Tag: Policy

The Art of Stealing Terabytes | Digital Guardian

There are many superlatives to describe the hack of Sony Pictures Entertainment. It has been called the “worst” and “most destructive” hack of all time. It has been likened to a nuclear bomb. It has been called an act of cyber warfare. But, behind all the hyperbole, the Sony hack is just another hack – albeit a bad one. And like any other cyber crime, there are questions about the ‘whys’ and ‘how’s’ of the Sony hack that have yet to be answered to anyone’s satisfaction. Chief among them: how the attackers were able to sneak terabytes of data off of Sony’s corporate network without being noticed. [Read more Security Ledger coverage of the Sony Pictures Hack here.] The sad truth may be that making off with terabytes worth of data may be easier than you think. Like you, I found this notion preposterous. But an informal poll of  respected security experts that […]

Continue Reading

At Electronics Bash, FTC Chairwoman Calls for Privacy, Security on IoT

  The Wall Street Journal reports on an address that FTC Chairwoman Edith Ramirez gave to the folks out at CES, the Consumer Electronics Show, in Las Vegas. From the report: “Ramirez outlined several concerns including ubiquitous data collection, or the ability of sensors to collect sensitive personal information about consumers all the time and in real time; unexpected uses of consumer data, such using individual energy use patterns to set their homeowners’ insurance rates; and cybersecurity threats. “She also noted opportunities. ‘Whether it’s a remote valet parking assistant, which allows drivers to get out of their cars and remotely guide their empty car to a parking spot; a new fashionable bracelet that allows consumers to check their texts and see reviews of nearby restaurants; or smart glucose meters, which make glucose readings accessible both to those afflicted with diabetes and their doctors, the IoT has the potential to transform […]

Continue Reading

Senator Warns of DHS Struggle with Cyber Security

U.S. Senator Tom Coburn (R-OK) used his final days in office to warn that the U.S. Department of Homeland Security (DHS) is struggling to fulfill its mission to protect the nation from cyber attack. The report, “A Review of the Department of Homeland Security’s Missions and Performance,” (PDF) was released on Saturday, as the retiring Senator from Oklahoma was leaving office. In it, the outgoing Senator said that DHS’s strategy and programs “are unlikely to protect us from the adversaries that pose the greatest cybersecurity threat.” The warnings on DHS cyber operations were part of a larger critique of the Department in the report, in which Coburn called on reforms of Homeland Security focused on accountability and streamlining. Despite spending $700 million annually on a range of cybersecurity programs, Coburn said it is hard to know whether the Department’s efforts to assist the private sector in identifying, mitigating or remediating cyber […]

Continue Reading

Are Data Lakes A Key To Securing IoT Environments? | Tripwire Blog

Mitch Thomas over at the security firm Tripwire has a good post on “architecting the security of things” that’s worth checking out. As an incumbent security vendor, Tripwire faces the same challenges and problems as other vendors who came of age securing traditional endpoints and enterprise IT environments. Among them: adapting to a nearly limitless population of new endpoints – many of them small, resource constrained embedded systems.  As we’ve noted before: many of these systems aren’t capable of the kinds of interrogations (vulnerability- and malware scans just two examples) that many security tools take for granted.

Continue Reading

With Multi-Vector Attacks, Quality Threat Intelligence Matters

In the last year, the world’s attention has been riveted by a series of high-profile hacks of major corporations in retail, finance and the entertainment industry, among others. Each of these incidents is unique, involving different threat actors and motives. However, each of these attacks is also a sterling example of what we, at Cisco, term “multi-vector attack” that employs a range of technologies, deployed in numerous stages, to penetrate the defenses of the target organization. Here at Cisco, we have studied these attacks in-depth and have identified some commonalities among these multi-vector attack, and useful approaches to combat them. This blog post will discuss some of our findings. About Multi-Vector Attacks Any cyber attack, large or small is born from a weak link in the security chain. These weak links take many forms: poorly configured Web servers, gullible employees or vulnerable-but-common applications like Microsoft Office, Adobe Reader and Java are common examples. Multi-vector  attacks […]

Continue Reading
1 50 51 52 53 54 67