Secrecy News – Steven Aftergood: For the next two years, Congress wants to receive quarterly reports from the Department of Defense on how the Pentagon is responding to leaks of classified information. The reporting requirement was included in the pending National Defense Authorization Act for FY 2015 (Sec. 1052). “Compromises of classified information cause indiscriminate and… Continue Reading
Accurate, Focused Research on Law, Technology and Knowledge Discovery Since 2002
Category Archives: PC Security
Regin: Top-tier espionage tool enables stealthy surveillance
Symantec Security Response: ” An advanced spying tool, Regin displays a degree of technical competence rarely seen and has been used in spying operations against governments, infrastructure operators, businesses, researchers, and private individuals. An advanced piece of malware, known as Regin, has been used in systematic spying campaigns against a range of international targets since at… Continue Reading
Understand the Cost of Cyber Security Crime
HP Report – Cyber Crime Costs Continue to Grow: “Cyber crimes are growing more common, more costly, and taking longer to resolve. Those are among the findings of the fifth annualCost of Cyber Crime Study conducted by the respected Ponemon Institute on behalf of HP Enterprise Security. The 2014 global study of U.S.-based companies, which spanned… Continue Reading
Security in the New Mobile Ecosystem – Report
“Ponemon Institute and Raytheon are pleased to present the findings of Security in the New Mobile Ecosystem (reg. req’d). The purpose of this research is to examine the impact of mobile devices, mobile apps and the mobile workforce (a.k.a. mobile ecosystem) on the overall security posture of organizations in the United States. Security is sacrificed for productivity.… Continue Reading
Is Your Company Ready for a Big Data Breach?
The Second Annual Study on Data Breach Preparedness – Ponemon Institute© Research Report – Sponsored by Experian® Data Breach Resolution – Independently conducted by Ponemon Institute LLC. Publication Date: September 2014. “Data breaches are increasing in frequency. Forty-three percent of respondents say their companies had a data breach involving the loss or theft of more than 1,000 records, an… Continue Reading
Taking Steps to Improve Federal Information Security
Beth Cobert, Deputy Director for Management at the Office of Management and Budget “In a rapidly changing technological environment, we must have robust procedures, policies, and systems in place to protect our nation’s most sensitive information. Growing cybersecurity threats make it ever more important for the Federal government to maintain comprehensive information security controls to assess… Continue Reading
National Cyber Security Awareness Month 2014
DHS: “The Internet is part of everyone’s life, every day. We use the Internet at work, home, for enjoyment, and to connect with those close to us. However, being constantly connected brings increased risk of theft, fraud, and abuse. No country, industry, community, or individual is immune to cyber risks. As a nation, we face constant… Continue Reading
New on LLRX – Four Part Series on Privacy and Data Security Violations
Via LLRX.com – fours new articles by law professor Daniel J. Solove on privacy, data protection and the harm caused by breaches. Privacy and Data Security Violations: What’s the Harm? – Daniel J. Solove is a Law professor at George Washington University Law School, an expert in information privacy law, and founder of TeachPrivacy, a privacy and security… Continue Reading
Backoff: New Point of Sale Malware
“This advisory was prepared in collaboration with the National Cybersecurity and Communications Integration Center (NCCIC), United States Secret Service (USSS), Financial Sector Information Sharingand Analysis Center (FS-ISAC), and Trustwave Spiderlabs, acting under contract with the USSS. The purpose of this release is to provide relevant and actionable technical indicators for network defense. Recent investigations revealed… Continue Reading
Report: British spy agency scanned for vulnerable systems in 32 countries
PCWorld via Mikael Ricknäs: “British intelligence agency GCHQ used port scanning as part of the “Hacienda” program to find vulnerable systems it and other agencies could compromise across at least 27 countries, German news site Heise Online has revealed. The use of so-called port scanning has long been a trusty tool used by hackers to find systems they… Continue Reading
The Honeymoon Effect and the Role of Legacy Code in Zero-Day Vulnerabilities
Familiarity Breeds Contempt: The Honeymoon Effect and the Role of Legacy Code in Zero-Day Vulnerabilities, by Clark, Fry, Blaze and Smith “Work on security vulnerabilities in software has primarily focused on three points in the software life-cycle: (1) finding and removing software defects, (2) patching or hardening software after vulnerabilities have been discovered, and (3) measuring the rate of… Continue Reading
DHS Privacy Complaints Increase in 2013, Many Databases Kept Secret
EPIC – “The Department of Homeland Security Quarterly Report to Congress details programs and databases affecting privacy. According to the agency, DHS received 964 privacy complaints between September 1, 2013 and November 30, 2013. By contrast, DHS received 295 privacy complaints during the same period in 2011. According to the report, most DHS systems complies with Privacy Act notice… Continue Reading
