“The surest sign that a man has a genuine taste of his own is that he is uncertain of it.”~W.H. Auden, “Reading” (from The Dyer’s Hand)
'Sinister forces' are trying to undermine MEdia Dragons in the middle of the night ;-)
“We must always take sides,” Elie Wiesel urged in his spectacular Nobel Prize acceptance speech. “Neutrality helps the oppressor, never the victim. Silence encourages the tormentor, never the tormented.” And yet part of the human tragedy is that despite our best intentions and our most ardent ideals, we often lull ourselves into neutrality in the face of injustice — be it out of fear for our own stability, or lack of confidence in our ability to make a difference, or that most poisonous foible of the soul, the two-headed snake of cynicism and apathy. How, then, do we unmoor ourselves from a passivity we so masterfully rationalize, remember that“injustice anywhere is a threat to justice everywhere,” and rise to that awareness with moral courage and imagination?
“CompTIA’s 17th annual Cyberstatesis the definitive source for state-by-state analysis of the U.S. information technology industry and the tech workforce. The report quantifies the size and scope of the tech sector and tech occupations across multiple vectors, while providing context with time-series trending, economic impact, average wages, business establishment analysis, IT jobs postings, career opportunities, gender ratios, tech patents, and more. Moreover, Cyberstates helps to connect the dots with emerging trends. Cloud computing, big data, automation, IoT, cybersecurity, and social technologies will continue to reshape businesses large and small, driving innovation and digital business transformation across the U.S. economy. As with any sector-level report, there are varying interpretations of what constitutes the tech sector and the tech workforce. Some of this variance may be attributed to the objectives of the author. Is the goal to depict the broadest possible representation of STEM and digital economy fields, or a more narrowly defined technology subset? Is the goal to capture all possible knowledge workers, or a more narrowly defined technology subset? For the purposes of this report, CompTIA focuses on the more narrowly defined technology subset. See the methodology section for details of the specific NAICS codes and SOC codes CompTIA uses in its definitions of the tech sector and the tech workforce.”
How much is a security flaw worth? An inside look into Yahoo’s bug bounty program Every week, the Paranoids – charged with protecting the digital security of Yahoo's more than 1 billion users – discuss one of the more mysterious parts of the cybersecurity business: How much is a security flaw worth? On a videoconference with digital security teams spanning New York to California, the Paranoids assess weekly reports from freelance security researchers who say they found flaws in Yahoo’s platforms
National Australia Bank, Westpac Banking Corp and Qantas have taken stakes in Data Republic, a Sydney-based start-up that has designed a platform which allows companies and government to exchange data in a secure environment Data Republic
Thieves have again found their way into what was thought to be the most secure financial messaging system in the world and stolen money from a bank. The crime appears to be part of a broad online attack on global banking. New details about a second attack involving Swift — the messaging system used by thousands of banks and companies to move money around the world — are emerging as investigators are still trying to solve the $81 million heist from the central bank of Bangladesh in February. In that theft, the attackers were able to compel the Federal Reserve Bank of New York to move money to accounts in the Philippines. The second attack involves a commercial bank, which Swift declined to identify.
Unethical Research: How to Create a Malevolent Artificial Intelligence – Federico Pistono, Roman V. Yampolskiy (Submitted on 10 May 2016)
“Cybersecurity research involves publishing papers about malicious exploits as much as publishing information on how to design tools to protect cyber-infrastructure. It is this information exchange between ethical hackers and security experts, which results in a well-balanced cyber-ecosystem.
Chronicle of Higher Education – May 13, 2016 – “We are on the verge of becoming the best trained, and least educated, society since the Romans — and reducing the humanities to a type of soft science will only hasten this trend. As the sciences rightly grow, a free society must ensure that criticism of the sciences grows apace. Effective criticism depends on distance, in this case on an unshakeable difference, between the humanities and the STEM fields.
Washington Post: “In yet another example of fragile
security in federal cyber systems, data for 44,000 Federal Deposit Insurance
Corp. customers were breached by an employee leaving the agency. The breach
occurred in February and was outlined in an internal FDIC memorandum obtained
by The Washington Post. The March 18 memo from Lawrence Gross Jr., FDIC’s chief
information officer and chief privacy officer, to FDIC Chairman Martin J.
Gruenberg said the data were downloaded to a personal storage device
“inadvertently and without malicious intent.”
Verizon's annual report into data breaches has triggered an avalanche of criticism that the company made critical errors when studying the most frequently exploited software vulnerabilities. The 2016 Data Breach Investigations report, released on April 27, is considered one of the most comprehensive annual guides on data breach trends, compiling data contributed by a wide range of computer security companies, law enforcement and government agencies. It also draws on more than 3,100 confirmed data breaches, an impressive sampling of attacks.
Facebook has arranged for hundreds of kids, from middle-school age up, to play a hacking game it’s developed—because it’s having trouble recruiting for security roles. The company has been arranging competitions using the tool for years, but May 11, it open-sourced the game in the hope of exposing more people—including kids, the Facebookers of the future—to the skills involved in cybersecurity work. “A software engineer job gets filled in a month,” said Javier Marcos, a security engineer at Facebook.
Verizon's annual report into data breaches has triggered an avalanche of criticism that the company made critical errors when studying the most frequently exploited software vulnerabilities. The 2016 Data Breach Investigations report, released on April 27, is considered one of the most comprehensive annual guides on data breach trends, compiling data contributed by a wide range of computer security companies, law enforcement and government agencies. It also draws on more than 3,100 confirmed data breaches, an impressive sampling of attacks.
Facebook has arranged for hundreds of kids, from middle-school age up, to play a hacking game it’s developed—because it’s having trouble recruiting for security roles. The company has been arranging competitions using the tool for years, but May 11, it open-sourced the game in the hope of exposing more people—including kids, the Facebookers of the future—to the skills involved in cybersecurity work. “A software engineer job gets filled in a month,” said Javier Marcos, a security engineer at Facebook.
·
Via the
Washington Post – a copy of the heretofore confidential IG Investigation of FDIC Division of
Information Technology – May 24,2013.
Washington Post: “The Federal Deposit Insurance
Corp. on Monday retroactively reported to Congress that five additional “major
incidents” of data breaches have occurred since Oct. 30. FDIC also is launching
“a new initiative to enhance security.”The incidents involved the breach of
taxpayers’ personally identifiable information, The Washington Post has learned.
In each case, employees with legitimate access to the information were leaving
the agency when they inadvertently downloaded the data along with personal
files. The individuals involved provided affidavits saying the data was not
shared. FDIC considers these to be low-risk cases, but they each meet the
threshold of 10,000 records inappropriately exposed. They are being
retroactively reported now because the cases were closed before an FDIC Office
of Inspector General decision in February to define “major incident” as one
that involves at least 10,000 records…”
Federal News Radio: “A leading technology official
in the House says a former Federal Deposit Insurance Corporation employee
inadvertently triggered a major cyber breach that compromised 44,000 customers’
data. Rep. Lamar Smith (R-Texas), chairman of the Science, Space, and
Technology Committee, says a former FDIC employee breached the information
of 44,000 FDIC customers more than a month ago. In an April 8 letter obtained by Federal News Radio, Smith
said a departing FDIC employee was transferring files from an office
computer onto a personal storage device and “inadvertently” copied
sensitive customer data from more than 44,000 individuals. The employee
left the agency on Feb. 26, but the agency realized the data was taken three
days later. FDIC officials retrieved the device on March 1. Smith called the
lapse in security “troubling,” and requested a briefing on the situation
from FDIC once more information is available…”
Statement
of Acting IG Before the Committee on Science, Space, and Technology
Subcommittee on Oversight, U.S. House of Representatives on Cybersecurity
Incidents at the Federal Deposit Insurance Corporation – May 12, 2016.
The UK financial sector is failing to take cyber crime seriously enough,
a report will say on Tuesday, recommending that companies share more
information while calling for tax breaks to boost investment in cyber defences. The financial services industry is “the perfect target” for cyber
attack, warns the report from lobby group TheCityUK, presenting the results of
a six-month review of cyber security in the sector. Underlining the threat to banks from hackers, the Swift global payments system warned last week that it had discovered a second case of a bank being robbed using similar methods to the record digital theft at the Bangladesh central bank in February. UK banks are failing to take cyber crime seriously, warns report
There is a difference of opinion within the federal government about what counts as a "major" data breach. The debate over the breadth and depth of the adjective is more than semantic.
More than a year after a hack of Office of Personnel Management systems compromised more than 22 million records, the agency has not been able to encrypt all the sensitive data on 4 million federal employees, including Social Security numbers.
The Homeland Security Department is under the gun to collect massive amounts of data about threats to the nation's physical and network infrastructure, according to contracting documents. To meet a June 1 deadline to come up with an aggregation strategy, DHS has awarded a contract to Sunesis Consulting LLC without holding a competition, a sole-source justification states.
There is a difference of opinion within the federal government about what counts as a "major" data breach. The debate over the breadth and depth of the adjective is more than semantic.
More than a year after a hack of Office of Personnel Management systems compromised more than 22 million records, the agency has not been able to encrypt all the sensitive data on 4 million federal employees, including Social Security numbers.
The Homeland Security Department is under the gun to collect massive amounts of data about threats to the nation's physical and network infrastructure, according to contracting documents. To meet a June 1 deadline to come up with an aggregation strategy, DHS has awarded a contract to Sunesis Consulting LLC without holding a competition, a sole-source justification states.
The
contractor responsible for the hacked Office of Personnel Management’s major IT
overhaul is now in financial disarray and no longer working on the project. OPM
awarded the Arlington, Virginia-based Imperatis Corporation a sole-source
contract in June 2014 as part of an initial $20 million effort to harden OPM’s
cyber defenses, after agency officials discovered an intrusion into the
agency’s network. In the past week, however, Imperatis ceased operations on the
contract, citing “financial distress,” an OPM spokesman confirmed to Nextgov.
After Imperatis employees failed to show up for work May 9, OPM terminated
Imperatis’ contract for nonperformance and defaulting on its contract. “DHS and
OPM are currently assessing the operational effect of the situation and expect
there to be very little impact on current OPM operations,” OPM spokesman Sam
Schumach said in a statement to Nextgov. Schumach said OPM had been planning
for performance on the contract to end in June 2016.
Foreign
hackers are going after the wonks. Cyber criminals are targeting policy groups
and nongovernmental organizations to get a leg up on U.S. government strategy,
according to an executive at cybersecurity company CrowdStrike Inc. Such
"nation-state" hackers, often tied to governments including China or
Russia, want advanced intelligence on U.S. policy, said Shawn Henry, chief
security officer of the Irvine, California-based company. "They want to
know what the thought leaders in the United States are considering, what
they’re debating,” Henry, who oversaw the FBI’s global cyber investigations
before retiring in 2012, said in an interview in Arlington, Virginia.
"They’re looking for how policy is being designed. They’re looking at how
senior leaders or former senior leaders are advising existing senior leaders --
what the emerging issues are, how the U.S. government is going to implement
certain strategy." While Henry wouldn’t provide specifics on targets,
Washington has many so-called think tanks and interest groups staffed by former
government officials and analysts who stay in close touch with current policy
makers.
Data
purportedly belonging to five South Asian banks was apparently posted online
May 10 by the Turkish hacking group Bozkurtlar that recently also leaked data
tied to Qatar National Bank and UAE's InvestBank. The latest banks whose data
has been posted online include the Dutch Bangla Bank, The City Bank and Trust
Bank, all based in Dhaka, Bangladesh; and two Nepalese banks, Business
Universal Development Bank and Sanima Bank, both based in Kathmandu, Nepal.
Links to the file archives containing data from all the banks have been posted
from a Twitter account supposedly operated by Turkish hacking group
"Bozkurtlar" - or "Grey Wolves." The group appears to be
making good on their threat to release data of more Asian banks - an indication
that more such disclosures may be expected in the region, in the near future.
Russian intelligence agencies were probably responsible for a massive
cyber attack on Germany's lower house of parliament last year which forced its
computer systems to be shut down for days, Germany's domestic intelligence
agency said on Friday. The agency, known as the Federal Office for the
Protection of the Constitution (BfV), said a hacker group known as
"Sofacy" was behind the attack. "The BfV has indications that it
is being steered by the Russian state and has been monitoring it for
years," the agency said in a statement. The unusually strong comments come
at a time when relations between Berlin and Moscow have sunk to their lowest
point since the end of the Cold War following Russia's annexation of Ukraine's
Crimea and its intervention in Syria. Hans-Georg Maassen, president of the BfV,
said that government, corporate and educational facilities in Germany were
under "permanent threat", with critical infrastructure in areas like
energy and telecommunications in particular focus.
Commercial Bank of Ceylon, based in Colombo, Sri Lanka, has apparently been hacked, with its data posted online May 12 by the Bozkurtlar hacking group, which has also posted seven other data dumps from banks in the Middle East and Asia since April 26. The group, believed to have Turkish ties, released data from five South Asian banks on May 10. It also dumped data online from UAE-based InvestBank on May 7 and data from Qatar National Bank on April 26.
Inside the detectives world of conmen and murderers Inside Story
Commercial Bank of Ceylon, based in Colombo, Sri Lanka, has apparently been hacked, with its data posted online May 12 by the Bozkurtlar hacking group, which has also posted seven other data dumps from banks in the Middle East and Asia since April 26. The group, believed to have Turkish ties, released data from five South Asian banks on May 10. It also dumped data online from UAE-based InvestBank on May 7 and data from Qatar National Bank on April 26.
Inside the detectives world of conmen and murderers Inside Story