Data security and privacy: Key issues, challenges and responses

Security and privacy professionals employ enumerable solutions and techniques for information security. Yet, the target of the protection, sensitive and private data, is not clearly understood.

Tapping global threat intelligence to secure enterprise networks

On July 9, 2014, the Cybersecurity Information Sharing Act (CISA) passed the Senate Intelligence Committee in a 12-3 vote. The legislation encourages threat information sharing between government and the private sector

Game theory: Cyber preparedness

Game theory: Cyber preparedness

Business leaders are beginning to fathom the importance of cyber war game simulation exercises, reports James Hale.

How safe is cloud - really?

How safe is cloud - really?

Revelations of government surveillance are fueling a paranoia that isn't going to subside. Kate O'Flaherty asks whether firms should be afraid of adopting cloud?

FTC seeks public comment on adult verification company AgeCheq

Under the agency's COPPA ruling, website that collect personal information on its young users must receive parental consent before doing so.

Former acting HHS cyber director convicted on child porn charges

Former acting HHS cyber director convicted on child porn charges

Timothy DeFoggi, who was nabbed by the FBI last year in its Operation Torpedo investigation was convicted by federal jury in Nebraska.

California Assembly passes first student online privacy bill

The bill would prevent companies from selling students' data and profiting from it.

NSA's ICREACH search engine shares billions of records, The Intercept reports

More than 1,000 analysts at 23 U.S. government agencies have had access to more than 850 billion records courtesy of NSA's ICREACH, a search engine similar to Google.

Calif. passes law requiring smartphone kill switch technology

Starting July 2015, all smartphones sold in the state must come with the anti-theft technology.

FTC asks court to shut down debt relief scam

Claiming funding from the federal government and an endorsement by President Obama, a debt relief program coerced private data from consumers.

Report: UK police push for required mobile phone PWs

The Metropolitan Police have reportedly lobbied for two years to enact the standard.

Medical transcription provider settles data security charges

GMR Transcription Services in California agreed to settle FTC charges related to its security practices.

AP denied security docs on HealthCare.gov, a risk to private information

AP denied security docs on HealthCare.gov, a risk to private information

The Associated Press was denied a request made under the Freedom of Information Act for documents that contain security information on HealthCare.gov.

NSA works to automatically detect attacks, return strikes from foreign adversaries

NSA works to automatically detect attacks, return strikes from foreign adversaries

The NSA program, called "MonsterMind," is reportedly being developed by the intelligence agency.

FCC creates task force to scrutinize illegal stingray use

FCC creates task force to scrutinize illegal stingray use

The task force will examine the use of the technology by foreign intelligence agencies and criminals targeting Americans.

Skimming con drains pension of retired officer in Philippines

The National Bureau of Investigation (NBI) warned that the incident showcases the growing incidence of ATM skimming fraud.

DEA paid $850K for Amtrak passenger info that was available for free

The DEA paid an unnamed Amtrak secretary more than $850,000 for passenger information that it could have attained for free.

White House charges elite tech team with improving websites

After a disastrous rollout of healthcare.gov, the White House has put together a team of private sector gurus to improve federal websites.

The industry's role in public safety

In this video, Joshua Corman, CTO at Sonatype, chats with SC Magazine's Danielle Walker on his involvement in some important upcoming initiatives.

Black Hat:"Saving cyberspace" requires next-level defense focus

Black Hat:"Saving cyberspace" requires next-level defense focus

Speaker Jason Healey warned that the internet can only endure so much abuse before it's irreversibly damaged.

Breach of USIS believed to be state-sponsored, DHS reportedly impacted

Two USIS clients, the Department of Homeland Security and the Office of Personnel Management, have suspended their contracts as a result of the incident.

Wikimedia Foundation lists removed links under 'right to be forgotten'

The nonprofit group which run Wikipedia was notified by Google of links removed from its search results.

NIST drafts updated guidance for agencies assessing security, privacy

NIST drafts updated guidance for agencies assessing security, privacy

The guidance gives federal agencies improved assessment procedures for securing their information systems and networks.

Leahy bill would end bulk data collection, introduce reforms

Leahy bill would end bulk data collection, introduce reforms

Sen. Patrick Leahy introduced an NSA reform bill that would update the USA Freedom Act.

House passes two cyber security bills

One bill aims to improve agencies' website security, while another works to thwart critical infrastructure attacks.

House of Lords subcommittee highlights 'right to be forgotten' flaws

In a recent report, a House of Lords subcommittee called the "right to be forgotten" law unenforceable.

Report: Hackers stole data from Israeli defense firms

A report by Brian Krebs detailed the intrusions, which occurred between Oct. 2011 and Aug. 2012.

Companies accused of peddling bogus AV ordered to pay $5.1M

Companies accused of peddling bogus AV ordered to pay $5.1M

A federal court in New York issued default judgments against 14 companies and individuals who allegedly operated the scams.

Senator Leahy prepares bill to tackle NSA snooping

The bill is set to be introduced on Tuesday.

Report: Japan eyes law requiring security incident reporting

Bloomberg says the Japanese government is eyeing cyber security legislation to make companies 'fess up to security incidents impacting users.

CyberMaryland conference returns, hosts job fair for military vets

The conference will be anchored by the Maryland Cyber Challenge and Competition, a security job fair, and more.

Cyber Command tests gov't collaboration in wake of attacks

The two-week exercise, "Cyber Guard 14-1," was completed this month.

Almost 40 percent of Canada's Justice Department duped by phishing

Almost one in four employees at Canada's Justice Department fell prey to internet phishing in an exercise last December.

Privacy groups, security experts and others implore Obama to veto CISA

Much to the chagrin of privacy advocates and other security experts, the Cybersecurity Information Sharing Act of 2014 passed the Senate Intelligence Committee last week.

Senate subcommittee looks to stop botnet threat

Senate subcommittee looks to stop botnet threat

In a Tuesday hearing, a Senate subcommittee heard testimony from government and private sector security experts over the botnet explosion.

Chinese man charged with hack of Boeing, Lockheed Martin aircraft data

Chinese man charged with hack of Boeing, Lockheed Martin aircraft data

Stephen Su is accused of accessing U.S. firms' systems, including defense contractors Boeing and Lockheed Martin.

Cryptolocker neutralized, says Justice Department

Cryptolocker is effectively non-functional and unable to encrypt newly infected computers, according to a status report filed by the Justice Department on Friday.

Police, security firms abate Shylock malware threat

Police, security firms abate Shylock malware threat

In 2013, the banking trojan was deemed one of the most active banking trojans by Dell SecureWorks.

Senate Intelligence Committee approves cyber security bill

Senate Intelligence Committee approves cyber security bill

The Cybersecurity Information Sharing Act of 2014 encourages threat information sharing between government and the private sector.

In year's first half, Verizon hit with 150,000 gov't data requests

On Tuesday, the telecom giant published its second transparency report on government requests for customer data.

Advanced attack group Deep Panda uses PowerShell to breach think tanks

Advanced attack group Deep Panda uses PowerShell to breach think tanks

CrowdStrike revealed that the attack group is now targeting sensitive data about political affairs in Iraq.

Senate committee passes FISMA reform bill

Senate committee passes FISMA reform bill

The FISMA reform act, which eases reporting requirements and clarifies the roles of DHS and OMB, easily passes the Senate Homeland Security and Governmental Affairs Committee.

Facebook protests Manhattan DA's request for 'nearly all data' on hundreds

Facebook protests Manhattan DA's request for 'nearly all data' on hundreds

The legal fight stems from a 2013 request by the Manhattan district attorney, seeking data from the Facebook accounts of 381 people.

Supreme Court's landmark ruling bars warrantless search of cell phones

Supreme Court's landmark ruling bars warrantless search of cell phones

Privacy advocates say the Wednesday ruling will have a positive impact on forthcoming cases involving data security.

Google begins removing European search results

Google sent its first emails today informing individuals that their requested links were being taken down in accordance with Europe's "right to be forgotten" decision.

Fla. passes sweeping data breach notification bill

In what might be the broadest data breach legislation yet, Gov. Rick Perry signed a set of bills that impose stringent requirements on businesses.

Calif. assembly committee OKs bill to cut resources to NSA

A California Senate Bill curbing "illegal and unconstitutional collection" of data is two steps away from law after a vote by the state assembly's Public Safety Committee.

House votes to block funding for NSA snooping

On Thursday, the House voted to block NSA from funds that support its warrantless search of Americans' communications.

Hong Kong polling site suffers massive DDoS attack

An online polling site intended to gauge the support for universal suffrage in Hong Kong was been hit by a large DDoS attack Tuesday.

House committee says 'inaccurate' info prompted FTC's LabMD complaint

Under investigation is FTC's relationship with security firm Tiversa, which provided the agency evidence in an ongoing data security case.

Australia's Coalition Government nixes data breach notification bill

Lawmakers back the spirit of the Privacy Alerts Bill 2014, which carries hefty fines for delinquent organizations, but called for further clarification.

Seeking solutions to robocalls, FTC hosts contests at DefCon 22

Seeking an end to phone spam, otherwise known as robocalls, the FTC is hosting three standalone contests at DefCon 22.

Rebel with a cause: Glenn Greenwald is a doctor for America's conscience

Rebel with a cause: Glenn Greenwald is a doctor for America's conscience

Glenn Greenwald's new book recounts the human drama of his collaboration with Edward Snowden, the widespread sweeping up of communications and the consequences of the U.S. surveillance state.

Bahamas taps Hogan Lovells in NSA cell phone surveillance controversy

Hogan Lovells will represent the government of the Bahamas following reports by The Intercept that the NSA had been recording all cell phone conversations made into, out of, and within the island country.

New Canadian privacy commissioner comes under fire

Canada's federal privacy commissioner has been replaced in a move that has sparked criticism from activists, academics and political leaders.

Judge reverses order for NSA to preserve data

A day after reiterating a March order that put a halt to the NSA destroying data, a federal judge, citing national, reverses his decision.

Florida judge sides with ACLU, testimony unsealed on police use of 'stingray' devices

Florida judge sides with ACLU, testimony unsealed on police use of 'stingray' devices

A Florida judge sided with the ACLU on Tuesday and ordered that a testimony on the police use of "stingray" devices be unsealed.

Int'l crackdown on Gameover botnet results in criminal charges

Int'l crackdown on Gameover botnet results in criminal charges

A 14-count indictment against the suspected botnet administrator, Evgeniy Bogachev of Russia, was unsealed on Monday.

Me and my job: Col. (Retired) Barry Hensley, Dell SecureWorks

Me and my job: Col. (Retired) Barry Hensley, Dell SecureWorks

It was while working with an elite group of cyber forces in the military that Col. (Retired) Barry Hensley realized the severity of security issues facing this nation.

News briefs: The latest on Heartbleed, Microsoft fix for IE, U.S. Cyber Command and more

News briefs: The latest on Heartbleed, Microsoft fix for IE, U.S. Cyber Command and more

This month's news briefs cover the Heartbleed bug, a Microsoft fix for IE, and more.

Following the framework: Government standards

Following the framework: Government standards

New government standards promise to address risk and improve online security for critical infrastructure, reports Karen Epper Hoffman.

Feds may restrict visas for Chinese security conference attendees

The government may impose visa restrictions on Chinese nationals who are scheduled to attend the upcoming Black Hat and DefCon security conferences.

European data authorities to probe eBay data breach

A privacy watchdog in Luxembourg will head up an investigation into the massive eBay data breach which may have affected as many as 145 million customers.

Diluted Freedom Act passes House to privacy advocates' dismay

Diluted Freedom Act passes House to privacy advocates' dismay

Groups that once backed the bill say that it has been "gutted," and no longer can reform NSA's mass collection of phone records.

Richard Clarke and Karen Jackson co-chair governor-appointed Va. security commission

Richard Clarke and Karen Jackson co-chair governor-appointed Va. security commission

Virginia Governor Terry McAuliffe named members of the Virginia Cyber Security Commission on Friday, which was formed to improve cyber security in the state.

NSA, privacy group, respond to cell phone recordings in Bahamas

NSA, privacy group, respond to cell phone recordings in Bahamas

The NSA, as well as the Electronic Frontier Foundation, has responded to an article that states the federal agency is recording all cell phone calls in the Bahamas.

Historic global cyber crime bust takes down 'BlackShades' users

Historic global cyber crime bust takes down 'BlackShades' users

An international effort involving law enforcement agencies in 17 different countries has led to nearly 100 arrests of BlackShades users.

NIST cryptography program under review by expert panel

A review into the institute's cryptographic standards and guidelines program by a panel experts assembled by the Visiting Committee on Advanced Technology.

FBI begins shopping around for malware

The federal agency posted an online listing saying it is looking to purchase malware from a commercial supplier and is now accepting applications.

Minnesota enacts first-ever "kill switch" law

The law takes effect on July 1, 2015, and would require all smartphones in the state to have a kill switch installed in case of theft.

Report: 76 percent of targeted Q1 attacks were aimed at government orgs

Report: 76 percent of targeted Q1 attacks were aimed at government orgs

According to Trend Micro, the public sector has remained a top target of cybercrime.

Privacy advocates rally against HMRC data-sharing plans

Last month, it was revealed that the U.K. tax agency was considering selling the anonymized, financial data of millions.

Australian OAIC to close, commissioner let go, due to budget cuts

The Office of the Australian Information Commissioner (OAIC) will shut down next year, after nearly five years, due to government budget cuts.

NIST standard puts security at start of critical systems development

NIST standard puts security at start of critical systems development

On Wednesday, NIST announced the developing standards, along with a public draft on the measures, which is now open to public comment.

DHS makes improvements, needs to do more, GAO chief says

DHS makes improvements, needs to do more, GAO chief says

Testifying before a House committee, the Comptroller General said the DHS remains on the high-risk list but is moving clear progress.

Columbia University, NY hospital to pay $4.8 million HIPAA fine

Columbia University, NY hospital to pay $4.8 million HIPAA fine

The agreement marks the largest HIPAA settlement to date.

In LabMD case, judge tells FTC to reveal data security standards

In LabMD case, judge tells FTC to reveal data security standards

The decision pertains to a case between FTC and LabMD, a company accused of violating data security standards after suffering a breach.

Apple updates guidelines for gov't, law enforcement data requests

Apple updates guidelines for gov't, law enforcement data requests

Apple schools law enforcement and government agencies in how to ask for data and says it will notify customers of the requests.

House committee passes bill to stop unbridled gov't access to phone data

House committee passes bill to stop unbridled gov't access to phone data

On Wednesday, the House Judiciary Committee unanimously approved the USA Freedom Act in a 32-0 vote.

SEC issues warning regarding Bitcoin investment

The agency has issued a lengthy warning to investors about the dangers of virtual currency, specifically Bitcoin.

Declassified documents show Australia's plans to employ cyber warfare

The Australian Defence Force plans to take advantage of cyber warfare as means of taking "offensive" actions against adversaries during military conflict.

House subcommittee to discuss cyber threats to electrical grid

The subcommittee will hold a hearing on Thursday on electromagnetic pulse (EMP) attacks.

Systems admin for Navy nuclear department faces hacking charge

Systems admin for Navy nuclear department faces hacking charge

A Virginia man has been charged with conspiring to hack the computer systems of over 30 public and private entities, including the U.S. Navy.

In Big Data report, White House calls for national breach reporting standard

In Big Data report, White House calls for national breach reporting standard

The White House released a report reviewing Big Data and privacy concerns, and a major recommendation was that national data breach legislation be passed.

Gov't officials search for new contractor to manage Healthcare.gov

The Obama administration is interested in giving the opportunity to a smaller private vendor.

Report: Attackers maintained long-term access in Australian Parliament breach

China-based actors may have maintained access for as long as a year, according to new reports.

Supreme Court to hear cases on police search of cell phone data

This Tuesday, two major cases are expected to go before the country's highest federal court.

Humana co. pays HHS $1.7 million after unencrypted laptop breach

A Texas-based company, Concentra, paid the HIPAA settlement stemming from a 2011 breach.

HMRC offers shaky explanation on plans to sell taxpayer data

The UK revenue agency is considering selling anonymized taxpayer data to third parties.

Brazilian president signs internet 'Bill of Rights' into law

Brazilian president signs internet 'Bill of Rights' into law

President Dilma Rousseff signed the legislation on Wednesday at the NetMundial conference in Sao Paulo.

'Unauthorized' media contact a fireable offense for U.S. intel employees

The new media policy states that U.S. intelligence employees who have "unauthorized" contact with the media could lose their jobs.

NIST eyes removing flawed Dual_EC_DRBG alogrithm from guidelines

NIST eyes removing flawed Dual_EC_DRBG alogrithm from guidelines

The National Institute of Standards and Technology is looking to remove the flawed Dual_EC_DRBG algorithm from its guidelines.

Bill would restrict Calif. retailers from storing certain payment data

The bill would ban businesses from storing sensitive payment data, for any long than required, even if it is encrypted.

Investors aim to 'save' bitcoin exchange Mt. Gox

After suffering a massive bitcoin theft, the exchange faces liquidation of its assets in Japan.

Federal watchdog says SEC security issues put financial data at risk

Federal watchdog says SEC security issues put financial data at risk

According to the U.S. Government Accountability Office (GAO), SEC, among other lapses, failed to adequately oversee a contractor, which migrated its financial system to a new data center.

Contempt order against Lavabit still stands, appeals court rules

Contempt order against Lavabit still stands, appeals court rules

A federal appeals court backed an earlier ruling penalizing the email service.

Researchers uncover critical flaws impacting satellite communications

Researchers uncover critical flaws impacting satellite communications

Critical security issues that leave satellite communications vulnerable to being intercepted, manipulated or blocked were detailed in a white paper.

German Aerospace Center discovers spy malware on network

The possibly foreign malware affected all computer systems and left little for investigators to work from because it was designed to self-destruct.

Pentagon to triple its security workforce by 2016

Pentagon to triple its security workforce by 2016

Defense Secretary Chuck Hagel recently announced the recruitment efforts during a speech in Fort Meade, Md.

New Wisconsin law restricts employer access to personal accounts

The law, Wis. Stat. Section 995.55, was enacted last week.

Sign up to our newsletters

POLL