Insider Threats News, Articles and Updates
An investigative report shows the Obama administration's insider threat program is far more expansive, and troubling, than even critics had thought.
While intellectual property theft at the hands of regular employees may not yield the provacative headlines as a Chinese military unit spreading APTs from an office in Shanghai, the former scenario is the more likely one.
The operating environment itself must be altered, says Verdasys' Dan Geer.
A U.S. Circuit Court of Appeals ruling has said employees who violate their organization's user policies do not violate the federal Computer Fraud and Abuse Act (CFAA).
A favorite whipping boy of the Government Accountability Office, the Internal Revenue Service has yet to clean up its security act, though improvements continue, according to a new audit.
Companies targeted by APT will need to upgrade their defenses strategy to include multiple, integrated layers of extremely sensitive anomaly detection and mitigation.
Details emerged this week of an Israeli government contract worker believed to be behind a massive information theft case, in which the personal data of millions of Israeli citizens' was stolen and subsequently posted online in a searchable database.
The order follows a seven-month, government-wide review, prompted by the leak of classified U.S. documents by whistleblower site WikiLeaks.
Breaches into protected health information (PHI) are on the rise, and staffers are responsible for more than a third of the intrusions, a new survey has found.
Jason Cornish, 37, of Smyrna, Ga., faces up to 10 years in prison and a $250,000 fine for breaking into the computer network of the U.S.-based subsidiary of a Japanese pharmaceutical company
UCLA Health System must pay $865,500 as part of a settlement with the U.S. Department of Health and Human Services (HHS) over complaints that employees snooped on the health records of two celebrities.
The personal information of thousands of current and former California state employees was improperly copied to a hard drive and removed from state offices.
A major U.S. energy supplier has found no evidence of breach despite claims by a former employee that he hacked into the company's New Mexico wind turbine facility as revenge for being fired.
A former network engineer at Gucci has been charged with hacking into the company's network, deleting data and shutting down servers and networks.
The U.S. government's ICS-CERT has issued alerts for four software products used to control hardware appliances at industrial facilities.
A former Dallas hospital guard was sentenced last week to nine years in federal prison for breaking into hospital computers, planting malicious software and planning a distributed-denial-of-service (DDoS) attack.
A software programmer charged with copying secret financial trading code from Goldman Sachs computers was sentenced Friday to eight years in prison. Sergey Aleynikov, 41, a naturalized U.S. citizen who emigrated from Russia, had resigned from his $400,000-a-year Goldman Sachs position in June 2009 to take a new job in Chicago. Before going, however, he uploaded code related to the firm's proprietary trading program from his workstation to a server in Germany and then downloaded it to his computers at home. Aleynikov was also ordered to pay a $12,500 fine and serve three years of supervised release following his sentence.
More than 20 years worth of personal and investigative Sheriff's Department records from Mesa County, Colo. were inadvertently posted online, where they remained for several months.
The financial crisis will have a lasting impact, but some organizations have found ways of doing more with less.
A former IT head in Virginia, upset about being fired, was sentenced Friday to two years and three months in prison for hacking into his former employer's website to delete files.
A Texas woman's 15-year prison sentence for stealing hospital patient information underscores a continued upswing in medical identity theft cases.
A federal jury in Baltimore has convicted a former Fannie Mae programmer of computer intrusion after he sought to destroy more than 4,000 company servers by planting a malicious script that was scheduled to activate roughly three months after he was fired. Rajendrasinh Makwana, 36, faces up to 10 years in prison for seeding a common application with "logic bomb" malware on Oct. 24, 2008, the day he was fired, the U.S. Department of Justice said last week in a news release. Five days later, a senior engineer discovered the disgruntled Makwana's actions, which were meant to destroy financial, securities and mortgage information. Makwana, who had pleaded innocent, is scheduled to be sentenced Dec. 8. — DK
The Canadian Revenue Agency (CRA) is investigating more than 1,000 high-value bank accounts in Switzerland, after a former employee stole the account data and handed it to investigators.
Is a sting merely legitimized social engineering? Why cops don't have to tell you they're cops - online or off.
IACS researcher says, Welcome to cyberwar
Should violations of corporate computer use policy be a federal crime, asks Charles Jeter, ESET cybercrime investigator.
The personal information of Delaware state retirees was included in a request for proposal that made its way onto the state's website for five days before it was discovered and removed.
A U.S. District Court judge in Kentucky this week granted final approval to settle a class-action lawsuit relating to a data breach that pinned millions of Countrywide Financial customers against the mortgage company. The agreement provides free credit monitoring for up to 17 million people whose personal data was exposed, according to reports. To be eligible, victims must have used Countrywide, now owned by Bank of America, before July 1, 2008. In addition, participants are eligible to receive up to $50,000 per incident of identity theft, though Countrywide representatives have denied that anyone fell victim to fraud. — DK
Call centers have real threats from insiders.
It is far too easy for an insider to gather personally identifiable information.
SC Magazine Articles
- Industry pros react to Cisco, Fortinet advisories after possible Snowden NSA leak
- The Shadow Brokers' NSA hack claim unlikely, say experts
- After the breach: Settlement expected for 50M Home Depot customers
- Don't get caught by the Pokemon Go ransomware
- WikiLeaks postings of Turkish emails included active links to malware
- Microsoft Office 365 hit with massive Cerber ransomware attack, report
- CEO sacked after aircraft company grounded by whaling attack
- Microsoft warns of new, self-propagating ransomware in the wild
- Wendy's POS breach 'considerably' bigger than first thought
- After NSA leaks, a renewed interest in vulnerability disclosure
- USAA members hit with multiple phishing attacks
- Saving money on security software by improving cyber posture, report
- Two-thirds of IT security pros surveyed expect a breach to hit their company, report
- Epic hack, thousands of salted logins stolen