal personal details and passwords from companies with which you do business.
Forbes

KKR CIO Surveys Cyber Risk Among Private Equity Holdings

BitSight, a company that collects large quantities of data every day from sensors located in public servers and from partners, recently conducted a cyber vulnerability survey for KKR that examined the levels of cyber risk for 75 of the private equity firm's portfolio companies.
Wall Street Journal

Survey: Small Retailers Feeling Insecure

A new survey commissioned by ADT has found that only a third of small- and medium-sized retailers have complete confidence in their current security systems.
Security Director News

2 Regulators Issue Guidelines on Sharing Cybersecurity Information

Sharing data between companies about cybersecurity threats will not cause antitrust concerns, according to guidelines issued by the Federal Trade Commission and Justice Department on Thursday.
New York Times

Federal Energy Regulator to Take Steps to Protect Grid

Federal Energy Regulatory Commission (FERC) acting Chairwoman Cheryl LaFleur told lawmakers Thursday that her agency will perform a full review of the chain of custody of all documents following the release of sensitive information about the impact of a physical attack on the nation's electric power grid.
Wall Street Journal

56 Percent of Employees Still Receive no Security Awareness Training

A new EMA survey of employees in government, public and private companies, and nonprofits conducted found a majority still receive no security awareness training whatsoever.
Help New Security

Advanced Attackers Go Undetected for 229 Days

Organizations are generally discovering cybersecurity breaches earlier, and they are increasingly having to turn to outside help to do so, according to a new FireEye report.
Help Net Security

Trove of Software Flaws Used by U.S. Spies at Risk

Trove of Software Flaws Used by U.S. Spies at Risk
BloombergBusinessweek

Cybersecurity Is a Puzzle—Where Does Your Piece Fit?

Cindy Fornelli, the executive director of the Center for Audit Quality, writes that deepening collaboration and ensuring effective communications among key players is the key to effectively fighting cybercriminals.
Pulse

Aviation Industry and Government to Share Cyber Threats in New Intelligence Center

The U.S. government and the aviation industry on April 15 launched the Air Domain Intelligence Integration Center and an analysis center, which will be used by government and industry officials to share information on cyber threats.
Wall Street Journal

113 People Detained and 70 Arrested in Action Day Tackling Airline Fraud

On 8 and 9 April 2014 law enforcement agencies from across the world, supported by the European Cybercrime Centre (EC3) at Europol, joined forces with the airline, travel and credit card industries in the largest ever attack upon online fraud and illegal immigration.
Europol

Sharing cyber threat details not antitrust violation, U.S. says

The U.S. government on Thursday urged companies to share information with each other about cyber threats and issued guidance making clear that doing so would not violate antitrust laws.
Reuters

Power Companies Struggle to Maintain Defenses Against Cyber-Attacks

When experts rank U.S. industries' abilities to ward off potentially damaging cyberattacks, the electric utilities are normally near the bottom.
insurancenewsnet.com

PrecisionHawk's drones collect data on crops from hundreds of feet above.

These companies are mining the world’s data by selling street lights and farm drones.
Quartz

DHS Turns to Mentors to Strengthen Cyber Workforce

The U.S. Department of Homeland Security (DHS) has adopted a rotation and mentorship strategy to find and develop qualified cybersecurity professionals.
Federal News Radio

With Rare Support, Chemical Security Legislation Advances in House

A bill that provides long-term authorization for the Department of Homeland Security's chemical-facility antiterrorism security (CFATS) standards was approved by the House Homeland Security Subcommittee on Cybersecurity, Infrastructure Protection and Security Technologies on Thursday.
National Journal (DC)

Experian Faces Connecticut, Illinois Probes of Data Breach

Representatives for Connecticut Attorney General George Jepsen and Illinois Attorney General Lisa Madigan have confirmed that they are investigating Experian following a breach of a company database by Hieu Minh Ngo, a Vietnamese man who has pleaded guilty to selling credit-card data, Social Security numbers and other personal information to fraudsters that had been taken from the Experian database.
Wall Street Journal

Pentagon to Triple Cyber Staff to Thwart Attacks

U.S. Defense Secretary Chuck Hagel recently made his first major speech on cyber policy, which focused on significantly growing the ranks of the Pentagon's cyberwarfare unit in an effort to defend against foreign attacks on important U.S. networks.
Associated Press

Cost of Advanced Evasion Techniques in Recent Data Breaches

There is a great deal of misunderstanding, underestimation, and ignorance of advanced evasion techniques (AETs) among CIOs and security managers, according to a new McAfee report.
Help Net Security

Internet of Things: Mitigating the Risk

Tony Sager, chief technologist of the Council on Cybersecurity and former COO of the U.S. National Security Agency's information assurance directorate, has turned his attention to mitigating the cybersecurity threats facing Internet-connected embedded devices, the Internet of Things.
GovInfoSecurity.com

Law Firms are Pressed on Security for Data

Large corporations and banks are increasingly pressing the law firms they work with to demonstrate that their computer systems are using the best technologies to identify and mitigate online intrusions and to take extra steps to ensure that their systems are well protected.
New York Times

NIST, DHS Push for More Engagement Around Cyber Framework

The White House's cybersecurity framework to safeguard the nation's critical infrastructure was implemented six weeks ago, and federal officials say they are seeing progress but need Congress to address liability protection for companies.
Federal News Radio

Security Firm Trustwave Says Target Data Breach Claims Baseless

Credit-card security firm Trustwave Holdings, which has been sued along with Target over a sweeping data breach, says it did not process cardholder data for the retailer or handle Target's data security as a lawsuit alleges.
Reuters

Credit Card Issuers Seek Out New Ways to Increase Data Security

Reports of major data breaches continue to rise even though major retailers are required to comply with cybersecurity guidelines set by the credit card industry.
US Finance

Navy-Base Shooting Raises Concerns Over Port-Security Program

Sen. Mark Warner (D-Va.) sent a letter to Homeland Security Secretary Jeh Johnson and Navy Secretary Ray Mabus on March 28 to express his concerns about the effectiveness of the Transportation Worker Identification Credential (TWIC) program in the aftermath of a shooting at a Norfolk, Va., naval base last week.
Wall Street Journal

Could Our Food Supply be a Target for Terrorists?

The Food and Drug Administration has proposed new rules that would require domestic and foreign companies that process and manufacture food and ship it to the U.S. to take steps to mitigate the risk of potential terrorist attacks against their facilities.
NPR Online

Cargo-Theft Recovery Program Launched in Canada

On March 18, the Insurance Bureau of Canada (IBC) and the Canadian Trucking Alliance (CTA) introduced a new phase of the Cargo Reporting Program, which was designed to help combat the country's growing $5 billion cargo theft problem.
Security Director News

Defense Firms Find Work Battling Corporate Hackers

Defense contractors that have traditionally served the federal government are now hoping to help corporate clients defend against cyberattacks through software or consulting services.
Wall Street Journal

Banks' Suit in Target Breach a 'Wake Up Call' For Companies Hiring PCI Auditors

Trustmark National Bank and Green Bank filed a lawsuit in federal court against Target and Trustwave Holdings on Monday in response to the massive data breach the retailer suffered last year.
CSO Online

Visa's Chief Risk Officer on the Future of Credit Card Fraud

Visa Chief Risk Officer Ellen Richey acknowledges it will take several years for the U.S. to achieve widespread use of credit cards with embedded chips.
MarketWatch

US Not Waging Industrial Espionage

Senior U.S. intelligence officials speaking on condition of anonymity say that the U.S. is not spying on foreign companies in order to give American firms a competitive advantage, despite claims by Edward Snowden to the contrary.
Sky News

Target, Visa Say Fraud Limited in Wake of Data Breach

Target has seen relatively little fraudulent activity on its payment cards since the massive data breach last year, said chief financial officer John Mulligan, speaking at a Senate Commerce Committee hearing on Wednesday.
Wall Street Journal

Half of IT Execs Don't Tell Boards Truth About Breaches

According to a survey of 1,083 IT and IT security workers conducted by Ponemon Institute in January, half of CIOs and CISOs do not tell executives at their companies the truth about cybersecurity breaches.
Wall Street Journal

Changes Proposed to US CFATS Facility Security Rules

According to Pharmaceutical Research and Manufacturers of America (PhRMA), it is too early to predict the impact that changes to the Chemical Facility Anti-Terrorism Standards (CFATS) proposed by Rep. Patrick Meehan (R-Pa.) will have on the pharmaceutical industry.
in-Pharma Technloogist

Why Identity is the New Firewall

Identity management is becoming the new firewall that keeps out those who are not allowed to gain access to an area within a building, facility, or campus.
Security Magazine

U.S. Utilities Tighten Security After 2013 Attack

Two electric utilities have announced that they are taking steps to improve the security of their facilities following increased concerns about the possibility of terrorist attacks on the nation's power grid.
Wall Street Journal

Big Data Analytics: The Enterprise's Next Great Security Weapon

The use of big data analytics by companies to better protect data and secure networks will more than triple in the next two years, according to a new Gartner report.
ZDNet

Can Threat Modeling Keep Security a Step Ahead of the Risks?

Cybersecurity experts say it is important for organizations to perform threat modeling on a regular basis in order to stay ahead of potential threats.
CSO Online

Study Shows Those Responsible for Security Face Mounting Pressures

IT security professionals are increasingly feeling stress in their jobs, according to a new Trustwave survey of 833 security decision makers in the U.S. and several other countries.
CSO Online

Microsoft Takes to the Front Lines in the War on Cybercrime

Stepping up to fight the cyber war, Microsoft unveiled a new state of the art Cybercrime Center specifically designed to battle botnets, malware and other various forms of internet crime.
Entrepreneur

Assault on California Power Station Raises Alarm on Potential for Terrorism

Former Federal Energy Regulatory Commission (FERC) Chairman Jon Wellinghoff and others are warning that a little-known attack on an electric substation in Santa Clara County, Calif., last year could be a herald for larger attacks aimed at causing widespread power outages.
Wall Street Journal

Point of Sale System Attack Campaign Hits More Than 40 Retailers

The ChewBacca Trojan has infected more than 40 merchants and stolen payment card and personal information from approximately 50,000 customers by targeting point of sale systems (POS), according to RSA FirstWatch.
Dark Reading

Data Security Is Not Their Responsibility, Say 23 Percent of Employees

A new survey of employees by Absolute Software finds that nearly a quarter believe that data security is not their responsibility.
Computer Weekly

Security Professionals Identify IT Risks Associatied With Cloud Computing

ESG recently surveyed 211 enterprise security professionals about what they saw as the biggest security risks associated with using cloud infrastructure services.
Network World

Target Traces Security Breach to Stolen Vendor Credentials

Target spokeswoman Molly Snyder confirmed that the company's ongoing investigation into the recent data security breach has revealed that hackers were able to gain access to Target's systems by using a vendor's credentials which they had stolen.
ZDNet

The Economics of a National Cyber Immune System

At the recent Cyber Innovation Forum in Baltimore, White House cyber czar Michael Daniel spoke about the need to strengthen the federal government's "cyber immune system."
Federal Computer Week

Stumbling Blocks That Faceplant Security Analytics Programs

here are a number of obstacles that often prevent enterprises from effectively integrating security analytics into their IT security infrastructure. First among these is siloed organizational units that impede the effective gathering and sharing of data.
Dark Reading

SURVEY: WORKPLACE MISCONDUCT AT HISTORIC LOW

Research released today by the Ethics Resource Center (ERC), America’s oldest nonprofit advancing high ethical standards and practices in public and private institutions, reveals that workplace misconduct is at an historic low, having steadily and significantly declined since 2007.
ERC Ethics Resource Center

Preparing Utilities to Respond to Cyberattacks

Sharon Chand, a director with Deloitte & Touche's Security & Privacy, notes that the decades of experience utilities have in preparing for natural disasters can be used to help guide their responses to cyberattacks.
Wall Street Journal

Three Ways to Better Secure Your Data in 2014: It’s Time for Two-Factor Authentication"

According to technology consultant Geoffrey Fowler from the Wall Street Journal, every business' priority should be security in 2014. In light of recent security breaches by Skype and SnapChat, Fowler says businesses must be vigilant about upholding security.
Wall Street Journal

Hacker Threats Rise, With Defenders Lacking: Report

The Cisco Annual Security report, which was released on Thursday, showed that the technology and techniques used by hackers and other online criminals has outpaced security professionals ability to defend against such threats.
Agence France-Presse

Is Rapid Detection the New Prevention?

Many IT security experts say the time when a strong perimeter defense could be counted on to defend a network is over, and that what is needed is a greater focus on technologies that detect network breaches and cut them off before they can do any serious damage.
Network World

Senior Managers Are the Worst Information Security Offenders

Senior managers pose a major security risk for companies, according to a Stroz Friedberg nationwide survey of 764 information workers
Help Net Security

Algorithms are Changing the Face of Situational Awareness and Online Security

The adoption of algorithms is changing the face of both situational awareness and online security, as algorithms only take a few seconds to perform technical tasks, which allows humans to concentrate on more complex problems.
Security InfoWatch

"Top Six Data Breach Trends for 2014

The theft of debit and credit card information from Target in November and December was just one of many data breaches that took place in 2013.
Security InfoWatch

Game Theory Helps Corporate Risk Managers Analyze Terrorism Risks

Corporate risk managers have found that game theory can improve terrorism risk analysis by helping them prepare for unexpected situations.
Homeland Security News Wire

US Employee Prescription Drug Use Booms as Workers Evade Positive Marijuana and Cocaine Tests

A new study by Quest Diagnostics has found that U.S. workers are becoming more knowledgeable about how to game pre-employment drug screening.
International Business Times

Cybersecurity Training a Top Priority for Industry, Government

Cybersecurity professionals are expected to be in high demand through 2020 and beyond, and private- and public-sector organizations are launching outreach programs to train workers.
eWeek

Spear Phishing Poses Threat to Industrial Control Systems

Security experts say that energy companies that use supervisory control and data acquisition (SCADA) systems need to ensure that their anti-phishing programs are strong, as a successful phishing attack could be as devastating as the Stuxnet attack.
CSO Magazine

7 Simple Ways You Can Protect Your Ideas From Theft

There are a number of ways that businesses and individuals seeking investors, partners, or employees to support their ideas or discoveries can prevent those associates from marketing that innovation as their own.
Forbes

Executive Bad Habits, Including Porn, Endanger Corporate Security

A recent study conducted by Opinion Matters for ThreatTrack Security showed that company executives may pose one of the biggest security risks to organizations.
PC World

Schools Safe as Ever Despite Spate of Shootings, Scares

According to the departments of Justice and Education, school safety has improved and violence has fallen for students and teachers.
USA Today

Kelihos Botnet Thrives, Despite Takedowns

Kaspersky Lab's sinkholing of one version of the Kelihos botnet 19 months ago—together with CrowdStrike, the Honeynet Project, and Dell SecureWorks—along with other significant eradication efforts, have resulted in a sharp decline in related botnet activity, according to research the lab recently published.
Information Week

Security Is Top Concern in 2014 for State CIOs

Security is the top concern next year for state CIOs, according to NASCIO's State CIO Top Ten Policy and Technology Priorities for 2014 survey.
FierceCIO

Attack Ravages Power Grid. (Just a Test.)

Nearly 10,000 cybersecurity specialists, electrical engineers, FBI agents, and utility executives took part in the more than 48-hour long continental-scale war game known as GridEx II.
New York Times

Personal Devices Pose Biggest Threat to Corporate Security

Security software provider, Check Point, has found that 93 percent of US and UK companies use mobile devices to connect to corporate networks, while 67 percent allow employees to connect personal devices.
Financial Times

Employee Theft on the Rise, Survey Reveals

Jack L. Hayes International's Annual Retail Theft Survey shows that retail theft increased 5.5 percent in 2012, which was the second increase in as many years.
Digital Journal

Early Stage Startups Vulnerable to IP Theft

David DeWalt, the chairman and CEO of the cybersecurity firm FireEye Inc., has warned that there is a clear correlation between press releases detailing a startup's acquisition of venture capital funding and attacks by thieves seeking to steal the startup's intellectual property.
Wall Street Journal

The Many Faces of Financial Fraud

Improvements in payment protections and security practices are beginning to shift the liability for financial fraud onto the least-secure party involved in the transaction.
CSO Magazine

Ridge Warns Utility Officials on Threat of Attack

During the "Grid 20/20: Focus on Resilience" conference in Philadelphia on Tuesday, former Homeland Security Secretary Tom Ridge warned regional utility officials that they need to explore more ways to protect the nation's electric grid from attack.
Philadelphia Inquirer

PCI council publishes updated payment security standards

On Thursday, version 3.0 of the Payment Card Industry Data Security Standard (PCI DSS) and Payment Application Data Security Standard (PA-DSS) became available for merchants, who'll have until January 1, 2014 before the requirements become effective.
SC Magazine

Bipartisan Cybersecurity Measure to be Introduced in Congress

Sen. Saxby Chambliss (R-Ga.) reported last week that he planned to introduce cybersecurity legislation to improve data sharing between the public and private sector.
Home Security News Wire

Chinese Army's Industrial Espionage Continued Even After Exposure

The Chinese military continues to support widespread corporate espionage against U.S. companies, according to a report from the US-China Economic and Security Commission, a congressional advisory panel
International Business Times

Mobile Phone Use a Significant Security Risk for Companies

New research from the U.K.'s University of Glasgow finds that the improper use of corporate mobile devices by employees is exposing companies to potentially serious security and legal risks.
Home Security News Wire

NSA Chief Likely to Be Stripped of Cyber War Powers

Senior military officials are strongly considering removing the National Security Agency director's authority over U.S. Cyber Command.
The Hill

Security Check Now Starts Long Before You Fly"

Airline passenger screening is being expanded by the Transportation Security Administration, as a search of several government and private databases will now be conducted prior to passengers' arrival at the airport.
New York Times

4 Ways Metrics Can Improve Security Awareness Programs

It is important to use the right metrics in the right way to properly evaluate and make the case for security awareness programs.
CSO Online

Despite Drop in Fraud, Businesses Told to Remain Vigilant

The percentage of companies reporting instances of fraud has fallen from 75 percent to 61 percent, according to the latest version of Kroll's annual Global Fraud Report
CSO Online

Millions of Employees Victims of Workplace Violence

The federal Occupational Safety and Health Administration (OSHA) has begun paying closer attention to violence between workers and to violence directed at employees by customers, clients or other outsiders, said Thomas Fuller, an assistant professor at Illinois State University who teaches a course on workplace violence
Pantagraph

Cybersecurity Talent Pipeline Not Being Fed by High Schools, Survey Finds

Less than a quarter of the 1,000 adults between the ages of 18 and 26 who took part in the recent Raytheon Millennial Cybersecurity Survey expressed an interest in a career in cybersecurity.
Homeland Security Today