| | Safety Experts Slam Lax Safety Practices at CDC Labs USA Today (03/19/15) Young, Alison Safety advisers have found that the CDC does "inadequate" training, lacks commitment toward safety, and has a large percentage of staff who are afraid to report accidents. The Atlanta-based agency's high-security labs work on many public health experiments and recently had lab mishaps involving some of the world's most dangerous pathogens. An anthrax incident in June potentially exposed CDC employees to that bioterror agent and in December, a mix-up of specimens of the deadly Ebola virus resulted in the potential exposure of a lab worker who had to undergo 21 days of monitoring. There are nearly 20 recommendations for improvements in the report, but the CDC has implemented some recommendations by biosafety experts and will report on the progress. U.S. Recovers $3.3 Billion in Federal Health-Care Fraud Wall Street Journal (03/19/15) P. A3 Armour, Stephanie; Stewart, Christopher S. The government recovered $3.3 billion in fiscal 2014 as part of its ongoing crackdown on Medicare and Medicaid fraud. The investigation recovered $7.70 for every dollar spent looking into the past three years of healthcare-related fraud and abuse, according to a new report by the U.S. Health and Human Services Department and Justice Department. One of the new measures being taken in the fight against fraud is a shift towards preventing, rather than chasing down, fraud. One of the tools enabling this is a predictive analysis program called the Fraud Prevention System, which scans fee-for-service claims for unusual behavior. The system generated leads for 469 investigations in fiscal year 2013, helping to identify or prevent $211 million in improper payments, nearly double the amount from the first year the system was used. The Centers for Medicare & Medicaid Service's authority to remove providers who engage in abusive government billing and revoke billing privileges of those billing inappropriately has also been expanded. Since the fraud and abuse program began in 1997, more than $27.8 billion has been returned to the Medicare Trust Funds, said the HHS report. However, fraud accounts for as much as 10 percent of Medicare's yearly spending, or about $58 billion in bogus payments in the 2013 fiscal, of which the government only recovered $2.86 billion. Banks Dealing With Apple Pay Fraud New York Times (03/17/15) Sorkin, Andrew Ross Six months after Apple announced its electronic payment system for iPhones, some banks are privately complaining about the new technology. Recent headlines about unusually high fraud rates on Apple Pay have exposed what many banks privately acknowledge they have been trying to fix for months. Industry consultant Cherian Abraham put the fraud rate at 6 percent, compared with a traditional credit card fraud rate of 10 cents for every $100 spent. The vulnerability in Apple Pay is in the way that it -- and card issuers -- "onboard" new credit cards into the system. Because Apple wanted its system to have the simplicity for which it has become famous and wanted to make the sign-up process "frictionless," the company required little beyond basic credit card information. Nor did it provide much information to banks, like full phone numbers and addresses, that might help them detect fraud early. Banks did not press Apple for fear they would not be included among the initial issuers on Apple Pay. Apple has now begun providing additional information to banks that should help deter some of the fraud, and banks have toughened standards to review customer sign-ups on Apple Pay. Federal Agencies Make $125 Billion in Improper Payments Last Year Washington Post (03/16/15) A Government Accountability Office report found that federal agencies made $125 billion in improper payments last year. Tax credits went to people who did not qualify and Medicare payments were given for treatment that might not be necessary. The errors were spread among 22 federal agencies, but three programs were highlighted, Medicare, Medicaid, and the Earned Income Tax Credit, which accounted for more than $93 billion in improper payments. Sen. Ron Johnson, R-Wisc., chairman of the Senate Committee on Homeland Security and Governmental Affairs complained that taxpayer money did not go towards securing our borders or national defense and that the problem will get worse "if we do not get a handle on it now." Additionally, Social Security has no death record for 6.5 million people who would be at least 112 years old, and only a few could possibly be alive. Only 13 of those people are still receiving Social Security benefits, but for others, their Social Security numbers are still active, so a number could be used to open bank accounts or report wages. Patrick P. O’Carroll Jr., the Social Security inspector general, noted that “it could also hinder state and local government and private industry — banks, insurance companies, and others — from identifying identity theft and other types of fraud.” The federal government's increase in improper payments comes after three years of declines, for the 2013 budget year, the level was at $106 billion. Authorities Closing In on Hackers Who Stole Data From JPMorgan Chase New York Times (03/16/15) Goldstein, Matthew; Perlroth, Nicole Federal authorities investigating last summer's online attack on JPMorgan Chase are increasingly confident that a criminal case will be filed against the hackers in the coming months. Law enforcement officials believe several of the suspects are "gettable," meaning that they live in a country with which the United States has an extradition treaty. Although the breach at JPMorgan did not result in the loss of customer money or the theft of personal information, it was one of the largest such attacks against a bank and a warning sign that the American financial system is vulnerable. The JPMorgan case is advancing quickly partly because the attack was not nearly as sophisticated as initially believed, and law enforcement authorities were able to identify at least some suspects early on. Law enforcement officials also made the investigation a top priority, given that the U.S. Department of Homeland Security has declared the banking system critical infrastructure. An internal review reveals that JPMorgan now limits so-called "high security access" to bank employees who must submit to annual credit screenings and criminal background checks. The bank also conducts a "routine review" to ensure that high security access is justified for a particular person. Islamic State Claims Tunis Attack Wall Street Journal (03/19/15) El-Ghobashy, Tamer; Addala, Radhouane Islamic State is claiming to be responsible for Wednesday’s attack on the Bardo National Museum in the Tunisian capital of Tunis that left 21 people dead. The claim came hours after Tunisian President Beji Caid Essebsi said he was deploying the military to the country’s largest cities for protection, prompting fears among some reformers that security concerns could upset Tunisia’s democratic transition. The decision of Essebsi, who was elected in December after promising to prevent insurgency at the borders from spreading, shows that ISIS can still impact a country's politics even without a physical presence there. ISIS said that the attack was aimed at “citizens of Crusader countries” and warned that more bloodshed would follow. U.S. officials believe that ISIS's claim was authentic, but the officials have not confirmed the truth of it. A statement disseminated by the media arm of ISIS and monitored by the U.S.-based SITE Intelligence Group named Abu Zakaria al-Tunisi and Abu Anas al-Tunisi as the leaders of the operation and praised them as martyrs. The names may be aliases for Hatem Khachnaou and Yassine Labidi, who were the two gunmen killed when government security forces retook control of the museum. Iran Nuclear Talks Lag, With Status of New Centrifuges Another Hurdle New York Times (03/20/15) P. A8 Gordon, Michael R.; Sanger, David E. As negotiators try to reach an initial agreement to limit Iran’s nuclear program, a dispute over possible limits to the development of new types of centrifuges has become a major obstacle, Western officials say. Six world powers are negotiating an agreement with Iran that could allow it to retain and operate about 6,000 centrifuges, Western officials have suggested. In return for keeping this nuclear infrastructure, Iran would have to take certain offsetting steps, such as shipping a large portion of its uranium to Russia. The U.S. government and other negotiating partners are concerned that, if Iran is allowed to develop more sophisticated centrifuges, it would then be easier for Iran to obtain a nuclear bomb if it decided to break out of an agreement. Issues that remain to be settled include the pace of removing or suspending sanctions on Iran, the length of an agreement, and the monitoring to be put into place when it expired. Secretary of State John Kerry said that some progress had been made, but that the negotiators were still “pushing some tough issues,” while an anonymous European negotiator emphasized that an accord is impossible if the Iranians do not show more flexibility soon. Obama May Find It Impossible to Mend Frayed Ties to Netanyahu New York Times (03/19/15) P. A1 Cooper, Helene; Shear, Michael D. Now that Israeli Prime Minister Benjamin Netanyahu won elections Tuesday night, after campaigning against a Palestinian state and President Barack Obama’s potential nuclear deal with Iran, it is uncertain whether the president and prime minister can or will repair their contentious relationship. Administration officials say that the relationship between Israel and the United States would remain strong, but would be managed by Secretary of State John Kerry and Pentagon officials. Foreign policy experts suggest that the United States would still side with Israel internationally. The White House criticized Netanyahu’s campaign rhetoric for being an attempt to “marginalize Arab-Israeli citizens” and for being inconsistent with the values shared by Israel and the United States. Some officials have indicated that the Obama administration may agree to passage of a United Nations Security Council resolution that embodies principles of a two-state solution based on the pre-1967 lines between Israel and the West Bank and Gaza Strip and mutually agreed swaps. This may require Israel to cede territory to the Palestinians in exchange for keeping major Jewish settlement blocks in the West Bank, a resolution that Netanyahu would oppose. Secret Service Director: Working to Fix Agency’s Problems Wall Street Journal (03/18/15) Grossman, Andrew In testimony before a congressional panel on Tuesday, Secret Service Director Joseph Clancy acknowledged deep problems in the culture of the Secret Service and that some personnel too often cope with the stresses of the job by turning to alcohol. Clancy's statements came in response to questions about a widely reported incident earlier this month in which two senior Secret Service agents who were returning from a bar drove through an active bomb investigation scene outside the White House. Clancy said it took five days for the incident to be reported to him, a delay for which he said there is "no excuse." However, Clancy challenged reports of the incident in the media, suggesting that the vehicle was traveling very slowly and did not "crash" into security barriers as some outlets reported. Responding to Rep. Hal Rogers (R-Ky.), chairman of the House Appropriations Committee, Clancy said that he is attempting to combat an "element" within the agency that copes with the stress of the job by drinking. Clancy also said that he has launched a program within the last month aimed at helping Secret Service staff balance the stress of their job with their personal lives and that he is also working to win the trust of agency personnel and encouraging them to report problems they see. Kerry Suggests There Is a Place for Assad in Syria Talks New York Times (03/16/15) P. A4 Gordon, Michael R. Secretary of State John Kerry has suggested that a diplomatic solution for Syria's violence is still possible, and that President Bashar al-Assad should be included in negotiation efforts. The comments, however, may be a sign of his determination to help end the conflict rather than to change U.S. strategy. State Department officials later said that the United States was not open to direct talks with Assad. It is also uncertain how the Obama administration would fulfill its longtime goal of persuading Assad to relinquish power. Since previous peace talks for Syria have failed, Staffan de Mistura, the United Nations special representative for the Syria crisis, has tried to negotiate a cease-fire for the city of Aleppo. While Kerry has said he supports the effort, he has also tried to get the support of the Russians and Arab nations in the Gulf to revive a broader diplomatic effort to end the fighting. Kerry said he would negotiate with Assad if the Syrian president would accept a goal of a new transitional government and a move toward democracy, but a State Department spokeswoman has said that U.S. officials would talk only with representatives of Assad's government. U.S. Must Step Up Capacity for Cyberattacks, Chief Argues New York Times (03/19/15) Sanger, David E. Speaking before the Senate Armed Services Committee on Thursday, Adm. Michael S. Rogers, director of the National Security Agency and United States Cyber Command, advocated for the development of cyber weapons as a means of deterring cyber attacks like the one that struck Sony Pictures Entertainment last year. Rogers told senators that beefing up digital defenses would never be enough to fully protect against such attacks, saying that instead, "we also need to think about how can we increase our capacity on the offensive side here, to get to that point of deterrence." Rogers spoke about the use of cyber weapons as a deterrent when he came into office last year, saying that hackers from China and elsewhere who steal data from American companies currently "pay no price." However, Rogers also acknowledged that deterrence in the cyber realm is complex, in part due to the incredible diversity of possible attackers, from nations and businesses to criminals and activists, each of which would have to be deterred in different ways. Rogers said he believes it is important to begin discussing the use of cyber weapons as a deterrent, in part because they are currently not working effectively in this role. Washington, D.C., Computer Glitch May Have Tainted Criminal Cases Wall Street Journal (03/17/15) Barrett, Devlin Thousands of cases are being examined by federal prosecutors and Washington, D.C., police to determine if a newly discovered weakness in the Metropolitan Police Department's computer system resulted in evidence being withheld from trials. According to a letter sent to defense lawyers by U.S. Attorney Ronald Machen, the D.C. police department has been carelessly misplacing evidence in its data-management system, possibly jeopardizing current and past cases. Machen's letter said police and prosecutors are conducting a review to conclude if any evidence was accidentally withheld from defendants. A police spokeswoman said prosecutors think the information was “administrative or redundant. ... We are also assisting the prosecutors by providing data in different formats to speed their review.” Machen's letter said his office and the Metropolitan Police Department (MPD) became aware of the problem recently, which centers on a police data system called I/Leads, implemented in late 2011. Machen's letter noted that officials found it is possible for officers to properly enter data into the system without it ever reaching the hands of the prosecutors managing the case. Machen wrote that it is possible “that in pending and past cases MPD was in possession of information that should have been disclosed to the defense and had unwittingly failed to provide that information” to the prosecutors. Mobile App Developers Are Not Investing in Security Net Security (03/20/15) A Ponemon Institute and IBM Security study found organizations are not adequately protecting their corporate and employee mobile devices against cyber attacks. Cyber security attacks continue to advance and at any given time, malicious code is infecting more than 11.6 million mobile devices. The study researched security practices in over 400 large organizations, including many in the Fortune 500. Researchers found 33 percent of companies never test their apps, creating entry points to tap into business data via unsecured devices. A full 50 percent of these organizations assigned zero budget towards mobile security. Hackers are taking advantage of insecure mobile apps, public Wi-Fi networks, and more to break into the data often housed on BYOD and corporate mobile devices. When employees connect to unsecure networks or download insecure apps from untrusted sources, it leaves the device vulnerable to malware. According to the study, about 55 percent of employees are "heavy users of apps," but state their organization does not have a policy which defines the acceptance use of mobile apps in the workplace and about 67 percent of companies allow employees to download non-vetted apps on their work devices. CFTC Takes Feedback for Possible Cybersecurity Rule Politico Pro (03/18/15) Warmbrodt, Zachary The CFTC is considering writing a rule that would address cybersecurity risks at derivatives exchanges and clearinghouses, top staff said Wednesday at a public roundtable the agency hosted at its headquarters. The CFTC did not divulge the specifics. "We’re not trying to write rules or set requirements just to show we’ve written rules or set requirements," CFTC Chairman Timothy Massad said at the end of the meeting. "We’re trying to figure out how we can really add value here." The National Futures Association (NFA) is preparing to release cybersecurity guidance aimed at additional derivatives trading firms. The NFA is working with the CFTC. Students Create Open Source, Cross-Platform Memory Scanning Tool Help Net Security (03/16/15) Zorz, Zeljka Computer science students from Argentina have created an open source, cross-platform tool for inspecting the content of the memory of a system and detecting threats. The team developed the tool as part of a project for Mozilla, which plans to turn it into a module for the Mozilla InvestiGator (MIG), a cross-platform endpoint security system. "MIG can inspect the file system and network information of thousands of hosts in parallel, which greatly helps increase visibility across the infrastructure," says Julien Vehent with Mozilla's Operations Security team. "But until recently, it lacked the ability to look into the memory of running processes, a need that often arises during security investigations." Mozilla wanted a less invasive and more lightweight alternative to popular memory inspection libraries. Called Masche, the tool "focuses on searching for regexes and byte strings in the processes of large pools of systems, and does so live and very fast," Vehent notes. The tool can run on Linux, OS X, and Windows. Abstracts Copyright © 2015 Information, Inc. Bethesda, MD |
No comments:
Post a Comment