TweakTown NewsRefine News by Category:
Following recent high-profile security breaches of U.S. retailers, the Securities and Exchange Commission (SEC) plans to host a roundtable discussion next month focused on cybersecurity. As cyber threats become more common place, lawmakers also are concerned a standardized customer notice system isn't in place for retailers to follow.
Retailers and financial institutions argue over which side should be held responsible for fraud activity on customer accounts. There are now trade groups teaming up to try and help work through the issue together, though cyber money crimes contribute to a booming multi-billion-dollar industry.
Following the Target and Neiman Marcus breaches specifically, consumers are increasingly frustrated by sometimes lackadaisical security practices. The Obama Administration recently released cybersecurity guidelines for select industries, though didn't make it mandatory to implement any of the ideas.
American attorneys were caught up with the NSA's global surveillance program, as an unnamed U.S. law firm representing an overseas client currently in a bitter legal battle with the U.S. government. Specifically, the Australian and U.S. governments agreed to share information on a law firm that was retained by the Indonesian government - and information protected under attorney-client privilege was likely included.
Attorney-client privilege isn't protected from NSA eavesdropping, though the American Bar Association demands attorneys to "make reasonable efforts" so confidential information isn't shared with others.
There has been growing concern that governments conducting spying and surveillance could breach attorney-client privilege with little recourse.
The controversial NSA surveillance program has shown frightening sophisticated practices, with U.S. residents, foreign citizens, government leaders, and others being spied on. Former NSA IT worker Edward Snowden, currently in Russia on temporary asylum, has greatly informed the public of spying behavior in the digital age.
The CyberPatriot VI tournament, designed as a youth cyber defense competition, will host 26 teams of U.S. high school students alongside two middle school teams in March. The schools are broken down into certain categories, such as public and private schools, Junior ROTC units, and other go through a series of tests for the groups to compete against one another.
"We don't teach hacking, we don't teach offensive techniques, but we very much teach defending against those things - that's the whole purpose of the competition," said retired Brig. Gen. Bernie Skoch, commissioner of the CyberPatriot effort, when speaking to the Air Force Times.
Skoch also added that he believes there will be around 330,000 unfilled cyber security jobs worldwide in 2015, despite a higher payday and job availability.
There is increased interest in continued improvement of cyber security efforts, especially for government agencies and critical infrastructure. The Obama Administration recently released security guidelines for utilities, banks, and other select industries, though the recommendations aren't necessarily a set of requirements that must be followed.
The United States and South Korea have mutually agreed to send sensitive information with approved vendors only, while avoiding the use of hardware made by Huawei over spying concerns. There has been increased talk among both countries after increased concern that Huawei-made hardware could lead to easier spying activity from the Chinese company.
"While the United States has expressed concerns in the past, these decisions were made by the Republic of Korea and the Republic of Korea alone," a U.S. State Department spokesperson told the Wall Street Journal.
No Huawei technology will be used on U.S. military bases in Korea, according to the State Department, as almost 30,000 U.S. military personnel are located in the country. South Korean decision makers also reportedly showed concern using Huawei hardware, and the final decision was made by the host country, though officials remain quiet about the "confidential and private business information."
Target management received numerous warnings related to the company's cyber security issues, with at least 60 days notice before hackers stole information about millions of accounts. Despite concerns from security experts, Target may have ignored security warnings in favor of installing a new system and making sure it was in place prior to Black Friday 2013.
Target, along with other major retailers, received memos written and distributed by security companies and the U.S. government warning of potential security concerns. Furthermore, a Target security analyst wanted to take a closer look at the company's point-of-sale and other payment, though it doesn't appear that took place.
Fallout from the Target breach continues to ripple throughout the industry, as several other retailers have also been affected from data breaches.
Companies receive a large number of security warnings, so it can be difficult to try and realistically figure out which ones to take seriously.
Sen. Rand Paul (R-Ky.) has filed a lawsuit against Pres. Obama's administration and the National Security Agency (NSA), drawing headlines in his attempt to disrupt the NSA and its controversial data snooping efforts. The class-action lawsuit from the potential Republican president candidate is a curious move, as Paul is banking on U.S. citizen anger to gain headlines.
Besides Obama, NSA Director Keith Alexander, FBI Director James Comey and Director of National Intelligence James Clapper were also named in the lawsuit. The class action lawsuit could represent "hundreds of millions" of U.S. citizens, and has received 386,000 signatures on an online petition Paul shared on his website.
If this story isn't weird enough already, apparently Paul and Cuccinelli are under fire from constitutional lawyer Bruce Fein, as Fein wrote the lawsuit but his name was replaced by Cuccinelli. Not only was the lawsuit "stolen," but Fein also said he still hasn't received full compensation from Paul's political action committee, and clearly isn't pleased.
Former NSA contractor Edward Snowden was able to gain access to classified information using a co-worker's login credentials, which led the employee to lose his security clearance and later resign.
Snowden reportedly tricked an employee to use his login credentials on Snowden's computer, and while he was unaware of Snowden's intentions, still didn't "comply with security obligations."
A U.S. lawmaker added: "Unbeknownst to the civilian, Mr. Snowden was able to capture the password, allowing him even greater access to classified information."
In addition to the former NSA civilian contractor, a current active duty U.S. military member and another contractor lost NSA access privileges. The U.S. government is trying to accurately identify how Snowden collected so many documents which were shared with international reporters - and to prevent a similar incident from taking place again in the future.
The Obama administration wants to help utilities, banks and other important industries better defend themselves from cyber attack, launching voluntary cyber security guidelines as reference. The White House didn't want to offer direct requirements in an effort to allow companies to determine what would work best in their own business environment.
"While I believe today's framework marks a turning point, it's clear that much more work needs to be done to enhance our cybersecurity," said Obama, in a statement from the White House. "Our critical infrastructure continues to be at risk from threats in cyberspace, and our economy is harmed by the theft of our intellectual property."
Although the Obama administration worked on the recommendations based on analysis and industry-offered input, it's unlikely to be effective in preventing future attacks.
The US government and military learned in recent years that cyber threats cannot be ignored, especially with many criminal groups operating out of China, Russia, and other political rivals.
You would expect the president of one of the largest financial institutions in the US to have a very robust personal security plan in effect to ensure that his identity or financial information was not stolen, but it appears that is not the case with PayPal's President, David Marcus. This morning Marcus revealed that one of his credit card numbers was stolen during a recent trip to Europe and then used on a large spending spree.
Marcus says that he thinks that his card was skimmed at the hotel he was staying at or at one of the several merchants he swiped the card in question at. Marcus said that despite the card having an EMV chip that is supposes to make it more secure against this sort of attack, the EMV technology did nothing to prevent his card's number from being stolen and used on a fraudulent spending spree. Marcus did take the opportunity to inject a little promotion for PayPal, saying that if the merchant had accepted PayPal then none of this would have happen as PayPal's payment solutions do not share any credit card numbers with the merchant excepting payment.
Former NSA analyst Will Ackerly and his brother, John Ackerly, are the co-founders of Virtru, a startup security company helping users encrypt e-mails and digital communications. Unlike other encryption solutions, Virtru allows users to encrypt information - and send it - and has an extremely easy user interface to ensure neither user needs to be overly tech savvy.
The Virtru plugin easily and quickly encrypts e-mails and other contents using AES 256 encryption standard, and senders must have the plugin installed. However, recipients only need to authenticate their identity with an e-mail address, and Virtru holds the decryption key.
"What we've tried to do - and what's different from what a lot of encrypted communication tools out there have done - is really spend time to integrate the encryption technology directly into Gmail, Yahoo, Outlook.com," John Ackerly, Virtru CTO, in a statement to the media.
Virtru currently has plugin extensions for Google Chrome and Mozilla Firefox, with customized versions for Internet Explorer and Safari expected soon. For mobile devices, Virtru is available for iOS 7, and will be available for Google Android sometime in the near future.
Following the continued controversy of former NSA analyst Edward Snowden's widespread snooping documents, consumers are increasingly worried about government spying.