CyberScout is the nation’s premier consultative provider of identity and data risk management, resolution and education services.

Apple has rebuffed previous orders to unlock iPhones, iPads

Apple has rebuffed previous orders to unlock iPhones, iPads
February 26, 2016

sh_Apple privacy_750

While the dispute over cracking into an iPhone used by the San Bernardino, Calif., shooter is at the center of a legal case between Apple and the FBI, the company recently told a federal court that it has received—and resisted—similar orders to help unlock iPhones and an iPad in recent months. That’s according to unsealed court documents in which Apple says that since early October, it has received orders to access data on 12 devices, from an iPhone 3 to two iPhone 6 Plus models. In the documents, the Department of Justice says the list is correct—and adds that it found “at least one additional All Writs Act order” for obtaining information from an iPhone. News of the court filings comes ahead of Friday’s deadline for Apple to formally respond to a federal court order in the San Bernardino investigation. Theodore J. Boutrous Jr., a prominent First Amendment lawyer who is a lead attorney for Apple in the case, said the company will tell the judge that Congress should decide the issue, not the courts. Source: NPR

Kids at heart of cybersecurity spat

sh_kids online_280Child activity tracker uKnowKids is embroiled in a dispute with a MacKeeper researcher who infiltrated the company’s servers to highlight security vulnerabilities. While uKnow says it does not approve of the hacker’s methods to break into a private database “repeatedly” for the “public good,” MacKeeper security researcher Chris Vickery said violated the Children’s Online Privacy Protection Act by not ensuring security was up to scratch. In total, more than 6.8 million private text messages, nearly 2 million images and more than 1,700 detailed child profiles—containing first and last names, dates of birth, GPS information and social media account credentials, among other data sets—was exposed, Vickery says. In a blog post, Vickery said that a “database error” was at fault, as the database was configured for full public access, and required no “level of authentication or password and providing no protection at all for this data.” When a company stores data related to children, COPPA, established by the Federal Trade Commission, requires them to “establish and maintain reasonable procedures to protect the confidentiality, security and integrity of personal information collected from children.” Source: ZDNet

It’s not just a job, it’s an adventure in cybersecurity

The Navy is asking for $88 million for research and development associated with cyber resiliency. The funds would go toward specific recommendations from Operation Rolling Tide and Task Force Cyber Awakening. Rolling Tide was the Navy’s first named cyber operation, in which at least five naval units were dispatched to defend against an Iranian intrusion to unclassified networks, with attackers seeking to impair command and control capabilities, as well as conduct basic reconnaissance to potentially be used at a later date. Task Force Cyber Awakening, a result to some degree of the Iranian intrusion, involves a series of efforts aimed at “gain[ing] a holistic view of cybersecurity risk across the Navy and address the fragmented and uneven efforts across our platforms and systems.” Other Navy budget documents highlight the Cyber Security Organization, an outgrowth of recommendations from Task Force Cyber Awakening that “demonstrates our continued commitment to prioritizing cyber investments particularly in shipboard and aviation platforms.” Source: Defense Systems

A Leaf on the wind? No, but it is on the Wi-Fi

sh_Nissan Leaf_280An app that helps Nissan Leaf owners connect to their cars contains cyber vulnerabilities that allow outsiders to manipulate certain controls and view information on the whereabouts of drivers. Anyone with knowledge of a Nissan Leaf’s vehicle identification number could use it to manipulate heating and air-conditioning functions and potentially drain the electric vehicle’s battery. Outsiders also could view location data from a vehicle’s recent trips and obtain private information on a driver’s whereabouts. Cybersecurity researcher Troy Hunt disclosed the vulnerabilities after discovering them during a workshop. He says the interface that controls communications between the outside world and the car doesn’t authenticate users, so anyone with cursory knowledge of a VIN can access the vehicle via the NissanConnect app and receive responses. Source: Auto Blog

If your teen has PTSD, it might be from cyber bullying

sh_cyber bully_280Hasbro Children’s Hospital researcher Dr. Megan Ranney says nearly a quarter of the teens in a recent study reported signs of post-traumatic stress disorder. Ranney surveyed more than 350 teenagers who landed in Hasbro’s emergency room for various reasons. She says she was surprised by the high rate of PTSD symptoms, and she believes it relates to cyber bullying. “It used to be you would get into a fight with someone in the schoolyard, and maybe it would be something you would have to deal with going on,” Ranney says. “Certainly physical violence is never OK. But it would be left there. You would leave school, and you would go home, and you would be safe. In cyber bullying it surrounds them.” Ranney says just like adults, teens can’t escape their phones, the Internet, social media. Ranney gave computerized questionnaires to teens who showed up in the emergency room over time. Their answers surprised her. Half reported exposure to peer violence, and half also reported being cyber bullied. Source: WNPR, Connecticut

Power to the people whose identities were stolen

A Champaign, Ill., woman who allegedly stole other people’s identities to get thousands of dollars worth of power for her home has been charged with identity theft. The Champaign County state’s attorney’s office charges accuse her of stealing the personal information of four other people to open Ameren Illinois accounts to get power for a home. A woman from Dothan, Ala., contacted police after discovering that an account had been opened with her name and Social Security number. The victim learned of it when a collections agency contacted her trying to get the unpaid balance on the account of more than $2,800. Source: The Champaign, Ill., News Gazette 

New York has an image of itself as driven to serve

sh_DMV_280New York Gov. Andrew Cuomo has announced an enhancement to the state Department of Motor Vehicles’ facial recognition program to combat fraud and identity theft as well as crack down on dangerous drivers. The DMV will have an improved ability to match a photograph to one already contained in the database, by doubling the amount of measurement points mapped to a digitized driver photograph. Cuomo says the new software will help the DMV crack down on lawbreakers, “ultimately keep[ing] the roads safer for drivers and passengers.” The DMV’s facial recognition software works by “converting digital facial photographs into mathematical algorithms and presents trained staff with photo images that have been identified as having similar algorithms.” The new system also will boost the amount of measurement points on the face to 128 from 64. It now will be possible to overlay images, invert colors, and convert color images to black and white to see scars and other identifying features. Source: Jewish Political News & Updates

A frosty response to this hack attack

sh_Wendy's_280A class-action lawsuit claims fast-food chain Wendy’s was negligent in exposing its customers’ credit and debit card information to attackers. The lead plaintiff says in a complaint that hackers used his debit card information to charge almost $600 after he’d used the card at a Wendy’s. The customer claims Wendy’s failed to use adequate safety measures and didn’t notify customers quickly. “Wendy’s could have prevented this data breach,” the complaint states. “While many retailers, banks and card companies responded to recent breaches by adopting technology that helps make transactions more secure, Wendy’s has acknowledged that it did not do so.” Source: Consumerist

It’s a growth industry, but where’s all the green?

The U.S. cybersecurity industry, once one of the hottest targets for venture capitalists, is grappling with a funding slump that has forced some startups to sell themselves or cut spending. Amid widespread concerns about cyber attacks and data breaches, hundreds of security startups have sprung up in recent years, promising “next-generation” technologies to fight cyber criminals, government spies and hacker activists. But many new ventures have struggled to gain traction, finding it difficult to stand out from the crowd and provide customers with sophisticated enough security solutions to match the increasingly advanced cyber attacks they face. “Investors are looking at balance sheets and saying, ‘You raised $100 million and you have nothing to show for it?’ ” said Promod Haque, senior managing partner at Norwest Venture Partners, which manages about $6 billion in capital. Private investors pumped a record $3.3 billion into 229 cybersecurity deals last year, according to data from CB Insights. Venture capitalists, dealmakers and entrepreneurs said funding is drying up for all but the most mature cyber startups with substantial sales. “Almost every other company I knew that was on the road raising money at the same time had to pull their rounds back and were not able to close,” said Michael DeCesare, chief executive of ForeScout Technologies, a network security firm. Source: Reuters

Another OPM officer steps down in wake of data breach

sh_OPM breach_750Office of Personnel Management Chief Information Officer Donna Seymour announced her retirement days before she was scheduled to testify at a House Oversight and Government Reform hearing on a data breach that compromised the records of more than 22 million current and former government employees. Seymour follows in the footsteps of the agency’s previous director, Katherine Archuleta, who stepped down in July after the agency announced that millions of people were affected by the massive hack of OPM networks. Oversight Chairman Jason Chaffetz, R-Utah, who had called for Seymour to be removed following the breach, said, “While I am disappointed Ms. Seymour will no longer appear before our committee this week to answer to the American people, her retirement is necessary and long overdue.” Source: Government Technology

Don’t let Zika fears cause you additional pain

sh_Zika_280Cyber criminals are using the Zika virus outbreak, sending emails claiming to be from Saúde Curiosa (Curious Health), a health and wellness website in Brazil. The subject of the email says, “ZIKA VIRUS! ISSO MESMO, MATANDO COM ÁGUA!” which translates to: “Zika Virus! That’s right, killing it with water!” The email itself uses imagery and text taken from a real article on Saúde Curiosa, but includes buttons and attachments to try to capture the recipient’s attention, such as “Eliminating Mosquito! Click Here!” and “Instructions To Follow! Download.” The result, if you follow this, is a Bitly link that sends you off to a Dropbox location, where a malicious file is downloaded. Source: Beta News

Get by with a little help from your friends in the FTC

The Federal Trade Commission website,, gives victims of identity theft a personalized guide that streamlines many steps to help victims recover. The FTC received more than 490,000 consumer complaints about identity theft last year—a 47 percent increase over 2014. When a consumer files a complaint at the site, it will automatically generate affidavits and pre-fill letters and forms to be sent to credit bureaus, businesses, police, debt collectors and the IRS. The FTC says, “Consumers who file a report will receive follow-up emails and can return to their personalized plan online to continue the recovery process.” Those who run into problems can turn to the FTC website for alternative approaches. Source: The Cincinnati Enquirer


The post Apple has rebuffed previous orders to unlock iPhones, iPads appeared first on Third Certainty.

Offer 24/7 CyberScout Protection

CyberScout's partnership options help you safeguard the identity and privacy of your policyholders, customers, members and employees. Discover how a customized program can help build brand loyalty, customer retention, and quickly generate long-term recurring revenue.

Get Started