Cybersecurity

IT Security Guide: “Financial Impact of Cyber Risk” Released by ANSI and ISA

The American National Standards Institute (ANSI) and the Internet Security Alliance (ISA) released today a new action guide to assist business executives in the analysis, management and transfer of financial risk related to a cyber attack. In 2004, the Congressional Research Service estimated the annual economic impact of cyber attacks on businesses -- which can come from internal networks, the Internet or other private or public systems -- to be more than $226 billion. In 2008, U.S. Department of Homeland Security Secretary Michael Chertoff named cyber risks one of the nation's top four priority security issues. more

The Diet Pill Security Model

The information security industry, lacking social inhibitions, generally rolls its eyes at anything remotely hinting to be a "silver bullet" for security. Despite that obvious hint, marketing teams remain undeterred at labeling their companies upcoming widget as the savior to the next security threat (or the last one -- depending on what's in the news today). I've joked in the past that the very concept of a silver bullet is patently wrong... more

U.S. Justice Department Forms Group to Study National Security Threats of IoT

"The U.S. Justice Department has formed a threat analysis team to study potential national security challenges posed by self-driving cars, medical devices and other Internet-connected tools," reports Dustin Volz from Washington in Reuters" more

Documentary Balmes Israel for Stuxnet Malware Failure

Oscar-winning documentarian Alex Gibney's "Zero Days" -- coming out on Friday -- investigates the story of the classified Stuxnet attack on Iran by the US and Israel. more

Microsoft Releases Patches to Fix Close to a Hundred Flaws, Including for Unsupported Windows XP

Microsoft has released security updates for close to a hundred security vulnerabilities in a number of Windows operating systems. more

Would You Like Your Private Information to be Available on a VHS or Betamax Tape?

When I was a young child growing up in the late 1980s, my parents were lucky enough to be able to afford to have both a VHS-tape video-recorder in the living room and a Betamax tape recorder in their bedroom. This effectively meant that to me, the great video format wars weren't a decade-defining clash of technologies, but rather they consisted mainly of answering the question "in which room can I watch my favorite cartoons?". more

Processing Domain Data to Improve Business Continuity as a Domain Name Registry

In the fall of 2022, around 9,000 numeric domain names such as 0146.se, 0148.se, 0149.se, and so on were registered in the .SE zone. These domains were registered with two registrars, Register.eu and 1API. They had the same kind of SSL certificate, and there were other similarities among them that strongly suggested they were connected. All these domains were registered after September 1, 2022, but not on the same date... more

UK Government Reports Nearly Half of Businesses Identified Cyber Security Breaches in the Past Year

The UK government has released the results of national cybersecurity survey revealing nearly seven in ten large companies in the country have identified a breach or attack in the past 12 months. more

Clothing Retailer Eddie Bauer Confirms Point-Of-Sale Malware, All US, Canadian Stores Infected

In a press release yesterday evening, retailer Eddie Bauer confirmed a point-of-sale malware infection suspected by some sources as early as beginning of last month. more

Denmark Says Russia Has Been Hacking Its Defense Ministry for Past Two Years

According to a new report by the Danish government's Center for Cybersecurity, hackers have breached email accounts and servers at both the Defense Ministry and the Foreign Ministry in 2015 and 2016. more

A Look at the New ISO27001:2013 Revision

Recently the 2013 revisions of the internationally acclaimed standard for information security management, ISO27001 and accompanying 27002, 'Code of practice for information security management controls' were released. Whether you're new to this or are looking for a smooth transition, it's important to reflect on the changes made. Being compliant with the latest information security standards is becoming more and more important these days. more

Dozens of U.S. Government Websites Rendered Either Insecure or Inaccessible Amid Government Shutdown

Dozens of U.S. government websites have become insecure or inaccessible during the ongoing U.S. federal shutdown. more

Attack Traffic: 10 Countries Source of Almost 75% of Internet Attacks

A recent quarterly report titled "State of the Internet" has been released by Akamai providing Internet statistics on the origin of Internet attack traffic, network outages and broadband connectivity levels around the world. According to the report, during the first quarter of 2008, attack traffic originated from 125 unique countries around the world. China and the United States were the two largest traffic sources, accounting for some 30% of traffic in total. The top 10 countries were the source of approximately three quarters (75%) of the attacks measured. Other observations include... more

Biden Administration Bans Federal Agencies from Using Commercial Spyware

The Biden administration has announced an executive order that would ban U.S. federal agencies from using commercially developed spyware that poses threats to human rights and national security. more

Google Limits Some Employees’ Access to the Internet

Google has launched a pilot program to bolster its cybersecurity defenses by limiting internet access for some employees. Initially, Google selected 2,500 participants, but after receiving feedback, it modified the program to allow employees to opt out and invite volunteers to join. more