Most infosec pros believe election hacks are acts of cyber war

Most infosec pros believe election hacks are acts of cyber war.
IT security professionals believe the effects of cyber attacks on elections go beyond diminishing confidence in the democratic process, according to a Venafi survey of 296 IT security professionals at Black Hat USA 2017.
Seventy-eight percent said they would consider it an act of cyber war if a nation-state was found to have hacked, or attempted to hack, another country’s election.
Intelligence agencies have determined that nation-states have already targeted elections globally, including in the U.S. A report from the NSA recently revealed that Russia launched a cyber attack on VR Systems, an election systems provider, prior to the 2016 U.S. presidential election.
“The definition of an act of war is an action by one country against another which is an immediate threat to peace,” said Jeff Hudson, CEO of Venafi.
“An attempt at election hacking could easily be considered an act of cyber war.
The intent is to undermine the foundation of government, which is responsible for protecting the country.
Malicious actors have the ability to alter voting databases, delay vote counts and subvert trust in the election process.” Additional findings include: Eighty-eight percent believe governments have not done enough to deter hackers from interfering with future elections.
Over a quarter (twenty-seven percent) believe attackers have already altered election results.
Voting machines are lucrative targets for cyber criminals and nation-state attackers, and unfortunately, many of them have vulnerabilities that can be easily exploited by these bad actors.

Equifax Breach Shows Need for Identity Theft Protection

Equifax Breach Shows Need for Identity Theft Protection.
Need for identity theft protection To get more insights into the Equifax breach and how consumers can better protect themselves from identity theft, we spoke with Paige Schaffer, President & COO at the Identity and Digital Protection Services Global Unit of Generali Global Assistance.
On top of that, another almost 400,000 people had their credit card numbers or dispute documents containing sensitive personally identifiable information (PII) accessed.
This is the third time in recent times that Equifax companies have been hacked.
Companies that store consumers’ Social Security numbers, addresses, dates of birth, driver’s license numbers, or any combination of this type of sensitive data, are going to be more of a target to hackers.
It’s easy to understand why consumers can sometimes feel like they have no control in regards to what information goes to credit reporting agencies, as they don’t have the option of electing not to do business with a credit bureau in the way that they might with traditional businesses.
Looking at this breach specifically, Equifax waited 40 days to disclose the breach to the public.
They’re now offering one year of free credit monitoring services to those impacted, but again, hackers already had 40 days to do what they wanted with the compromised data.
What other advice do you have for consumers to protect themselves against identity theft?
The best course of action is to get an identity theft protection program that includes credit monitoring, identity monitoring, online data protection, and resolution services.

Hackers threaten energy facilities

Hackers threaten energy facilities.
See Also The Internet of Everything — $12.6 trillion ROI expected over the next decade [SLIDE DECK] There will be 24 billion IoT devices installed on Earth by 2020 THE IoT PLATFORMS REPORT: How software is helping the Internet of Things evolve This story was delivered to BI Intelligence IoT Briefing subscribers.
A group of hackers, part of a group known as Dragonfly 2.0, have gained access to energy systems in the US, Switzerland, and Turkey, according to a new report from security firm Symantec.
And it appears that Dragonfly 2.0 has pursued a similar distribution strategy, using phishing to infect systems and steal employee login credentials that give it access to the power grid.
In others, the motivation is political, such as when Russian hackers reportedly shut down Ukrainian power plants that provide electricity for nearly 200,000 people.
Among these recommendations are the use of more complex passwords, defense systems that use multiple firewalls along with gateway and intrusion monitoring, and phishing education to prevent employees from inadvertently exposing the network to malware.
Many IoT software vendors include a number of measures already, offering security tools like intrusion monitoring and network segmentation.
Peter Newman, research analyst for BI Intelligence, Business Insider’s premium research service, has conducted an exclusive study with in-depth research into the field and created a detailed report on the IoT that: Provides a primer on the basics of the IoT ecosystem Offers forecasts for the IoT moving forward and highlights areas of interest in the coming years Looks at who is and is not adopting the IoT, and why Highlights drivers and challenges facing companies implementing IoT solutions To get the full report, subscribe to an ALL-ACCESS Membership with BI Intelligence and gain immediate access to this report AND more than 250 other expertly researched deep-dive reports, subscriptions to all of our daily newsletters, and much more.
>> Learn More Now You can also purchase the report and download it immediately from our research store.
Learn more: What is the Internet of Things?

Hurricane Irma and Equifax Data Breach – 5 Things You Must Know

No compatible source was found for this media.
— U.S. stock futures traded lower on Friday, Sept. 8, as Hurricane Irma made its way toward Florida and investors feared the possibility of a missile launch in North Korea over the weekend.
The U.S. dollar hovered near a two-and-a-half year low on Friday as investors tracked Irma and counted the ultimate cost of this year’s historic storm season on the world’s biggest economy.
Most recently, the dollar index traded at 91.12.
ET, and the weekly Baker Hughes Rig Count at 1 p.m. 2.
— The U.S. National Hurricane Center said Friday that it lowered its assessment on Hurricane Irma to a category 4 storm but cautioned that it was still “extremely dangerous” and could bring “life-threatening” conditions around all of Florida when it makes landfall late Saturday, Sept. 9. “Irma is likely to make landfall in southern Florida as a dangerous major hurricane,” the NHC said in an update at 5 a.m. “This is a life-threatening situation.
Equifax shares fell 13.5% in premarket trading on Friday.
Separately, three Equifax senior executives sold shares worth almost $1.8 million in the days after the company discovered the breach, Bloomberg reported.
The executives had not yet been informed of the incident, the company said.

Information security & the risks for the legal sector

Information security & the risks for the legal sector.
With the European Union’s General Data Protection Regulations (GDPR) due to come into force in May 2018, legal firms that fail to appropriately secure personal data will face severe fines in the event of a breach.
Furthermore, should a firm be fined under GDPR they are also likely to face personal litigation from the individuals whose data is lost.
An individual’s name?
That’s certainly personal information.
For years, we have understood personal data in terms of the Data Protection Act 1998: that personal data is any data, whether by itself or when combined with any other data you possess or are likely to possess, by which a living individual is identifiable.
An email address, whether it is a.smith@company.co.uk or ITmanager@company.co.uk or even shared email addresses can identify an individual, either on their own or by processing other data.
There are several ways in which a law firm could find itself vulnerable to a personal data breach.
The latter, while enabling access to those who require it, also enables individuals who should not have permission to access the same files.
When in court during a case, it may be necessary to phone a colleague to ask for information or documents to be sent via email.

Watch Out For These 5 Ways Hackers Target Small Businesses

Watch Out For These 5 Ways Hackers Target Small Businesses.
WannaCry infected computers and encrypted the operating systems of those it attached to.
The best way to combat something like this is to keep all your security, malware and antivirus tools up to date, both at home and at work.
In addition, always pay attention to the URL or link of the site you are visiting.
These emails looked legitimate because they resembled the real emails users receive when someone invites them to access a shared document via the service.
The problem is, clicking on these fraudulent links would bring the users to a third-party app, which allowed hackers to gain access to connected Gmail accounts.
Furthermore, take the necessary precautions to protect and encrypt any and all data passing through these systems.
What’s the best way to protect yourself and your business from something like this?
It’s best to educate as many of those involved, teaching them how to protect not just themselves, but the organizations and companies they work with.
Security Articles Kayla Matthews affected allowed hackers business businesses content data gain access google docs kayla matthews necessary precautions to protect phishing phishing scam precautions to protect protect scam sensitive data sensitive information small businesses tools up to date trap of thinking

The Privacy Countdown is On: California’s Legislature Has Days to Decide to Protect Your Personal Data from Big Telecom

375, his committee is the bottleneck, because the Senate cannot even vote on it until the committee moves the bill.
375, his committee is the bottleneck, because the Senate cannot even vote on it until the committee moves the bill.
375, his committee is the bottleneck, because the Senate cannot even vote on it until the committee moves the bill.
375, his committee is the bottleneck, because the Senate cannot even vote on it until the committee moves the bill.
375, his committee is the bottleneck, because the Senate cannot even vote on it until the committee moves the bill.
375, his committee is the bottleneck, because the Senate cannot even vote on it until the committee moves the bill.
375, his committee is the bottleneck, because the Senate cannot even vote on it until the committee moves the bill.
375, his committee is the bottleneck, because the Senate cannot even vote on it until the committee moves the bill.
375, his committee is the bottleneck, because the Senate cannot even vote on it until the committee moves the bill.
375, his committee is the bottleneck, because the Senate cannot even vote on it until the committee moves the bill.

Can ransomware hijack Mac backups? Yes, but…

Can ransomware hijack Mac backups?
Yes, but…. Mac users have so far avoided the scourge of ransomware sweeping the Windows world, where it’s the fastest-growing category of malware due to its simplicity: it encrypts your documents after gaining a foothold to run, and doesn’t have to mess with system-level stuff at all.
Reader Dave has a concern related to backups though, after reading my recent article about the best hosted backup services for encrypted protection: If I am primarily worried about ransomware on my Mac, which of those backup services do you recommend?
If I buy my own backup device, I understand that it can also be taken over by the same ransomware.
True?
This is a really terrific question, since ransomware can run quietly over a period of time, or execute while you’re sleeping, leading to encrypted files winding up in your backup set, whether on a remote, cloud-based backup system or with Time Capsule or clones.
Since ransomware has only appeared on Macs in small amounts, probably entirely through Trojan horses inserted into subverted software downloads, it’s speculative to know exactly how a widespread attack would operate.
These backups incorporate archived versions of old versions of files and retaining some deleted files, while adding new ones.
With Time Machine backups through a directly connected or network-mounted drive, including a Time Capsule, your files should also remain intact.
Mac 911 can’t reply to—nor publish an answer to—every question, and we don’t provide direct troubleshooting advice.

Verizon’s new opt-in rewards program requires users to share personal data for ad-targeting

Verizon’s new opt-in rewards program requires users to share personal data for ad-targeting.
While revenue generated by the company’s core wireless business in 2016 was 2.7 per cent down on the year before.
(For “optimize the monetization” read: target ads to our existing subscriber-base to ramp up our share of the digital advertising market.)
A legal disclaimer on the Verizon Up sign up page notes that only those customers who sign up for Verizon Select are eligible for the rewards program.
It’s Verizon’s ad-targeting program, which targets marketing based on users’ personal data.
Verizon Selects targets ads based on users’ web browsing, app usage, device location, use of Verizon services and “other other information about you (such as your postal/email addresses, demographics, and interests)” — sharing this information with Oath (aka the digital media entity formed after the recent merging of Verizon acquisitions, AOL and Yahoo) in order to power wider ad-targeting of Verizon users across its devices and services.
The wider context here is that Oath is Verizon’s bid to better compete for digital ad spend with the personal-data-harvesting ad-targeting specialists of the Internet: aka Google and Facebook.
Regulation of how telcos can use personal data has typically been tighter than for Internet services but earlier this year the FCC reversed tighter privacy rules for broadband providers — thereby giving giants like Verizon more room for their data-harvesting, ad-tracking manoeuvres.
As TechCrunch wrote in March, when the broadband privacy rules were reversed — ISPs can record and sell your browsing history, data on which apps and services you use and so on.
Verizon users opting to share their personal data with Oath for ad-targeting purposes can withdraw their consent (via logging in to a preferences page) — however an FAQ on the program suggests that users’ data is unlikely to be immediately deleted.

How do you secure the cloud? New data points a way

How do you secure the cloud?
Data from cloud security provider Alert Logic shows the nature and volume of risk for each form of cloud environment as compared to an on-premises data center.
Key findings include: Hybrid cloud environments experienced the highest average number of incidents per customer at 977, followed by hosted private cloud (684), on-premises data center (612), and public cloud (405).
Whether it’s a public, private or hybrid cloud environment, web application threats are dominant.
“It’s possible to keep these systems secure, but only if you understand what web frameworks and platforms your development teams tend to use.
“You can only do this if you automate your deployments, but you will gain the level of control over your infrastructure you could never achieve in traditional data centers,” says Govshteyn.
It’s not just data that security teams have limited visibility into.
While security operations are responsible for cloud security at 69 percent of the respondents’ organizations, cloud operations (54 percent) or network operations are also involved.
The same security tools that are deployed on-premise will be able to also secure the cloud – so cloud and security teams need to communicate.” What type of person should take point on the organization’s cloud security?
“In the last few years, this tends to be the IT operations team or an enterprise security team, but there is always an architect-level individual contributor or dedicated cloud security team at the core of this effort.