Monday, September 18, 2017

MEdia and Cyber Matters: How the Kremlin built MEdia Dragon Information War Chest

 “There could not be a better time in the history of technology to demonstrate the power of technology innovation at an organisation such as HMRC. I am really excited to be joining the UK’s tax authority at such a pivotal time in its history."
~ Jacky Wright

HMRC scoops up Microsoft veep for CIO role
HMRC Jacky Wright to lead tech for UK tax collector

WHERE ELSE WOULD YOU GO TO DECIPHER SATAN’S DICTATION?  Dark web helps decipher 361-year-old ‘letter from Lucifer’.  Okay, maybe Washington DC, but other than that.

Popular Wallpaper Iphone Girly Twitter Iphone Popular Girls ...

Separating NSA and CYBERCOM? Be Careful When Reading the GAO Report

Via NBR/CNBC: “There are literally hundreds of smaller consumer-reporting companies[33-page PDF] operating in the U.S. and the smaller ones are collecting information you might not expect. The Consumer Financial Protection Bureau maintains a self-reported list of the companies. Consider Milliman IntelliScript, for example. The company collects information on the prescription drugs you buy. If you’ve ever authorized the release of your medical records to an insurance company, they might have shared them with Milliman. Or look at Retail Equation, a company that monitors consumers’ return and exchange behavior at retail companies. Company critics say the information collected can prevent legitimate returns from being accepted. Still, fraudulent returns are a big concern for retail companies, costing them billions of dollars a year, company reports say. The companies did not respond to requests for comment. Consumer-reporting companies are governed by the Fair Credit Reporting Act, according to the CFPB. That means consumers can request copies of their reports, though some will charge you for it.” [h/t Pete Weiss]

Criminals and other malicious actors increasingly rely on the Internet and rapidly evolving technology to further their operations. In cyberspace, criminals can compromise financial assets, hacktivists can flood websites with traffic—effectively shutting them down, and spies can steal intellectual property and government secrets. When such cyber incidents occur, a number of questions arise, including how the federal government will react and which agencies will respond EveryCRSReport.comJustice Department’s Role in Cyber Incident Response August 23, 2017 R44926

KATE KLONICK: The Terrifying Power of Internet Censors.

StoryBench – Felippe Rodrigues: “The new Associated Press headquarters in lower Manhattan near the World Trade Center is dazzling, and it seems quite fitting for a news company that’s constantly innovating. Earlier this month, Storybench took a trip to New York City to chat with AP global news manager Mark Davies who told us all about how they are winning Facebook. During my visit, I sat in on one of the morning news meetings where managing editor Brian Carovillano, Davies and others connected with bureaus around the globe to discuss the order of the day. I also spoke to some people in the newsroom about innovation in journalism and storytelling from many perspectives. Below, some takeaways from a day watching the AP from inside
RT, Sputnik and Russia’s New Theory of War How the Kremlin built one of the most powerful information weapons of the 21st century — and why it may be impossible to stop. Jim Rutenberg. September 13, 2017.

“…After RT [Russia’s state-financed international cable network] andSputnik gave platforms to politicians behind the British vote to leave the European Union, like Nigel             Farage, a committee of the British Parliament released a report warning that foreign governments may have tried to interfere with the referendum. Russia and China, the report argued, had an “understanding of mass psychology and of how to exploit individuals” and practiced a kind of cyberwarfare “reaching beyond the digital to influence public opinion.” When President Vladimir V. Putin of Russia visited the new French president, Emmanuel Macron, at the palace of Versailles in May, Macron spoke out about such influence  campaigns at a news conference. Having prevailed weeks earlier in the election over Marine Le Pen — a far-right politician who had backed Putin’s annexation of Crimea and met with him in the Kremlin a month before the election — Macron complained that “Russia Today and Sputnik were agents of influence which on several occasions spread fake news about me personally and my campaign….RT might not have amassed an audience that remotely rivals CNN’s in conventional terms, but in the new, “democratized” media landscape, it doesn’t need to. Over the past several years, the network has come to form the hub of a new kind of state media operation: one that travels through the same diffuse online channels, chasing the same viral hits and memes, as the rest of the Twitter-and-Facebook-age media. In the process, Russia has built the most effective propaganda operation of the 21st century so far, one that thrives in the feverish political climates that have descended on many Western publics…” 

Companies must tell employees in advance if their work email accounts are being monitored without unduly infringing their privacy, the European Court of Human Rights said in a ruling on Tuesday defining the scope of corporate email snooping European court rules companies must tell employees of email checks

Ars Technica

September 6, 2017
Banks, insurance companies, and Fortune 500 corporations take note: attack code has just gone public for a hard-to-patch vulnerability that hackers can exploit to take control of your website. The critical vulnerability is located in Apache Struts 2, an open-source framework that large numbers of enterprise-grade organizations use to develop customer-facing Web applications. The bug, which has been active since 2008, allows end users to execute malicious code or commands by plugging maliciously modified data into search boxes or similar features hosted on the site. Apache Struts maintainers released a patch on Tuesday. Unfortunately, installing the update is only the first step. Vulnerable sites must then use the new version to rebuild vulnerable Web apps and thoroughly test them before deploying them in their production sites. The process can be labor and time intensive. What's more, the particular vulnerability this time may require developers to change the code that calls the Struts framework. Further complicating matters: many sites don't always have a complete list of apps running on their sites, which makes finding out if they're at risk harder.

Former officials buck White House adviser's comments about government hacking

Cyber Scoop

Regulators must do more to help mom-and-pop investors better understand the potential risks posed by cyber crime and new technologies used to commit fraud, U.S. Securities and Exchange Commission Chairman Jay Clayton said on Tuesday. Clayton, who was appointed to the commission earlier this year, said cyber security would be one of the top enforcement issues during his tenure at the head of Wall Street’s main regulator. “I am not comfortable that the American investing public understands the substantial risks that we face systemically from cyber issues,” he said during a panel discussion at New York University. “I’d like to see better disclosure around that.”

Three Equifax Inc. senior executives sold shares worth almost $1.8 million in the days after the company discovered a security breach that may have compromised information on about 143 million U.S. consumers. The trio had not yet been informed of the incident, the company said late Thursday. The credit-reporting service said earlier in a statement that it discovered the intrusion on July 29. Regulatory filings show that on Aug. 1, Chief Financial Officer John Gamble sold shares worth $946,374 and Joseph Loughran, president of U.S. information solutions, exercised options to dispose of stock worth $584,099. Rodolfo Ploder, president of workforce solutions, sold $250,458 of stock on Aug. 2. None of the filings lists the transactions as being part of 10b5-1 scheduled trading plans. The three “sold a small percentage of their Equifax shares,” Ines Gutzmer, a spokeswoman for the Atlanta-based company, said in an emailed statement. They “had no knowledge that an intrusion had occurred at the time.”