| |
Five Tips on Preventing Workplace Violence
Employer LINC (10/15/2014) Bruce, Philip
Attorney Philip Bruce says there are five things employers can do to balance safety and security and potential legal liability associated with their efforts to prevent workplace violence. Safety must take priority over the desire to reduce legal liability, Bruce says, which means employers must take immediate action when necessary to prevent workplace violence and worry about potential legal liability later. The second tip is to perform background checks while being mindful of the legal restrictions that apply in a given state. For example, many states ban outright employment discrimination on the basis of a criminal record. Third is to create comprehensive security policies and enforce them. Such policies should include topics such as workplace violence, weapons, and bullying. Fourth, employers should work to keep employee morale high for the simple reason that happy employees are less likely to become violent. Finally, employers should handle terminations with care, as they can be a flashpoint for workplace violence. Ensure that more than two people are presenting during the termination and find the best time of the day and week to conduct the termination. Terminations should also be carried out promptly and decisively, rather than allowing the issue to fester.
Intel Preps New Technology to Secure Credit Card Transactions
IDG News Service (10/15/14) Shah, Agam
Intel is readying Data Protection Technology for Transactions, a new system to ease the securing of credit card payments by merchants. The hardware-software bundle shields card and personal data when payments are being authorized, and its intended markets are makers of point-of-sale systems, PCs, and mobile payment terminals. Following completion of a transaction at a payment terminal, the technology generates multiple security layers; a POS terminal encrypts the information, which is then routed via a private channel to the processor and finally to the authorizing bank. The solution can be calibrated to multiple payment systems. Intel says the system is more easily deployable by merchants because it handles each step of a transaction. "This is a critical technology for retailers who have far-flung stores and branches, with a myriad of devices connected," states IHL Group president Greg Buzek.
FBI Warns Industry of Chinese Cyber Campaign
Washington Post (10/15/14) Nakashima, Ellen
The FBI on Wednesday issued a warning to industry that a group of Chinese government hackers, known as Axiom, is in the middle of a long-running program to steal valuable data from U.S. companies and government agencies. Axiom targets organizations that have strategic financial and economic interest, influence energy and environmental policy, and develop advanced technology.
Researcher Builds System to Protect Against Malicious Insiders
Computerworld (10/14/14) Gaudin, Sharon
Virginia Polytechnic Institute and State University professor Daphne Yao is developing algorithms that can alert companies when an employee might be acting maliciously on their network. "The challenge is to understand the intention of the user and what the user is trying to do," Yao says. She notes the research involves combining big data, analytics, and security to design algorithms that focus on linking human activities with network actions. The key to Yao's research is being able to determine the difference between employees conducting legitimate work and those performing similar actions to sell proprietary information or crash the network. Yao's algorithms are designed to learn what are normal activities and then detect anything unusual. "We build on a model of normal behaviors and then detect a deviation from normal behaviors," she says. "If you see a user logging in and access a database or doing a file read or write in the middle of the night...then you ask, 'Is this a legitimate sequence of actions or is this an anomaly?'" Yao notes the detection system also should be able to corroborate the user's actions with what is happening on the network.
Banks Harvest Callers' Voiceprints to Fight Fraud
Associated Press (10/13/14)
Financial firms are increasingly turning to voice biometric technology to help screen calls for potential fraud. Shirley Inscoe of the Aite Group says at least seven major U.S. financial institutions use or have piloted so-called voice biometric blacklists, which build up databases of voice prints associated with known fraudsters for screening purposes. These include JPMorgan Chase and Wells Fargo, which use systems from Verint and NICE Systems, respectively. However, these and other companies do not acknowledge their use of biometric voice technology for legal reasons. Some states tightly control the circumstances under which biometric data can be gathered. A memo from NICE to a consortium of its U.S. clients suggested new disclaimer language in an attempt to get around these legal restrictions and the question of callers giving consent for their voice prints being taken, but it does not seem that those clients are making use of the suggested language. The appeal of such technology is obvious, however, providing companies with an unobtrusive method for weeding out fraud without inconveniencing legitimate callers.
Britain Warns of 'Exceptionally High' Level of Anti-Terrorism Activity
Reuters (10/17/14)
The number of counterterrorism investigations being carried out by British authorities is at a level that has not been seen in years, British national policing spokesman for counterterrorism Mark Rowley said Friday. Rowley noted that 218 terrorism suspects have been arrested so far this year, 14 of whom were arrested this month alone. Rowley added that several terrorist plots, including some directed by organizations based in Syria, are being disrupted each year. These plots have run the gamut from spontaneous lone-wolf attacks to more complex plans involving groups of people, Rowley said. One senior official speaking on condition of anonymity said the terrorists behind some of these plots have come perilously close to carrying them out. Rowley also reported that British authorities have carried out roughly 100 "Syria-related preventative activities," more than half of which have resulted in individuals being referred to programs designed to help them adopt less radical beliefs. Rowley's comments are seen as another indication of the concern British authorities have about a potential terrorist attack in the U.K.
Most States are Complying with Real ID, But a Few Lag Behind
Homeland Security News Wire (10/16/14)
Nine years after the House of Representatives passed the Real ID Act, which established security requirements for state driver's licenses and IDs in order to prevent terrorists from entering the U.S. and boarding commercial flights, the full implementation of the program is not yet complete. Forty states and some territories have made their driver's licenses and IDs compliant with the law, while 10 other states have not. The states that oppose the Real ID Act do so for a variety of reasons, including concerns that rural residents, senior citizens, and immigrants may not be able to obtain the documentation needed to apply for a Real ID-compliant driver's license or ID. Applicants for Real ID-compliant licenses and IDs are required to submit a photo ID or non-photo ID that contains their full legal name along with a birth certificate and Social Security number. Officials in some states, including Arizona, have expressed concern about the privacy implications associated with the Real ID Act. For example, some critics say that digital face-recognition photos and chips or magnetic stripes used in Real-ID compliant licenses and ID cards could be used by the government to track citizens. Despite the opposition of some state officials, the phased in implementation of the Real ID Act remains on track. Passengers flying on federally-regulated commercial aircraft will be required to show a Real ID-compliant ID beginning in January 2016.
CBP Needs Risk-Informed Covert Assessments to Combat Nuclear Smuggling
Homeland Security Today (10/15/14) Vicinanzo, Amanda
A new report from the Government Accountability Office finds that a limited budget and a lack of adequate oversight has prevented Customs and Border Protection (CBP) from making the best use of its Operational Field Testing Division's (OFTD) covert operations program to assess CBP's ability to detect and interdict nuclear and radiological material being transported across the border and through ports of entry. With a budget of only $1 million between fiscal years 2006 and 2013, the OFTD was only able to conduct a total of 144 covert operations at 86 of the nation's 655 air, land, and sea ports of entry, checkpoints, and other sites. GAO notes that this rate of inspections is insufficient to draw broad statistical conclusions about the nationwide performance of CBP's anti-nuclear-smuggling efforts, though it can provide specific insight into the performance of programs at the given sites. GAO also found that the OFTD's reports on its covert operations have not been consistent. GAO suggests that CBP adopt a risk-based assessment method for more effectively making use of OFTD's covert operations budget to assess the most vulnerable facilities, and to make OFTD's reporting standards more regular and uniform.
How Anti-Islamist Spies Go Digital to Fight Terrorism
Bloomberg (10/15/14) Campbell, Matthew; Schweizer, Kristen; Fouquet, Helene
The fight against the Islamic State (IS) is being waged on two fronts: through airstrikes in Syria and Iraq by the U.S.-led military coalition, and by intelligence services in cyberspace. IS has proven quite astute in its use of the Internet for everything from recruiting and propaganda to planning operations. Western intelligence agencies are working to undo or get around the encryption the group uses to keep its activities hidden from sight. The group has taken to the so-called Dark Web to perform its online activities and most likely makes use of the anonymous browsing software Tor, as well as encryption and other tools custom-made by Islamist militants for their fellows. The agencies do this using a number of different tactics, including probing the terror group's networks for vulnerable systems, as well as identifying and turning potential agents within the organization who can steal encryption keys, access IS computers, or otherwise learn details about the group's operations. At the moment, IS seems to be focusing its online sophistication on safeguarding its communications and systems, but there is a danger that it will start to use the Internet as an avenue for attacks.
Pentagon Says Global Warming Increases Terrorism Threat
New York Times (10/13/14) Davenport, Coral
The Pentagon released a new report on Monday saying that global climate change poses an immediate threat to U.S. national security. The report says climate change is likely to increase risks from terrorism and infectious disease, global poverty and food shortages, while also drastically increasing demand for military disaster aid as extreme weather events lead to more frequent global humanitarian crises. The report draws upon research that suggests climate change is already playing a role in global conflicts, such as the Islamic State's reign of terror in Syria and Iraq. Changing climates have led to droughts in the region that drove many farmers into Syrian cities just as the country was becoming destabilized, creating a massive group of out-of-work young men who were primed to join groups like IS. The group has in turn seized precious water sources to grant itself more power and leverage in the region. Discussing the new report, Secretary of Defense Chuck Hagel said such examples of climate change's effects on defense and national security are likely to increase going forward. Hagel positioned the report as a call to the defense community to play a more active role in global negotiations over climate change, in particular an international treaty that delegates will be drafting in Peru later this year.
'Hurricane Panda' Hackers Used Microsoft Zero-Day, CrowdStrike Says
IDG News Service (10/15/14) Kirk, Jeremy
CrowdStrike says the Hurricane Panda hacker group has been using a zero-day flaw recently patched by Microsoft to attack technology infrastructure companies. "We believe with confidence they're indeed tied to the Chinese government in their objectives," says CrowdStrike CEO Dmitri Alperovitch. Hurricane Panda is unique in its use of win64.exe, a tightly written exploit code that enabled the group to move through network systems once a computer had been hacked. The tool would be uploaded using a webshell dubbed ChinaChopper, which the attackers had placed on a victim's servers. Win64.exe employs a privilege escalation vulnerability, which can enable attackers to gain administrative rights to other programs from the account of a user who does not have those permissions. The flaw enables arbitrary code to be run in kernel mode so an attacker can install programs, view or change data, or create new accounts with full administrator rights. It is uncommon to see one privilege escalation flaw used for such a long time by one group, indicating these attackers possess "knowledge about non-public exploitable security bugs, which usually means the exploit was either bought from a supplier or developed in-house," Alperovitch says.
Google Reveals Major Flaw in Outdated, but Widely-Used SSL Protocol
ZDNet (10/15/14) Vaughn-Nichols, Steven J.
Security researchers at Google say Secure Sockets Layer (SSL) 3.0, an obsolete but commonly used cryptographic protocol, could be cracked by an attacker in order to view encrypted communications in plaintext. SSL 3.0 uses a cipher that dates back to 1987 but was still being used by more than 40 percent of Web connections as of late last year. The weaknesses of the RC4 cipher can reportedly be exploited through a Padding Oracle on Downgraded Legacy Encryption (POODLE) attack, in which an attacker acting as a man-in-the-middle steals secure HTTP cookies or other bearer tokens such as HTTP Authorization header contents. Google Security Team's Bodo Möller says one way to prevent this attack is to disable SSL 3.0 in either the client or the server. But since many clients that support a version of Transport Layer Security (TLS) will still use SSL 3.0 to eliminate interoperability issues during connections with some servers, an insecure SSL 3.0 connection may be opened anyway, Möller says. One way to avoid this problem is to configure Web and Secure Shell servers to support TLS_FALLBACK_SCSV, which prevents servers from accepting repeated connection attempts following connection failures. Doing so also prevents browsers from using SSL 3.0 by default when they cannot connect to a Web server using TLS.
Hackers Used Windows Bug to Spy on Ukraine Officials
Wall Street Journal (10/14/14) Yadron, Danny
A group of unidentified hackers exploited a zero-day vulnerability to target the computers of Ukrainian government officials and an American Russian specialist over the summer, according to iSight Partners researchers. The exploit, which is among a trio of zero-day vulnerabilities Microsoft is planning to address in a security patch that will be issued Tuesday, could enable attackers to seize control of computers running the Windows Vista, 7, and 8 operating systems. The hacker group, which iSight has dubbed "Sandworm," infected its targets using spreadsheets attached to emails that were made to look like they came from Ukrainian intelligence services. The researchers have been tracking Sandworm since 2013 and say it is highly likely the group is either working for or is part of the Russian government. The group's code contains Russian, suggesting at least some of the members are Russian speakers, and the group routinely has targeted groups of interest to the Russian government, including the North Atlantic Treaty Organization, a Polish energy firm, and at least one other Western European government. It also is likely the group would need the backing of a government to be able to identify such a serious zero-day exploit.
Malicious Worm Seeks Vulnerable Home Data Stores
BBC News (10/14/14) Ward, Mark
Security researcher Jason Holcomb is planning to demonstrate a new computer worm that exploits vulnerabilities affecting network attached storage (NAS) systems at the Black Hat Europe conference. Holcomb developed the worm as a proof of concept following an investigation of several NAS devices, which are frequently attached to networks to add storage capacity and some routers have NAS capabilities. Holcomb says he has uncovered 30 separate undocumented vulnerabilities affecting NAS devices from 10 vendors. Many of these vulnerabilities stem from insecure configurations and can grant attackers access to administrator control panels and thus complete control over the devices. Holcomb's worm goes a step further and uses infected NAS devices as a starting point from which to launch further attacks against other network devices. "I took the series of exploits I found and wrapped them into a software package that's in essence self-replicating," he says. Holcomb's demonstration will be on systems not connected to the wider Internet, but he says there is already evidence that some of the vulnerabilities he identified are being used in attacks in the wild.
Kmart Stores Hit by Data Breach
Wall Street Journal (10/10/14) Armental, Maria; Kapner, Suzanne
Sears Holdings Corp. reported Oct. 10 that malware was used to breach the payment systems at its Kmart stores, compromising some customers' debit and credit card numbers. The breach was discovered Oct. 9 but may have started in early September. The malware went undetected by current antivirus software, but has since been removed and contained. The investigation so far suggests that no personal data, such as e-mail addresses or Social Security numbers, has been taken. The company has not reported how many cards may have been affected, but spokesman Chris Brathwaite said the breach did not affect kmart.com or Sears stores or Web sites.
Abstracts Copyright © 2014 Information, Inc. Bethesda, MD |
No comments:
Post a Comment