data loss

Senator Warns of DHS Struggle with Cyber Security

U.S. Senator Tom Coburn (R-OK) used his final days in office to warn that the U.S. Department of Homeland Security (DHS) is struggling to fulfill its mission to protect the nation from cyber attack. The report, “A Review of the Department of Homeland Security’s Missions and Performance,” (PDF) was released on Saturday, as the retiring Senator from Oklahoma was leaving office. In it, the outgoing Senator said that DHS’s strategy and programs “are unlikely to protect us from the adversaries that pose the greatest cybersecurity threat.” The warnings on DHS cyber operations were part of a larger critique of the Department in the report, in which Coburn called on reforms of Homeland Security focused on accountability and streamlining. Despite spending $700 million annually on a range of cybersecurity programs, Coburn said it is hard to know whether the Department’s efforts to assist the private sector in identifying, mitigating or remediating cyber […]

Continue Reading

U.S. Sanctions 10 For Sony Hack, Keeps Mum on Evidence

  As the New York Times reports, the Obama administration doubled down on its recent allegation that the Democratic Peoples Republic of North Korea (DPRK) was behind the hacking of Sony Pictures, announcing sanctions on 10 senior North Korean officials and several organizations in response to the incident. Paradoxically, the administration acknowledged that there is no evidence that the 10 officials took part in either ordering or planning the Sony attack. Instead, they described them as “central to a number of provocative actions against the United States,” the Times reported. Those ‘provocative actions’ were not described. The actions mirror the Administration’s controversial decision, in May, to charge five Chinese military officers in May, 2014, for their connection to computer hacking and cyber espionage campaigns directed at U.S. firms in the nuclear power, metals and solar products industries. In the case of the Chinese nationals, however, the FBI cited evidence linking the five military officers to […]

Continue Reading

Wireless Infusion Pump is Test Case for Securing Medical Devices

A National Institute of Standards and Technology (NIST) reference document is providing some of the clearest guidance from the U.S. government for securing connected medical devices, but may be setting too low a bar for securing wireless communications, according to a security expert. NIST, working with the University of Minnesota’s Technological Leadership Institute, released a draft Use Case document  (PDF) on December 18 to help health care providers “secure their medical devices on an enterprise networks.” However, in the area of communications security, the document suggests the use of WEP (Wired Equivalent Privacy), a legacy wireless security technology that can easily be cracked. NIST released the draft security use case document and is seeking feedback from the public. The drug infusion pump case study is described as the “first of a series” of similar use cases that will focus on medical device security, NIST wrote. The draft document presents a technical description of the security challenges […]

Continue Reading

New Clues In Sony Hack Point To Insiders, Away from DPRK

A strong counter-narrative to the official account of the hacking of Sony Pictures Entertainment has emerged in recent days, with the visage of the petulant North Korean dictator, Kim Jong Un, replaced by another, more familiar face: former Sony Pictures employees angry over their firing during a recent reorganization at the company. Researchers from the security firm Norse allege that their investigation of the hack of Sony has uncovered evidence that leads, decisively, away from North Korea as the source of the attack. Instead, the company alleges that a group of six individuals is behind the hack, at least one a former Sony Pictures Entertainment employee who worked in a technical role and had extensive knowledge of the company’s network and operations. [Read Security Ledger coverage of the hack of Sony Pictures Entertainment.] If true, the allegations by Norse deal a serious blow to the government’s account of the incident, which placed the blame squarely on […]

Continue Reading

With Multi-Vector Attacks, Quality Threat Intelligence Matters

In the last year, the world’s attention has been riveted by a series of high-profile hacks of major corporations in retail, finance and the entertainment industry, among others. Each of these incidents is unique, involving different threat actors and motives. However, each of these attacks is also a sterling example of what we, at Cisco, term “multi-vector attack” that employs a range of technologies, deployed in numerous stages, to penetrate the defenses of the target organization. Here at Cisco, we have studied these attacks in-depth and have identified some commonalities among these multi-vector attack, and useful approaches to combat them. This blog post will discuss some of our findings. About Multi-Vector Attacks Any cyber attack, large or small is born from a weak link in the security chain. These weak links take many forms: poorly configured Web servers, gullible employees or vulnerable-but-common applications like Microsoft Office, Adobe Reader and Java are common examples. Multi-vector  attacks […]

Continue Reading
1 16 17 18 19 20 41