Tag: Government

DPRK Mum as Hackers Dump Sony Pictures Data Online

The hack of Sony Pictures Entertainment has taken a turn for the worse, as evidence has turned up that suggests hackers have ransacked the networks of the high-profile studio, dumping everything from unreleased films to detailed business and employee records online. A spokesman for the Democratic People’s Republic of Korea (DPRK) did not explicitly deny or take responsibility for the attack when contacted by the BBC, telling the British news agency that “the hostile forces are relating everything to [North Korea]. I kindly advise you to just wait and see.” Sony Pictures’ network was attacked using destructive “wiper” malware last week that stole and exfiltrated data from the company, then erased data on infected PCs and servers. An FBI FLASH alert sent to U.S. firms provided details on the malware, including its use of a hard-coded list of IP addresses and hostnames, and the inclusion of configuration files created on computers […]

Continue Reading

NIST Sets Course For Handling Sensitive Data

The Snowden leaks were a wake-up call for U.S. Government agencies that the tools and processes to protect classified and sensitive data were woefully out of step with the current environment of small, capacious storage devices and powerful cloud-based secure communications and hosting platforms. But what about all the data that is stored on systems belonging to the (many) contractors that the government works with? Last week brings some clarification: a draft document from the National Institute of Standards and Technology (NIST) “Protecting Controlled Unclassified Information in Nonfederal Information Systems and Organizations.” (Draft Special Publication 800-171). The new NIST document outlines steps for protecting sensitive unclassified federal information that resides in nonfederal information systems and environments. Those include non-federal information systems that lie outside of the scope of existing laws like the Federal Information Security Management Act (FISMA) and any components of nonfederal systems that process, store, or transmit CUI. Read more […]

Continue Reading

Opinion: Toppling the IoT’s Tower of Babel

The five most feared words in the IT support person’s vocabulary are “This. Page. Can’t. Be. Displayed.” And yet, the growth of Service Oriented Architecture (SOA) based enterprises in the past eight years means that these dreaded words show up more and more, as services from different developers and vendors are consumed by larger, up stream platforms and and integrated to provide new capabilities. In this kind of environment, “This Page Can’t Be Displayed” is a cry for help: the first indication of a problem. For enterprise support personnel, that message is often the first step in a long journey complete with Sherlock Holmes-style sleuthing to try to find which service along an orchestrated chain is the bad actor. And, unfortunately, when an application is being attacked or gets hacked, support personnel may not even have an error message to go on. In both cases, the major roadblock for support and incident response staff is that application developers or development […]

Continue Reading

Report: DHS and FBI Briefing Grid Operators on Sophisticated Cyber Attacks

A spate of reports in recent days has put the media’s attention back on the security of the energy sector and critical infrastructure more broadly. Notably: this CNN report that cites NSA director Admiral Mike Rogers telling the audience at a power grid security conference in San Antonio, Texas in October that “power… is one of the segments that concerns me the most.”   What’s changed? For one: the uptick in ICS-specific malware like BlackEnergy. A spate of attacks based on that malware and others have targeted critical infrastructure players in recent months. According to a confidential memo obtained by CNN, the FBI and DHS are now traveling the country to warn utilities and other critical infrastructure owners about targeted attacks on industrial control systems. Some of those attacks are exploiting previously unknown (or “zero day”)  vulnerabilities in ICS systems, CNN reported. The U.S. Government has been warning about the threat of cyber attacks on […]

Continue Reading

With $200k Fine, FTC Finds Trust-e Not Very Trusty

The U.S. Federal Trade Commission fined TRUSTe, a for profit organization that is a leading provider of online reputations, $200,000 for misleading consumers about its web site monitoring services. On Monday, the Commission announced a settlement with TRUSTe over allegations that the company failed to perform annual compliance checks on more than 1,000 domains that earned its TRUSTe Certified Privacy Seal” between 2006 and 2013. The company also acknowledged making misleading statements about its for-profit status. “TRUSTe promised to hold companies accountable for protecting consumer privacy, but it fell short of that pledge,” said FTC Chairwoman Edith Ramirez in an official statement. “Self-regulation plays an important role in helping to protect consumers. But when companies fail to live up to their promises to consumers, the FTC will not hesitate to take action.” TRUSTe is a critical player in the online trust business. The company provides seals to businesses that meet […]

Continue Reading
1 65 66 67 68 69 98