Archive for August 2014

A real-time overview of the insider threat landscape

SpectorSoft recently surveyed 355 IT professionals, asking about their experience detecting and preventing insider threats – to explore how organizations are addressing this critical issue and how effective they have been.

Approximately 35 percent of respondents reported they had experienced an insider attack, but the situation is probably worse than they think. With an estimated 75 percent of all insider crimes going unnoticed, it seems likely that all organizations have experienced an insider crime, whether they know it or not.

61 percent said they couldn’t deter such attacks and 59 percent said they were unable even to detect one, leaving them vulnerable to fraud, data breaches, and IP theft.

Get theo whole report from SpectorSoft by clicking here.


Russia Tied to JPMorgan Hacking ?

Russian hackers may have attacked the U.S. financial system in mid-August, infiltrating and stealing data from JPMorgan Chase & Co. (JPM) and at least one other bank, an incident the FBI is investigating as a possible retaliation for government-sponsored sanctions.

The attack resulted in the loss of gigabytes of sensitive data, said the people, who asked not to be identified because the probe is still preliminary. Authorities are investigating whether recent infiltrations of major European banks using a similar vulnerability are also linked to the attack, one of the people said.

In one case, the hackers used a software flaw known as a zero-day vulnerability in one of the banks’ websites. They then plowed through layers of elaborate security to steal the data, a feat security experts said appeared far beyond the capability of ordinary criminal hackers.

“Companies of our size unfortunately experience cyber attacks nearly every day,” Patricia Wexler, a JPMorgan spokeswoman, said in an e-mail.

More (including video) from Bloomberg News by clicking here.

Cyber-intelligence defined…

Jay McAlllister from the SEI Innovation Center: “Cyber-intelligence is the acquisition and analysis of information that is used to identify and track – and predicMacalistert – cyber-capabilities or intentions of people, and enhance decision-making using that intelligence.”


From pod-cast on

Cyber Intelligence Tradecraft Project: Summary of Key Findings

Why one of cybersecurity’s thought leaders uses a pager instead of a smart phone

DanAn interview with Cybersecurity guru Daniel Geer…

“If you give people fine-grained control over what their information is in public, people reveal more. They might say if you give me a lot of control, they’d reveal less — but it doesn’t work that way. People will reveal more if they have more control so to a certain extent is what he’s verifying is sort of my own feeling: If I don’t have control I don’t want to reveal it.  Does the name Alessandro Acquisti mean anything to you?”

More available from the Washington Post by clicking here.


Snowden leaks prompt firms to focus cyber security on insider threats

“There’s a million Snowdens of various degrees at work right now, taking data for profit.


More from the Los Angeles Times by clicking here.

A Billion Passwords Have Been Stolen. Here’s What You should Do

A computer security firm has found evidence that a Russian cybercrime gang has stolen some 1.2 billion Internet passwords and user names. At this point, we don’t know which sites the passwords are connected to. But given the size of the possible theft, this is something you should take time to respond to as soon as you can, by updating your passwords and making sure they are secure. Your losses on charges to a stolen credit card are limited by law to $50, and they are capped on debit cards if you report a problem promptly. But the latest case may merit more caution because losing a password to a website that holds your personal data can be much harder to recover from. So click here to learn about how to prioritize your response. This means Google, Yahoo, Facebook, Dropbox, Twitter, Apple iCloud, Twitter—any place where you communicate with people and leave valuable data.

U.S. telecom chief tells industry to lead on cybersecurity

The top U.S. telecom regulator on Thursday told communications companies to take the lead in fortifying their networks against cyberattacks, saying they can do more to bolster security short of new government regulations.

In his first major speech devoted fully to cybersecurity, Federal Communications Commission Chairman Tom Wheeler urged the private sector to “step up to assume new responsibility and market accountability for managing cyber risks” before the FCC weighs a regulatory approach to the problem.

“The private sector-led effort must be more dynamic than traditional regulation and more measurably effective than blindly trusting the market or voluntary best practices to defend our country,” Wheeler said in a speech at the American Enterprise Institute think tank.

“We believe in a new regulatory paradigm where the commission relies on industry and the market first while preserving other options if that approach is unsuccessful.”

More from Reuters by clicking here.