cyber

now browsing by tag

 
 

#nationalcybersecuritymonth | Interpol uncovers cyber crime operation in Indonesia

Source: National Cyber Security – Produced By Gregory Evans

An Interpol-coordinated cyber operation against a strain of malware targeting e-commerce websites has identified hundreds of compromised websites and led to the arrest of three individuals who were allegedly running the malicious campaign from Indonesia.

The malware, known as a JavaScript-sniffer, the online equivalent of a traditional card skimmer, targets online shopping websites. When a website is infected, the malware steals the customers’ payment card details and personal data such as names, addresses and phone numbers, sending the information to command and control (C2) servers controlled by the cyber criminals.

Dubbed Operation Night Fury, the operation was conducted with the support of cyber security firm Group-IB, which provided data on the reach of the malware that has infected websites in various locations, including in Indonesia, Australia, UK, US, Germany and Brazil. Group-IB also supported the investigation with digital forensics expertise to help identify the suspects.

The Interpol’s ASEAN Cyber Capability Desk has since disseminated cyber activity reports to the affected countries, highlighting the threat to support their national investigations. These include C2 servers and infected websites located in six countries in the Association of Southeast Asian Nations (ASEAN) region.

At the request of the Indonesian National Police, the Interpol provided technical and operational support that resulted in the arrest of three individuals suspected of commanding the C2 servers in the country.

The investigation revealed the suspects were using the stolen payment card details to purchase electronic good and other luxury items, then reselling them for a profit. They have been charged with the theft of electronic data, which carries up to a 10-year jail sentence in accordance with Indonesia’s criminal code.

“Strong and effective partnerships between police and the cyber security industry are essential to ensure law enforcement worldwide has access to the information they need to address the scale and complexity of today’s cyber threat landscape,” said Craig Jones, Interpol’s director of cyber crime.

“This successful operation is just one example of how law enforcement is adapting and applying new technologies to aid investigations, and ultimately reduce the global impact of cyber crime,” he added.

In Singapore, local authorities identified and took down two of the C2 servers. Investigations in other ASEAN countries are ongoing, with the Interpol continuing to support police in locating C2 servers and infected websites, and identifying the cyber criminals involved.

The perpetrators behind the latest attack involving the use of JavaScript-sniffers were not new to the world of cyber crime. To access servers that collected stolen data and control their malware, they used virtual private network (VPN) connections to hide their real location and identity. To pay for hosting services and buy new domains, they only used stolen cards, according to Group-IB.

“Thanks to the Indonesian police and Interpol’s prompt actions, Operation Night Fury became the first successful multi-jurisdictional operation against the operators of JavaScript-sniffers in the Asia-Pacific region,” said Vesta Matveeva, head of Group-IB’s cyber investigations team in the region.

“It is a great example of coordinated cross-border anti-cyber crime effort, and we are proud that our threat intelligence and digital forensics expertise helped to establish the suspects. We hope this will set a precedent for law enforcement in other jurisdiction too,” she added.

In a separate incident that took place under a year ago, the payment card information belonging to thousands of customers of Singapore banks was believed to have been compromised by a JavaScript-sniffer and put up for sale on the dark web.

During their analysis of underground card shops, Group-IB’s threat hunting team discovered a spike in the sale of raw data of 4,166 compromised payment cards – including CVV, card number and expiration date – issued by Singapore banks.

Group-IB said the data was uploaded in April 2019, and that the spike took place on 1 April when a database containing data on 1,726 compromised cards was put up. The mean figure from January to August 2019 was 2,379 cards per month.

Source link

The post #nationalcybersecuritymonth | Interpol uncovers cyber crime operation in Indonesia appeared first on National Cyber Security.

View full post on National Cyber Security

#cybersecurity | #hackerspace | Smaller Companies Need to Step Up Their Cyber Security Efforts

Source: National Cyber Security – Produced By Gregory Evans

Whenever we hear about major cyber security attacks such as data breaches, it’s typically larger enterprises that are the victims. That makes sense, considering those events can potentially impact a lot of people and therefore are more likely to grab headlines and garner attention.

But that doesn’t mean small and mid-sized companies (SMBs) are immune to such attacks. In fact, smaller organizations are frequent targets of cyber incidents, and they generally have far fewer resources with which to defend themselves.

A recent study by the Ponemon Institute, which conducts research on a variety of security-related topics, presents a clear picture of the cyber security challenges SMBs are facing. The report, “The 2019 Global State of Cybersecurity in SMBs,” states that for the third consecutive year small and medium-sized companies reported a significant increase in targeted cyber security breaches.

For its report, Ponemon conducted an online survey of 2,391 IT and IT security practitioners worldwide in August and September 2019, and found that attacks against U.S., U.K., and European businesses are growing in both frequency and sophistication.

Nearly half of the respondents (45%) described their organization’s IT posture as ineffective, with 39% reporting that they have no incident response plan in place.

Cyber criminals are continuing to evolve their attacks with more sophisticated tactics, and companies of all sizes are in their crosshairs, noted Larry Ponemon, chairman and founder of the Ponemon Institute. The report shows that cyber attacks are a global phenomenon, as is the lack of awareness and preparedness by businesses globally, he said.

Overall, cyber attacks are increasing dramatically, the report said. About three quarters of the U.S. companies surveyed (76%) were attacked within the previous 12 months, up from 55% in a 2016 survey. Globally, 66% of respondents reported attacks in the same timeframe.

Attacks that rely on user deception are on the rise, the study said. Overall, attacks are becoming more sophisticated, with phishing (57%), compromised or stolen devices (33%), and credential theft (30%) among the most common attacks waged against SMBs globally.

Data loss is among the most common impact of cyber security events. Worldwide, 63% of businesses reported an incident involving the loss of sensitive information about customers and employees in the previous year.

SMBs around the world increasingly are adopting emerging technologies such as mobile devices and apps, the Internet of Things (IoT), and biometrics, despite having a lack of confidence in their ability to protect their sensitive information.

Nearly half of the survey respondents (48%) access more than 50% of their business-critical applications from mobile devices, yet virtually the same portion of respondents said the use of mobile devices to access critical applications diminishes their organization’s security posture.

Furthermore, a large majority of respondents (80%) think it is likely that a security incident related to unsecured IoT devices could be catastrophic. Still, only 21% monitor the risk of IoT devices in the workplace.

The report also suggests that biometrics might finally be moving toward the mainstream. Three quarters of SMBs currently use biometrics to identify and authenticate users or have plans to do so soon.

Small and mid-sized companies can take several steps to bolster their cyber security programs. One is to educate users and managers throughout the organization about the importance of strong security and taking measures to keep data safe.

Because so many attacks begin with employees opening suspicious email attachments or clicking on links that lead to malware infestations or phishing, training users to identify these threats is vital. Companies can leverage a number of free training resources online to help spread the word about good security hygiene.

Smaller companies, particularly those will limited internal cyber security skills, can also consider hiring a managed security services provider (MSSP) to help build up a security program. Many of these firms are knowledgeable about in the latest threats, vulnerabilities, and tools, and can help SMBs quickly get up to speed from security standpoint.

And companies can deploy products and services that are specifically aimed at securing small businesses. Such tools provide protection for common IT environments such as Windows, macOS, Android, and iOS devices. They are designed to protects businesses against ransomware and other new and existing cyber threats, and prevent data breaches that can put personal and financial data at risk.

Some of these offerings can be installed in a matter of minutes with no cyber security or IT skills required, which is ideal for smaller companies with limited resources and a need to deploy stronger defenses quickly.

Source link

The post #cybersecurity | #hackerspace |<p> Smaller Companies Need to Step Up Their Cyber Security Efforts <p> appeared first on National Cyber Security.

View full post on National Cyber Security

#nationalcybersecuritymonth | Hank Thomas and Mike Doniger, getting the specs on the cyber SPAC

Source: National Cyber Security – Produced By Gregory Evans Hank Thomas and Mike Doniger, getting the specs on the cyber SPAC Sunday, January 26, 2020 In this special edition, our extended conversation with Hank Thomas and Mike Doniger from their new company SCVX. Both experienced investors, their plan is to bring a new funding mechanism […] View full post on AmIHackerProof.com

#nationalcybersecuritymonth | Cyber security news round-up

Source: National Cyber Security – Produced By Gregory Evans

Our first cyber security round-up of 2020 details updates to NHSmail and advice from the National Cyber Security Centre on the use of Windows 7, after Microsoft officially ended support for the platform.

Three-quarters of healthcare organisations suffered a cyber-attack in 2019

New research by data security provider Clearswift suggests that more than three-quarters (67%) of healthcare organisations in the UK have experienced a cyber security incident in the past year.

The research, which surveyed senior business decision-makers within healthcare organisations, found that almost half (48%) of incidents within the sector occurred as a result of introduction of viruses or malware from third-party devices – including IoT devices and USB sticks.

The survey found that further causes of cyber security incidents included employees sharing information with unauthorised recipients (39%), users not following protocol/data protection policies (37%), and malicious links in emails and on social media (28%).

The report once again highlights the serious threat that data breaches and malicious attacks pose to health data in the UK.

Alyn Hockey, VP of product management at Clearswift, said: “The healthcare sector holds important patient data, so it is alarming to see such high numbers of security incidents occurring in the industry.

“The healthcare sector needs to securely share data across departments and organisations in order to facilitate excellent patient care.

“With the proliferation of third-party devices in this process, it’s more important than ever that the industry bolsters its cyber security efforts to reduce the risk of everything from unwanted data loss to malicious attacks and focusses on keeping patient data safe and secure.”

NHSmail updates to improve security and user experience

NHS Digital is updating NHSmail to improve cybersecurity and save some 40,000 manual work hours for staff.

Dan Jeffery, head of innovation, delivery and business operations at NHS Digital’s Data Security Centre, detailed a number of improvements being made to the NHSmail platform around security, identity verification and user experience in a blog post on 6 January.

This includes a system to automate the movement of user accounts between NHS mail organisations that Jeffrey said would lead to “millions of pounds worth of efficiency savings.”

A password synchronisation micro-service allowing users to synchronise their password from the NHS Directory to their local active directory, and behavioural and transactional analysis providing insight into user behaviour, are also in the pipeline.

Jefferey said: “NHSmail is more than just an email service. The system manages the identities of all users within the Microsoft Active Directory in the NHS and allows local administrators to manage accounts within the NHSmail portal.

“Typically, NHS organisations will manage local identities within their own Active Directory and use the NHS Electronic Staff Record for workforce management, including the on-boarding and off-boarding of employees.

“With more than 13,000 health and care organisations in England and Scotland using NHSmail and 64,000 movements of user accounts every month, the burden is real and the security implications relating to identity are acute. But that also means the opportunity for improvement is significant.”

NCSC warns against using Windows 7

The National Cyber Security Centre (NCSC) has warned the public not to use Windows 7 to access internet banking or email applications after Microsoft pulled support for the operating system last week.

NCSC, the public-facing arm of the UK’s GCHQ intelligence service, said that people running the now-outdated Windows 7 to upgrade to Windows 10 in order to avoid possible cyber security attacks.

Microsoft official ended support for Windows 7 on 14 January, meaning computers running the software will no longer receive security and other important updates.

NCSC said in a statement: “The NCSC would encourage people to upgrade devices currently running Windows 7, allowing them to continue receiving software updates which help protect their devices,” an NCSC spokesman said.

“We would urge those using the software after the deadline to replace unsupported devices as soon as possible, to move sensitive data to a supported device, and not to use them for tasks like accessing bank and other sensitive accounts.

“They should also consider accessing email from a different device.”

Almost half of respondents to the latest Twitter poll run by Infosecurity Europe, Europe’s number one information security event, admit they would be completely unaware if a cyber breach occurred in their organisation. The poll was designed to explore incident response, an area that has come under recent scrutiny following Travelex’s response to its New Year’s Eve cyber-attack, which left many of its systems down and impacted travel currency sales.

Poll suggest half of people “wouldn’t know” warning signs of cyber security incident.

Almost half of respondents to a Twitter poll run by Infosecurity Europe admitted that they would be completely unaware if a cyber security breach occurred in their organisation.

In answer to the question: “If a cyber breach occurred, how quickly could you discover it?” 47.6% conceded they simply would not know.

The poll was designed to explore incident response, an area that has come under recent scrutiny following Travelex’s response to its New Year’s Eve cyber-attack, which left many of its systems down and impacted travel currency sales.

According to Maxine Holt, research director at Ovum, this reflects a widespread issue. “Discovering a breach well after the event is usual. Uncovering breaches is not easy, but proactive threat hunting is an approach being increasingly used by organisations.

“Regularly scanning environments to look for anomalies and unexpected activity is useful, but it can be difficult to deal with the number of resulting alerts. Ultimately, effective cyber hygiene involves having layers of security to prevent, detect and respond to incidents and breaches.”

The poll also examined risk insight, asking: “What understanding do you have of your information assets?” A worrying 44.7% revealed they had “very little” understanding, with 30.7% stating they had “some” – and only 24.7% said their grasp was “comprehensive”.

Bev Allen, CISO at Quilter, said: “Many companies don’t know what or where all their information assets are. They may think they do; but if they’re wrong this leaves them vulnerable to breaches. Consistent knowledge of your assets takes effort; you need tools and systems to record what you have, you need people to follow appropriate processes, and you need to search to find out what you don’t know about and where it is. This search must be done regularly.”

Source link

The post #nationalcybersecuritymonth | Cyber security news round-up appeared first on National Cyber Security.

View full post on National Cyber Security

#nationalcybersecuritymonth | Why Cyber risk is the number one business risk in 2020

Source: National Cyber Security – Produced By Gregory Evans

In January the Information Commissioner’s Office (ICO) fined DSG Retail Limited (DSG) £500,000 after a ‘point of sale’ computer system was compromised as a result of a cyber-attack, affecting at least 14 million people.

An ICO investigation found that an attacker installed malware on 5,390 tills at DSG’s Currys PC World and Dixons Travel stores between July 2017 and April 2018, collecting personal data during the nine-month period before the attack was detected.

The company’s failure to secure the system allowed unauthorised access to 5.6 million payment card details used in transactions and the personal information of approximately 14 million people, including full names, postcodes, email addresses and failed credit checks from internal servers.

Because the data breach occurred before the General Data Protection Regulation (GDPR) came into effect, DSG were found to have breached the earlier Data Protection Act 1998.

The ICO cited poor security arrangements and a failure to take adequate steps to protect personal data. This included vulnerabilities such as inadequate software patching, absence of a local firewall, and lack of network segregation and routine security testing.

The ICO said that the contraventions in this case were so serious that they imposed the maximum penalty under the previous law, but the fine would inevitably have been much higher under the GDPR.

The ICO considered that the personal data involved would significantly affect individuals’ privacy, leaving affected customers vulnerable to financial theft and identity fraud. The ICO received 158 complaints between June 2018 and November 2018 from DSG’s customers. As of March 2019, the company reported that nearly 3,300 customers had contacted them directly in relation to this data breach.

The ICO stressed that while cyber-attacks are becoming more frequent, organisations still have responsibilities under the law to take serious security steps to protect systems, and most importantly, people’s personal data.

This incident will have cost DSG a great deal, both in direct costs to deal with the breach, and also in terms of its reputation.  DSG  may also face claims from its customers – especially given the ICO’s findings of poor security.

Given such incidents  it’s unsurprising that the threat of cyber attacks is keeping many business leaders up at night and sadly, if business leaders aren’t worried, then they aren’t paying attention. In fact, the latest Allianz Risk Barometer 2020 from insurers Allianz – which identifies the top corporate risks for 2020 – highlights cyber risk as the number one business risk for 2020.  Seven years ago cyber risk was ranked just 15th.

A top priority for all businesses in 2020 must be to take all reasonable and practicable steps to make their businesses as cyber risk proof and as resilient as possible.  There’s plenty of guidance and support available – the National Cyber Security Centre (NCSC) promotes cyber essentials which should be a first port of call for any SME (https://www.cyberessentials.ncsc.gov.uk/about).

Businesses should also consider whether they should take out cyber insurance.  It should not be assumed cyber risks are covered in your existing insurance policies.

A number of cyber policies are now available and a specialist insurance broker should be able to assist you and help explain what’s available and what is and what is not covered.   Such policies can help protect against financial losses (including for business interruption, privacy breach costs, cyber extortion, hacker damage, and media liability) but many also offer assistance at the time of an incident e.g. by providing cyber forensic support.

Such policies do pay out – last year the Association of British Insurers revealed that 99% of claims made (207) on ABI-member cyber insurance policies in 2018 were paid – this is one of the highest claims acceptance rates across all insurance products.

As the NCSC advise:

“Organisations that are considering cyber insurance should understand that it will not protect you from an attack, but it may provide you with additional resources during and after an incident. So cyber insurance can be considered as an additional risk management tool, but do take time to:

  • understand the scope and scale of the cover provided
  • ensure that you are able to meet any operational requirements placed on you by the insurer”

As always when buying insurance you need to read the fine print of the cover. Crucially you must also ensure you meet any security or other IT requirements placed on you by the insurer.  If you have pre-existing IT issues you knew or ought to have known about and these lead to a breach of security you are unlikely to be covered.

Insurance is not a panacea, of course. You need to implement appropriate technical and organisational measures to ensure a level of security appropriate to the risks your organisation faces.  This is required by the General Data Protection Regulation (GDPR) in any event where you process personal data.

Ensuring your business is protected against cyber security risks should be a recurring New Year’s resolution, no matter what type of business you run.


Simon Stokes

Simon Stokes is a Partner with law firm Blake Morgan . He leads the firm’s technology practice in London and specialises in information technology law.

Source link

The post #nationalcybersecuritymonth | Why Cyber risk is the number one business risk in 2020 appeared first on National Cyber Security.

View full post on National Cyber Security

#nationalcybersecuritymonth | Police to launch cyber security certification scheme

Source: National Cyber Security – Produced By Gregory Evans

The Police Digital Security Centre (PDSC) will launch a certification scheme for cyber security companies, giving them the weight to vet new products launched by small companies and startups. 

From next month, established cyber security companies can apply to be a part of the new accreditation scheme set up by the security wing of the police force and devised in partnership with the British Standards Institute (BSI). 

The ‘Digital Security Innovator’ certification will be for the benefit of smaller companies seeking to make informed decisions when choosing a cyber security vendor to examine their new products or services. 

This cyber security assessment includes taking a look at elements such as concepts of design. These would, in turn, allow a startup secure investment, or support any applications to an external incubator or mentorship programmes run by industry bodies.

Advertisement – Article continues below

There are two awards on offer, with each giving cyber security companies police/BSI accreditation for 12 months. Firms that apply to receive either award would have to demonstrate their cyber security tools meet established industry standards.

Related Resource

Four cybersecurity essentials that your board of directors wants to know

The insights to help you deliver what they need

Download now

“The awards aren’t just about the product or service,” said both techUK’s programme assistant for defence, cyber and justice & emergency services Charlie Wyatt, and programme manager for defence and cyber Dan Patefield. 

“From the experience of working with thousands of SMEs over the past few years, trust is essential in building relationships with vendors that keep SMEs safe from the most common types of cyber-crime. 

“Therefore, in addition to reference checks, the PDSC require all customer-facing staff to undergo police vetting.”

PDSC was established in 2015 by the Mayor of London’s office, in collaboration with the Met Police and the City of London Police, in order to help small and medium-sized businesses reduce their vulnerability to cyber crime. 

This was branded the London Digital Security Centre (LDSC) until 2019 at which point it took up a national remit, and began working with industry partners, the government, academia, and other branches of law enforcement.

Advertisement – Article continues below

This launch can be added to a string of cyber security training and certification programmes targeted at giving cyber security professionals and organisations the tools and expertise to protect themselves against cyber threats.

The PDSC and BSI certification scheme will formally launch on 17 February at an event hosted by trade association techUK, with companies given more further details about how to apply for the awards on offer.

Featured Resources

What you need to know about migrating to SAP S/4HANA

Factors to assess how and when to begin migration

Download now

Your enterprise cloud solutions guide

Infrastructure designed to meet your company’s IT needs for next-generation cloud applications

Download now

Testing for compliance just became easier

How you can use technology to ensure compliance in your organisation

Download now

Best practices for implementing security awareness training

How to develop a security awareness programme that will actually change behaviour

Download now

Source link

The post #nationalcybersecuritymonth | Police to launch cyber security certification scheme appeared first on National Cyber Security.

View full post on National Cyber Security

#nationalcybersecuritymonth | Congress struggles on rules for cyber warfare with Iran

Source: National Cyber Security – Produced By Gregory Evans The U.S. and Iran may have walked back from the brink of war, but the potential for a cyber battle looms with no clear rules of engagement. Lawmakers and military officials say there’s no agreed-upon definition of what constitutes cyber warfare, leaving them to decide on a […] View full post on AmIHackerProof.com

#nationalcybersecuritymonth | TECH & CYBER BRIEFING: CES Debates Breaking Up Big Tech

Source: National Cyber Security – Produced By Gregory Evans

Should big tech be broken up? That question was raised at CES this week following months of discussion and antitrust inquiries from lawmakers and regulators in Washington.

The subject of both a tech think tank panel and a Federal Trade Commission-focused panel at CES this week is timely given ongoing investigations by the Department of Justice and the FTC into anti-competitive behavior of companies including Facebook, Amazon, Google and Apple. The House Judiciary Committee is also conducting its own tech antitrust probe.

Robert Atkinson, president of the think tank Information Technology and Innovation Foundation, said in a panel yesterday he was against the idea of a break-up. “The simple fact that big technology companies are big, is not a problem in itself, in fact it’s a benefit,” he said. Atkinson said large tech companies, such as Alphabet and Amazon, are among the top investors in research and development in the world and without their size, they couldn’t innovate.

His remarks mirrored those of Christine Wilson, a commissioner at the Federal Trade Commission, who said in an earlier FTC session that proposals from Sen. Elizabeth Warren (D-Mass.) and others to break up large, successful companies because they are large and successful “is not an approach that I would embrace.”

FTC Commissioner Rebecca Slaughter defended the intent behind some of the break-up proposals. “What they are doing is saying that we are concerned about the effects across the market, and in the market, and on consumers, of the market power that particularly large companies have, and how they are using that market power,” Slaughter said during the FTC session. “So it may be that either more regulation or breaking up is an appropriate way to remedy those concerns.”

Charlotte Slaiman, senior policy counsel at non-profit Public Knowledge, also raised the alarms over big tech’s dominance. “I am very concerned about the power of big tech, which I define as dominant digital platforms,” she said in yesterday’s panel. She did agree that antitrust laws are not necessarily well-suited to address the network effects that have led to big tech’s growth, but said new laws are needed to remedy consumer harms that are the result from dominant tech, including a federal privacy bill.

She also contested Atkinson’s premise that tech companies’ large R&D spending is the best way to measure innovation. A small company that is trying to gain market share is going to do much more disruptive innovation, she said. “A company that is already doing well, that is very comfortable in its market position, is going to do some innovation on the margins,” she said. But if a large companies discovers a great innovation that could potentially limit their market power, they might want to sit on that versus innovate, she added.

Sen. Rosen Talks STEM Bill, Tech Innovation: Sen. Jacky Rosen (D-Nev.) wasn’t able to make it to CES in Las Vegas this week due to the Senate schedule, but in a phone interview praised the state’s tech sector and highlighted STEM and tech legislation she’s pushing in Congress.

“I’m proud that Nevada is leading the nation in innovation and software job growth,” Rosen told Bloomberg Government. “I will continue to support legislation, like my bipartisan Building Blocks of STEM that was recently signed into law, to ensure that the Silver State is educating and training the workforce of tomorrow.”

Rosen and Victoria Espinel, president and CEO of BSA The Software Alliance, co-authored an opinion article yesterday in the Las Vegas Sun noting that Nevada has the fastest growing software job sector in the country.

Rosen’s bill (S. 737), signed into law by President Donald Trump late last year, expands STEM education initiatives at the National Science Foundation for young children and creates new research grants to increase the participation of girls in computer science.

She also highlighted her bipartisan Mapping to Save Moms’ Lives Act (S. 3152), which she released this week. That measure would require the Federal Communications Commission to map remote areas with internet service gaps and high rates of poor maternal health outcomes.

“In Nevada we have real frontier land, particularly in northern Nevada,” she said. “We know about 5G, we have places with no ‘G,’ We have to get everybody connected.”

She said she is working on legislation with Girls Who Code, a nonprofit that trains girls in computer coding, to require schools that receive federal funding for computer science programs to provide information on demographics in the classroom. “So many school districts say, ‘We have computer science education.’ But are we sure that we’re making it accessible, available and open or recruiting everybody to do that or just a select group,” she said.

Rosen has experience with technology, having worked as a computer programmer and software developer for numerous companies in Nevada, including Summa Corporation, Citibank, and Southwest Gas.

Happening on the Hill

Legislation & Letters:

  • House Lawmakers Unveil Bill to Revamp Children’s Privacy Law: A bipartisan House bill announced yesterday aims to modernize children’s privacy laws by raising the age of parental consent and protecting the geolocation and biometric data of minors. The measure, introduced by Republican Rep. Tim Walberg (Mich.) and Democratic Rep. Bobby Rush (Ill.), would update the Children’s Online Privacy Protection Act of 1998, known as COPPA. The bill would raise age of parental consent protections for children from age 13 to 16, and affirm the law applies to children’s privacy on mobile apps. Sens. Josh Hawley (R-Mo.) and Ed Markey (D-Mass.) introduced a similar bill to update COPPA in the Senate last March. See the House bill text here.
  • Wyden, Others Ping FCC on Wireless Scams: Sen. Ron Wyden (D-Ore.) and five House and Senate members yesterday asked the FCC to protect consumers from scammers hijacking phone numbers to steal bank and other personal information. “As the primary regulator of the wireless industry, the FCC has the responsibility and authority to secure America’s communication networks and protect consumers who rely on those networks. To that end, we urge the FCC to initiate a rulemaking to protect consumers from SIM swaps, port outs and other similar methods of account fraud,” the members wrote.

Happening Next Week:

  • Facial Recognition: The House Oversight and Reform Committee on Wednesday holds the third installment in a series of hearings on facial recognition, focusing on “ensuring commercial transparency and accuracy.”
  • Future Industries: The Senate Commerce, Science and Transportation Committee plans a hearing Wednesday on industries of the future. Witnesses include National Institute of Standards and Technology Director Walter Copan, National Science Foundation Director France Cordova, U.S. Chief Technology Officer Michael Kratsios, and FCC Commissioners Jessica Rosenworcel and Michael O’Rielly.

Industry and Regulation

Business Group Chief Urges Congress to Step Up on Privacy, Labor: Congress should move past gridlock and take the reins on issues such as privacy, where liberal states have enacted new laws, the leader of the U.S. Chamber of Commerce plans to say in a Thursday speech. “Washington’s inability to make progress on data privacy is resulting in a patchwork of state rules and regulations that will stifle the free flow of goods and services across state borders,” chamber Chief Executive Officer Tom Donohue said in prepared remarks.

As part of his annual “State of American Business” address, Donohue expressed worry about state-by-state approaches, particularly regarding data protection and worker classification in the gig economy, according to excerpts provided by the chamber, one of the most influential and highest-spending business associations in Washington. Read more from Ben Brody.

Apple Stole Tech for Watch, Masimo Claims: Apple is accused of stealing trade secrets and improperly using Masimo inventions related to health monitoring in its Apple Watch. Masimo, which develops signal processing technology for health-care monitors, and its spinoff, Cercacor Laboratories, claim in a lawsuit that Apple got secret information under the guise of a working relationship and then hired away key employees, including Michael O’Reilly, who became vice president of Apple’s health technology efforts. The business segment that includes the Apple Watch, Apple TV and Beats headphones is the company’s fastest-growing category and generated more than $24 billion in sales in the fiscal year that ended in September. Read more from Susan Decker and Mark Gurman.

New DHS Cybersecurity Assistant Director Starts: Bryan Ware earlier this week stepped into a top cyber role at Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency that was vacated by longtime assistant director Jeanette Manfra, according to a statement yesterday. Ware steps into the position just as the U.S. faces potential Iranian cyber attacks following its assassination of a top general. Sam Kaplan will fill Ware’s former position at the department later this month, Michaela Ross reports.

More Headlines:

To contact the reporters on this story: Rebecca Kern in Washington at rkern@bgov.com; Giuseppe Macri in Washington at gmacri@bgov.com

To contact the editors responsible for this story: Zachary Sherwood at zsherwood@bgov.com; Brandon Lee at blee@bgov.com

Source link

The post #nationalcybersecuritymonth | TECH & CYBER BRIEFING: CES Debates Breaking Up Big Tech appeared first on National Cyber Security.

View full post on National Cyber Security

#nationalcybersecuritymonth | Insurance Journal’s Top 10 Cyber Risk Stories of 2019

Source: National Cyber Security – Produced By Gregory Evans Cyber risks were cited as the top concern among businesses of all sizes in 2019, according to a Travelers report released in October. Of the 1,200 business leaders who participated in an insurer-sponsored survey, 55% said they worry some or a great deal about cyber risks, […] View full post on AmIHackerProof.com

#infosec | US Braced for Cyber Retaliation from Iran

Source: National Cyber Security – Produced By Gregory Evans

The US government has echoed concerns from the cybersecurity industry that Iranian state hackers could respond to the assassination of a top Tehran general with attacks on US critical infrastructure (CNI).

Widely considered the second most powerful man in Iran, Qassem Suleimani was killed by a US drone strike in Baghdad on Friday.

Military and political leaders in the country have warned of retribution, while signs posted along the vast funeral procession today are reported to have read: “Harsh revenge is awaiting.”

The Department for Homeland Security (DHS) has duly issued an alert warning of a terror threat on home soil, although it admitted “at this time we have no information indicating a specific, credible threat to the homeland.”

However, an attack could come with little or no warning, with cyber a likely vector, it said.

“Previous homeland-based plots have included, among other things, scouting and planning against infrastructure targets and cyber-enabled attacks against a range of US- based targets,” the notice continued.

“Iran maintains a robust cyber program and can execute cyber-attacks against the United States. Iran is capable, at a minimum, of carrying out attacks with temporary disruptive effects against critical infrastructure in the United States.”

On Saturday, the website of the government-run American Federal Depository Library Program (FDLP) was defaced with an image of a bloodied Donald Trump. Industry experts believe things could escalate even further.

John Hultquist, director of intelligence analysis at FireEye, warned of an uptick in cyber-espionage against government entities, designed to give Tehran a geopolitical advantage, and destructive attacks on CNI.

“Iran has leveraged wiper malware in destructive attacks on several occasions in recent years. Though, for the most part, these incidents did not affect the most sensitive industrial control systems, they did result in serious disruptions to operations,” he added.

“We are concerned that attempts by Iranian actors to gain access to industrial control system software providers could be leveraged to gain widespread access to critical infrastructure simultaneously. In the past, subverting the supply chain has been the means to prolific deployment of destructive malware by Russian and North Korean actors.”

____________________________________________________________________________________________________________________

#infosec #itsecurity #hacking #hacker #computerhacker #blackhat #ceh #ransomeware #maleware #ncs #nationalcybersecurityuniversity #defcon #ceh #cissp #computers #cybercrime #cybercrimes #technology #jobs #itjobs #gregorydevans #ncs #ncsv #certifiedcybercrimeconsultant #privateinvestigators #hackerspace #nationalcybersecurityawarenessmonth #hak5 #nsa #computersecurity #deepweb #nsa #cia #internationalcybersecurity #internationalcybersecurityconference #iossecurity #androidsecurity #macsecurity #windowssecurity
____________________________________________________________________________________________________________________

Source link

The post #infosec | US Braced for Cyber Retaliation from Iran appeared first on National Cyber Security.

View full post on National Cyber Security