Tag: Government

Report: Insecure SEC Laptops Toted To Black Hat

What’s worse than neglecting to encrypt the data on the government-issue laptop you use to handle sensitive data related to the workings of U.S. equities markets? How about hopping on a plane and bringing said laptop with you to the Black Hat conference in Las Vegas, one of the world’s largest gatherings of hackers. That’s just one of the allegations in an as-yet unreleased Inspector General report on irregularities at the U.S. Securities and Exchange Commission (SEC), according to a report on Friday by Reuters. The Inspector General’s report, a copy of which was reviewed by Reuters, found evidence of widespread lapses in information security within the agency that acts as a watchdog over stock markets and exchanges within the U.S. Among other errors, staff at the SEC failed to encrypt laptops containing sensitive stock exchange data or even install antivirus software on those systems, Reuters reported. The Inspector General […]

Are Security Firms Ducking Attribution for VOHO? (Rhymes with ‘Carolina’)

RSA left few stones unturned in its recent report (PDF) on the so-called “VOHO” attacks against pro democracy, military industrial base and high finance firms. But one question that was notably left unanswered was perhaps the most important: “Who, or what, was behind the attacks?” Now the  lead RSA security researcher trusted with analyzing the malware used in recent “watering hole” attacks tells Security Ledger that the malware left some clues as to the origins of the attacks, which affected tens of thousands of systems in more than 700 organizations, but not enough to conclusively link VOHO to a specific group, country or actor. “It’s hard to tell,” said Chris Elisan, a Principal Malware Scientist at RSA and the lead investigator into the malware used in the VOHO attacks. “The malware is only part of it,” he said. Other parts of what Elisan called the “attack chain” are needed to identify […]