Critical vulnerablilty discovered in industrial control product

The vulnerability was found in two programmable gateway devices often used by auto, food and manufacturing businesses in the United States. Meanwhile, a new study shows attacks against utility companies are growing.

NYPD detective charged with hiring hackers so he could spy on ex-girlfriend

Edwin Vargas, 42, was arrested on Tuesday for allegedly buying email login credentials and cracking fellow officers' email accounts.

Commission offers suggestions for stemming online spy threat from China

Commission offers suggestions for stemming online spy threat from China

The 100-page report mostly addresses alleged Chinese cyber espionage operations, and suggests it's time for U.S. government agencies and corporations to consider more proactive approaches, possibly including hack-backs.

Google hackers wanted to know which Chinese intel operatives were being watched

Attackers who raided Google in 2010 to learn information about Chinese human rights activists were also trying to gain insight on which Chinese intelligence agents were on the radar of U.S. authorities, according to a report.

Executive order, NIST initiatives may help electric providers get ahead of the threat

Executive order, NIST initiatives may help electric providers get ahead of the threat

While a major attack has yet to take place on the U.S. energy sector, now is the right time for these critical infrastructure providers to ready their defenses.

Privacy-bolstering "Apps Act" introduced in House

Privacy-bolstering "Apps Act" introduced in House

The bill would provide consumers nationwide with similar protections already enforced by a California law.

Hackers raid Washington state court system to steal 160,000 SSNs, 1M driver's license numbers

Hackers raid Washington state court system to steal 160,000 SSNs, 1M driver's license numbers

After the public website of the Washington state Administrative Office of the Courts was compromised in February, an investigation revealed the severity of the breach in April.

Microsoft offers temporary fix for live Internet Explorer exploit

The software giant is trying to put the brakes on a serious flaw that is being leveraged as part of possible espionage campaign against U.S. energy workers.

$20m to fund cyber strategies

Defence Minister Peter MacKay has committed $20 million to fund projects aimed at making Canada safer from cyber attacks.

Report due on business risks from cyber crime

Canadians are about to get their first comprehensive look at the extent of cyber crime on domestic business.

Canadian government gets serious about storage devices

More than 2,000 USB keys were replaced after a hard drive and key went missing.

Canadians savvy on privacy

Privacy concerns are driving Canadians away from smartphone apps and online services.

Report: Army database housing sensitive data on major U.S. dams breached

An intruder gained access to the U.S. Army Corps of Engineers' National Inventory of Dams (NID) in January, according to a spokesman for the military command.

2 minutes on: The rule of war

As nations engage with one another in shadowy conflicts taking place in the digital sphere, experts are questioning whether treaties and rules that were created for kinetic fighting apply to a new era of combat.

News briefs: Malware cripples South Korea, largest DDos ever, and more

News briefs: Malware cripples South Korea, largest DDos ever, and more

This month's news briefs cover recent headlining bits on the malware that struck South Korean companies, a new law requiring federal agencies to review IT equipment sourced from China, and more.

Trained pros should lead discovery

Trained pros should lead discovery

Employees lack the training to collect and preserve email and electronic evidence.

Executive order can provide boost

Executive order can provide boost

The rule may help leaders better understand the impact of cyber risks, says PwC's David Burg and Laurie Schive.

The great divide: Reforming the CFAA

The great divide: Reforming the CFAA

Aaron Swartz's death inspired Rep. Zoe Lofgren to want to reform the federal anti-hacking law, but some security pros worry this would sterilize a potent enforcement weapon, reports Dan Kaplan.

Controversial government program gives ISPs immunity from wiretapping laws

AT&T and CenturyLink were given legal immunity to turn over threat-related data on their networks to the government.

ACLU asks FTC for help forcing mobile carriers to patch bugs faster

The American Civil Liberties Union has filed a complaint with the Federal Trade Commission over several major carriers' alleged sluggish patching practices, a concern for enterprises as BYOD pervades the business world.

CISPA passes House amid continued concerns over inadequate privacy safeguards

CISPA passes House amid continued concerns over inadequate privacy safeguards

In a bipartisan victory for a measure that would formalize threat intelligence sharing, the U.S. House passed the bill in a 288-to-127 vote, drawing more Democrats than when a version was approved last year. CISPA now moves to the Senate.

Obama proposes $800m cyber budget increase for Pentagon

Obama proposes $800m cyber budget increase for Pentagon

The president recommended that $4.7 billion be allocated to the Pentagon for cyber initiatives in the fiscal year beginning Oct.1. That includes earmarks for offensive missions.

CISPA moves forward, but rejected amendments frustrate privacy advocates

CISPA moves forward, but rejected amendments frustrate privacy advocates

The amendments to the threat intelligence sharing bill would have tightened controls around the corporate release of personally identifiable information to three-letter agencies, including the NSA.

White House says new Chinese IT equipment rule may disrupt business without helping security

White House says new Chinese IT equipment rule may disrupt business without helping security

Several U.S. trade groups also have objected to the provision, part of a recently passed appropriations bill, which bars certain federal agencies from buying IT tech gear produced by Chinese government-related companies.

"Right to Know" bill proposes more transparency for California data collectors

"Right to Know" bill proposes more transparency for California data collectors

The state, no stranger to pioneering data security and privacy legislation, is at it again with a proposed measure that would force companies to be transparent about with whom they are sharing customer information.

China unhappy with new U.S. requirement that its IT gear must face review

The rule, part of a general appropriations bill signed by President Obama last week, comes following growing evidence of China's organized cyber espionage operations.

Debate: China is the top cyber threat to the United States

In this month's debate, two experts discuss whether or not China is the top cyber threat to the United States.

News briefs: Mandiant uncovers espionage, Evernote is breached, and more

News briefs: Mandiant uncovers espionage, Evernote is breached, and more

This month's news briefs includes recent news on Mandiant uncovering China's cyber espionage efforts, security firm Bit9's breach, and the Obama administrations latest efforts on combating the theft of trade secrets.

Cyber war, this is not

Cyber war, this is not

Espionage and fraud in cyber is not an armed conflict, says SystemExpert's Jonathan Gossels.

Federal judge to weigh in on FBI's "stingray" cell phone surveillance

In a matter of weeks, an Arizona federal judge is expected to decide whether the FBI illegally caught an accused fraudster.

IRS warns phishing attacks are among "dirty dozen" tax scams

IRS warns phishing attacks are among "dirty dozen" tax scams

Phishing attacks were among the top 12 schemes hatched by tax season scammers.

New U.S. law says government agencies will need OK before buying Chinese IT equipment

According to the legislation, the review process will quell cyber espionage threats from China.

Draft of cyber bill exacerbates flaws of anti-hacking law

Draft of cyber bill exacerbates flaws of anti-hacking law

The bill draft, which is in a preliminary stage, included harsher penalties for Computer Fraud and Abuse Act violations.

Lawmakers propose change to "outdated" email privacy law

Senators say current provisions of the Electronic Communications Privacy Act give law enforcement too many liberties when accessing the electronic communications of Americans.

DoD creating cyber "offensive" teams to strike back against foreign attackers

DoD creating cyber "offensive" teams to strike back against foreign attackers

Cyber Command Chief Gen. Keith Alexander is now assembling 13 teams of IT experts for this purpose.

Bill C-30 falls owing to expense and privacy concerns

After intense opposition from the public, the Canadian government pledged to not introduce additional legislation to monitor online activity.

Critical infrastructure a weak point, says Canadian official

The Canadian government should to make it mandatory for utility companies and others to tighten security, a former official told a security conference.

China-telco partnership fears unwarranted, says Ontario official

The nascent partnership between a Chinese development group and an entrepreneurial hub funded by three levels of Canadian government has raised concerns from an outspoken former security adviser to Nortel Networks.

We're not in Kansas anymore!

For those of us who have been pursuing an effective public-private threat sharing mechanism, there's hope that maybe this time a program will be developed that effectively accomplishes this task.

MiniDuke espionage ring began earlier than first reports suggest

Attackers behind the MiniDuke spy campaign have targeted government entities and other organizations around the world since at least 2011.

Just get on with it already

Offering up more general guidelines to strengthen the country's critical infrastructure security - as in the president's recent executive order - is all well and good, but without any meaningful and enforceable requirements then, really, what's the point?

The influence of overseas reforms

The European Union is close to implementing an information protection law that will homogenize the responsibility of all of its 27 member states, which could have a ripple effect in the U.S.

Debate: The FTC should have the right to penalize companies for poor data security/privacy practices.

This month's featured debate informs whether the FTC should have the right to penalize companies for poor data security/privacy practices.

Losing control: Critical infrastructure

Losing control: Critical infrastructure

Industrial control systems remain troublingly vulnerable to both internal error and outside intruders, reports Danielle Walker.

RSA 2013: Despite challenges, security has persevered

Microsoft's Scott Charney isn't ready to wave the white flag of surrender. In fact, he believes the security profession has done an admirable job, and there's reason to be confident that the future is bright.

FTC whips HTC over poor software coding, developer training and researcher outreach

The consumer protection agency said vulnerabilities and the "insecure implementation" of diagnostic software propelled action against the American division of the mobile device maker for a number of security shortfalls.

Malware once used exclusively for bank fraud is finding a new mission

Cyber criminals are repurposing data-stealing trojans, once used primarily to steal banking information, to collect intellectual property, which can be sold for a higher price tag, according to a McAfee study.

U.S. may rely on trade sanctions, fines to curb foreign cyber spy threat

U.S. may rely on trade sanctions, fines to curb foreign cyber spy threat

The news comes after a detailed report emerged that U.S. firms were the target of Chinese government-backed espionage operations.

Following cyber order from Obama, CISPA is back

Following cyber order from Obama, CISPA is back

Lawmakers have begun debate on the controversial threat information-sharing bill known as CISPA, which would complement the president's cyber security executive order. But it has a host of privacy objections to clear first.

Internal site hacked, Federal Reserve confirms

On Sunday, Anonymous said it hacked the Fed, before exposing the data of 4,000 bankers. Now, it appears the claims are true.

CRA gets flack for Netfile changes

The Canada Revenue Agency (CRA) has unnerved privacy experts with a change to its electronic tax-filing policy: It has removed several authentication requirements for electronic filers.

HRSDC loses 583,000 personal data of Canadians

Human Resources and Skills Development Canada (HRSDC), a department of the Government of Canada, was reeling last month after the personal data of 583,000 Canadians was lost on a portable hard drive.

Energy Department latest to be struck by skilled hackers

Several hundred employees and contractors at the U.S. Department of Energy were compromised in the breach, though reportedly no classified information was accessed by hackers.

Following breaches, Utah Senate passes data protection law

Sen. Stuart Reid (R-Utah) began drafting the bill last year, following a massive breach in the state of nearly 800,000 Medicaid records.

A new cottage industry: Cyber security lobbying

A new cottage industry: Cyber security lobbying

Over the next two years, cyber security will join the shortlist of hot-button agenda items set for debate and discussion in Congress.

Sharing is caring: Take advantage of ISAC

Sharing is caring: Take advantage of ISAC

Security pros should be less secretive, says New York City CISO Dan Srebnick.

Battle lines drawn: Nation-state threats

Battle lines drawn: Nation-state threats

The United States has established itself as a major force in a new era of combat, but what repercussions do state-sponsored actions in cyber space have on all of us?

Pentagon Cyber Command plans significant growth

The rise in Department of Defense ranks, from around 900 to 4,000 military and civilian personnel, comes in the face of a growing digital threat. But is there a deeper reasoning behind the expansion?

DARPA seeking to grow DoD cyber defense

The "Cyber Targeted-Attack Analyzer" program would examine data sources across DoD's entire network to aid in threat detection.

Two security firms disclose "Red October" details

Researchers said that domain names associated with the attack infrastructure were shut down soon after the spy campaign came to light.

Florida juvenile agency loses device containing data of 100k

The Florida Department of Juvenile Justice said the device was neither encrypted, nor password protected.

"Red October" spy campaign uncovered, rivals Flame virus

Researchers at Kaspersky believe the Red October campaign, which is spreading a data-sucking trojan known as Rocra, dates back at least five years, and is still ongoing.

Stoking cyber fears is a useful tool in Iran war cheerleading

The cozy relationship between national security reporting and the United States government was back on full display Wednesday with a story from the New York Times, headlined "Bank hacking was the work of Iranians, officials say."

John McAfee says he led cyber spy ops in Belize

The namesake of security company McAfee, who returned to the U.S. less than a month ago, now claims he used cyber espionage tactics to uncover corruption among the power players of Belize.

Feds step up HIPAA enforcement with hospice settlement

The Hospice of North Idaho will pay $50,000 to the U.S. Department of Health and Human Services following a breach that affected 441 patients -- an indication that the agency is not letting even small incidents slide.

Legislation: Friend or foe?

Legislation: Friend or foe?

The proposed Cyber Intelligence Sharing and Protection Act (CISPA) is galvanizing government and industry over whether we need federally mandated security legislation and what it should look like.

Risky business: Marriage of compliance & security

Risky business: Marriage of compliance & security

Compliance brings with it the stigma of cost, complexity and confusion, but viewing it from a risk point-of-view may help make it more tolerable.

Obama may issue cyber security order in early January

White House sources believe President Obama will hold off until the new year to take action on a federal cyber security initiative.

Gaping holes discovered in global GPS

Researchers have discovered vulnerabilities in Global Positioning Systems that could cripple the infrastructure critical to military navigation.

S.C. inspector general calls for statewide security program

Following a breach that resulted in the exposure of millions of Social Security numbers, South Carolina's inspector general wants the state to adopt a more centralized approach to information security.

The classic fairy tale gone cyber

The classic fairy tale gone cyber

From stealthy to blatant tactics, 2012 has seen them all.

Cyber laws may need tweaking

Cyber laws may need tweaking

2013 may be the year that U.S. companies strike back at their cyber adversaries, says Taia Global's Jeffrey Carr.

Debate: Comprehensive cyber security legislation will happen in 2013

Comprehensive cyber security legislation (or a presidential executive order) will happen in 2013.

Obama issues insider threat guidance for gov't agencies

A new memo from President Obama announces minimum standards for insider threat programs implemented by federal agencies.

US, Canada announce cross-border action plan

Public Safety Canada and the U.S. Department of Homeland Security launched an action plan last month to back up a February 2011 border security partnership.

Canada throws money at cybersecurity shortcomings

The Canadian government has unlocked $155 million in funding to bolster cyber security, just as the Auditor General issued a negative report.

In latest filing, FTC stands by Wyndham security complaint

Wyndham's request that an FTC security complaint be dismissed, was met with a follow-up response from the commission.

South Carolina tax breach also affects 657k businesses

As the probe deepens into the massive hack of the South Carolina Department of Revenue, forensic investigators have concluded that as many as 657,000 businesses may also have been impacted.

EMC, RSA buy online fraud technology maker

EMC has acquired Menlo Park, Calif.-based online fraud detection provider Silver Tail Systems. Silver Tail, which offers "real-time web session and behavioral analysis" for banking, e-commerce and government customers, will operate as part of RSA, EMC's security division.

Redirect flaw on .gov sites leaves open door for phishers

An "open-redirect" vulnerability has allowed scammers to phish several thousand people using shortened links to legitimate government websites.

Canada stays silent on national exemption scope

Canada is not saying whether it will block Chinese firm Huawei from bidding on a secure communications network, after imposing a national security exemption on contract tenders

BC Health Ministry admits to data sharing scandal

The provincial government of British Columbia has fired four employees and suspended three others after allegations that health data was shared inappropriately.

New phishing tactic: Infect sites and wait for catch

Researchers believe watering hole strategies, where attackers compromise sites visited by their targets, are used to steal personal information and set the stage for spear phishing attacks.

A public cloud conundrum

A public cloud conundrum

We must resolve issues around data sovereignty, says Capgemini's Joe Coyle.

Wyndham resorts to laughable litigation

Wyndham resorts to laughable litigation

Isn't Wyndham Hotels and Resorts culpable for failing to enlist industry standards and implement security practices and tools to protect customer accounts?

Massachusetts hospital to pay HIPAA fine

Massachusetts Eye and Ear Infirmary and Massachusetts Eye and Ear Associates have agreed to pay $1.5 million to settle potential HIPAA violations.

14 charged in stolen ID tax fraud

A 14-member gang alleged to have used stolen identities in a tax refund scheme have been charged in five criminal complaints with conspiracy to defraud the United States and other counts of theft of government property.

Severe fine imposed for sharing 24 music files

A Minnesota woman accused of distributing music via the Kazaa file-sharing site has been fined $222,000 in the first music copyright infringement case to reach a jury.

Spies recruiting hackers: Gen. Keith Alexander at DefCon

Spies recruiting hackers: Gen. Keith Alexander at DefCon

The head of the NSA, the entity many consider to be the prime culprit in the "surveillance state," sought to persuade the crowd at the annual DefCon hacker gathering to enter government service.

Why can't we be friends? A look at convergence

Why can't we be friends? A look at convergence

The ability to marry physical and logical security controls is maturing, which means companies can find efficiency wins, while in the process lowering their risk profile.

Big egos block important cyber bill

Big egos block important cyber bill

President Obama now is considering an executive order to breathe some life back into the Cyber Security Act of 2012 with the goal in mind to protect the country's critical infrastructure.

Canada's spy chief champions internet surveillance

The head of the Canadian Security Intelligence Service (CSIS) offered the agency's assistance to Public Safety Minister Vic Toews to make the government's controversial internet surveillance bill more palatable.

Federal government erects "cyber perimeter"

The Canadian government enacted a national security exception to bar foreign IT companies from bidding on the construction of its new telecommunications system.

Hackers breach Environment Protection Agency database

Thousands of U.S. Environmental Protection Agency employees had their personal information exposed through a database breach.

White House reportedly considers cyber executive order

Although it appeared as if another year would go by without any action on cyber security legislation, President Obama may turn to an executive order to implement new policy.

Cyber security bill struck down in Senate, likely dead

Senate Republicans on Thursday defeated a bill that would have asked critical infrastructure operators to meet voluntary cyber security standards. Some Democrats also disagreed with the measure, saying it didn't go far enough to protect privacy.

Infrastructure wake up call

Infrastructure wake up call

The increasing connectedness of infrastructure increases the cascading effect an attack can have on other infrastructure sectors and capabilities.

New partnerships required

New partnerships required

Only through collaboration can government and the private sector thwart cyber attacks, says Raymond Choo.

First: Define critical infrastructure

First: Define critical infrastructure

Consensus needs to be developed around how critical infrastructure is defined, says Mark Clancy, managing director and CISO for The Depository Trust & Clearing Corp.

Full Senate begins consideration of cyber security legislation

Sensing that the now-revised Cybersecurity Act of 2012 has a chance at passing in the Senate, a number of senators are rushing to include amendments, which includes added privacy provisions and a federal breach notification clause.

POLL