Efforts to improve the security of cyberspace have fallen short due to a general inability to grasp the economic and psychological dimensions of the problem, said White House Cybersecurity Coordinator Michael Daniel.

“The bad guys primarily get through vulnerabilities that we know about, and that we even know how to fix. From that standpoint, it ought to be relatively simple — just plug the holes,” Daniel said while delivering a keynote Tuesday at the Billington Cybersecurity Conference in Washington.

SpectorSoft recently surveyed 355 IT professionals, asking about their experience detecting and preventing insider threats – to explore how organizations are addressing this critical issue and how effective they have been.

Approximately 35 percent of respondents reported they had experienced an insider attack, but the situation is probably worse than they think. With an estimated 75 percent of all insider crimes going unnoticed, it seems likely that all organizations have experienced an insider crime, whether they know it or not.

61 percent said they couldn’t deter such attacks and 59 percent said they were unable even to detect one, leaving them vulnerable to fraud, data breaches, and IP theft.

Get theo whole report from SpectorSoft by clicking here.

Russian hackers may have attacked the U.S. financial system in mid-August, infiltrating and stealing data from JPMorgan Chase & Co. (JPM) and at least one other bank, an incident the FBI is investigating as a possible retaliation for government-sponsored sanctions.

The attack resulted in the loss of gigabytes of sensitive data, said the people, who asked not to be identified because the probe is still preliminary. Authorities are investigating whether recent infiltrations of major European banks using a similar vulnerability are also linked to the attack, one of the people said.

In one case, the hackers used a software flaw known as a zero-day vulnerability in one of the banks’ websites. They then plowed through layers of elaborate security to steal the data, a feat security experts said appeared far beyond the capability of ordinary criminal hackers.

“Companies of our size unfortunately experience cyber attacks nearly every day,” Patricia Wexler, a JPMorgan spokeswoman, said in an e-mail.

More (including video) from Bloomberg News by clicking here.

Jay McAlllister from the SEI Innovation Center: “Cyber-intelligence is the acquisition and analysis of information that is used to identify and track – and predict – cyber-capabilities or intentions of people, and enhance decision-making using that intelligence.”

IT’s ALL ABOUT TRUST…

From pod-cast on

Cyber Intelligence Tradecraft Project: Summary of Key Findings

An interview with Cybersecurity guru Daniel Geer…

“If you give people fine-grained control over what their information is in public, people reveal more. They might say if you give me a lot of control, they’d reveal less — but it doesn’t work that way. People will reveal more if they have more control so to a certain extent is what he’s verifying is sort of my own feeling: If I don’t have control I don’t want to reveal it.  Does the name Alessandro Acquisti mean anything to you?”

More available from the Washington Post by clicking here.

“There’s a million Snowdens of various degrees at work right now, taking data for profit.”

More from the Los Angeles Times by clicking here.

A computer security firm has found evidence that a Russian cybercrime gang has stolen some 1.2 billion Internet passwords and user names. At this point, we don’t know which sites the passwords are connected to. But given the size of the possible theft, this is something you should take time to respond to as soon as you can, by updating your passwords and making sure they are secure. Your losses on charges to a stolen credit card are limited by law to $50, and they are capped on debit cards if you report a problem promptly. But the latest case may merit more caution because losing a password to a website that holds your personal data can be much harder to recover from. So click here to learn about how to prioritize your response. This means Google, Yahoo, Facebook, Dropbox, Twitter, Apple iCloud, Twitter—any place where you communicate with people and leave valuable data.

The top U.S. telecom regulator on Thursday told communications companies to take the lead in fortifying their networks against cyberattacks, saying they can do more to bolster security short of new government regulations.

In his first major speech devoted fully to cybersecurity, Federal Communications Commission Chairman Tom Wheeler urged the private sector to “step up to assume new responsibility and market accountability for managing cyber risks” before the FCC weighs a regulatory approach to the problem.

“The private sector-led effort must be more dynamic than traditional regulation and more measurably effective than blindly trusting the market or voluntary best practices to defend our country,” Wheeler said in a speech at the American Enterprise Institute think tank.

“We believe in a new regulatory paradigm where the commission relies on industry and the market first while preserving other options if that approach is unsuccessful.”

More from Reuters by clicking here.

In an interview with the news agency, Stadtwerke Ettlingen’s Eberhard Oehler said that a simulated attack on the utility had revealed how easy it would be to hack into the energy company’s network through its IT grid.

Felix Lindner, head of IT security company Recurity Labs, who conducted the cyber attack in November 2014, said he gained access to Stadtwerke Ettlingen’s control room and could have “switched off everything: power, water and gas” for the town of Ettlingen, home to 40,000 people in the south of Germany.

Mr Oehler said: ”The experiment has shown that sensitive, critical infrastructure is not sufficiently protected.”

As more components of an energy company’s infrastructure come online, including smart meters, concerns are increasing about the vulnerability of hackers tapping into customer and utility data.

Full story from Metering.com by clicking here…

Malicious software used to steal millions from bank accounts has re-emerged a month after U.S. authorities broke up a major hacker network using the scheme, security researchers say.

The security firm Malcovery said it identified a new trojan based on the Gameover Zeus malware, which officials said infected up to one million computers in 12 countries, and was blamed in the theft of more than $100 million.  By infecting large numbers of computers, the cyber criminals were able to control the devices to steal passwords and send out emails to further spread the infection.  In a status report filed in court, officials said that “all or nearly all of the active computers infected with Gameover Zeus have been liberated from the criminals’ control and are now communicating exclusively with the substitute server established pursuant to court order.”

A blog post by the security firm Emsisoft said the new variant may be harder to combat, because it is using “an evasive technique that allows the botnet to hide its distributive phishing sites behind a constantly shuffling list of infected, proxy computers.”

Gameover Zeus, which first appeared in September 2011, stole bank information and other confidential details from victims.  The FBI blamed the Gameover Zeus botnet for the theft of more than $100 million, obtained by using the stolen bank data and then “emptying the victims’ bank accounts and diverting the money to themselves.”

Russian Evgeniy Mikhailovich Bogachev, 30, an alleged administrator of the network, was charged in Pittsburgh, Pennsylvania, with 14 counts including conspiracy, computer hacking, bank fraud and money laundering in the Gameover Zeus and Cryptoblocker schemes.

More from RawStory.com by clicking here