| | Learn more! -> |  | |  |
| |
Hospital Cited for Inadequate Workplace Violence Safeguards
Occupational Health & Safety (08/13/14)
Brookdale University Hospital and Medical Center in Brooklyn, N.Y., could be fined $78,000 by the Occupational Safety and Health Administration (OSHA) for failing to take sufficient steps for protecting its employees from workplace violence. The proposed fine comes after OSHA conducted an inspection of the hospital's records and found that there had been 40 reported incidents of workplace violence there between Feb. 7 and April 12. Perhaps the most serious of these incidents took place on Feb. 7, when a nurse was attacked while she was on duty and sustained severe brain injuries. Other incidents also involved hospital staffers being threatened or physically or verbally assaulted by patients or visitors. Some of these incidents resulted in injuries to the hospital employees who were involved. Still other incidents involved hospital personnel breaking up fights between patients. OSHA determined that hospital management was aware of these incidents and failed to take "effective measures" for protecting employees from violence. For example, the hospital had a workplace violence program in place but many employees were either unaware that it existed or were not familiar with its purpose or how it worked, OSHA found. The hospital has been ordered by OSHA to "actively and effectively" implement a workplace violence prevention program immediately to protect its employees from future incidents.
Barneys Agrees to Pay $525,000 in Racial Profiling Inquiry
New York Times (08/12/14) Santora, Marc
Barneys New York will pay $525,000 to end an investigation led by New York Attorney General Eric Schneiderman into allegations that it engaged in racial profiling of shoplifting and credit card fraud suspects. The investigation was prompted by complaints from two African-Americans who had shopped at a Barneys New York store in Manhattan and were falsely accused of shoplifting. One of the individuals who filed a complaint says he was chased by plainclothes officers after legally buying a $350 belt. The complainant says the officers seemed to doubt that he could afford to purchase the belt and said that the debit card he used to make the purchase must have been fake. The man was eventually handcuffed and taken to a police station, where he was reportedly held for two hours before being released. Schneiderman subsequently looked into these and other claims, and found that a disproportionate number of people who were detained for allegedly shoplifting or engaging in credit card fraud at Barneys New York were either African-American or Hispanic. Barneys New York is pledging to take a number of steps to ensure racial profiling does not occur in the future, including hiring an "independent anti-profiling consultant" who can help ensure that loss prevention and asset protection efforts do not involve the use of racial profiling.
5 Categories for Better Individual Door Choices
Security Magazine (08/14) Keating, Karen
Looking at electronic access control (EAC) system from an application standpoint can help security professionals determine that the system is performing to the highest standards. An open technology platform is helpful in this regard, as it makes integration of various products seamless and simple and can adapt to any environment in the organization while keeping budgets in check. EAC can be divided into five categories: standard, high security, interior openings and upgrades, specialty, and standalone. Standard EAC secures the perimeter access points in real time, with hardwired card readers and electromagnetic locks. High-security EAC features multi-factor authentication and biometrics. Interior-openings EAC is used mainly for retrofitting applications with integrated electronic locks. Specialty EAC is used in remote or difficult-to-reach locations and features wireless devices. Standalone is used for entrances that do not require real-time monitoring or updating.
Analyzing Hilton's Decision to Allow Guests to Use Smartphones as Room Keys
SecurityInfoWatch.com (08/11/14) Griffin, Joel
Hilton Worldwide recently made a change that will allow guests to use their smartphones instead of magnetic-stripe cards to access hotel rooms. This decision will have long-lasting security implications across the industry and beyond. As Terry Gold, the founder of the research and advisory firm IDanalyst, points out, the Hilton change is indicative of a larger shift towards mobile devices being used for access control, although he is not sure yet how risky that shift may be. "At the end of the day, in my opinion as an analyst, we all know mobile is where (the market) is going ... But, what we do know about mobile is that it is incredibly insecure right now." That said, Gold acknowledges that traditional magnetic stripe cards are also insecure. Gold says the success of using mobile devices for access control ultimately depends on how such a solution is implemented and whether risk assessments are conducted to ensure that the implementation takes into account security concerns.
NTN, NCIS Conduct Raid to Fight Counterfeit Bearings
Industrial Distribution (08/14) Keough, Jack
NTN Bearing, in conjunction with the Naval Criminal Investigative Service (NCIS), recently participated in a joint raid on a bearing storage site near Charleston, S.C., after NCIS agents concluded the warehouse was unlawfully distributing low quality, counterfeited bearings directly to consumers. Hundreds of fake NTN products and counterfeited merchandise of several other major Japan- and U.S.- based manufacturers were confiscated. NTN application engineers helped U.S. Naval agents in identifying suspect product and packaging sporting bogus NTN company logos. All of the suspicious products were seized and cataloged to assist in future prosecution and probes of illegal bearing counterfeiting. The raid was part of NTN's ongoing pledge to spearhead the fight against counterfeit bearings. The company is an active member of the World Bearing Association, a coalition of bearing manufacturers that seek to guarantee the safety of worldwide consumers.
Iraq Crisis: Islamic State Now Threat to West, Says U.S.
Wall Street Journal (08/15/14) Gorman, Siobhan; El-Ghobashy, Tamer; Malas, Nour
Several U.S. intelligence officials issued warnings on Thursday about the threat from the Islamic State, the militant group that has been on the march through northern Iraq over the last several months. The officials noted that the group's efforts to create an Islamic caliphate in Iraq and Syria are ultimately aimed at establishing a base from which to stage attacks against the West. However, the Islamic State is currently focused on staging local attacks for now. One official said the group may also be planning to export terrorism by having its Western fighters return to their home countries to establish terrorist cells there. The officials noted that the Islamic State will be difficult to defeat for a variety of reasons, including the instability in the Middle East, the lack of adequate security in Iraq and Syria, and growing sectarianism--all factors that have helped it become stronger over the last several months. One official added that the Islamic State cannot be eradicated until "some of the broader issues in the Arab world" are dealt with. "This is not a problem that can simply be dealt with by bringing out some of the counterterrorism tools we have used in the past," the official said. "The idea that the group can just be rooted out somehow is probably not the right way to think about it."
Missouri Protests Calmer After Governor Puts Black Police Captain in Charge
Reuters (08/15/14) Carey, Nick
Protests over the shooting death of an unarmed black teenager by a white police officer continued in Ferguson, Mo., Thursday night, but were much more peaceful than earlier in the week after Missouri Gov. Jay Nixon turned crowd control over to a black Highway Patrol captain and a squad of black officers. Unlike the local police who have handled the protests up to this point, Highway Patrol Captain Ron Johnson and his officers chose not to wear riot gear and mingled with the crowd of demonstrators. Previous nights saw armored riot police clashing with protestors, firing tear gas, smoke bombs, and stun grenades. The move may have helped diffuse racial tensions, as most of the Ferguson Police Department is staffed with white officers, while the majority of the town's population is African-American. Meanwhile, protestors demanded the release of the name of the officer responsible for Michael Brown's death and called for the removal St. Louis County prosecutor Bob McCullough, who was critical of Nixon's decision to put Johnson in charge of security in Ferguson, from the county's investigation into the shooting. Police say they plan to reveal the name of the officer who shot Brown on Friday, following public attempts by members of the hacker collective Anonymous to steal the name from police computer systems.
'Whitey' Bulger Appeals, Calling Conviction Unfair
Boston Globe (08/14/14) Murphy, Shelley
Lawyers for mobster James "Whitey" Bulger sought to convince a federal appeals court to reverse his 2013 conviction on 11 counts of murder on Thursday. Bulger's attorneys, Hank Brennan and James Budreau, wrote in a court filing that their client's conviction was unfair because U.S. District Judge Denise Casper prevented Bulger from testifying that he had been granted immunity from his crimes by now-deceased U.S. prosecutor Jeremiah T. O'Sullivan. Casper barred Bulger from presenting this defense on the grounds that that the former crime boss had presented no documentation to back up the assertion, and that O'Sullivan would not have had the authority to grant such sweeping immunity to Bulger. Bryan T. Kelly, part of the team that prosecuted Bulger, said the mobster had instead chosen not to testify because he did not want to face a withering cross examination about his role in the 19 murders with which he was charged. Prosecutors have 30 days to respond to Bulger's appeal.
Experts Warn of Terrorism Blowback From Iraq Air Strikes
Time (08/10/14) Crowley, Michael
Rand Corp. terrorism expert Seth Jones warns that recent U.S. airstrikes against the Islamic State of Iraq and Syria's positions in Iraq could increase the chances that the group or its followers will attack the United States. Former top State Department counterterrorism official Daniel Benjamin agrees, but added that U.S. policies should not be influenced by such threats. Already, ISIS has openly threatened the United States, with a spokesperson saying the group will "raise the flag of Allah in the White House." Even though those threats have been frequent, thus far the group appears to remain focused on Iraq and Syria. However, intelligence officials continue to monitor the threat posed by ISIS. The group "has previously stated its willingness to strike targets outside of the region" and the intelligence community is "working in close coordination" with intelligence agencies in allied nations to track such threats, says Brian Hale of the Office of the Director of National Intelligence.
Fighters Abandoning al-Qaida Affiliates to Join Islamic State, U.S. Officials Say
Washington Post (DC) (08/09/14) Miller, Greg
The CIA and counterterrorism officials in the U.S. say they are beginning to see fighters leaving al-Qaida affiliates in Yemen and Africa to join the Islamic State (IS) in Iraq and Syria. Officials say the defections are problematic as they may be signs that IS is gaining popularity. Officials say the group's quickly rising popularity and strength can be linked to skilled fighters and infamous fighting tactics. IS also grew in strength when unhappy Sunni soldiers in Iraq abandoned the Shiite controlled government. Analysts add that the style of attacks often used by IS is in contrast to drawn out terror plots popular among al-Qaida groups. Despite the defections, there are no signs that al-Qaida leaders or groups are willing to join IS. Recent airstrikes by the U.S. may also play a factor in recruitment for IS. Security experts are not sure if the airstrikes will encourage more to join or slow recruitment efforts. Longer term problems may include IS turning a focus to attacks on the U.S. and its allies.
Report: NSA Eyed Preset Strikes in Cyber Attacks
Associated Press (08/13/14) Gillum, Jack
The National Security Agency (NSA) had plans in the works to set up a system that would allow the United States to automatically retaliate against any cyberattacks originating from foreign countries, according to interviews with former NSA contractor Edward Snowden. The program, known as MonsterMind, was never implemented but would have allowed the military to begin determining where a cyberattack originated by tracking digital "traffic patterns." A report released by Wired based on those interview indicates that Snowden raised concerns that the program could have resulted in attacks on an innocent party if the tracking was inaccurate. "You could have someone sitting in China, for example, making it appear that one of these attacks is originating in Russia. And then we end up shooting back at a Russian hospital," Snowden said. "What happens next?" The NSA did not respond to the Wired report, but spokesperson Vanee Vines said "If Mr. Snowden wants to discuss his activities, that conversation should be held with the U.S. Department of Justice. He needs to return to the United States to face the charges against him."
Malware No Longer Avoids Virtual Machines
IDG News Service (08/13/14) Kirk, Jeremy
The majority of malware no longer automatically disable themselves when running on a virtual machine, according to Symantec researchers. They studied 200,000 malware samples gathered from Symantec clients since 2012 and tested them on both a VM and non-virtual machine and found that only 18 percent stopped executing when on a VM. Symantec's Candid Wueest says although it used to be prudent for malware to disable itself on a VM as a means of evading automated detection tools, the increased use of VMs across the enterprise and government space means such a feature limits malware's effectiveness. Indeed, several attacks have been detected over the years that explicitly target VMs as a means of gaining access to the servers they run on. More run-of-the-mill malware have taken to using different tactics to evade detection on VMs, such as waiting a certain amount of time or waiting for a certain number of left-mouse clicks before launching their payload, foiling automated systems that check for malicious activity only in the minutes after startup. To defend VMs against such malware, Symantec recommends hardening host servers, regularly patching VMs, and using anti-malware software.
U.S. Migration to EMV Gathers Momentum
Finextra (08/13/14)
More than 575 million U.S. payment cards will offer EMV chip security by the end of 2015, according to the Payments Security Task Force (PST) established by Visa and MasterCard. "The move toward enhanced security for cardholders and merchants is real and tangible," says MasterCard's Chris McWilton. "We're gaining alignment around the most significant challenges where the industry needs to have a common foundation." The initial hesitation of many financial institutions to move to EMV, borne out of various unresolved issues related to the technology, appears to have given way largely because of the 2013 Target retail breach. Recent research from Pulse estimated 86 percent of U.S. institutions plan to start issuing EMV-based chip cards within the next two years. Nine PST members have projected that 50 percent of their cards will be EMV-enabled by the end of next year.
Data Breaches and High-Risk Vulnerabilities Continue to Dominate
Help Net Security (08/12/14)
There have been more than 400 data breaches this year through July 15, resulting in more than 10 million personal records being exposed, according to Trend Micro. Customer names, passwords, email addresses, and birthdates were among the different types of information exposed in some of the breaches. The report also notes the severity and volume of attacks is on the rise, underscoring the need for organizations to engage in incident response planning and carry out security awareness initiatives that aim to educate all their employees. Trend Micro also offers several other recommendations for how organizations can improve cybersecurity in the face of a growing number of increasingly sophisticated cyberattacks. Trend Micro's Raimund Genes says organizations need to take a more comprehensive approach to cybersecurity, particularly by integrating their cybersecurity strategies into their long-term business strategies instead of simply handling security issues as "tertiary, minor setbacks." Meanwhile, Trend Micro's JD Sherry calls on organizations to take a collaborative approach involving both internal and external stakeholders to amass the resources they need to protect themselves from cyberattacks and respond to any attacks that may take place.
CloudBot: A Free, Malwareless Alternative to Traditional Botnets
Dark Reading (08/11/14) Peters, Sara
Cybersecurity researchers Rob Ragan and Oscar Salazar presented a proof of concept at the recent Black Hat conference for assembling a botnet using cloud providers that host infrastructure or development platforms. They say they were easily able to assemble a cloudbot with more than a terabyte of free storage space by automating the process of signing up for cloud services that were offered for free or as a free trial. The researchers note their technique did not involve a significant investment in money or equipment, as they only needed a basic laptop with a browser that was connected to the Internet. In addition, Ragan and Salazar say the size of the cloudbot they built could have been even bigger if they had simply chosen to invest the effort into signing up for more free cloud services using their automated process. The researchers say cybercriminals may already be creating botnets using cloud services for the purpose of carrying out distributed denial-of-service attacks or other types of attacks, due to the advantages this technique affords compared to using traditional botnets. For example, cloudbots are always available and have access to high-bandwidth Internet connections, while traditional botnets are composed of personal computers that are shut down at times and may be on slow Internet connections. Ragan and Salazar urge cloud providers to address this potential threat by using anti-automation measures such as CAPTCHAs during their sign-up processes, particularly when there are a large number of registrations during a short period of time.
Abstracts Copyright © 2014 Information, Inc. Bethesda, MD |
|
No comments:
Post a Comment