Cybergovernance Journal Update – 1/8/2016
The holidays were, once again, an unhappy time for corporate cybersecurity. 2015 also saw most organizations lacking comprehensive cybersecurity; 80% reported having been the target of a cyberattack.
WIRED, Dec. 23
The prize for the biggest hack goes to OPM—the hackers, reportedly from China, maintained their stealth presence in OPM’s networks for more than a year before being discovered. After an initial estimate of 4 million victims, the number soon ballooned to more than 21 million.
eSecurity Planet, Dec. 14
According to the results of a recent Spiceworks survey of 197 IT professionals, 80 percent of respondents acknowledged having experienced a cyber security incident in 2015. Fifty-one percent of respondents had experienced malware attacks in 2015, 38 percent experienced phishing attacks, and 34 percent experienced spyware attacks.
CNN Money, Dec. 17
The FTC claimed the company was in violation of a July settlement by continuing to make false claims about its services. The agency also alleged that from October 2012 to March 2014 the company didn’t create and maintain a comprehensive information security program to protect customers’ personal data, including Social Security and bank account numbers.
SecurityWeek, Oct. 2
Juniper Networks has announced that it has discovered “unauthorized code” in ScreenOS, the operating system for its NetScreen firewalls, that could allow an attacker to decrypt traffic sent through Virtual Private Networks (VPNs)… release notes posted by Juniper suggest the earliest buggy versions of the software date back to at least 2012 and possibly earlier.
Silicon Angle, Dec. 16
Two years and about $300 million in legal costs later, it seems that Target Corp. still hasn’t fully internalized the lessons from the 2013 holiday season breach that saw hackers steal the personal information of more than 40 million of its customers. Avast Software s.r.o. issued a security alert this week warning of a vulnerability in the discount retailer’s wish list app that can be exploited to pull users’ details without so much as having to compromise their mobile devices.
GovInfo Securitry, Dec. 18
The FTC could take action next year against the makers of consumer wearable devices if they fail to live up to their promises to protect the privacy of health data and other information, says security researcher Stephen Cobb. The FTC “looks for opportunities to enforce its advice,” says Cobb of the security firm ESET. “We saw that in the early days of privacy policies on websites, and I think we’re going to see that in the case of wearables…”