Doug Olenick SC Media | Page 4 of 204

Doug Olenick

Online Editor

Most recent articles by Doug Olenick

How to craft a U.S. privacy law fit for a tech company

Facebook, Google, IBM, and Microsoft have all reportedly “aggressively lobbied” the current administration to start developing a federal privacy mandate. Recently, Cisco joined that chorus of tech giants (“Big Tech”) calling for stronger American privacy laws. Intel has gone a few steps further, drafting its own version of a U.S. privacy bill and opening an…

Part 5 – Cooperative cybersecurity protection for large-scale infrastructure

Developing your own infrastructure protection solution The era of governments protecting business and citizens from serious attacks, including from foreign adversaries, may have already passed – at least in the context of cybersecurity. That is, while it remains reasonable to expect government protect against physical attacks such as from bombs and missiles, as a general…

CyberRisk Alliance Acquires SC Media

New York, NY, August 5, 2019 — CyberRisk Alliance (“CRA”), a business intelligence company serving the cybersecurity and information risk management marketplace, has acquired SC Media, a digital information and event company serving cybersecurity executives and other business professionals, from Haymarket Media, Inc. SC Media, a venerable award-winning brand, provides critical content and a range of other information and marketing services to cybersecurity executives, business…

Cylance Protect AV vulnerability patched

Carnegie Mellon Software Engineering Institute’s CERT Coordination Center is issued patch for a recently disclosed vulnerability in Cylance Protect. The vulnerability note, VU#489481, said that prior to a July 21, 2019, update Protect contained flaws that allow an adversary to craft malicious files that the AV product would likely mistake for simply being benign files.…

LookBack malware targeting utility sector

Three U.S. firms in the utility sector were hit with a spear phishing campaign in mid-July with the emails containing a malicious Word document that can contain and can install the new remote access trojan LookBack. The Proofpoint Threat Insight Team’s initial take is the attack was the work of a nation-state sponsored actor based…

Part 4 – Cooperative cybersecurity protection for large-scale infrastructure

Building a collective platform Any commercial platform to support collective security operations must have certain functional attributes and operational capabilities to work properly in practice. In this section, we lay out the salient aspects of such a platform, trying to maintain some degree of generic design. Enterprise security teams considering use of a platform supporting…

Cisco pays $8.6 million to settle False Claims Act litigation

Eleven years after a whistleblower first reported to the government that Cisco had sold defective video surveillance software to federal and state agencies the company agreed to pay $8.6 million to settle the issue. This settlement is the first whistleblower case successfully litigated under the False Claims Act, which imposes liability on persons and companies…

malware

RIG, Fallout EKs used to deliver new SystemBC malware

Researchers have come across a new proxy malware program that’s being delivered by the RIG and Fallout exploit kits as part of a larger campaign to infect victims with malicious payloads such as the Danabot banking trojan. Proofpoint’s Threat Insight Team began to track the malware, called SystemBC, on June 4 when it was observed…

Software automates fake purchases on compromised credit cards

Two Deer Valley Resort restaurants hit with POS data breach

The Mariposa and the Royal Street Café in Deer Valley, Colo., are informing customers that their payment card information may have been compromised after an unauthorized party hacked the point-of-sale system of a resort operator that runs both restaurants. The two Deer Valley Resort restaurants discovered on May 17 that an unauthorized person had gained…

Part 3 – Cooperative cybersecurity protection for large-scale infrastructure

Cybersecurity analytics for large-scale protection Click here for part 2. Most modern security analytic methods and tools are best suited to larger infrastructure with large data sets. That is, it is unlikely that one would use real-time, telemetry-based monitoring with 24/7 coverage for a personal computer, unless that personal computer was connected to a larger…

Next post in Executive Insight