~ Jacky Wright
HMRC scoops up Microsoft veep for CIO role
HMRC Jacky Wright to lead tech for UK tax collector
WHERE ELSE WOULD YOU GO TO DECIPHER SATAN’S DICTATION? Dark web helps decipher 361-year-old ‘letter from Lucifer’. Okay, maybe Washington DC, but other than that.
Separating NSA and CYBERCOM? Be Careful When Reading the GAO Report
Via NBR/CNBC: “There are literally hundreds of smaller consumer-reporting companies[33-page PDF] operating in the U.S. and the smaller ones are collecting information you might not expect. The Consumer Financial Protection Bureau maintains a self-reported list of the companies. Consider Milliman IntelliScript, for example. The company collects information on the prescription drugs you buy. If you’ve ever authorized the release of your medical records to an insurance company, they might have shared them with Milliman. Or look at Retail Equation, a company that monitors consumers’ return and exchange behavior at retail companies. Company critics say the information collected can prevent legitimate returns from being accepted. Still, fraudulent returns are a big concern for retail companies, costing them billions of dollars a year, company reports say. The companies did not respond to requests for comment. Consumer-reporting companies are governed by the Fair Credit Reporting Act, according to the CFPB. That means consumers can request copies of their reports, though some will charge you for it.” [h/t Pete Weiss]
- The New York Times provides answers to some of the many questions causing us considerable concern following the delayed announcement by Equifax of a massive breach of personal data that impacts perhaps half of the American population.
KATE KLONICK: The Terrifying Power of Internet Censors.
StoryBench – Felippe Rodrigues: “The new Associated Press headquarters in lower Manhattan near the World Trade Center is dazzling, and it seems quite fitting for a news company that’s constantly innovating. Earlier this month, Storybench took a trip to New York City to chat with AP global news manager Mark Davies who told us all about how they are winning Facebook. During my visit, I sat in on one of the morning news meetings where managing editor Brian Carovillano, Davies and others connected with bureaus around the globe to discuss the order of the day. I also spoke to some people in the newsroom about innovation in journalism and storytelling from many perspectives. Below, some takeaways from a day watching the AP from inside
RT, Sputnik and Russia’s New Theory of War How the Kremlin built one of the most powerful information weapons of the 21st century — and why it may be impossible to stop. Jim Rutenberg. September 13, 2017.
“…After RT [Russia’s state-financed international cable network] andSputnik gave platforms to politicians behind the British vote to leave the European Union, like Nigel Farage, a committee of the British Parliament released a report warning that foreign governments may have tried to interfere with the referendum. Russia and China, the report argued, had an “understanding of mass psychology and of how to exploit individuals” and practiced a kind of cyberwarfare “reaching beyond the digital to influence public opinion.” When President Vladimir V. Putin of Russia visited the new French president, Emmanuel Macron, at the palace of Versailles in May, Macron spoke out about such influence campaigns at a news conference. Having prevailed weeks earlier in the election over Marine Le Pen — a far-right politician who had backed Putin’s annexation of Crimea and met with him in the Kremlin a month before the election — Macron complained that “Russia Today and Sputnik were agents of influence which on several occasions spread fake news about me personally and my campaign….RT might not have amassed an audience that remotely rivals CNN’s in conventional terms, but in the new, “democratized” media landscape, it doesn’t need to. Over the past several years, the network has come to form the hub of a new kind of state media operation: one that travels through the same diffuse online channels, chasing the same viral hits and memes, as the rest of the Twitter-and-Facebook-age media. In the process, Russia has built the most effective propaganda operation of the 21st century so far, one that thrives in the feverish political climates that have descended on many Western publics…”
Companies must tell employees in advance if their work email accounts
are being monitored without unduly infringing their privacy, the European Court
of Human Rights said in a ruling on Tuesday defining the scope of corporate
email snooping European
court rules companies must tell employees of email checks
Ars
Technica
September
6, 2017
Banks,
insurance companies, and Fortune 500 corporations take note: attack code has
just gone public for a hard-to-patch vulnerability that hackers can exploit to
take control of your website. The critical vulnerability is located in Apache
Struts 2, an open-source framework that large numbers of enterprise-grade
organizations use to develop customer-facing Web applications. The bug, which
has been active since 2008, allows end users to execute malicious code or
commands by plugging maliciously modified data into search boxes or similar
features hosted on the site. Apache Struts maintainers released a patch on
Tuesday. Unfortunately, installing the update is only the first step.
Vulnerable sites must then use the new version to rebuild vulnerable Web apps and
thoroughly test them before deploying them in their production sites. The
process can be labor and time intensive. What's more, the particular
vulnerability this time may require developers to change the code that calls
the Struts framework. Further complicating matters: many sites don't always
have a complete list of apps running on their sites, which makes finding out if
they're at risk harder.
Former officials buck White House adviser's comments about government hacking
Cyber
Scoop
Regulators
must do more to help mom-and-pop investors better understand the potential
risks posed by cyber crime and new technologies used to commit fraud, U.S.
Securities and Exchange Commission Chairman Jay Clayton said on Tuesday.
Clayton, who was appointed to the commission earlier this year, said cyber
security would be one of the top enforcement issues during his tenure at the
head of Wall Street’s main regulator. “I am not comfortable that the American
investing public understands the substantial risks that we face systemically
from cyber issues,” he said during a panel discussion at New York University.
“I’d like to see better disclosure around that.”
Three
Equifax Inc. senior executives sold shares worth almost $1.8 million in the
days after the company discovered a security breach that may have compromised
information on about 143 million U.S. consumers. The trio had not yet been
informed of the incident, the company said late Thursday. The credit-reporting
service said earlier in a statement that it discovered the intrusion on July
29. Regulatory filings show that on Aug. 1, Chief Financial Officer John Gamble
sold shares worth $946,374 and Joseph Loughran, president of U.S. information
solutions, exercised options to dispose of stock worth $584,099. Rodolfo
Ploder, president of workforce solutions, sold $250,458 of stock on Aug. 2.
None of the filings lists the transactions as being part of 10b5-1 scheduled
trading plans. The three “sold a small percentage of their Equifax shares,”
Ines Gutzmer, a spokeswoman for the Atlanta-based company, said in an emailed
statement. They “had no knowledge that an intrusion had occurred at the time.”
