Cavoukian slams Supreme Court

February 08, 2012

Ann Cavoukian, Ontario's information and privacy commissioner, slammed the Canadian legal system in her opening speech at a symposium on surveillance and privacy late last month.
 

SDA, McAfee mark Canada's card

February 08, 2012

Canada received a mediocre ranking in cyber security, according to a new report ranking countries on their security stance.
 

U.K. MPs bite the cyber bullet...

David Harley, ESET senior research fellow • February 02, 2012

The Science and Technology Committee seems to be taking malware and cyber crime seriously.
 

Palin hacker appeal rejected

February 02, 2012

David Kernell, who hacked into Sarah Palin's email account, has lost an appeal against his obstruction of justice charge.
 

Facebook sues Adscend Media for malware and spam

January 30, 2012

Facebook and the state of Washington have filed separate lawsuits against Adscend Media, alleging the company was responsible for spreading malware and for stealing personal information from Facebook users.
 

Anonymous shutters government, music industry sites

January 20, 2012

In a reprisal for the government's takedown of MegaUpload.com, the hacker group Anonymous has apparently shuttered recording and movie industry websites, as well as the U.S. Department of Justice.
 

Senators change sides on SOPA/PIPA issue

January 18, 2012

Several senators today abandoned their support of two highly controversial anti-web piracy bills making their way through Congress.
 

DoD ID cards under attack

January 18, 2012

The ID cards that every DoD employee uses to access networks across the entire bureau have fallen victim to malware.
 

Canadian government officials downloading illegal content

January 10, 2012

Representatives from the Pirate Party of Canada highlighted the irony of Canadian government officials using file-sharing sites to infringe on copyright.
 

Canadian privacy challenge exposes double standard

January 10, 2012

Canadian lawyers may have opened a legal can of worms by requesting the public release of heavily censored photographs.
 

FTC settles with rewards company over security infractions

January 09, 2012

Upromise, which helps students save for college, failed to live up to its oath to protect users' security and privacy, and offer encryption.
 

Symantec: Hackers did steal code, but it's old

January 06, 2012

Symantec confirmed late Thursday that hackers did in fact compromise a portion of its source code, but the stolen code is related to two enterprise security products that have been discontinued.
 

Bumper crop: Cyber security legislation

January 03, 2012

Data security measures have a long, storied history of meeting their demise on Capitol Hill. But two proposals have the bipartisan support that give them at least a shot at passage in 2012.
 

Ascending the ladder, rung by rung: Data breach prevention

January 03, 2012

Nearly two-thirds of respondents to our fifth annual "Guarding Against a Data Breach" survey say their budgets related to IT security and data protection will remain the same this year.
 

FBI wraps up 2011 with 30 more cyber crime indictments

Stephen Cobb, security evangelist at ESET • December 30, 2011

Recent prosecuted cases tackle long-running internet-based scams
 

FTC to pay millions to consumers duped by scareware

December 16, 2011

The Federal Trade Commission (FTC) will partially recoup some 300,000 people who fell victim to a scam in which they purchased rogue anti-virus products to fix problems that didn't exist.
 

Yahoo wins $610M spam judgment

December 12, 2011

Digital media company Yahoo has ended a three-year legal battle against a team of spammers, winning a default judgment of $610 million.
 

Cyber crime aftermath: Beyond the indictment

Stephen Cobb, security evangelist at ESET December 09, 2011

The aftermath of a cyber crime takedown poses new challenges to law enforcement, like what to do about the victims' systems and data
 

MIT researchers suggest power grid security oversight

December 06, 2011

While a number of entities have a stake in maintaining the cyber security of the U.S. electric grid, no single organization is currently responsible for overseeing protection across all aspects of grid operations.
 

Cyberattacks up 50 percent in 2011

December 06, 2011

Publicly traded Canadian companies experienced 50 percent more cyberattacks in 2011 than in the previous year, study
 

Reintroduced law would give wide surveillance power over ISPs

December 06, 2011

The Harper government has announced plans to reintroduce the "lawful internet access" law, which could shutter Canada's small internet service providers.
 

Copyright issues at stake in court

December 06, 2011

The Supreme Court of Canada has heard arguments seeking to overturn a lower court ruling on so-called fair dealing of copyrighted material.
 

Bill to foster threat data sharing draws mixed reactions

December 01, 2011

The Cyber Intelligence Sharing and Protection Act of 2011 would give the federal government authority to share classified cyber threat information with the private sector.
 

A wild week in cybercrime

Stephen Cobb, security evangelist at ESET • November 22, 2011

New attempts to crack down on cybercrime take different paths, from racketing laws to stiffer penalties, while a curve ball called SOPA seeks to mess with DNS.
 

Anonymous calls for protests of piracy bill

November 21, 2011

The Anonymous hacking collective on Sunday called for a "worldwide internet and physical protest" against a controversial bill making its way through Capitol Hill called the Stop Online Piracy Act.
 

Romanian hacker accused of breaking into NASA server

November 17, 2011

Robert Butyka was detained Tuesday in Cluj Napoca, Romania's fourth most populated city.
 

Canadian internet users wary of security and privacy, report

November 15, 2011

A survey by the Canadian Internet Registration Authority (CIRA) found reservations about internet use
 

Alarm raised months before fed breach discovered

November 15, 2011

The Canadian Security Intelligence Service (CSIS) sounded an alert at least two months before a massive internet intrusion was spotted at the Treasury Board of Canada.
 

GAO again slams IRS over security weaknesses

November 14, 2011

Despite repeated warnings from the GAO, the IRS has not done much to improve its security posture, and the tax collector was chastised in yet another federal audit.
 

Man charged with hacking Hoboken, N.J. mayor's email

November 10, 2011

Patrick Ricciardi, 45, allegedly abused his access as an information systems specialist to spy on official emails meant for Hoboken, N.J. Mayor Dawn Zimmer.
 

FBI arrests six in click-fraud cyber scam that netted $14M

November 09, 2011

A gang of Estonians is accused of infecting millions of computers, many in the United States, with DNS-changing trojans capable of manipulating the online advertising industry through clickjacking.
 

Part Two: Duqu: father, son, or unholy ghost of Stuxnet?

Jeremy Sparks, Robert M. Lee, and Paul Brandau, cyberspace officers November 09, 2011

Three U.S. Air Force information security experts, independent of their role in the military, studied the Duqu trojan, and you might be surprised by what they found. This is the second article in a two-part series that examines the sophisticated threat that everyone is talking about.
 

Adversaries, allies stealing U.S. trade secrets

November 07, 2011

China and Russia were called out in a report as the world's most prolific perpetrators of economic espionage against the U.S.
 

U.S. and EU partner for security response exercise

November 04, 2011

"Cyber Atlantic 2011" aimed to clarify how the two nations can best communicate about cyber incidents that occur on government systems or critical infrastructure.
 

Duqu: father, son, or unholy ghost of Stuxnet?

Jeremy Sparks, Robert M. Lee, and Paul Brandau, cyberspace officers November 02, 2011

Three U.S. Air Force information security experts, independent of their role in the military, studied the Duqu trojan, and you might be surprised by what they found. This is the first article in a two-part series that examines the sophisticated threat that everyone is talking about.
 

Feedback due on gov't proposal around botnet notification

November 01, 2011

Friday is the deadline for public comments regarding a government proposal to create a model by which internet service providers voluntarily alert consumers if their computers are part of a botnet.
 

China disputes claim hackers breached U.S. satellites

October 31, 2011

China is denying a U.S. congressional committee's claim that hackers interfered with two government satellites.
 

Australian gov't wins U.S. security award from SANS

Darren Pauli, editor, SC Magazine, Australia/New Zealand October 27, 2011

An Australian government agency that instituted patching, whitelisting and account control as the foundation of its targeted attack defense took home a U.S. award from the SANS Institute.
 

Disgraced bike champ accused of cybercrime

October 26, 2011

Cyclist Floyd Landis, who was stripped of his Tour de France medal in 2006 following positive doping results, now faces arrest in France for his alleged involvement in planting a trojan on the computer network of the French national anti-doping laboratory (LNDD), which conducted the test. According to reports, French prosecutors said Landis and Arnie Baker, his coach at the time, employed a hacker at Kargus Consultants to plant the trojan in an attempt to steal documents from the lab for an appeals process they were pursuing. Kargus has also been suspected of breaking into Greenpeace and French utility company EDF. Prosecutors said Landis should serve an 18-month suspended prison sentence for his part in the alleged scheme.
 

Personal data of nine million Israelis posted online

October 26, 2011

Details emerged this week of an Israeli government contract worker believed to be behind a massive information theft case, in which the personal data of millions of Israeli citizens' was stolen and subsequently posted online in a searchable database.
 

U.S. Naval Academy: First to teach cybersecurity as requirement

Cameron Camp, researcher for ESET • October 26, 2011

New courses in cybersecurity are being rolled out to foster the next generation of cyber warriors to defend the U.S.
 

Recent attacks cost Energy Department at least $2M

October 25, 2011

The attacks, which occurred at four department locations, were not described in detail, but were deemed "successful" for adversaries, according to the annual audit.
 

NERC CSO departs for newly created DHS role

October 20, 2011

Mark Weatherford, former CSO of the North American Electric Reliability Corp. (NERC), has been appointed to a newly created position at the U.S. Department of Homeland Security. Serving as deputy under secretary for cybersecurity within the National Protection and Programs Directorate (NPPD), the DHS component charged with reducing risk, Weatherford will focus on ensuring strong cybersecurity operations and communications for the department. He is expected to start in mid-November. Prior to his role at NERC, Weatherford was CISO of the state of California. A former naval cryptologic officer, Weatherford also previously led the Navy's computer network defense operations.
 

U.S. may have had inside knowledge of Libya radar bugs

October 18, 2011

News that the U.S. was considering a cyberattack to disable Libya's radar system may indicate knowledge of the same flaws Israel is believed to have used against Syria in 2007.
 

Defense Department facing $4.9B lawsuit over breach

October 17, 2011

A suit contends that the defendants failed to properly encrypt data, then "intentionally, willfully and recklessly" allowed an untrained individual to access the information.
 

SEC updates disclosure rules to include breaches

October 14, 2011

Public companies now must disclose known or potential cyber incidents if they would make investment in the company "speculative or risky," according to a document.
 

Air Force downplays drone malware infection

October 13, 2011

A U.S. military spokeswoman said a "credential stealer," not a keylogger, was responsible, and that no missions were impacted.
 

Canada toes the line on copyright reform

October 10, 2011

Canada has reintroduced controversial copyright measures in a new bill that will legally enable companies to stop Canadians copying digital products.
 

Canada launches cybersecurity awareness campaign

October 10, 2011

The Canadian government has launched a consumer IT security awareness campaign in a bid to help Canadians protect themselves.
 

White House order tackles insider threat post-WikiLeaks

October 07, 2011

The order follows a seven-month, government-wide review, prompted by the leak of classified U.S. documents by whistleblower site WikiLeaks.
 

Cybersecurity Awareness Month launched

October 07, 2011

The event was launched on Friday with a gathering in Ypsilanti, Mich., featuring Secretary of Homeland Security Janet Napolitano and White House Cybersecurity Coordinator Howard Schmidt.
 

Federal security incidents shoot up 650 percent

October 05, 2011

Agencies reported a total of 41,776 cybersecurity incidents, compared to just 5,503 in 2006, according to a new GAO report.
 

The art of cyberwar

David Harley, ESET senior research fellow • October 05, 2011

Sun Tzu to Clausewitz to Georgia and Iraq: first principles are still first principles.
 

Cutting the red tape: SC Roundtable

October 03, 2011

As agencies are forced to do more with less, government security pros at a recent SC Magazine Roundtable discussion said they are being challenged to fight emerging threats and secure new technologies.
 

Doing more with less inside government

September 29, 2011

Coming in October's issue of SC Magazine, Editor-in-Chief Illena Armstrong chronicles her discussion with a number of high-level government security executives who joined her late last year at a roundtable. The participants discussed a number of challenges they face, and these are some images of the conversation.
 

FTC settles with SMS marketer over spam allegations

September 29, 2011

A California man is barred from delivering unsolicited text messages after he sent "a mind-boggling" amount for many months, under a settlement with the Federal Trade Commission.
 

Lost backup tapes affect 4.9 million current, former military

September 29, 2011

One of the largest breaches of the year has struck a military health benefits firm and a major defense contractor, and the data wasn't encrypted because a compliant solution wasn't available.
 

DHS, Commerce pushing for voluntary botnet notification

September 23, 2011

The U.S. Commerce and Homeland Security departments are seeking public feedback on a recommended program by which internet service providers would "voluntarily and timely detect and notify end-users that their machines have been infected," a move designed help eradicate botnets. According to a notice posted this week in the Federal Register, the agencies are weighing how such an approach would be implemented, for example, incentives may be offered to service providers that participate, and who would be responsible for running the program - industry, the public sector or a partnership between both. Public comments, which must be received by Nov. 4, are expected to examine a number of areas, including the privacy implications of such an approach.
 

National breach notification bill passes hurdle

September 23, 2011

Three separate national breach notification bills making their way through the Senate came a step closer to being enacted into law on Thursday. The bills are intended to bolster privacy protections, and would supersede 46 state laws while nationalizing breach notification provisions. However, passage is a ways off, as Senate Republicans have raised objections, claiming the bills would burden businesses with further regulations. The Personal Data Privacy and Security Act, the Data Breach Notification Act, and the Personal Data Protection and Breach Accountability Act all passed the Senate Judiciary Committee with a 10-8 vote, split along party lines.
 

Sponsored video: Chris Wilkinson of immixGroup on public sector defense

September 22, 2011

Illena Armstrong, editor-in-chief of SC Magazine, asks Chris Wilkinson, senior manager of cyber security technologies at immixGroup, to describe how government agencies must adapt their defense strategies in light of today's threat landscape.
 

New cybersecurity alliance launches in Massachusetts

September 22, 2011

The Advanced Cyber Security Center will partner businesses and research universities to share threat information and develop more effective defense strategies.
 

FTC to examine implications of facial biometrics

September 21, 2011

The Federal Trade Commission in December plans to hold a workshop to investigate the privacy and security implications of facial recognition technology. The agency announced this week that the workshop, which is free and open to the public, seeks to bring together consumer protection groups, privacy experts, and industry and academic leaders. The meeting is expected to address such topics as whether consumers should consent to the collection and use of their images. Facial recognition products can provide an added security layer at places like airports or automate photo tagging on sites such as Facebook, but critics worry they also could be used for intrusive surveillance. As a result, offerings have emerged that can help people hide their faces from the technology.
 

FISMA compliance to require monthly reports

September 19, 2011

Beginning in October, federal agencies will be required to report on their information security posture on a monthly basis, instead of annually.
 

Scammer of military site sentenced

September 16, 2011

Stealing data from military rosters posted on peer-to-peer (P2P) servers has led to a six-year sentence in federal prison for a California man, according to reports. Gathering personally identifiable information on 16,000 military members from an account belonging to the U.S. Army and Air Force Exchange Services (AAFES), Rene Quimby, 42, parlayed the data and used social engineering tactics to obtain further information from the site's support staff. He then used the credentials to order merchandise from an online store, which he then sold for profit. A judge also ordered him to pay $210,000 to the AAFES.
 

Hacker "soldier" steals $3.2 million from U.S. companies

September 15, 2011

Researchers at Trend Micro say they have been hot on the tracks of a corporate hacker, and now they are turning over their findings to U.S. law enforcement.
 

Online ID thief sentenced to 14 years

September 12, 2011

A man who pleaded guilty to wire fraud and identity theft charges received a 14-year prison sentence.
 

Shared border vision agreement nearing completion, say sources

September 12, 2011

Talks on the unified border agreement between Canada and the United States first unveiled in February are complete.
 

9/11 to 9/11/11

David Harley, ESET senior research fellow • September 12, 2011

Man, myth and the media in the internet age.
 

Former DHS official tapped to lead security at Sony

September 06, 2011

Much-maligned Sony announced Tuesday that it has hired a former U.S. cybersecurity official to serve as its first-ever chief information security officer. Philip Reitinger, 49, the former director of the National Cybersecurity Center at the U.S. Department of Homeland Security since June 2009, who tendered his resignation in May, will be tasked with assuring the protection of the multibillion dollar company's assets and services. It's been a tough year for Sony, which has experienced multiple breaches, most notably the compromise of its PlayStation Network and Qriocity services, which resulted in the exposure of the personal details of tens of millions of users. Reitinger has been in the private sector before, where he held the role of security strategist at Microsoft.
 

California blazes trail again with enhanced breach alert law

September 01, 2011

After being vetoed twice by the prior administration, a bill that updates California's pioneering data breach notification law was signed into law Wednesday by Gov. Jerry Brown.
 

Breaking the next case

September 01, 2011

Today's flurry of cybercrimes rely on an array of motivations, techniques and technologies, making the job of an investigator to track down the offender that much more difficult.
 

Broader online voting proposed in Canada

August 26, 2011

Canada's federal election on May 2 tipped the balance in favor of Prime Minister Stephen Harper's Conservatives - giving them their first majority after four tries - but did it also swing things in support of online voting?
 

Canadians raise alarms over government powers

August 26, 2011

As the 10th anniversary of the 9/11 terrorist attacks approaches, a number of Canadians are voicing their concerns about Prime Minister Stephen Harper's plan to give law enforcement agencies sweeping new powers.
 

Recruiting and developing the 21st century cyber warrior

Catherine Nicholas, manager, PwC's Public Sector practice August 23, 2011

Recruiting skilled cybersecurity personnel is a major U.S. military priority, but plucking the best and brightest to join the ranks will require a unique approach.
 

AntiSec hackers target another military contractor

August 19, 2011

In another swipe at the FBI, AntiSec hacktivists posted private data from defense contractor Vanguard Defense Industries.
 

Keys to the city: Richmond, Va. and PacketSentry

August 18, 2011

The city of Richmond, Va. found a solution to help prevent trojans from entering the gates, reports Greg Masters.
 

Attacks on BART continue as police records dumped

August 17, 2011

Revenge-seeking hackers have again struck at Bay Area Rapid Transit (BART), this time infiltrating the agency's police association website to steal the personal information belonging to 102 officers.
 

Fact, fiction and authoring malware

David Harley, ESET senior research fellow • August 15, 2011

If it isn't maliciously intended, can it be malware?
 

Social media and political certainties

David Harley, ESET senior research fellow • August 15, 2011

Blanket censorship of social media in the UK might be unlikely, but targeted blocking based on legal interception isn't out of the question.
 

Canadian air security inadequate, says secret report

August 05, 2011

Transport Canada has warned of inadequate security at Canada's airports in a recent review.
 

Spy agency gathering information on Canadian citizens

August 05, 2011

Canada's ultra-secretive spy agency is using information about its own citizens for foreign intelligence, according to a report issued by a Government watchdog.
 

Black Hat: New DARPA program to fund independent hackers

August 04, 2011

The DoD's Cyber Fast Track initiative will fund small hacker groups and independent researchers in the development of cutting-edge solutions that can be created in short intervals for a low cost.
 

Report: NSA to recruit from DEFCON attendee pool

August 02, 2011

Hackers attending the annual DEFCON show in Las Vegas this weekend won't just have the opportunity to see stimulating presentations and network with peers - they also may be able to score a government job. According to a report in Reuters, the National Security Agency will be at the $150-cash-only event, recruiting some of the brightest computer security minds to join the U.S. government as "cyber warriors." The NSA is looking to hire 3,000 people over the next two fiscal years for roles in cyber offense and defense. But this isn't the first time U.S. government agencies have been at DEFCON to recruit potential employees. In fact, the show's founder, Jeff Moss, is also a member of the Department of Homeland Security (DHS) Advisory Council. On the flip side, federal authorities also have made arrests at the show.
 

Benefits of DIY risk assessment

Kris Rowley, CISO of the state of Vermont August 01, 2011

Enterprises can achieve ROI by doing an in-house risk assessment, says Kris Rowley, CISO of the state of Vermont.
 

Debate: Increased penalties for violations of the Computer Fraud and Abuse Act should be enacted into law.

August 01, 2011

Debate: Increased penalties for violations of the Computer Fraud and Abuse Act should be enacted into law.
 

Thousands of Ontario cancer test results may be lost in the mail

July 26, 2011

Records containing the personal health information of thousands of Ontario citizens who participated in the province's colon cancer screening program may have gone missing.
 

Director of US-CERT resigns without explanation

July 26, 2011

Randy Vickers has stepped down as head of US-CERT, making him yet another high-ranking DHS cyber official to resign from a post.
 

Senate hearing set to update anti-hacking law

July 25, 2011

The U.S. Senate Judiciary Committee next week plans to hold a hearing focused on updating the Computer Fraud and Abuse Act (CFAA), a national anti-hacking law first enacted in 1984 that makes it illegal to access government or financial institution computers without authorization. A White House cybersecurity legislative plan to Congress, released in May, proposed broadening the scope of CFAA and increase penalties under the statute. Witnesses for the hearing are scheduled to include James Baker, associate deputy attorney general for the U.S. Department of Justice, and Pablo Martinez, deputy special agent in charge of the Criminal Investigative Division of the U.S. Secret Service. The hearing is planned for 10 a.m. on Aug. 3 and can be viewed online.
 

Anonymous, LulzSec flex muscles after FBI takedowns

July 21, 2011

Despite arrests earlier this week, two hacking groups said they are in possession of multiple gigabytes of sensitive information belonging to NATO and two Rupert Murdoch-owned newspapers.
 

FBI probes possible Murdoch phone hacking in U.S.

July 18, 2011

A security and privacy expert explains how cracking voicemails takes little skill.
 

Defense Department releases cyber operation strategy

July 14, 2011

Cyberspace is the fifth domain for U.S. Department of Defense activities, the agency said in its first-ever strategy for cyberspace operations, released Thursday.
 

Frisky Canadian government employees surf porn, personals at work

July 12, 2011

An industry Canada employee may have infected his computer with dangerous malware by looking at porn sites, according to an investigative report.
 

Canadian intelligence warns of growing cyber-threat

July 12, 2011

The Canadian intelligence service has singled out cyber attacks as one of the biggest threats facing Canada in its latest annual report.
 

Anonymous hacks Booz Allen Hamilton to leak info on 90K

July 11, 2011

The Anonymous hacking collective on Monday released tens of thousands of military credentials, in addition to details on alleged questionable business practices at consulting firm Booz Allen Hamilton.
 

Newspaper hacks hacking? Not exactly

David Harley, ESET senior research fellow • July 11, 2011

A newspaper's unauthorized access to voicemail has had wide and serious repercussions, but what does it mean to those of us who aren't celebrities?
 

WellPoint to pay $100,000 fine for breach

July 08, 2011

Indianapolis-based health insurer WellPoint will pay $100,000 to settle a data breach that exposed the personal information of 32,000 of its Indiana customers.
 

Morgan Stanley client data goes missing

July 08, 2011

The personal information of tens of thousands of Morgan Stanley Smith Barney investment clients has gone missing.
 

Colorado agency loses medical aid applicants' data

July 07, 2011

A computer disk containing the personal information of thousands of medical aid applications has gone missing from the Colorado Department of Health Care Policy and Financing.
 

CyberWar is Hell

David Harley, ESET senior research fellow • July 05, 2011

At any rate, it deserves to be taken seriously...
 

California state workers' data taken from state offices

July 01, 2011

The personal information of thousands of current and former California state employees was improperly copied to a hard drive and removed from state offices.
 
Powered by Disqus
Popular Topics
Analyst Reports & Industry Surveys Android Anonymous Breaches & Exposures Canada Data Breaches DNS Education Finance Government Hackers Hacktivism Health Care Lawbreakers & Cybercrime Lawsuit Legislation LulzSec Malware Mobile Applications Mobile Devices Patch Management PCI Compliance SC Awards 2012 Trojans Vulnerabilities & Flaws