The new normal: Assume you’ve been hacked. Devote resources to
finding out where and how.
Zack Whittaker reports:
It’s going to take more than a bunch of posies to make up for this one.
The Canadian branch of 1-800-FLOWERS revealed in a filing with the California attorney general’s office that malware on its website had siphoned off customers’ credit cards over a four-year period.
Four years. Let that sink in.
The company said it believes the malware was scraping credit cards between August 15, 2014 to September 15, 2018, but that the company’s main 1-800-FLOWERS.com website was unaffected.
Read more on TechCrunch.
(Related) That’s a fact, Jack.
Old normal: Assume you are going to be sued. How
will, “We didn’t think we needed that much security” sound to a
jury?
Attorneys
General File First Multistate HIPPA-Related Data Breach Lawsuit
Attorneys General from 12 U.S. states this week
filed a lawsuit against a healthcare tech solutions provider over a
data breach suffered by the company in 2015.
… Authorities claim MIE failed to implement
basic data security measures, it did not have security mechanisms in
place for preventing the exploitation of vulnerabilities in its
systems, it failed to encrypt sensitive personal and medical
information, and had an inadequate and ineffective response to the
breach.
Is it possible DHS is no longer of strategic
importance?
Why the
U.S. Needs a Homeland Security Strategy
The last time the U.S. government published a
National
Homeland Security Strategy, Osama bin Laden was still alive
For consideration by my Computer Security
students. The US & UK governments are not the only ones
“stockpiling”
vulnerabilities. Perhaps not even the best.
UK Spy
Agency Joins NSA in Sharing Zero-Day Disclosure Process
On
November 15, 2017, the U.S. government made public its vulnerability
equities process (VEP).
This is the process used to decide whether a government agency
should disclose a discovered vulnerability or keep it secret for its
own purposes. Exactly one year and two weeks later, the UK
government did similar, disclosing its own Equities
Process.
… Both
governments admit to stockpiling vulnerabilities. This is not open
to discussion – they just do. The equities process is the means by
which they decide which vulnerabilities should be kept secret from
vendors, security companies and the public.
Question:
When is a Cyber attack an escalation?
Ukraine
Accuses Russia of Cyberattack on Judiciary Systems
Ukrainian
security service SBU
announced on Tuesday that its employees blocked an attempt by
Russian special services to breach information and telecommunications
systems used by the country’s judiciary.
According
to the SBU, the attack started with a malicious email purporting to
deliver accounting documents. The documents hid a piece of malware
that could have been used to disrupt judicial information systems and
steal data.
… Another
recent cyber incident involving Russia and Ukraine was revealed on
Wednesday, when Adobe announced that a Flash Player security update
addressed a
zero-day vulnerability.
Researchers
who spotted attacks involving the exploit said the target was the
FSBI "Polyclinic No. 2" of the Administrative Directorate
of the President of the Russian Federation.
The
attack was launched just days after Russian border guards opened fire
on three Ukrainian vessels in the Kerch Strait. The Ukrainian
vessels and their crew were captured.
The
UK grabbed these papers last month. Looks like they moved fast.
The secret
Facebook documents have just been published by British Parliament
… A redacted version of the papers was pushed
live on the website of the Digital, Culture, Media, and Sport
Committee, which is investigating Facebook's privacy standards as
part of an inquiry into "disinformation and fake news."
Perspective.
While some companies — most large banks, Ford
and GM, Pfizer, and virtually all tech firms — are aggressively
adopting artificial intelligence, many are not. Instead they are
waiting for the technology to mature and for expertise in AI to
become more widely available. They are planning to be “fast
followers” — a strategy that has worked with most information
technologies.
We think this is a bad idea. It’s true that
some technologies need further development, but some (like
traditional machine learning) are quite mature and have been
available in some form for decades. Even more recent technologies
like deep learning are based on research
that took place in the 1980s. New research is being conducted
all the time, but the mathematical and statistical foundations of
current AI are well established.
… Beyond the technical
maturity issue, there are several other problems with the idea that
companies will be able to adopt quickly once technologies are more
capable.
(Related)
Every
Leader’s Guide to the Ethics of AI
Perspective. Would you believe: As goes Twitter,
so goes the nation? (Looks like that might be backward)
By the
numbers: Political tweets turn blue in 2018
Axios:
“New data from Twitter shows the top 10 U.S. politicians who were
most tweeted about in the few months after the midterm election were
Democrats, replacing a list that was once dominated by GOP lawmakers
the majority of 2018. Why it matters: The political
clout and conversation is changing with its politicians. Republicans
like Speaker of the House Paul Ryan and Sen. Ted Cruz (R-Texas) who
once dominated the subject of tweets, are now being replaced by
nominated House speaker Nancy Pelosi and outgoing Texas Rep. Beto
O’Rourke in the rankings, per Twitter…”
- See also via Axios – Trump’s tweets are less read and influential than people may think: “A new Public Affairs Council/Morning Consult poll reveals that a majority of Americans have become indifferent toward President Trump’s tweets on business, political news and campaign finances practices…”
Curious.
Austria
clears German who imported damaged euros from China
… The man, in his 40s, was detained in Austria
earlier this year after police found 117kg (257lb) of the coins,
worth €15,000 ($17,000; £13,000), in his car.
However an Austrian court has now ruled that his
actions were not illegal.
The accused, referred to only as Mr H, had
explained how he frequently travelled to China with cash to procure
the coins, which he said were found in scrap metal items sent there
to be destroyed.
He said that because
the euro coins were not used as currency in China, he could purchase
large quantities by weight at a fraction of their value
and return to convert them for notes at Austrian banks using
coin-counting machines
No comments:
Post a Comment