On December 6, thirteen defendants pleaded guilty in U.S. federal court to charges related to their involvement in the cyber-attack of PayPal’s website as part of the group Anonymous. In pleading guilty, the defendants admitted to carrying out a Distributed Denial of Service (DDoS) attack against PayPal in December 2010.
Ten of the defendants each pleaded guilty to one felony count of Conspiracy and one misdemeanor count of Intentional Damage to a Protected Computer. One defendant pleaded guilty to one misdemeanor count of Reckless Damage to a Protected Computer, and the remaining two each pleaded guilty to one misdemeanor count of Intentional Damage to a Protected Computer. Read more
The data titans of Silicon Valley have said, “Enough is enough!” A coalition of the world’s leading tech companies is asking for the U.S. and other national governments to put a stop to unfettered data collection and surveillance and other practices that inhibit the free movement of lawful data around the globe.
The principal members of the coalition are AOL, Apple, Facebook, Google, LinkedIn, Microsoft, Twitter and Yahoo! Though these companies are rivals in the marketplace, they are united on their stance that governments should not be snooping on the activities and whereabouts of the general population.
Posted in Data Protection, Governance, Risk and Compliance, Security Management, Uncategorized
Tagged Apple, data protection, Edward Snowden, Facebook, LinkedIn, Microsoft, NSA, twitter, Yahoo
I’m pleased to introduce myself to the Security Bistro community and hope that you welcome this video blog with open arms. The Corero Network Security team and I are excited to introduce a reoccurring monthly video post that aims to dissect and analyze the various cyber attack types that are infiltrating network environments across the globe. Read more
Posted in Data Protection, Governance, Risk and Compliance, Network Security, Security Management, Security Threats, Uncategorized
Tagged Cyber Threats, Port Scanning, Pre-Attack Recon, Stephen Gates, Video Blog
I came across a blog post the other day that really angers me. British IT consultant Jason Huntley wrote the detailed article LG Smart TVs logging USB filenames and viewing info to LG servers in mid November. He outlines how he discovered that his LG brand smart TV was collecting private data about his viewing habits and using it to serve customized ads. This was after Huntley supposedly turned off the option for LG to collect this information.
Huntley notes that the permission to collect his television viewing information is “on” by default and the smart TV owner has to find the option in a menu to turn it “off.” Huntley set the permission to “off” meaning no collection of data was permitted by him. Read more
By now practically every information security professional and thousands of unfortunate victims are aware of CryptoLocker, the dangerous malware that encrypts all of a victim’s files and holds them for ransom. Security experts say it’s relatively easy to remove the malware itself but the damage is done when entire file systems cannot be decrypted without the key that is held by the perpetrators. CryptoLocker has been called “evolutionary” as malware goes and it has been highly successful in its mission to get money for the attackers, so we are likely to see more attacks of this nature in the future.
OpenDNS is one company that has been able to recognize and block CryptoLocker from infecting its customers. OpenDNS operates a DNS lookup service that simply blocks traffic attempting to go to nefarious sites. The company uses predictive analytics to understand what sites to block.
Small and medium businesses (SMBs) often don’t pay enough attention to cybersecurity, but they are no less vulnerable than their enterprise counterparts are to data breaches and attacks. In fact, attackers might consider SMBs to be an easier path into larger enterprises that are the real target.
In his blog post “Are Small Business IT Environments Virtual Gateways to Larger Enterprises?” Jon Karl of the fraud prevention company iovation wrote:
While small businesses may be less lucrative for cyber crooks, they see them as a means to an end — with the prime target being larger organizations with much deeper pockets and valuable corporate assets. For online offenders, less conspicuous suppliers that partner with larger organizations hold the key to the digital doors of larger corporations. Those keys come in the form of customer information and intellectual property, which can be valuable to the right buyer in the digital black market. This data can also be used as a starting point for getting a foot in the door to commit affiliate fraud and other more sophisticated scams against big companies.
In 2011, young mother Casey Anthony went on trial for the murder of her two year old daughter Caylee. You may recall some of the lurid details from the case. In June 2008, the mother reported her child as missing. Caylee’s skeletal remains were found by a utility worker in December 2008. Prosecutors felt they had enough evidence to charge Casey with capital murder. The case was carefully laid out over the course of a month, but in July 2011, the jury found Casey Anthony not guilty of the most serious charges against her: first degree murder, aggravated child abuse, and aggravated manslaughter of a child. She was, however, found guilty of providing false information to law enforcement.
Many people were stunned at the outcome of this trial, having expected that Casey Anthony would be found guilty of murder. The disappointment reached a crescendo when it was revealed in 2012 that investigators overlooked – and thus never presented – key evidence that could have completely changed the outcome of the murder trial.
Recently I needed to download some software to my PC and, being the security-conscious person that I am, I made an attempt to read the software provider’s terms and conditions (T’s & C’s). I’ll admit that I got just so far in really reading the script. Then I started skimming the words, and then skipping entire sections. I finally scrolled down and just clicked on “I agree” to get my software.
That probably wasn’t a very wise thing to do. As reported in a blog post by Brandon Cook at Skyhigh Networks, software vendors sometimes put some pretty sneaky provisions in their T’s & C’s. You may think that a vendor is out to protect you with its T’s & C’s, but the real reason that legalese exists is to protect the vendor’s interests. And sometimes those interests mean asserting the vendor’s right to use your content, your code or your likeness any way it wants to.
In an earlier post, I speculated that the systems behind the healthcare exchange marketplace known as the Federally Facilitated Marketplace (FFM) and hosted on Healthcare.gov were not tested end-to-end and could not be trusted to ensure data security and privacy. My speculation a few days ago is now totally confirmed by the people in charge. (See What’s the Word from Healthcare.gov? “Trust Us With Your Most Sensitive Data.”)
CNN has posted a “decision memo” that is directed to Marilyn Tavenner, Administrator of the Centers for Medicare and Medicaid Services (CMS), the organization largely responsible for implementing the Affordable Care Act (ACA). The memo comes from James Kerr, Consortium Administrator for Medicare Health Plans Operations and Henry Chao, Deputy Chief Information Officer & Office of Information Services Deputy Director. In other words, these are the guys who know the true status of the FFM and Healthcare.gov.