CyberScout is the nation’s premier consultative provider of identity and data risk management, resolution and education services.

Treasury tracking system hits a rut

Treasury tracking system hits a rut
July 24, 2015

Lax security left the U.S. Treasury’s computer system for tracking overseas threats to the U.S. financial system vulnerable to hackers, according to a government audit prepared in late 2014 and obtained by Reuters. U.S. spy agencies use the Treasury Foreign Intelligence Network to share secret information and to keep tabs on the impact of sanctions against countries such as Iran and Russia, as well as militant groups such as Hezbollah. The report gave no indication the foreign intelligence network had been hacked. But auditors found up to 29 percent of Treasury’s devices connected to the intelligence network did not meet federal cybersecurity standards. Source: Reuters

sh_china hac_400

No finger-pointing here

The Obama administration has decided against publicly blaming China for the intrusion, in part out of reluctance to reveal the evidence that U.S. investigators have assembled, officials said. The administration also appears to have refrained from any direct retaliation against China or attempt to use cyber measures to corrupt or destroy sensitive data stolen from the Office of Personnel Management. “We have chosen not to make any official assertions about attribution at this point,” said a senior administration official, despite the widely held conviction that Beijing was responsible. The official cited factors including concern that making a public case against China could require exposing details of the United States’ espionage and cyber-space capabilities. The official was among several who spoke on the condition of anonymity to describe internal deliberations. Source: The Washington Post

A rebuttal to an appeal

If you’re prone to butt-dialing your friends, you might want to start locking your phone. A federal court ruled that if you accidentally call someone—with your gluteal region or otherwise— you’re not protected by a right to privacy if someone overhears sensitive information. The case began when Carol Spaw, assistant to the CEO of the Cincinnati/Northern Kentucky International Airport, was butt-dialed by James Huff, chairman of the airport’s board. Spaw overheard Huff talking to his wife about firing the CEO, so she took notes and reported it to other members of the board. Huff then sued Spaw, alleging it was illegal to intercept electronic or oral communications intentionally. Appeals Judge Danny Boggs likened butt-dialing to leaving your windows uncovered—the law doesn’t protect you from passers-by looking into your house. Source: The Next Web

sh_baby monitor_400

Watching the baby in a bad way

Police in Ontario, Canada, are warning about the use of Internet-connected cameras after a webcam placed in a baby’s nursery was hacked. A parent was rocking a child to sleep in the nursery when the camera used to monitor the room was remotely hacked, playing eerie music, and a voice could be heard indicating the parent and child were being watched, police said. The home’s router had been hacked. Police say parents should be cautious when using cameras or other monitoring systems, many of which have a default mode allowing them to be controlled remotely. Source: CBC News

UCLA likely to put up defensive line

A UCLA Health patient filed a class-action suit against the health care provider, saying it inadequately stored personal and medical information. The patient was a potential victim in a recent cyber attack against UCLA Health’s computer network, which may have exposed personal and medical information of as many as 4.5 million patients. The lawsuit, filed against UCLA Health and the University of California Board of Regents, seeks monetary or statutory compensation and any form of relief UCLA Health and the Board of Regents can provide for patients affected by the cyber attack. UCLA officials said even though there is evidence hackers had access to the personal information, there is no evidence that the information actually was taken. Source: The Daily Bruin of UCLA

sh_twitter icon_400

Toughen up like Twitter

Twitter’s trust and information security officer says companies worry too much about elite types of attacks and not enough about following security basics, such as knowing where the company’s data is, knowing where its machines are, patching them quickly and controlling who has access to information. “You don’t need to worry about someone parachuting through your chimney when you don’t close the back door to your house,” said Michael Coates. Twitter encrypts all communication between its site and the user’s browser, and uses transport layer security, a cryptographic protocol designed to protect communications over a network from eavesdropping. Source: The Wall Street Journal


Dancing to the jailhouse rock

Three Estonian men were sentenced to more than three years in prison for their roles in an Internet scheme that infected more than 4 million computers in more than 100 countries. Judge Lewis Kaplan imposed the sentences. “It’s hard to pick up a newspaper this summer without reading about another (breach),” Kaplan said. Prosecutors say the men and others made more than $14 million in the fraud that affected computers belonging to government agencies such as NASA, along with educational institutions, nonprofit organizations, businesses and individuals. Source: The Associated Press via NBC News

Patch me up

Google has patched 43 security problems, many critical, in an update to the Chrome browser. Google pushed Chrome 44 for Windows, Mac and Linux to the stable channel and for public release, with 43 bugs being fixed. The most critical issues include universal cross-site scripting flaws in Chrome for Android and the Chrome Blink layout engine, heap-buffer-overflow errors, a flaw that allows executable files to run immediately after download and a content security policy bypass in the Chrome browser. Source: CNet

Offer 24/7 CyberScout Protection

CyberScout's partnership options help you safeguard the identity and privacy of your policyholders, customers, members and employees. Discover how a customized program can help build brand loyalty, customer retention, and quickly generate long-term recurring revenue.

Get Started