Jay Greene and Robert McMillan report:
The hackers believed responsible
for breaking into computers at the Democratic National Committee have exploited previously undisclosed flaws
in Microsoft Corp.’s Windows operating system and Adobe Systems Inc.’s Flash
software, Microsoft said Tuesday.
It is unclear if those hackers, reportedly tied to Russia,
used the newly disclosed vulnerabilities to hack into the DNC.
Microsoft Tuesday criticized
Alphabet Inc’s Google for publicly identifying the Windows flaw on Monday,
before Microsoft had had a chance to issue a patch.
Read more on Wall
Street Journal.
Over on ThreatPost, Michael Mimoso explains:
Microsoft has singled out Sofacy,
an APT group long thought to have ties to Russia’s military intelligence arm
GRU, as the entity behind targeted attacks leveraging Windows kernel and Adobe
Flash zero days in targeted attacks.
The group, which Microsoft calls
Strontium, is also known as APT28, Tsar Team and Sednit among other
identifiers.
Microsoft said the zero day
vulnerability, the existence of which along with limited details were disclosed
on Monday by Google, will be patched Nov. 8. Google said yesterday it privately
disclosed both zero days, which were used in tandem in these targeted attacks
against unknown victims, to Microsoft and Adobe on Oct. 21. Adobe rushed an emergency patch for Flash
Player on Oct. 26, while Microsoft
had yet to acknowledge the vulnerability until Google’s disclosure.
Something to mention to my Computer Security
students.
Enterprises continue to struggle to find cybersecurity
talent, survey finds
According to the Global State of Information Security
Survey (GSISS) 2017 -- a worldwide study conducted by PwC, CIO and CSO released
this month - skilled cybersecurity professionals are hard to come by — and
continue to make enterprise IT security all the more challenging. Many enterprises are attempting to close their
skills gap by turning to managed security
services. According to
the survey, 62 percent of respondents use security service providers to operate
and enhance their IT security programs.
For my Ethical Hackers: Now show me what you’ve been doing
in secret! (Establish “projects” now,
fill in the results later.)
You can now legally hack your own car or smart TV
Researchers can now probe connected devices, computers and
cars for security vulnerabilities without risking a lawsuit.
Last Friday, the FTC authorized
changes to the Digital Millennium Copyright Act (DMCA) that will allow
Americans to do hack their own electronic devices. Researchers can lawfully reverse engineer
products and consumers can repair their vehicle's electronics, but the FTC is only allowing the exemptions for a
two-year trial run.
If security was so bad even OPM (the government poster
child for bad security) could identify it?
Anthem would be doomed.
Dark Reading reports:
Victims of a data breach at
health insurer Anthem in February 2015 have filed a class-action lawsuit
against the company and are seeking details of an audit by the U.S. Office of
Personnel Management (OPM) on Anthem’s network security, Modern Healthcare
reports. In the cyberattack, hackers
compromised personal details of around 80 million Anthem, Blue Cross and Blue
Shield members, many of whom have since reported payment card account misuse.
As per the court filing, OPM,
which manages the Federal Employees Health Benefit Program, had first carried out
a security audit at Anthem in 2013 and pointed out vulnerabilities in its
system. It wanted to conduct tests, but
this was reportedly turned down by Anthem citing “corporate policy” issues.
Shortly after the 2015 cyberattack, OPM conducted a second audit, but its
findings were not made public.
Read more on Dark
Reading.
Easier to sue?
Michelle de Leon writes:
A panel of judges at the U.S.
Court of Appeals for the Sixth Circuit has declared the victims of a data
breach suffered by Nationwide Insurance no longer need to establish their
standing to prove that they are in danger.
The victims of the 2012 data
breach committed against the Nationwide Mutual Insurance Co. were declared to
successfully establish the risks that could stem from the incident.
The Sixth Circuit decided the
plaintiffs are eligible to claim their rights under the Fair Credit Reporting
Act (FCRA) against the defendant. With
the reversal of the trial court’s ruling, the panel
sided with the victims’ claims that they are exposed to “a substantial risk of
harm” and have “incurred mitigation costs.”
Read more on Legal
Newsline.
(On the other hand) Not exactly a Sword of Damocles,
but you get the idea. It’s not a “harm”
until that hair snaps…
Karen Kidd writes:
Plaintiffs in a data breach class
action lawsuit against Barnes & Noble fixed their standing problem but
still couldn’t adequately allege damages, a Pittsburgh attorney says.
“Upon analyzing the facts, this
was not a particularly surprising ruling,”
Brian Willett, an associate with Reed Smith, said.
“However, it was significant in
the data privacy space given that standing has been a common stumbling block in
similar suits and while Plaintiffs here cleared that hurdle, their claim
ultimately failed because Plaintiffs did not establish sufficient damages.”
Plaintiffs in the case, R.
Clutts et al v. Barnes & Noble, claimed the book seller had breached
implied contract, violated the Illinois Consumer Fraud and Deceptive Business
Practices Act, invaded their privacy, and violated the California Security
Breach Notification Act and California’s Unfair Competition Act.
Read more on PennRecord.
When do we hit the tipping point where we should expect
all police officers to have cameras?
Joe Cadillic writes:
Soon, cops across America will be
wearing body cameras equipped with ‘Christian’ facial recognition software.
Watchguard Video (WGV) claims their new
“Redactive”
software will enable law enforcement to identify anyone. (WGV is really, Enforcement
Video LLC)
Redactive quickly scans the
entire video clip first, automatically recognizing faces, so the user [officer]
spends much less time manually performing the task.
[…]
According to WGV’s company profile, God wants to give cops facial recognition cameras:
WGV is a God-guided company founded
on Christian principles.
WGV is a God-guided company that
is committed to serving our employees and customers through servant leadership.
Are they listening to God or the
cops?
Read more on MassPrivateI.
My students have been talking about changes due to
self-driving and ride sharing, but this was not on our radar. The ultimate geek-mobile?
Volvo’s China Bet: Eject the Passenger Seat, Install a Fridge
… “Only by being
distinctive can it be competitive in the market,” said Li Shufu, the billionaire
founder and chairman of Zhejiang Geely Holding Group, which bought
Volvo in 2010 for $1.8 billion. Volvo
unveiled its new China-built S90 and a top-of-the-line luxury version, which is
aimed at the market for chauffeur-driven Chinese executives, on Wednesday.
Volvo’s new China-built S90 features a longer wheelbase
than its European-built counterparts to meet Chinese demand for greater
legroom. Its luxury S90 Excellence model
takes things further by featuring a small refrigerator, while the front
passenger seat has been removed and replaced with what the company calls the
“Lounge Console,” a foldout workstation that incorporates a desk, a
touch-screen “infotainment” system and a heated foot rest.
Perspective.
Mobile and tablet internet usage exceeds desktop for first
time worldwide
… Its research
arm, StatCounter Global Stats finds
that mobile and tablet devices accounted for 51.3% of internet usage worldwide
in October compared to 48.7% by desktop.
Business opportunity?
Create phony Facebook pages to turn this back on the intruding
companies?
Admiral to price car insurance based on Facebook posts
… Admiral Insurance
will analyse the Facebook accounts of first-time car owners to look for
personality traits that are linked to safe driving. For example, individuals who are identified as
conscientious and well-organised will score well.
The insurer will examine posts and likes by the Facebook
user, although not photos, looking for habits that
research shows are linked to these traits. These include writing in short concrete
sentences, using lists, and arranging to meet friends at a set time and place,
rather than just “tonight”.
In contrast, evidence that the Facebook user
might be overconfident – such as the use of exclamation marks and the frequent
use of “always” or “never” rather than “maybe” – will count against them.
(Related) Can
Facebook selectively deny companies access to my public pages?
Facebook blocks insurer exploiting user data to find
'conscientious' drivers
All prices eventually fall to zero. Maybe.
Pinterest makes Instapaper’s premium features free for all
Starting today, the online bookmarking service has
discontinued its premium offering
and opened up the paid features to everyone.
Users will now have access to features such as full-text
search for all articles, unlimited notes and speed reading, text-to-speech
playlists, an ad-free Instapaper website, Kindle Digests of up to 50 articles,
and the ability to send articles to Kindle through a bookmarklet or mobile app.
These were previously only available if
you paid $3 per month or $30 per year.
Skynet may be here already.
How Twitter Bots Are Shaping the Election
Another election prediction.
Tinder data suggests 53% of U.S. users will vote Clinton, 71%
of Russians would vote for Trump if they could
… While the
numbers vary from poll to poll, broadly speaking, Hillary Clinton remains ahead of
Trump and by most assertions should emerge victorious come
November 8, though some reports suggest that momentum
favors Trump.
You may also remember that perennially popular dating app
Tinder last week launched
its Swipe the Vote campaign in the U.S. and 15 other countries. This initiative is designed to match users to their
most appropriate presidential candidate based on their opinions on a range
of political and economic issues, including gun control, immigration, taxes,
and education. Well, the results from
the massive global swiping poll are now in.
Maybe, this is why Trump (or anyone) wants to be
President?
CRS – Conflicts of Interest and the Presidency
by Sabrina
I. Pacifici on Nov 1, 2016
CRS Reports & Analysis Legal Sidebar Conflicts of Interest
and the Presidency, 10/14/2016 – “Does federal law require the President to
relinquish control of his or her business interests? Federal regulation of financial conflicts of interest is
aimed at preventing opportunities for officials to personally benefit from
influence they may have in their official capacity. As a
general rule, public officials in the executive branch are subject to
criminal penalties if they personally and substantially participate in matters
in which they (or their immediate families, business partners or associated
organizations) hold financial interests. However, because of concerns regarding
interference with the exercise of constitutional duties, Congress has not applied these restrictions to the
President. Consequently, there is no current legal requirement that would compel the
President to relinquish financial interests because of a conflict of interest…”
Just in case anyone still has this old stuff.
Microsoft has stopped selling Windows 7 Professional, Windows
8.1
No comments:
Post a Comment