Leadership Solutions

Strategic News

Study: Most Companies Can't Protect Confidential Documents

A majority of companies are unable to prevent employees from sharing confidential documents, according to a Fasoo study.
CSO Online

Is Your Hospital's Communications System Ready for the Next Big Emergency?

Updated emergency communications systems designed to meet hospitals’ unique needs are crucial to maintain real-time communication during emergency situations.
Campus Safety Magazine

Cyber Bank Heists No Surprise as Online Security Lags Behind: Expert

The internet is not equipped to provide the necessary security to counter cybercrime, according to internet security expert Sir David Omand in response to the Bangladesh bank heist.

U.S. Cyber Command Struggles to Retain Top Cybersecurity Talent

Despite renewed efforts to attract new cybersecurity talent, U.S. Cyber Command is grappling with stiff competition from private firms in recruiting and retaining a skilled workforce.

Orlando Shooting Plays Into FBI’s Homegrown-Terror Worries

FBI Director James Comey disclosed new details Monday concerning the background of Omar Mateen, the gunman authorities say killed 49 people at Pulse nightclub in Orlando.
Wall Street Journal

Boards Ready to Fire Over Bad Security Reporting

Chief information security officers could lose their jobs if boards think their CISOs are poorly communicating security concerns, according to 59 percent of board members surveyed by Bay Dynamics.
CSO Online

A Computer Security Start-Up Turns the Tables on Hackers

Area 1 Security, a startup founded by former NSA analyst Oren Falkowitz, is trying to tap into private servers to monitor the activities of hackers.
New York Times

Cybercrime Market Sells Servers for as Little as $6 to Launch Attacks

An underground online forum known as xDedic is selling access to more than 70,000 compromised servers, enabling buyers to carry out widespread cyberattacks around the world, according to Kaspersky Lab researchers.

FICO To Launch Corporate Security Score

FICO, the company known for consumer credit rating services, will launch a new product that rates the security of corporations.

77 Percent of Organizations Unprepared for Cybersecurity Incidents

There has been little improvement in cybersecurity preparedness in the last three years, according to research from NTT Com Security's 2016 Global Threat Intelligence Report.
SC Magazine

Aviation Security Needs to Be Stepped Up, Echo Industry Executives

Emirates Airline President Tim Clark said on June 2 that the recent attacks on commercial aviation prove that the security structures currently in place to protect passengers are insufficient.
Wall Street Journal

Orlando Colleges Increasing Security on Campus Following Terror Attack

While there are no specific or credible threats to any of the campuses in the Orlando area, campus safety officials felt it necessary to beef up police presence on campuses and assure students that support services are available.
Security Today

Common Password is Revealed in Massive Twitter Heist

In a massive recent theft of Twitter usernames and passwords involving nearly 33 million customers, “123456” was by far the most commonly used password, according to security company LeakedSource.
Security Today

Symantec to Buy Blue Coat for $4.65 Billion

For its next move since jettisoning storage firm Veritas and becoming a pure-play security vendor, Symantec will now buy network and cloud security firm Blue Coat from private-equity owners Bain Capital, obtaining a replacement CEO in the process.
Data Breach Today

Zbot: Cybercrime's New Super Infrastructure?

Researchers have watched a botnet composed mostly of compromised computers in the Ukraine and Russia become a growing hive of criminal fraud activity, playing a role in everything from ransomware and click fraud to spam bots and supporting stolen payment card marketplaces.
Data Breach Today

Morgan Stanley's SEC Penalty Called Inadequate

The $1 million penalty that the Securities and Exchange Commission imposed on Morgan Stanley for its failure to prevent a now former employee from compromising some 730,000 client accounts is too low to send a strong message to financial services firms about the need for stronger cybersecurity and internal fraud controls, security experts say.
Data Breach Today

Retailers: Don't Require Us to Meet Bank Security Standards

The Retail Industry Leaders Association is battling against passage of a national data security and breach notification bill known as the Data Security Act of 2015, or H.R. 2205, arguing it would unreasonably require retailers to meet some of the same security standards as banks, says Austen Jensen, the group's vice president of government affairs.
Data Breach Today

Audio Report: Updates on Infosec Europe, NIST Framework

In this edition of the ISMG Security Report, DataBreachToday Executive Editor Mathew Schwartz reports from the floor of the Infosecurity Europe conference in London on the top concerns of security practitioners, including ransomware.
Data Breach Today

Wendy’s Credit Card Breach Worse Than Earlier Thought

The credit card breach at Wendy’s is likely to be way beyond the officially reported figure of “fewer than 300,” says KrebsOnSecurity, citing fraud and banking community sources.
Dark Reading

NIST to refine Cybersecurity Framework after comments from stakeholders

The National Institute of Standards and Technology (NIST) is developing a minor update of its Cybersecurity Framework based on feedback from its users. In the just-released Cybersecurity Framework Feedback: What We Heard and Next Steps, NIST is announcing that a draft of the update will be published for comment in early 2017.
Homeland Security News Wire

Testing NYC subway biodefenses

Researchers took to the New York City subway system 9-13 May to study how a surrogate for a biological agent, such as anthrax, might disperse throughout the nation’s largest rapid transit system as a result of a terrorist attack or an accidental release.
Homeland Security News Wire

27 Percent of Cloud Apps Present Significant Risks to the Enterprise

Twenty-seven percent of third-party cloud apps are classified as high risk, says a new report.
Security Magazine

Ports Need to Rethink Criminal Activity

Port computer systems are vulnerable to criminal organizations looking to steal, smuggle or commit espionage.
Risk & Insurance

Let’s Encrypt CA inadvertently leaks users’ email addresses

Let’s Encrypt, the non-profit Certificate Authority (CA) that helps website administrators switch from HTTP to HTTPS quickly and effortlessly, has accidentally leaked 7,618 email addresses of its users.
Help Net Security

IAHSS Study Reveals Dramatic Drop in U.S. Hospital Violent Crime Rate

Violent crimes within hospitals dropped by 68 percent in 2015, according to a report by the International Association for Healthcare Security and Safety Foundation.
Campus Safety Magazine

J.P. Morgan’s CIO on the Bank’s Security Game Plan

In a recent interview with the Wall Street Journal, J.P. Morgan CIO Dana Deasy discussed the bank's security plan to ensure that its $9.4 billion technology budget remains safe.
Wall Street Journal Online

Enterprises Rely on 'Blind Trust' When It Comes to Cloud Security, Survey Finds

Close to half of security personnel “simply trust” their cloud providers' security tools without further verification, according to a survey of 100 IT decision makers and security experts by Enterprise Management Associates (EMA).
Fierce IT Security

Ransomwhat? 43 Percent Don't Know What Ransomware Is

A study by Kaspersky Lab found that 43 percent of consumers in the United States and Canada do not know what ransomware is.

North Korea Linked to Digital Attacks on Global Banks

Security researchers believe the recent increase in digital breaches on Asian banks is tied to North Korea. If confirmed, it would be the first known cause of a nation using digital tactics for financial gain.
New York Times

5 Strategies to Prevent Fraud, Waste, and Abuse

Billions of taxpayer dollars are lost due to waste, fraud, and abuse, according to the Deloitte Public Sector Research report, which offers preventative and corrective strategies for the problem.
Government Technology

Beware The Risk of Ransomware

Ransomware has been a growing problem in 2016, with more than 800 reports as of April, according to the Internet Crime Complaint Center (IC3).
Federal Times

Report Shows Murders Are Up in Many U.S. Cities

There was a nine percent increase in homicides across dozens of U.S. cities over the first three months of 2016, compared with the same period last year, according to a new report from the Major Cities Chiefs Association.
Security Magazine

SEC Says Cyber Security Biggest Risk to Financial System

Cyber security is the biggest risk facing the financial system, SEC Chair Mary Jo White said on Tuesday.

RIC Officials Wary of Government Analysis of Risks Posed by Airport Employees

In the wake of various criminal activities in airports, such as gun smuggling, drug smuggling, and terrorism, the government is conducting a "vulnerability assessment" of U.S. airports, to be completed by the end of April.
Richmond Times

Cybercriminal Business Model Vulnerable to Intervention

Cybercrime may be more common than ever, but its business model is vulnerable on many fronts, according to a new Hewlett Packard Enterprise report.
CSO Online

House to Vote to Expand Cyber Workers, Small Business Help

House lawmakers this week will vote on helping recruit and train more cyber workers and defend small businesses against cyberattacks.
Politico Pro

Companies Get Creative to Relieve Shortage of Security Professionals

While many companies are offering larger salaries and better benefits, others are trying fractional IT security positions and more intelligent systems as a remedy to the shortage of security professionals.

Terror Stalks Commuters as Foiled Plots Show Transit Is Target

A Bloomberg News review of a terrorism database shows that public transit has become the main target for bombings, shootings, and other attacks in the West.

When Employees Market Passwords for Profit: Four Business Security Challenges and Strategies to Combat Them

Employees are developing a new, alternative income market, and it poses a direct security threat to employers.
National Law Review

Execs: We’re not responsible for cybersecurity

More than 90 percent of corporate executives said they cannot read a cybersecurity report and are not prepared to handle a major attack, according to a new survey.

Intel tech chief: 'Ransomware' attackers setting sights on these

Cybercriminals using "ransomware" are shifting their sights from individual targets to bigger ones, Intel Security Group's Steve Grobman said Monday.

Total tech anonymity not good for society: Isaacson

Major forms of communication should not be beyond the reach of the law, Walter Isaacson said one day after the Justice Department said it had broken into an iPhone used by one of the San Bernardino shooters.

Americans support Apple over Feds in privacy debate: Survey

Apple is gaining ground in winning the hearts and minds of the American public in the battle with the federal government over encryption.

A new report from the National Center for Education Statistics (NCES) found crime in U.S. schools and college campuses has declined over the past two decades, but also revealed certain disturbing trends.
Security Magazine

Enterprises at Risk from Accidental Insider Threats

A recent survey from Kaspersky Lab found that 29 percent of all businesses had reported accidental disclosures by insiders as their biggest source of data loss
Security Magazine

Into the Deluge: The Evolution of Cyberthreats to Law Firms

Cyber attacks in the legal industry are starting to look less like case-specific spectacles perpetrated by nation-states and activist cabals, and more like a daily assault by burglars and common criminals.
Legaltech News

Breaches: Why Are U.S. Banks, Retailers Frequent Targets?

The U.S. financial services and retail sectors had more data breaches in 2015 than any other business sectors worldwide, according to Verizon's 2016 Data Breach Investigations report.
Bank Info Security

Verizon DBIR: Over Half Of Data Breaches Exploited Legitimate Passwords In 2015

Financial sector suffered the most breaches last year, followed by the accommodation/hotel sector.
Dark Reading

Malware Disrupts Business Operations at Michigan Public Utility

A ransomware attack continues to impact the administrative services of the public utility serving Lansing, Mich. The Lansing Board of Water & Light (BWL), which shut down its administrative computers to prevent the spread of the malware, is still cleaning up its administrative systems and working to restore corporate email and other systems.

Third Party Risk on the Rise; Risk Mitigation is Low Priority

A new survey from the Ponemon Institute has found that third party risks are increasing in organizations across the country.
Security Magazine

The Two Biggest Security Threats to Corporate Laptop Users

The two biggest security threats facing company networks could be laptops and the software that runs on them.

Persistent Tracking of Endpoint Devices Takes on Insider Threats

Absolute, a security and data risk management solution provider, has developed Endpoint Data Discovery (EDD), a system that enables organizations to locate and protect specific sensitive data on endpoint devices even when they are outside the enterprise network.
GCN Magazine

U.S. Cyberwar Against ISIS Could Use Methods and Tactics Criminals Use Against Enterprises

A cyberwar with the Islamic State could involve tools and tactics that corporate security professions must fight every day.

Insider Threats: A Bigger Risk Than You Think

The term "insider threats" often refers to individuals who use their knowledge of or access to an organization and its systems to perpetrate fraud, sabotage, theft, or a violent act.
Wall Street Journal

Making Security the Business of Everyone in the Company

How can companies balance the requirements of convenience and security? By making security everyone's business.

Researchers Nab Millions of Stolen Credentials for Gmail, Hotmail, Yahoo, Banking

A hacker handed over millions of stolen credentials for Google, Microsoft and Yahoo email accounts, as well as thousands for banking, manufacturing and retail, in exchange for researchers liking and voting up his social media page.

University of Texas Security Study to Be Completed by Late Summer

A comprehensive evaluation of safety and security protocols has been ordered at the University of Texas' flagship campus after the first murder in 50 years took place, President Gregory Fenves has announced.
Security InfoWatch

Threat Hunting' on the Rise

Rather than waiting for the inevitable data breach to happen, many organizations say they have begun more actively seeking bad actors and malicious activity on their networks.

Feds' Trust in Agency Cybersecurity Erodes

Only 8 percent of federal employees feel very confident in their agency's ability to protect information systems from cyberattacks, according to a new survey from Dell Security and the Government Business Council
GCN Magazine

Cyberattackers Find Coveted Openings in Easy-to-Fix Network Vulnerabilities

Preventing cyberattacks is a difficult task for many companies, according to the Vistage CEO confidence index. It found that in the first quarter of 2016, 41 percent of small and mid-sized businesses said they were not prepared for a cyberattack.
Legaltech News

U.S. Cyberattacks Target ISIS in a New Line of Combat

The U.S. is for the first time directing the military's Cyber Command to mount computer-network attacks, now being used alongside more traditional weapons, in a new line of combat again the Islamic State.
New York Times

Drone Manufacturers Work to Combat Growing Terror Threat

Recently, a drone collided with a British Airways flight landing at London's Heathrow Airport.
Fox News

Compromised Credentials Still to Blame for Many Data Breaches

Compromised credentials are the cause of almost 25 percent of all data breaches, while account hijacking and malicious insiders also rate as top threats, according to the Cloud Security Alliance (CSA).
Help New Security

Jury Awards EHR Vendor $940 Million in Trade Secrets Case

Epic Systems Alleged Consultancy Inappropriately Downloaded Documents
Healthcare Info Security

IT Professionals Underestimate Impact of Business Partner Security

In a new study, 81 percent of IT professionals reported being confident in their ability to protect sensitive customer data.
Security Magazine

Chief Risk Officers Needed to Battle Rising Corporate Espionage

A growing number of organizations are adding a new member to the C-suite—the chief risk officer (CRO)—and the rise of these executives is having a direct impact on the security programs at enterprises.
CSO Online

After Brussels Attacks, Airports Look to Israel for Tips on Security

Security agencies around the world are taking cues from Israel regarding airport security strategies.
USA Today

Imagining The Ransomware Of The Future

Cisco Talos Labs researchers recently released a report describing ransomware that can encrypt and lock 800 servers, 3,200 workstations, and the vast majority of an organization's data in one hour.

Compliance Executives Nervous as Regulatory Climate Shifts

DOJ and SEC statements driving CCO concerns over changes in compliance regulations and scrutiny
Security Magazine

Nike Shoes Among Most Counterfeited Goods in the World

The market for fake goods is on the rise, with international trade in counterfeited or pirated products valued almost a half a trillion dollars.
Security Magazine

The 50 most violent cities in the world

Latin America holds the undesirable distinction of having the most cities on the Mexico Citizens Council for Public Security's annual ranking of the world's most violent cities.
Business Insider

Former FPL Manager Accused of Trading Nuclear Secrets in Chinese Spy Case

Federal court records reveal that a former manager with Florida Power & Light (FPL) traded nuclear information for cash to help one of China's nuclear power companies.
Miami Herald

Only a Third of Companies Know How Many Vendors Access Their Systems

The average company's network is accessed by 89 different vendors per week, according to a recent report by Bomgar.
CSO Online

Why One Cybersecurity Firm Says China Has Soured on Conventional Hacking

In September 2015, U.S. President Barack Obama and Chinese President Xi Jinping announced that had reached a deal to end state-supported hacking of corporate records for economic benefit.
The Wall Street Journal

9 Years Prison, $1.7 Million Fine For Malicious Insider

A former IT engineer for a Dallas law firm was sentenced to 115 months in prison and ordered to pay $1.697 million in restitution for a destructive computer attack he committed against his former employer in 2011.

Manufacturers Suffer Increase In Cyberattacks

The manufacturing sector is now one of the most frequently hacked industries, second only to healthcare, a new report says.

FBI Warns Of Business Email Fraud Spike

FBI warns US companies about rising email scams that have cost businesses up to $2.3 billion since 2013

Captives See Growth for Terrorism Risk

Captives can cover risks excluded from conventional terrorism policies and cover the potential gap under the Terrorism Risk Insurance Act.

Shootings overtake bombings

Mass shootings in public places have overtaken bombings as the major terrorism threat, with IS-linked attacks striking within Western countries, according to Aon.

Toyota, Other Major Japanese Firms Hit by Quake Damage, Supply Disruptions

This is the second time this year Toyota has been affected by a global supply chain disruption.

Event Security Tips and Tactics For Public Safety Officers

Making a security plan for events, practicing it and changing it according to new technology is the only way to ensure execution.
Campus Safety Magazine

Senate Passes Bill to Boost Travel Security After Brussels

The Senate on Tuesday overwhelmingly approved legislation that would boost domestic travel security in the wake of the Brussels attacks and authorize the programs of the Federal Aviation Administration through September 2017.

Government Reveals Details About Energy Grid Hacks

Hackers have stolen sensitive information from American energy companies -- and have planted malware in the energy grid with the intent to turn off the lights in the future.
CNN Money

Drug Fraud Scheme Includes Criminal HIPAA Violations

A former pharmaceutical district manager faces sentencing in July after pleading guilty to criminal HIPAA violations for his part in a complex fraud scheme involving drug maker Warner Chilcott.
Bank Info Security

6,013 Breaches Reported in the U.S. Since 2005

The Identity Theft Resource Center (ITRC) has seen a 397 percent increase in data exposure incidents across financial services, business, education, government, and healthcare sectors since it began monitoring and tallying U.S. security breaches in 2005.
Help Net Security

Pentagon Doesn't Have its Ducks in a Row When it Comes to Protecting US Infrastructure, Says GAO

Pentagon doesn't have its ducks in a row when it comes to protecting US infrastructure, says GAO
Fierce GovernmentIT

New Yorker sentenced to 16 years for trying to buy ricin

t was a scary scenario: Chinese national Cheng Le, living in New York City, attempted to order ricin through the so-called dark Web.
Homeland Security News Wire

Smartphone App Lets Anyone Report ‘Suspicious People’ In ‘Transitional’ St. Louis Neighborhood

A wealthy New Orleans real estate developer has created “Uber for cops,” an app that allows anyone with a smartphone to report nonviolent criminals, drug dealers, homeless people and others they feel may be “suspicious.”

The past, present, and future of ransomware

The rise of ransomware over the past year is an ever growing problem.
Homeland Security News Wire

Unusual Ploy in Anthem Breach Case Fails

A recent federal court ruling against a bold motion by health plan Anthem Inc., which is fighting a consolidated class-action lawsuit in the wake of its massive data breach, spotlights some of the very complex questions that are at the center of many data breach cases.
Healthcare Info Security

Fracking linked to most induced earthquakes in western Canada

A survey of a major oil and natural gas-producing region in Western Canada suggests a link between hydraulic fracturing or “fracking” and induced earthquakes in the region.
Homeland Security News Wire

Fracking-related quakes make central U.S. as vulnerable as California to tremor damage

For the first time, new USGS maps identify potential ground-shaking hazards from both human-induced and natural earthquakes.
Homeland Security News Wire

Ransomware: Is It Ever OK to Pay?

Many security experts urge organizations to prepare defenses against ransomware infections, as well as backup recovery strategies, so they don't have to answer that question (see Ransomware Epidemic Prompts FBI Guidance).
Bank Inf Security

FBI, DHS warn grid operators about cyber threats to power grid

The FBI and DHS are warning infrastructure operators about the potential cyberattacks on the U.S. power grid.
Homeland Security News Wire

Microgrids to enhance diversity, reliability, resilience

For more than 100 years, the United States electrical grid operated on a one-way delivery model: power generation, transmission, and distribution in response to user demand.
Homeland Security News Wire

ISIS uses mustard gas against Syrian forces in battle for airport

ISIS has used mustard gas against Bashar al-Assad’s forces in battles at a key airport in eastern Syria.
Homeland Security News Wire

Do Workers Have a False Sense of Security? New CareerBuilder Survey Looks at Security in the Workplace

While some workplace disasters can be avoided – such as oversleeping for a meeting or missing a major deadline – others are beyond anyone's control.
PR Newswire

Cyber-Execs: Expect a Cataclysmic Cyber-Terror Event Within 2 Years

Terrorists are capable of launching a catastrophic cyberattack on the U.S., and could do so within the upcoming year, according to 63 percent of respondents to a recent Thycotic survey.
info security

Worst-Case Scenario for Grid Outage Due to Cyberattack Is One to Two Weeks: NERC

The North American Electric Reliability Corp. (NERC) said that physical attacks on electric substations are potentially more damaging than a cyberattack.
The Wall Street Journal

Zika virus “scarier than we initially thought”: U.S. health officials

Dr. Anne Schuchat from the Centre for Disease Control and Prevention (CDC) said the Zika virus is more of a threat than previously thought.
Homeland Security Newswire

The past, present, and future of ransomware

The rise of ransomware over the past year is an ever growing problem.
Homeland Security News Wire

Privacy advocacy groups ask NSA to halt changes to data sharing rules

More than thirty organizations sent a letter to the Director of National Intelligence and the Director of the National Security Agency, urging them to halt reported changes to the rules governing when and how the NSA can share the data it collects through overseas surveillance.
Homeland Security News Wire

Business Interruption due to a Breach is Top Cyber Risk Concern

Business interruption due to a breach is top cyber risk concern, according to Aon’s 2016 Captive Cyber Survey Report.
Security Magazine

Study Finds U.S. Universities Failing in Cybersecurity Education

A new study has found that not one of the top 10 U.S. computer science programs (as ranked by the U.S. News & World Report in 2015) requires a single cybersecurity course for graduation.
Security Magazine

FBI, DHS warn grid operators about cyber threats to power grid

The FBI and DHS are warning infrastructure operators about the potential cyberattacks on the U.S. power grid. The FBI and DHS have launched a nationwide campaign to alert power companies and security firms, a campaign which includes briefings and online Webinars.
Homeland Security News Wire


Relax. After reports surfaced last month that dozens of private airline employees may have had terror ties, Homeland Security Secretary Jeh Johnson this week set the record straight: “It’s not that they’re suspected terrorists.

MSP wary of too little staffing for beefed-up airport security

The U.S. Senate vote to buttress security at the nation's airports comes as the Twin Cities airport is still reeling from long waits in March for screening.

Credential exchange enabled on DHS info sharing network

Federal, state and local government users of the Homeland Security Information Network now have a simpler way to verify their identities for secure information sharing.
GCN Magazine

Ransomware Will Spike As More Cybercrime Groups Move In

Look for a sharp uptick in the quantity and quality of ransomware this year as more organized cybercrime groups employ ransomware, thanks to the huge success other criminals have had monetizing these attacks, security experts say.

5 Strategies to Mitigate the Impact of Workplace Violence

Workplace violence is an issue that is beginning to get more attention, but remains underreported and misunderstood.
Security Magazine

NIST Cybersecurity Framework Adoption Hampered By Costs, Survey Finds

Security pros consider the NIST framework an industry best practice, yet half of its adopters say its complete implementation involves a high level of investment.

Cybercrime: A Black Market Price List From The Dark Web

There's no better lesson in the mechanics of a free market than watching a black market at work.

Should airports move security checkpoints further out to prevent terror attacks?

Two terrorist bombings inside Brussels' airport terminal Tuesday is prompting talk of moving security checkpoints outside such buildings in the United States.
Security InfoWatch

2 more Southern California hospitals attacked by hackers using ransomware

Two more Southern California hospitals have been attacked by hackers who infiltrated their computer systems with ransomware and demanded payment to unlock the data, officials said.
Security InfoWatch

Data security concerns fuel IT investment decisions

According to the results of a recent survey sponsored by IT services provider Datalink and conducted by IDG Research Services, 70 percent of companies now rank data security as their top priority when it comes to investing their IT dollars.
Security InfoWatch

Verizon Confirms Breach Affecting Business Customers

Verizon Enterprise Solutions, which regularly assists clients in responding to data breaches, admits it's suffered its own breach, reportedly affecting 1.5 million business customers.
Data Breach Today

7 Iranians Indicted for DDoS Attacks Against U.S. Banks

The Justice Department has unsealed indictments against seven Iranians - allegedly working on behalf of the Iranian government, including the Iranian Revolutionary Guard Corps, a branch of Iran's armed forces - who are suspected of conducting distributed denial-of-service attacks against dozens of American banks as well as attempting to seize control of Bowman Dam outside New York City.
Data Breach Today

Hospital Ransomware Attacks Surge; So Now What?

Ransomware attacks against hospitals are becoming commonplace this year, with at least five incidents revealed in recent weeks.
Data Breach Today

Silicon Valley: Crypto Debate Continues

Despite the recent move to put the FBI-obtained court order against Apple on hold, the crypto debate is far from over.
Data Breach Today

Brussels Attacks Raise New Worries About Travel Security

The explosions that rocked a publicly accessible part of Brussels’ main airport Tuesday reignited an aviation-industry debate over whether airports can be better secured, and at what cost to travel.
Wall Street Journal

U.S. Says ‘Outside Party’ Could Unlock Terrorist’s iPhone

Government testing a way to unlock the phone of San Bernardino gunman Syed Rizwan Farook without Apple’s help
Wall Street Journal

Small banks face the greatest risk from hackers

Cyberattacks on the country’s largest banks, from JPMorgan Chase & Co. to Bank of America Corp., grab the headlines.
Boston Globe

5 Strategies to Mitigate the Impact of Workplace Violence

Workplace violence is an issue that is beginning to get more attention, but remains underreported and misunderstood.
Security Magazine

Cubs up the Security at Wrigley Field

The Cubs will open Wrigley Field to fans two and a half hours before game time for the home opener on April 11 because of new security measures.
Security Today

Brussels Attacks Spotlight Need for More Security at Nuclear Plants

The world can talk about nothing other than the security of our transit systems since the attacks on a Belgian airport and metro station, but through the transit chatter comes a new vulnerability that has security experts worried: nuclear plants.
Security Today

Hospital Falls Victim to Hackers

Hackers continue to take advantage of the weak security systems hospitals have in place. This time, it was Methodist Hospital in Kentucky.
Security Today

Case Study: A Community Bank Deploys Biometrics

Cambridge Savings Bank, a $3.2 billion community institution in Massachusetts, is incorporating biometrics into its online and mobile banking platforms as a way to limit, and in some cases remove, the need for username and password authentication.
Bank Info Security

OIG: VA Must Address InfoSec Weaknesses

A watchdog agency's audit of the Department of Veterans Affairs makes nearly three dozen recommendations for how the VA should address "material weakness" in its information security program, ranging from issues concerning identity and access management to incident response.
Bank Info Security

POS Remote Access: A Worry for Merchants

Risks posed by third parties are an ongoing problem for U.S. merchants because some point-of-sale vendors are overlooking basic security measures.
Bank Info Security

Former National Security Adviser, Ex-IBM CEO to Head Obama's Cybersecurity Panel

Tom Donilon, Sam Palmisano Tapped to Lead Commission on Enhancing National Cybersecurity
Bank Info Security

University encourages students to network on campus to avoid extremism

Groups of violent extremists attempt to recruit teenagers and young adults who show signs of vulnerability, according to an interactive FBI website shared by the University of Texas Police Department on Facebook.
The Daily Texan

Hacker Reveals Personal Information of Miami Cops, Judges

You would think that police have enough to worry about, but in Miami they now frightened by the idea that their personal information is now searchable online.
Security Today

TSA Prepares for Millions of Spring Break Travelers

Transportation Security Administration (TSA) is trying to keep up. The problem only gets worse in the month of March, the month of Spring Break.
Security Today

Drones to be Banned at U.S. Open

The United States Golf Association and Homeland Security officials would like to prohibit the use of drones in and around the Oakmont Country Club in Plum, a suburb of Pittsburgh, Penn. in an effort to prevent possible terrorist attacks and vandalism during the U.S. Open.
Security Today

Feds Counter Apple's Arguments Over iPhone 'Backdoor'

In a filing rebutting Apple's appeal of a court order requiring the company to help the FBI unlock the iPhone used by a shooter in the San Bernardino massacre, the Justice Department says Apple's rhetoric is "false" and "corrosive" to the institution that safeguards Americans' liberty and rights.
Data Breach Today

Encryption Compromise: A Fleeting Dream

The U.S. Justice Department's appeal of a court order that the government can't compel Apple to unlock an iPhone used by an accused drug dealer is significant because it sets in motion a process that could lead to a Supreme Court ruling on whether mobile device makers must give law enforcement a backdoor to circumvent encryption.
Data Breach Today

VA Gov. McAuliffe on Cybersecurity

Virginia Gov. Terry McAuliffe has a message for state leaders across the nation: Cybersecurity has to be a top item on their policy platforms. And, by the way, he very much intends to make Virginia the cyber capital of the United States.
Data Breach Today

Selecting the Right Sized Integrator for your Enterprise

Smaller integration firms are quickly filling the gaps left by national integration giants, often with custom-tailored and flexible security systems. Which one is right for your enterprise?
Security Magazine

Why Doodling Trumps Text Passwords

Rutgers University researchers have performed the first study of free-form gesture passwords for smartphones in the field.
Security Magazine

Home Depot Will Pay $19.5 Million for 2014 Data Breach

Home Depot agreed to pay at least $19.5 million to compensate U.S. consumers harmed by a 2014 data breach affecting more than 50 million cardholders.
Security Magazine

Report Highlights Supply Chain Issues

A new report highlights the issues facing supply chain executives. The report, from APICS and Michigan State University, investigates the current business practices of more than 50 supply chain organizations and identifies critical issues.
Security Magazine

Only 1 in 7 CISOs has Access to the CEO

Cybersecurity is now front and center on organizations’ boardroom agendas, but most CISOs have yet to earn a seat at the table.
Security Magazine

The Evolution of Crisis Communications in the Social Media Age

Establishing your enterprise as a trusted source of information during an emergency now demands the savvy use of social media.
Security Magazine

Automakers In The Hotseat For Vehicle Cybersecurity

As new-model vehicles increasingly come equipped with third-party applications and Internet connectivity, the majority of consumers say the car manufacturers are liable for the safety and security of their cars.

OpenSSL flaw disclosure: Right thought, wrong time

The researchers who recently disclosed the OpenSSL vulnerability could have waited for the update to be available first.

U.S. captures head of ISIS chem weapons unit; targets ISIS chem weapons

U.S. Special Forces operating in Iraq captured the head ISIS chemical weapons unit.
Homeland Security News Wire

Judge sides with Apple over feds in New York

A federal magistrate-judge in New York City has ruled that the U.S. government can't force Apple to hack an iPhone to investigate a drug dealer.

Cyber Impact - Why physical and IT security are converging

In essence, physical security is now converging with IT security. With today’s technology evolving at blinding speed, this blurring of the boundaries was inevitable.
Security Today

Honeywell Acquires RSI Video Technologies

Honeywell announced that it has acquired privately held RSI Video Technologies (RSI), a leading global provider of intrusion detection systems for commercial and residential security applications under the brand Videofied®, for approximately $123 million.
Security Today

Euro 2016 Security Budget Increased After Paris Attacks

The organizers of Euro 2016, the European men’s football championship, have increased the budget for the tournament by 15 percent in the aftermath of the Paris terrorist attacks.
Security Today

Selecting the Right Sized Integrator for your Enterprise

Smaller integration firms are quickly filling the gaps left by national integration giants, often with custom-tailored and flexible security systems. Which one is right for your enterprise?
Security Magazine

Payment Data Breach Risks Increase as New Payment Methods Emerge

Fifty-four percent of respondents in The Global Study on the State of Payment Data Security, conducted by the Ponemon Institute on behalf of Gemalto, have had a security or data breach involving payment data an average of four times in the past two years.
Security Magazine

Pentagon to tap private industry for background check IT system

WASHINGTON (Reuters) - The U.S. Defense Department plans to hire private contractors to develop a $600-million-plus computer system for a new background check agency being set up after a security breach last year exposed the personal data of nearly 22 million people, a top official told Reuters.
Yahoo Finance

Recognizing and overcoming insider threats

Cyber attacks can come from anywhere. It could be a nation state trying to unlock your recent break-through in advanced manufacturing techniques or perhaps a competitor trying to discover your sales prospect list.
SC Magazine

US DoD funds Carnegie Mellon project to hack Tor

Researchers at Carnegie Mellon University (CMU) were behind an attack on Tor that was used to identify cyber-criminals, according to claims by the Tor project backed up a court filing.
Sc Magazine

Microsoft security technology used to disable itself

Microsoft's Enhanced Mitigation Experience Toolkit (EMET) is a free security tool that provides Windows and applications with an extra layer of security. It should make it difficult for hackers to attack both known and unknown vulnerabilities in the operating system, installed programs or plug-ins.
SC Magazine

Mega Mess: Records Escape from Disposal Truck

While hacker attacks increasingly pose threats to the electronic patient data held by healthcare sector organizations, yet another healthcare provider has reported a major breach involving the improper disposal of paper and film records.
Data Breach Today

DHS Issues Guidance on How to Share Cyberthreat Data

Seeing Is Believing: Visualizing Best Ways to Share Threat Info
Data Breach Today

Career boost: Break into data science

The high demand for data scientists has many IT pros contemplating a lucrative career shift.

Exclusive: Go inside a security operations center

A tour of managed security services provider Alert Logic reveals how proactive monitoring detects breaches and accelerates incident response.

Developers: APIs are crucial to business, but tough to get right

A survey of API developers claims security, customer satisfaction, and speed of deployment are among the biggest challenges.

Taking Situational Awareness to a New Level: Innovation, Technology and Citizen Stakeholders

Situational awareness solutions and Actionable Intelligence®are two pieces of the overall security picture. Collecting the data is simply not good enough in today’s environment.
Security Magazine

Anatomy Of An Account Takeover Attack

How organized crime rings are amassing bot armies for password-cracking attacks on personal accounts in retail, financial, gaming, and other consumer-facing services.
Dark Reading

Breach Stats: Improving From Abysmal To Just Awful

IT organizations are getting better at identifying data breaches more quickly and breach statistics are seeing ever-so-slight improvements, according to two new reports out this week.
Dark Reading

The Police Foundation Releases Use-of-Force Infographic

Police use of force is a topic of considerable concern today. The Police Foundation adds to the discussion by releasing an infographic intended to educate the public by visually describing the complex considerations that determine when police use of force is lawful, even when it may appear otherwise.

In cybersecurity bid, Obama wants to retire outdated government systems

The White House says it's working to increase the security of the federal government's computer and data systems after high-profile hacks at various agencies, including a recent breach at the Justice Department.

These are the 20 most dangerous cities in the world, in one map

Caracas in Venezuela is the most violent city in the world, according to an annual report by the Mexico Citizens Council for Public Security.

Coercing Companies to Name Security-Savvy Directors

Bipartisan legislation before Congress, if enacted, could put pressure on publicly traded companies to add individuals with cybersecurity expertise to their boards of directors.
Gov Info Security

Roadmap for Identity Management in the Modern Organization

oin Brad Zehring from Centrify as he explores use cases for the modern enterprise and demonstrates how privileged identity management as a service delivers: Secure access for remote employees; Controlled access for outsourced IT (without managing more identities);Centralized management of privileged identities across cloud, mobile and datacenter
Bank Info Security

Only 11% of Corporate Directors Say Boards Have High Level of Cyber-Risk Understanding

Recent breaches showcase a growing need for cyber-risk oversight in the boardroom
National Association of Corporate Directors

Security Pros Worried About Stolen Credentials, Alert Volumes

A rapid7 report released Wednesday revealed most security organizations receive more alerts than they can handle, and that organizations are concerned about spotting stolen credentials.
CSO Online

Some Officers Bristle at Recall of Military Equipment

The Obama administration has issued hundreds of notifications to law enforcement agencies, telling them to give back various federal surplus military equipment by April 1.
New York Times

Anonymous' Targets Michigan, Activates #OpFlint

The Anonymous hactivist group has launched the "OpFlint" campaign, promising online attacks directed toward Michigan Gov. Rick Snyder's administration in response to the Flint water emergency.
Government Technology

What is the dark net, and how will it shape the future of the digital age?

The dark net has continued to make headlines over the last decade as a mysterious part of the internet where criminals lurk and engage in illegal activities, all from the privacy of home computers.
ABC News

DHS: Social Engineering Is a Persistent Threat for Agencies

Social engineering continues to be instrumental for successful intrusions of information technology systems, especially as the Internet continues to provide more entry points, according to a Dec. 16 advisory from the U.S. Department of Homeland Security's National Cybersecurity and Communications Integration Center (NCICC). In addition, successful intrusions only provide more incentives for follow-up social engineering projects.

Courts Poised to Reshape Landmark Computer Crimes Act

Federal judges this year are expected to rule in four cases that could determine what behavior should be prosecuted under the Computer Fraud and Abuse Act and what penalties those convicted of violations should face.
Politico Pro

Faulty Ransomware Renders Files Unrecoverable, Even By the Attacker

A cybercriminal has developed a ransomware program based on proof-of-concept code released online, but made a mistake on the implementation, causing victims' files to be completely unrecoverable, according to Trend Micro researchers.

Most Americans support smart guns: Survey

Nearly 60 percent of Americans, if they buy a new handgun, are willing to purchase a smart or childproof gun — a weapon that is only operable in the hands of an authorized user — new Johns Hopkins Bloomberg School of Public Health-led research suggests.
Homeland Security News Wire

How dangerous people get their guns

The San Bernardino massacre is unique in several respects, but it does bring into focus an important issue with broad relevance: how do dangerous people obtain guns, and what should the police and courts be doing to make those transactions more difficult?
Homeland Security News Wire

Murders Jumped 6 Percent in First Half of 2015, FBI Says

Murders rose 6.2 percent in the first half of 2015, according to new data from the FBI. Violent crime increased 1.7 percent and property crimes decreased 4.2 percent.
Wall Street Journal

A breach is coming -- is your agency ready?

Information security incidents involving federal agencies rose from 5,503 in fiscal 2006 to 67,168 in fiscal 2014, according to the Government Accountability Office.
Federal Computer Week

Cybercriminals Will Remain Victorious in 2016, Relief Expected in 2018

In 2016, a more diverse group of criminals will display a greater variety of motives and desired destructive outcomes as they attack traditional targets, such as financial services, retail, and government agencies, as well as non-traditional ones, including power plants, consumer sites, and applications.

5 Accused of Stealing Drug Secrets From GlaxoSmithKline

Five people, including two research scientists, were indicted by federal prosecutors in Philadelphia on charges of stealing trade secrets about drugs to treat cancer and other diseases from British drug giant GlaxoSmithKline.
New York Times

Hacked casino sues cybersecurity firm

Affinity Gaming is suing Trustwave, the cybersecurity firm it hired, in a lawsuit that appears to be the first of its kind.
The Hill

Energy Will Fund $23M in Cybersecurity Research

The Department of Energy announced it will award $23 million for electricity grid cybersecurity research and development.
Politico Pro

Hackers Love the Internet of Things Because Security Doesn't Sell Toasters

The process of breaching Internet of Things (IoT) devices is sometimes uncomfortably easy for experts.

Beware the Millennials: New Year Brings Need for New Security Measures

Millennials account for one-third of the US workforce, and with that comes alarmingly poor security habits.
Government Health

On The Books

Threat assessment teams are in place at most universities to investigate concerning behavior or potentially dangerous situations.
Security Today

The 'Mind-Boggling' Risks Your City Faces From Cyberattackers

Every year, the U.S. Federal Emergency Management Agency asks states to rank how prepared they are for various sorts of disasters.

Tackling mental illness early: the people being taught to spot warning signs

Thousands are being trained to offer timely help to those at risk, including teenagers, corporate lawyers and firefighters
The Guardian

Police crisis-intervention training helps improve odds everyone goes home safe

Training in how to approach such people can improve the odds that everyone will walk away safe. - See more at: http://www.vindy.com/news/2016/jan/23/warren-police-receive-crisis-interventio/#sthash.yrIyGQE7.dpuf

Cyber Insurance for Business Continuity

Cyber insurance covers more than the cost of breaches of data privacy; it can play a role in protecting against the cost of a cyberattack that disrupts business operations, explains insurance specialist Tim Burke.
Bank Info Security

Survey: 2 in 3 School Public Safety Departments Don't Have Enough Staff

K-12 respondents of Campus Safety magazine's 2015 Salary Survey echo many of the pay, department staffing levels, and weapons status trends revealed by college and hospital protection professionals. Schools and school districts are paying their novice sworn and nonsworn officers more than they did in 2011, when Campus Safety conducted its previous salary survey.
Campus Safety Magazine

Chicago's 'Run and Hide' Aviation Cops Ask Mayor for Guns

The union representing aviation police officers at Chicago's two airports is requesting permission for officers to carry guns. Matt Brandon, secretary-treasurer of Local 73 of the Service Employees International Union, sent a letter to Mayor Rahm Emanuel asking that permission be granted because aviation police officers (APOs) are an "integral part of the security of these airports."

Rarely Patched Software Bugs in Home Routers Cripple Security

Despite patches and fixes, recent events have shown that there can still be bugs in the system once they have been released into the world.
Wall Street Journal

Cyberattacks Against Critical Manufacturers Nearly Doubled in 2015: Government Report

Cyberattacks on the nation's critical manufacturing sector nearly doubled in the year ending Sept. 30, 2015, according to the Department of Homeland Security's Industrial Control Systems Cybersecurity Emergency Response Team, or ICS-CERT.
The Washington Times

Self-drive cars ready to overtake

German car maker Mercedes-Benz has unveiled the world’s first mass-produced vehicle that can automatically speed up and change lanes to overtake a car after the driver presses a button — and can be driven with hands off the steering wheel for roughly a minute, even on roads without lane markings.
Weekly Times

The Stalking and Harassment Assessment and Risk Profile (SHARP)

Even if law enforcement isn't calling it stalking, officers are responding to many stalking-related incidents.
Police Chief Magazine

Cybersecurity as a Competitive Advantage

Cybersecurity strategies must align with business objectives, but that's difficult because most boards of directors don't understand security, says Lance Hayden, managing director at the consultancy Berkeley Research Group.
Bank Info Security

Cyber Literacy is a Two Way Street: CISOs, CEOs Have Much to Teach Each Other

Most experts agree that the majority of CEOs and other executives have basic cyber awareness, but are limited in their knowledge of cybersecurity and imminent threats
Wall Street Journal

Does a data breach really affect your firm’s reputation?

A data breach is a public relations and financial disaster. Companies often spot the intrusion too late, and respond inadequately, resulting in falling sales and journalist outrage.
CSO Online

Europe Sets Up Digital ‘SWAT’ Team for Aviation Cyber Threats

Patrick Ky, Europe's top air safety official, said he is hiring a group of high-level computer experts to combat looming cyber threats to aviation.
Wall Street Journal

The most innovative and damaging hacks of 2015

This past year saw several major hacking incidents that illustrated the never-ending arms race between hackers and security professionals.

White House Preps 'Blue Skies' Plan on Cybersecurity

The National Security Council is preparing "Blue Skies," a far-reaching cybersecurity effort that calls for creating an elite cybersecurity squad to assist federal agencies in emergencies, augmenting the government's ranks of security specialists, and replacing obsolete systems.
Politico Pro

Online collaboration technologies may be exposing more than realized

While the benefits of externally hosted collaboration technologies are generally acknowledged, there are a number of risks and security threats that are usually neither well-understood nor formally accepted.
Government Computer News

Campus Standards

Colleges and universities encounter distinct challenges when faced with the task of standardizing security protocol, procedures, and technologies.
Security Today

Cisco Reports Rapid Rise of Unauthorized Cloud Usage

New data from Cisco Systems Inc. suggests that employees route around corporate networks to a startling extent, posing risks for security and data governance.
Wall Street Journal

Pharmacy Delivery Vans Targeted by Drug Thieves

Delivery vans that transport prescription painkillers from warehouses to pharmacies and hospitals are the targets of an escalating number of thefts across the country, STAT has learned.

Essential Traits of Successful CISOs

What's it take to be a successful CISO? Mark Dill, former longtime information security director at the Cleveland Clinic, says it comes down to being patient, persistent and perceived as practical.
Career Info Security

The Four Big Problems With Security Metrics

Metrics can be very useful, but only if they track the things that matter.

Project 'Gridstrike' Finds Substations To Hit For A US Power Grid Blackout

Turns out free and publicly available information can be used to determine the most critical electric substations in the US, which if attacked, could result in a nationwide blackout.

ISIS instructs Western followers on how to avoid detection by police

ISIS is a sophisticated terrorist organization, as its savvy use of social media shows.
Homeland Security News Wire

U.K. unprepared for terror attacks outside London: Experts

Security experts in the United Kingdom have expressed concerns about whether the United Kingdom has sufficient resources to respond to acts of terrorism outside of London.
Homeland Security News Wire

5 Security Trends to Watch in 2016

2015 was a record year for information and cyber security. Dozens of new vulnerabilities were uncovered, and government organizations, businesses and individuals continued to find themselves victim to high-profile data breaches.
Security Today

Survey Says a Quarter of Companies Would Pay Ransom to Hackers

Nearly a quarter of companies (24.6%) say they would be willing to pay hackers a ransom to prevent a cyberattack, a new survey finds.
Security Magazine

Modest Growth in InfoSec Employment

Ignorance isn't bliss when mulling IT security employment numbers. Reliable data specifying the number of people employed in the United States in the cybersecurity field is hard to find.
Data Breach Today

Fitbit Hack: What Are the Lessons?

Hackers have reportedly gained access to the accounts of dozens of Fitbit wearable fitness device users.
Data Breach Today

Flaw allows malicious OpenSSH servers to steal users' private SSH keys

Qualys researchers have discovered two vulnerabilities in the popular OpenSSH implementation of the secure shell protocol, one of which (CVE-2016-0777) could be exploited by attackers to extract users' private cryptographic keys.
Help Net Security

250 Hyatt hotels around the world hit with PoS malware

In late December, the Hyatt Hotels Corporation announced that they found malware on computers that operate the payment processing systems for Hyatt-managed locations, but offered no details about how long the compromise went on and which hotels have been affected.
Help Net Security

CWA hackers breached US DNI Clapper's email, broadband account

Crackas With Attitude (CWA), a group of hackers with a pro-Palestinian agenda, have hit another high-rank US intelligence chief.
Help Net Security

Compromised credentials a leading concern for most security pros

90% of organizations are worried about compromised credentials, though 60% say they cannot catch these types of attacks today, according to a new survey by Rapid7. 62% of organizations are receiving more alerts than they can feasibly investigate.
Help Net Security

Chipotle to close all restaurants on Feb. 8 for food safety meeting

Chipotle is shutting down all of its stores nationwide for a few hours next month to hold a national staff meeting about food safety.

93 Percent of Corporate Security Officials Say Human Behavior Presents Greatest Threat

According to a recent report based on in-depth interviews with 28 corporate security officials, 93 percent of respondents said human behavior presents the biggest threat to their organizations' security, up from 88 percent in a similar survey in 2014.
eSecurity Planet

How Effective Are Existing University Emergency Operations Plans?

Eighty-six percent of respondents in the Margolis Healy Campus Safety Survey 2015indicated that their university has developed an emergency operations plan that addresses threats specific to their institution. However, only 54.7 percent said their university had conducted a comprehensive hazard and vulnerability assessment, which is often instrumental in developing an effective all-hazards emergency operations plan.
Security Magazine

Beyond Compliance, Utilities Remain Vulnerable

While utility enterprises are taking steps to detect and deter physical security threats, preventing damage and enabling recovery remain significant challenges, according to The State of Physical Grid Security 2015.
Security Magazine

Identity Thieves' Methods and Demographics are Changing

As identity theft and fraud become major moneymakers for criminals, the profile of a typical identity thief is changing.
Security Magazine

De-anonymizing code authors by analyzing executable binaries

A group of researchers that have previously proven that it's possible to de-anonymize programmers by analysing the source code of programs they have created, have now demonstrated that a good result can be also be achieved by analyzing executable binaries of those programs.
Help Net Security

Ukranian Power Grid Hacked

A power blackout that recently affected about 1.4 million Ukrainians has been tied to an espionage Trojan called BlackEnergy.
Data Breach Today

Is OCR Scrutinizing Those with Multiple Breaches?

Is the agency that enforces HIPAA doing enough to make sure that organizations that have had multiple smaller health data breaches are taking steps to improve security?
Data Breach Today

2016: Year of Cyberthreat Info Sharing

For half a decade, Congress debated, but never enacted, cyberthreat information sharing legislation. Then, this past December, Congress approved and President Obama signed the Cybersecurity Act of 2015.
Data Breach Today

Tool improves government computer network security

Government agencies, along with state and local governments, could receive a helping hand from a computer network security tool developed by computer scientists and engineers at DOE’s Lawrence Livermore National Laboratory.
Homeland Security News Wire

Oregon siege: the U.S. militia movement is resurgent – and evolving

For several days now, a small group of armed men have occupied an office of the National Wildlife Refuge in southeastern Oregon, 300 miles from Portland.
Homeland Security News Wire

One Third of CEOs Aren't Regularly Briefed on Cyber Security Issues

A survey from Dimensional Research/CyberArk polled 304 global IT security professionals and found that one third of CEOs and 43 percent of management teams are not regularly briefed on cyber security issues.
eSecurity Planet

Terror attacks in Paris and California expose modern society’s lack of resilience

Our complex global society lacks resilience. The root cause of our vulnerability is the structure of the global economy: highly interconnected, complex, and filled with turbulence.
Homeland Security News Wire

FBI unable to break 109 encrypted messages Texas terror attack suspect sent ahead of attack

FBI director James Comey told lawmakers this week that one of the suspects in the foiled terror attack in Garland, Texas, in May had exchanged 109 messages with sources in a “terrorist location” overseas ahead of the attack.
Homeland Security News Wire

Rise of drug-resistant infections to cost millions of lives, trillions of dollars

Drug-resistant infections could kill an extra ten million people across the world every year by 2050 if these infections are not tackled.
Homeland Security News Wire

Concerns over attacks on the U.S. electrical grid increase after Paris attacks

In the aftermath of the 13 November attacks in Paris, U.S. government agencies involved with grid security and utilities are preparing to thwart a major attack on the U.S. electrical grid.
Homeland Security News Wire

Criminals acquire guns through social connections, not through theft or dirty dealers

Criminals are far more likely to acquire guns from family and acquaintances than by theft, according to two new studies.
Homeland Security News Wire

Police more likely to be killed on duty in states with high gun ownership: Study

Camden and Newark, New Jersey, are perceived as two of the most violent cities in the nation, yet New Jersey’s police officers are among the least likely to get shot on the job.
Homeland Security News Wire

Consumers Won't Shop with Breached Firms – Report

A survey by digital security firm Gemalto shows that about two-thirds of global consumers refuse to shop with a brand that experienced a data breach.
Infosecurity Magazine

Perimeter Inversion: Turning Digital Security Inside Out

Almost since its inception, digital security has followed a perimeter model, which may seem like the Maginot Line of cybersecurity. Now, however, as more time is spent outside the firewall, security must also go beyond it.
Dark Reading

Silicon Valley Faces Showdown as Lawmakers Fume Over Encryption

Lawmakers attending a briefing with FBI director James Comey expressed growing frustration Thursday as technology companies continue to resist Congressional efforts to curb encrypted communications.
Wall Street Journal

DARPA on the Hunt for 'Early Warning' Cyberattack Detection Technology

DARPA will gather potential proposers next week to give industry more information on its cyber threat monitoring needs in advance of solicitations under an agency announcement known as the Rapid Attack Detection, Isolation and Characterization, or RADICS, program.

NIST Wants More Feedback on Cybersecurity Framework

The U.S. National Institute of Standards and Technology (NIST) wants more information on how its cybersecurity framework is being used by the private sector and what changes could be made to improve it in the future.

Terrorist Activity in 2015 Causing Spike in Travel Anxiety - Report

A survey from the Chief Marketing Officer Council, the GeoBranding Center, and AIG Travel has found that one out of four travelers altered plans this year due to safety, security, or health concerns.

10 Critical Protocols for Enhanced School Terrorism Preparedness

There are several emergency preparedness measures that can enhance the ability of school and public safety officials to respond to potential terrorist attacks.
Campus Safety

U.S. Cyber Criminal Underground a Shopping Free-For-All

A new report indicates that the cyber criminal underground in North America are more like a shopping mall than a covert, secretive operation.

Congress Eyes Social-Media Companies as Terror Fears Mount

Under a bill introduced by lawmakers on Tuesday, social-media companies would be required to report terrorist activity on their sites.
Wall Street Journal

US Security Companies See Uptick In Demand After Mass Shootings

Following last week’s shooting in San Bernardino, California, U.S. security companies are seeing a hike in demand for their services.
International Business Times

Top Malware Families Targeting Business Networks

Conficker, Sality, and Cutwail were the most common malware families being used to attack organizations' networks in October, according to Check Point.
Help Net Security

NYC to Provide Security Officers at Private Schools

New York City Mayor Bill de Blasio has agreed to a $19.8 million bill designed to improve school security.
Campus Safety Magazine

Feds to Roll Out New Terror Alert System

Federal officials announced on Monday they will unveil a new terror threat system in upcoming days.
The Hill

Study Finds Tight School Security Can Have Negative Consequences

Security measures in American high schools can have unintended consequences that hinder, rather than help students learn, according to a new study from the University at Buffalo titled "Student Suspensions and Arrests: The Role of School Security."
Security Magazine

NIST at Work on New Data Safety Guide

The National Institute of Standards and Technology (NIST) has launched a new project to help organizations prepare for and recover from data attacks.

How Often Do Mass Shootings Occur? On Average, Every Day, Records Show

On average, shootings that injured or killed at least four people in the United States occurred at a rate of about one a day this year, according to information compiled from news reports.
New York Times

Chinese Government Has Arrested Hackers It Says Breached OPM Database

The Chinese government announced it arrested a group of hackers allegedly responsible for the massive cyberattack on the Office of Personnel Management earlier this year.
The Washington Post

2015 Mass Shootings: Security Experts Advise Companies to Re-Evaluate Safety Following a Series of Deadly Attacks

Several mass shootings in America over the past year have occurred in workplace settings, prompting companies to take a second look at security systems to prevent employees from coming in harm’s way.

U.S. Can't Access NSA Phone Records in California Terror Case

The recent shutdown of the NSA mass surveillance program has prevented the FBI from accessing and analyzing five years' worth of phone records for the married couple blamed for the recent shootings in San Bernardino, Calif. Under the new USA Freedom Act, authorities were able to obtain only about two years' worth of calling records.
Associated Press

The Future of Information Security in the Government

A new report from Intel Security and the Digital Government Security Forum (DGSF) suggests the government and wider public services increasingly rely on robust information security to realize the benefits of the digital revolution over the next decade, characterized by an explosion of data.
Help Net Security

Post-Paris, a Fundamental Rethink of Corporate Security Is In Order

The recent attacks in Paris should push business leaders to incorporate security concerns into everyday operations, writes Bill Udell, a former CIA operations officer and the Los Angeles-based Senior Managing Director for crisis and security consulting at Control Risks.

Weaponized Docs Top Banking Threats: Invincea

Weaponized Microsoft Word documents were the most common threats discovered by cybersecurity firm Invincea in October, the company said in its latest trends report.
Credit Union Times

Are State and Local Governments Ready for CDM?

A recent study by the Ponemon Institute found that the cybersecurity posture of state and local governments falls short of that of federal agencies, especially when it comes to the ability to prevent, detect, contain, and recover from cyberattacks.
Government Computer News

The Role We Must Own

Unfortunately, campus shootings are not a new issue and the recent (or seemingly continual) spate of incidents reinforces the need to take a holistic approach to the risk, i.e., it is not a law enforcement issue alone.
Risk & Insurance

A decade of data breaches analyzed – what you can learn to protect your organization

Data breaches are commonplace and inevitable. And with the average cost of a data breach now calculated as $217 per lost or stolen record, the need to protect data has never been stronger.
IT Governance

The Role We Must Own

Unfortunately, campus shootings are not a new issue and the recent (or seemingly continual) spate of incidents reinforces the need to take a holistic approach to the risk, i.e., it is not a law enforcement issue alone.
Risk & Insurance

What is 'Sleeper Fraud,' And Why Must Banks Beware?

The surge in data breaches has left millions of consumer records and personally identifiable information compromised, giving fraudsters all they need to open fraudulent accounts aimed at scamming banking institutions out of big dollars.
Bank Info Security

Critical Infrastructure: Better Cybersecurity Metrics Needed

With the heightened threat of cyber-attacks on America's critical infrastructure, a congressional watchdog says federal agencies need to adopt better metrics to determine the cyber risks specific industries they monitor face.
Bank Info Security

Cybersecurity: The CEO's Responsibilities

Many CEOs and boards of directors are failing their companies by not truly understanding their cybersecurity risks, says Steve Durbin, managing director of the Information Security Forum, a global not-for-profit organization focused on cybersecurity and information risk.
Bank Info Security

Information Security Risk and the Need for Quantitative Ratings

Credit rating models transformed the way we do business and have existed for almost a century. Now, these same models are inspiring a new way of managing vendor security risk by using externally collected security data to assess and quantify security performance.
Bank Info Security

Moody's Warns Cyber Risks Could Impact Credit Ratings

Credit rating agency Moody's Corp. warns that cyber defenses as well as breach detection, prevention and response will be higher priorities in its analysis of the creditworthiness of companies across all sectors, including healthcare and financial services.
Bank Info Security

Security Breach at Toy Maker Exposes Data on Children

A maker of digital toys for children said it had been hacked, putting the personal information of five million people, including children, at risk.
Security Today

NSA Ends Bulk Phone Data Collection

At the end of November, the U.S. intelligence ceased its bulk collection of telephone metadata. Instead, the government will move to a more “focused and targeted” approach in gathering intelligence, the Office of the Director of National Intelligence said in a statement.
Security Today

BEI Security Announces SmartFence

BEI Security president David Iffergan announced the company will be releasing their new product, SmartFence, at the Hi-Tech Defense Industry Fair in Deajeon, South Korea from December 1 through the 4.
Security Today

Ohio Statehouse Adds Metal Detectors, Bans Backpacks

Metal detectors have been installed at three entrances to the Ohio Statehouse as part of increased security measures.
Security Magazine

OSHA Issues Tools to Help Prevent Workplace Violence in Healthcare

The Occupational Safety and Health Administration launched a new webpage to provide employers and workers with strategies and tools for preventing workplace violence in healthcare.
Security Magazine

Data Breach Forecast Global Predicts Cyberconflicts and Hactivism in 2016

Cyberattacks will continue to menace healthcare and other business sectors next year, according to the Experian Data Breach Industry Forecast
Security Magazine

Mobile Access Brings New Opportunities to Dealers and Integrators

With the growing adoption of mobile access control for physical security applications, smart cards and phones used as credentials are converging into centralized identity management systems.
Security Magazine

Target Reaches Settlement with Banks

Target Corp. has reached a proposed $39.4 million settlement with a group of banking institutions that sued the retailer over fraud losses and expenses suffered as a result of Target's December 2013 data breach.
Data Breach Today

Report: Insiders Still Top Breach Threat

While cyberattacks will continue to menace healthcare and other business sectors next year, organizations can't afford to overlook addressing risks tied to insiders, who are responsible for most data breaches, says Michael Bruemmer of Experian Data Breach Resolution.
Data Breach Today

China: Chinese Criminals Hacked OPM

The Chinese government concedes the attack on U.S. Office of Personnel Management computers emanated from China, but it contends the culprits were criminals, not individuals working for the Chinese government or military. Some experts in the United States aren't buying the Chinese government's explanation.
Data Breach Today

FEMA’s Decentralized IT Environment Overly Complex, Difficult To Secure, Costly To Maintain, IG Says

According to a new Department of Homeland Security (DHS) Inspector General (OIG), audit report, the Federal Emergency Management Agency’s (FEMA) information technology (IT) environment remains overly complex, difficult to secure and costly to maintain. While FEMA has made progress since the OIG’s 2011 information technology audit, much remains unresolved.
Homeland Security Today

Intelligence Officials Worried About Paris-Style 'Copy Cats;' Obama Says No Attack Indications

As US counterterrorism officials warned local law enforcement to be alert to individuals who appear to be scouting “soft targets” to attack, as well as a potential Paris-style attack by “copy cat” killers, President Obama assured that, “right now, we know of no specific and credible intelligence indicating a plot on the homeland."
Homeland Security Today

Global Terrorism Increased by 80% in 2014

A new report says that terrorism continues to rise, with over 32,000 people killed in terrorist attacks in 2014, the highest number recorded.
Security Newswire

Report Discusses The New Face of Identity Theft

A new report says that the five states with the largest number of identity theft offenders are Florida, California, Texas, New Jersey and Georgia.
Security Newswire

U.S. Stadium Security Expert Reacts to Paris Attacks

When terrorists attacked several locations in Paris last Friday night — including the Stade de France stadium where a friendly soccer match was taking place — U.S. venues immediately took notice.
Security Magazine

House Passes Bill To Address Glaring Aviation Security Gaps

the House passed legislation Tuesday that would require the Transportation Security Administration (TSA) to consult with the Aviation Security Advisory Committee (ASAC) before making any changes to the prohibited items list, which includes items such as knives and firearms.
Homeland Security Today

Will FTC Ruling Impact Future Data Security Cases?

Former FTC Attorney Discusses Implications of LabMD Case Dismissal
Data Breach Today

Why Fraudsters Have Shifted to 'Shimming' Attacks

As U.S. merchants shore up physical point-of-sale security by upgrading their terminals to accept EMV chip cards, attackers are turning their aim toward unattended self-service terminals, such as ATMs and self-service gas pumps.
Data Breach Today

Inside the largely unexplored world of mainframe security

The security of mainframe computers - the so-called "big iron", which is mainly used by large organizations for critical applications, bulk data and transaction processing - is not a topic that has garnered much interest from the public.
Help Net Security

Anonymous shutters 5.5K pro-ISIS Twitter accounts

On its #OpParis Twitter account, the activist group Anonymous claimed it took down 5,500 pro-ISIS Twitter accounts.
SC Magazine

NSA warns of growing danger of cyber-attack by nation states

The deputy director of the US National Security Agency (NSA), Richard Ledgett, has warned of the increasing danger of destructive cyber attacks by states.

The Average Organization Experiences 9 Insider Threats Each Month

Skyhigh Networks recently analyzed the actual cloud usage of 23 million employees, and found how user behavior puts organizations at risk and how catching and managing this behavior can help reduce the risk of data loss.
Help Net Security

What Can We Expect From 2016? A Growth in Online Extortion, Hacktivism and Mobile Malware

Trend Micro expects to see a more offensive posture taken toward cybersecurity in 2016, with government entities expanding legislation to a global defense model, which will allow for more successful arrests, prosecution and convictions
Help Net Security

Terror Threat Snapshot: Homegrown ISIS-Linked Arrests Increase

The House Homeland Security Committee has released its Terror Threat Snapshot for November, and the report shows that the global and U.S. threat posed by the Islamic State and ongoing conflicts around the world are on the increase.
In Homeland Security

Hacking of ‘Unregulated Data’ Poses Big Risk to Firms

There are several types of data, the storage and transmission of which, the government has decided to regulate. These include things like medical records or personally identifiable information.
Wall Street Journal

House Passes Bill to Prevent Security 'Insider Threats

Under legislation passed by the House Monday, the Department of Homeland Security (DHS) would be required to establish a program to identify and neutralize threats from rogue employees.
The Hill

Survey CISOs See Cybersecurity Progress

A new Southern Methodist University survey of 40 executives from across the public and private sectors, mostly chief information security officers, finds that support for cybersecurity is growing in organizations.

The 6 Types of Cyberattacks and Top 5 Defenses

The Department of Homeland Security's Gregory Touhill discussed the cyberthreats federal agencies are facing and best practices for defense after participating in a simulation of managing post-breach response.
Federal Times

In the Dark Over Power Grid Security

In his book "Lights Out," journalist Ted Koppel questions what would happen if the power went out in a number of states affecting millions of people.
Sunday Morning

SAFE Act Introduced to Protect Domestic Violence Survivors in the Workplace

Senator Patty Murray (D-WA) announced the introduction of the Security and Financial Empowerment (SAFE) Act of 2015, building on the Violence Against Women Act.
Security Magazine

2013 Attack on Metcalf, California Power Grid Substation Committed by “an Insider”: DHS

A 2013 sniper attack on a Metcalf, California energy grid substation may have been committed by someone on the inside, according to a senior DHS official.
Homeland Security News Wire

In our Wi-Fi world, the internet still depends on undersea cables

Not many people realize that undersea cables transport nearly 100 percent of transoceanic data traffic.
Homeland Security News Wire

The FBI isn't wrong; sometimes you will have to pay the ransom

Last week, during the 2015 Cyber Security Summit in Boston, Special Agent Joseph Bonavolonta said that the FBI's advice for some Ransomware attacks is to pay the ransom.
CSO Online

Study Highlights Poor Employee Security Habits

A new study on employee cybersecurity habits from CompTIA found that 17 percent of some 1,200 surveyed U.S. employees plugged an unfamiliar USB drive into their own devices.
Sc Magazine

Capital One Launches SwiftID, a Way to Bypass Security Questions With Just a Swipe

On Oct. 23, Capital One launched SwiftID, a two-factor authentication solution for users of its Capital One Wallet app and website. SwiftID takes the place of the security questions used by many websites to authenticate users when they forget their passwords or extra authentication is required for some reason.

CIOs Reporting Directly to CFOs Can Create Massive Cybersecurity Headaches

Many companies are lacking the necessary funds to upgrade critical systems, according to a new study from the Georgia Tech Information Security Center.
Business Insider

FBI Chief Again Says Ferguson Having Chilling Effect on Law Enforcement

FBI Director James B. Comey has recently warned that police in the United States have become more reluctant to do their jobs aggressively since the incidents in Ferguson and the use of smartphones. Comey told police officials in Chicago at a conference of the International Association of Chiefs of Police that major U.S. cities are seeing a violent crime wave that may partly be due to “gun shy” police officers who are afraid of being recorded on video and accused of police brutality.
The Washington Post

Cyberthreats, Cyberattattacks Will Only Increase Over Time: Experts

The growing dependency of an increasing number of organizations on the Internet has also served to increase the number of targets for hackers, particularly those organizations that have not given sufficient attention to safeguarding their networks.
Homeland Security News Wire

Ransomware Alert: Client Data at Risk for Lawyers and Accountants!

Ransomware malware is increasingly being downloaded by unsuspecting employees.

"Researchers Find 85 Percent of Android Devices Insecure

Mobile phone carriers chronically fail to issue patches, so many vulnerabilities linger without getting fixed for months or years.
threat post

1 in 4 Organizations Have Experienced an APT

More than 28 percent of organizations have experienced an advanced persistent threat (APT) attack, according to a new study from ISACA.
Help Net Security

Villanova Univ. to Begin Arming Campus Police

Villanova University will transition to an armed University Police Force and “will have the same authority and undergo the same specialized training as those in public law enforcement,” according to a letter written by the president.
Campus Safety

Facebook to Warn You of Targeted Attacks - Check This Security Setting Anyway

Facebook has announced it will notify users it suspects of being targeted by nation states and urge them to take necessary precautions.
Naked Security

A 'Cyber Pearl Harbor' Could Mean New Security Mandates

Rep. Gerry Connolly (D-Va.), has warned that if firms do not put in place stronger cybersecurity defenses, Congress could impose new regulations that could rankle the industry.

U.S. Firms Fight Global Cyberweapon Deal

Many U.S. companies are against an international effort to prevent cyberweapons from reaching malicious regimes because they say it well upend the way they use and sell legitimate spyware.
Wall Street Journal

Coast Guard Official: Cyber Incidents With Physical Consequences Impacting the Maritime Transportation System

Cyber threats a real and active at the nation's ports, according to Rear Adm. Paul Thomas with the US Coast Guard.

Millennials Don't Trust Government With Their Online Information

Twenty-two percent of Internet users ages 16 to 35 have "none" or "a little" trust in their government's online data security, according to an Intercede survey of U.S. and U.K. citizens.

Report Warns of Chinese Hacking

An American cybersecurity firm says that it has uncovered evidence that China has violated a recent agreement between Washington and Beijing that neither country would condone economic espionage.
Wall Street Journal

Lehigh Joins in Power-Grid Project to Prevent Cyberattacks

Researchers from Lehigh University, the University of Arkansas-Fayetteville, the University of Arkansas-Little Rock, Florida International University, and Carnegie Mellon University has been awarded a $12.2 million grant to develop methods to protect the nation's electric grid from cyber-attacks.
The Morning Call

White House, Congress Spar Over Cyber Deterrence

Although armed services lawmakers want the U.S. to make Cold War era-style threats to America's cyber adversaries, many cyber analysts say it would be counterproductive to promise a specific response to any particular cyberattack.
Politico Pro

Retailers Losing 1.32% of Revenue to Fraud

Merchants are losing an increasing amount of revenue to fraud, the LexisNexis True Cost of Fraud study shows.
Security Magazine

Quarter of Firms Can't Tell How Hackers Get in

Although most large companies have experienced a breach in the past 12 months, 23 percent of them do not know how the hackers gained access, according to a new survey sponsored by DomainTools
CSO Online

2013 attack on Metcalf, California power grid substation committed by “an insider”: DHS

A senior DHS official last Wednesday revealed that a 2013 sniper attack on a Metcalf, California energy grid substation – which the top U.S. electrical utility regulator has called "the most significant incident of domestic terrorism involving the grid that has ever occurred" -- may have been committed by someone on the inside.
Homeland Security Newswire

Application Attacks Against Clouds Up 45 Percent

Application attacks against clouds rose 45 percent last year, according to a new Alert Logic report based on an analysis of 1 billion security events in the IT environments of more than 3,000 enterprise customers.
CSO Online

Too Many Healthcare Employees Complacent About Security

Non-technical health care employees are too complacent about the possibility of a data breach, according to a new survey from Trustwave Holdings, Inc.
CSO Online

Report Says Business Leaders Gaining on Cybersecurity Risks

Business leaders are increasingly evaluating cybersecurity practices, and trying to develop innovative technologies that can help reduce enterprise risks and improve performance, according to the recently released Global State of Information Security Survey 2016.
Security Magazine

Fake LinkedIn Profiles Lure Unsuspecting Users

Hackers have linked to more than 200 legitimate LinkedIn profiles belonging to individuals working in the defense, telecommunications, government, and utility sectors, according to researchers from the Dell SecureWorks Counter Threat Unit.

Protecting the U.S. power grid from cyberattacks

In the first half of Fiscal Year 2015, the Industrial Control Systems Cyber Emergency Response Team (ICS-CERT), part of the Department of Homeland Security, responded to 108 cyber incidents impacting critical infrastructure in the United States.
Homeland Security Newswire

Improve cybersecurity in energy delivery

Cyber networks support many important functions within energy delivery systems, from sending data between a smart meter and utility to controlling oil or gas flow in a pipeline.
Homeland Security Newswire

As Campus Fears Rise, So Do Efforts to Enact School Gun Laws

Earlier this month, Calif. Gov. Jerry Brown signed a law that would ban concealed weapons on school campuses.
New York Times

Though Less Publicized, Data Leaks Are More Prevalent Than Data Breaches

About 80 percent of information security professionals have experienced a data leak, according to a new Enterprise Management Associates (EMA)/FinalCode study.
government technology

DOJ Creates New Post to Oversee Domestic Terror Cases

The U.S. Department of Justice has created a new office to coordinate investigations into domestic terrorism, a top official said on Oct. 14, after a series of violent shootings have incited new fears about homegrown terror.
The Hill

Companies Need to Start Making Security Part of Their Brands, Experts Say

As cybersecurity concerns increase among consumers, security experts say that companies must take the issue seriously, or risk losing business, especially when it comes to the Internet of Things (IOT).
Technology Fox News

Predictive Policing Substantially Reduces Crime in Los Angeles During 21-Month Period

A team of scholars at UCLA devised a mathematical model to determine where the LAPD should deploy officers, and the project led to substantially lower crime rates during a recent 21-month period. Starting in 2011, the researchers analyzed crime trends to determine whether their model could predict when and where major crimes would occur in real time.
Homeland Security Newswire

NIST Tackles Email Security With a Two-Faceted Approach

The National Institute of Standards and Technology (NIST) is seeking to tackle email security issues with two new projects.

Cost Of Cybercrime Reaches $15 Million Annually Per Org

Ponemon Institute study details annual costs incurred by organizations with over 1,000 employees.
Dark Reading

Lack of Access Controls, Poor Password Policy Behind Target Breach, Says Internal Report

IT security pros are always emphasizing the need for strong password. That need came into the spotlight due to an internal Target breach report recently obtained by security blogger Brian Krebs.

AT&T: Corporate IT Attacks Up 458 Percent in 2014

The number of times hackers tried to find security weaknesses in corporate IT systems rose 458 percent in 2014, according to AT&T's new Cybersecurity Insight Report.

Market for Stolen Data Is Hotbed of Innovation, Brian Krebs Says

Hackers selling stolen data on the dark Web are a powerful source of business innovation, says cybersecurity reporter Brian Krebs.
Wall Street Journal

Healthcare Firms Three Times More Likely to See Data Breaches

According to a Raytheon|Websense report, companies in the healthcare sector are three times more likely to encounter data theft than the average firm.
CSO Online

Cyber and Reputation Risks Remain Top Concerns for Enterprises

Among potential risks to business operations, most firms consider cyber and IT risks to be the most likely, with the greatest impact, according to the 2015 International Business Resiliency Survey by Marsh.
Security Magazine

Alleged Oregon Shooter Discharged from Army After Suicide Attempt

Law-enforcement officials familiar with the investigation into the shooting at Umpqua Community College in Roseburg, Ore., last Thursday say the alleged shooter, Christopher Harper-Mercer, had earlier been discharged from the Army following a suicide attempt.
Wall Street Journal

Iranian Hackers May Be Lurking on LinkedIn, Report Says

Cybersecurity researchers have discovered a network of fake LinkedIn profiles that may have been used by hackers in Iran to form relationships with potential victims, according to a new report by Dell SecureWorks Inc.
Wall Street Journal

California Bans Concealed Guns on College Campuses

California Gov. Jerry Brown signed legislation that will ban the carrying of concealed guns on school and university campuses in the state.
Security Magazine

E*Trade, Dow Jones: 7 Breach Lessons

Two more firms in the financial services sector - E*Trade Financial and Dow Jones - have announced that they suffered data breaches that appeared to target not payment card data, but rather contact details for their customers or subscribers (see E*Trade, Dow Jones Issue Breach Alerts).
Data Breach Todau

T-Mobile Customers Hacked in Experian Breach: What You Need to Know

A massive data breach at Experian, one of the country's major credit rating bureaus that companies use to conduct credit checks, has exposed the personal information of as many as 15 million T-Mobile consumers, according to the mobile carrier.
ABC News

How job recruiters screen you on LinkedIn

There are 277 million users on LinkedIn, according to the company’s latest results, and many of them — though not all — are probably competing for the same jobs.
Market Watch

The growing link between intelligence communities and academia

The events of September 11 2001 were a catalyst for change in the intelligence profession.One noticeable change: The number of universities offering an intelligence studies-related degree has grown from a handful to few dozen.
Homeland Security News Wire

Bidding for Breaches, Redefining Targeted Attacks

A growing community of private and highly-vetted cybercrime forums is redefining the very meaning of “targeted attacks.”
DFI News

SCADA Vulnerability on the Rise

Recent reports show that industrial control systems (ICS) and supervisory control and data acquisition (SCADA) systems are increasingly at risk from cyber attacks, posing a threat to critical infrastructure and industry.
EE Times

Columbian University Installs Turnstiles to Improve Access Control

The University of Antioquia in Columbia installed four Boon Edam Trilock-75 turnstiles to boost physical security on campus.
Campus Safety

Staying Current With Building-Security Technology

A growing trend in building security is a holistic approach to security solutions, from what is being decided to who’s doing the deciding, Universal Protection Service’s business development manager Christy Gramann tells GlobeSt.com.

Strategy, Risk Oversight Are Lead Areas of Boardroom Focus

The 2014 Board Practices Report: Perspectives from the Boardroom, addresses a range of board structural and financial topics, cybersecurity and data analytics, among other issues.
Wall Street Journal

Stop Wasting Your IT Budget on the Wrong Security Threats

A survey of 460 IT security professionals at July's Black Hat USA conference found a disconnect between the issues respondents said they were most concerned about, and what they spent the most time and budget addressing.
Tech Republic

Survey: Many Agencies Suffer Frequent Insider Hacking Attempt

Forty-five percent of federal agencies had employees or contractors that tried to access or exfiltrate unauthorized data during the last year, according to a recent MeriTalk survey of 150 federal IT managers.
Federal Times

Cyberattack 101: Why Hackers Are Going After Universities

With their vast stores of personal data and expensive research, universities are prime targets for hackers looking to graduate from swiping credit card numbers.
NBC News

Cybersecurity Poses Challenge to Accountants

A new report from Pace University and the U.S. arm of the Association of Chartered Certified Accountants (ACCA USA) says that accountants need to take a leading role in cybersecurity in order to protect the sensitive corporate and personal data they work with.
Accounting Today

5 Common Types of Unauthorized Access and How to Combat Them

Before purchasing an access control system, you must have a comprehensive understanding of what you need that system to do.
Secuity Magazine

Parking Spaces

The federal Bureau of Justice Statistics has reported that more than seven percent of violent victimization in the U.S. occur in parking lots or garages — commercial, noncommercial, or apartment and townhome facilities — and more than 11 percent of property crimes occur in these same lots.
Secuity Today

A Driver’s License Won’t Get You Through Airport Security if You Live in These States

At some point in 2016, driver's licenses from several states will not longer be considered sufficient to clear airport security and board an airplane. Residents of New York, New Hampshire, Minnesota, Louisiana, or American Samoa will need a passport to fly domestically.

Corebot Cleverly Written Botnet Malware With Growth Potential

Corebot is a new type of botnet malware that researchers believe has the potential to develop into a significant threat.
Network World

Survey: Corporate Security Battle Is Being Lost

A recently released enterprise security survey by corporate security vendor Centrify Corp. has revealed that 59 percent of U.S. information technology managers have shared access credentials with other employees "somewhat often.

China Seeks Out Unlikely Ally: U.S. Tech Firms

Chinese President Xi Jinping's visit to the United States this week will first involve meetings with tech executives in Seattle rather than government officials in Washington.
Wall Street Journal

Technology That Predicts Your Next Security Fail

Predictive analytics uses publicly available and privately sourced data to attempt to determine future actions.

SEC to Launch Second Round of Cyber Exams, Issues Risk Alert

The SEC on Tuesday released a set of questions for advisers and broker-dealers to answer regarding their cybersecurity preparedness, as the agency starts conducting its second round of cyber-related exams.
Think Advisor

The World’s Riskiest Tourist Attractions for Mobile Devices

Skycure has released a report which detailed a study of the world's most popular tourist attractions, identifying actual network threats occurring from mobile devices over the past year.
Security Magazine

Law Firms to Spend $6.9M to Keep Client Data Secure

Law firms are predicted to spend more than $6.9 million on information security in 2015, or 1.92 percent of their gross annual revenues, according to a survey of large law firms.
Bloomberg BNA

Insider Threats, Organizational Rigidity Pose Challenges for U.S. National Security: Study

According to Stanford professor Amy Zegart, U.S. national security is facing increasing challenges from insider threats and organizational rigidity.
Homeland Security News Wire

This Program Lets You Snap a Photo of Whoever's Trying to Hack You

A new program called LogMeOnce is giving users the option to take a picture of whoever is trying to access the accounts they've registered with the service.
Washington Post

Bumpy rash, achy joints, inflamed eyes? There’s a new disease in town

Never heard of the Zika virus? That may change soon. Almost unknown in humans until the past decade, Zika is now spreading fast through South America and Oceania, and it may soon knock on our doors, too.
Washington Post

3 Out of 4 Organizations Admit They Aren't 'Resilient' to Cyberattacks

A survey by the Ponemon Institute of more than 600 IT professionals in the United States found that just 25 percent of respondents rated their organization as highly resilient.

Why Cybercrime Now Exceeds Conventional Crime

Online crime worldwide is increasingly displacing conventional forms of property crime, such as burglary and robbery.
Bank info Security

Criminals receive 1,425 percent return on investment from malware attacks: Report

Trustwave yesterday released its 2015 Trustwave Global Security Report which analyzes the top cybercrime, data breach, and security threat trends from 2014.
Homeland Security News Wire

Online Exclusive: Complying with Stringent Requirements

Governments are having to change their compliance standards and to increase the storage and analysis of this data.
Security Today

Survey: Executives Lack Confidence In Cybersecurity Posture

Security executives are increasingly aware of the cyber threats that could undermine the security of their organizations.
Homeland Security Today

Federal Agencies Continue To Experience Alarming Number Of Insider Cyber Threats

Despite a concerted effort to minimize insider threats, however, nearly half of federal agencies were targets of insider threats in the past year, according to a recent report by MeriTalk is a public-private partnership focused on improving the outcomes of government IT.
Homeland Security Today

8 Lessons to Learn from the Sony Breach

Last year, Sony Pictures Entertainment suffered one of the largest and most public cybersecurity breaches in history.
Security Magazine

The Most Influential People in Security 2015

Every year, Security magazine honors top security executives and leaders who positively impact the security industry, their organization, their colleagues and peers, as well as the national and global security landscape.
Security Magazine

6 Reasons Why Content is King in Command Centers

Building or upgrading a command center usually starts with facilities and equipment – ergonomic desks and chairs, LED displays and computers – as opposed to the content that supports the mission of command center staff. This approach does a disservice to your command center team by not prioritizing content that supports efficient risk management for your organization.
Security Magazine

5 Common Types of Unauthorized Access and How to Combat Them

Before you evaluate or purchase an access control system, it is critical to have a good understanding of what you need such a system to do.
Security Magazine

Survey Finds Organized Retail Crime Still Prevalent Across the Industry

According to the National Retail Federation’s 11th annual Organized Retail Crime Survey, which polled 67 senior retail loss prevention executives, nearly all (97%) retailers surveyed report that they have been a victim of ORC in the past year, up from 88.2 percent who said so last year.
Security Magazine

Study Shows How Security Impacts Employee Productivity

A study by Dell examines enterprise security's impact on productivity including the mobile workforce and passwords.
Security Magazine

Obama Threatens Sanctions Against China If Hacks Continue

President Obama characterizes the hacking of American businesses by Chinese hackers as an "act of aggression" against the United States and promises his administration will take action against the Chinese if they don't stop.
Data Breach Today

Second Russian Pleads Guilty in Massive Hacker Attack

A second Russian has pleaded guilty in connection with the largest U.S. hacking scheme, which resulted in the theft of more than 160 million payment card numbers.
Data Breach Today

Why Cybercrime Now Exceeds Conventional Crime

Online crime worldwide is increasingly displacing conventional forms of property crime, such as burglary and robbery.
Data Breach Today

New point-of-sale malware distributed by Andromeda botnet

Cybercriminals are casting increasingly wider nets in their search for new point-of-sale systems to infect.

Attack on Hacking Team spills global cyber-spying secrets

A dramatic breach at an Italian surveillance company has laid bare the details of government cyberattacks worldwide, putting intelligence chiefs in the hot seat from Cyprus to South Korea.
CBS News

More Retailers Hit by New Third-Party Breach?

CVS, Rite-Aid, Sam's Club, Walmart Canada and other large retail chains have suspended their online photo services following a suspected hack attack against a third-party service provider that may, in some cases, have resulted in the compromise of payment card data.
Bank info Security

Federally funded network anomaly-detection technology licensed to Ernst & Young

The Department of Homeland Security (DHS) Science and Technology Directorate (S&T) the other day announced that another cybersecurity technology has been licensed for commercialization.
Homeland Security News Wire

CISOs facing boards need better business, communication skills

As information security becomes a more important topic of interest, CISOs are increasingly asked to step up and brief boards on cyber issues

Absolute Collaborates with RSA to Offer Enhanced Endpoint Data Collection & Remediation

Absolute Software Corporation announced it has joined the RSA Ready Technology Partnership program.
Security Today

Malware's Stinging Little Secret

What do successful but separate malware attacks against banking customers around the world, as well as the White House and health insurer Anthem, all have in common?
Data Breach Today

Security Sector Business Roundup

There have been a number of recent, interesting business moves in the security space, from a range of companies, including Symantec and Cisco, plus Crowdstrike, Proofpoint, Fidelity National Information Services - better known as FIS - and Zscaler.
Data Breach Today

3 Steps to Evaluate Your Supply Chain Preparedness

Your supply chain is the lifeline of your business, but it also can be a significant vulnerability during a hurricane or a natural catastrophe or other event such as a cyber-attack, strike or delay.
Security Magazine

Just How Versatile is RFID Technology?

Not surprisingly, radio frequency identification (RFID) and that technology’s “little sister” real-time location systems (RTLS) seem to be everywhere doing just about everything.
Security Magazine

Redefining security visualization with Hollywood UI design

Most security interfaces today leave a lot to be desired, and many security pros are gaming enthusiasts, accustomed to a sharp and engaging virtual world.
Help Net Security

Maintaining security during your healthcare merger or acquisition

With continuous changes in the information security landscape and high profile breaches being announced on a seemingly weekly basis, healthcare providers need to ensure they are properly securing protected health information (PHI).
Help Net Security

BitTorrent clients can be made to participate in high-volume DoS attacks

A group of researchers have discovered a new type of DoS attack that can be pulled off by a single attacker exploiting weaknesses in the BitTorrent protocol family.
Help Net Security

Five points of failure in recovering from an attack

An over emphasis on defense is leaving the financial sector exposed to cyber attack.
Help Net Security

How innovation is disrupting the energy industry

We are currently witnessing shifts in major industries as a result of rapid technological innovation and industry interconnectivity.
World Economic Forum

How will China’s innovation change the world?

From the streets of Shanghai to Shenzhen’s technology incubators, to Beijing’s start-ups, innovation in China is thriving at a rate never seen before.
World Economic Forum

City of Lakeland, FL Chooses Genetec Technology to Improve Security

The City of Lakeland in Florida has recently standardized its security operations with Genetec Security Center, a unified security platform that combines video surveillance, access control and automatic license plate recognition systems into one central monitoring and management platform.
Security Today

Universal Protection Service to Acquire Guardsmark

Security Today

AMAG Technology Releases Symmetry CompleteView 4.5 Video Management System

AMAG Technology announces the release of Symmetry CompleteView Video Management System version 4.5 and four new Symmetry PowerProtect NVRs.
Security Today

Meeting The Needs Of A Changing Homeland Security Landscape

Meeting The Needs Of A Changing Homeland Security Landscape
Homeland Security Today

Multifactor Authentication Slowly Gaining Traction Amid Increasing Cyberattacks

Although multifactor authentication is becoming increasingly popular among companies looking for ways to improve their cybersecurity posture amid the increasing number of sophisticated and damaging cyber attacks, the password-only model of security is still going strong.
Homeland Security Today

Disrupting trust models: An evolution in the financial services sector

The way we interact with service providers – whether travel organisations, music suppliers or retailers – has changed to be almost unrecognisable from five years’ ago.
Help Net Security

File-stealing Firefox bug exploited in the wild, patch immediately!

The bug, reported by security researcher Cody Crews, allows attackers to violate Firefox' same origin policy and inject script into a non-privileged part of the built-in PDF Viewer. The flaw can be exploited to steal local files from a victim's computer.
Help Net Security

Pentagon's unclassified email system breached, Russian hackers blamed

Pentagon's Joint Staff unclassified email system, used by 4,000 military and civilian personnel, has been compromised by attackers, and it has been taken offline until the threat is dealt with.
Help Net Security

Macs can be permanently compromised via firmware worm

Security researchers Xeno Kovah and Trammell Hudson have discovered several flaws in the firmware installed on Apple computers, and have created a worm that can silently infect them and change the firmware in question to achieve persistence in the system.
Help Net Security

Fake "Windows 10 Free Upgrade" emails deliver ransomware

It didn't take long for malware peddlers to take advantage of the huge interest users have shown into Windows 10.
Help Net Security

Malicious advertisements surge! 260% spike in 2015

RiskIQ announced at Black Hat USA 2015 its latest findings on the prevalence of malvertising across the nearly two billion publisher pages and 10 million mobile apps it monitors per day.
Help Net Security

Malvertisers abused Yahoo’s ad network for days

A large-scale malvertising attack abusing Yahoo’s ad network has been hitting visitors of the Internet giant's many popular and heavy-traffic sites for nearly a week.
Help Net Security

Two Charged in 2011 Cyber Breach at Michaels Retailer

Two men were criminally charged over their alleged roles in a conspiracy to steal 94,000 credit and debit card numbers from Michaels Stores Inc.
Security Magazine

Addressing Cybersecurity and the Insider Threat

In the wake of massive data breaches such as those at the U.S. government’s Office of Personnel Management, health insurer Anthem and retailer Target, an enterprise’s initial reaction might be to tighten the security around networks and data.
Security Magazine

Identity Theft Tops Nation's Top Ten Consumer Complaints

Identity theft topped the list of fastest-growing complaints to state and local consumer protection agencies last year, according to the latest report from the annual survey conducted by Consumer Federation of America (CFA) and the North American Consumer Protection Investigators (NACPI).
Security Magazine

Security Officer Company Universal Protection Service Acquires Guardsmark

Universal Protection Service, a division of Universal Services of America and a portfolio company of Warburg Pincus and Partners Group, announced this week that is has acquired Memphis-based competitor Guardsmark. Together, these companies create the largest U.S.-owned security company.
Security Magazine

Android Security Flaw Leaves 950 Million Phones Vulnerable

Hackers could easily intercept someone’s phone without their authorization by sending a message, taking control of the device, and then deleting the message; thus eliminating any evidence of the hack.
Security Today

Cybercriminals are preying on existing vulnerabilities to plan future attacks

Solutionary performed a broad analysis of the threat landscape, which unearthed several key findings. They identified several campaigns targeting the bash vulnerability during the latest quarter - more than 600,000 events from 138 countries.
Help Net Security

Researchers devise passive attacks for identifying Tor hidden services

A group of MIT researchers have devised two attacks that could identify, with a high degree of certainty (88%), an anonymous hidden service or client.
Help Net Security

German prosecutors charge news Web site with treason over leaks of surveillance plan

German authorities have launched a treason investigation into a news Web site which had reported on government plans to broaden state surveillance of online communications.
Homeland Security NewsWire

Chemical plants provided incorrect information about toxic release risks: GAO

A new report from the Government Accountability Office (GAO) recommends that federal agencies should more carefully verify information provided by chemical facilities and improve compliance with safety standards.
Homeland Security News Wire

Communities near chemical plants should develop preparedness, response plans: Experts

Researchers found that despite the 2007 passage of the Chemical Facility Anti-Terrorism Standards (CFATS), only a few chemical facilities have completed the necessary security measures implementation.
Homeland Security News Wire

By Nearly Any Measure, Sunny South Florida is Tops in Fraud

Over the past decade or so, the three most populous South Florida counties - Miami-Dade, Broward and Palm Beach - have become less renowned for old-school "Miami Vice"-style drug shootouts than for scammers stealing hundreds of millions from the government, banks and individuals by using laptops, stolen identities and fake medical procedures.
Continuity Insights

U.S. military bases vulnerable to cyberattacks on their power, utility systems

U.S. military bases are at risk for cyberattacks against the bases’ power grid and other utility systems, according to a new report on defense infrastructure from the Government Accounting Office.
Continuity Insights

Adultery site Ashley Madison hacked, user data leaked

A group or individual known as The Impact Team claimed to be behind the attack and that it had data on all of Ashley Madison's 37 million users and its partner sites, Cougar Life and Established Men, all owned by Canada's Avid Life Media (ALM).

Lawsuit says TSA Needs Formal Regulations for Full-Body Scanners

A federal lawsuit said the TSA should develop formal regulations for its full-body scanners.
Security Magazine

MN Lawmakers Want Access to Railroad Emergency Plans

Some Minnesota lawmakers and railroad safety advocates are concerned that new disaster plans are not being released to the public.
Security Magazine

STANLEY Security Debuts New Vertical and Centralized Operations Team

STANLEY Security announced the establishment of its new Vertical & Centralized Operations (VOPS) team and supporting Network Operations Center.
Security Today

AES Corporation Announces Issuance of a New U.S. Patent

AES Corporation, a manufacturer of private wireless mesh alarm communication networks, is pleased to announce that the United States Patent and Trademark Office has issued U.S. Patent No. 8,072,945 for AES Link Layered Networks.
Security Today

Breach Investigation Focuses on PNI

Experts Offer Insights on Thwarting Fraudsters
Data Breach Today

New Legislation Introduced to Replace Clery Act

Missouri Sen. Claire McCaskill has introduced pending legislation in the Senate called the Campus Safety and Accountability Act (CASA), intended to supplant or simplify the Clery Act.
Security Magazine

10 Steps to a Better Catastrophe Response Plan

Catastrophic events – both natural and man-made – occur in many forms and may severely affect a company’s ability to conduct its normal business.
Security Magazine

Ensuring Security and Compliance in a BYOD World

IT security is complicated enough. The widespread adoption of BYOD mobile devices and the overall consumerization of IT promise to complicate security efforts exponentially.
Security Magazine

Online Exclusive: A Perspective on Glass and the Terrorist Threat

The threat of terror, real or imagined, has focused the minds of building owners, architects, engineers, technologists and planners to better design buildings that can withstand a whole new array of risks.
Security Today

DHS S&T licenses third cybersecurity for commercialization

The Department of Homeland Security (DHS) Science and Technology Directorate (S&T) yesterday announced that another cybersecurity technology has been licensed for commercialization.
Homeland Security News Wire

Will ID Protection Offer Set New Standard?

Blue Cross Blue Shield plans' groundbreaking offer, in the wake of mega-breaches, of extended ID protection to all of the more than 106 million individuals covered by their insurance could set new expectations for breach response, some security experts predict.
Data Breach Today

Hacking of Government Computers Exposed 21.5 Million People

WASHINGTON — The Obama administration on Thursday revealed that 21.5 million people were swept up in a colossal breach of government computer systems that was far more damaging than initially thought, resulting in the theft of a vast trove of personal information, including Social Security numbers and some fingerprints.
The New York Times

The Stock Market Bell Rings, Computers Fail, Wall Street Cringes

Problems with technology have at times roiled global financial markets, but the 223-year-old New York Stock Exchange has held itself up as an oasis of humans ready to step in when the computers go haywire.
The New York Times

FBI Director: Potential July 4 Terror Plots Disrupted

Federal Bureau of Investigation Director James Comey on Thursday said a number of plots near the July 4 holiday by suspects inspired by Islamic State were disrupted by a spate of arrests, adding that law-enforcement officials are continuing to pursue leads as the militant group uses social media in a bid for followers.
Wall Street Journal

Cyber attack on U.S. power grid could cost economy $1 trillion: report

A cyber attack which shuts down parts of the United States' power grid could cost as much as $1 trillion to the U.S. economy, according to a report published on Wednesday.

FBI Chief Punches Back On Encryption

James Comey, director of the Federal Bureau of Investigation, said Monday the country needs to have a “robust debate” about the use of message encryption by technology firms, warning that Islamic State militants and other terrorist groups could use this method to recruit “troubled Americans to kill people.”
Homeland Security Today

Comey again denounces default encryption in editorial

FBI Director James Comey again backed his stance against default encryption in an editorial published Monday on Lawfare.
SC Magazine

Analysts find exploits in Hacking Team leaks, investigate zero-day attacks

Researchers have found that a trove of leaked data belonging to Italian firm Hacking Team includes exploits, some of which target zero-day vulnerabilities.
SC Magazine

Illinois insurer says software error resulted in data exposure

Illinois-based Trustmark Mutual Holding Company is notifying an undisclosed number of individuals that a software error resulted in emails containing their personal information being sent to the wrong insurance carrier clients.
SC Magazine

DHS Interoperable Communications Bill Signed Into Law By President

Monday, the DHS Interoperable Communications Act (HR 615), which requires the Department of Homeland Security’s (DHS) Under Secretary for Management to maintain interoperable communications among the components of the department was signed into law by President Obama.
Homeland Security Today

USD Creates New Cyber Security Center

The University of San Diego will create a center that will address cyber-security issues and offer graduate degree programs.
Security Magazine

Minimizing Risks from Contractors and Temporary Employees

Businesses and government agencies see value in using temporary workers, contractors and subcontractors. Nothing could go wrong. Right?
Security Magazine

New Ebola Cases Raise Concern of Potential New Outbreak

Three new cases of Ebola have been confirmed in Liberia, following the death of a teenager from the virus on June 28 and after the West African nation had been declared Ebola Free back in May.

Gun Cell Phone Case Will Get Someone Killed

Cell phone cases come in all shapes, sizes, colors and designs. A new design, however, caught our attention at Firestorm.

New York Stock Exchange Blames Shutdown on 'Configuration Issue' as Dow Falls

The Dow Jones Industrial Average took a triple digit hit today after trading on the New York Stock Exchange (NYSE) was halted for three and a half hours.
ABC News

United Airlines Will Pay Bug Hunters in Air Miles

United Airlines has announced it will reward anyone who is capable of proving a remote code execution on any of its planes’ Wi-Fi networks in airline miles. This announcement comes after both the FBI and TSA asked airlines to start looking for theoretical hacks to their in-flight Wi-Fi.
Security Today

Security Firm Discloses Details of Amazon Fire Phone Vulnerabilities

The operating system update released in May by Amazon for its Fire Phone resolves three vulnerabilities discovered by researchers at information security consultancy MWR InfoSecurity.
Security Week

Honeywell, Intel Team on Industrial Cyber Security

Honeywell Process Solutions (HPS) and Intel Security said this week that they will combine forces to boost protection of critical industrial infrastructure and the “Industrial Internet of Things” (IIoT).
Security Week

Default SSH Keys Expose Cisco's Virtual Security Appliances

Cisco warned on Thursday that as a result of default encryption keys in three of its security products, customers are at risk of an unauthenticated remote attacker being able intercept traffic or gain access to vulnerable systems with root privileges.
Security Week

FAA panel to focus on top cybersecurity risks to aircrafts

An advisory committee formed by the U.S. Federal Aviation Administration (FAA) aims to develop international design and testing standards that will thwart cyberattacks against aircrafts.
SC Magazine

Study: Click-fraud malware often leads to more dire infections

Although often considered relatively innocuous, click-fraud malware infections could be the start of serious enterprise security issues.
SC Magazine

Malware on Tactical Assault Gear website targets customer information

North Carolina-based LC Industries, Inc., which operates the Tactical Assault Gear website, is notifying thousands of customers that malware discovered on the website was being used to gain access to personal information.
SC Magazine

Employee with California bank puts customer loan data at risk

An employee with California-based Bank of Manhattan Mortgage Lending handled mortgage loan files stored on a removable disk drive in a manner contrary to the bank's policies and instructions, possibly leading to the unauthorized disclosure or use of customer information in the files.
SC Magazine

Fourth of July Terror Warning Issued by FBI, Homeland Security

Federal authorities have warned local law enforcement officials across the country about a heightened concern involving possible terror attacks targeting the July 4th holiday.
Security Magazine

OSHA to Increase Enforcement at Hospitals, Nursing Homes over Work-Related Injuries

The U.S. Department of Labor's workplace safety division is increasing its enforcement efforts in hospitals and nursing homes.
Security Magazine

DOD’s Infrastructure Capabilities Must Be A Priority For Chemical And Biological Defense, GAO Says

From North Korea’s weapons of mass destruction (WMD) program to the 2014 Ebola virus outbreak, the United States faces—and will continue to face—a number of ever-evolving chemical and biological threats that threaten to undermine the peace, stability and security of the nation.
Homeland Security Today

China, U.S. Plan Cyber 'Code of Conduct'

At the end of a two-day China-U.S. strategic summit in Washington, U.S. Secretary of State John Kerry said June 24 that both sides had agreed on the need to create and abide by a new cyber "code of conduct."
Data Breach Today

Survey: 75 percent of companies have significant risk exposure

A misallocation of resources may account for nearly 75 percent of the respondents in RSA's inaugural Cybersecurity Poverty Index believing that their companies have significant cybersecurity risk exposure, results of the survey indicated.
SC Magazine

AeroGrow says malware likely compromised payment card data

Colorado-based AeroGrow International, Inc. is notifying an undisclosed number of individuals who shopped on its website – AeroGarden.com – that malware was likely used to infiltrate AeroGrow's online servers, and that payment card data may have been compromised.
SC Magazine

Incumbent TSA Leader Shares Worries about Airport Security

Coast Guard Vice Adm. Peter Neffenger has said that he plans to fully identify any gaps in airport security and close them if he is to be confirmed by the Senate to lead the TSA.
Security Today

Online Exclusive: Who's Minding Your Surveillance Systems' Performance?

Video surveillance has undergone a rapid evolution in recent years. What was once a high-tech luxury has grown into a crucial element of physical security.
Security Today

International Operation Takes Down Cyber Fraudsters; Duqu Returns

This week, a joint international operation led to the dismantling of a group of cybercriminals active in Italy, Spain, Poland, the United Kingdom, Belgium and Georgia who are suspected of committing financial fraud involving email account intrusions.
Homeland Security Today

How To Check The Box … And Box-Out The Hackers - Identity Has Become The New Security Perimeter

Recent high profile attacks ranging from Sony Pictures Entertainment and Anthem, Inc. to the Office of Personnel Management and the United States Postal Service have accentuated the massive vulnerabilities that exist in the present security framework.
Homeland Security Today

The Unmanned Helping Hand: The Role Of UAVs In Disaster Recovery

While privacy and safety concerns lead the fight against the developing equipment, the ability to have a rapidly deployable eye-in-the-sky can provide vital assistance to first responders in emergency and disaster responses -- providing unprecedented situational awareness to those making decisions and allocating the limited assets available.
Homeland Security Today

Analysis: Ponemon Breach Cost Study

Larry Ponemon, founder and chairman of the Ponemon Institute, offers an in-depth analysis of the results of the organization's 10th study of the costs of data breaches, which found, for example, that rapid growth in hacker attacks is leading to escalating costs.
Data Breach Today

Cisco to Launch New Security Platform

Organizations are awash in security-related information, but too often they use too little of it - at least until it's too late. In part, that's because trying to link data from disparate security tools - such as firewalls, sandboxes, intrusion protection systems, anti-virus and identify management tools - by using back-end integration isn't always successful, and thus is not stopping data breaches, says Martin Roesch, chief architect for security at Cisco Systems.
Data Breach Today

Report: OPM Breach Found During Demo

The massive data breach at the U.S. Office of Personnel Management reportedly wasn't discovered by U.S. government sleuths - or the Department of Homeland Security Einstein intrusion detection system - but rather during a product demo.
Data Breach Today

Trade secrets allegedly sold to China by Temple physics chair

The chair of Temple University's physics department has been charged with four counts of wire fraud after allegedly selling trade secrets to China, according to the U.S. Justice Department.
South Jersey Times

Breach Of OPM Employee Records Raise More National Security Concerns, Officials Say

The theft of up to 4 million sensitive federal employees’ records maintained by the Office of Personnel Management (OPM) likely had a lot more to do with a foreign government’s spying and espionage activities than anything else, US counterintelligence authorities told Homeland Security Today on background because they aren’t authorized to officially discuss the matter.
Homeland Security Today

Canada Expands Biometric Screening Measures To Better Protect Its Borders PM Announces

Canadian Prime Minister Stephen Harper announced Thursday that a number of new measures that will increase the safety and security of Canadians are being implemented to protect Canada’s borders.
Homeland Security Today

Highlighting the Hotsheet: Cargo Theft Spikes Dramatically in Q1 2015

CargoNet announced the Q1 statistics for cargo theft and they were dramatic: a full $23 million worth of property was stolen, $14 million more than during the same period last year
Security Today

Insurer Seeks Breach Settlement Repayment

Columbia Casualty, a cyber-insurer that paid more than $4 million, plus defense attorney expenses, to settle a class action suit that was filed against its client, Cottage Health, in the wake of a 2013 data breach is now trying to claw back the payments.
Data Breach Today

Report: NSA Expanded Internet Spying

The National Security Agency secretly expanded its warrantless surveillance of Americans' international Internet traffic to seek evidence of malicious computer hacking, according to documents leaked by former NSA contractor Edward Snowden, Pro Publica and The New York Times report.
Data Breach Today

Small businesses surveyed on EMV awareness, many still unclear on liability shift

A survey of management-level employees at small businesses in the U.S. found that 42 percent were unaware of the EMV liability shift deadline this October.
SC Magazine

Texas Lawmakers Pass Bill Allowing Guns on College Campuses

Students and faculty members at public and private universities in Texas could be allowed to carry concealed handguns into classrooms, dormitories and other buildings under a bill passed by the Texas Legislature.
Security Magazine

Making the CSO the Next Enterprise Leader

Congratulations, security executives, soon you will officially be the “corporate rock-star.”
Security Magazine


In a recent Firestorm and Black Swan webinar, Michelle Colosimo, Black Swan Solutions Director, explains the financial impact of closing down an airport for a day.

State-Sponsored Cybercrime: A Growing Business Threat

It’s not just governments that are feeling the disastrous effects of state-sponsored cyber warfare and crime.
Dark Reading

US Banks Close Branches Along Mexico Border to Prevent Money Laundering

Major US banks have recently closed branches along the southern border with Mexico in an attempt to crack down on money laundering, a reflection of the ease with which Mexican drug traffickers can legitimize illicit proceeds north of the border.
In Sight Crime

Nasty Police Scareware Triples Ransom If Users Try to Unlock Device on Their Own

A stubborn piece of police scareware holds Android devices hostage until a fee is paid via Money Pak and PayPal My Cash transfers, and it increases the ransom to $1,500 / €1,400 if users attempt to unlock the device on their own.

IRS cut its cybersecurity staff by 11% over four years

The Internal Revenue Service, which disclosed this week the breach of 100,000 taxpayer accounts, has been steadily reducing the size of its internal cybersecurity staff as it increases its security spending.

IRS believes massive data theft originated in Russia

The Internal Revenue Service believes that a major cyber breach that allowed criminals to steal the tax returns of more than 100,000 people originated in Russia, Rep. Peter Roskam confirmed to CNN on Thursday.

Most Organizations Still Unable to Identify Phishing Emails, Survey Finds

Recent research has shown that individuals and organizations continue to be susceptible to email phishing, failing to correctly identify phishing emails and clicking on malicious links.
Homeland Security Today

Millennials Represent Greatest Risk to Corporate Data

The Millennial generation poses a greater risk to data security than other categories of users, according to an Absolute Software survey of 762 North American adults.

Survey Finds Median Employee Theft Loss of $280,000 for US Organizations

According to the 2015 Hiscox Embezzlement Watchlist, United States organizations with less than 500 employees experienced a median loss of $280,000 per year due to employee theft.
Security Magazine

An Elephant in the Living Room

Employers and security managers are becoming increasingly aware of potential security threats, but one area is still a concern because of how easily hackers can utilize it.
Security Today

Financial Firms Grapple With Cyber Risk in the Supply Chain

Last year saw a record high of 783 data breaches, the Identity Theft Resource Center reports, and access to systems through compromised third parties or subcontractors was the second most common cause of IT breaches in 2013 and 2014.
Wall Street Journal

Employees Still Visit Dangerous Sites at Work, Despire Awareness of Risk

A new study conducted by market researchers Vanson Bourne and published by security firm Blue Coat finds that despite being "fully aware" of the risks, many employees still visit inappropriate websites while at work.

Average Cost of Computer Breach is $3.79 Million

A Ponemon Institute and IBM survey revealed that the average cost of a computer breach at large companies globally was $3.79 million.
USA Today

Bots Now Outnumber Humans on the Web

Bot traffic has surpassed human traffic on the Internet, according to a Distil Networks report.
CSO Online

PSA Security Network Announces New National Deployment Program

PSA Security Network unveiled a new platform for its National Deployment Program, bringing real time integrator search and mapping capabilities online to PSA integrators.
Security Today

Online Exclusive: How Perimeter Security is Improving Rail Transportation Security

An emerging effective and cost-efficient solution to help freight rail carriers improve security is integrated security technology including smart thermal cameras, PTZ tracking solutions and target-mapping display software.
Security Today

United Airlines Will Pay Bug Hunters in Air Miles

United Airlines has announced it will reward anyone who is capable of proving a remote code execution on any of its planes’ Wi-Fi networks in airline miles.
Security Today

Hacker leaks sensitive info of millions of Adult FriendFinder users

Information of over 3.5 million users of dating site Adult FriendFinder has been stolen and leaked online, and is being used by spammers, scammers and phishers, a Channel 4 investigation into the Deep Web has revealed.
Help Net Security

Trojanized, info-stealing PuTTY version lurking online

A malicious version of the popular open source Secure Shell (SSH) client PuTTY has been spotted and analyzed by Symantec researchers, and found to have information-stealing capabilities.
Help Net Security

U.S. Charges 6 Chinese with Insider Theft

Federal authorities have indicted six Chinese nationals for economic espionage, and apprehended the ringleader, a Chinese professor, accusing him of pilfering trade secrets from the computer systems of two American high-tech companies, where he and a co-conspirator once worked.
Data Breach Today

Massive 'Logjam' Flaw Discovered

Numerous websites, mail servers and other services - including virtual private networks as well as "all modern browsers" - that rely on Transport Layer Security have a 20-year-old flaw that could be exploited by an attacker "to read and modify any data passed over the connection."
Data Breach Today

IBIA Says Expanding PreCheck Should Be Based On Strong, Proven Security Standards

The Transportation Security Administration's (TSA) exclusive use of biographic data solutions “in its prospective attempt to expand the PreCheck travel screening program” is “strongly” being questioned by the International Biometrics & Identification Association (IBIA
Homeland Security Today

Cyber Experts Warn Airlines Should Be In A Cyber Panic Over Potential Vulnerabilities

“I really believe in this. This is serious shit,” exclaimed The Security Awareness Company CEO and veteran cybersecurity guru Winn Schwartau in response to recent concerns terrorists or malicious actors could hack into the computerized systems of passenger aircraft and take control of them.
Homeland Security Today

Most Organizations Still Unable To Identify Phishing Emails, Survey Finds

Despite a number of reports over the last year indicating phishing scams continue to be a primary method of accessing personal information and breaching an organization, individuals continue to take the bait.
Homeland Security Today

How a hacker could hijack a plane from their seat

Reports that a cybersecurity expert successfully hacked into an airplane’s control system from a passenger seat raises many worrying questions for the airline industry.
Homeland Security News Wire

DHS S&T completes Virtua Shooter robotic device, delivers it to ICE

The U.S. Department of Homeland Security (DHS) Science and Technology Directorate (S&T) the other day announced the successful completion of a robotic device that tests multiple types of handguns and ammunition.
Homeland Security News Wire

Subway's New Anti-Theft Measure Sprays Dyes on Thieves

Subway will be soon adding an extra measure of security to protect its tens of thousands of franchise locations around the country, reports WATE. Instead of extra alarms or bells, the new security system, manufactured by SelectDNA actually sprays intruders, robbers, or other criminals, with a chemical that marks offenders as they try to exit the shop, reports Fox News.
Security Magazine

New Law Will Allow Teachers to Carry Guns in Oklahoma Schools

A bill signed into law this week will allow certain school employees in Oklahoma to carry guns on school property.
Security Magazine

Cyber Attacks on News Organizations: ISIS Changes Tactics to Win Mindshare

As part of its arsenal of battlefield tactics, the Islamic State (ISIS) has added cyber-attacks to its list.
Security Magazine

Hackers Have Figured Out How to Steal from Starbucks Cards

According to multiple users, hackers who get a username and password can steal money through a Starbucks’ card until the customer or credit-card company stops them. Thieves can transfer the balance onto a card they hold, wait for the Starbucks’ card to reload, then repeat the process over and over.
Security Today

Sensitive customer data leaked following mSpy data breach

mSpy, a company that sells "customized and user-friendly mobile and computer monitoring solutions," has apparently suffered a data breach.
Help Net Security

Plan OK'd to Drill into BP's Ill-Fated Macondo Reservoir

Deep-water drilling is set to resume near the site of the catastrophic BP PLC well blowout that killed 11 workers and caused the nation's largest offshore oil spill five years ago off the coast of Louisiana.
Continuity Insights

MKS Makes a Big Industry Splash at ISC West 2015

Kicking off their 30th year as a company, the newly rebranded MKS (Micro Key Solutions) made a big splash within the industry during ISC West 2015. The first recognition was for MKS President, Victoria Ferro who was selected by the Women’s Security Council as one of the Woman of the Year in the Security Industry.
Security Today

Statue of Liberty Evacuated

The Statue of Liberty and Liberty Island were evacuated Friday afternoon due to reports of a suspicious package, law enforcement officials said.
Security Today

Verizon Data Breach Study Finds Olds Flaws Still Dangerous

The 2015 edition of the DBIR provides insight into the state of cyber-security in 2014
Security Today

100,000 web shops open to compromise as attackers exploit Magento bug

A critical vulnerability found in Magento, the most popular content management system for e-commerce sites, is being exploited by hackers to get their hands on users' personal and payment card information, Ars Technica reports.
Help Net Security

High-profile data breaches made most CEOs re-examine security programs

There has been increased board- and C-level interest in information security programs in light of recent high-profile data breaches such as those affecting Sony, Anthem and JP Morgan, the results of a Netskope survey have revealed.
Help Net Security

RSA 2015: In the healthcare industry, security must innovate with business

The cost per healthcare record stolen in a data breach in 2014 was $359, a figure that Frank Kim, CISO with the SANS Institute and former executive director of cyber security with Kaiser Permanente, said he found alarming.
SC Magazine

Microsoft expands bug bounty program to include Project Spartan

Microsoft announced plans on Wednesday to expand its bug bounty program to include Project Spartan, the company's new browser, and Azure, the company's cloud platform.
SC Magazine

Data at risk for 9,000 individuals following unauthorized access to SRI Inc. website

Indiana-based SRI Incorporated – which conducts tax sales, deed sales and foreclosure sales relating to the recoupment of delinquent tax for local governments – is notifying roughly 9,000 individuals that their personal information may be at risk.
SC Magazine

Banks Try to Block Target Settlement

A group of financial institutions affected by the 2013 Target data breach that exposed at least 40 million payment cards is asking a court for a preliminary injunction to block the proposed settlement between the retailer and MasterCard that would provide $19 million to card issuers.
Data Breach Today

Beyond HIPAA Risk Assessments: Added Measures for Avoiding PHI Breaches

Last year, several high profile security incidents occurred at healthcare organizations where a HIPAA Risk Assessment (HSRA) had previously been conducted.
Data Breach Today

Chandler Says Leadership is Critical in Avoiding Ethical Disasters

Dr. Robert Chandler, Director of the Nicholson School of Communications at the University of Central Florida, discussed the impact of ethical disasters and the role of upper management in preventing them at the 2015 Continuity Insights Management Conference on Tuesday, April 21.
Continuity Insights

Water Scarcity Could Become an Emerging Topic for BC Pros

Forbes discussed potential consequences of water scarcity, including terrorism, supply chain disruption and competitive advantage, that would impact business continuity and resilience professionals.
Continuity Insights

The Rise of the Chief Security Officer: What it Means for Corporations and Customers

At the urging of the board, CEOs are putting a premium on hiring a first-rate Chief Security Officer (CSO) to lead the charge to protect company and consumer data.

Implementing new food safety measure hampered by lack of funding

Roughly forty-eight million Americans have food-borne illness each year, and according to the Centers for Disease Control and Prevention, 128,000 of them are hospitalized, and 3,000 die.
Homeland Security News Wire

Insider Breach Costs AT&T $25 Million

AT&T is paying a hefty price - $25 million - for call center employees in Mexico, Colombia and the Philippines accessing personally identifiable information from some 278,000 customer accounts without authorization.
Bank info Securityi

Anti-Hacker Executive Order: 5 Concerns

Declaring a national emergency over hack attacks, President Obama signed an executive order authorizing the government to impose sanctions on hackers.
Bank Info Securityi

U.S. grid vulnerable to cyber, physical attacks

The U.S. electric grid remains vulnerable to cyber and physical attacks, putting millions of households at risk from outages that could last a few days or weeks.
Homeland Security NewsWire

California imposes first mandatory water restrictions in state history

Standing on a patch of brown grass in the Sierra Nevada mountains, which is usually covered with several feet of snow at this time of the year, California governor Jerry Brown announced the first mandatory water restrictions in state history.
Homeland Security News Wire

Extended Oregon drought raises concern over states water security

Facing the fourth straight year of drought, Oregon officials are worried that the state’s water security may be in jeopardy, as is already the case in California, which has just announced its first-ever mandatory water restrictions.
Homeland Security News Wire

Water scarcity a contributing cause of wars, terrorism in the Middle East, North Africa

The UN defines a region as water stressed if the amount of renewable fresh water available per person per year is below 1,700 cubic meters.
Homeland Security News Wire

Police department pays ransom after hackers encrypt department's data

Last December, cyberterrorists hacked into servers belonging to the Tewksbury Police Department, encrypted the data stored, and later asked for a $500 bitcoin ransom to be paid before department officials could regain control of their files.
Homeland Security News Wire

China increasing significantly funding for cyber warfare capabilities

U.S. intelligence officials have warned that China is increasing significantly its investment in cyber warfare programs in an attempt to compete with the U.S. military.
Homeland Security News Wire

Accounting Fraud, Meet the SEC's 'Robocop"

Companies are also leveraging data analytics to find their own accounting problems before the government does.
Corporate Counsel

Disconnect Between Audit Committee and Audit Executives, Survey Shows

Chief audit executives and audit committee members see internal audit priorities differently, according to an annual Grant Thornton survey.
CGMA Magazine

8 Steps to Stronger Information Risk Management

How CFOs can balance the risk/reward equation to spark CEOs' interest in information risk management decisions?

OECD releases draft mandatory disclosure

Countries should require mandatory disclosure of certain tax planning strategies from both companies and tax advisers, the Organisation for Economic Co-operation and Development (OECD) recommended in a draft proposal issued on Thursday.
CGMA Magazine

3 steps to a more socially responsible supply chain

Prioritising sustainability issues in the supply chain yields a number of quantifiable benefits to organisations, including increased competitiveness.
CGMA Magazine

HID Global Unveils ActivID Tap Authentication Solution

HID Global introduced the ActivID Tap Authentication platform for convenient and secure multi-factor authentication to cloud applications and web services.
Security Today

Blend of old and new techniques help attackers dodge detection, report says

The report, which zeroes in on eight behavioral and technique-based trends regarding cybercrime, found that cybercrime has become easier as threat actors can rent exploit kits, take advantage of malware-as-a-service (MaaS) and even use subcontractors to create and execute attacks aimed at stealing data.
SC Magazine

Russian hackers executed the US State Department, White House network breaches

The October 2014 breaches of some of the computer systems of the US State Department and the White House have been executed by Russian hackers, unnamed US officials familiar with the investigation told CNN reporters.
Help Net Security

Cyber crooks go after enterprise millions with Dyre malware, social engineering

An experienced and resource-backed cybercrime gang" is using the relatively new Dyre/Dyreza banking Trojan coupled with effective social engineering to steal millions from businesses, IBM Security Intelligence researchers John Kuhn and Lance Mueller warned.
Help Net Security

Are you prepared for dealing with a breach?

RSA, The Security Division of EMC, released the results of a new global breach readiness survey that covered thirty countries and compared those global results with a survey of the Security for Business Innovation Council (SBIC), a group of top security leaders from the Global 1000.
Help Net Security

About 40 percent of lone-wolf terrorists are driven by mental illness, not ideology: Researchers

Researchers have long studied the relationship between mental illness and terrorism, particularly lone-wolf terrorists.
Homeland Security News Wire

IT security spending grows, but confidence in cyber protection measures does not

A new report looking at how organizations view the future of cyberthreats and these organizations’ current defenses, found that while IT spending is increasing, confidence in the efficacy of cyber protection is declining.
Homeland Security News Wire

IBM will invest $3 billion in new IoT unit

IBM plans to invest $3 billion over the next four years to create an Internet of Things (IoT) business unit along with a cloud-based platform to help build (IoT) solutions.
SC Magazine

Infostealer Laziok targets energy companies

Energy sector companies based in the Middle East are the most recent targets of a reconnaissance campaign aimed at infecting systems to gather information about companies' inner-workings, according to Symantec researchers.
SC Magazine

Brink's cash management unit in India being eyed for acquisition

A host of potential buyers have lined up to buy global security and protection company Brink’s’ cash management business in India, as the Richmond, Virginia (US)-headquartered firm looks to hive off the unit as part of global strategic review.
Security Today

3 Big-Picture Themes CISOs Should Track At Interop

Preparations are well underway for staging one of the biggest Interop conferences yet.

Yahoo releases e2e encryption source code and launches 'on-demand' passwords

Yahoo took advantage of South by Southwest's (SXSW) opening weekend this week to make major announcements surrounding its security protocol. Primarily, the company announced its new “on-demand” passwords, and followed up with news that its end-to-end encryption source code for Yahoo Mail was available on GitHub.
SC Magazine

U.S. senator introduces bill aimed at federal breach notification standard

U.S. Sen. Mark Kirk will be introducing a bill aimed at putting a place a federal breach notification standard that all organizations companies across the nation would have to abide by. The legislation would require companies to notify its customers if more than 1,000 credit card numbers are compromised in the breach, a number which he finds reasonable, according to the Alton Daily News.
SC Magazine

Genetec and Prism Skylabs Help Retailers Gain In-store Insights

Genetec, a manufacturer of unified IP security solutions, announced that its flagship security platform, Security Center, now supports the Prism analytics package from Prism Skylabs, to provide cloud-based, business intelligence tools for retailers.
Security Today

A billion data records leaked in 2014

2014 was the year when "designer vulnerabilities" emerged, when breaches and security incidents were being announced so fast that we struggled to keep up, when old financial malware began being used to hit new targets.
Help Net Security

Search for vulnerable servers unearths weak, thousands-times repeated RSA keys

A group of researchers from the Information Security Group from Royal Holloway, University of London, wanted to see how many TLS servers still supported the weak, export-grade (512-bit) RSA public keys a week after the public disclosure of the FREAK flaw. On March 3, the number of vulnerable HTTPS servers reached around 26 percent of the total. A week later less than 10 percent of them did.
Help Net Security

What pokes holes in virtual environments?

While most companies believe virtualization technology is a strategic priority, there are clear risks that need to be addressed. Ixia surveyed more than 430 targeted respondents in South and North America (50 percent), APAC (26 percent) and EMEA (24 percent).
Help Net Security

Class Action Lawsuit Filed Against Uber for Data Breach

Ride-hailing service Uber has been hit with a proposed class-action lawsuit over a recently disclosed data breach involving the personal information of about 50,000 drivers, Reuters reports.
Security Magazine

The CSO’s New Role: Guarding Company Reputation

The highly-publicized data breaches of 2014 changed the role of corporate security professionals as we know it. Now, more than ever, security IT issues have high-priority business impact and, as a result, companies face tougher expectations around protecting individuals affected by a data breach.
Security Magazine

Investigation Finds Hundreds of Airport Security Badges Missing

An investigation found hundreds and potentially thousands of airport security badges are unaccounted for across the country.
Security Today

Mall of America Heightens Security after Al-Shabab Threat

The Mall of America has heightened its security efforts after a video claiming to be posted online by a Somali group affiliated with al Queda called for attacks against the mall, according to a report.
Security Today

U.S. Government Contracts with Quebec Biotech Company to Make Anti-Ebola Drug

A Quebec City biotech company has been awarded a contract to make a ZMapp-like product to fight Ebola.
Continuity Insights

Critical vulnerabilities affecting SAP business critical apps

Onapsis released five security advisories detailing vulnerabilities in SAP BusinessObjects and SAP HANA enterprise software.
Help Net Security

Clapper: Cyberthreats to Worsen

National Intelligence Director Blames Iran for Casino Hack

The director of national intelligence, James Clapper, paints a grim picture of the cyberthreats the nation faces, saying as bad as 2014 was, 2015 and the coming years will be worse.
Data Breach Today

NEWS ALERT: Hacktivists claim to have accessed files from private U.S.-based defense group

In an email sent to an SC Magazine editorial executive, a group identifying itself as CyberBerkut – reported pro-Russian hacktivists – said it had gained access to files on the mobile device of a Green Group official who “recently visited Kiev as a member of American military delegation.”
SC Magazine

Researchers investigate link between Axiom spy group, Anthem breach

When news of the Anthem breach first surfaced, investigators claimed that malicious tools, linked exclusively to Chinese cyber attackers, were used against the health insurer. Now, an Arlington, Va.-based security firm has released its own research that expands on these findings.
SC Magazine

Benefits, costs of hydraulic fracturing

Hydraulic fracturing and horizontal drilling have had a transformative, positive effect on the U.S. economy, producing societal gains that likely outweigh negative impacts to the environment and human health from an economic perspective, according to a new paper.
Homeland Security News Wire

Poor decision-making may lead to cybersecurity breaches

Recent high-profile security breaches, such as those at Target, Anthem Inc., and Sony Pictures, have attracted scrutiny to how the seemingly minor decisions of individuals can have major cybersecurity consequences.
Homeland Security News Wire

U.S. Sees Major Q4 Spikes in Cargo Thefts

The 2014 SC –ISAC Q4 report details a major surge in the volume of cargo thefts in the U.S. According to the report, “We had been seeing a somewhat downward trend in the incidents, but this trend has stopped and reversed.”
Security Today

Hackers Stole from 100 Banks

Kaspersky Labs reported that it has uncovered how hackers surreptitiously installed spying software on bank computers, eventually learned how to mimic bank employee workflows and used the knowledge to make transfers into bank accounts they had created for this theft, said CNN Money.
Security Magazine

Lawmakers seek to create single food safety agency to improve oversight

Lawmakers are seeking to pass a bill which would a single food safety agency to replace the current multi-agency system, which critics say is "hopelessly fragmented and outdated.
Homeland Security News Wire

Growing demand for cyber insurance, especially by small and mid-size businesses

Technology startup firms are leading the way in ensuring not only the security of their customers, but their own security as well. American businesses are expected to pay $2 billion for cyber insurance premiums in 2014, a 67 percent increase from just one year earlier.
Homeland Security News Wire

Breach index: Mega breaches, rise in identity theft mark 2014

A global study found that more than one billion records were compromised in data breaches last year.
SC Magazine

Ransomware delivered via fake Chrome and Facebook emails, tied to PayPal phishing

Researchers with Trend Micro are seeing upgraded CTB-Locker ransomware being delivered in fake Google Chrome and Facebook emails as part of an attack that is also tied to a PayPal phishing campaign.
SC Magazine

16 million mobile devices infected by malware

Security threats to mobile and residential devices and attacks on communications networks rose in 2014, threatening personal and corporate privacy and information.
Help Net Security

Corporate users hit with fake Microsoft email delivering sneaky malware

A well-crafted and extremely legit-looking spam email campaign is currently targeting corporate users around the world, ultimately leading the victims to difficult-to-detect malware that downloads additional malicious programs on the target's computer.
Help Net Security

CIO of Year' on Defending Against Hackers

Bolstering defenses against phishing, malware and remote attacks, as well as broader implementation of encryption and a rollout of multifactor authentication, are among this year's information security priorities at the University of Michigan Hospitals and Health Centers, says CIO Sue Schade.
Data Breach Today

Obama to Issue Cybersecurity Executive Order

President Obama has gone to Silicon Valley to pitch his cybersecurity agenda and issue an executive order to encourage more private sector information sharing.
Data Breach Today

Zero days' last up to six months for some malware

The majority of new malware is added to antivirus signature databases within 24 hours of first appearance, and 93 percent is detected within a month, but it can take as long as six months for antivirus to catch the remaining 7 percent, according to a new study by Atlanta-based security vendor Damballa, Inc.
CSO Online

CISOs cut out of cyber-insurance decision making, study suggests

Most large enterprises in the UK still aren't managing risk through dedicated cyber-insurance policies and the few that do buy based on recommendations by legal rather than IT departments, an analysis by non-profit the Corporate Executive Programme (CEP) has found.
CSO Online

Massive breach at health care company Anthem Inc.

Anthem, the nation's second-largest health insurance company, is the latest target of a security breach. Eighty million customers, including the company's own CEO, are at risk of having their personal information stolen.
US Today

TurboTax Temporarily Suspended E-Filings on Fraud Concerns

The largest online tax-software company in the U.S. temporarily halted electronic filing of all state returns after more than a dozen states spotted criminal attempts to obtain refunds through its systems.
Wall Street Journal

Why Fraud Is Shifting to Mobile Devices

As a result of the explosive growth in worldwide use of smart phones, mobile malware will play a much bigger role in fraud this year, predicts Daniel Cohen, who heads up the anti-fraud services group at security firm RSA, which just released its 2014 Cybercrime Roundup report.
Data Breach Today

Sony Exec Steps Down After Breach

In the aftermath of the Sony Pictures Entertainment cyber-attack in late November 2014, Amy Pascal is stepping down as co-chairman of the film studio.
Data Breach Today

Tax fraud concerns prompts TurboTax developer to pause state e-filings

Intuit – developer of TurboTax, QuickBooks and Quicken – announced on Friday that it is working with state governments to address a growing tax fraud problem.
SC Magazine

Attackers exploit zero-day flaw in popular WordPress plug-in

WordPress sites with the plug-in Fancybox-for-WordPress should apply a critical security update released Thursday that fixes a vulnerability already exploited by attackers.
CSO Online

Some hackers are unknowingly gathering intel for the NSA

The U.S. National Security Agency and its intelligence partners are reportedly sifting through data stolen by state-sponsored and freelance hackers on a regular basis in search of valuable information.
CSO Online

Who's Hijacking Internet Routes?

Information security experts warn that Internet routes are being hijacked to serve malware and spam, and there's little you can do about it, simply because many aspects of the Internet were never designed to be secure.
Data Breach Today

Report Claims Russians Hacked Sony

Russian hackers, using spear-phishing attacks, successfully breached the network of Sony Pictures Entertainment in November 2014, and continue to have on-demand access to Sony's network, according to a new report from cybersecurity firm Taia Global.
Data Breach Today

How Much Is Cyber Crime Costing U.S. Businesses?

Frankly, it’s costing U.S. businesses more than other nations’ enterprises worldwide, according to data collected in the 2014 Cost of Cyber Crime Study: United States from the Ponemon Institute and HP Enterprise Security.
Security Magazine

Adobe rolling out new Flash Player version, includes fix for latest zero-day bug

Adobe began rolling out Flash Player on Wednesday for users who have auto-update enabled.
SC Magazine

NAFCU asks Congress to create bipartisan data breach working group

As the number of data breaches continues to grow and increase in severity and as the White House throws its weight behind data beach notification legislation, a credit union organization has beseeched Congress to create a bipartisan data breach working group.
SC Magazine

Payment cards targeted in attack on pet supplies website

Tennessee-based ValuePetSupplies.com is notifying several thousand customers that unauthorized persons accessed its servers and installed malicious files to capture personal information – including payment card data – entered into its website.
SC Magazine

Future Cyber Security Army Needs More Than Just Programmers

Securing financial information, personal data and proprietary plans along government, corporate and personal networks will require filling the growing demand for skilled cyber security professionals with a diverse pipeline of talent, including consulting,
Security Today

Court Rules in Favor of Breached Retailer

A breached retailer has won a court ruling against its payments processor and merchant bank, setting a $500,000 cap on how much it must pay for a point-of-sale breach it suffered in late 2012. Now the processor and bank must pick up the rest of the breach-related tab.
Data Breach Today

Cybersecurity readiness: Widening gulf between perception and reality

Attackers have become more proficient at taking advantage of gaps in security to evade detection and conceal malicious activity, according to Cisco.
Help Net Security

Will 2015 bring a stronger focus on IT security?

2014 has seen more high-profile targeted attacks with motivations of stealing information, making a statement and permanently destroying sensitive/valuable data.
SC Magazine

Nike Lawsuit Against Former Designers Will Test Company Security Initiative

Athletic sportswear maker Nike filed suit on Dec. 8 in Multnomah County, Ore., Circuit Court against three of its former designers on grounds that they misappropriated Nike's trade secrets to launch a competing business venture with Adidas.
National Law Review

NSA's Rogers Calls for More Forceful Response to Cyberattacks

The government should more forcefully respond to foreign countries that engage in cyberattacks, because some hackers have come to believe there is minimal risk in stealing U.S. government or corporate data, according to NSA director Navy Adm. Mike Rogers.
Wall Street Journal

Survey: Security Is by Far the Top Spending Priority for CIOs in 2015

Security will be CIOs' top spending priority in 2015, with heightened cyberattack concerns possibly slowing cloud adoption, according to a Piper Jaffray survey.
CSO Online

Sony Hack Prompts U.S. Review of Public Role in Company Security

In the aftermath of the cyberattack on Sony Pictures Entertainment, U.S. officials are questioning when the government should step in to help private companies fight hackers, according to National Security Agency Director Michael Rogers.

The Security Pitfalls of Airport Worker Access

After more than 150 guns were discovered in a smuggling ring on Delta Air Lines in December of last year, security officials are turning towards those who work at airports and the access they have.
Security Today

President Obama wants Congress to pass federal data breach notification legislation

President Barack Obama on Monday proposed strengthening laws against identity theft by requiring notification when consumer information is hacked, providing more free access to credit scores and protecting students' private data.
Security InfoWatch

Study: Majority of enterprises breached in first half of 2014, regardless of vertical

From January to June of 2014, 100 percent of retail organizations had their systems breached, as did 100 percent of agriculture, auto/transportation, education, and healthcare/pharmaceutical organizations, according to a new study.
SC Magazine

Study Shows Employee Theft Involves Money and is Rarely Reported

A study of 314 small business owners in Cincinnati found that 40 percent of thefts in small businesses are of money. The study also found that 64 percent of small businesses have experienced employee theft, only 16 percent of those reported the incident to police.
Security Magazine

Sony Hackers Threaten Attack on US News Media

The Sony hackers have set their sights on attacking a news organization, according to a report.
Security Magazine

Microsoft Protests Bug Disclosure By Google

After Google discloses Win 8.1 vulnerability two days prior to planned patch, Microsoft argues in favor of vulnerability publication schedules.

Revenues for private contract security services to rise, study finds

According to a study recently published by The Freedonia Group, global revenues for private contract security services are expected to increase by nearly 7 percent per year to $267 billion in 2018.
Security InfoWatch

Russian hackers stole millions from banks, ATMs

Tens of millions of dollars, credit cards and intellectual property stolen by a new group of cyber criminals.
Help Net Security

Digital crime landscape in 2015

Based on its work this year in the fields of cyber security and financial crime, BAE Systems Applied Intelligence and Scott McVicar, its Managing Director of Cyber Security, offer these top five predictions for the digital crime landscape in 2015
Help Net Security

Quality Control and Measurement of Business Continuity Management Systems: Final Survey Results

In 2013 Continuity Central conducted a survey to explore quality control methods that are being used within business continuity management systems. This survey has now been repeated to see how the trends in this area have changed.
Continuity Central

DHS IT Security Suffers From Noncompliance, Inspector General Audit Finds

The Department of Homeland Security’s (DHS) Office of Inspector General (OIG) disclosed in a new 62-page audit report that DHS “has made progress to improve its information security program, but noncompliance by several DHS component agencies is undermining that effort.”

Mental Illness & Terrorism

About 40 percent of lone-wolf terrorists are driven by mental illness, not ideology: Researchers
Homeland Security News Wire

Survey: Losses from holiday return fraud to cost retailers $3.8B

According to the National Retail Federation's 2014 Return Fraud Survey, retailers estimate that losses from return fraud will cost them $3.6 billion this holiday season.
Security InfoWatch

Report: Another security clearance investigation contractor hacked

Federal officials say the private files of 48,439 workers may have been compromised by a computer breach at government contractor KeyPoint Government Solutions Inc.
Security InfoWatch

Shock, dismay and disappointment: P&C insurance industry's reaction to TRIA news

Despite strong encouragement from the insurance industry and business groups around the country, the U.S. Senate has adjourned for the year without passing the Terrorism Risk Insurance Program Reauthorization Act of 2014 (TRIPRA).
Property Casualty 360

How to Implement an Optimized Video Surveillance Plan for Protecting Business Assets

The use of global security technology continues to skyrocket and extend better service to businesses. The global market for video surveillance equipment grew more than 12 percent in 2014, reaching $15.9 billion in sales.
Security Today

7 Lessons from Target's Breach

One Year Later, What Retailers, Bankers Have Learned.
Data Breach Today

Bill OK'd to Enhance NIST Cybersecurity Role

With cybersecurity already a NIST priority, as evidenced by its publication of the cybersecurity framework, the Cybersecurity Enhancement Act would codify existing practices.
Data Breach Today

Cloud security: Do you know where your data is?

The rapid move towards virtualization and cloud infrastructure is delivering vast benefits for many organizations. In fact, Gartner has estimated that by 2016, 80% of server workloads will be virtualized.
Help Net Security

North Korea Denies Role in Sony Hack

North Korea released a statement Sunday that clearly relished a cyberattack on Sony Pictures, which is producing an upcoming film that depicts an assassination plot against Pyongyang's supreme leader.
Security Magazine

Board Members Unhappy With Information on IT, Cyber Security

A new survey of more than 1,000 directors at public companies by the National Association of Corporate Directors (NACD) showed that 52.1 percent say they are not satisfied with the quantity of the information provided by management on cyber security and IT risk.

Study: Role of Security Directors Changing

A recent study by ASIS International and the Institute of Finance & Management, "The United States Security Industry," includes a profile of security directors and the challenges they face.
Security InfoWatch

Hacked vs. Hackers: Game On

Over the last 12 years, there has been a more than 10,000-fold increase in the number of new digital threats, and cryptographer Paul Kocher and other security experts attribute the problem to a lack of liability and urgency.
New York Times

Most U.S. Companies Under Cyberattack

More than four in five U.S. companies have experienced a cyberattack in the last year, according to the results of a new Malwarebytes survey of IT decision makers.

Contractor Rejected for Employment Allegedly Infected Power Firm's Network

The Cleveland man was indicted for sending malware designed to destroy data on computers at Eaton, after the company did not hire him for a position.

Hackers attacked the U.S. energy grid 79 times this year

Hackers attacked the U.S. energy grid 79 times this year, gaining the opportunity to potentially flip off switches.

Foreign Powers Steal Data on Critical U.S. Infrastructure, NSA Chief Says

National Security Agency Director Adm. Michael S. Rogers said Nov. 20 that several foreign countries have infiltrated the computers of critical industries in the U.S. to steal information that could be used in the planning of a destructive attack.
Washington Post

U.S. Orders Electric Utilities to Secure Sites From Attack

The Federal Energy Regulatory Commission on Thursday adopted a rule that requires U.S. power companies to identify and take steps to secure key transmission substations and other hubs that could cause major problems if they were out of service.
Wall Street Journal

Hacker Group Targets Email Accounts of CFOs, Others

A group of financially sophisticated cyber-criminals has been hacking into the email accounts of CFOs of publicly traded companies and others with access to market-moving information, according to the cyber-security firm FireEye.

Tattletales Embraced as Whistle-Blower Programs Gain Support

Whistle-blowing as a means to police corporate misconduct is gaining support.
New York Times

The Future of Financial Reporting Part 2

One initiative that has been moving forward in the U.S. is the development by the SEC of a data mining system called the Accounting Quality Model” (AQM), otherwise known in the industry as “Robocop."

In Defense of the Enterprise Against Criminal Hackers

One of the most prevalent ways that that attackers breach systems is by using a method called SQL injection.

Airport Raids Target Fraudsters

"Big Data" Operation Snares 118 Suspected Ticket Fraudsters
Bank info Security

Secret Manuals Show the Spyware Sold to Despots and Cops Worldwide

The manuals describe Hacking Team’s software for government technicians and analysts, showing how it can activate cameras, exfiltrate emails, record Skype calls, log typing, and collect passwords on targeted devices.
The Intercept

Hackers well-versed in Wall Street vernacular hack publicly traded companies

Security firm FireEye’s recent reporton a group of hackers who have been infiltrating e-mail correspondence from more than 100 organizations, differs from the company’s previous reportson cyber criminals operating from China or Russia.
Homeland Security Newswire

Study finds spike in cost of retail crime in the U.S.

According to the results of the annual Global Retail Theft Barometer released on Thursday, losses from shrink, which includes shoplifting, employee or supplier fraud and administrative errors, costs retailers around the world more than $128 billion last year, $42 billion of which was from the U.S. alone.
Security InfoWatch

Study finds spike in cost of retail crime in the U.S.

According to the results of the annual Global Retail Theft Barometer released on Thursday, losses from shrink, which includes shoplifting, employee or supplier fraud and administrative errors, costs retailers around the world more than $128 billion last year, $42 billion of which was from the U.S. alone.
Security Info Watch

The Mercenarieis: Ex-NSA Hackers and Their Corporate Clients

Ex-NSA hackers and their corporate clients are stretching legal boundaries and shaping the future of cyberwar.


The manuals describe Hacking Team’s software for government technicians and analysts, showing how it can activate cameras, exfiltrate emails, record Skype calls, log typing, and collect passwords on targeted devices.
The Intercept

Hacker Group Targets Email Accounts of CFOs, Others

A group of financially sophisticated cyber-criminals has been hacking into the email accounts of CFOs of publicly traded companies and others with access to market-moving information, according to the cyber-security firm FireEye.

Tattletales Embraced as Whistle-Blower Programs Gain Support

Whistle-blowing as a means to police corporate misconduct is gaining support.
New York Times

Sleep Deprivation Is Killing You and Your Career

Pushing late into the night is a health and productivity killer.

The Future of Financial Reporting Part 2

One initiative that has been moving forward in the U.S. is the development by the SEC of a data mining system called the Accounting Quality Model” (AQM), otherwise known in the industry as “Robocop.”
fei Daily

In Defense Of The Enterprise Against Criminal Hackers

I’m sitting here on a Sunday evening reading about more data breaches. This has transformed from something of note to a common occurrence. Days that end in “y” is that thought that sticks with me. So, what is the underlying problem here? Are the attackers really that good? Or are we collectively failing to defend our perimeters?

Airport Raids Target Fraudsters

A massive international operation has resulted in the arrest of 118 people - many at airports - on suspicion of using fake tickets, or using stolen card data to purchase airline tickets.
Bank Info Security

U.S. national security prosecutors shift focus from spies to cyber

The U.S. Justice Department is restructuring its national security prosecution team to deal with cyber attacks and the threat of sensitive technology ending up in the wrong hands, as American business and government agencies face more intrusions.

Visionworks notifies 75K Maryland customers of missing database server

Visionworks notifies 75K Maryland customers of missing database server Texas-based eye care services provider Visionworks is notifying as many as 75,000 customers who received services at its Jennifer Square location in Annapolis, MD that an investigation is underway to locate a missing database server potentially containing their personal information.
SC Magazine

Survey Says 90 Percent of Americans Feel They Have Lost Control of Their Personal Information on the Web

More than 90 percent of Americans feel they’ve lost control over how their personal information is collected and used by companies, according to the results of a survey by the Pew Research Center.
Security Today

Guardly Enterprise E911 Solution Improves Active Shooter Response

Guardly announced that its Enterprise E911 solution for smartphones can now be used to enable faster, more effective response during active shooter incidents.
Security Today

NOAA Reveals Four Websites Compromised

The National Oceanic and Atmospheric Administration has revealed that four of its websites were compromised by a cyber-attack.
Data Breach Today

Russian Malware 'Blackenergy' Infiltrates Us Critical Infrastructure

Industrial control systems used to operate US critical infrastructure have been compromised by a destructive Russian hacking campaign that has been going on since 2011, according to the Department of Homeland Security (DHS).

AT&T Ditches Tracking Header Program; Verizon Still Refuses

Julia Angwin reported late Thursday that AT&T is dropping their tracking supercookie program. This comes in the wake of massive customer pressure over the discovery that AT&T and Verizon were quietly inserting unique tracking identifiers in their customers' web browsing and app data, by means of an HTTP header.

Nurses Strike Over Patient Care Standards, Ebola

As many as 18,000 nurses went on strike Tuesday and picketed in front of Kaiser Permanente facilities in Northern California to express their concerns about patient-care standards and Ebola.
Continuity Insights

NIST Releases Guide for Threat Intelligence Sharing Efforts

The paper, titled 'Guide to Threat Information Sharing', is aimed at providing guidance for improving the effectiveness of cyber-security efforts through strong information sharing practices.

Survey of Risks and Competencies Released

The Security Industry Survey of Risks and Professional Competencies has been released by the ASIS Foundation and the University of Phoenix. The survey exposes the talent and training needs of the security industry.
Security Management

Cybersecurity: Why It's Not Just About Technology

"Governing" reports that organizations -- both private and public -- need to build a culture of risk management from the ground up to safeguard their systems from cyberattacks.

Supreme Court Weighs Whistleblower Protections

The U.S. Supreme Court on Tuesday heard oral arguments in a case involving an air marshal, Robert MacLean, who was fired for revealing reduced protection on Las Vegas flights despite a potential terrorist threat
The Wall Street Journal

Even with Crisco, Cargo Theft is no Joke

Cargo theft costs about $30 billion annually, and Florida accounted for nearly 25 percent of U.S. cargo thefts reported between March and May, according to the state's Department of Transportation.
Tampa Bay Times

Banks Ready New Defense Against Hackers

A group backed by the nation's biggest banks plans to launch the Soltra Edge platform on Dec. 2 to enable financial firms to more quickly communicate about potential cyber breaches.
Wall Street Journal

How Companies Blow it With Security Breaches

McKinsey & Co. Global Managing Director Dominic Barton said he sees three common mistakes companies make when they have a security breach. The first is an inability to make efficient decisions.
The Wall Street Journal

Nearly Half of Holiday Shoppers Won't Shop at Breached Retailers

A new CreditCards.com survey that asked credit and debit card holders if they would shop this holiday season at retailers where personal information has been exposed found that 45 percent of respondents answered "definitely not" or "probably not."

Lone Wolves' Responsible for Disproportionate Number of U.S. Terrorist Acts, Research Finds

New research suggests that lone wolf terrorists are responsible for a disproportionate number of terrorist attacks in the U.S. While lone wolves only represent about 8 percent of all terrorists in the United States, they were involved in about 25 percent of incidents since 1980, according to an Oct. 29 research brief from the National Consortium for the Study of Terrorism and Responses to Terrorism (START).
Fierce Homeland Security

Internet Experts: 'Widespread Harm' Likely From Cyberattack in Next Decade

The Pew Research Center and Elon University's Imagining the Internet Center recently conducted a survey of more than 1,600 computer and Internet experts on the future of cyberattacks and found most respondents believe there is a significant threat.
Philadelphia Inquirer

Government Hands Down New Cyber Framework

The Obama administration has issued a cyber threat information-sharing framework designed to help government and industry officials better identify and stop cyberattacks.
The Hill

Security Firms Tie Russian Government to Utilities Hacks

Cyberattacks involving malware infections of three popular human-machine interface (HMI) systems used by utilities in North America are believed to have been the work of Russian hackers, cybersecurity firms said Oct. 30.

House CISO Talks Threat Landscape, Challenges With Information Sharing

U.S. House CISO Darren Van Booven says he experiences many of the same challenges his private-sector counterparts do in their efforts to protect their IT assets from cyberattacks, including how much information to divulge about attacks and vulnerabilities
CIO Journal

Lack of federal authority makes fashioning coherent national Ebola policy difficult

Earlier this week, the Centers for Disease Control and Prevention(CDC) issued new guidelines on how states should deal with travelers from Ebola-stricken regions, but a lack of federal authority to mandate such guidelines has led to conflicting strategies, varying from state to state, which includes mandatory at-home quarantine for some travelers.
Homeland Security News Wire

New report details Russia’s cyber-espionage activities

Researchers at FireEye, a Silicon Valley-based computer security firm, are connecting the Russian government to cyber espionage efforts around the world.
Homeland Security News Wire

Georgia Tech releases 2015 Emerging Cyber Threats Report

In its latest Emerging Cyber Threats Report, Georgia Tech warns about loss of privacy; abuse of trust between users and machines; attacks against the mobile ecosystem; rogue insiders; and the increasing involvement of cyberspace in nation-state conflicts.
Homeland Security News Wire

Evaluating readiness: A must-do security assessment

Assessing the readiness of an organization to handle various types of situations extends well beyond typical emergency preparedness planning.
Security InfoWatch

Banks Demand That Law Firms Harden Cyberattack Defenses

In response to recent cyberattacks, big banks are demanding law firms that they work with take additional steps to protect sensitive bank information.
Wall Street Journal

Study: Cyberattacks Up 48 Percent in 2014

The number of dedicated cyberattacks rose 48 percent in 2014, totaling 42.8 million, according to a new PricewaterhouseCoopers study.
The Hill

Regular Online Attacks Hit 40% of US Citizens, Microsoft Study Shows

Forty percent of U.S. adults have experienced weekly or daily attempts to access their personal data while using a PC online, according to a Microsoft survey.

Symantec Sees Rise in High-Traffic DDoS Attacks

A recent Symantec study found a 183 percent increase in Domain Name System (DNS) amplification attacks from January through August.

Wearable Devices Pose Security Risk as Use Is Stretched"

A former National Security Agency official this week warned about the unanticipated security and privacy risks that employers are likely to face as wearable medical devices find their way into the workplace.
Wall Street Journal

U.S. National Security Prosecutors Shift Focus From Spies to Cyber

The Justice Department's national security prosecution team is shifting its focus to cyber threats and preventing sensitive technology from ending up in the wrong hands.

Cybersecurity Help Coming for Franchises

The Hill reports that several industry groups are teaming up to help franchise businesses learn more about cybersecurity.
The Hill

China Steals Confidential Data on the Vulnerabilities of Major U.S. Dams

National Weather Service hydrologist Xiafen Chen was arrested Oct. 20 for allegedly breaching an Army database that contained sensitive files on U.S. dams
Homeland Security News Wire

Hacking Trail Leads to Russia, Experts Say

The cybersecurity firm FireEye on Tuesday will release the results of an investigation into what it says are cyberattacks sponsored by the Russian government.
Wall Street Journal

In West, ISIS Finds Women Eager to Enlist

A growing number of young Muslim women from the West are attempting to join radical Islamist groups, such as the Nusra Front and the Islamic State (IS).
The New York Times

US 'Foreign Fighters' Could Have Passports Revoked, but May Still Have Right to Re-Enter

The secretary of state may revoke the passports of U.S. citizens who fight in terrorist groups overseas, but this may not keep them from re-entering the country, two Congressional Research Service (CRS) reports suggest.

Hackers Are Using Gmail Drafts to Update Their Malware and Steal Data

In his career-ending extramarital affair that came to light in 2012, General David Petraeus used a stealthy technique to communicate with his lover Paula Broadwell: the pair left messages for each other in the drafts folder of a shared Gmail account. Now hackers have learned the same trick. Only instead of a mistress, they’re sharing their love letters with data-stealing malware buried deep on a victim’s computer.

Deloitte releases paper on vetting leaks, avoiding costly hoax

Deloitte, a major player in financial consulting and enterprise risk services, has released research that can help companies determine if they've been the victim of a data leak – or the casualty of an online hoax
SC Magazine

NSA Chief Warns Companies Against Revenge Hacking

Businesses, under siege from hackers looking to steal sensitive information, increasingly want to take matters into their own hands. But the head of the National Security Agency is warning them not to become hackers themselves.

Today Apple CEO Discusses Privacy Talks with Chinese Government

Apple CEO Tim Cook has acknowledged talks with Ma Kai, China’s vice premier, regarding the discussion of the protection of users’ information.
Security Today

Layering EMV chip, tokenization, encryption bolsters card payment security

While Error! Hyperlink reference not valid. chip technology continues its roll out in this country, a whitepaper from the Smart Card Alliance Payments Council contends that payment industry stakeholders can better protect against card fraud by layering EMV chip and two other security technologies, encryption and tokenization.
SC Magazine

Unencrypted discs missing, Arizona State Retirement System notifies 44,000

The Arizona State Retirement System (ASRS) is notifying nearly 44,000 individuals enrolled in ASRS dental plans that two unencrypted discs containing their personal information – including Social Security numbers – were sent to a benefits company in Missouri, but were not received.
SC Magazine

Retailers Facing Intensified Cyberthreat This Holiday Season

After the Year of the Retail Breach, retail's annual holiday shopping season "freeze" on new technology and some security patching is just around the corner.
Dark Reading

Espionage Hacks Tied to Russians

Information security experts say espionage-focused attackers, apparently operating from Russia, have been using phishing e-mails and malware in multi-stage attacks designed to evade detection and steal political and military secrets.
Data Breach Today

'Social Resilience' Has Major Impact on Community Preparedness

An Associated Press-NORC Center for Public Affairs Research survey suggests that those factors — collectively termed "social resilience"— have a big impact on how prepared communities feel for disasters such as Superstorm Sandy, and are seen as more valuable in a crisis than even government.
Continuity Insights

Attackers Breach PoS Systems of Delaware Ferry Service

The Delaware River and Bay Authority (DRBA) published a data security event notice on Friday to warn people who have made purchases at Cape May-Lewes Ferry terminals and vessels that their payment card data might have been compromised.
Security Week

Can We Talk: Creating a Common Language for Cybersecurity

Experts are hopeful that a new framework released by the National Institute of Standards and Technology will give agencies a method to evaluate the security of their computing environments against their peers.
Government Technology

IBM Says Most Security Breaches are Due to Human Error

IBM has released a report that discusses the characteristics that are usually seen in cyberattacks, as well as which industries are being commonly targeted by cybercriminals.
Tech Republic

Enterprises Will Move from Perimeter Defense to Risk-Based Security, Says Gartner

Enterprises as a whole are likely to move away from the concept of the 100-percent secured environment and perimeter defense to a risk-based model of security, according to a new Gartner report.

Banks Harvest Callers' Voiceprints to Fight Fraud

Financial firms and call centers are increasingly turning to voice biometric technology to help screen calls for potential fraud.
Associated Press

The Morning Risk Report: Business Leaders' Cybersecurity Divide

Relentless attacks from hackers have C-suites and boards of directors divided on what measures to take and how much to spend on beefing up cybersecurity.
Wall Street Joutnal

Hydraulic fracturing caused earthquakes in Ohio

Hydraulic fracturing triggered a series of small earthquakes in 2013 on a previously unmapped fault in Harrison County, Ohio, according to a new study
Homeland Security News Wire

FBI Warns Industry of Chinese Cyber Campaign

The FBI on Wednesday issued a private warning to industry that a group of highly skilled Chinese government hackers was in the midst of a long-running campaign to steal valuable data from U.S. companies and government agencies
The Washington Post

Researcher Builds System to Protect Against Malicious Insiders

Virginia Polytechnic Institute and State University professor Daphne Yao is developing algorithms that can alert companies when an employee might be acting maliciously on their network.

The Role of Chief Security Officer Is More Vital Than Ever

Security leaders sound off: The CSO role may look different in every organization, but in an increasingly connected and open society, it's a critical one.
Government Technology

U.S. should emulate allies in pushing for public-private cybersecurity collaboration

Israeli Prime Minister Benjamin Netanyahu announced last month the formation of a national cyber defense authority to defend civilian networks under the leadership of the Israel National Cyber Bureau.
Homeland Security News Wire

Disaster preparation business booms

Concerns about future manmade and natural disasters are driving the U.S. market for survival kits.
Homeland Security News Wire

U.S. Cyber Command Plans to Recruit 6,000 Cyber Professionals, as U.S. Mulls Offensive Cyber Strategy

U.S. Cyber Command is planning to step up its efforts to protect the nation's networks from cyberattackers.
Homeland Security News Wire

Jihadi Online Chatter Discusses Using Ebola as Weapon Against the West

There has been a growing number of discussions on jihadist social media Web sites about the possibility of terrorists using poisons and virulent pathogens such as Ebola in attacks against the United States and other Western nations, reports the Middle East Media Research Institute (MEMRI).

Cyberattacks on State Databases Escalate

A continuing disconnect exists between state officials and their IT security officers, even as major breaches of state databases become more frequent, according to a new report from NASCIO and Deloitte & Touche.
Pew Charitable Trusts

Insider Threat to Critical Infrastructure 'Underestimated,' Says DHS

Even strong preventative programs may not be able to completely remove the threat of a malicious insider to critical infrastructure, according to a December 2013 report from the Department of Homeland Security (DHS).
Fierce Homeland Security

"Many ‘Loopholes’ in Cyber Insurance Policies, L’Oreal CISO Says

Companies are investing millions of dollars in insurance policies to protect themselves from cyber security breaches. Zouhair Guelzim, chief information security officer of L’Oreal Americas, a subsidiary of the L'Oreal Group, says the market is fraught with high premiums, incomplete coverage, and costly mistakes.
Wall Street Journal Online

Cyberattacks Trigger Talk of 'Hacking Back

The continuing attacks on U.S. corporate networks are firing talk among some executives and officials of going on the offensive, or "hacking back," against those that hack their systems.
Washington Post

007 Nemesis Le Chiffre Bolsters France in Cyber Attacks

France is enforcing a new cybersecurity law aimed at defending vital businesses, in response to growing concerns about U.S. and Chinese technology.

'Shellshock' Attacks Could Already Top 1 Billion: Report

The Shellshock vulnerability is dangerous because it can be exploited to remotely execute code on affected machines, which could lead to malware injections, data theft and server hijacking.
Security Week

Banks Face Rising Threat From Cyber Crime

Banks must now contend with a new type of cyber crime called vishing, which is similar to phishing but aims to trick people out of their money using someone's voice instead of an email.
Financial Times

"Report: Cost of Cybercrime Up 10% This Year

Average cybercrime costs for U.S. companies have risen almost 10 percent from last year, according to a new report.
Politico Pro

Cybersecurity Experts Pin Hopes on Cyber Insurance Market

The Obama administration hopes the growth of cyber insurance will encourage companies to improve cybersecurity practices.
Politico Pro

Boeing urges airlines to be vigilant of cyber security threats

LONDON: Airline bosses ignore cyber security concerns at their peril, and must ensure that thorough mitigation plans are in place to deal with potential hacking of their systems, as aircraft move ever closer to becoming fully e-enabled. This was the warning given to the industry by Boeing’s chief engineer cabin and network solutions, John Craig, during Aircraft Commerce magazine’s recent Aircraft e-Enablement conference in London.
Runway Girl Network

Yahoo Claims a Server Attack was not the Shellshock Bug

Yahoo has fixed a bug in their system which was initially discovered by hackers who were attempting to exploit the Shellshock bug on the company’s network. According to a report, Yahoo made a statement issuing the attack.
Security Today

Infected ATMs give away millions of dollars without credit cards

Kaspersky Lab performed a forensic investigation into cybercriminal attacks targeting multiple ATMs around the world. During the course of this investigation, researchers discovered the Tyupkin malware used to infect ATMs and allow attackers to remove money via direct manipulation, stealing millions of dollars.
Help Net Security

How Technology Helps Mitigate Risk at Sporting Events

Out of sheer necessity, sports security has been evolving rapidly since the Boston Marathon bombing, and most sports security professionals refer to that particular event as a turning point.
Security Magazine

Malware Attacks Drain Russian ATMs

Interpol Warns Attacks Could Spread Worldwide. Criminals have infected at least 50 ATMs in Eastern Europe, including Russia, with malware that enables them to drain ATMs of their cash via "jackpotting" attacks, netting attackers millions of dollars.
Data Breach Today

Dallas Ebola Patient Dies

DALLAS—The Liberian man who was diagnosed with Ebola in Dallas, the first case of the deadly disease in the U.S., died on Wednesday morning, the hospital treating him announced.
Wall Street Journal

Active Shooter/Mass Casualty Incidents

The FBI has released a study of 160 active shooter incidents that occurred between 2000 and 2013 throughout the U.S.

FBI Facial Recognition SystemCompleted

The FBI’s Next Generation Identification (NGI) system that we spoke about in April is fully operational and includes a controversial feature known as Interstate Photo System (IPS).
Security Today

Highlighting the Hotsheet: 2nd Quarter Cargo Theft Update

DHS identified transportation systems as one of 16 critical infrastructures to nation's supply chain and cargo theft as a constant threat to stability.
Security Today

Senate: China hacked military contractor networks

China's military hacked into computer networks of civilian transportation companies hired by the Pentagon at least nine times, breaking into computers aboard a commercial ship, targeting logistics companies and uploading malicious software onto an airline's computers, Senate investigators said Wednesday.
Security InfoWatch

Home Depot: 56 Million Cards Breached

Home Depot says an estimated 56 million payment cards were exposed in the data breach at its U.S. and Canadian stores.
Data Breach Today

Gartner: 75 percent of mobile apps will fail security tests through end of 2015

The bulk of mobile applications (75 percent) will fail basic security tests over the next 15 months or so – through the end of 2015 – leaving businesses vulnerable to attack and violations of their security policies, according to a report from Gartner.
SC Magazine

Workplace Violence: OSHA Findings of "Willful Violation"

On August 11, 2014, OSHA fined Brooklyn-based Brookdale University Hospital and Medical Center $78,000 because of dozens of incidents in which patients and visitors assaulted employees, one of which left a nurse with severe brain injuries.
Threat Assessment Group (TAG, Inc.)

What security experts think about Apple Pay

Some of the comments that Help Net Security received from the security community on Apple's Apple Pay, a new category of service that works with iPhone 6 and iPhone 6 Plus through a NFC antenna design, a dedicated chip called the Secure Element, and the security and convenience of Touch ID.
Help Net Security

Home Depot investigates possible payment card breach

Home Depot is the latest retailer to begin investigating a possible data breach.
SC Magazine

PG&E Faces $1.4 Billion for Deadly California Pipeline Blast

California regulators want PG&E Corp.’s utility to pay $1.4 billion in fines and penalties over a fatal natural gas pipeline explosion in San Bruno, California.
Wall Street Journal

Apple Not Hacked In Celebrity Nude Photo Breaches

Apple confirmed that stolen and leaked private photos of several celebrities were not due to a breach in its iCloud nor Find my iPhone services.
Dark Reading

New Security Breach at Metcalf Substation, Site of 2013 Sniper Attack

An electrical substation near San Jose, Calif., that was the target of a sniper attack that caused $15 million worth of damage and destroyed 17 transformers last April, experienced a new security breach on Wednesday that saw burglars cutting through the fence line to steal construction equipment.
NBC Bay Area

Breach of Homeland Security Background Checks Raises Red Flags

A breach at US Investigations Services (USIS) this month exposed the background-check records of 25,000 Department of Homeland Security staffers, including undercover investigators.
Dark Reading

Cybersecurity and the National Association Of Corporate Directors

Metropolitan Corporate Counsel recently sat down with National Association of Corporate Directors (NACD) Director of Research Robyn Bew to discuss how cybersecurity is a current area of focus for the association.
Metropolitan Corporate Counsel

DHS Cybersecurity Program Finds Few Takers

The U.S. Department of Homeland Security was directed by President Obama last year to launch a program to share classified and unclassified cybersecurity data to 16 critical infrastructure sectors.
Government Technology

Dangerous Economy Thrives in South Africa's Abandoned Gold Mines

South Africa has become the world capital of illegal gold mining, with tens of thousands of former miners wandering abandoned mine shafts, risking injury, death, or arrest to look for the precious metal.
Wall Street Journal

DHS Seeks to 'Mature' Program to Ensure Security, Safety of High-Risk Chemical Facilities

The Homeland Security Department is seeking input on developing better security standards for high-risk chemical plants.

21% of Manufacturers Hit by Intellectual Property Theft

One in five manufacturing firms in a recent survey reported a loss of intellectual property in a cyberattack in the past year due such things as malware, software vulnerabilities, and information leaked on mobile devices.

Feds admit cooperation remains obstacle with corporations, cyber threats

A key to reducing cyber crime is getting victims - often major corporations - to cooperate with authorities, two top federal law enforcement officials said on Wednesday during visits to Pittsburgh.
Trib Live News

How the Role of CSO is Changing

In this podcast recorded at Black Hat USA 2014, Rick Howard, CSO at Palo Alto Networks, talks about the role of the CSO and how it's fundamentally changing.
Help Net Security

What can we learn from the top 10 biggest data breaches?

While some may be suffering from “breach fatigue” and becoming jaded, it’s more important than ever to take cyber threats seriously.
Help Net Security

Hospital Security Breach Steals Data from 4.5 Million Patients

According to a report, hackers have stolen personal information belonging to patients who received treatment at several Central Florida hospitals.
Security Today

UPS announces breach impacting 51 U.S. locations

More than 50 of The UPS Store's U.S. locations were found to have malware on their computer systems, and in some cases, it's been present since mid-January.
SC Magazine

Illicit Medicines Made Up the Bulk of Seizures by Customs Enforcement Agencies Worldwide

The World Customs Organization's (WCO) Illicit Trade Report finds that illicit pharmaceutical products made up more than three quarters of the contraband that was intercepted by customs enforcement agencies around the world last year.

Dow Corning Battles Counterfeiters of its Silicone Sealants

Law enforcement in the Chinese city of Wuxi have broken up a counterfeiting ring that sold fake Dow Corning silicone sealant.
Security Magazine

Chief Information Security Officers Viewed as Scapegoats in C-Suite Survey

A survey found that most C-suite executives blame chief information security officers for cyber security lapses, but a significant portion of CIOs and others say CISOs should not be held accountable for cyber security purchasing decisions.
Bloomberg BNA

Protecting the Nation's Electric Grid From Terrorist Attacks is a Top Priority

A report by the Washington-based Congressional Research Service said the U.S. electric grid may be vulnerable to a terrorist attack, and the Federal Energy Regulatory Commission has proposed regulations to protect the grid, largely prompted by last year's armed attack that took out high-voltage transformers in California.
Business Insurance

Military Companies Brace for Rules on Monitoring Hackers

Defense Department contractors are preparing for new regulations mandating they report data breaches to the Pentagon and subsequently provide the government access to their networks.

86 Percent of Hackers Don't Worry About Repercussions

Thycotic has released the results of a survey that provided some rare insight into the beliefs and motivations of hackers.
Help Net Security

City CIOs Battle Surge of Politically Motivated Cyberattacks

Ferguson, Mo., is the latest U.S. city to become the target of hacktivists linked to the Anonymous hacker collective.
The Wall Street Journal

Behavior Patterns That Can Indicate an Insider Threat

Organizations that pay attention to the red flags that appear during the planning stages of insider threats such as trade secret theft, workplace shootings, and the sabotaging of information systems may be able to prevent these threats from being perpetrated.
Wall Street Journal

The Internet of Things Brings Far-Reaching Security Threats

U.S. Defense Advanced Research Project Agency (DARPA) program manager Randy Garrett warns the advent of the Internet of Things (IoT) will create a large number of new threat vectors that could be exploited by malicious hackers.

7 Emerging Technology Risks

Experienced risk professionals know that in the real world, claims and losses are inevitable. After all, it’s called Risk Management, not Risk Avoidance.
Risk and Insurance

Cyber security: ugly gorillas and the fiduciary board

The frequency of cyber breaches, the reputational and financial effects of breaches, and their prevalence have become manifest.
idaho Business Review

1.2 Billion Unique Credentials, 500 Million Email Addresses Stolen by Russian Cyber Gang

After a research of more than seven months, a security company from the United States discovered that a Russian cyber gang managed to collect 1.2 billion unique credentials from more than 420,000 websites and FTP locations.

Emerging POS Attacks Target Small Merchants

A new point-of-sale malware strain known as Backoff has been linked to numerous remote-access attacks, putting small merchants at greatest risk, according to an alert from federal authorities.
Bank Info Security

Sovereign Citizens Seen as Top Terrorist Threat by US Law Enforcement

A new survey of U.S. law enforcement entities by the National Consortium for the Study of Terrorism and Responses to Terrorism (START) finds that the sovereign citizens movement is seen as the leading threat to U.S. communities, ahead of both Islamist extremists and militia/patriot groups

Researchers Find About 25 Security Vulnerabilities Per Internet of Things Device

The market for Internet of Things devices is estimated to reach $1 trillion by 2020, when 26 billion units are expected to comprise the IoT. However, HP Security Research says 70 percent of today's 10 most popular types of IoT smart devices are vulnerable to being hacked or compromised, and each device has about 25 vulnerabilities.

US Homeland Security Contractor Acknowledges Computer Breach

A company that performs background checks for the U.S. Department of Homeland Security said on Wednesday it was the victim of a cyber attack, adding in a statement that "it has all the markings of a state-sponsored attack."

Security Holes Found In Some DLP Products

It's a case of a security tool harboring security vulnerabilities: A pair of researchers has discovered multiple flaws in commercial and open-source data loss prevention (DLP) products.

New PCI Guidance for Third-Party Risks

Council Offers Best Practices to Prevent Payments Breaches
Data Breach Today

Teen researcher publishes PayPal 2FA bypass exploit

Joshua Rogers, a teenage whitehat based in Australia, has found an extremely simple way to bypass PayPal's two-factor authentication feature.
Help Net Security

DefCon: Traffic control systems vulnerable to hacking

Traffic control systems used in the U.S. and other countries can be hacked to cause significant traffic problems, or can even be “bricked” to cause millions of dollars in damages to infrastructure.
SC Magazine

Gemalto acquires SafeNet for $890 million

A Dutch digital security company, announced plans to acquire U.S.-based SafeNet for $890 million.
SC Magazine

What's Trending Now

Based on our interactions with many security practitioners, the following is a snapshot of what we see trending from December 2013-May 2014.

Scientists urge making critical infrastructure more resilient to solar storms

Scientists predict the probability of a massive solar storm striking the Earth in the next decade to be 12 percent. The 23 July 2012 solar storm was pointed away from Earth and blasted safely into space, but had it been directed towards Earth, it would have produced the worst geomagnetic storm in more than four centuries, causing extensive electricity problems that could take years to resolve.
Homeland Security Newswire

Georgia Tech Launches Early Warning System for Cyberthreats

The Georgia Tech Research Institute (GTRI) developed the open source system called BlackForest, which will complement the institute's malware and spear-phishing intelligence systems.

Terror Threats at Chemical Plants Underestimated

A report from the Senate Homeland Security Committee's Republican staffers has concluded that the Chemical Facility Anti-Terrorism Standards (CFATS) program is a failure and that it is not helping to protect the U.S. from a chemical terrorist attack.
Wall Street Journal

Rising Cargo Thefts Prompt New Security Solutions

Homeland Security Today

Monsanto Faces Dual Threat After Intellectual Property Theft

The seed company Monsanto is one of a number of companies that face serious threats from hackers, according to Fontbonne University cybersecurity professor Al Carlson.
CBS St. Louis

Understanding Vulnerabilities Key to Improving U.S. Cybersecurity Posture

A new report from the Center for a New American Security diagnoses some of the cybersecurity challenges facing the U.S. government and offers possible ways of addressing those challenges.
Homeland Security Today

Survey Confirms AETs are Real and Dangerous Threats

IT security professionals around the world are facing challenges in their efforts to protect against advanced persistent threats (APTs) that use advanced evasion techniques (AETs) to hide their presence within a network, according to a new McAfee survey.
Tech Republic

Survey: Corporate Security Thwarted by Dialog Failure Between IT Dept. and Management

The responses to a recent Ponemon Institute survey of 4,881 IT and security professionals offer a glimpse into the state of cybersecurity efforts at companies around the world.
Network World

Report: Explosion of Electric Grid-Connected Devices will Complicate Security

The growing use of smart-grid technology and the integration of more devices into the nation's electric system could complicate efforts to secure the nation's electric grid, according to a report by the nonpartisan policy organization the Center for the Study of the Presidency and Congress.
Fierce Homeland Security

The Growing Threat of Network-Based Steganography

Researchers at the Hungary-based Laboratory of Cryptography and System Security have uncovered Duqu, an unusual form of steganography-based malware that embeds itself in Microsoft Windows machines, gathers information about industrial control systems, and then transmits it to its command-and-controlcenter.
Technology Review

Testing Your APT Response Plan

ISACA's Robert Stroud says one of the best ways enterprises can defend themselves against advanced persistent threats (APTs) is to develop and aggressively vet planned responses to APTs in the same way they create and vet business continuity plans.

Illinois Governor Signs 'Ban the Box' Hiring Legislation

Illinois Gov. Pat Quinn has signed a law requiring employers to evaluate a job applicant's skills before inquiring about criminal history.
Progress Illinois

Botnets Gain 18 Infected Systems Per Second

According to industry estimates, botnets have caused over $9 billion in losses to US victims and over $110 billion in losses globally.
Help Net Security

Survey: 53 percent change privileged logins quarterly

A survey of IT security professionals revealed that most individuals stick to a infrequent schedule for updating privileged credentials.
SC Magazine

Sony to Shell out $15M in PSN Breach Settlement

Sony has agreed to a $15 million preliminary settlement in hopes of quashing even heftier costs associated with its massive PlayStation Network hack three years ago.
SC Magazine

'Masquerading': New Wire Fraud Scheme

A new impersonation scheme is taking aim at business executives to perpetuate ACH and wire fraud, says Bank of the West's David Pollino, who explains steps institutions should take now to protect their customers.
Data Breach Today

Michael's Breach Lawsuits Dismissed

In a 20-page ruling, U.S. District Judge Elaine Bucklo says the six plaintiffs named in the consolidated suits failed to prove that they suffered "actual economic damage" as a result of using their credit and debit cards at Michaels during the time of the breach.
Data Breach Today

Target Request to Halt Discovery Denied

A federal judge has denied Target's motion to halt the discovery process in the class action lawsuits filed against the retailer in the wake of its December 2013 data breach.
Data Breach Today

Medical groups: Shootings underscore risks of workplace violence

Pennsylvania Psychiatric Society and Pennsylvania Medical Society officials Friday expressed sympathy and offered advice for those affected by Thursday’s shootings at Mercy Fitzgerald Hospital’s Sister Marie Lenahan Wellness Center that resulted in the death of a caseworker, the wounding of a psychiatrist and the critical injury of a psychiatric patient who is the suspected perpetrator.
Daily Times News

Hackers exploiting Internet Explorer to expose security flaws on a huge scale

Exploits can expose software and security systems, researchers warn, helping hackers attack remote machines undetected
The Guardian

"Lawmakers, Experts Urge Tougher Safety Measures at Government Labs

A U.S. House subcommittee held a hearing July 16 that focused on the recent problems at government-run labs associated with the handling of dangerous microbes, such as anthrax and smallpox.
Wall Street Journal

Florida City Considers Allowing Electrified Fences

The St. Petersburg, Fla., City Council is debating whether or not to allow businesses to install electrified fences in parts of the city. The city council was divided on matters of safety and security for businesses.
Security InfoWatch

Google’s Project Zero Targets Cybersecurity Research

Google announced July 15 that it will launch a new cybersecurity research effort called Project Zero. The project is intended to improve security throughout the Internet and reduce the number of people affected by cyberattacks.
Wall Street Journal

Businesses Are Deprioritizing Information Security

Although 86 percent of executives are aware of legal requirements surrounding confidential data, 20 percent never performed a security audit, according to a new survey of small-business owners and c-suite executives by Shred-It.
Help Net Security

SEC Launches Investigations of Hacked Firms

The SEC has opened investigations of multiple companies in recent months examining whether they properly handled and disclosed cyberattacks. The focus is on whether the companies adequately guarded data and informed investors about the breaches, say insiders

Drilling for Opportunity

The U.S. energy market, particularly for oil and natural gas, is expected to grow significantly in the coming years, providing an excellent opportunity for security professionals to help protect production and processing facilities
Security Today

NIST Goes Global With Cyber Framework

NIST has been sending delegations around the world to discuss its framework describing how governments and commercial sectors can collaborate to respond to cyberthreats.

Why 'Data in the Dark' is the No. 1 Worry for IT Managers

A recent Ponemon Institute survey of 1,587 IT professionals responsible for protecting sensitive or confidential structured and unstructured data has found a lack of knowledge about where such data resides is their biggest security concern.

97 Percent of Key Industries Doubt Security Compliance Can Defy Hackers

New research suggests that just 3 percent of information technology leaders at utilities and other critical infrastructure businesses believe security standards and rules can reduce threats to the systems running their operations.

Expert: U.S. Utilities Unprepared for EMP Threats

An electromagnetic pulse (EMP) event could potentially wipe out 90 percent of the U.S. population if the resulting blackout lasted longer than a year, warns Dr. Peter Pry, executive director of the Task Force on National and Homeland Security. "
Security InfoWatch


The New York Times


In its third study on unencrypted card data, SecurityMetrics found that 63.86% of businesses store the unencrypted 16-digit sequence on the front of credit cards, also known as the Primary Account Number (PAN)
Help Net Security


The hundreds of cyberattacks against U.S. banks and other institutions in recent years represent a targeted attempt to more broadly disrupt the U.S. financial system, Treasury Secretary Jack Lew said on Wednesday.


The Alliance of Automobile Manufacturers and the Association of Global Automakers today officially announced plans to address growing concerns over security weaknesses and vulnerabilities in new and evolving vehicle automation and networking features that could put cars at risk for nefarious hacking. The industry is in the process of forming a voluntary mechanism for sharing intelligence on security threats and vulnerabilities in car electronics and in-vehicle data networks -- likely via an Auto-ISAC (Information Sharing and Analysis Center), the officials say.
Dark Reading


As Windows software vulnerabilities have gradually decreased in the wake of Microsoft's secure development lifecycle approach to writing code, the bad guys have been forced to raise the bar and get more creative. Enter ransomware, a nasty form of malware that not only infects your machine but also locks you out of it -- and in many cases, encrypts the data so you can't retrieve it.
Dark Reading

Cybersecurity Fears Drive SMBs to Third-Party Payment Services

Small merchants are less willing to handle transactions involving credit card or personal consumer data because of cybersecurity and cost issues, and are turning to third-party payment services.
Network World

Survey: Corporate Security Thwarted by Dialog Failure Between IT Dept. and Management"

The responses to a recent Ponemon Institute survey of 4,881 IT and security professionals offer a glimpse into the state of cybersecurity efforts at companies around the world.
Network World

The responses to a recent Ponemon Institute survey of 4,881 IT and security professionals offer a glimpse into the state of cybersecurity efforts at companies around the world.

Pennsylvania State University (PSU) researchers performed experiments examining how people with high-status job assignments assessed security and privacy and how impulsive or patient they were in making decisions.
Penn State News

Report Says 5 Percent of Organizational Revenues Lost to Internal Theft

A survey of Certified Fraud Examiners (CFEs) found that companies around the world lose about 5 percent of their annual revenues to occupational fraud.
Security Magazine

Millennial Enterprise Excellence

....I believe that there is a tremendous groundswell of new mindsets and talent being developed below all the bad press of gaming systems, iPhones and other technologies. I observe my son and his friends interacting globally and suddenly realize that essentially, this interconnected network of geographically dispersed teens entertaining themselves within graphically represented processes could most likely become the way we work in the near future.
Industry Week

Details Emerge of Boeing Hack
FBI: Chinese Nationals Stole Data on C-17 Transport

Three Chinese nationals seeking to make "big bucks" broke into the computers of Boeing and other military contractors, stealing secrets on transport aircraft, a U.S. criminal complaint says.
Info Risk

Strategic Planning: Program Life Cycle

This is an abbreviated portion of the Security Executive Council's strategic planning process that can be used to assist in building your security strategic plan.

Hard Proof That Wiping Your Phone Doesn't Actually Delete Everything

Have you ever sold an old smartphone on eBay? You might be interested to know that the apps, photos and even Google searches on your phone can still be recovered — even if you performed a factory reset.

Controversial Cybersecurity Bill Known As CISA Advances Out Of Senate Committee

The Senate Select Committee on Intelligence voted Tuesday to approve a controversial cybersecurity bill known as the Cyber Information Sharing Act (CISA).

Chinese Journalists Warned Not to Work With Foreign Media

The Chinese government, which already maintains tight restrictions on the country’s media, has issued new warnings to local journalists not to cooperate with foreign news agencies.

Chinese Hackers Pursue Key Data on U.S. Workers

Chinese hackers in March broke into the computer networks of the United States government agency that houses the personal information of all federal employees, according to senior American officials.
New York Times

Banks Dreading Computer Hacks Call for Cyber War Council

Wall Street’s biggest trade group has proposed a government-industry cyber war council to stave off terrorist attacks that could trigger financial panic by temporarily wiping out account balances, according to an internal document.

How the Target Breach Has Affected Small Business Data Security

Small and medium-sized businesses may think they're immune to the kinds of attacks that wreaked havoc on Target last year, but they're susceptible to the same nefarious forces – sometimes even more so, as they can lead hackers to a bigger prize.

Chemical Facility Security, Border Security, Emergency Communications Bills Passed by House

On Tuesday, the U.S. House of Representatives passed a quartet of homeland security bills focusing on the security of chemical plants, emergency communications, and border security.
Homeland Security Today

Europeans a Focus of Enhanced Search for Extremists

Eight European nations on Tuesday agreed to enhance surveillance of Europeans who went to Syria, or are at risk of going, to fight with Islamic extremists in the civil war.
Wall Street Journal

Security Weakness Found in Wi-Fi Enabled LED Light Bulb

Researchers at Context Information Security have identified a security vulnerability affecting a brand of Wi-Fi-enabled energy efficient light-emitting diode (LED) light bulb made by LIFX.
Help Net Security

Hackers Find Open Back Door to Power Grid With Renewables

Cybersecurity experts say that the addition of renewable energy sources such as solar and wind along with the move towards smart meters are creating new cybersecurity vulnerabilities for the electric grid in the U.S. and some other countries.

"Chinese Woman Charged in Trade Secrets Theft Case

FBI agents in Des Moines, Iowa, on July 1 arrested a Chinese woman who allegedly conspired to steal trade secrets from seed corn companies in the U.S.

Oil Industry Forms Clearinghouse for Cyberattack Data

The American Petroleum Institute recently announced that it has established the Oil and Natural Gas Information Sharing and Analysis Center, in which cybersecurity experts will analyze malicious software attacks on networks used to run energy infrastructure such as offshore rigs, refineries, and pipelines.
Security InfoWatch

Corporate Boards Race to Shore Up Cybersecurity

Corporate boards are waking to cyberthreats, grappling with security issues they once relegated to technology experts.
Wall Street Journal

Cybersecurity: Monitoring Risk in the Supply Chain

Outsourcing providers may promote themselves as trusted partners to their clients, but when it comes to cybersecurity risk, financial services firms would be wise to treat them as an extension of their own business.
FinOps Report

PayPal Two-Factor Authentication Broken

Security researchers have discovered a way to bypass the two-factor authentication in PayPal's iOs and Android apps.
Dark Reading

For Audit Committees, a Growing Role in Cybersecurity

High-profile retail data breaches, the discovery of the Heartbleed vulnerability, and a slate of regulatory developments have made cybersecurity a top priority for board and audit committees.
Wall Street Journal

Samsung Says Insurance to Cover Costs From Brazil Theft

Samsung Electronics reports that its insurance will cover most of the costs associated with Monday's theft of truckloads of merchandise from its factory in Campinas, Brazil.

New Background Check Survey Reveals Security Issues in the Screening Process

The 2014 HireRight Employment Screening Benchmark Report has found that 72 percent of security and HR professionals had found concerns related to applicants or employees using thorough background checks.
Security InfoWatch

Cyber-Attacks Seen Defrauding Brazilian Payment System of Billions"

Cybercriminals have infiltrated Brazil's Boleto Bancário online payment system to steal potentially billions of dollars, according to RSA. Nearly 200,000 computers in Brazil have been infected in order get access to payment vouchers with an estimated value of $3.75 billion, RSA has determined

Blackphone In The Wind: Officially Ships To Market

Blackphone is the first smartphone built with the user’s privacy as its core mandate.

Cyberspying Campaign Comes With Sabotage Option

New research from Symantec spots US and Western European energy interests in the bull's eye, but the campaign could encompass more than just utilities.

Cyberthreat Bill Backers Threatened

The hacktivist group Anonymous, in its latest posting, is threatening the "loved ones" of supporters of a Senate cyberthreat information sharing bill that critics contend weakens privacy protections.

NATO updates cyber defence policy as digital attacks become a standard part of conflict

Reflecting how all international conflicts now have some digital component, NATO has updated its cyber defence policy to make it clear that a cyber attack can be treated as the equivalent of an attack with conventional weapons.

Anti-Hacking Team Sees 'Red Threat' Unless Firms Share Data

In an 11-story office building in the Washington suburbs, hundreds of U.S. cybersecurity analysts work around the clock to foil hackers.

School Security Plans Should Prepare Students to Expect the Unexpected

According to the National Center for Education Statistics, in 2011 the highest percentages of students most afraid of an attack or being harmed while at school were children between the ages of 12-18.
Security InfoWatch

Two Months Later, Heartbleed Patching Stalls Out With 300k Servers Still Vulnerable

Efforts to patch servers vulnerable to the Heartbleed bug have more or less ceased, according to Errata Security's Robert Graham. Graham had previously performed two scans of servers over 443 since Heartbleed was discovered in April. In
PC World

Hedge Fund Hackers Disrupting Trades for Profits, BAE Says

Hackers disrupted high-speed trading at a large unnamed hedge fund and rerouted data that might be used to make money in rogue stock-market transactions, said Paul Henninger, global product director for BAE Systems Applied Intelligence

U.S. Ambassador Baucus Says China Cyber Theft is a Threat

The U.S. Ambassador to China, Max Baucus, said June 25 that the cyber theft of trade secrets by state actors in China has become a major threat to the U.S. economy and national security

Card Fraud Impacts 1 in 4 Consumers Worldwide

One in four consumers worldwide have been the victim of card fraud in the last five years, according to a survey of consumers in 20 countries by ACI Worldwide and the Aite Group
Help Net Security

5.5 Billion Users of Mobile and Wearable Biometrics by 2019: Goode Intelligence

There will be 5.5 billion worldwide users of mobile and wearable biometric technology by 2019, according to a new Goode Intelligence report.
Biometric Update

Employers Have an Obligation to Address Workplace Violence

The Occupational Safety and Health Administration estimates that about two million U.S. workers are victims of workplace violence each year and about 10 percent of workplace fatalities are homicides.
Tallahassee Democrat

Montana Health Record Hackers Compromise 1.3 Million People

Officials say hackers gained access to a computer server tied to the Montana Department of Public Health and Human Services in early May, potentially exposing the data of patients, agency employees, and contractors.

Gartner: Top Trends in IT Security Technology

Gartner analysts who spoke at the organization's recent Security and Risk Management Summit say there are several trends that will change the way IT security is practiced.
Network World

Do Consumers REALLY Care about Payments Privacy and Security?"

A May 2014 research study by idRADAR found that risk managers typically know consumers are concerned with security, but at the same time consumers are not active in adopting strong practices to safeguard their online privacy and security.
Portals and Rails

Hacker Tactic: Holding Data Hostage

Organizations are taking some novel approaches to addressing the threat from increasingly sophisticated cyberattackers who seek to steal their sensitive information.
New York Times

DHS Investigating Havex Trojan Which Targets Energy Companies

The Department of Homeland Security (DHS) on June 25 reported that it is currently investigating whether the Havex Trojan may have been used in earlier breaches in critical infrastructure
Wall Street Journal

PG&E Will Begin Metcalf Substation Security Upgrades This Year

The California electricity provider PG&E said June 18 that it plans to spend $100 million over the next three years on security improvements at an unspecified number of substations.
Contra Costa Times

Ukraine Suspects Terrorism in Pipeline Explosion

The explosion occurred only a day after the Russian energy company Gazprom announced that it would be cutting off natural gas supplies to Ukraine due to a dispute regarding pricing.
New York Times

Meet Bob, Britain's First Robotic Security Guard

Bob, the first robotic security guard in the United Kingdom, is helping G4S to help secure its headquarters in Gloucestershire. When the metal minder spots something out of place, he stores the information on his internal hard-drive and quickly reports it to his human counterparts.
Daily Mail

First Major Mobile Banking Security Threat Hits the U.S

Once the malware enters a mobile device, it looks for mobile banking apps from USAA, Citigroup, American Express, Wells Fargo, Bank of America, TD Bank, JPMorgan Chase, BB&T, and Regions Bank. It then locks the phone, displays a fake FBI penalty notification letter, and demands $200 in Green Dot MoneyPak cards to unlock it

Popular HTTPS Sites Still Vulnerable to OpenSSL Connection Hijacking

Malicious hackers could potentially exploit a new vulnerability in OpenSSL to decrypt and modify traffic to and from some of the most popular websites, according to experts.
IDG News Service

Security Barometer - What is the Driving the Disconnect with the C-Suite?

A recent survey conducted by the Risk and Insurance Management Society (RIMS) and Marsh LLC found the following top risks in 2014 as determined by the C-Suite respondents compared to risk professional respondents:

Security and Threat Information Exchange Platform Launched by Microsoft

To help make response time even quicker, reducing the amount of time it takes to respond to a threat, Microsoft launched Interflow, a security and threat information exchange platform that allows quick communication between cybersecurity professionals who respond to cyber threats, hoping to give security professionals an edge.
Security Today

Senate committee passes FISMA reform bill

Legislation aimed at modernizing the 12-year-old Federal Information Security Management Act (FISMA) has passed a vote by the Senate Homeland Security and Governmental Affairs Committee on June 25 and is headed to the Senate floor.
SC Magazine

Increased Security Risks At Nnsa Sites, Says New GAO Audit Report

Increased Security Risks At Nnsa Sites, Says New GAO Audit Report Despite the implementation of security reforms at US nuclear weapons and research and development facilities from 2009 to 2012 that “generally varied among National Nuclear Security Administration (NNSA) sites … some of these efforts helped manage security costs and enhance productivity … but may also have increased security risks and reduced security performance at the Y-12 National Security Complex (Y-12) in Tennessee and other NNSA sites, depending on how the sites implemented the reforms,” a new government audit report said.

Center for Disease Control and Prevention Workers May Have Been Exposed to Anthrax

The Centers for Disease Control and Prevention says some of its staff in Atlanta may have been accidentally exposed to dangerous anthrax bacteria because of a safety problem at one of its labs.
Continuity Insights

Undetected malware concerns two-thirds of small business owners, survey finds

The biggest security concern for small businesses is undetected malware, according to a survey – conducted by CSID and Research Now – of 505 owners of U.S. companies with one to 99 employees.
SC Magazine

Twitter Disables TweetDeck After Security Breach

Twitter said Wednesday it fixed a security vulnerability in its TweetDeck application and turned the service back on following a breach that affected users for a few hours.
Wall Street Joutnal

P.F. Chang's confirms breach in credit card data

P.F. Chang's China Bistro said there has been a breach involving data from customers' credit and debit cards used at its restaurants, confirming a report out earlier last week.
USA Today

600,000 customer details compromised at Domino’s

Today’s news that 600,000 customer records have been stolen from Domino’s France and Belgium yet again raises questions about just how seriously large corporations and big brands are taking data protection.
Help Net Security

Technology sites "riskier" than illegal sites in 2013, according to Symantec data

The “riskiest” pages to visit in 2013 were technology websites, according to data from users of Norton Web Safe, which monitors billions of traffic requests and millions of software downloads per day.
SC Magazine

Class-action filed against payroll company Paytime over massive data breach

A class-action complaint has been filed by Kraemer, Manes & Associates LLC and Carlson Lynch LTD against Paytime, a Pennsylvania-based payroll company that experienced a massive data breach in April.
SC Magazine

“Human error” contributes to nearly all cyber incidents, study finds

Even though organizations may have all of the bells and whistles needed in their data security arsenal, it's the human element that continues to fuel cyber incidents occurring, according to one recent study.
SC Magazine

More than 500 AT&T users victims of security breach

An undisclosed number of AT&T wireless customers has had their accounts broken into, exposing sensitive personal data including Social Security numbers and dates of birth, according to the company.
The Columbus Dispatch

Senate Panel to Examine 'Stalking Apps

Sen. Al Franken (D-Minn.) will hold a hearing next week on “stalking apps,” which can secretly track people through their smartphones.
The Hill

U.S. Treasury's Top Terrorism Cop: How Financial Tools Fight Foes

As the United States continues to reduce its formal military presence in the war on terror, the administration plans to rely more on financial tools to aid counterterrorism efforts, says Treasury Undersecretary for Terrorism and Financial Intelligence David Cohen.
Wall Street Journal

Study Reveals DHS Cyber Initiative Needs to Pick Up the Pace

A new study examining the progress of the Department of Homeland Security’s (DHS) Continuous Diagnostics Mitigation (DHS-CDM) program, which standardizes security monitoring across the federal government, indicated that while implementation of CDM has been impressive so far, federal security managers are anxious to pick up the pace.
Homeland Security Today

Cargo Theft: 2013 in Review

The Supply Chain and Information Sharing and Analysis Center (ISAC) has released its 2013 Cargo Theft report, which shows a drop in the total number of reported cargo thefts for the first time since 2005.
Security Today

ONVIF and SIA Announce Memorandum of Understanding on Access Control Standards

A Memorandum of Understanding has been signed by ONVIF and the Security Industry Association (SIA), under which the two will work cooperatively toward the development of Internet Protocol-based interoperability standards in access control.
Security Today

What are the Top Security Concerns of Senior IT Executives?

Two polls of the senior IT security executives who attended Courion's recent annual user conference found that cyberattacks carried out by insiders are common at some organizations, and executives are finding it difficult to reduce the threat of such attacks.
Help Net Security

NSF Dear Colleague Letter--Cybersecurity Education EAGERs

The U.S. National Science Foundation (NSF) Directorate for Education and Human Resources and Directorate for Computer and Information Science and Engineering have released a Dear Colleague Letter announcing interest in using Early Concept Grants for Exploratory Research (EAGERs) to foster collaboration between the cybersecurity research and computing education research communities.
CCC Blog

Make Your Case

Obtaining funding for security projects can be difficult, but if security managers learn how to present a strong and interesting business case, they can improve their chances of having their funding request approved.
Security Management

Security Guard Industry Lacks Standards, Training

A study by Michigan State University criminologists that was published in Security Journal has found that many states lack adequate training standards for security guards.
MSU Today

University Researchers Test Cyber-Defense for Nation's Power Grid

Researchers at North Carolina State University (NCSU) and the University of North Carolina, Chapel Hill have developed a prototype software-based system that would coordinate the activity of networked computers during a cyber attack.
CSO Online

Large Electric Utilities Earn High Security Scores

New data from BitSight Technologies shows that major electric utilities rank as among the most secure organizations.
Dark Reading

Study Says Amazon, Groupon Among Sites with Worst Password Security

Even after the Heartbleed bug, some of the most popular websites aren't taking password security seriously, according to a study. More than 80 percent of websites that were examined had subpar password security standards, according to Dashlane's Password Security Roundup report.

Rooting Out Fraud

On May 6, Florida-based Baptist Health System Inc. was the latest in a long line of organizations to resolve a federal lawsuit accusing it of violating the False Claims Act (FCA).
Risk & Insurance

Riskier business: Travelers index exposes worries, lack of planning

The business environment is becoming riskier, and companies don’t feel they are prepared to manage the risks they believe are the most serious.
Risk Network

Senate Panel Confronts Backlog of Chemical Facility Security Plans

At a recent Senate Committee on Homeland Security and Governmental Affairs hearing, the Department of Homeland Security (DHS) reported it has taken steps to speed the process of completing the reviews of the approximately 3,120 chemical facility security plans.
Homeland Security Today

Experts Fear Major Attack Only Way to Stir Corporate Action on Cyber Security

The number of reports of cyber incidents the Department of Homeland Security's Industrial Control Systems Cyber Emergency Response Team responded to nearly doubled last year from 2012, but critical infrastructure companies remain reluctant to spend the money needed to upgrade their aging equipment.The number of reports of cyber incidents the Department of Homeland Security's Industrial Control Systems Cyber Emergency Response Team responded to nearly doubled last year from 2012, but critical infrastructure companies remain reluctant to spend the money needed to upgrade their aging equipment.
Insurance Journal

Study Says Amazon, Groupon Among Sites with Worst Password Security

Even after the Heartbleed bug, some of the most popular websites aren't taking password security seriously, according to a study.

Why the Security Talent Gap is the Next Big Crisis

Security experts believe that the next national security crisis will be related to the growing security talent gap, which could potentially leave companies at risk of losing the battle against online criminals because they will not have the manpower to handle attacks.

Cyber Crooks are Winning Tech War, and Silicon Valley is Losing

During the National Venture Capital Association's annual meeting on May 14, a panel of cybersecurity experts commented that tech companies in Silicon Valley are under frequent attack from foreign countries and groups looking to take advantage of potential vulnerabilities.
Wall Street Journal

Hackers Ramp Up Computer Attacks That Demand 'Ransom'

Hackers operating on the Internet's "Dark Web" are spreading a new, more sophisticated generation of the malicious software known as "ransomware," anonymously shaking down anyone with an unprotected computer, from lawyers and cops to small businesses.
USA Today

Cybersecurity Options Lag Behind Hackers' Abilities

A computer hacker once told a congressional committee that he could take out the entire Internet in a half-hour. That was back when the World Wide Web was in its infancy and Google didn't even exist yet.
Stars and Stripes


The Federal Bureau of Investigation will aggressively crack down on cyber crime over the next few weeks, with a bureau official advising the public to anticipate indictments, searches, and multiple arrests


The US Retail Industry Leaders Association (RILA), along with several of America's most recognized retail brands, launched the Retail Cyber Intelligence Sharing Center (R-CISC).
Net Security


A Department of Justice proposal would make it easier for FBI investigators to hack into remote devices that have had their location purposefully obscured or that are acting as part of a botnet.
Dark Reading


Consumers rank data breaches and poor customer service high in their effects on brand perception.
Dark Reading


The government's standards-making body on Tuesday announced guidelines for agency technologists and industry engineers on how to bake security into critical systems.


The National Institute of Standards and Technology (NIST) has issued for public review and comment a proposed major update to its Guide to Industrial Control Systems (ICS) Security

States Lack Expertise, Staff to Deal With Cyberthreats to Utilities

Federal utility regulators and electric utility industry safety groups are increasingly aware of how vulnerable the national electric grids are to cyberattack, but the state commissions that regulate local utilities have responded to the growing risks slowly.
Homeland Security News Wire

What Chemical Facilities Need to do to Protect CVI

In order to protect Chemical-terrorism Vulnerability Information (CVI), the Department of Homeland Security (DHS) established rules for determining what qualifies as CVI, who has access to CVI, how it must be protected, stored, and transmitted.
Israel Foreign Affairs

UF a Showcase for Orlando Firm's Campus-Security App

Orlando, Fla., startup TapShield LLC has designed a mobile app that draws on cloud-based computing, GPS, and social media to connect users to campus security at colleges and universities.
Orlando Sentinel

Most Security Professionals Helpless to Stop Data Theft, Study Shows"

A recent study by the Ponemon Institute has found that 63 percent of IT security professionals have concerns about their ability to prevent data theft due to shortcomings in their current security systems.
Computer Weekly

Consumers Ditch Their Breached Retailers, Banks and Doctors

One-third of consumers stop shopping at retailers that have been breached, and 24 percent of consumers say they will leave banks or credit card companies that have been breached, according to a Javelin Strategy & Research survey.
Dark Reading

Meet the Fed's First Line of Defense Against Cyber Attacks

The U.S. Federal Reserve's first line of defense against cyberattacks is the National Incident Response Team (NIRT), which includes about 100 closely monitored employees who sift through the Fed's networks daily looking for indications of hacking.
Foreign Policy

The Internet of Things Likely to Drive an Upheaval for Security

The Internet of Things will catalyze a major paradigm change in IT security on a scale even larger than the shift to mobile, according to a new analysis by Gartner.

There's No Such Thing as a Good Data Breach

Limiting data breaches is complicated by myriad state and territorial laws with different breach notification requirements, incomplete notification disclosures, and suspicions that breaches are underreported or even not disclosed at all, writes the Atlanta Fed's David Lott.
Portals and Rails

Security Officers to Receive Firearms at Mo. Hospital

Derek Conz, the security team leader at Heartland Regional Medical Center in Missouri, says that 13 security guards will be authorized to carry and use a .9-millimeter pistol during patrol duty on the hospital's campus beginning May 1
St. Joseph News-Press

Keeping the Campus Healthy

Baptist Health Care Network is the largest, non-governmental employer in northwest Florida, with employees and physicians totaling more than 6,000.
Security Today

U.S. Officials Told Lawmakers Israel’s Industrial Espionage Efforts in U.S. 'Crossed Red Lines'

Officials from the Department of Homeland Security (DHS), the State Department, the FBI, and the National Counterintelligence Directorate said that Israel goes to far in its efforts to spy on the United States.
Homeland Security News Wire

Hackers Capture Dynamic Data to Prepare for Effective, Stealthy Attacks"

Cybersecurity experts are warning organizations about the threat from cyberattacks that use offensive forensics techniques to steal data stored in a computer's memory.
CSO Online

Hackers Stole Doctors’ Tax Refunds By Breaking In To Payroll Software

Last week, we shared the scary news that a ring of tax refund fraudsters appeared to have filed tax returns on behalf of hundreds of doctors and other health care professionals, harvesting their refunds.

Encryption in the cloud is scarcer than you think

Ponemon Institute report shows more encryption across cloud environments, but only a modest increase over the years.

Cyber firms look to move the electrical grid

At a keynote speech in Washington last month, former CIA director Leon E. Panetta warned that cyberspace is the "battlefield of the future."
The Washington Post

Phishing Attacks on Telco Customers Grow

Phishing attacks targeting telecommunication companies' customers, which result in account takeovers, are on the rise, according to the Federal Bureau of Investigation and the Internet Crime Complaint Center.
Bank info Security

Phishing Attacks on Telecommunication Customers Resulting in Account Takeovers Continue

The schemes involve using automated telephone calls, or vishing, and SMS texts, or smishing, to lure customers to phishing sites that replicate telecommunication companies' sites, requesting the victims' log-in credentials and the last four digits of their Social Security numbers.

The Marketing of Heartbleed

Engineers at the security company discovered on April 4 the flaw in the cryptographic protocol OpenSSL and christened it the Heartbleed bug (see: Heartbeat Bug: What You Need to Know).
Bank info Security

2014 Data Breach Investigations Report

Read an excerpt from the 2014 Data Breach Investigations Report.

Cybersecurity: Top Priorities in 2014

Cybersecurity frameworks, supply chain risks and malicious insiders - these are among 2014's hot topics, according to Alan Brill, senior managing director at Kroll Advisory Solutions.
Bank info Security

NCCIC: Combating the Insider Threat

From the National Cybersecurity and Communications Integration Center (NCCIC): Threats, to include sabotage, theft, espionage, fraud, and competitive advantage continue to materialize from those considered to be insiders of an organization.
US Department of Homeland Security

Innovative U.S. cybersecurity initiative to address cyberthreats

Cyberattacks on computer networks around the world reached 1.7 billion in 2013, up from 1.6 billion in 2012.
Homeland Security News Wire


Earlier this year, Wired.co.uk wrote about Google's invention of a smart contact lens that could monitor blood glucose levels through tear fluid. Now, the tech giant has invented another pair of lenses with an in-built camera.

Top Information Security Threats in the Near Future

Each year, the Internet Security Forum, a nonprofit association that researches and analyzes security and risk management issues, releases its 'Threat Horizon' report to provide members with a forward-looking view of the biggest security threats over a two-year horizon. Here are the top 10 threats through 2016.

Proposal to Prevent Grid Attack Lacks Power, Critics Say

Critics say that the North American Electric Reliability Corp.'s proposed rules for protecting the power grid are not strong enough, partly because they do not include specific suggestions made by federal regulators following the 2013 attack on a substation near San Jose, Calif.
Wall Street Journal

From Shoplifting to Cyber Security, Businesses Advised to Check the Locks

While more than $35 million of goods are stolen from U.S. retailers every day — costing businesses more than $13 billion a year — external theft is just one of a host of security threats businesses face
South Coast Today

Big Bucks Going to Universities to Solve Pressing Cybersecurity Issues

The U.S. Federal Emergency Management Agency announced a three-year, $800,000 grant to several universities to research ways to prepare for, detect, and respond to cyberattacks.
Network World

Americans Report a Big Jump in Personal Data Theft

Eighteen percent of U.S. adults with Internet access say their personal information was stolen in a data breach, according to a Pew Research Center survey, up from 11 percent in July.
Washington Post

Chase Ramps Up Security: Is It Enough?

The nation's largest financial institution, JPMorgan Chase, is taking an appropriate leadership role by describing how it's ramping up its security efforts, say analysts, who assess the bank's plans for three cybersecurity centers.
Bank info Security

Heartbleed Bug: The Latest Alerts

Mobile applications can be as vulnerable to the Heartbleed bug as websites, warns security vendor Trend Micro.
Bank info Security

National Retail Federation to Establish Cybersecurity Program

The National Retail Federation (NRF), the world’s largest retail trade association, has announced plans to create a retail and merchant industry information sharing and analysis center that will help companies deal with cyber threats.

All the passwords you should change because of Heartbleed, in one handy graphic

The Heartbleed security flaw was fixed in the newest version of OpenSSL, but you should still change your passwords on all of the sites affected by the bug.
VB News

These Sites Tell Which of Your Accounts Have Been Hacked

Heartbleed, the massive flaw in web encryption recently made public, is just one of the unending stream of vulnerabilities that enables hackers to steal personal details and passwords from companies with which you do business.

KKR CIO Surveys Cyber Risk Among Private Equity Holdings

BitSight, a company that collects large quantities of data every day from sensors located in public servers and from partners, recently conducted a cyber vulnerability survey for KKR that examined the levels of cyber risk for 75 of the private equity firm's portfolio companies.
Wall Street Journal

Survey: Small Retailers Feeling Insecure

A new survey commissioned by ADT has found that only a third of small- and medium-sized retailers have complete confidence in their current security systems.
Security Director News

2 Regulators Issue Guidelines on Sharing Cybersecurity Information

Sharing data between companies about cybersecurity threats will not cause antitrust concerns, according to guidelines issued by the Federal Trade Commission and Justice Department on Thursday.
New York Times

Federal Energy Regulator to Take Steps to Protect Grid

Federal Energy Regulatory Commission (FERC) acting Chairwoman Cheryl LaFleur told lawmakers Thursday that her agency will perform a full review of the chain of custody of all documents following the release of sensitive information about the impact of a physical attack on the nation's electric power grid.
Wall Street Journal

56 Percent of Employees Still Receive no Security Awareness Training

A new EMA survey of employees in government, public and private companies, and nonprofits conducted found a majority still receive no security awareness training whatsoever.
Help New Security

Advanced Attackers Go Undetected for 229 Days

Organizations are generally discovering cybersecurity breaches earlier, and they are increasingly having to turn to outside help to do so, according to a new FireEye report.
Help Net Security

Trove of Software Flaws Used by U.S. Spies at Risk

Trove of Software Flaws Used by U.S. Spies at Risk

Cybersecurity Is a Puzzle—Where Does Your Piece Fit?

Cindy Fornelli, the executive director of the Center for Audit Quality, writes that deepening collaboration and ensuring effective communications among key players is the key to effectively fighting cybercriminals.

Aviation Industry and Government to Share Cyber Threats in New Intelligence Center

The U.S. government and the aviation industry on April 15 launched the Air Domain Intelligence Integration Center and an analysis center, which will be used by government and industry officials to share information on cyber threats.
Wall Street Journal

113 People Detained and 70 Arrested in Action Day Tackling Airline Fraud

On 8 and 9 April 2014 law enforcement agencies from across the world, supported by the European Cybercrime Centre (EC3) at Europol, joined forces with the airline, travel and credit card industries in the largest ever attack upon online fraud and illegal immigration.

Sharing cyber threat details not antitrust violation, U.S. says

The U.S. government on Thursday urged companies to share information with each other about cyber threats and issued guidance making clear that doing so would not violate antitrust laws.

Power Companies Struggle to Maintain Defenses Against Cyber-Attacks

When experts rank U.S. industries' abilities to ward off potentially damaging cyberattacks, the electric utilities are normally near the bottom.

PrecisionHawk's drones collect data on crops from hundreds of feet above.

These companies are mining the world’s data by selling street lights and farm drones.

DHS Turns to Mentors to Strengthen Cyber Workforce

The U.S. Department of Homeland Security (DHS) has adopted a rotation and mentorship strategy to find and develop qualified cybersecurity professionals.
Federal News Radio

With Rare Support, Chemical Security Legislation Advances in House

A bill that provides long-term authorization for the Department of Homeland Security's chemical-facility antiterrorism security (CFATS) standards was approved by the House Homeland Security Subcommittee on Cybersecurity, Infrastructure Protection and Security Technologies on Thursday.
National Journal (DC)

Experian Faces Connecticut, Illinois Probes of Data Breach

Representatives for Connecticut Attorney General George Jepsen and Illinois Attorney General Lisa Madigan have confirmed that they are investigating Experian following a breach of a company database by Hieu Minh Ngo, a Vietnamese man who has pleaded guilty to selling credit-card data, Social Security numbers and other personal information to fraudsters that had been taken from the Experian database.
Wall Street Journal

Pentagon to Triple Cyber Staff to Thwart Attacks

U.S. Defense Secretary Chuck Hagel recently made his first major speech on cyber policy, which focused on significantly growing the ranks of the Pentagon's cyberwarfare unit in an effort to defend against foreign attacks on important U.S. networks.
Associated Press

Cost of Advanced Evasion Techniques in Recent Data Breaches

There is a great deal of misunderstanding, underestimation, and ignorance of advanced evasion techniques (AETs) among CIOs and security managers, according to a new McAfee report.
Help Net Security

Internet of Things: Mitigating the Risk

Tony Sager, chief technologist of the Council on Cybersecurity and former COO of the U.S. National Security Agency's information assurance directorate, has turned his attention to mitigating the cybersecurity threats facing Internet-connected embedded devices, the Internet of Things.

Law Firms are Pressed on Security for Data

Large corporations and banks are increasingly pressing the law firms they work with to demonstrate that their computer systems are using the best technologies to identify and mitigate online intrusions and to take extra steps to ensure that their systems are well protected.
New York Times

NIST, DHS Push for More Engagement Around Cyber Framework

The White House's cybersecurity framework to safeguard the nation's critical infrastructure was implemented six weeks ago, and federal officials say they are seeing progress but need Congress to address liability protection for companies.
Federal News Radio

Security Firm Trustwave Says Target Data Breach Claims Baseless

Credit-card security firm Trustwave Holdings, which has been sued along with Target over a sweeping data breach, says it did not process cardholder data for the retailer or handle Target's data security as a lawsuit alleges.

Credit Card Issuers Seek Out New Ways to Increase Data Security

Reports of major data breaches continue to rise even though major retailers are required to comply with cybersecurity guidelines set by the credit card industry.
US Finance

Navy-Base Shooting Raises Concerns Over Port-Security Program

Sen. Mark Warner (D-Va.) sent a letter to Homeland Security Secretary Jeh Johnson and Navy Secretary Ray Mabus on March 28 to express his concerns about the effectiveness of the Transportation Worker Identification Credential (TWIC) program in the aftermath of a shooting at a Norfolk, Va., naval base last week.
Wall Street Journal

Could Our Food Supply be a Target for Terrorists?

The Food and Drug Administration has proposed new rules that would require domestic and foreign companies that process and manufacture food and ship it to the U.S. to take steps to mitigate the risk of potential terrorist attacks against their facilities.
NPR Online

Cargo-Theft Recovery Program Launched in Canada

On March 18, the Insurance Bureau of Canada (IBC) and the Canadian Trucking Alliance (CTA) introduced a new phase of the Cargo Reporting Program, which was designed to help combat the country's growing $5 billion cargo theft problem.
Security Director News

Defense Firms Find Work Battling Corporate Hackers

Defense contractors that have traditionally served the federal government are now hoping to help corporate clients defend against cyberattacks through software or consulting services.
Wall Street Journal

Banks' Suit in Target Breach a 'Wake Up Call' For Companies Hiring PCI Auditors

Trustmark National Bank and Green Bank filed a lawsuit in federal court against Target and Trustwave Holdings on Monday in response to the massive data breach the retailer suffered last year.
CSO Online

Visa's Chief Risk Officer on the Future of Credit Card Fraud

Visa Chief Risk Officer Ellen Richey acknowledges it will take several years for the U.S. to achieve widespread use of credit cards with embedded chips.

US Not Waging Industrial Espionage

Senior U.S. intelligence officials speaking on condition of anonymity say that the U.S. is not spying on foreign companies in order to give American firms a competitive advantage, despite claims by Edward Snowden to the contrary.
Sky News

Target, Visa Say Fraud Limited in Wake of Data Breach

Target has seen relatively little fraudulent activity on its payment cards since the massive data breach last year, said chief financial officer John Mulligan, speaking at a Senate Commerce Committee hearing on Wednesday.
Wall Street Journal

Half of IT Execs Don't Tell Boards Truth About Breaches

According to a survey of 1,083 IT and IT security workers conducted by Ponemon Institute in January, half of CIOs and CISOs do not tell executives at their companies the truth about cybersecurity breaches.
Wall Street Journal

Changes Proposed to US CFATS Facility Security Rules

According to Pharmaceutical Research and Manufacturers of America (PhRMA), it is too early to predict the impact that changes to the Chemical Facility Anti-Terrorism Standards (CFATS) proposed by Rep. Patrick Meehan (R-Pa.) will have on the pharmaceutical industry.
in-Pharma Technloogist

Why Identity is the New Firewall

Identity management is becoming the new firewall that keeps out those who are not allowed to gain access to an area within a building, facility, or campus.
Security Magazine

U.S. Utilities Tighten Security After 2013 Attack

Two electric utilities have announced that they are taking steps to improve the security of their facilities following increased concerns about the possibility of terrorist attacks on the nation's power grid.
Wall Street Journal

Big Data Analytics: The Enterprise's Next Great Security Weapon

The use of big data analytics by companies to better protect data and secure networks will more than triple in the next two years, according to a new Gartner report.

Can Threat Modeling Keep Security a Step Ahead of the Risks?

Cybersecurity experts say it is important for organizations to perform threat modeling on a regular basis in order to stay ahead of potential threats.
CSO Online

Study Shows Those Responsible for Security Face Mounting Pressures

IT security professionals are increasingly feeling stress in their jobs, according to a new Trustwave survey of 833 security decision makers in the U.S. and several other countries.
CSO Online

Microsoft Takes to the Front Lines in the War on Cybercrime

Stepping up to fight the cyber war, Microsoft unveiled a new state of the art Cybercrime Center specifically designed to battle botnets, malware and other various forms of internet crime.

Assault on California Power Station Raises Alarm on Potential for Terrorism

Former Federal Energy Regulatory Commission (FERC) Chairman Jon Wellinghoff and others are warning that a little-known attack on an electric substation in Santa Clara County, Calif., last year could be a herald for larger attacks aimed at causing widespread power outages.
Wall Street Journal

Point of Sale System Attack Campaign Hits More Than 40 Retailers

The ChewBacca Trojan has infected more than 40 merchants and stolen payment card and personal information from approximately 50,000 customers by targeting point of sale systems (POS), according to RSA FirstWatch.
Dark Reading

Data Security Is Not Their Responsibility, Say 23 Percent of Employees

A new survey of employees by Absolute Software finds that nearly a quarter believe that data security is not their responsibility.
Computer Weekly

Security Professionals Identify IT Risks Associatied With Cloud Computing

ESG recently surveyed 211 enterprise security professionals about what they saw as the biggest security risks associated with using cloud infrastructure services.
Network World

Target Traces Security Breach to Stolen Vendor Credentials

Target spokeswoman Molly Snyder confirmed that the company's ongoing investigation into the recent data security breach has revealed that hackers were able to gain access to Target's systems by using a vendor's credentials which they had stolen.

The Economics of a National Cyber Immune System

At the recent Cyber Innovation Forum in Baltimore, White House cyber czar Michael Daniel spoke about the need to strengthen the federal government's "cyber immune system."
Federal Computer Week

Stumbling Blocks That Faceplant Security Analytics Programs

here are a number of obstacles that often prevent enterprises from effectively integrating security analytics into their IT security infrastructure. First among these is siloed organizational units that impede the effective gathering and sharing of data.
Dark Reading


Research released today by the Ethics Resource Center (ERC), America’s oldest nonprofit advancing high ethical standards and practices in public and private institutions, reveals that workplace misconduct is at an historic low, having steadily and significantly declined since 2007.
ERC Ethics Resource Center

Preparing Utilities to Respond to Cyberattacks

Sharon Chand, a director with Deloitte & Touche's Security & Privacy, notes that the decades of experience utilities have in preparing for natural disasters can be used to help guide their responses to cyberattacks.
Wall Street Journal

Three Ways to Better Secure Your Data in 2014: It’s Time for Two-Factor Authentication"

According to technology consultant Geoffrey Fowler from the Wall Street Journal, every business' priority should be security in 2014. In light of recent security breaches by Skype and SnapChat, Fowler says businesses must be vigilant about upholding security.
Wall Street Journal

Hacker Threats Rise, With Defenders Lacking: Report

The Cisco Annual Security report, which was released on Thursday, showed that the technology and techniques used by hackers and other online criminals has outpaced security professionals ability to defend against such threats.
Agence France-Presse

Is Rapid Detection the New Prevention?

Many IT security experts say the time when a strong perimeter defense could be counted on to defend a network is over, and that what is needed is a greater focus on technologies that detect network breaches and cut them off before they can do any serious damage.
Network World

Senior Managers Are the Worst Information Security Offenders

Senior managers pose a major security risk for companies, according to a Stroz Friedberg nationwide survey of 764 information workers
Help Net Security

Algorithms are Changing the Face of Situational Awareness and Online Security

The adoption of algorithms is changing the face of both situational awareness and online security, as algorithms only take a few seconds to perform technical tasks, which allows humans to concentrate on more complex problems.
Security InfoWatch

"Top Six Data Breach Trends for 2014

The theft of debit and credit card information from Target in November and December was just one of many data breaches that took place in 2013.
Security InfoWatch

Game Theory Helps Corporate Risk Managers Analyze Terrorism Risks

Corporate risk managers have found that game theory can improve terrorism risk analysis by helping them prepare for unexpected situations.
Homeland Security News Wire

US Employee Prescription Drug Use Booms as Workers Evade Positive Marijuana and Cocaine Tests

A new study by Quest Diagnostics has found that U.S. workers are becoming more knowledgeable about how to game pre-employment drug screening.
International Business Times

Cybersecurity Training a Top Priority for Industry, Government

Cybersecurity professionals are expected to be in high demand through 2020 and beyond, and private- and public-sector organizations are launching outreach programs to train workers.

Spear Phishing Poses Threat to Industrial Control Systems

Security experts say that energy companies that use supervisory control and data acquisition (SCADA) systems need to ensure that their anti-phishing programs are strong, as a successful phishing attack could be as devastating as the Stuxnet attack.
CSO Magazine

7 Simple Ways You Can Protect Your Ideas From Theft

There are a number of ways that businesses and individuals seeking investors, partners, or employees to support their ideas or discoveries can prevent those associates from marketing that innovation as their own.

Executive Bad Habits, Including Porn, Endanger Corporate Security

A recent study conducted by Opinion Matters for ThreatTrack Security showed that company executives may pose one of the biggest security risks to organizations.
PC World

Schools Safe as Ever Despite Spate of Shootings, Scares

According to the departments of Justice and Education, school safety has improved and violence has fallen for students and teachers.
USA Today

Kelihos Botnet Thrives, Despite Takedowns

Kaspersky Lab's sinkholing of one version of the Kelihos botnet 19 months ago—together with CrowdStrike, the Honeynet Project, and Dell SecureWorks—along with other significant eradication efforts, have resulted in a sharp decline in related botnet activity, according to research the lab recently published.
Information Week

Security Is Top Concern in 2014 for State CIOs

Security is the top concern next year for state CIOs, according to NASCIO's State CIO Top Ten Policy and Technology Priorities for 2014 survey.

Attack Ravages Power Grid. (Just a Test.)

Nearly 10,000 cybersecurity specialists, electrical engineers, FBI agents, and utility executives took part in the more than 48-hour long continental-scale war game known as GridEx II.
New York Times

Personal Devices Pose Biggest Threat to Corporate Security

Security software provider, Check Point, has found that 93 percent of US and UK companies use mobile devices to connect to corporate networks, while 67 percent allow employees to connect personal devices.
Financial Times

Employee Theft on the Rise, Survey Reveals

Jack L. Hayes International's Annual Retail Theft Survey shows that retail theft increased 5.5 percent in 2012, which was the second increase in as many years.
Digital Journal

Early Stage Startups Vulnerable to IP Theft

David DeWalt, the chairman and CEO of the cybersecurity firm FireEye Inc., has warned that there is a clear correlation between press releases detailing a startup's acquisition of venture capital funding and attacks by thieves seeking to steal the startup's intellectual property.
Wall Street Journal

The Many Faces of Financial Fraud

Improvements in payment protections and security practices are beginning to shift the liability for financial fraud onto the least-secure party involved in the transaction.
CSO Magazine

Ridge Warns Utility Officials on Threat of Attack

During the "Grid 20/20: Focus on Resilience" conference in Philadelphia on Tuesday, former Homeland Security Secretary Tom Ridge warned regional utility officials that they need to explore more ways to protect the nation's electric grid from attack.
Philadelphia Inquirer

PCI council publishes updated payment security standards

On Thursday, version 3.0 of the Payment Card Industry Data Security Standard (PCI DSS) and Payment Application Data Security Standard (PA-DSS) became available for merchants, who'll have until January 1, 2014 before the requirements become effective.
SC Magazine

Bipartisan Cybersecurity Measure to be Introduced in Congress

Sen. Saxby Chambliss (R-Ga.) reported last week that he planned to introduce cybersecurity legislation to improve data sharing between the public and private sector.
Home Security News Wire

Chinese Army's Industrial Espionage Continued Even After Exposure

The Chinese military continues to support widespread corporate espionage against U.S. companies, according to a report from the US-China Economic and Security Commission, a congressional advisory panel
International Business Times

Mobile Phone Use a Significant Security Risk for Companies

New research from the U.K.'s University of Glasgow finds that the improper use of corporate mobile devices by employees is exposing companies to potentially serious security and legal risks.
Home Security News Wire

NSA Chief Likely to Be Stripped of Cyber War Powers

Senior military officials are strongly considering removing the National Security Agency director's authority over U.S. Cyber Command.
The Hill

Security Check Now Starts Long Before You Fly"

Airline passenger screening is being expanded by the Transportation Security Administration, as a search of several government and private databases will now be conducted prior to passengers' arrival at the airport.
New York Times

4 Ways Metrics Can Improve Security Awareness Programs

It is important to use the right metrics in the right way to properly evaluate and make the case for security awareness programs.
CSO Online

Despite Drop in Fraud, Businesses Told to Remain Vigilant

The percentage of companies reporting instances of fraud has fallen from 75 percent to 61 percent, according to the latest version of Kroll's annual Global Fraud Report
CSO Online

Millions of Employees Victims of Workplace Violence

The federal Occupational Safety and Health Administration (OSHA) has begun paying closer attention to violence between workers and to violence directed at employees by customers, clients or other outsiders, said Thomas Fuller, an assistant professor at Illinois State University who teaches a course on workplace violence

Cybersecurity Talent Pipeline Not Being Fed by High Schools, Survey Finds

Less than a quarter of the 1,000 adults between the ages of 18 and 26 who took part in the recent Raytheon Millennial Cybersecurity Survey expressed an interest in a career in cybersecurity.
Homeland Security Today

Report indicates insider threats leading cause of data breaches in last 12 months

The National Insider Threat Policy aims to strengthen the protection and safeguarding of classified information by: establishing common expectations; institutionalizing executive branch best practices; and enabling flexible implementation across the executive branch.
CSO Online

What litigation tells us about the dangers of IP theft

While many companies are now stepping up security measures to better identify and protect their IP, still too many companies and employees fail to grasp the seriousness of protecting IP (and the repercussions that often flow from failing to do so).
Network World

How Awareness and Communication Improve Workforce Protection: Building workforce protection on awareness, communication

Violence in the workplace is a greater issue in the United States than elsewhere in the world, says Paul N. Whelan, a senior manager at global staffing provider Kelly Services who is focused on preventing workplace violence.
Security Magazine

Security Perspectives Surveyed

National security is no longer solely about defending the borders; it now includes making society resilient in the face of a wide range of threats.
Security Management

The Mars-and-Mercury Problem of Cybersecurity

Half of all federal cybersecurity breaches are caused by personnel who fail to comply with security measures in place at their agencies, according to a new Meritalk study.

A Real-World Approach to Risk-Based Security Planning

Investing in security technology is no guarantee of protection against cyber threats, according to a new global study by the Ponemon Institute, which found that despite serious business investment in modern security solutions, malware incidents increased 58 percent between 2011 and 2012.
CSO Online

Are We Too Busy for Metrics?

Tripwire and Ponemon Institute have some surprising findings in their latest survey on the state of risk-based security management.
Security Technology Executive

New California Law Requires Employers to Make Security Accommodations for Domestic Violence Victims

California Gov. Jerry Brown signed a bill on Oct. 11 that will require employers to make security accommodations for employees who are victims of domestic violence, sexual assault, or stalking.
Security InfoWatch

Top 10 Global Risks Underscore Business Concerns

Two separate studies from Accenture and Aon Risk Solutions have found that organizational risk managers worldwide are closely aligned when it comes to risks they are most concerned about.
The National Law Review

What Keeps CEOs Up at Night?

The Lloyd’s Risk Index provides a good view of global risk from the perspective of corporate leaders. This year’s worldwide survey comprised 588 C-Suite and board level executives from companies of various sizes.
Security Magazine

Report Indicates Insider Threats Leading Cause of Data Breaches in Last 12 Months

Forrester Research recently released its Understand the State of Data Security and Privacy Report, which draws on a survey of small and medium businesses and other enterprises in the United States, Canada, Britain, France, and Germany.
CSO Online

Pilots Union Warns of Possible Terrorism 'Dry Runs'

An internal memo from the US Airlines Pilots Association indicates that there have been several recent cases throughout the airline industry of "dry runs" aimed at determining how airline personnel respond to in-flight threats.
USA Today

Google Now Taking Down Eight 'Pirate' Links Every Single Second

Google processed a record 5.3 million Digital Millennium Copyright Act (DMCA) notices to remove pirate links in the last week of September, and is now taking down nearly nine URLs per second, according to its transparency report.
Torrent Freak

The student loan bubble is starting to burst

JPMorgan Chase has sent a memorandum to colleges notifying them that the bank will stop making new student loans in October, according to Reuters.
Economic Policy Journal

What Litigation Tells Us About the Dangers of IP Theft

A recent study commissioned by Symantec found that half of all departing employees retain confidential corporate files after being terminated. In addition, more than half of employees feel it is acceptable to move corporate data to personal devices, email accounts, or cloud services without prior company approval.
Network World

IT Security Industry To Expand Tenfold

The IT security industry is already a $60 billion business that includes about 80 categories of products, but industry observers say it is expected to grow tenfold in the next ten years as the threats represented by hackers and government surveillance continue to diversify.

Illinois Enacts Concealed Carry Employment Policies

The new concealed carry law in Illinois has employers worried about balancing the need to comply with the law and the need to ensure the safety and security of employees.

Top 10 Global Risks Underscore Business Concerns

Two separate studies from Accenture and Aon Risk Solutions have found that organizational risk managers worldwide are closely aligned when it comes to risks they are most concerned about.
National Law Review

What Keeps CEOs Up at Night?

The Lloyd’s Risk Index provides a good view of global risk from the perspective of corporate leaders. This year’s worldwide survey comprised 588 C-Suite and board level executives from companies of various sizes.
Security Magazine

ERM: Old Concept, New Ideas

Enterprise risk management (ERM) is still not close to being standard operating procedure in the majority of enterprises. A
CSO Online

Multinationals in Egypt Hunker Down to Keep Workers, Infrastructure Safe

The political violence in Egypt has prompted multinational companies to deploy their own emergency strategies to protect their employees, supply chains, and bottom lines, reports the Wall Street Journal.
Wall Street Journal

U.S. security industry a $350B market

A new study released this week by ASIS International and the Institute of Finance and Management found that the U.S. security industry is a $350 billion market, the majority of which consists of private sector spending ($282 billion) followed by federal government spending on homeland security ($69 billion).

FBI Taps Hacker Tactics to Spy on Suspects

The FBI has started using hacking tools to track terrorism and other suspects using new communications technology. Unlike phones, these communication methods cannot be accessed via conventional wiretaps, so FBI agents have had to innovate to keep up.
Wall Street Journal

The Future of BioWatch

The Department of Homeland Security (DHS) is currently conducting an analysis of alternatives to determine how to best proceed with the next stage of BioWatch, its system for detecting biological terrorist threats.
Homeland Security Today

Threat Intelligence Needed Quickly or Not at All, Ponemon Study Finds

Companies can mitigate their losses by 40 percent if they use information on current threats, but the value of that information diminishes quickly, according to a recent survey of security professionals by the Ponemon Institute.

Attackers Turning to Legit Cloud Services Firms to Plant Malware

Malware writers are escalating their use of commercial file-hosting sites and cloud services to distribute malware programs, according to security researchers.

How CISOs Help Lower Breach Costs

The cost per record exposed in a data breach is lower for organizations with a chief information security officer, according to the 2013 Cost of Data Breach Study by the Ponemon Institute and Symantec.

'Ban the Box' Laws Make Criminal Pasts Off-Limits

City officials in Richmond, Calif., recently passed an ordinance banning city contractors from inquiring about the criminal histories of job applicants.
Wall Street Journal

Report: Comcast to Send Real-Time Notifications of Copyright Infringement

Comcast is currently testing a new strategy for cracking down on copyright infringement that will detect whether or not a customer is trying to download a movie from a site like BitTorrent.

Taking Steps Now Can Help Reduce Workplace Violence Later

In a recent American Bar Association (ABA) program, "Assessing Security and Avoiding Violence in the Workplace," several experts emphasized the importance of flexibility in helping to prevent difficult workplace situations from escalating into violence.

Security Intelligence Services Ramp Up

The use of automated security systems based on pattern recognition and big data continue to be one of the best tools for IT security. This is especially the case for organizations with limited funding or manpower.
CIO Insight

CIOs Issue Social Media Privacy Practices Guide

The federal Chief Information Security Council has just published guidance saying federal agencies must be transparent in how they use social media, especially those that involve viewing publicly available information.

Hackers Pose as Department of Homeland Security in Ransomware Web Scam"

The US Computer Emergency Response Team (CERT) has discovered ransomware through which hackers posing as the US Department of Homeland Security (DHS) and the National Cyber Security Division are extorting vast sums of money from Web users.
V3.co.uk http://www.v3.co.uk/v3-uk/news/2286201/hackers-pose-as-department-of-homeland-security-in-ransomware-web-scam

Stanford Probes Breach as Attacks on University Networks Soar

Stanford University advises its network users to change their passwords after experiencing a data breach that school officials say resembles incidents reported in recent months by a range of companies and large organizations.
Government Computer News

Taking Steps Now Can Help Reduce Workplace Violence Later

In a recent American Bar Association (ABA) program, "Assessing Security and Avoiding Violence in the Workplace," several experts emphasized the importance of flexibility in helping to prevent difficult workplace situations from escalating into violence.

Security Intelligence Services Ramp Up

The use of automated security systems based on pattern recognition and big data continue to be one of the best tools for IT security. This is especially the case for organizations with limited funding or manpower.
CIO Insight

CIOs Issue Social Media Privacy Practices Guide

The federal Chief Information Security Council has just published guidance saying federal agencies must be transparent in how they use social media, especially those that involve viewing publicly available information.

Hackers Pose as Department of Homeland Security in Ransomware Web Scam

The US Computer Emergency Response Team (CERT) has discovered ransomware through which hackers posing as the US Department of Homeland Security (DHS) and the National Cyber Security Division are extorting vast sums of money from Web users

Stanford Probes Breach as Attacks on University Networks Soar

Stanford University advises its network users to change their passwords after experiencing a data breach that school officials say resembles incidents reported in recent months by a range of companies and large organizations.
Government Computer News http://gcn.com/articles/2013/07/26/stanford-network-security-breach-university-attacks-soar.aspx

GOP lawmakers boycott DHS nominee hearing

Senate Republicans boycotted a hearing last Thursday to consider President Obama’s nominee for deputy DHS secretary.
Homeland Security Newswire

Senate panel to vote this week on cybersecurity bill

The Senate Commerce Committee will this week vote on an industry-backed cybersecurity bill before Congress takes an August recess.
Homeland Security Newswire

North Carolina’s biothreat warning system receives funding

The North Carolina Bio-Preparedness Collaborative (NCB-Prepared), a project to develop an early warning system to detect biothreats, has received $3 million in funding.
Homeland Security Newswire

The arithmetic of gun control and gun violence

The most comprehensive statistical study of gun violence in the United States – examining data going back to the First World War – finds that, in more common domestic and one-on-one crimes, reduced legal gun availability, if properly enforced, is likelier to lower deaths.
Homeland Security Newswire

Research priorities for understanding public health aspects of gun-related violence

A new report from the Institute of Medicine (IOM) and National Research Council (NRC) proposes priorities for a research agenda to improve understanding of the public health aspects of gun-related violence.
Homeland Security Newswire

Chinese Firm is Charged in Theft of Turbine Software

According to an indictment by a federal grand jury in Madison, Wis., the Chinese wind turbine company Sinovel and two of its executives conspired with an employee of AMSC to steal the firm's software for controlling the flow of electricity.
New York Times

End Users Boosting Budgets for Physical Security Gear

According to a survey conducted by IHS Inc. subsidiary IMS Research, 45 percent of end users are reporting that they increased their security funding for physical security equipment during 2012.
Security Director News

A Call to Arms for Banks

U.S. regulators are ramping up pressure on banks to equip themselves against cyberattacks that target individual institutions as well as the financial system as a whole.
Wall Street Journal

Employee Theft on the Rise and Expected to Get Worse

A new study of 23 large retail companies conducted by the loss-prevention consultancy Jack L. Hayes International found that 71,095 employees were caught stealing from their employers last year, an increase of 5.5 percent over 2011.
Business News Daily

Gartner: Pay Less Attention to Security Technology

Gartner's Paul Proctor advises that security professionals should not purchase big-box appliances without first talking to upper-level executives to ensure that security decisions are made based on careful assessments of risks to the data being protected.
Security Magazine

Theft of F-35 design data is helping U.S. adversaries: Pentagon

Defense Department Acquisitions Chief Frank Kendall told Senate panel on Wednesday that cyberattacks that have resulted in the theft of sensitive design data for programs like the F-35 Joint Strike Fighter reduces the U.S.'s advantage over rivals because it will allow them to develop their own stealth aircraft more quickly.

Gartner Reveals Top 10 IT Security Myths

Gartner analyst Jay Heiser says there are 10 IT security myths widely believed to be true among security professionals, rank-and-file employees, and business managers.
Network World

Why Your CEO Is a Security Risk

Security professionals are focusing more on creating sophisticated detection systems because employees are often naive about cyber attacks.
Harvard Business Review

5 Ways to Create a Collaborative Risk Management Program

Risk management functions should be housed under a Chief Risk Officer or Head of Operational Risk, but in the absence of such an organizational structure, there should be bilateral conversations of risk partners.
CSO Online

Managing the People Side of Risk

Executives are increasingly focusing on ways to deploy risk-related processes and oversight structures to better detect and resolve fraud, safety breaches, and operational errors.
McKinsey Quarterly

Officials: Surveillance Programs Foiled More Than 50 Terrorist Plots

National Security Agency (NSA) chief Gen. Keith Alexander and other government officials appeared before the House Intelligence Committee on Tuesday to defend the agency's controversial surveillance programs.
The Washington Post

U.S. and Russia Sign Pact to Create Communication Link on Cybersecurity

The United States and Russia have announced a first-of-its-kind agreement to use real-time communications about national security incidents to lower the risk of conflict in cyberspace.
The Washington Post

What Story Would You Tell?

A security manager is typically given a budget target, but with the effective use of metrics, they can also demonstrate results and advertise specific value for security's programs, George Campbell, emeritus faculty of the Security Executive Council (SEC) and former CSO of Fidelity Investments, tells Security Technology Executive.
Security Technology Executive

Plans to Centralize Cybersecurity With DHS Seen as Step Forward

The Department of Homeland Security (DHS) has proposed the creation of a $6 billion shopping network that would allow government agencies to protect unclassified networks from cyberattacks.
CSO Online

How CIOs Should Talk to the Board About Security

Chief Information Officers (CIOs) and Chief Information Security Officers (CISOs) must discuss cybersecurity issues with company boards to ensure their organization is prepared to deal with potential cyberattacks.

Firms Fortify Fraud Defenses

Internal controls for preventing fraud and other risks at companies have, until now, been based on a 20-year-old framework that did not consider the risks posed by cloud computing, mobile technology, outsourcing, and shifts in corporate governance.
Wall Street Journal CFO Journal Blog

Universities Face a Rising Barrage of Cyberattacks

American research universities are looking to improve cybersecurity in the face of a rising tide of hacking attempts against their networks.
New York Times

NC Companies' Secrets at Risk, Cyber Terrorism Experts Say

Cyber terrorism experts say that companies in North Carolina remain vulnerable to attacks from hackers looking to uncover trade secrets.

Annual U.S. Cybercrime Costs Estimated at $100 Billion

The cost of cyberespionage and cybercrime to the United States is as much as $100 billion per year, according to a recent Center for Strategic and International Studies (CSIS) and McAfee study.
Wall Street Journal

Why Help Desk Employees Are a Social Engineer's Favorite Target

A new report from the SANS Institute and RSA finds that help desk workers are some of the softest targets for social engineering attacks.
CSO Online

One Big Threat to Cybersecurity: IT Geeks Can't Talk to Management

The communications disconnect between IT staff and senior management on security issues is often the result of the inability or unwillingness of IT staff to communicate technical matters in a way that executives can understand, according to a new report from the Ponemon Institute and Tripwire.

Is Anyone Really Responsible for Your Company's Data Security?

While protecting a company's trade secrets, confidential business plans, and other critical information is vital to the bottom line, very often there is no one within the company who is responsible for information security.
Harvard Business Review

Viewing Cyber Security as a 'Whole Business' Issue

Only 40 percent of Canadian executives are concerned about cyber security threats despite many recent high-profile attacks, according to the latest annual C-Suite survey from Gandalf Group and sponsored by KPMG.
Toronto Globe & Mail

Senior Management Officials Do Not Understand Security Metrics As It Is Too Technical

Tripwire and the Ponemon Institute surveyed more than 1,300 IT professionals and found that nearly half -- 49 percent -- were unsure that their organizations' metrics could convey security risk management efforts to senior executives.
SC Magazine

Banks Gird for Battle Against Cyberattackers

JPMorgan, Bank of America, and Citigroup are among the banks that are taking part in a simulated cyberattack on Thursday.
Associated Press

U.S., Firms Draw a Bead on Chinese Cyberspies

In an effort to curb cybersecurity and hacking, the U.S. government earlier in the year gave U.S. Internet service providers addresses associated with a hacking group with suspected ties to the Chinese military.
Wall Street Journal

Make Way for State and Local Cyber-Ranges

The U.S. government has wanted a nationwide network of unclassified cyberexercise facilities for years, and now that idea is coming to state and local governments.
Government Technology

Experts: Obama's Plan to Predict Future Leakers Unproven, Unlikely to Work

The Insider Threat Program, which the Obama administration launched in October 2011 to identify government employees or contractors likely to leak sensitive information, has come under harsh criticism in light of the recent National Security Agency (NSA) leaks by contractor Edward Snowden.
McClatchy Washington Bureau

20 Critical Controls Do Improve Cybersecurity, But Are You Using Them?

A new survey of security professionals by the SANS Institute shows that acceptance and implementation of the 20 Critical Security Controls developed by SANS and other institutions is maturing slowly.
Government Computer News

Darkleech' Malware Undertakes Ransomware Campaign

Eset security researchers are warning of a new malware campaign called Darkleech that utilizes compromised Apache servers to lock users' computers and tries to extort money from the victims to release their machines.
IDG News Service

U.K. Lawmakers Sound Alarm on Cyberattacks

The United Kingdom parliament's intelligence and security committee on Wednesday released a report warning that the cyberattack threat "is at its highest level ever" and likely to rise.
Wall Street Journal

Exploiting Prepaid and Alternative Currencies

Sources say a new type of mobile card reader has been developed for use by U.S. Immigration and Customs Enforcement agents that could recognize the value on prepaid cards and allow law enforcement to get a court order to temporarily freeze and hold the funds if criminal activity is suspected.
Prepaid Press

U.S. research universities subject to sustained cyberattack campaign by China

Leading U.S. research universities report that they have been subject to millions of Chinese hacking attempts weekly. The Chinese are aware that universities, and the professors who do research under the schools’ auspices, receive thousands of patents each year in areas such as prescription drugs, computer chips, fuel cells, aircraft, medical devices, food production, and more.
Homeland Security Newswire

Dealing with man-made earthquakes

Between 1967 and 2000, central and eastern United States experienced on average 20 earthquakes above a magnitude 3.0 a year. Between 2010 and 2012, the number of earthquakes above a magnitude 3.0 in these regions has dramatically increased to an average of 100 a year
Homeland Security Newswire

ebay Director Hired to Solve £30Bn Retail Problem

ebay Director John Mearls has been elected vice chair of the Online and Mail Order Loss Prevention Forum to help tackle a £30billion U.K. cybercrime problem.
Retail Gazette

The Price of Surveillance: Gov't Pays to Snoop

Some telecommunications and Internet companies are taking advantage of a provision in federal law that allows them to charge law enforcement and intelligence agencies to complete some surveillance requests.
Associated Press

Can Agencies Team Up in Responding to Cyber Attacks

The U.S. National Institute of Standards and Technology is seeking input for planned guidance on interagency cooperation and response during cybersecurity incidents.
Government Computer News

DHS Report: Energy Sector Now a Bigger Target for Cyber Attackers

A report issued by the Department of Homeland Security's Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) shows that there has been a significant increase in the number of cyberattacks in the energy sector over the past year
Wall Street Journal

For NSA, Hackers Are Needed, Risky

Rapidly improving technology and growing pressure to outsource important government services have forced spy agencies such as the National Security Administration (NSA) to increasingly turn to "hackers" like Edward Snowden.
Wall Street Journal

Banks to Heighten Mobile Wallet Security by Walling Off Data

Citigroup, U.S. Bancorp, and other members of the Clearing House industry trade group are collaboratively developing technology designed to boost the security of mobile wallets by walling off customer account data from merchants and other third parties.
American Banker

What's Wrong With Cybersecurity Training?

While federal agencies have been increasing their efforts in training, education, recruiting, and hiring, the government still faces a shortage of skilled cyberprofessionals
Federal Computer Week

Cybercriminals Expand DDOS Extortion Demands

Extortion by threatening to launch a distributed denial-of-service against a target site if one of an increasing number of schemes being used by criminals as DDoS tools become increasingly powerful, accessible, and cheap.

A Sign of Cyber Threats to Come

Chief information officers of American companies have been warned against the dangers of widespread cyberattacks on their systems as well as the need to prepare defenses against such attacks, following cyberattacks against six South Korean banks and media companies in March that shut down operations and destroyed data on nearly 48,000 computers.
Wall Street Journal

U.S. Looks to Blunt Corporate Espionage by Chinese Firms

Benjamin Bai, a partner at Allen & Overy in Shanghai, commented that a recent law strengthening the U.S. Economic Espionage Act is likely to encourage U.S. companies to file criminal charges against Chinese companies that steal their intellectual property.
Wall Street Journal

Packaging Design Aims to Reduce Theft of Infant Formula

Tyco Integrated Security and Perrigo Nutritionals have jointly developed a theft-resistant infant formula container in an effort to combat increasing retail theft of baby formula.
Security Director News

'Password Fatigue' Haunts Internet Masses

Millions of Internet users know that passwords are not safe when hackers can steal them en masse from banks, email services, retailers, or social media sites that fail to fully protect their servers.
Agence France-Presse

Chinese Firm is Charged in Theft of Turbine Software

According to an indictment by a federal grand jury in Madison, Wis., the Chinese wind turbine company Sinovel and two of its executives conspired with an employee of AMSC to steal the firm's software for controlling the flow of electricity.
New York Times

End Users Boosting Budgets for Physical Security Gear

According to a survey conducted by IHS Inc. subsidiary IMS Research, 45 percent of end users are reporting that they increased their security funding for physical security equipment during 2012. Budgets exceeded $100,000 a year for some 44 percent of respondents, while 20 percent said that they had an annual budget of more than $500,000. These
Security Systems News

A Call to Arms for Banks

U.S. regulators are ramping up pressure on banks to equip themselves against cyberattacks that target individual institutions as well as the financial system as a whole.
Wall Street Journal

Employee Theft on the Rise and Expected to Get Worse

A new study of 23 large retail companies conducted by the loss-prevention consultancy Jack L. Hayes International found that 71,095 employees were caught stealing from their employers last year, an increase of 5.5 percent over 2011.
Business News Daily

Gartner: Pay Less Attention to Security Technology

Gartner's Paul Proctor advises that security professionals should not purchase big-box appliances without first talking to upper-level executives to ensure that security decisions are made based on careful assessments of risks to the data being protected.
Security Magazine

Theft of F-35 Design Data is Helping U.S. Adversaries: Pentagon

Defense Department Acquisitions Chief Frank Kendall told Senate panel on Wednesday that cyberattacks that have resulted in the theft of sensitive design data for programs like the F-35 Joint Strike Fighter reduces the U.S.'s advantage over rivals because it will allow them to develop their own stealth aircraft more quickly.
Reuters/Yahoo News

Gartner Reveals Top 10 IT Security Myths

Gartner analyst Jay Heiser says there are 10 IT security myths widely believed to be true among security professionals, rank-and-file employees, and business managers. He says the first of these myths, all of which consist of misperceptions and exaggerations about the cybersecurity threats facing organizations and the technologies that are used to guard against those threats, is the belief among security professionals that their organization will never be targeted by malicious hackers.
Newwork World

End Users Boosting Budgets for Physical Security Gear

According to a survey conducted by IHS Inc. subsidiary IMS Research, 45 percent of end users are reporting that they increased their security funding for physical security equipment during 2012.
Security Director News

A Call to Arms for Banks

U.S. regulators are ramping up pressure on banks to equip themselves against cyberattacks that target individual institutions as well as the financial system as a whole.
Wall Street Journal

Employee Theft on the Rise and Expected to Get Worse"

A new study of 23 large retail companies conducted by the loss-prevention consultancy Jack L. Hayes International found that 71,095 employees were caught stealing from their employers last year, an increase of 5.5 percent over 2011.
Business News Daily

Gartner: Pay Less Attention to Security Technology

Gartner's Paul Proctor advises that security professionals should not purchase big-box appliances without first talking to upper-level executives to ensure that security decisions are made based on careful assessments of risks to the data being protected.
Security Magazine

Theft of F-35 Design Data is Helping U.S. Adversaries: Pentagon

Defense Department Acquisitions Chief Frank Kendall told Senate panel on Wednesday that cyberattacks that have resulted in the theft of sensitive design data for programs like the F-35 Joint Strike Fighter reduces the U.S.'s advantage over rivals because it will allow them to develop their own stealth aircraft more quickly.

Why Your CEO Is a Security Risk

Security professionals are focusing more on creating sophisticated detection systems because employees are often naive about cyber attacks. However, the human factor is critical for stopping hackers, considering a recent Trend Micro report reveals that 91 percent of all cyber attacks start with a targeted phishing email.
Harvard Business Review

Why Are We So Slow to Detect Data Breaches?

A recent McAfee survey of senior IT decision makers shows the disconnect between enterprises' perceived capacity to detect and remediate data breaches and the reality.
Dark Reading

What Story Would You Tell?

George Campbell, emeritus faculty of the Security Executive Council (SEC) and former CSO of Fidelity Investments, tells Security Technology Executive that a security manager is typically given a budget target but with the effective use of metrics, they can also demonstrate results and advertise specific value for security's programs.
Security Technology Executive

U.S. and Russia Sign Pact to Create Communication Link on Cybersecurity

The United States and Russia have announced a first-of-its-kind agreement to use real-time communications about national security incidents to lower the risk of conflict in cyberspace.
Washington Post

Officials: Surveillance Programs Foiled More Than 50 Terrorist Plot

National Security Agency (NSA) chief Gen. Keith Alexander and other government officials appeared before the House Intelligence Committee on Tuesday to defend the agency's controversial surveillance programs.
Washington Post

Managing the People Side of Risk

Executives are increasingly focusing on ways to deploy risk-related processes and oversight structures to better detect and resolve fraud, safety breaches, and operational errors.
McKinsey Quarterly

5 Ways to Create a Collaborative Risk Management Program

Risk management functions should be housed under a Chief Risk Officer or Head of Operational Risk, but in the absence of such an organizational structure, there should be bilateral conversations of risk partners.
CSO Online

Patients Put at Risk by Computer Viruses

The U.S. Food and Drug Administration (FDA) is cautioning medical device makers that computer viruses are threatening to infect their equipment and place patients at risk. The FDA for the first time advised manufacturers to submit security plans to thwart cyberattacks when seeking approval for their products, and also recommended that hospitals practice more vigilance in reporting cybersecurity failures.
Wall Street Journal

Ponemon and Symantec Find Most Data Breaches Caused by Human and System Errors

Human errors and system problems caused two-thirds of data breaches in 2012 and pushed the global average to $136¹ per record, according to the 2013 Cost of Data Breach Study: Global Analysis. Issues included employee mishandling of confidential data, lack of system controls, and violations of industry and government regulations. Heavily regulated fields including healthcare, finance and pharmaceutical incurred breach costs 70 percent higher than other industries.

More Than 280,000 Complaints of Online Criminal Activity Reported in 2012

In 2012, the Internet Crime Complaint Center received and processed 289,874 complaints, averaging more than 24,000 complaints per month.

Americans Worry about Data Breaches but Disagree About Private Companies to Notify about Cyber Attacks

According to research by Unisys Corporation , a majority of Americans are concerned about data breaches involving large organizations, but are evenly mixed on whether legislation should require private businesses to share cyber attack information with the government.

Colonel Richard Kemp: U.K. Businesses Unprepared for Al-Qaida Terror Threat"

Al-Qaida terrorists will likely target British businesses that are unprepared for such an attack, according to Col. Richard Kemp, a former commander of British forces in Afghanistan.
IB Times

Hagel Says Chinese Cyberattacks a 'Growing

Defense Secretary Chuck Hagel warned attendees at the International Institute for Strategic Studies' annual conference on June 1 that there is a "growing threat" of cyberattacks against the United States.
Homeland Security News Wire

Americans Don't Fret Over Cybersecurity

The latest edition of the Unisys Security Index shows Americans' concern about cybersecurity issues at its lowest level since 2007. The index, based on surveys measuring the attitudes of more than 1,000 Americans toward cybersecurity, stands at 120 for the first half of 2013, in contrast to the index's all-time high of 164 in 2011.

Cyber Theft: A Hard War to Wage

The U.S. government is currently working to take diplomatic action against Chinese hackers suspected of stealing trade secrets from both public and private entities.
Financial Times

Cyber Security: The 'Immune System' of Enterprise IT

Deloitte & Touche principals Kelly Bissell and Kieran Norton say that current cyber threat solutions require a specific understanding of a threat before responding effectively to it.
Wall Street Journal

"Corporate Security's Weak Link: Click-Happy CEOs

An article in The Wall Street Journal warns that the biggest threat to the security of corporate networks could be the CEO
Wall Street Journal

ATM Theft Puts Indian IT in Unwelcome Spotlight

The recent theft of $45 million from ATMs around the world has renewed debate about the security implications of the banking industry's outsourcing of certain functions to Indian companies.
ATM Security

IP Theft Costs US $300 Billion Per Year: Report

A report by the Commission on the Theft of American Intellectual Property (CTAIP) has found that intellectual property theft costs the United States more than $300 billion annually.
Voice of America

IP Theft Costs US $300 Billion Per Year: Report"

A report by the Commission on the Theft of American Intellectual Property (CTAIP) has found that intellectual property theft costs the United States more than $300 billion annually.
Voice of America

"Few Utilities Complying With Voluntary Anti-Stuxnet Measures

According to a survey by Rep. Henry Waxman (D-Calif.) and Rep. Edward Markey (D-Mass.) to 150 businesses, most electric utilities are not compliant with rules meant to protect against the Stuxnet virus
The Hill

Former CIA Director Warns About Cyber Threats From North Korea

Former CIA Director R. James Woolsey testified before the House of Representatives Energy and Commerce Committee Hearing on May 21 on cyber threats and security solutions, saying that the country was at risk of being hit with a particular type of cyber attack by North Korea.
Wall Street Journal

California Launches Cybersecurity Task Force

The California Cybersecurity Task Force had its first closed-doors meeting on May 13, marking a first for state-led public-private collaborations on cybersecurity.
Government Technology

In Focus- Healthcare: The Cure for Security Inconsistency

The security team at the Cambridge, Mass.-based biotechnology company Genzyme has for a little over a decade worked to integrate the various aspects of its security system with different departments in the company, including human resources, finance, and IT. Security at the company was from the onset defined in a broader sense, tackling enterprise risk, supply chain risk, insurance, competitive technical information, IT security, physical security, and product security.
Security InfoWatch

Cybersecurity Strikeback Will Strike Out in the Private Sector

Network penetrations by hactivists, cybercriminals, and nation-states have become so commonplace that many have begun to consider striking back directly against the attackers.
NetWork World

Utilities Targeted by Hackers Raise Dire U.S. Warnings

Charles Edwards, the U.S. Department of Homeland Security's (DHS) top investigator and acting inspector general, said in testimony for the House Homeland Security Subcommittee on Cybersecurity that the number of cyberattacks on the computers that run the nation's critical infrastructure are increasing, with potentially lethal effects.

Many State and Local Networks Unprepared for Cyberattacks

The networks and IT systems used by many state and local governments are not prepared for cyberattacks, according to a Consero survey
Government Computer News

Companies launch 'cyber war games' to prepare for hackers

Taking on make-believe hacking scenarios is helping firms better prepare for the real thing.
Star Tribune

Report: Chinese hackers resume attacks on U.S. targets

After a few months of silence, Chinese government-backed hackers are back on the hunt and going after U.S. targets, according to a New York Times report.
New York Times Report on CBS News

New 'Benefit-Denial Approach' to Retail Shrink

Best Buy and an undisclosed office-supply chain are working with MeadWesvaco and ProTeqt Technologies to promote a new consumer-friendly approach to combat theft along the entire supply chain.
Security Director News

Criminals Target the Data Merchants Hold

Nearly a quarter of 621 data breaches reported in 2012 targeted multichannel merchants and restaurants, according to a new report from Verizon Enterprise Solutions.
Internet Retailer

Researchers Find Hundreds of Insecure Building Control Systems

Cylance researchers warn that hundreds of Australian organizations are using out-of-date industrial control systems to control the lights, heating and cooling, access controls, and elevators.
Computer World

New Survey: Employee Theft No Longer An If - Now It Is How Much

New Kessler Survey finds that 95 percent of employees steal from employers, up from 79 percent in Kessler's 1999 study.
Kessler International

Military Grooms New Officers for War in Cyberspace

The U.S. Army, Navy, and Air Force academies have announced plans to expand cyber security training.
Wall Street Journal

"Texas Fertilizer Plant Had a History of Theft, Tampering"

Police investigating the explosion of a Texas fertilizer plant that killed 14 people say the facility had been repeatedly targeted by thieves tampering with the chemical tanks.
Milwaukee-Wisconsin Journal Sentinel

A Homemade Style of Terror: Jihadists Push New Tactics

The strong U.S. response to the Sept. 11 attacks has forced al-Qaida to shift its focus from carrying out spectacular attacks to smaller ones executed by lone wolf terrorists.
New York Times

U.S. Officials Seek Lessons in Bombing Catastrophe

The U.S. Department of Homeland Security (DHS) is using the Boston Marathon bombing as a catalyst for change, taking lessons learned from the attack and using them to increase community policing, in part by preparing religious and community leaders to spot warning signs of extremism.
Boston Globe

DHS Chemical Plant Security Program Hobbled by Problems, Poor Oversight

The U.S. Department of Homeland Security (DHS) inspector general released a report in March that brought to light poor planning and poor execution of the Chemical Facility Anti-Terrorism Standards (CFATS) program, which is responsible for the security of chemical facilities like the West Fertilizer Company plant in Texas.
Homeland Security News Wire

U.S. Used 'Distributed Intelligence' to Investigate Boston Marathon Bombing

The clear, imminent danger of the Boston Marathon bombing drove U.S. citizens, emergency medical crews, law enforcement officials, elected officials, government agencies, and the media to act as a "distributed intelligence" network where several nodes come together to form a massive computing platform, according to Irving Wladawsky-Berger, the former vice president of technical strategy and innovation at IBM.
Wall Street Journal

Cyberattacks Triple in 2012, Akamai Says

The number of distributed denial of service (DDoS) attacks more than tripled in 2012 from the previous year, according to Akamai.

Eletropaulo Plans Biggest Brazil Smart Grid to Fight Power Theft

The Brazilian power company Eletropaulo Metropolitana de Eletricidade de Sao Paulo is planning to invest in a smart-grid project that it says will help cut down on the theft of electricity.

Enterprises Are Experiencing a Wide Variety of Web Application Attacks

ESG recently surveyed 200 security experts and found that 79 percent of enterprise organizations have experienced Web application security attacks in the past year.
Network World

Cyber Compliance: Defense Strategies Neglect 'Know Your Enemy' Rule

Experts say that the cybersecurity industry uses blanket protections to ward off would-be intruders, but that such defense measures could begin to falter as corporate resources become strained and hackers become more innovative.
Wall Street Journal

China Cyberspies Outwit U.S. Stealing Military Secrets

Among defense contractors, QinetiQ North America (QQ/) is known for spy-world connections and an eye- popping product line. Its contributions to national security include secret satellites, drones, and software used by U.S. special forces in Afghanistan and the Middle East.

Technology Fuels New Advances and Challenges in Predictive Policing

While yesterday’s criminals relied on guns, knives and threats of physical harm, tomorrow’s criminals are likely to be more effective in spreading fear or stealing millions by simply sitting behind a laptop or using their mobile or a tablet device.

Chinese Hackers Targeting the Healthcare Industry

Gangs of Chinese hackers are targeting the U.S. healthcare industry, going after intellectual property associated with new drugs and devices as well as business processes that improve efficiency.
Dark Reading

Pepsi Suddenly Scarce in Thailand after Bottler Breakup

The day after PepsiCo Inc.'s bottling deal in Thailand expired, its partner of 59 years launched its own soft drink that has knocked Pepsi off store shelves.

Pain Killer Abuse Now Strikes the West

The epidemic in painkiller-abuse gripping the Southern and Eastern U.S. is tightening its hold on the Western part of the country, having blindsided law enforcement and public health authorities.
Wall St. Journal

Drug Side Effects Found on the Internet

A new study shows that Internet searches can uncover drug side effects before the FDA can.
The New York Times

Older, Quieter Than WikiLeaks, Cryptome Perseveres

Since its creation in 1996, Cryptome has amassed more than 70,000 files — lists of secret agents, high-resolution photos of nuclear power plants, and much more.
Associated Press

New Anti-Smuggling Center Uncovers Internal Surprises

E2C2 finds a match whenever one agency reports it has information on another agency's target, whether that information is a smaller file with standard information or full-fledged investigation.

Pentagon Forming Cyber Teams to Prevent Attacks

Gen. Keith Alexander, the top officer at U.S. Cyber Command, warned in recent congressional testimony that the threat of cyber attacks against U.S. institutions and infrastructure was very real.
Associated Press

2012 economic losses from disasters set new record at $138 billion

The UN Office for Disaster Risk Reduction (UNISDR) reported that for the first time in history, the world has experienced three consecutive years in which annual economic losses have exceeded $100 billion.
Homeland Security News Wire

Cyberattacks: The Complexities of Attacking Back

Some in the the cyber security industry say that now is the time to have a debate over the use of offensive strategies in combating the threat from malicious hackers.

Former CFO Faces Sentencing for Hedge Fund Theft

A New York man is accused of embezzling more than $1 million from a hedge fund where he served as CFO.
Associated Press

Health Employees Seek Legislation to Address Workplace Violence

Health employees in Maryland have recently taken their concerns over workplace violence to Annapolis, where they hope state legislators will work to enact laws to protect them from irate or otherwise unhinged patients.
Baltimore Sun

The Enemy of Risk Management Starts With a C (and It's Not China)

The National Institute of Standards and Technology's Ron Ross says a growing solution for network risk management is the use of cloud services, in particular emerging public cloud options.
Government Computer News

Mass shootings since 2006 claim 934 lives

More than 900 people died in mass shootings in the past six years, the majority killed by people they knew, according to a report in USA Today.
Security Director News

Earthquake catastrophes and fatalities to rise in 21st century

Predicted population increases in this century can be expected to translate into more people dying from earthquakes. There will be more individual earthquakes with very large death tolls as well as more people dying during earthquakes than ever before, according to a new study.
In Menlo

Making communities more resilient to climate-induced weather disasters

Mounting scientific evidence indicates climate change will lead to more frequent and intense extreme weather that affects larger areas and lasts longer. We can reduce the risk of weather-related disasters, however, with a variety of measures.
Sustainable Cities Collective

U.S. responds to China’s cyberattacks with anti-theft trade strategy

The Obama administration yesterday (Wednesday) unveiled the details of a broad strategy to counter the systemic theft by Chinese government agencies of U.S. trade and technology and trade secrets.
Seattle pi

Chinese set to buy yet another U.S. taxpayer-backed hi-tech firm

Lawmakers yesterday expressed their concerns about the likelihood that U.S. taxpayer dollars could end up bolstering the Chinese economy. The lawmakers reacted to reports that a Chinese firm, Zhejiang Geely Holding Group, is leading the list of companies bidding for a majority stake in government-backed Fisker Automotive, and that the only serious rival of that Chinese company is a Chinese auto maker.
Homeland Security NewsWire/Scoop It

BP Stations Were Greater Safety Risk Than Production Sites

Internal records from U.K. oil giant BP show that the company's deadliest operating locations over the past 14 years were retail fuel stations in the United States.
Wall Street Journal

Supreme Court Justice: Monsanto Seed Saving by Indiana Farmer is Like Bank Robbery

The U.S. Supreme Court is in the process of deciding whether seeds produced from patented genetically modified crops can be used to resow fields without violating intellectual property laws.
Heffington Post

The State of the Homeland Security Market in 2013

President Barack Obama Tuesday warned the nation and Congress about the debilitating impact that $1 trillion in automatic spending cuts.
HS Today.US

Plans to Prevent Workplace Violence Urged

While homicides at work are statistically rare, they do happen. In all, 358 employees were killed or injured on the job by gunfire in 2011.
Pittsburgh Post-Gazette

Malicious Web-Based Attacks Up 600 Percent Year-over-Year

The number of malicious Web sites playing host to malware and launching cyberattacks has grown by nearly 600 percent year-over-year worldwide, according to Websense Security Labs report.

Security Pros Say Their Companies Invest in the Wrong Technologies

More than a third of security professionals say they are not confident they are spending money on the appropriate technologies for protecting valuable data, according to a SafeNet survey.
CSO Online

U.S. Said to Be Target of Massive Cyber-Espionage Campaign

The United States is the target of a massive, sustained cyber-espionage campaign that threatens the country's economic competitiveness, according to the National Intelligence Estimate (NIE).
Washington Post

Is Identity the New Perimeter?

The proliferation of cloud and mobile computing has "completely destroyed the old, fortress-style model of security that was based on network security, firewalls, and VPNs," says Identropy's Nishant Kashik.
Dark Reading

New Policies Ordered on Federal Workplace Violence

Federal agencies have been told to produce within four months more comprehensive policies for addressing domestic violence, sexual assault and stalking in their workplaces.
Washington Post

Proposed Legislation Would Let Hospitals Form Own Police Departments

Indiana State Sen. Dennis Kruse recently introduced a bill that would allow hospitals to set up their own private police departments to defend against active shooters and other threats that might arise.
FOX 59

Cyberattack Threatens Most Businesses, Deloitte Survey Says

Although 88 percent of companies believe they are not vulnerable to a cyberattack, all businesses are at risk and should be prepared to rebound rapidly following a security incident, according to a Deloitte survey of 121 technology, media, and telecommunications firms worldwide.
Computerworld Australia

Chinese Army Unit is Seen as Tied to Hacking Against U.S.

A report from the computer security firm Mandiant links a number of recent cyber attacks on American companies to the Chinese military.
New York Times

Cyber Attacks Bring Call for Help

Ajay Banga, the chairman of the Business Roundtable's information and technology committee, said Tuesday that his organization is planning to push for greater collaboration on cyber security between the federal government and businesses.
Wall Street Journal

Nations Prepare for Cyber War

The anti-virus company McAfee says that nation states are more likely to be behind major cyber attacks in the coming year and that these attacks are likely to be more and more destructive.
CNN Money

Major Security Issues With Cloud Computing Being Ignored

End users have a number of concerns in the ever-changing industry, but an exclusive Security Director News survey pinpoints the chief issues that keep security professionals up at night. The survey results were released at TechSec 2013.
Security Director News

Major Security Issues With Cloud Computing Being Ignored

A new Imperva report says many organizations are not aware of the security problems facing them as they move to the cloud. The report notes that Yahoo was hacked because its security measures failed to address insecure third-party code.
International Business Times

Private Security Group Assembles First Private Navy Since East India Company to Protect Indian Ocean Shipping Convoys from Somali Pirates

In order to mitigate the risks and costs associated with piracy on the high seas, the private security company Typhon is setting up the world's first private navy since the East India Company closed down about 220 years ago.
Daily Mail

Norway Considers Sharing Risk Intelligence with Businesses

Norwegian officials have announced that they will consider sharing risk assessments with businesses operating in unstable countries.
Wall Street Journal

Most Hospital Shootings Are Not Preventable

Recent research from Johns Hopkins University found that most hospital shootings are undertaken by a determined shooter with a specific target, making them very hard to prevent.
Hospital Employee Health

New Threat Emerges at Intersection of Terrorism, Syndicated Crime

Terrorist groups in Africa and the Middle East have recently shown a shift in funding practices to support their operations in the regions, moving beyond relying on larger donors and instead resorting to illicit and high-paying criminal practices like drug trafficking, kidnapping, and robbery.
NPR Online

Self-Deleting E-mails: An Enterprise Nightmare

Many network administrators will soon find themselves mired in a quandary related to the use of apps and Web sites that enable the sending of self-deleting communications.
Government Computer News

Cisco Flags Threat That Generation Y Poses to Corporate Security

The new Cisco Connected World Technology Report (CCWTR) has warned employers that younger workers, particularly those in Generation Y, are more likely to share personal information online than their older colleagues.
IT Pro

U.S. Weighs Tougher Action Over China Cyberattacks

Two former U.S. officials speaking on the condition of anonymity said the federal government's upcoming National Intelligence Estimate is expected to thoroughly detail cyber threats against the United States as a burgeoning economic problem.
Associated Press

Hackers Hijacking Security Cameras for Malware and Spying

Researchers say hackers increasingly are targeting unsecured Internet-connected devices, such as printers, networking equipment, and even networked surveillance camera systems.

U.S. Weighs Tougher Action Over China Cyberattacks

Two former U.S. officials speaking on the condition of anonymity said the federal government's upcoming National Intelligence Estimate is expected to thoroughly detail cyber threats against the United States as a burgeoning economic problem.11
Associated Press

FTC Staff Report Recommends Ways to Improve Mobile Privacy Disclosures

The Federal Trade Commission, the nation’s chief privacy agency, issued a staff report recommending ways that key players in the rapidly expanding mobile marketplace can better inform consumers about their data practices.
Federal Trade Commission

Healthcare facilities seek antidote to epidemic of violence

The IAHSS found that 2012 earned title of the year with the greatest number of fatalities reported.
Security Infowatch

Chinese Hackers Hit U.S. Media

Chinese hackers believed to have government links have attempted to tap into computers of Wall Street Journal and New York Times reporters to uncover the sources for articles relating to China.
The Wall Street Journal

Major Security Issues with Cloud Computing Being Ignored

Security expert Barry Shteiman with Imperva believes that organisations aren't even aware of the security problems facing them as they move to the cloud, following the attack on Yahoo last month
International Business Times

China Accused of Java, IE Zero Day Attacks

The Chinese government is being blamed for targeted attacks against recently disclosed vulnerabilities in Java and Internet Explorer.
Information Week

'Red October' Response Shows Importance of Threat Indicators

Kaspersky Lab and Alien Vault issued a new report on the Red October cyberespionage campaign, this time containing indicators of compromise (IOCs) that organizations can use to check their systems for signs that they were affected by the attack.
Dark Reading

Startup Clamps Down on Energy Theft

The Electric Power Research Institute estimated that electricity theft or tampering cost the industry $6.5 billion in 2006.
MIT Technology Review

Red Flags in Filings of Firm Linked to Caterpillar Fraud

China-based ERA Mining Machinery Ltd. has been accused of running a widespread accounting fraud as well as shady insider loans and asset transfers prior to being purchased by Caterpillar Inc.
Fox Business

Employees Put Critical Infrastructure Security at Risk

Security experts say a lack of cooperation between IT and operators is contributing to the ongoing vulnerability of critical infrastructure to cyberattack.
CSO Online

Chinese Hackers Attack NYTimes Journalists Following Blockbuster Story

The New York Times reported on Jan. 31 that Chinese hackers had launched a series of cyber attacks against the publication for about four months following the newspaper's publication of an article that exposed the $2.7 billion wealth of outgoing Chinese Premier Wen Jiabao.
Voice of America

Healthcare Facilities Seek Antidote to Epidemic of Violence"

The 2012 Crime and Security Trends Survey released by the Foundation of the International Association for Healthcare Security and Safety (IAHSS) found that 2012 earned the title as the year with the greatest number of fatalities reported by IAHSS members since the survey was first issued 20 years ago, with eight homicides being reported in such healthcare facilities in the past year.

CEOs Open to Cybersecurity Rules

Many Fortune 500 companies support the creation of voluntary cybersecurity standards, according to a survey by the Senate Commerce Committee.
Wall Street Journal

Millions of PCs Exposed Through Network Bugs, Security Researchers Find

Common bugs in networking systems are threatening the security of PCs, printers, and storage devices, with up to 50 million devices worldwide at risk, warn Rapid7 researchers. They say hackers can attack the devices through a vulnerability in the Universal Plug and Play (UPnP) standard, a set of networking protocols that enables devices to communicate and discover each other's presence

Survey: 71 Percent of Organizations Using Unsanctioned Cloud Apps

A new OneLogin survey found that 71 percent of respondents admitted to using unsanctioned cloud apps.
Talkin' Cloud

Workplace Homicides Up 50 Percent in 2012

A recent shooting at Lone Star College in Texas marks the latest in a recent string of shootings at schools, universities, and other workplaces.
Cypress Creek Mirror

'Cyber 9/11' May Be on Horizon, Homeland Security Chief Warns

U.S. Homeland Security Secretary Janet Napolitano reiterated the need for cybersecurity legislation during a talk at the Wilson Center think tank on Jan. 24, saying that a "cyber 9/11" could happen "imminently," according to a report from Reuters.

CIOs Make Tough Calls on the Cost of Cyber Security

Cyber attacks against major corporations have been increasing in number and in sophistication, prompting many companies to move their IT security from the lower echelons of corporate ranking to the highest levels of corporations.
Wall Street Journal

U.S. to adopt tougher stance toward China’s persistent cyberattacks

The Obama administration let it be known that it is examining the adoption of more assertive stance against China in response to a persistent cyber-espionage campaign waged by Chinese government hackers U.S. companies and government agencies.
Homeland Security Newswire

Study: Many Businesses Overconfident About Cybersecurity

A new report form the business advisory firm Deloitte on the cyber security practices of technology, media, and telecommunications companies finds that while many security executives say they are aware of security risks and that their organizations are not vulnerable, far fewer have vital security measures in place.
Security InfoWatch

Cyber Attacks Bring Call for Help

Ajay Banga, the chairman of the Business Roundtable's information and technology committee, said Tuesday that his organization is planning to push for greater collaboration on cyber security between the federal government and businesses. Business interests were among those who applied pressure to kill legislation before Congress last year that would have set up voluntary cyber security regulations .
Wall Street Journal

What's Your Total Cost of Risk (TCOR)?

Companies that do not know their Total Cost of Risk (TCOR) may need a better connection to their own risk managers, who measure risk by what can be insured and what it costs to do so. While the measurement of operational risks is still a bit of a puzzle for CSOs, risk managers have used TCOR for ages.
CSO Online

Verizon to Test Support for One Password for Whole Internet

Online identity and technology companies are collaborating to test whether consumers would trust a single, highly secure user-password combination for all of their online accounts.

How to Create a Domestic Violence Policy at Your Workplace"

Experts say that all employers need to develop policies for dealing with domestic violence, since the problem can sometimes spill over into the workplace. Developing such policies takes only a small amount of time, perhaps about 20 minutes.
HR.BI.R.com-Business and Legal Resources

China Dominates 2012 Cybersecurity Talking Points"

China dominated discussions of cyber security in the Asia-Pacific region in 2012, leading numerous trends including increased concern over cyber espionage, the incorporation of cyber and hacking attacks into regional politics, and attempts to curb cyber crime through new legislation.

Marvell Slammed With $1.2 Billion Patent-Infringement Judgement

The U.S. District Court for the Western District of Pennsylvania on Wednesday ordered computer chip maker Marvell Technology to pay Carnegie Mellon University $1.17 billion in damages for willfully infringing on its patents.
San Jose Mercury News

Mobile Phone Services Suspended in Karachi Over 'Terror Threat

Officials in Pakistan suspended cell phone service in Karachi for much of the day on Friday in response to concerns about the threat from terrorism.

Ransomware Scammers Push Panic Button With Bogus Claims

Symantec researcher Jeet Morparia issued an advisory on Dec. 24 about a new variant of ransomware called "Trojan.Ransomlock.G," saying that the malware's threat of erasing victims' hard drives is an empty one.

Poor SCADA Security Will Keep Attackers and Researchers Busy in 2013

The security of supervisory control and data acquisition (SCADA) and other types of industrial control systems (ICS) has been a hotly debated topic in the IT industry since the Stuxnet malware was discovered in 2010.

Four Security Trends Defined 2012, Will Impact 2013

Security experts say the cybersecurity trends that were visible in 2012 will continue to be seen next year. One of those trends is the growing threat to the security of mobile devices.

U.S. Appeals Court Revives Workplace-Cybertheft Lawsuit

The 2nd U.S. Circuit Court of Appeals in New York on Wednesday ruled that a Denver-based chemical company's lawsuit against a former account manager accused of unauthorized computer access and the misappropriation of trade secrets can proceed, overturning a ruling by a lower court.

China Takes Chilling Look at Security in its Schools

A Dec. 14 attack at China's Chenpeng Village Primary School in Guangshan County, Henan Province, which left 23 children injured at the hands of a man wielding a meat cleaver, has called into question the nation's efforts to secure its schools after a series of such attacks over the past three years.
New York Times

Beware iPhone and Android Fraud, Javelin Warns

Javelin is warning banks about a growing threat to the security of mobile transactions. The company noted that smartphone users who use their handsets to make purchases and perform banking transactions face a rising threat from mobile malware because they are increasingly utilizing mobile browsers rather than native apps to perform these transactions. Mobile browsers are less safe than apps because they make users more prone to phishing, Web site spoofing, and man-in-the-mobile attacks.
American Banker

How often should you change your passwords?

How often do you need to change your passwords for all your other logins (if at all)?

Ruby Resident Martin Kimber Pleads Guilty to Placing Mercury at Albany Medical Center

A retired pharmacist from Ulster County, N.Y., pleaded guilty on Nov. 29 to spreading mercury on food, and prep and cooking surfaces in Albany Medical Center earlier this year.
Daily Freeman

As Cyberwarfare Heats Up, Allies Turn to U.S. Companies for Expertise

Middle Eastern nations have been scrambling to beef up their cyber defense capabilities after the Shamoon malware wiped data and destroyed thousands of computers belonging to Saudi Aramco earlier this year.
Washington Post

Mimicking Public Health Strategies Could Improve Cyber Security

Cybersecurity could benefit from the strategies and research methodologies used by the public health community, according to a team of economists and public health researchers at RTI International.
RTI International

Anti-Botnet Efforts Still Nascent, But Groups Hopeful

An effort by a coalition of ISPs and the U.S. government to help ISPs more effectively combat botnet activity on their networks is still fighting to gain broad acceptance.
Dark Reading

Former US Spy Chief Warns on Cybersecurity" Financial Times

Former Director of National Intelligence Mike McConnell said urgent action is needed to prevent a cyber attack against the U.S.'s banking system, power grid, and other essential infrastructure.

How Best to Respond to DDoS Attacks

The recent wave of DDoS attacks against top U.S. banks is a wake-up call for organizations that are ill-prepared to fight against such an attack.
Gov Info Security

DIA Sending Hundreds More Spies Overseas

The Defense Intelligence Agency is planning to vastly expand its clandestine spying activities in the coming years through the creation of a new unit known as the Defense Clandestine Service.
Washington Post

5 Reasons for Conducting Micro-Assessments

A micro-assessment is a narrowly-focused, short assessment that provides support for decision-making and planning.

Workzone: Firms Lack Sound Policies to Fight Domestic Violence

There are a number of steps companies can take to combat domestic violence affecting their employees.
Pittsburgh Post-Gazette

Cybercriminals Are Increasingly Abusing .EU Domains in Attacks

Cybersecurity researchers have noticed that cybercriminals are increasingly exploiting Web sites using the .eu TLD to launch cyberattacks.
IDG News Service

5 Strategies to Combat Workplace Bullying

Filmmaker Cynthia Lowen and school social worker Cindy Miller offer five anti-workplace bullying strategies in their new book "The Essential Guide to Bullying: Prevention and Intervention.
EHS Today

Dual-identity Smartphones to Bridge BYOD Private, Corporate Divide

Consumers will be able to buy smartphones that either come with native hypervisor software or use an app allowing them to run two interfaces on the phone: one for personal use, one for work.

In Fairfax County, the Classroom Is a (Cyber) Battlefield

Thousands of students across the U.S. recently participated in the opening round of the CyberPatriot challenge, the premier high school cyberwarfare competition.
Washington Post

US Gov Galvanises Aust Cyber-Security Experts

The U.S. Defense Advanced Research Projects Agency recently awarded an $18 million contract to a consortium of research groups, including National ICT Australia (NICTA), to develop software to protect critical systems from cyberattacks.

Black Friday, Cyber Monday Prompts Security Precautions

The security of online merchant Web sites is becoming a concern now that Cyber Monday, the Monday after Thanksgiving when many people do some holiday shopping online, is upon us.
SC Magazine

This Is Your Brain on Organizational Change

The NeuroLeadership Summit, which took place in New York in mid-October, gave organizational behavioral experts and senior executives the opportunity to explore connections between neuroscience and organizational change, and how leaders can effectively deal with human resistance to change.
Harvard Business Review

Anonymous Declares 'Cyberwar' on Israel

The hacktivist collective Anonymous says that it has carried out a series of cyber attacks on Israeli targets in retaliation for Israel's attacks on the Gaza Strip.

How Safe is Your Company's Twitter account?

Did Twitter force you to change your password last week? While it may have been an inconvenience, the micro-blogging giant very good reasons.
CNN Money

Social Media Takes Workplace Harassment to New Levels

Recent legal decisions highlight the need for employers to take a stance against the use of social media to enable workplace harassment.

Hacking Contest Seeks to Attract Women to Information Security

The Power of Community ecurity conference in Seoul recently held the final round of a hacking contest called the Power of XX.
IDG News Service

Ransomware Scams Rising in North America, Europe: Symantec Report

Ransomware is making a comeback in Western Europe and the United States, according to a report from Symantec.

Build Roadblock for Attacks Through Rule of Least Privilege

Cybersecurity analysts say privileged accounts have become a lucrative target for hackers in recent years.

Common Language: IT and Corporate Security Cooperation Makes Progress

Corporate, physical and IT security need to work together but real cooperation only starts as risk management functions operate in separate spheres without interaction.
PC Advisor

Corporate Espionage Versus Competitive Intelligence

Neither competitive intelligence nor the ethics surrounding the topic are taught much at business schools, according to academics familiar with the topic.
Globe and Mail

At Least 5 Killed in Moscow Office Shooting

At least five people were killed and two others were injured in a shooting at the offices of the Rigla pharmaceutical company in Moscow on Wednesday.
Moscow Times

China Most Threatening Force in Cyberspace, Panel Says

Chinese hackers intent on gathering intelligence rather than launching attacks, according to U.S. panel.
Treasury & Risk

MasterCard Rolls Out Credit Card with Display and Keypad

Next time you get a new card from your bank, don't be surprised if it has a keypad and an LCD on it.

Briton Killed in China Had Spy Links

An investigation into the death of Neil Heywood, a British consultant living in China, has revealed that he was an informant for Britain's MI6 spy agency.
Wall Street Journal

Mexico Shuts Down Korean Firm After Workplace Violence

Officials in the Mexico's Queretaro state closed the operations of Korean electronics supplier following an investigation after a worker was attacked by his Korean supervisor
Fox News Latino

Fracking: fact vs. fiction

In communities across the United States, people are hearing more and more about a controversial oil and gas extraction technique called hydraulic fracturing....

NIST Provides Draft Guidelines to Secure Mobile Devices

The National Institute of Standards and Technology has issued a draft publication that outlines guidelines for securing mobile devices.
NIST Tech Beat

US, Canada Launch Joint Cybersecurity Plan

Canada and the United States have announced a joint cybersecurity initiative to protect critical infrastructure.

Insecure Industrial Control Systems, Hacker Trends Prompt Federal Warnings

The exposure of vulnerabilities in industrial control systems combined with troubling trends in the hacker underground have led the DHS to issue a warning.
CSO Online

Ernst & Young's IT Security Survey Shows Struggle to Control Cloud Computing, Social Media and Mobile Risks

IT security professionals are struggling with cloud computing, social media, and mobile security issues, according to Ernst & Young's 2012 Global Information Security Survey.
Network World

Intelligence Community Cloud Coming Online in Early 2013

Director of National Intelligence told the GEOINT symposium that the shared IT infrastructure of INCITE will achieve initial operating capacity in March 2013.
Federal News Radio

Critical Report Faults University Security

The University of Michigan Board of Regents released a report on Oct. 19 that helped set in motion the consolidation of the university's three security departments.
The Michigan Daily

Draft Order Would Give Companies Cyberthreat Info

The latest draft of a proposed executive order calls on the DHS to run a cyber security information-sharing network.
Associated Press

Man Held After Molotov Cocktail is Dropped at Arlington Mall

Ballston Common Mall in Arlington County, VA evacuated and surrounding streets closed when a man threw what is believed to be a Molotov cocktail into the mall's food court.
Washington Post

Cyber criminals target small businesses

A recent study conducted by the Nat'l Cyber Security Alliance and Symantec found 77% of small business owners think their company is safe from cyber criminals.
Homeland Security Newswire

New security threat at work: Bring-your-own-network

Even as IT pros wrestle with the bring-your-own-device (BYOD) trend, corporate security is being further complicated by another emerging trend: bring your own network (BYON)

Panetta Lays Out New Cyber Policy

Delivering what Defense Dept. officials termed a major policy speech to prevent cyber attacks, Defense Secretary Leon Panetta described the U.S. as in a “pre-9/11 moment” in need of immediate action.
Defense News

Growing Prevalence of Industrial Espionage Threaten Automakers

Automotive News reports that industrial espionage in the U.S. has been rising steadily in several sectors, including the auto industry.
iMotor Times

Illinois Man Faces Terrorism Charge After Plan to Destroy Oklahoma Churches Found

On Oct. 5, an Illinois man was charged with possessing an incendiary device and violating the Oklahoma anti-terrorism act after police found notes on plans to destroy 48 churches and the ingredients for Molotov cocktails.
Tulsa World

Cybercrime Costs on the Rise, HP-Sponsored Study Finds

The cost and frequency of cybercrime has gone up for the third consecutive year, with the cost of such crime to U.S. organizations averaging $8.9 million in 2012, according to a new study from Hewlett-Packard and the Ponemon Institute.

Cybercriminals Plot Massive Banking Trojan Attack

The security firm RSA reports that it has received information that a gang of cyber criminals plans to use a little-known Trojan program to target customers at 30 or more major U.S. banks.

Three Reasons Major Corporations Lag on Cyber Security

Verizon has found that there were 855 corporate data breaches in the U.S. in 2011.
Boston Globe

Scenario-based Gaming Exercise to Improve Intelligence Analysis

Raytheon has created a scenario-based gaming exercise to study in depth the intelligence analyst's tradecraft; the company says the goal is ultimately to help analysts produce the best intelligence products and streamline workflows.
Homeland Security News Wire

Why Your Next 'Passw0rd' Might Not Be a Password

Despite years of warnings, the truth is incontrovertible -- mortal users do a very poor job of defending their data with passwords.

How to Regain Employee Trust

The economic downturn in recent years has taken a heavy toll on employee trust in leadership, with only 10 percent of employees believing that their managers will make the right decisions in uncertain times, according to a recent Maritz Research poll.
Chief Learning Officer

Iran Preparing Internal Version of Internet

The Iranian government reportedly has established a technical platform for a national online network that would exist independent of the Internet and allow for tighter information regulation.
Washington Post

NIST Issues Risk Assessments Guidance

The National Institute of Standards and Technology has issued what could be characterized as the bible of risk assessment called the Special Publication 800-30 Revision 1, Guide for Conducting Risk Assessments.
Gov Info Security

Android Warning: 50 Percent of Devices Need Patching

More than 50 percent of Android devices are running outdated and unpatched versions of Google's mobile operating system, according to a new study by Duo Security.

Caught Red-Handed: Motorola Thief 'Betrayed Country'

On Wednesday, former Motorola, Inc. employee Hanjuan Jin was sentenced to four years in federal prison for stealing more than 1,000 documents from Motorola's Schaumberg, Ill. headquarters.

Second Java Zero-Day Found: Time to Disable It, Say Experts

Researchers have discovered another zero-day Java vulnerability that attackers are using to hijack computers on the Web, following the initial discovery of a Java flaw that has been tied to attackers in China.
CSO Online

Canadian Energy Firms Warned of Hacking Threat

Newly released government documents show that Canadian security and intelligence agencies have warned Canada's major energy companies that they may become targets of cyber attacks by online activist groups such as the hacker collective Anonymous.

Huawei Expands Lobbying Amid National Security Probe by Congress

The Washington Post is reporting that Chinese telecom giant Huawei Technologies has almost quadrupled its spending on Washington D.C. lobbyists as it continues to be scrutinized by a House Intelligence Committee inquiry into both Huawei and fellow Chinese telecommunications equipment manufacturer ZTE.
Washington Post

Agencies Don't Often Share Tips on Potential Terrorist Activity

Forty-six percent of federal agencies are not sharing documented incidents of potential terrorist activity with U.S. intelligence centers, reported Office of the Director of National Intelligence (ODNI) officials.

U.S., China Talks Address Cyber-Weapons, Not Cyber-Spying

Although informal bilateral talks between U.S. and Chinese think tanks and government officials about restricting cyber attacks, improving crisis communication, and limiting the threat of third-party attacks have yielded insights about cyber espionage, they have not resulted in a clear agreement to proscribe the practice.

The Hacker Wars

The U.S. Cyber Command, which directs network offensive operations for the Pentagon and protects its networks, is becoming more open about the military’s capabilities in cyberspace.
Government Executive

Executives Advocate a Military Approach to Cybersecurity

A recent survey of IT executives conducted by the security firm CounterTack is the latest effort in a push by government and private companies to promote the adoption of a more militaristic mindset in cyber security.

Major Companies Still Vulnerable to Online Data Theft, Report Warns

A new report from the computer security firm CounterTack shows that many major companies remain vulnerable to data theft, especially at the hands of advanced persistent threats, such as the one that lead the breach of RSA Security's SecureID data protection technology last year.

Terror and Toy Planes - Not So Remote

Among the items confiscated by Spanish authorities when they arrested a trio of suspected al-Qaida operatives last week was a video of one of the three, Cengiz Yalcin, operating a remote controlled airplane that had been modified to carry and drop a crude explosive payload.

Prototype System Goes After DNS-Based Botnets

Researchers at the University of Georgia and the Georgia Institute of Technology have developed Pleiades, a prototype system that can better detect Domain Name Generation (DGA)-based botnets without the normal time-intensive reverse engineering required to find and defeat such malware.
Network World

Outdated Card Technology Leads to Fraud

While U.S. lags, Canada has followed Europe in going to high-tech credit and debit cards.
Star Tribune

BYOD Security: Are Agencies Doomed to a Permanent Game of Catch-Up

With the bring-your-own-device paradigm continuing to take hold, enterprises increasingly are exposed to and scrambling to develop countermeasures against the rapidly evolving mobile device threat landscape.
Government Computer News

Boards Are Still Clueless About Cybersecurity

The Governance of Enterprise Security: CyLab 2012 Report, released today by Carnegie Mellon CyLab and its sponsor, RSA, The Security Division of EMC, examines how boards of directors and senior management are managing privacy and cyber risks.

City of Buffalo Lags on Compliance With Workplace Violence Rules

Buffalo, N.Y. is scrambling after being informed by the state Department of Labor that the city was not in compliance with new regulations designed to prevent workplace violence.
Buffalo News (NY)

Cyber Chief Warns of Rising Danger from Cyber Attacks

In a rare speech on Monday, Gen. Keith B. Alexander, the commander of U.S. Cyber Command, warned of the danger of cyber attacks.

Cybercriminals Sniff Out Vulnerable Firms

Cybercriminals are becoming a growing problem for small companies, primarily because these companies do not have the resources to properly protect themselves.
Wall Street Journal

Bomb threat? There’s an app for that.

In the first chaotic moments after suspicion of a bomb threat, first responders have a myriad of questions, assessments and decisions to make.
Homeland Security NewsWire

FBI: High-Tech Economic Espionage a Vast, Expanding Threat

The mounting threat of economic espionage has cost U.S. companies approximately $13 billion in the current fiscal year, with insiders an expanding element of this problem, according to the FBI's testimony recently at a Counterterrorism and Intelligence hearing.
Network World

Microsoft's Security Information Report Shows Lax Practices Allow Malware to Thrive.

Security is a two-way street that requires an effort on the part of end users.
Network World

France Telecom Boss Faces Inquiry Into Workplace Bullying

Former France Telecom (FT) chief executive Didier Lombard has been placed under judicial investigation for workplace bullying following a series of worker suicides at FT and its subsidiary Orange.
Mail & Guardian

Homeland Security Cites Sharp Rise in Cyber Attacks

The new report from the Department of Homeland Security documenting a dramatic upswing in the number of reported cybersecurity incidents at American companies responsible for power grids, power generation, and water filtration is highlighting the changing nature of public-private collaboration on the IT security of America's critical infrastructure.
CNN.com - Security Clearance

U.S. Critical Infrastructure Cyberattack Reports Jump Dramatically

U.S. critical infrastructure companies saw a dramatic increase in the number of reported cyber-security incidents between 2009 and 2011.
Dark Reading

Hundreds of Thousands at Risk as DNSChanger Deadline Looms

Users have until July 9 to ensure their computers are not infected with DNSChanger, and the DNSChanger Working Group cautions that machines infected with the malware, which directs Internet requests to DNS servers, will be taken offline unless they are purged.
Government Computer News

Sandia Opens Cybersecurity Technologies Research Laboratory

Sandia National Laboratories has opened a cybersecurity research facility on the grounds of the Livermore Valley Open Campus.

How to Protect Your Hotel From the Threat of Terrorism

Hotels have long been considered soft targets for militant groups, and a recent U.S. intelligence study found that the number of attacks on hotels has more than doubled since 9/11.
Big Hospitality

Microsoft Becoming a Digital Sherlock

With their Digital Crimes Unit (DCU), Microsoft is blazing a trail for private businesses and organizations to use the legal system to stop cyber attacks at the source, seizing and shutting down the computers and servers launching the attacks.
Puget Sound Business Journal (Seattle)

Search Results May Deliver Tainted Links

Researchers found criminals are poisoning the search results consumers receive when searching. The end game in each case is to get you to fall for scams or to infect and take control of your PC.
USA Today

Dept. of Homeland Security to Focus on Cyber Workforce Development

The DHS will form a cybersecurity workforce task group that will consider expanding DHS involvement in cyber competitions and university programs as well as develop strong cybersecurity career paths.

The True Cost of Cybercrime

The first systematic study of the cost of cybercrime recommends that society should spend less on antivirus software and more on policing the Internet.
Homeland Security NewsWire

Unique Program to Educate Next Generation of U.S. Cybersecurity Leaders

The University of Maryland and the Northrop Grumman Corporation will launch a landmark honors program designed to educate a new generation of advanced cybersecurity professionals
The Wall Street Journal

Focus on Cyber Security Degrees Rising for Colleges, Employers

Webs of wires, servers and screens are the mechanics of modernity. Hackers know their way around them well.

Experts Warn of Shortage of U.S. Cyber Pros

Cyber experts warned of a shortage of talented computer security experts in the United States, making it difficult to protect corporate and government networks from attacks.

Looking for Cybersecurity Experts? Check the Jails and Art Schools

Are cybersecurity experts born or made? It’s a question that recruiters are asking more frequently as the nation faces a shortage of technically savvy network security operators.

Government, Military Face Severe Shortage Of Cybersecurity Experts

Cyberspies, hackers, and others using the Internet for nefarious purposes also operate in networks.

Pharma Sector's War Versus Counterfeit Drugs Intensifies

Counterfeit drugs are increasingly showing up around the globe as more complex drug supply chains have opportunities in several phases of drug development.

Va. Case Highlights Dangers for Jewelry Salesmen

Criminal gangs have become more sophisticated and violent in their attempts to rob traveling jewelry salesmen, says FBI special agent Eric Ives, the head of the bureau's major theft program.
Associated Press - ABC

NSA Security Expert Worries About Mobility, Cloud

NSA's two most pressing concerns right now are mobility and cloud computing. The government wants such functionality in the same way that business wants it, but it looks to NSA for guidance on security practices.
Network World

Over-55s Pick Passwords Twice as Secure as Teenagers

People over the age of 55 pick passwords that are twice as strong of those chosen by people under 25 years old according to University of Cambridge researchers.
New Scientist

What Fearmongers Get Wrong About Cyberwarfare

A recent article in the Journal of Strategic Studies shows that is it shortsighted to assume that cyber warfare has an innate logic that will always lead to an escalation of conflict.

Using Live Video from Phones, U-Md. Plans to Offer Virtual Safety Escorts to Students

A newly created smartphone application called Escort-M links public safety personnel to real-time video and audio from users'phones.
Washington Post

Oklahoma's New Workplace Drug Testing Laws Relax Employer Requirements

New laws in Oklahoma aimed at curbing an epidemic of drug use in the state have loosened restrictions on employers carrying out drug screening.

Major Data Firm in Security Pinch

Florida-based Fidelity National Information Services (FIS) is fortifying its security after regulators released a report critical of its risk practices. The firm is one of the largest among the more than 1,000 third-party service providers.
Wall Street Journal

Malware Intelligence System Enables Organizations to Share Threat Information

Georgia Tech researchers have developed Titan, a malware intelligence system designed to help corporate and government security officials share information about cybersecurity attacks.
Georgia Tech

Event Focuses on Crisis Readiness, Response

The Pittsburgh Regional Business Coalition will hold a free safety demonstration and training session for all local businesses on May 31.
Pittsburgh Post-Gazette

Securing the Workplace Part 1: Education, Awareness and Planning

With an increasing number of robberies at banks and pharmacies, police are urging businesses to make a plan for employees in the event of a robbery.

BYOD is Driving IT 'Crazy,' Says Gartner Analyst

IT managers can expect rapid growth in the number of personal devices, such as smartphones and tablets, used by employees in the next couple of years, which means that IT shops will not be able to provide the security necessary to protect company data.

IBM Faces the Perils of 'Bring Your Own Device

After finding that many of its employees are unaware about what kinds of smartphone apps could be potential security risks, IBM adopted guidelines about which apps are acceptable for employee use.
Technology Review

OPM Polls Agencies on Domestic Violence Policies

In response to a memo issued by President Obama, the Office of Personnel Management (OPM) has begun formulating new government-wide policies relating to domestic violence in federal workplaces
Washington Post

The Global Water Security Assessment and U.S. National Security Implications

A panel of experts recently gathered at the Wilson Center to discuss the Intelligence Community's assessment of global water security and its implications for national security
New Security Beat

Obama Order Sped Up Wave of Cyberattacks Against Iran

Interviews with current and former U.S., European, and Israeli officials, as well as a number of outside experts, have shed new light on the use of the Stuxnet worm that was used to attack computers used in the Iranian nuclear program.
New York Times

Alert: Major Cyber Attack Aimed at Natural Gas Pipeline Companies

The Department of Homeland Security has issued at least three confidential amber alerts about multiple U.S. natural gas pipeline operators being targeted by a major cyber attack campaign since March 29, which is still ongoing...
Christian Science Monitor

New Study Examines Role of Intimate Partner Violence in Workplace Homicides Among U.S. Women

A new paper by the National Institute for Occupational Safety and Health (NIOSH) and the Injury Control Research Center at West Virginia University (WVU-ICRC) has found that 142 workplace murders of women in the U.S. between 2003 and 2008 were committed by the intimate partners of those women.
Medical Express

Spot a Bot to Stop a Botnet

Computer scientists at the Veermata Jijabai Institute have developed a way to detect botnet infections on computers.
Science Daily

Bill protects employees from workplace bullying

The legislation in New York establishes a civil cause of action for employees who are subjected to an abusive work environment.
Legislative Gazette

The Path to Outsmarting Advanced Cyberattacks

are prompting organizations to look into using actionable intelligence to protect themselves from cybersecurity threats.
Government Computer News

Deadly Attacks Hit Nigeria Christians

An attack on church services at a Nigerian university killed at least 16 people on Sunday.
Wall Street Journal

5 Tips on How to Handle Employee Theft

Statistics show that employee theft is a significant problem for companies in North America.

US Seizes 36 Websites Dealing in Stolen Credit Cards

The Justice Dept. said the U.S. government has seized 36 domain names of websites that illegally sold and distributed stolen credit card numbers...
Wall Street Journal

CISPA Passes in the House After Surprise Vote

The U.S. House of Representatives on April 26 passed the Cyber Intelligence Sharing and Protection Act (CISPA), a controversial piece of legislation that allows both federal govt. and private sector more latitude to share information about current hacking efforts and cybersecurity threats that may be on the horizon.
Security Week

Hide Patents to Foil Invention Thieves, Urges Congress

U.S. lawmakers have proposed maintaining the secrecy of U.S. patents to prevent the theft and exploitation of inventions before they are legally protected by a granted patent.
New Scientist

U.S. Study Cites Worries on Readiness for Cyberattacks

U.S. state and local officials are most concerned about the government's cyberattack response readiness, according to a study by FEMA regarding the U.S.'s ability to respond to terrorist attacks and man-made and natural catastrophes
New York Times

Cybersecurity Ranks as Top Concern in Federal CIO Survey

The biggest concern of CIOs at federal agencies is the need to protect government information from cyberattacks...

Arrests Made in Lilly Heist

Authorities said Thursday that they have broken up a group that was allegedly involved in the theft of more than $70 million in prescription drugs from an Eli Lilly warehouse in Connecticut in March 2010.
Wall Street Journal

Religious Sites are Worst for Malware, Report Finds

According to Symantec's most recent Internet Security Threat Report, religious web sites have a higher incidence of malware infection than pornography sites.
Wall Street Journal

Bullet Time' Signals to Stop Cyber Attacks on Grid

University of Tulsa researchers have developed a method to handle cyberattacks on crucial infrastructure, such as electricity grids, water utilities, and banking networks.
New Scientist

How CIOs Can Learn to Catch Insider Crime

Research shows that CIOs rarely discover the internal security threats that can ruin companies, even though it frequently involves IT systems. Here's what needs to change.
CIO Magazine

Flea Market Raid: Homeland Security Cracks Down On Counterfeit Goods

The Department of Homeland Security (DHS) has reportedly begun raiding flea markets in search of counterfeit merchandise.

Plan for Dealing With Insider Threats Getting Close

The U.S. government is closing on a national policy for combating insider threats with standards for enforcement, and officials expect the policy to be issued by the end of 2012.
Government Computer News

BYOD Continues to Challenge Agencies Struggling to Develop Policy

Many federal agencies' security policies and procedures are not keeping up with the growing bring your own device trend, which leaves these government networks increasingly vulnerable to attacks, according to a recent Network World/SolarWinds survey.
Federal Computer Week

How Do You Change Your Company's Culture? Spark a Movement

Revitalizing a company culture can best be served by providing employees with a fresh concept or driving precept they can adopt, rally behind, and act on, according to StrawberryFrog founder Scott Goodson

Breaches Epidemic Despite Efforts at Compliance, Says Kroll

A new study from HIMSS Analytics and Kroll Advisory Solutions shows that increasingly stringent regulatory activity with regard to reporting and auditing procedures has not prevented an increase in the number of breaches seen in the past six years.
HealthCare IT News

House Homeland Security Guts Own Cybersecurity Bill in Bid to Remain Relevant

The House Homeland Security Committee on Wednesday modified the cybersecurity legislation that was approved by a House subcommittee in early February.

Don't Panic

Presenting an idea to senior management does not have to be terrifying, management experts say, as long as employees work ahead of time to find out what executives are looking for and follow these tips for making a compelling presentation.
The Conference Board Review

Embezzlers these days more likely to be women

With motive and opportunity, women are behind most of the state's high-profile cases since '08.
Star Tribune

Is Security the Real Problem for an Intelligence Community Cloud?

To be more cost-effective, the U.S. Intelligence Community is scrutinizing the cloud environment as a possible money-saving option, and successful migration will rely on collaborative alliances, common solutions, and effective policies...
Federal Computer Week

Mobile malware: Beware drive-by downloads on your smartphone

The number of security threats that target mobile devices has risen by more than 600 percent between 2010 and 2011.

A Report on ICANN 43: New gTLDs and DNSSEC"

ICANN's recent meeting in Costa Rica focused on a number of issues, but the two biggest were clearly the new gTLD program and Domain Name System Security Extensions (DNSSEC).
Network World

Apple Mac Computers Hit in Hacker Attack, Researcher Says

Antivirus software provider Doctor Web says a recent hacking attack hit more than 600,000 Apple Mac computers, a sign that the computer behemoth is becoming a more lucrative target for malicious users.

BT Deploys Alarm System to Catch Copper Cable Thieves

The British telecommunications company BT has implemented a new alarm that will span its entire copper network in an effort to cut down on the growing rate of cable theft.

Is DHS Ready to Oversee Private Cybersecurity?"

Lawmakers want the security of some privately owned information networks to be supervised by the Department of Homeland Security, in much the same manner that the Nuclear Regulatory Commission oversees nuclear plants.
Federal Times

Tips for Dealing With Workplace Substance Abuse

In instances of substance abuse in the workplace, employers and co-workers should be on the look-out for specific signs and should always report the problem.
Great Falls Tribune

The Flashback Attack: It's Time Mac Users Got Security Aware

Apple is taking steps to protect Mac users from the threat posed by the Flashback Trojan. Flashback exploits weaknesses in Oracle's Java software to install malware.
Computer World

Warning Over Medical Implant Attacks

Security researchers recently developed attacks that locate and compromise medical implants that are used to manage conditions such as diabetes and heart disease.
BBC News

Cybersecurity Purchasing Alliance Established

The nonprofit Center for Internet Security (CIS), which works to improve online security, is planning to launch the first-ever collaboration for purchasing cybersecurity solutions.
Government Technology

Global Risks 2012: Seventh Edition An Initiative of the Risk Response Network

This report features refined risk descriptions and rigorous data analysis covering 50 global risks. It aims to improve public and private sector efforts to map, monitor, manage and mitigate global risks. It is also a “call to action” for the international community to improve current efforts at coordination and collaboration, as none of the global risks highlighted respects national boundaries.
World Economic Forum

New Security Opportunities in Higher Education

Colleges and universities around the United States are creating new full-time security and risk assessment positions in their study-abroad offices, spurred on at least in part by international events like the Arab Spring and Japanese tsunami. Northwestern University is one of the schools that recently created a full-time safety and security position in its study-abroad office. The university in January hired Julie Friend as associate director for international safety and security. Friend most recently served in a similar role at Michigan State University.
Security Director News

Traveling Light in a Time of Digital Thievery

“If a company has significant intellectual property that the Chinese and Russians are interested in, and you go over there with mobile devices, your devices will get penetrated,” said Joel F. Brenner, formerly the top counterintelligence official in the office of the director of national intelligence.
New York Times

Eight-Year Nortel Hacking Operation Again Shows Enterprise Vulnerabilities

An eight -year hacking operation has been uncovered at telecoms firm Nortel, prompting experts to again question whether enterprises are prepared to handle targeted security breaches. While the origins of the attack and its organisers are not known, investigators traced the attacks to systems located in China.
v3.co.uk /Nichols,Shaun

Canadians Oppose Government's Proposal for Sweeping Internet Surveillance

Public outrage over the government's proposed Internet surveillance laws boiled over Thursday, as thousands of Canadians made their objections loud and clear on the Twitterverse. At the same time, a Liberal MP turned the tables, requesting that Parliament divulge the web-surfing histories of their computers and BlackBerrys.
Edmonton Journal/ By Jeff Davis and Sarah Schmidt And Vito Pilieci, Post Media News; With Files From Postmedia News

U.S. to Share Cautionary Tale of Trade Secret Theft With Chinese Official

China’s next leader, Xi Jinping, may never have heard of American Superconductor Corporation before he arrived here Monday, but by the end of his visit United States officials hope to make the small Massachusetts wind-energy company an object lesson in the impact of Chinese trade secret theft on American business.
New York Times/Weisman, Johnthan

National Strategy for Global Supply Chain Security

International trade has been and continues to be a powerful engine of United States and global economic growth. In recent years, communications technology advances and trade barrier and production cost reductions have contributed to global capital market expansion and new economic opportunity. The global supply chain system that supports this trade is essential to the United States’ economy and security and is a critical global asset.
The White House.gov

Cameras May Open Up the Board Room to Hackers

One afternoon this month, a hacker took a tour of a dozen conference rooms around the globe via equipment that most every company has in those rooms; videoconferencing equipment. With the move of a mouse, he steered a camera around each room, occasionally zooming in with such precision that he could discern grooves in the wood and paint flecks on the wall.
New York Times/ Perloth, Nicole

DHS guidance to state and local fusion centers going unused

More than 83 percent of 64 intelligence fusion centers run by state and local agencies to whom the Department of Homeland Security issued the Comprehensive Preparedness Guide-502 are either not using the guidance or never received it, according to a new report from the DHS Inspector General's Office. The purpose of the guidance is to assist the fusion centers' coordination of anti-crime activities with state and local emergency operations centers. The report casts blame for the guidance's under-utilization on both DHS and state and local officials.
Federal Computer Week / Lipowicz, Alice

Feds Seek Stronger Security for Power Grid

In an attempt to gain insight into how to best protect the U.S. electricity grid, the Department of Energy and the Department of Defense have joined forces to create a cybersecurity model that can be tested and applied across the utility industry. The Electric Sector Cybersecurity Risk Management Maturity Model pilot project seeks to work with experts in the public and private sector to use current cybersecurity strategies to create a "maturity model" that can identify how secure the electric grid is from cyber threats.
InformationWeek / Montalbano, Elizabeth

FedRAMP Security Controls Unveiled

The federal government has released roughly 170 controls for the Federal Risk and Authorization Management Program (FedRAMP). The program consists of a unified risk management process that will evaluate vendors' IT services for federal agencies, thereby eliminating the need for agencies to conduct their own risk management programs. This in turn will allow agencies to evaluate a vendor's IT services in light of their specific needs and their privacy and security requirements.
GovInfoSecurity.com / Chabrow, Eric

Protests Put Cities on Alert

A number of cities hosting high-profile events this year are changing their laws regarding demonstrations in order to prevent the kind of violent protests that took place across the country in 2011. In Chicago, for example, the mayor has called for placing limits on the times when demonstrations can be held, increasing fines for resisting police, and requiring parade permit applicants to provide descriptions of "attention-getting devices" such as amplifiers, banners, or signs. The proposals, which will be voted on next week, come ahead of the NATO and Group of Eight summits in Chicago this May.
Wall Street Journal / Nicas, Jack

Defense Bill Approves Offensive Cyber Warfare

The recently approved U.S. defense budget sanctions the Department of Defense to engage in offensive cyberwarfare to protect U.S. interests and those of its allies, while also directing the military to improve cyberdefensive measures. However, the National Defense Authorization Act does not empower the military to take any offensive cyberaction without presidential authorization.
InformationWeek; Hoover, J. Nicholas

SpyEye Malware Borrows Zeus Trick to Mask Fraud

The SpyEye bank fraud computer program has been identified with a feature designed to keep victims clueless long after fraud has occurred, according to security vendor Trusteer. SpyEye is notable for its ability to inject new fields into a Web page, a technique called HTML injection, which can ask banking customers for personal information they normally would not be asked.
IDG News Service; Kirk, Jeremy

Pessimism Over FISMA Deadline Starts at the Top, Survey Finds

Most federal agencies do not believe that they will be in compliance with the Office of Management and Budget's requirement to perform all Federal Information Security Management Act reporting through automated monitoring tools by Sept. 30. According to a survey of 234 IT security professionals, just 45 percent of respondents said that they would be able to meet the deadline.
Government Computer News; Jackson, William

NY Senator Proposes Measures to Protect Pharmacies

A New York senator is calling for steps to be taken to prevent deadly pharmacy robberies like one that took place in Long Island over the weekend, which claimed the life of an off-duty federal agent who tried to intervene.
Associated Press

Social Media's Passive Risk

Security and communication consultants have been using an online spoofing case involving a fake Bank of America account on Google+ to teach banks about the use of social media. A phony Bank of America page stayed up for more than a week in November, using the bank's official logo, address, and links while posting fake, satirical items.
Bank Technology News; Button, Keith

Obama Launches Bureau of Counterterrorism

The State Department recently announced the launch of the new Bureau of Counterterrorism. According to the department, the bureau will coordinate with U.S. agencies, including the Department of Homeland Security (DHS), and foreign governments to create civilian counterterrorism strategies and operations.
NewsOK; Gehrke, Joel

Court Upholds Law That Protects Companies Aiding U.S. Surveillance

The Court of Appeals for the Ninth Circuit has upheld a federal law that grants immunity to telecommunications companies that help the federal government conduct surveillance on American citizens.

Stuxnet and Duqu Part of Larger Cybermalware Campaign

The Stuxnet worm was developed on the same platform used from 2007 onwards to set up a family of cyberweapon-like malware including the recently uncovered Duqu worm, according to a forensic study by Kaspersky Lab researchers
Techworld ; Dunn, John E.

Carmakers, U.S. Worry About Hacking of Cars

Recent studies indicate that cars' increasing reliance on computer systems that control everything from airbags to crash-avoidance systems has left them vulnerable to cyberattacks. "I can definitely imagine organized crime or potentially even nation-states leveraging weaknesses in these functions to cause different kinds of havoc," says Intel's Ryan Permeh.
San Jose Mercury News; Johnson, Steve

Packaging Technologies Advance in Fighting Fake Pharmaceuticals

es Shepherd, CEO of Channel IQ, a firm that monitors branded products and prices for manufacturers, distributors and retailers, said the healthcare packaging industry is constantly combating counterfeiting. "Packaging has a very important role,” he added. “It has to signify the authenticity of a product, and not just hold the product or explain its benefits.
Healthcare Packaging

Logging in With a Touch or a Phrase (Anything but a Password)

Polytechnic Institute of New York University (NYU-Poly) researchers are training devices to recognize their owners by touch, one of several research projects designed to make passwords obsolete. The research arm of the U.S. Defense Department is looking for ways to use cues such as a person’s typing quirks to continuously verify their identity.
New York Times; Sengupta, Somini

Employees' Facebook Pages Are Private, Until They're Not

A New York appeals court determined there are limits to how much proof of employee shenanigans a business can legally gather from sites like Facebook.In late October, an appeals court in New York determined that there are limits to how much proof of employee shenanigans a business can legally gather from social media utilities such as Facebook. The Appellate Division of the New York Supreme Court ruled that commercial builder Turner Construction Co. should not have a free hand in searching the Facebook activity of an employee who was seeking compensation in a personal injury suit against the company. The company was attempting to use information from the employee's Facebook account to show that he was not being truthful about the extent of his injuries.
Business on Main/ Mikal E. Belicove

Workplaces Victims of Domestic Violence Herald Sun (Australia)

A recent study has found that domestic violence is having an effect on Australian workplaces. The study, which consisted of surveys of more than 3,600 people between February and July, found that 33 percent of employees were victims of domestic violence. All told, domestic violence results in roughly $480 million worth of lost productivity in Australia, a separate study found. Experts say that employers should take steps to help workers suffering from domestic violence, including giving them time off to deal with their problems, blocking e-mails, or giving them new phone extensions so that abusers cannot call them at work.
Herald Sun (Australia)

Should Homeland Security control the electrical grid? Maybe.

Researchers at MIT have released a report on the security of the nation's electric power grid. The report noted that the federal government should designate a single agency as being responsible for protecting the electric power grid from cyber attacks. The current security regime is untenable, the report said, because those that are in charge of maintaining the electric power grid are not working together.
CNET/Don Reisinger

'Son of Stuxnet' virus could be used to attack critical computers worldwide

Researchers at Symantec have discovered a new virus that they say is very similar to the Stuxnet virus that was used to attack Iran's nuclear program. Like Stuxnet, the new virus--which is known as Duqu and may have been in use since last December--targets industrial command and control systems. In addition, much of the code used in Duqu is similar to the code used in Stuxnet. Both Stuxnet and Duqu also use fraudulent digital certificates that are purportedly issued by Taiwanese companies. As a result, Duqu must have either been created by the same group that developed Stuxnet or was created by a group that was able to obtain Stuxnet's source code. However, there are some differences between Stuxnet and Duqu, which creates a backdoor in the systems it infects and connects them to a command computer in India. For instance, Stuxnet was designed to attack the computers used in Iran's nuclear research program. Duqu is not as targeted, and may be designed to collect intelligence such as design documents before an attack on infrastructure computers is launched, Symantec said.
MSNBC (10/18/11) Sullivan, Bob

Cyber Security Must Focus on Users, Not Just Attackers Tech Journal South

Cybersecurity measures must aim at users, not just attackers, according to researchers at the University of Maryland, College Park's Maryland Cybersecurity Center. The researchers are applying criminological concepts and research methods to cybercrime research, producing recommendations for information technology managers to use in preventing cyberattacks. The researchers, led by professors Michel Cukier and David Maimon, are studying cyberattacks from the viewpoint of both the user and the attacker. "We believe that criminological insights in the study of cybercrime are important, since they may support the development of concrete security policies that consider not only the technical element of cybercrime but also the human component," Maimon says.
Tech Journal South

New Jersey teams with Target for disaster response

During the next major disaster, New Jersey emergency responders will receive assistance from the big box retailer Target; last week the company announced that it had officially teamed up with New Jersey’s Office of Homeland Security and Preparedness to assist state and local officials in the event of a major disaster or terrorist attack.
Homeland Security NewsWire

MSU lands USDA grants totaling nearly $3 million to improve food safety

Three Michigan State University researchers landed grants totaling nearly $3 million from the U.S. Department of Agriculture to improve food safety. The grants were part of USDA Deputy Secretary Kathleen Merrigan’s visit to MSU’s campus today, in which she announced 17 grants totaling $10.4 million from the USDA’s National Institute of Food and Agriculture to universities around the country.
Michigan State University News

Homeland-Security Bill Seeks to Clarify Who's in Charge of Cybersecurity

House Cybersecurity, Infrastructure, Protection and Security Technologies Subcommittee Chairman Dan Lungren (R-Calif.) has announced that he is planning to introduce a bill that would identify the Department of Homeland Security (DHS) as the primary federal agency in charge of national cybersecurity. The bill would provide an alternative to legislation approved by the House Intelligence Committee that would require the director of national intelligence to create guidance for the intelligence community to share with the private sector classified intelligence about cyber threats. Lungren's bill, on the other hand, proposes the creation of a nonprofit National Information Sharing Organization for exchanging details on cyber threats between the public and private sector.
National Journal / Gruenwald, Juliana

Cybercrime Hits Small Towns

The cyberattack on the computer systems of 70 small law enforcement departments by the hacker group Anonymous earlier this year underscores the risks that small towns and counties face from cybersecurity threats. Small municipalities are increasingly running crucial services on computers that could be shut down by hackers, cybercriminals, or disgruntled workers, yet they do not have the funds to hire CIOs or information security chiefs to help them protect these systems.
Governing / Newcombe, Tod

Advanced Threats Touch Two-Thirds of Enterprises

Nearly two-thirds of information security managers report that their businesses have been targeted by advanced persistent threats (APTs), and 72% expect to see such attacks persist in the future...Those findings come from a new report on APTs released Tuesday by market researcher Enterprise Strategy Group (ESG). The study is based on a survey of about 250 U.S. information security professionals, conducted in August.
InformationWeek / Schwartz, Mathew J.

U.S. Report Cites 'Persistent' Chinese, Russian Spying for Economic Gain

According to a U.S. intelligence report, the Chinese are the world's "most active and persistent" perpetrators of economic espionage. Additionally, the report made claims that Russian intelligence officials are participating in extensive spying efforts to collect information on the U.S. economy and technology. The report also found that the majority of the spying activity is present in cyber space. "Cyber has become the great game-changer ... our research and development is under attack," said a senior intelligence official. Economic cyber spying is affecting several portions of the U.S. economy including information technology, military technology, clean energy and medical technology.
Wall Street Journal / Gorman, Siobhan

Private Citizens Getting Help in Fight Against Terrorism

The face of antiterrorism in Colorado includes a former Washington lobbyist, an ex-Marine from Lakewood whose wife gives him the evil eye when he's sizing up potential threats at Denver International Airport, and a native New Yorker who refuses to ride on the subway and spends as little time as possible in high-rise buildings. The alliance is eclectic, but then, the people they're after aren't very stereotypical.
Denver Post / Cotton, Anthony

Cyber Attack Targets Chemical, Defense Firms

A new report from Symantec Corp. reveals that at least 48 chemical and defense companies were affected by a cyber attack traced to a man in China. The companies' computers were infected by malicious software known as "PoisonIvy" that was used to capture such information as design documents, formulas, and details on manufacturing processes, according to Symantec. The report said the victims included several Fortune 100 companies that develop compounds and advanced materials as well as those that manufacture infrastructure for these industries. "The purpose of the attacks appears to be industrial espionage, collecting intellectual property for competitive advantage," Symantec said in a white paper on the campaign, which the company dubbed the "Nitro" attacks.
Insurance Journal / Finkle, Jim

A Reason to Revisit Your Cybersecurity Risk

Last month the Securities and Exchange Commission (SEC) issued guidance on its expectations for how publicly traded companies should address cyberattacks in their regulatory filings. The guidance does not change any existing rules, but clarifies that companies must include cybersecurity risks in their assessment of “the most significant factors that make an investment in the company speculative or risky.” In May EMC said it experienced “an extremely sophisticated cyberattack” that put its RSA SecurID tokens at risk as well as its corporate customers’ data security, and the SEC sent a comment letter asking the company how the cost of protecting itself against future breaches would affect its financial results.
CFO /Johnson, Sarah

Lab's Behavioral System Can Catch Insider Threats"

Oak Ridge National Laboratory researchers have developed a tool to identify malicious insiders and stop them from sending sensitive information outside the organization. The system uses a host-based agent to learn a user's behavior and to look for anomalous behavior or other signatures, according to Oak Ridge researcher Justin Beaver. The system responds to these signature events by switching malicious users to a honeypot environment, which isolates them from data and enables their actions to be studied. “It turns out there is a lot of data on each host you can leverage if you know what to look for,” Beaver says.
Government Computer News / Jackson, William

GAO reports problems in cybersecurity hiring strategy

An audit by the Government Accountability Office (GAO) has found that some government agencies have failed to effectively develop or implement cybersecurity workforce planning strategies. Agencies also reported problems in filling some cybersecurity positions, particularly those requiring specialized skills. In 2010 the Senate Judiciary Committee asked GAO to study whether or not the federal government was adequately meeting its cybersecurity staffing goals and report on the status of government-wide cybersecurity initiatives.
Homeland Security NewsWire

Hacker group threatens industrial computer systems

A bulletin leaked from the Department of Homeland Security's National Cybersecurity and Communications Integration Center shows that officials are concerned about possible attacks on computer systems used to operate the nation's critical infrastructure. According to the bulletin, which was issued in September and posted on Monday by the Web site Public Intelligence, the hacker group Anonymous has posted computer code and other material that shows that it is interested in attacking industrial control software (ICS) systems, which are used to run equipment at power stations, chemical plants, and water and sewage facilities, among other facilities.
Washington Times / Waterman, Shaun

Security 'Chaos' Leaves Utility Grids Vulnerable, Report Says Government

A recent paper from Pike Research reveals that the lack of standards, inadequate spending and an aging infrastructure are making vital utility grids increasing vulnerable to cyber attack. Though the report says that this vulnerability is a global problem, it also notes that there are multitudes of differing region infrastructures and security technologies, requiring region-specific definitions of threats as well as region-specific decisions regarding investments in security.
Computer News / Jackson, William

How to Have Real Risk Management

Andy Ellis, chief security officer at Akamai Technologies, says the important thing for organizations in regard to risk management is to actually understand the risks that apply to them, and make informed decisions based on that profile. "These are the organizations that are actually out front, leading the way, defining new risk models for themselves and selecting technologies and solutions that are appropriate for their business," Ellis said in a recent discussion with this publication.
Computerworld / Hulme, George V.

Metrics for Success: Tracking Preventable Risk

When you track the results of your incident post-mortems to identify root causes of incidents, and when you conduct risk assessments to prospectively document vulnerabilities, you have the data to impress management on the consequences of failure to follow policy, procedures or other elements of your internal controls that contribute to risk exposure. Objective: A significant percentage of security events are preventable. Use your metrics to influence behavior and fundamental corrective action.
SecurityInfoWatch.com / Campbell, George

Employee Theft:The Largest Source of Shrink in North America

Shrinkage cost retailers around the world more than $119 billion over the past year, or 1.45 percent of their sales, according to the Centre for Retail Research's Global Retail Theft Barometer for 2011. The causes that are most commonly responsible for retail shrinkage are different in various regions of the world. Customer theft was the primary cause for shrinkage in most countries around the world, resulting in $51.5 billion in losses so far this year. However, dishonest employees were the biggest cause of retail shrinkage in North America. Employee theft resulted in $47 billion in losses for North American retailers so far this year, up from $37.8 billion last year.
Security Management / Purvis, Carlton

One Million UK Workers Have Experienced Violence in the Workplace

Researchers at Britain's Cardiff and Plymouth universities have found that workplace violence is more prevalent in the U.K. than previously thought. Researchers conducted interviews of almost 4,000 employees working in a variety of different roles and in a number of different industries, and found that nearly one in 20 had been the victims of workplace violence. This translates to more than 1 million workers throughout the U.K., the researchers noted. Of those that said that they had been the victims of workplace violence, nearly 4 percent said that they had suffered injuries as a result of those incidents.
Guardian Unlimited (UK) / Snowdon, Graham

Most Americans Unprepared for Disaster, Survey Finds

A new survey finds that most Americans are unprepared for major disasters and that they maintain a false sense of security with regard to what will happen if a major disaster or a terrorist attack took place; contrary to reality, almost one-third of respondents believed that during a major disaster, calling 911 would bring help within an hour, while 30 percent said they believed help would come within several hours.
Homeland Security NewsWire

New Report Highlights Economic Threat of Weak U.S. Cyber Security

A new report on cyber intelligence and cyber attacks outlines overlapping vulnerabilities in computer networks across private industry and the U.S. government, and calls for a systematic response that would prevent the harm these weaknesses could inflict on national security and the economy.
law.com/ Catherine Dunn

What's a Company's Biggest Security Risk? You.

Security experts say that, despite the precautions taken by many major corporations to prevent cyber attacks, they still have one major vulnerability that cannot be fixed by technological advances: their employees. "The security gap is end users," says Kevin Mandia, chief executive of security firm Mandiant Corp.
Wall Street Journal/Geoffrey A. Fowler

NIST releases final piece of IT security foundation

The U.S. National Institute of Standards and Technology (NIST) has released Special Publication 800-30, "Guide for Conducting Risk Assessments," which provides guidance on how to assess IT risk.
Government Computer News/William Jackson

Corporate Boards Weak Link in Information Security

According to the governance, risk, and compliance unit of Thomson Reuters, most major corporations have "significant security gaps that leave sensitive board-level information open to information theft and hacking, On Wall Street (Sept. 21, Steinert-Threlkeld) notes. Thomson Reuters said its survey of board members, corporate secretaries, and company attorneys found that information provided to members of corporate boards of directors is often in unencrypted e-mail accounts and computers.
On Wall Street/Tom Steinert-Threlkeld

In China, Business Travelers Take Extreme Precautions To Avoid Cyber-Espionage

Security experts are warning that travelers should avoid bringing electronic devices carrying important company contacts and confidential information with them to China if at all possible. This warning stems from the pervasive electronic surveillance and cyber-espionage undertaken by the Chinese government and other regional sources
The Washington Post/Ellen Nakashima and William Wan

Email Main Source of Data Leaks in Organizations: Survey

Email may be integral to an organization's day-to-day operations, but it is also becoming one of the primary sources of data leakage, according to a recent Ponemon Institute report. In a survey of 830 information technology, security, and compliance experts, more than 50 percent said improper email use among employees is the main source of data leaks within the organization.
eweek/Fahmida Y. Rashid

Organizations Over-Confident About Security Strategy: Survey

Senior executives are overconfident about their organization's information security strategy, according to a PricewaterhouseCoopers survey. Of the 9,600 senior executives who took part in the 2012 Global State of Information Security Survey, 43 percent said that their organization had an effective, proactive security strategy
eweek/Rashid, Fahmida Y.

Data Security Not High on Hospitals' Priority List

A new report from the consulting firm CSC says hospitals must increase security to achieve Meaningful Use and comply with new HIPAA requirements. CSC consultant Jared Rhoads says an annual risk analysis is required under stage 1 and putative rules for stage 2 Meaningful Use.
Information Week/Ken Terry

Organized retail theft: A $30 billion-a-year industry and growing

“Organized retail crime,” as police call it, has become big business. Last year, theft rings stole an estimated $30 billion worth of retail merchandise that wound up getting sold out of car trunks, online and even to distributors who relay the merchandise back to store shelves.
ABC newsnet5.com

Ten Years After 9/11 -- Risk Management in the Era of the Unthinkable

For the entire country, the September 11, 2001, the attacks redefined the meaning of risk management in both the public and private sector, Wharton experts say, forcing companies and the government to rethink the ways that they prepare for, respond to and recover from large-scale disasters. The new agenda for security that was set on that sunny fall Tuesday has been tested, questioned and reshaped again and again in the decade since -- by events including Hurricane Katrina, the BP oil spill in the Gulf, the 2008 financial crisis, the Arab Spring, the earthquake and tsunami in Japan, and most recently, Hurricane Irene.

Top 5 Hazards for Business Travelers (Hint: Terrorism Isn't One Of Them)

So, you think nothing short of a revolution in Libya, an earthquake, a hurricane or a terrorist attack can keep you from your business meetings?

Montgomery County Proposes Flash-Mob Law

Lawmakers in Montgomery County, Md., are in talks with the state delegation about the possibility of introducing legislation in next year's session of the Maryland General Assembly that would address the problem of flash mobs.
Washington Times; Noble, Andrea

Workplace Homicides and Suicides Fell in 2010

According to the Labor Department's preliminary Census of Fatal Occupational Injuries report, the number of workplace homicides dropped last year. The reported noted that the number of homicides that took place at U.S. workplaces dropped by 7 percent in 2010. Workplace suicides, meanwhile, decreased slightly from 263 in 2009 to 258 in 2010.
Wall Street Journal; Reddy, Sudeep

Scared Mexicans Try Under-the-Skin Tracking Devices

A recent Mexican congressional report indicated that kidnappings have increased 317 percent in the past five years. Some Mexicans, afraid of being next on the cartel's list of targets, have had radio frequency identification chips (RFIDs) or other tracking devices surgically implanted to allow them to be tracked. Many of the implants are selling for thousands of dollars based on promises that they improve the kidnapping victim's chances of being returned.
Washington Post ; Miroff, Nick

Campus Security: There's an App for That

The University of Maryland's College Park campus is planning to introduce a smartphone application next month that aims to improve security. The app, known as M-Urgency, will allow students, faculty, and staff to instantly alert police and share with them their exact location.
Baltimore Sun; Sentementes, Gus G.

Malware Able to Record Phone Conversations Looming: BitDefender

It is only a matter of time before malware evolves to record smartphone conversations. "We are going to see malware that records phone conversations and we've already seen malware that extracts contact message documents and email documents," he says. There is a lot of malware created for social media, Android devices, and computers that is highly focused on amassing information about the users, Cosoi warns. According to BitDefender's own research, 80 percent of malware found for smartphones operating on Android is designed to steal information from the phone. Cosoi predicts that the data will be used in creating various profiles which can then target the user with anything from phishing attacks to scams persuading the user to spend money. (go to web site)
Computerworld Australia; Barwick, Hamish

VIPER,VENOM Snake Critical Info Across Intergovernmental Boundaries

Security experts involved in pilot projects for the Department of Homeland Security's (DHS) Virtual USA initiative say that the technologies being tested have potential to transform the way the government coordinates geospatial information and other data-sharing capabilities. Virtual USA has launched dozens of integrative projects at the federal, state and local levels. Two of these projects, the Virtual Emergency Network of Multnomah County (VENOM) in Oregon and the Virginia Interoperability Picture for Emergency Response (VIPER), have already shown success integrating county systems with state and regional partners' systems for emergency management operations.
Government Computer News Marshall, Patrick

Bill Calls for Background Checks at Utilities

Sen. Charles Schumer (D-N.Y.) has introduced legislation that would require all employees at the nation's major power plants to undergo FBI background checks. Schumer's legislation comes after the Department of Homeland Security released a report that found that terrorists could obtain sensitive information from disgruntled former power plant employees.
Boston Globe

Creating Ag Extension Agent for Cyber

Eugene Spafford, the executive director of Purdue University's Center for Education and Research in Information Assurance and Security, is calling for the creation of a national cybersecurity extension service. Such a service would enable anyone dealing with cybersecurity threats to turn to a government agent for help. Spafford says a cybersecurity extension service could work in tandem with the U.S. National Institute of Standards and Technology's efforts to provide detailed guidance on cybersecurity issues.
GovInfoSecurity.com, Eric Chabrow

Schumer Wants End of Fake IDs From China

New York Sen. Charles Schumer wants to crack down on China for selling sophisticated fake driver's licenses to college students and under-age drinkers. Schumer is trying to get the Department of Homeland Security to ban major wire transfer companies from forwarding funds to the foreign companies who are making the licenses, most of which are in China. The fake IDs could have major national security implications as they could be used by terrorists trying to pass through airport security checkpoints.
Business First / James Fink