This
is not Newton’s Third Law. For every force the reaction does not
have to be equal, or in a direction we can predict.
If
the US launches cyberattacks on Iran, retaliation could be a surprise
On
the morning of Jan. 8, the Islamic Revolutionary Guards Corps fired
22 surface-to-surface missiles at two Iraqi airbases. If Americans
had died, the Pentagon would have put
in front of President Trump options
for cyberattacks to disable Iran’s oil and gas sector.
Would
the U.S. oil and gas industry have been ready for an Iranian cyber
counterattack?
While
Americans celebrated Thanksgiving,
someone hit Iran with a massive
cyberattack that
disclosed 15
million Iranian bank debit card numbers on
a social media site. On Dec. 11, Iran’s telecommunication minister
admitted this was “very
big”
and that a
nation-state carried
it out.
Will
U.S. banks and credit card companies be ready if Iran tries to hack
the card numbers of millions of Americans?
The
Trump Administration uses sanctions
and
cyberattacks as their go-to tools against Iran. U.S. officials have
admitted
twice
on
background to recent cyberattacks on Iran.
The
implication that cyberattacks are somehow a safer response for the
United States than kinetic attacks is dangerous. Iran will
retaliate, and the cyber defenses of Iran’s likely targets in the
United States are uneven. More needs to be done to prepare the
American people for Iranian cyber retaliation.
A
sophisticated twist on the classic “man in the middle.”
Hacker
snoops on art sale and walks away with $3.1m, victims fight each
other in court
Each
impacted party is claiming the other is responsible for not detecting
the scam.
…
As
reported by
Bloomberg,
London-based veteran art dealer Simon Dickinson and Rijksmuseum
Twenthe were in the midst of negotiations over the acquisition of a
valuable painting by John Constable, a 1700 - 1800's landscape
painter from England.
… Conversations
took place over email for months, and at some point during the talks,
cybercriminals sent spoofed messages to the museum and persuaded
Rijksmuseum Twenthe to transfer £2.4 million ($3.1 million) into a
bank account from Hong Kong.
… In
the aftermath of the scam, both Simon Dickinson and Rijksmuseum
Twenthe are claiming the other side is responsible.
A
lawsuit has been launched at a London High Court. The museum, based
in Enschede, the Netherlands, claims that the art dealer's
negotiators were roped into some of the spoof emails, and yet did not
spot the scam.
The
museum's lawyer has argued that this silence should be considered
"implied representation," according to the publication.
In
response, Simon Dickinson says that the dealer did not detect the
presence of the eavesdropper and the museum should have
double-checked the bank details before transferring any cash.
Each
side is also accusing the other of being the source of the theft by
allowing their systems to be compromised in the first place.
Patch.
Not even the big boys get it right every time.
Severe
‘Perfect 10.0’ Microsoft Flaw Confirmed: ‘This Is A Cloud
Security Nightmare’
… Microsoft
quickly fixed the vulnerability when Check Point approached them in
the fall, and customers
who have patched their systems are now safe.
The vulnerability is as punchy as it gets, “a perfect 10.0,”
Balmas says, referring to the CVE score on Microsoft’s disclosure
in October. “It’s huge—I can’t even start to describe how
big it is.” The reason for the hyperbole is that Balmas says his
team found the first remote code execution (RCE) exploit on a major
cloud platform. One
user could break the cloud isolation separating themselves and
others,
intercepting code, manipulating programs. That isolation is the
basis of cloud security, enabling the safe sharing of common
hardware.
For
those (and I’m talking to you lawyers in particular) who thought
there was no need to encrypt your email…
Ray
Schultz reports:
A privacy bill that addresses email only has been introduced in the Oklahoma State Legislature.
House Bill 2810, the so-called Oklahoma Email Communication Content Privacy Protection Act, would prohibit email service providers from scanning subject lines or the body of any email communication sent to its users, and from letting any other entity do so.
This
week I will teach my students to generate public/private RSA keys,
with no backdoor. Will I get a visit from the FBI?
Todd
Feathers reports:
The US government is once again reviving its campaign against strong encryption. demanding that tech companies build backdoors into smartphones and give law enforcement easy, universal access to the data inside them.
At least two companies that sell phone-cracking tools to agencies like the FBI have proven they can defeat encryption and security measures on some of the most advanced phones on the market. And a series of recent tests conducted by the National Institute of Standards and Technology (NIST) reveal that, while there remain a number of blind spots, the purveyors of these tools have become experts at reverse engineering smartphones in order to extract troves of information off the devices and the apps installed on them.
The
argument continues.
Why
We Should Ban Facial Recognition Technology
The
job my students face keeps growing. Something they have noticed.
Data
Classification: Not Just for CISOs Anymore
Data
classification has always been regarded as a foundational element of
any viable data security strategy. After all, most organizations are
creating, utilizing and storing more potentially sensitive data than
ever before.
The
emergence of compliance guidelines and data privacy mandates, such as
General Data Protection Regulation (GDPR) and the California Consumer
Privacy Act (CCPA), puts data classification front and center. The
necessity of classifying data has grown as organizations must ensure
their data is compliant and protected.
At
the same time, data classification is proving to have equally
valuable implications for corporate privacy initiatives. Because of
this, some elements of data classification are moving beyond the
realm of the Chief Information Security Officer (CISO) to involve the
Chief Privacy Officer (CPO), who is beginning to shoulder more of
this responsibility.
These
security stakeholders come from different backgrounds and places on
the organization chart, yet both bring important perspectives.
Rather than engage in meaningless turf wars, savvy CPOs and CISOs
increasingly are forming strategic partnerships to elevate data
security throughout organizations. It may take time for elements of
the new CISO-CPO paradigm to jell, but the common rallying point is a
shared reason for being: Safeguarding the organization’s employees,
brand and image.
One
example – insurance claims.
What’s
the Big Deal about Privacy?
With
the rapid expansion of technology entering every field of business,
manufacturers and service providers are being presented with
previously unconsidered opportunities to reap value from the reuse
and repurpose of data initially collected and harvested for other
reasons. Learned intelligence through artificial intelligence (AI)
systems provides value for the processor not previously realized or
recognized in transactions. This is particularly true when
considering how AI companies that work with insurers to optimize
their claims processing are left with a valuable resource after the
data collection is complete. This article addresses how the value of
a neural network has been ignored and should be considered when an
insurer considers outsourcing its claims processing.¹
Perspective.
Emerging
Trends: What to Expect From Privacy Laws in 2020
No comments:
Post a Comment