Personal Cybersecurity #26: Daily news

What you need to know for your personal cyber security life… 

Number twenty-six in a series of semi-regular daily current and topical computer threats that may affect your online, or even offline, digital and real life. Why cyber-security on SurvivalRing? Because EVERYTHING you do in your life everyday now is a part of the cyber world…even your offline plans. So, be aware, and pay attention. The bad guys WILL eventually get around to YOU…personally…so be prepared for it, by staying in the informational loop.  

evil inside

# # #

HEADLINES…for this issue…

  • DDoS Attack on InfoSec News
  • IRS Employee Took Home Data on 20,000 Workers at Agency
  • Sally Beauty confirms data breach
  • Countering cyberterrorism at heart of Tel Aviv conference next month
  • Healthcare data encryption trends and methods
  • Japan holds first cyberattack drill to bolster national security
  • Court approves first-of-its-kind data breach settlement
  • Gone phishing: Army uses Thrift Savings Plan in fake e-mail to test cybersecurity awareness
  • KSE to hire information security expert
  • Ex-Bush admin official: Internet giveaway weakens cybersecurity, opens door to Web tax

DDoS Attack on InfoSec News

  • By William Knowles
  • Senior Editor
  • InfoSec News
  • March 18, 2013

InfoSec News has been mitigating a prolonged distributed denial-of-service (DDoS) attack from a large globally distributed botnet that has lasted over a week.

We apologize for any minor disruptions this may have caused and continue to monitor and mitigate the attack. Thank you all for your continued support, and we aren’t going to let this impact our mission to send out timely and relevant information security news to the community

# # #

IRS Employee Took Home Data on 20,000 Workers at Agency

  • By Richard Rubin
  • Bloomberg
  • March 18, 2014

A U.S. Internal Revenue Service employee took home a computer thumb drive containing unencrypted data on 20,000 fellow workers, the agency said in a statement today.

The tax agency’s systems that hold personal data on hundreds of millions of Americans weren’t breached, the statement said.

“This incident is a powerful reminder to all of us that we must do everything we can to protect sensitive data –- whether it involves our fellow employees or taxpayers,” IRS Commissioner John Koskinen said in a message to employees. “This was not a problem with our network or systems, but rather an isolated incident.”

The IRS is contacting the current and former employees involved, almost all of whom worked in Pennsylvania, Delaware and New Jersey. The information dates to 2007, before the IRS started using automatic encryption.


# # #

Sally Beauty confirms data breach

# # #

Countering cyberterrorism at heart of Tel Aviv conference next month

  • By Ilan Gattegno
  • Israel Hayom
  • March 17, 2014

Institute for National Security Studies, a prestigious academic think tank, to host large event with the help of U.S.-based Cyber Security Forum Initiative and Prime Minister’s Office – Issues to include cybercrime, cyberterrorism, and cyber defense law.

The annual Defensive Cyberspace Operations & Intelligence Conference is scheduled to take place April 8-9 in Tel Aviv.

The forum will be held under the auspices of the Institute for National Security Studies, a prestigious Tel Aviv think tank headed by former Military Intelligence Director Maj. Gen. (ret.) Amos Yadlin. It will focus on the ways government can prevent and counter strategic cyber attacks.

The Prime Minister’s Office National Cyber Bureau, the Intelligence Ministry and the Office of the Chief Scientist are actively involved in the organization of this conference, as is the Cyber Security Forum Initiative, a nonprofit organization headquartered in Omaha, Nebraska and in Washington, D.C.


 # # #

Healthcare data encryption trends and methods

  • By Patrick Ouellette
  • Health IT Security
  • March 17, 2014

There are varying responses from healthcare organizations and security experts when the question of why an organization would not encrypt its data is posed. For some, it’s a numbers game and their budget simply can’t fit encryption technology. Others philosophically are opposed because they believe, to a degree, it degrades the data. However, there may be a more fundamental reason for a lack of encryption for some organizations: the belief that their “four walls” are enough to protect patient data.

Michael Leonard, Director of Product Management for Healthcare IT at Iron Mountain, told that many organizations don’t encrypt their data for that reason.

What encryption trends are you seeing on-site v. off-site within healthcare organizations?

Leonard: We see in many organizations a lot of the content is still not encrypted, especially if it’s being stored onsite, and that has been, I think, historically because it’s within their four walls there’s less concern, right or wrong, but there’s less concern that it should be encrypted if it’s in-house, so to speak. I don’t see anybody, at least that we’ve talked to, moving content out into the cloud or out to a managed service provider unless it is encrypted, and that’s clearly a best practice. Also, many of the existing clinical applications don’t really have a native way of encrypting content, so it’s like extra work for the organization to encrypt much of that clinical information. So, we see quite a bit of the content that’s stored within the four walls of an organization as unencrypted.


# # #

Japan holds first cyberattack drill to bolster national security

  • By Tim Kelly and Nobuhiro Kubo
  • Japan Today
  • March 18, 2014

TOKYO — Japan held a full-on cyberattack across government departments on Tuesday in a drill aimed at bolstering national security as the country gears up to host the 2020 Olympics.

Japan is following the lead of Britain, which invited ethical hackers to test its computer systems in the run up to the 2012 London Olympics. In the event, London parried multiple cyberattacks.

Some 50 cyber-defense specialists gathered at an emergency response center in Tokyo, with at least three times that many offsite, to defend against a simulated attack across 21 state ministries and agencies and 10 industry associations, said Ikuo Misumi, a hacking expert at Japan’s state-run National Information Security Center.

“It’s not that we haven’t put effort into cybersecurity, but we are certainly behind the U.S.,” Ichita Yamamoto, the cabinet minister in charge of IT policy and who is leading the effort to boost cybersecurity, said in an interview.


# # #

Court approves first-of-its-kind data breach settlement

  • By Jaikumar Vijayan
  • Computerworld
  • March 17, 2014

Courts have generally tended to dismiss consumer class-action lawsuits filed against companies that suffer data breaches if victims can’t show that the the breach directly caused a financial hit.

A federal court in Florida broke the mold by approving a $3 million settlement for victims of a data breach in which personal health information was exposed when multiple laptops containing the unencrypted data were stolen.

The Dec. 2009 theft of laptops belonging to AvMed, a Florida-based health insurer, exposed the patient records of tens of thousands of its customers. Several victimes later filed a putative class action lawsuit against AvMed.

The plaintiffs suffered no direct losses or identity theft from the breach but nevertheless accused AvMed of negligence, breach of contract, breach of fiduciary duty and unjust enrichment.


# # #

Gone phishing: Army uses Thrift Savings Plan in fake e-mail to test cybersecurity awareness

  • By Lisa Rein and Eric Yoder
  • The Washington Post
  • March 13, 2014

An ominous e-mail message landed in the inboxes of a small group of U.S. Army employees last month, warning of a security breach in their federal retirement plans and urging them to log in and check their accounts.

The e-mail was a fake — a classic spear phishing expedition looking for unwitting victims willing to share their personal financial information.

But the perpetrator was not a criminal hacker. It was an Army combat commander, acting on his own authority to test whether anyone on his staff would fall for the trick. In the process of sussing out internal vulnerabilities, though, the commander sowed panic across the government: Employees forwarded the e-mail to thousands of friends and colleagues at the Defense Department, the FBI, Customs and Border Protection, the Labor Department and other agencies.

Even the Pentagon’s Chief Information Office, which oversees computer networks across the military, was unaware of the phony e-mail.

The embarrassing play, a security awareness test of the sort that’s become increasingly common practice at private companies and federal agencies, tested the limits of how far the government should go with quality control to protect against cyberthreats. Testing security by toying with federal employees’ nest eggs? In hindsight, all agree that should be off-limits.


# # #

KSE to hire information security expert

  • By Shahid Shah
  • The News
  • March 14, 2014

KARACHI: The Karachi Stock Exchange (KSE) is hiring the chief information security officer to ensure security of data, official sources said on Thursday.

They said four candidates have already been shortlisted for the position. The acting CISO is conducting interviews of the candidates.

The sources said the decision was taken after the managing director of the KSE had received an email in July last year, which alleged that some officials of its Information Technology department were involved in data leakage. This newspaper had reported the issue even before the above-mentioned email.

The email shot from an unknown source stated that some people had access to highly confidential data of buying and selling of shares.

Consequently, the board of directors constituted an internal audit committee and initiated an enquiry against this, which caused expulsion of four employees of IT department, while a general manager of the department was sent on forced leave in August 2013.

The KSE had hired an independent forensic consultant Sidat Hyder Morshed Associate to investigate the highly sensitive matter and inspect the computers of the IT department.


# # #

Ex-Bush admin official: Internet giveaway weakens cybersecurity, opens door to Web tax

  • By Giuseppe Macri
  • The Daily Caller
  • 03/15/2014


p style=”text-align: left;”>The U.S. government’s plan to give away authority over the Internet’s core architecture to the “global Internet community” could endanger the security of both the Internet and the U.S. — and open the door to a global tax on Web use.

“U.S. management of the internet has been exemplary and there is no reason to give this away — especially in return for nothing,” former Bush administration State Department senior advisor Christian Whiton told The Daily Caller. “This is the Obama equivalent of Carter’s decision to give away the Panama Canal — only with possibly much worse consequences.”

The U.S. Commerce Department announced late Friday it would relinquish control of The Internet Corporation for Assigned Names and Numbers (ICANN) — the organization charged with managing domain names, assigning Internet protocol addresses and other crucial Web functions — after its current contract expires next year.

In response to months of mounting criticism from the global community over sweeping National Security Surveillance programs leaked by former agency contractor Edward Snowden, the administration surrendered to allegations it had too much influence over the Web through ICANN, which designates the roadmap from web-connected devices to websites and servers across the globe.


Updated: March 23, 2014 — 3:11 am

The Author

Rich Fleetwood

Rich is the founder of SurvivalRing, now in it's 20th year, author of multimedia CDs and DVDs, loves the outdoors, his family, his geeky skill-set, and lives in rural Missouri, just a few miles from the Big Muddy. Always ready to help others, he shares what he learns on multiple blogs, social sites, and more. With a background in preparedness and survival skills, training with county, state, and national organizations, and skills in all areas of media and on air experience in live radio and television, Rich is always thinking about the "big picture", when it comes to helping individuals and families prepare for life's little surprises.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.