Archive for December, 2014

DoJ’s new cybersecurity office to aid in worldwide investigations

From: FederalNewsRadio.com 1500 am

By Ginger Whitaker

The Justice Department is taking its cyber crime-fighting efforts to a new level with the addition of a new cybersecurity unit. The unit will be operating under DoJ’s Computer Crime and Intellectual Property section, and will serve to offer legal advice for cyber crime investigations worldwide.

Michael Stawasz, deputy chief for computer crime at the Justice Department, said the Computer Crime and Intellectual Property section has already been reaching out around the world for nearly 20 years on cyber crime issues. Among the areas the section covers are cyber crime prevention and the ability to collect electronic evidence.

Sizing Up Cyber Risks after the Sony Breach

From: Insurance Litigation & Regulatory Law Blog

by Travis Wall

Sony’s most recent data breach underscores the difficulties in underwriting and insuring cyber risk. Sony incurred losses that were surprising in both their scope and type. The company already is a defendant in at least four new lawsuits concerning the disclosure of employees’ confidential information. In addition to potential liability, Sony suffered substantial first-party losses that may be difficult to quantify, including forensic costs, reputational injury, and business interruption losses.

Chinese Android Phones May Have Built-In Backdoor

From: Tom’s Hardware Guide

By

Bad news for China: Some of the country’s favorite Android phones may be compromised from the moment they come off the shelf. Many models of Coolpad phones, which is big in China and Southeast Asia and is sold to North American customers in online stores, may contain a backdoor known as “Coolreaper,” which can let attackers hijack the device from top to bottom.

The information comes from Santa Clara, California-based Unit 42, a subdivision of Palo Alto Networks, which focuses on online security. Unit 42 released a lengthy report on the Coolreaper phenomenon and explained how the backdoor can exploit consumers, both in China and overseas, even if they take all the right security precautions with their phones.

Oxford portal to help coordinate global efforts in cybersecurity

From: SecurityAsia

By  Networks Asia staff

The first global online resource for building cybersecurity capacity has been launched Monday. The Cybersecurity Capacity Portal will help coordinate international efforts in cybersecurity through sharing of information and best practice, to support decisions and investments that can significantly enhance safety and security in cyberspace.

Sony hacked in February, knew about security flaws before data leak

From: NetworkWorld

By

As Sony leaks keep pouring in, it serves as a vivid reminder that even a company’s internal emails should include only what you want your mother to hear aloud in court, or your clients to read on the Internet

The Sony hack is a cross between a disastrous train wreck that you can’t turn away from and tabloid magazines – you know, the ones around checkout lanes that claim things like “aliens ate my baby.” But in this case, the tabloid headlines in mainstream media are grabbed from real internal emails.

***

Why OIRA Should Coordinate Federal Cyber Security Regulation

From: CircleID

By Bruce Levinson

Two quick facts about American industry’s resilience against cyber-attack, (1) our critical infrastructure is inadequately protected and (2) federal regulation will be required to fix the problem, reliance on market forces alone will not be sufficient irrespective of whether or not Sony Pictures survives. Although regulation is needed, it needs to be coordinated and, above all, cost-effective.

Which agency is charge of regulating cybersecurity? Right now, it’s a free for all with agencies staking out turf and claims of authority. The Federal Trade Commission (FTC) which does not have specific critical infrastructure protection responsibilities under either Presidential Policy Directive 21 (PPD-21) or the President’s Executive Order 13636 on improving cybersecurity, is among the most aggressive of agencies in asserting regulatory authority.

Hacktivism, Western cyber key threats for Mena

From: Trade Arabia

RIYADH, If 2014 was the “year of the breach,” then what future cyber security threats await us?  What’s the next mode of attack, and how much worse will it be?  Booz Allen Hamilton, a leading provider of management consulting, technology, and engineering services, examines the top cyber trends for 2015 impacting financial services in Mena.

Today, cyber security is a priority issue for every stakeholder in the financial services industry – investor, consumer, regulatory, employees – all the way up to boards of directors.  That makes the “tomorrow” question – how will the threat evolve? – all the more important. In the aftermath of the Arab Spring, the provision of strong and secure financial services for businesses and consumers is necessary to the nurture of political and social security to Middle East residents.

No more bids by telegram

From: FCW

So much for those singing bid proposals.

New rules prohibiting bid submissions via telegram and fax are part of a Dec. 4 memo from Federal Procurement Policy Administrator Anne Rung on procurement simplification.

Read Complete Article

Gov’t approves changes to critical infrastructure

From: Prague Post

Cyber security tops the list for improvements in amendment to official decree

Prague, Dec. 8 (ČTK) — The Cabinet today approved an amendment to the government decree on critical infrastructure, which will include information and communication technologies falling under cyber security as from Jan. 1, 2015, the Government Office press department has told Czech News Agency (ČTK).

On the same day, a new law on cyber security will take effect.

Critical infrastructure is a term describing production and nonproduction systems and services that are essential for the state’s security, for the economy, public administration and providing fundamental everyday needs of the inhabitants.

We are in a war with no boundaries, warns cyber security expert

From: The National

ABU DHABI // Effective defence of the nation’s cyberspace must take into account the possibility that attackers are not just nations or shadowy groups, a security expert has warned.

“In cyberspace there are no national boundaries, and attackers needn’t be a country or organisation,” said William Hagestad, a researcher in cyber security intelligence at Red Dragon Rising Publishing in the US. “They can be anyone with a computer, mouse and keyboard and the will to do harm.”