CyberScout is the nation’s premier consultative provider of identity and data risk management, resolution and education services.

FBI might not need Apple to crack iPhone

FBI might not need Apple to crack iPhone
March 25, 2016


Federal prosecutors say an outside party has come forward with a technique that might unlock the iPhone used by San Bernardino, California, terrorist Syed Rizwan Farook without Apple’s cooperation. A magistrate judge approved the FBI’s request for continuation, staying the court order placed on Apple more than a month ago. The FBI has until April 5 to test a method that the bureau says could potentially unlock the phone without Apple’s assistance. If that method is successful, the motion to compel Apple’s help and build a security-breaking “GovtOS” system would be dropped, ending a monthlong legal standoff between Apple and the Department of Justice. Sources: The Verge; The Los Angeles Times

These mice aren’t blind to their risks

sh_wireless mouse_280Researchers from cybersecurity startup Bastille found that wireless mice made by HP, Dell, Lenovo and Amazon could be security risks as they do not take advantage of encryption. Marc Newlin of Bastille said, “That makes it possible for the attacker to send unencrypted traffic to the dongle pretending to be a keyboard and have it result as keystrokes on your computer. This would be the same as if the attacker was sitting at your computer typing on the computer.” The hack only works for Wi-Fi-based wireless mice, and Bluetooth mice do not seem to be susceptible to the hack. Source: Ubergizmo

Prognosis uncertain in class actions against health firm

sh_class action_280More than 300 people have joined three separate class-action lawsuits against 21st Century Oncology, claiming the company failed to take adequate security measures in protecting electronic medical records, resulting in a cyber breach exposing them to “substantial financial and other injury and damage.” The lawsuits, brought on behalf of three patients, come nearly two weeks after the company announced that medical records of at least 2.2 million current and former patients were illegally obtained through a security breach. The Fort Myers, Florida, cancer-care giant said they have no evidence that patient information was misused or that employee data was obtained. The plaintiffs are asking for more than $15 million from 21st Century, accusing the company of multiple violations including negligence, unjust enrichment and breach of implied covenant of good faith and fair dealing. A 21st Century spokeswoman said the company does not comment on pending litigation. Source: WINK, Fort Myers, Fla.

It’s not all water under the bridge

sh_dam_280More than six Iranians will be slapped with criminal charges for helping their government allegedly hack into the systems of a New York dam and nearly 50 major U.S. financial institutions. Under a federal indictment, the hackers will be charged with conspiracy to commit computer intrusion and unauthorized access to a protected computer. The FBI learned that the hackers gained access to back office systems at the Bowman Avenue Dam in Rye Brook, N.Y., but failed to breach the operational systems. Investigators believe that the cyber attack was a test run. The defendants also “planned and executed large-scale cyber attacks against nearly 50 major financial instructions in the U.S. in coordination and at the behest of the government of Iran.” Source: The New York Post

Schooling the newly elected

Colorado Gov. John Hickenlooper hopes to address a knowledge gap in cybersecurity with the new National Cybersecurity Intelligence Center, housed at the University of Colorado at Colorado Springs. The center aims to be the country’s foremost authority on cybersecurity research and development, training and education. One of the things I was “struck by was that … [elected officials] were woefully ill informed … [on] how many different points of weaknesses there are and how serious the consequences are if one of those points of weaknesses is breached,” Hickenlooper said. The Center could be a place where elected officials could come and get a realistic and pragmatic education on cybersecurity and their roles within that environment.  “We’re not trying to teach people how to write code … We want to have a place where those individuals can be brought up to speed very rapidly,” he said. Source: GCN magazine

No rocking and rolling all night anytime soon

sh_music fest_280The organizers of a huge music festival featuring more than 50 acts was derailed by a cyber attack forcing the promoters to reschedule the event for later this summer. The Orlando Moonstone Music Festival organizers have given out few details regarding exactly what happened, but in a news release they said the postponement was due to a cyber incident. “The date change is based on the company suffering from a major cyber fraud crime. An ongoing investigation in now in process—by local law enforcement and the FBI—of cyber fraud involving a major Tampa, Florida, bank and other local businesses,” the organizers said. The show was to run from April 30 to May 1 at the Central Florida Fairgrounds & Exposition Park, but now will be held Sept. 25-26. The show was to be headlined by the likes of Kiss, Def Leppard and Queensryche, but the organizers said the postponed version will likely have a different lineup. Source: SC magazine

Syrian group members charged in hacks

Three members of a Syrian hacker collective that hijacked the websites and social-media platforms of prominent U.S. media organizations and the U.S. military were charged in federal court with multiple conspiracies related to computer hacking. Amad Umar Agha, Firas Dardar, and Peter Romar were charged with criminal conspiracies related to their roles targeting Internet sites—in the United States and abroad—on behalf of the Syrian Electronic Army, a group of hackers that supports the regime of Syrian President Bashar al-Assad. The affected sites—which included computer systems in the Executive Office of the President in 2011 and a Marine recruitment website in 2013—were deemed by SEA to be antagonistic toward the Syrian government. Source:

Health sites take a hit from hackers

sh_health insurance_280The Web portal used by millions to purchase health insurance under the Affordable Care Act logged 316 cybersecurity incidents during an 18-month period, a government report revealed. None of the 316 attempts compromised sensitive information, such as the personal data of those shopping for health plans on the site, according to the report. Most incidents involved electronic probing of the site’s systems by potential attackers looking for weaknesses. But the watchdog did find a number of flaws in how the Centers for Medicare and Medicaid Services—which administers—protects a key data hub. The data hub sends site users’ personal data to various federal agencies, including the Internal Revenue Service and Homeland Security, to verify the information. The Government Accountability Office dinged the agency for not consistently patching security flaws and for insufficiently restricting administrator privileges, as well as an insecure configuration of the network. Source: The Hill

Taking my toys and going home

More than a third of private-sector cybersecurity professionals hesitate to share cyber-threat intelligence across their industries, even as a reciprocal measure, and only a minority actively participate in information-sharing initiatives, according to a new survey. McAfee Lab’s poll of 500 security professionals from many different industries and businesses showed that only 42 percent are actively engaged in private-sector cyber-threat intelligence sharing initiatives, which involve the exchange of information about threat actors, exploit targets and attack techniques. While eight out of 10 surveyed were aware of cyber-threat sharing initiatives and 91 percent said they would be interested in receiving information relevant to their industry, only 63 percent said they would be likely to reciprocate by sharing their own intelligence. Source: FedScoop

Ensnaring a military-minded man

A Chinese man has pleaded guilty to being involved in a plot to hack into systems containing sensitive U.S. military data. Su Bin is believed to have been part of a group targeting data relating to fighter jets, cargo aircraft and weapons. The Department of Justice stopped short of saying the Chinese government was involved in buying the secrets from Su and his co-conspirators. Source: BBC

Ride along to a hack, get a reward

sh_Uber_280Ride-hailing app Uber is offering hackers up to $10,000 to hack its system to uncover flaws, the company said. Uber has released a “treasure map” of its software infrastructure, highlighting what each part does and the potential security vulnerabilities present. Uber’s launch of its prize program highlights the growing acceptance of the method amid an increasingly dangerous threat of hacking. “Even with a team of highly qualified and well-trained security experts, you need to be constantly on the lookout for ways to improve,” said Joe Sullivan, chief security officer at Uber. “This bug bounty program will help ensure that our code is as secure as possible.” Source: NBC News

Losing one of our defenders

One of the nation’s top business regulators will step down to help companies navigate the complex legal issues surrounding privacy and data security. Julie Brill, a commissioner at the Federal Trade Commission, will be heading into private practice at the law firm Hogan Lovells after her last day at the FTC, expected to be March 31. As one of five commissioners, Brill took a leading role in calling for greater scrutiny of data brokers—companies that trade in the commercial and behavioral information generated when consumers surf the Web or use their credit cards. She also pressed the FTC to look into how data can be used to marginalize vulnerable Americans, and played a role in hammering out a new U.S.-European agreement governing the flow of data across the Atlantic. Source: The Washington Post



The post FBI might not need Apple to crack iPhone appeared first on Third Certainty.

Offer 24/7 CyberScout Protection

CyberScout's partnership options help you safeguard the identity and privacy of your policyholders, customers, members and employees. Discover how a customized program can help build brand loyalty, customer retention, and quickly generate long-term recurring revenue.

Get Started