While the eastern United States recovers from this week’s devastasting storm, the nation’s Homeland Security chief used “Superstorm Sandy” to promote the importance of national cybersecurity protection.
The FBI says it is now making a push to not just stop cybercrime but to identify the attackers behind the phishing, credit card fraud and other campaigns that cost consumers and enterprises billions of dollars each year. The bureau is the lead agency charged with addressing cybercrime in the U.S. and has a large division dedicated to the problem, but it mostly has been concerned with stopping ongoing attacks rather than tracking down the criminals themselves. That appears to be changing.
A Southern California judge has rejected several key claims in a class-action lawsuit filed in response to Sony’s handling last year of a data breach that left millions of users at risk.In a ruling released by Courthousenews.com, U.S. District Court Judge Anthony Battaglia ruled users did not have an expectation of “perfect security” when they signed on with the company’s PlayStation Network.
Hoping to better address the cause and concerns of cyber attacks on a state level, last week the National Governors Association (NGA) announced the creation of the Resource Center for State Cybersecurity, an initiative set into motion by Governor Martin O’Malley (D-Md.) and Governor Rick Snyder (R-Mich.)
Scared is a strong word, but the reality, according to a Websense analysis by Patrik Runald, is that spear-phishers, like the ones that compromised a White House network last week, are implementing new evasion tactics, fundamentally changing their attack strategies, and revolutionizing the targeted threat model, giving business executives plenty of reason to worry.
It can happen to anyone…and when it does it usually catches everybody – the victim and his relatives – completely unprepared. I’m talking about kidnapping. Twice in my life I’ve been involved in helping the police track down and arrest gangs of kidnappers. The first case didn’t directly affect me or my family, but the second time a close friend of mine was kidnapped. And it turns out that our work in tackling cybercrime can also be useful to catch criminals who seem to have little connection with high-tech wrong-doing.
Lawmakers are urging the Food and Drug Administration to more thoroughly vet certain implantable medical devices for security, not just safety, risks. They include life-saving defibrillators, insulin pumps and pacemakers, which have been shown in recent years to be vulnerable to remote attacks.
The National Telecommunications Commission (NTC) of the Philipines has asked for assistance from law enforcement after a handful of government sites in the country, including the NTC’s site, were brought offline this morning in a hack allegedly carried out by PrivateX, an offshoot of the hacktivist group Anonymous.
So now it’s the White House’s turn. Having taken a swing at just about every other piece of the U.S. government’s network infrastructure, attackers, reportedly based in China, recently targeted a machine on an unclassified network inside the White House Military Office and were able to compromise it through a spear-phishing attack. The attack has drawn a lot of attention, as stories that include the words “White House” and “attack” do, but the notion that this attack may be the one that finally forces the U.S. to address the threat from foreign attacks is misguided.
Dennis Fisher talks with Gary McGraw of Cigital about the release of the BSIMM4 data, how software security programs have matured in the last four years and how the government has become distracted by cyberwar and is ignoring software security, to its detriment.
Infosec Insider content is written by a trusted community of Threatpost cybersecurity subject matter experts. Each contribution has a goal of bringing a unique voice to important cybersecurity topics. Content strives to be of the highest quality, objective and non-commercial.
Sponsored Content is paid for by an advertiser. Sponsored content is written and edited by members of our sponsor community. This content creates an opportunity for a sponsor to provide insight and commentary from their point-of-view directly to the Threatpost audience. The Threatpost editorial team does not participate in the writing or editing of Sponsored Content.
