White House calls Sony hack a "serious national security matter," gov't mulls proper response

White House calls Sony hack a "serious national security matter," gov't mulls proper response

Sony Pictures recently canceled the "The Interview" movie release, following hacker threats.

FBI op, leading to child porn convictions, used Metasploit

Several were arrested in Operation Torpedo, including former acting HHS cyber director DeFoggi.

Senate and House pass cybersecurity bill

The U.S. House of Representatives and the Senate passed to the CyberSecurity Enhancement Act of 2014, giving NIST the go-ahead to develop voluntary cyber standards for critical infrastructure.

House, in rush vote, passes Intelligence Authorization Act

House, in rush vote, passes Intelligence Authorization Act

The Senate passed the Act on Wednesday after adding a controversial amendment and the House rushed to pass it with little room for debate.

Site operator pleads guilty to facilitating prostitution, a first in federal convictions

Site operator pleads guilty to facilitating prostitution, a first in federal convictions

Eric Omuro, who also goes by "Red," ran the site myRedBook.com.

Court hears oral arguments for appeal in Smith v. Obama

Court hears oral arguments for appeal in Smith v. Obama

Peter Smith, the husband and lawyer of plaintiff Anna Smith, argued that her Fourth Amendment rights were violated in dragnet surveillance by the NSA.

North Korea: Sony Pictures hack may be work of gov't supporters

North Korea: Sony Pictures hack may be work of gov't supporters

Meanwhile, an internal email between execs at Sony Pictures and Mandiant, the forensics unit tapped to investigate the breach, leaked to the press.

The proliferation of mandates

The proliferation of mandates

The reality of ubiquitous reliance on ICT has given rise to the criticality of cyber security, says Cisco CSO Edna Conway.

Report: NSA operation to identify cell phone network weaknesses, exploit for surveillance

The NSA intercepted communications from hundreds of email accounts from major cell phone network operators to exploit network weaknesses for surveillance purposes.

Bill introduced, bans government mandates to build weaknesses into technologies

U.S. Senator Ron Wyden introduced the Secure Data Act on Thursday to prohibit federal agencies from mandating that backdoors and other security vulnerabilities be built into U.S. software and electronics.

House passes critical infrastructure protection bill

The U.S. House of Representatives unanimously approved three bills, including the Critical Infrastructure Protection Act.

Credit unions urge Congress to enforce security standards for retailers

The National Association of Federal Credit Unions is asking Congress to establish national data breach and notification standards for retailers.

Regin: nation-state possibly behind the stealthy modular spying malware

Regin: nation-state possibly behind the stealthy modular spying malware

Symantec is referring to the malware as 'groundbreaking,' particularly due to the advanced techniques it uses to conceal itself.

DHS, FBI sound alert on holiday cyber scams

The FBI and Homeland Security's US-CERT team have both warned that online scams, taking advantage of the holiday shopping frenzy, will be plentiful this season.

International commission to create recommendations on internet governance

The 29-member Global Commission of Internet Governance Innovation features political leaders, global academics and business leaders that will explore pressing topics in the digital world.

NSA director states China can shut down U.S. electric grids, report indicates

The director of the NSA stated that China, as well as "one or two" other countries, is capable of launching cyberattacks to shut down electric grids and other critical infrastructure in parts of the U.S.

ACLU requests info on gov't spy program using 'dirtboxes'

Earlier this month, it was revealed that DOJ uses "dirtboxes" attached to aircrafts to spy on Americans' mobile devices.

USPS draws ire of Congress over data breach response

USPS draws ire of Congress over data breach response

Members of the USPS testified before a House subcommittee Wednesday, drawing criticism over the delay in its breach notification to impacted employees.

NATO launches largest cyber exercise to test its network security

With more than 400 technical, government and cyber experts involved, Cyber Coalition 2014 tested the speed of sharing threat intelligence.

USA Freedom Act foiled by Senate Republicans

USA Freedom Act foiled by Senate Republicans

The USA Freedom Act, aimed at NSA surveillance reform, failed to pick up enough votes to avoid a Republican filibuster.

VA falters in cybersecurity audit for 16th year

Veterans Affairs has failed an annual cybersecuirty audit for the 16th year in a row, a new report reveals.

State Department hack may be tied to White House network breach

State Department hack may be tied to White House network breach

The AP reported on Sunday that the State Department had its unclassified system compromised. The news follows the breach of three other government entities' systems.

'Stingray' requirement approved in Washington

Judges in Pierce County, Wash. approved a new requirement that would make law enforcement officials explicitly cite when they plan to use 'stingray' technology during an investigation.

U.S. spy program targeting Americans' mobile phones, report says

U.S. spy program targeting Americans' mobile phones, report says

The U.S. Department of Justice is attaching small devices to airplanes that gather massive amounts of mobile phone data, including the data of innocent Americans, a Wall Street Journal report indicates.

IBM leverages Big Data in $325M DOE deal

The funding will support the development of two new supercomputers.

Federal data breach legislation advances as provincial lapse nears

A Canadian federal bill that would force companies to notify individuals of breaches moved a step closer to being law in October.

Wildfire breach affects 15,000

British Columbia's provincial government is notifying 15,000 individuals after a privacy breach in its Wildfire Management Branch.

RCMP record keeping needs work, says Privacy Commissioner

Canada's RCMP cannot tell whether it complies with federal privacy law when gathering information about citizens without a warrant, according to a report.

Norse wins $1.9M DOE contract to secure energy sector operators

The Department of Energy contract will allow Norse to support the agency's Cybersecurity Risk Information Sharing Program (CRISP).

Slew of black marketplaces, including Silk Road 2.0, go dark in Fed sweep

Slew of black marketplaces, including Silk Road 2.0, go dark in Fed sweep

Seventeen suspected members of online marketplaces, including Silk Road 2.0's alleged operator, have been arrested.

Gov't AIDS websites left user data unencrypted

The government has begun encrypting user data on two websites providing AIDS-related information.

Report: Dutch gov't OKs Drinkman extradition to U.S.

Vladimir Drinkman, who was charged for his involvement in the Heartland breach, is currently in the Netherlands.

Does an Executive Order make payments more secure in the U.S.?

Does an Executive Order make payments more secure in the U.S.?

This year has been so bad for merchant data breaches that the president felt the need to ensure that the government would offer itself as a more safe and secure place to do business with.

Acting out: Cyber simulation exercises

Acting out: Cyber simulation exercises

Simulation exercises show how companies should respond under a cyberattack, says HHS's Sara Hall. Teri Robinson reports.

Schumer: Feds should do 'top to bottom' probe of online drug marketplaces

Sen. Charles Schumer of New York has called on federal law enforcement officials to stop "copy cat websites."

HackingTeam spying manuals posted online

The Italian spyware company had its manuals posted online that detail how thoroughly an infected user's actions can be monitored.

Attack on White House systems breached unclassified networks

The White House experienced a sustained cyberattack on its systems that impacted its network for nearly two weeks.

FBI uncovers second person leaking government documents

The unnamed leaker's house was searched and a criminal case was opened after documents about the U.S. government's terrorist watch list were published.

US-CERT warns of phishing campaign spreading Dyre

The credential-stealing malware Dyre has been tied to a string of phishing attacks.

WorldPay hacker sentenced to 11 years for role in $9.4M scheme

WorldPay hacker sentenced to 11 years for role in $9.4M scheme

An Estonian man, Sergei Tsurikov, was sentenced Friday after helping to steal over $9.4 million from payment processor RBS WorldPay in 2008.

Court shutters NY co. selling security software with "no value"

A federal court shut down Pairsys at the request of the Federal Trade Commission.

Chinese MitM attack targets iCloud users

Chinese MitM attack targets iCloud users

The attack used a false certificate to trick iCloud users into handing over personal data and login credentials. With an attack of this size, some experts and researchers believe the Chinese government could be to blame.

ISA president urges state AGs to expand understanding of cybercrime

Speaking at a National Association of State Attorneys General conference, ISA's Larry Clinton asked the AGs to step up efforts to get more resources.

Information sharing requires breaking down barriers, White House cyber guru says

Information sharing requires breaking down barriers, White House cyber guru says

The White House has advanced an agenda to promote and facilitate information sharing on security threats and vulnerabilities.

DHS investigates possible vulnerabilities in medical devices, report indicates

DHS investigates possible vulnerabilities in medical devices, report indicates

Reuters reported on Wednesday that DHS is investigating roughly 24 cases of suspected vulnerabilities in medical devices and hospital equipment.

Progress on national breach notification law may stall

A bill, which would require a national reporting standard, has failed to make it before the Senate or House this year.

JPMorgan Chase hackers missed fed gov't employee accounts

Information on half a million federal workers in the government's SmartBuy program went undetected by Chase hackers.

Google updates piracy-fighting report

The search engine company updates it piracy report to let users know how its adjusting search results to stop illegal piracy efforts.

President signs Executive Order to improve payment security

President signs Executive Order to improve payment security

President Obama signed an Executive Order at the Consumer Financial Protection Bureau calling for enhanced security measures, including microchips and PINs.

TD Bank reaches $850K breach settlement with states

The settlement brings some resolve to the 2012 breach, where the bank lost unencrypted backup tapes.

N.M. man, who intercepted governor's emails, sentenced to nine months

Jaime Estrada was sentenced to nine months in prison and was ordered to pay a $10,000 fine.

ABA wants to automatically call and text mobiles regarding breach and fraud alerts

With data breach and fraud alerts in mind, the ABA filed a petition on Tuesday asking the FCC to remove "outdated regulatory restrictions" that prevent sending automated calls and texts to mobile devices.

'Sandworm Team' exploits zero-day bug in espionage campaign

'Sandworm Team' exploits zero-day bug in espionage campaign

A group of cybercriminals believed to be Russian are exploiting a zero-day vulnerability to deliver malware and gather information from various organizations around the world.

EFF urges court to find NSLs unconstitutional

EFF urges court to find NSLs unconstitutional

National Security Letters (NSLs) tread on the First Amendment and give the FBI too much authority, EFF argued.

AT&T to pay $150M to settle cramming case, covers $80M in refunds

AT&T to pay $150M to settle cramming case, covers $80M in refunds

The settlement marks the largest FCC enforcement action to date, and also involved the FTC and state attorneys general.

Twitter sues U.S. government over sharing limits on transparency report data

Twitter sues U.S. government over sharing limits on transparency report data

The social media giant believes the limits imposed by the DOJ on data in transparency reports for its users violates its First Amendment rights.

Marriott to pay $600K fine for blocking guests' Wi-Fi networks

The FCC launched an investigation last year after a consumer complained of the practice.

Same battle, different field

Same battle, different field

Cyberwarfare is so new that the ground rules are still being established. Nazan Osman provides an overview.

The great communicator: Government policy

The great communicator: Government policy

It's all about what you say and how you say it, says DHS's Phyllis Schneck. Teri Robinson reports.

Addressing attacks on critical infrastructure

Just recently we witnessed the U.S. House of Representative pass two bills aimed at bolstering the security operations of the nation's critical infrastructure.

Mobile-derived credentials

It's more than a trend. Mobile devices are becoming the new enterprise desktop. But mobile devices require the same security considerations to access corporate intranets or securely sending and receiving email.

FBI director criticizes Apple, Google encryption moves

James Comey reportedly said the developments could put consumers "beyond the law."

NIST taps MITRE to support National Cybersecurity Center of Excellence

The contract includes initial tasks totaling $29 million, the U.S. Commerce Department's NIST said.

Data security and privacy: Key issues, challenges and responses

Security and privacy professionals employ enumerable solutions and techniques for information security. Yet, the target of the protection, sensitive and private data, is not clearly understood.

Fed court shutters Butterfly Labs at FTC's request

The Federal Trade Commission had asked a federal court to shut down the company, which marketed specialized computers to mine bitcoins.

Reducing cyber risk in industrial control systems with advanced network segmentation

The ISA99/IEC 62443 portfolio of standards has emerged as a leading framework for cybersecurity in ICS and SCADA and was referenced in the recent Presidential Framework.

LEADS Act addresses gov't procedure for requesting data stored abroad

LEADS Act addresses gov't procedure for requesting data stored abroad

Senators introduced the legislation last week as a means of amending the Electronic Communications Privacy Act (ECPA).

Canadian telecom co. Telus unveils first transparency report

The company received more than 100,000 government requests for customer data last year.

Securing critical patient privacy & care: Visibility, control and response for healthcare providers

Healthcare IT professionals deal with an increasing array of critical security issues that involve privacy, BYOD and network access, managing live-saving medical devices, and ensuring compliance federal regulations.

Yelp and TinyCo settle with FTC over COPPA Rule violations

Yelp and TinyCo settle with FTC over COPPA Rule violations

Yelp will pay $450,000, and TinyCo will pay $300,000 to settle charges that their mobile apps collected information from children under the age of 13.

Congressman asks Issa for hearing on CHS breach

The top Democrat on the House Oversight and Government Reform Committee asked for a hearing to investigate the CHS breach.

Documents reveal NSA plans to map every internet connected device in the world

Documents provided by Edward Snowden reveal that the NSA is looking to build a near real-time map of every single internet-connected device in the world.

FBI facial recognition system ready for use

The Federal Bureau of Investigation has announced that it is prepared to roll out its new fully operational facial recognition system.

Former CTO of Liberty Reserve pleads guilty in New York

Former CTO of Liberty Reserve pleads guilty in New York

Mark Marmilev pleaded guilty on Thursday for his part in a money laundering conspiracy.

Microsoft held in contempt, moves closer to appeal over customer email warrant

Microsoft held in contempt, moves closer to appeal over customer email warrant

Microsoft continues to fight an order requesting it to turn over customer emails stored in a data center in Ireland.

Tapping global threat intelligence to secure enterprise networks

On July 9, 2014, the Cybersecurity Information Sharing Act (CISA) passed the Senate Intelligence Committee in a 12-3 vote. The legislation encourages threat information sharing between government and the private sector

CMS administrator to testify before committee on HealthCare.gov hack

Administrator Marilyn Tavenner will have to testify in front of the House Committee on Oversight and Government Reform on Sept. 18.

Privacy groups urge Senate leaders to pass USA Freedom Act

More than 40 civil liberties groups are urging Senate leaders to pass legislation that would put a halt to the NSA's data collection practices.

Game theory: Cyber preparedness

Game theory: Cyber preparedness

Business leaders are beginning to fathom the importance of cyber war game simulation exercises, reports James Hale.

How safe is cloud - really?

How safe is cloud - really?

Revelations of government surveillance are fueling a paranoia that isn't going to subside. Kate O'Flaherty asks whether firms should be afraid of adopting cloud?

FTC seeks public comment on adult verification company AgeCheq

Under the agency's COPPA ruling, website that collect personal information on its young users must receive parental consent before doing so.

Former acting HHS cyber director convicted on child porn charges

Former acting HHS cyber director convicted on child porn charges

Timothy DeFoggi, who was nabbed by the FBI last year in its Operation Torpedo investigation was convicted by federal jury in Nebraska.

California Assembly passes first student online privacy bill

The bill would prevent companies from selling students' data and profiting from it.

NSA's ICREACH search engine shares billions of records, The Intercept reports

More than 1,000 analysts at 23 U.S. government agencies have had access to more than 850 billion records courtesy of NSA's ICREACH, a search engine similar to Google.

Calif. passes law requiring smartphone kill switch technology

Starting July 2015, all smartphones sold in the state must come with the anti-theft technology.

FTC asks court to shut down debt relief scam

Claiming funding from the federal government and an endorsement by President Obama, a debt relief program coerced private data from consumers.

Report: UK police push for required mobile phone PWs

The Metropolitan Police have reportedly lobbied for two years to enact the standard.

Medical transcription provider settles data security charges

GMR Transcription Services in California agreed to settle FTC charges related to its security practices.

AP denied security docs on HealthCare.gov, a risk to private information

AP denied security docs on HealthCare.gov, a risk to private information

The Associated Press was denied a request made under the Freedom of Information Act for documents that contain security information on HealthCare.gov.

NSA works to automatically detect attacks, return strikes from foreign adversaries

NSA works to automatically detect attacks, return strikes from foreign adversaries

The NSA program, called "MonsterMind," is reportedly being developed by the intelligence agency.

FCC creates task force to scrutinize illegal stingray use

FCC creates task force to scrutinize illegal stingray use

The task force will examine the use of the technology by foreign intelligence agencies and criminals targeting Americans.

Skimming con drains pension of retired officer in Philippines

The National Bureau of Investigation (NBI) warned that the incident showcases the growing incidence of ATM skimming fraud.

DEA paid $850K for Amtrak passenger info that was available for free

The DEA paid an unnamed Amtrak secretary more than $850,000 for passenger information that it could have attained for free.

White House charges elite tech team with improving websites

After a disastrous rollout of healthcare.gov, the White House has put together a team of private sector gurus to improve federal websites.

The industry's role in public safety

In this video, Joshua Corman, CTO at Sonatype, chats with SC Magazine's Danielle Walker on his involvement in some important upcoming initiatives.

Black Hat:"Saving cyberspace" requires next-level defense focus

Black Hat:"Saving cyberspace" requires next-level defense focus

Speaker Jason Healey warned that the internet can only endure so much abuse before it's irreversibly damaged.

Breach of USIS believed to be state-sponsored, DHS reportedly impacted

Two USIS clients, the Department of Homeland Security and the Office of Personnel Management, have suspended their contracts as a result of the incident.

Wikimedia Foundation lists removed links under 'right to be forgotten'

The nonprofit group which run Wikipedia was notified by Google of links removed from its search results.

NIST drafts updated guidance for agencies assessing security, privacy

NIST drafts updated guidance for agencies assessing security, privacy

The guidance gives federal agencies improved assessment procedures for securing their information systems and networks.

Leahy bill would end bulk data collection, introduce reforms

Leahy bill would end bulk data collection, introduce reforms

Sen. Patrick Leahy introduced an NSA reform bill that would update the USA Freedom Act.

Sign up to our newsletters

RECENT COMMENTS

FOLLOW US