Google has announced new settings for its two-step verification (2SV) functionality. If you have Google accounts it is recommended that you add this feature to protect yourself against the theft of personal information.
Digital currency Ethereum nose-dives after $50 million hack MarketWatch
Second Assailant Drains Ethereum Funds From The DAO NewsBTC
Detect, Disrupt, Deter: A Whole-of-Government Approach to National Security Cyber Threats – by John P. Carlin, Harvard Law School National Security Journal. Volume 7, Issue 2: “With increasing network intrusions affecting the U.S. government and American companies, and unsecured connectivity creating new vulnerabilities to cyber attacks, the United States is implementing a whole-of-government, all-tools approach to countering cyber threats.
With no
warning, one of the world's largest criminal botnets—a massive collection of
computers used to launch attacks—has disappeared. Researchers have reported
huge drops in traffic for two of the most popular pieces of malware which rely
on it. “We can only tell that the Dridex and Locky spam campaigns stopped since
June 1 in our observation. We cannot confirm how the botnet was brought down
yet”
*Tax convictions falling as technology traps criminals
*Tax convictions falling as technology traps criminals
The news that MEdia Dragon knows who did it is exaggerated ...One
of the World's Largest Botnets Has Vanished
This
Productivity Commission paper focuses on the role of government in the face of
potentially disruptive technological change
Digital Disruption: What do governments need to do?
Digital Disruption: What do governments need to do?
It’s a good
time to be a cybercriminal. There are more victims to target, there is more
data to steal, and there is more money to be made from doing so than ever
before. It would seem to follow, then, that there’s been very little progress
since 2007, when hackers stole at least 45.6 million credit-card numbers from
the servers of TJX, the owner of TJ Maxx and Marshalls, catapulting the
now-commonplace narrative of the massive data breach to national prominence.
But the truth is that the forces of cyber law and order have made lots of
headway in the past decade. There are still large-scale data breaches, but
credit-card companies are getting better at detecting them early and replacing
customers’ cards as needed, payment networks are pushing microchip-enabled
cards that render transaction data worthless to criminals, and law enforcement
has gotten smarter and savvier. The
New Economics of Cybercrime
Intel Analyst at Tax Office on Covert operations against taxpayers exposed
Also in the Unfair Dismissal jurisdiction, the ATO have been criticised by the Fair Work Commission for dismissing someone for being a ‘square peg in a round hole’, in the case of Ron Shamir v Commonwealth of Australia (Australian Taxation Office) T/A Australian Taxation Office [2016] FWC 1844. Commissioner Ryan held that despite the difficulties faced by the employee in achieving suitability for a new role that he was given, it was ‘harsh’ to dismiss someone for being a ‘square peg in a round hole’, especially when the employee was specifically hired to be a ‘square peg in a square hole.’ The employee was reinstated.
Corruption and crime syndicates threaten Australia's border security
A frustrated WA auditor general has warned he is seriously considering reversing his policy of not identifying the state government agencies with the weakest IT defences after they failed to improve their dismal cyber security postures. Last year, Murphy said his pentesters were able to break into two sensitive state government networks on their first go using the password ‘password’. In this year’s report, the results are even worse Password: WA Auditor General
Hackers Targeting Clinton Aides Struck Across U.S. Politics
Intel Analyst at Tax Office on Covert operations against taxpayers exposed
Also in the Unfair Dismissal jurisdiction, the ATO have been criticised by the Fair Work Commission for dismissing someone for being a ‘square peg in a round hole’, in the case of Ron Shamir v Commonwealth of Australia (Australian Taxation Office) T/A Australian Taxation Office [2016] FWC 1844. Commissioner Ryan held that despite the difficulties faced by the employee in achieving suitability for a new role that he was given, it was ‘harsh’ to dismiss someone for being a ‘square peg in a round hole’, especially when the employee was specifically hired to be a ‘square peg in a square hole.’ The employee was reinstated.
Corruption and crime syndicates threaten Australia's border security
A frustrated WA auditor general has warned he is seriously considering reversing his policy of not identifying the state government agencies with the weakest IT defences after they failed to improve their dismal cyber security postures. Last year, Murphy said his pentesters were able to break into two sensitive state government networks on their first go using the password ‘password’. In this year’s report, the results are even worse Password: WA Auditor General
Hackers Targeting Clinton Aides Struck Across U.S. Politics
Facebook Accused Of Tracking Users’ Internet Activity By Consuella Pachico –
– “Facebook is facing multidistrict litigation over allegations that
the social media site tracked users’ internet activity after they logged
off. Facebook is insisting that users cannot sue because they were
not harmed by the site’s tracking activities. In response to users’
claim that their privacy rights were violated by post-logoff
tracking, Facebook states that nothing in the amended complaint
identifies “how the alleged violations caused plaintiffs to suffer real,
actually existing injuries that are not abstract, conjectural, or
hypothetical.”
False Flags: The Kremlin’s Hidden Cyber Hand. “The Islamic State’s hacking army doesn’t actually work for ISIS—It’s part of the secret Russian online espionage effort against the West.”
NAB using Veda to track disloyal business customers going to rival banks
Combating Nuclear Smuggling: NNSA’s Detection and Deterrence Program Is
Addressing Challenges but Should Improve Its Program Plan, GAO-16-460
“Whether for emergency management and public health, reliable financial services or trusted access to education programs, the need for users to confirm the validity of official U.S. government digital platforms is critical. A challenge in embracing emerging startup and private sector platforms for public service is ensuring that citizens can trust the app used for official engagement is managed by the legitimate agency and not a unofficial source, phishing scam or malicious entity. The U.S. Digital Registry serves as the authoritative resource for agencies, citizens and developers to confirm the official status of social media and public-facing collaboration accounts, mobile apps and mobile websites. Data fields in the registry include the agency, platform, account, language, points of contact and collaborative tags.”
- In re: Facebook Internet Tracking Litigation, case number 5:12-md-02314, in the U.S. District Court for the Northern District of California.
A federal district court in Virginia ruled that a criminal
defendant has no “reasonable expectation of privacy” in his personal computer,
located inside his home. According to the court, the federal government does
not need a warrant to hack into an individual’s computer. This decision is the
latest in a series of decisions in prosecutions stemming from the FBI’s investigation of Playpen—a
Tor hidden services site hosting child pornography. The FBI seized the server
hosting the site in 2014, but continued to operate the site and serve malware
to thousands of visitors that logged into the site. The malware located certain
identifying information (e.g., MAC address, operating system, the computer’s
“Host name”; etc) on the attacked computer and sent that information back to
the FBI. There are hundreds of prosecutions, pending across the country,
stemming from this investigation. US V EDWARD JOSEPH MATISH, III
False Flags: The Kremlin’s Hidden Cyber Hand. “The Islamic State’s hacking army doesn’t actually work for ISIS—It’s part of the secret Russian online espionage effort against the West.”
NAB using Veda to track disloyal business customers going to rival banks
Wendy's
hack bigger than believed The Hill
Fast-food
chain Wendy's says an attack on credit card systems used by franchisees may be
bigger than they initially believed. “[T]he number of franchise restaurants
impacted by these cybersecurity attacks is now expected to be considerably
higher than the 300 restaurants already implicated,” the company said in a
press release Thursday. The company first announced the hack in May, saying at
the time that fewer than 300 restaurants were affected. Another 50 were viewed
as potential victims.
IARPA
exploring deceptive cyber defenses Federal
Times
Intelligence
work is often as much about gathering information as it is about disseminating
misinformation. To that end, the Intelligence Advanced Research Projects
Activity (IARPA) is looking for innovative solutions around deceptive cyber
defenses.
The
technology chief at the Federal Trade Commission (FTC) is calling on mobile
carriers to boost their customer verification features after the official’s
mobile phone account was hijacked in Ohio a few weeks ago. The FTC’s Lorrie
Cranor, who took over the job in December, published a blog post about the long
back-and-forth with her mobile phone carrier after an identify thief posed as
Cranor at a retail store to buy and activate two new iPhones on her account,
which ended up cutting off service for Cranor. “Carriers should adopt a
multi-level approach to authenticating both existing and new customers and
require their own employees as well as third-party retailers to use it for all
transactions,” she said in her blog post.
“Whether for emergency management and public health, reliable financial services or trusted access to education programs, the need for users to confirm the validity of official U.S. government digital platforms is critical. A challenge in embracing emerging startup and private sector platforms for public service is ensuring that citizens can trust the app used for official engagement is managed by the legitimate agency and not a unofficial source, phishing scam or malicious entity. The U.S. Digital Registry serves as the authoritative resource for agencies, citizens and developers to confirm the official status of social media and public-facing collaboration accounts, mobile apps and mobile websites. Data fields in the registry include the agency, platform, account, language, points of contact and collaborative tags.”
Morgan
Stanley has agreed to pay a $1 million fine to settle U.S. Securities and
Exchange Commission civil charges that security lapses at the Wall Street bank
enabled a former financial adviser to tap into its computers and take client
data home, the regulator said on Wednesday. The settlement resolves allegations
related to Galen Marsh's unauthorized transfers from 2011 to 2014 of data from
about 730,000 accounts to his home computer in New Jersey, some of which was
hacked by third parties and offered for sale online. Marsh was sentenced in
December to three years probation and ordered to pay $600,000 in restitution
after pleading guilty to one felony count of unauthorized access to a computer.
Prosecutors had sought prison time. According to the SEC, Morgan Stanley
violated a federal regulation known as the Safeguards Rule by failing to
properly protect customer data, allowing Marsh to access names, addresses,
phone numbers, and account holdings and balances.
The ranking
Democrat on the Senate Homeland Security Committee is expanding an
investigation into the SWIFT banking network to include the Department of
Homeland Security (DHS). Senator Tom Carper (D-Del.) this week sent letters to
the DHS and the Bank for International Settlements (BIS) officials asking how
both organizations are reacting to a recent series of digital bank heists and
working to prevent new ones. He sent letters to SWIFT — the Society for
Worldwide Interbank Financial Telecommunication — and the Federal Reserve Bank
of New York last month. The letters are in response to an $81 million burglary
of the Bangladeshi central bank and other attacks using the SWIFT network.
“Given the importance of SWIFT to the global financial system, these recent
attacks raise important questions regarding the security practices of member
banks and their ability to prevent future attacks,” Carper wrote in his letter
to DHS Secretary Jeh Johnson.
The BEC scam continues to grow, evolve, and target businesses of all sizes. Since January 2015, there has been a 1,300% increase in identified exposed losses.
The scam has been reported by victims in all 50 states and in 100 countries. Reports indicate that fraudulent transfers have been sent to 79 countries with the majority going to Asian banks located within China and Hong Kong…”
The BEC scam continues to grow, evolve, and target businesses of all sizes. Since January 2015, there has been a 1,300% increase in identified exposed losses.
The scam has been reported by victims in all 50 states and in 100 countries. Reports indicate that fraudulent transfers have been sent to 79 countries with the majority going to Asian banks located within China and Hong Kong…”
“This Public Service Announcement (PSA) is an update to the Business E-mail Compromise (BEC) information provided in Public Service Announcements (PSA) 1-012215-PSA and 1-082715a-PSA.
Information Security: Agencies Need to Improve Controls over Selected High-Impact Systems, GAO-16-501: Published: May 18, 2016. Publicly Released: Jun 21, 2016. “In
GAO’s survey of 24 federal agencies, the 18 agencies having high-impact
systems identified cyber attacks from “nations” as the most serious and
most frequently-occurring threat to the security of their systems.
These agencies also noted that attacks delivered through e-mail were the
most serious and frequent. During fiscal year 2014, 11 of the 18
agencies reported 2,267 incidents affecting their high-impact systems,
with almost 500 of the incidents involving the installation of malicious
code.
Kaspersky Lab, June 22, 2016: “Ransomware is a type of malware that, upon infecting a device, blocks access to it or to some or all of the information stored on it. In order to unlock either the device or the data, the user is required to pay a ransom, usually in bitcoins or another widely used e-currency. This report covers the evolution of the threat over the last two years…
Main findings:
Kaspersky Lab, June 22, 2016: “Ransomware is a type of malware that, upon infecting a device, blocks access to it or to some or all of the information stored on it. In order to unlock either the device or the data, the user is required to pay a ransom, usually in bitcoins or another widely used e-currency. This report covers the evolution of the threat over the last two years…
Main findings:
- The total number of users who encountered ransomware between April 2015 and March 2016 rose by 17.7% compared to the previous 12 months (April 2014 to March 2015) – from 1,967,784 to 2,315,931 users around the world;
- The proportion of users who encountered ransomware at least once out of the total number of users who encountered malware rose 0.7 percentage points, from 3.63% in 2014-2015 to 4.34% in 2015-2016;
- Among those who encountered ransomware, the proportion who encountered cryptors rose dramatically – up 25 percentage points, from 6.6% in 2014-2015 to 31.6% in 2015-2016;
- The number of users attacked with cryptors rose 5.5 times, from 131,111 in 2014-2015to 718,536 in 2015-2016;
- The number of users attacked with Win-lockers decreased 13.03%, from 1,836,673 in 2014-2015 to 1,597,395 in 2015-2016…”
Opinion analysis: The exclusionary rule is weakened but it still lives SCOTUSblog. “Utah v. Strieff is a significant win for the police.”
US Customs wants to collect social media account names at the border The Verge. Call or write your Congresscritter and object strenuously
How to protect the future web from its founders’ own frailty Boing Boing. Important for sites like NC
The Data Hoarders Motherboard
Exclusive: Google, Facebook quietly move toward automatic blocking of extremist videos | Reuters. Lambert: “It would be nice to have “extremist” defined