Top CyberSecurity News For September 26th 2016

  1. Trump hotel chain fined over data breachesFrom ComputerWorld. 

Trump Hotel Collection has arrived at a settlement with New York Attorney General Eric T. Schneiderman over hacks that are said to have led to the exposure of over 70,000 credit card numbers and other personal data.

The hotel chain, one of the businesses of Republican presidential candidate Donald Trump, has agreed to pay $50,000 in penalties and promised to take measures to beef up its data security practices, according to the attorney general’s office.

The chain is one of many hotels and retailers that have been hit recently by malware that skimmed payment card information.

 

Advertisements

Top CyberSecurity News For 17th June 2016

  1. ‘Guccifer 2.0’ Claims Responsibility for DNC Hack, Releases Docs to Prove itFrom Motherboard. A “lone hacker” calling themselves “Guccifer 2.0” has claimed responsibility for hacking the Democratic National Committee and claims reports that the Russian government perpetrated the attack are false. The hacker also says the DNC lied about—or didn’t know the extent of—what was stolen.

  2. ISIS hacker pleads guilty to giving terrorists US military kill listFrom ArsTechnica. A hacker the US authorities have labeled as the leader of an overseas Internet hacking group—the Kosova Hacker’s Security—pleaded guilty Wednesday in federal court to charges of providing material support to the US enemy. It was the first known prosecution of a hacker joining forces with a terror group in a bid to carry out terrorism, the government said.

Top CyberSecurity News For June 15th 2016

  1. Hacker steals 45 million accounts from hundreds of car, tech, sports forumsFrom ZDNet. A hacker has stolen tens of millions of accounts from over a thousand popular forums, which host popular car, tech, and sports communities. The stolen database contains close to 45 million records from 1,100 websites and forums hosted by VerticalScope, a Toronto-based media company with dozens of major properties, including forums and sites run by AutoGuide.com, PetGuide.com, and TopHosts.com.
  2. Hackers invade Dems’ servers, steal entire Trump opposition file. From Washington Post. Russian government hackers penetrated the computer network of the Democratic National Committee and gained access to the entire database of opposition research on GOP presidential candidate Donald Trump, according to committee officials and security experts who responded to the breach. The intruders so thoroughly compromised the DNC’s system that they also were able to read all email and chat traffic, said DNC officials and the security experts.

     

Top CyberSecurity News For 5th May 2016

  1. Edward Snowden: ‘Governments can reduce our dignity to that of tagged animals’. From Guardian. In this foreword from The Assassination Complex, a new book about drone warfare, the whistleblower explains why leaking information about wrongdoing is a vital act of resistance. One of the challenges of being a whistleblower is living with the knowledge that people continue to sit, just as you did, at those desks, in that unit, throughout the agency; who see what you saw and comply in silence, without resistance or complaint. They learn to live not just with untruths but with unnecessary untruths, dangerous untruths, corrosive untruths. It is a double tragedy: what begins as a survival strategy ends with the compromise of the human being it sought to preserve and the diminishing of the democracy meant to justify the sacrifice.

  2. Samsung Smart Home flaws let hackers make keys to front doorFrom ArsTechnica. Computer scientists have discovered vulnerabilities in Samsung’s Smart Home automation system that allowed them to carry out a host of remote attacks, including digitally picking connected door locks from anywhere in the world. The attack, one of several proof-of-concept exploits devised by researchers from the University of Michigan, worked against Samsung’s SmartThings, one of the leading Internet of Things (IoT) platforms for connecting electronic locks, thermostats, ovens, and security systems in homes. The researchers said the attacks were made possible by two intrinsic design flaws in the SmartThings framework that aren’t easily fixed. They went on to say that consumers should think twice before using the system to connect door locks and other security-critical components.

  3. On Cyber Security, Non-Executive Directors Had Better Speak UpFrom Forbes. The cyber threat posed to corporations needs little explanation these days. The potential impact of an attack is so great as to threaten the very existence of some businesses and to cause severe losses to others. Had Sony or Saudi Aramco been retailers with average cash reserves, the loss of their entire networks as the result of attacks might have proven existential given the length and depth of their cyber crises. The data losses suffered by Target and Heartland were significant enough, but to add insult to injury, the remaining directors of these companies and others are now subject to shareholder derivative and securities lawsuits—This despite being victims of a crime. For most corporations, it is generally understood that this is no longer an exotic risk buried in the detail of risk register to be left to the IT Department. Rather it is a very significant challenge of direct concern to the board.

  4. Sources: Trump Hotels Breached AgainFrom KrebsOnSecurity (Archived, April 4 2016).  Banking industry sources tell KrebsOnSecurity that the Trump Hotel Collection — a string of luxury properties tied to business magnate and Republican presidential candidate Donald Trump — appears to be dealing with another breach of its credit card systems. If confirmed, this would be the second such breach at the Trump properties in less than a year. A representative from Trump Hotels said the organization was investigating the claims. “We are in the midst of a thorough investigation on this matter,” the company said in a written statement. “We are committed to safeguarding all guests’ personal information and will continue to do so vigilantly.”

  5. What is Zero Trust Network Segmentation? From Palo Alto Networks. The continued, high frequency of successful cyberattacks against today’s enterprises has made it abundantly clear that traditional, perimeter-centric security strategies are no longer effective. There is inadequate visibility, control and protection of user and application traffic transiting high-risk network boundaries, and an outdated assumption that everything on the inside of an organization’s network should be trusted. The Zero Trust architecture approach, first proposed by Forrester Research, is intended to address this by promoting “never trust, always verify” as its guiding principle. With Zero Trust there is no default trust for any entity — including users, devices, applications, and packets — regardless of what it is and its location on or relative to the corporate network. By establishing Zero Trust boundaries that effectively compartmentalize different segments of the network, you can protect critical intellectual property from unauthorized applications or users, reduce the exposure of vulnerable systems, and prevent the lateral movement of malware throughout your network.