IRS, tax preparers decide to share and share alike

Share on FacebookShare on Google+Tweet about this on TwitterShare on LinkedInEmail this to someonePrint this page

The Internal Revenue Service and private tax preparers are beefing up efforts to limit tax-related identity theft for the 2016 filing season, testing more than 20 new safeguards to protect taxpayers’ information. The IRS, state tax authorities and tax preparation companies will share details about suspicious tax returns as they’re filed, letting tax authorities adjust fraud filters and catch suspicious returns more quickly. Tax preparers also agreed to stricter login requirements to better protect data. The new safeguards mark the latest effort in an information-sharing strategy among the IRS, state tax authorities and the private tax preparation industry to halt a surge in tax refund fraud. So far, 34 states and 20 tax preparation companies have signed on; more are expected to enroll later. “We have never had this level of cooperation or sharing,” IRS Commissioner John Koskinen said. “We will collect (information) in real time, and we will pull it together and share it back out so everyone has access to that information.” Source: The Washington Post

Insurance costs may drive standard operating procedures

Cyber insurance premiums could prove a big driver of Internet of Things standards. Machine-to-machine communication has grown up in separate silos for every industry, but as it expands in the coming years as part of the broader IoT wave, standards could save a lot of cost and effort, speakers at a networking conference said. Having a common approach that works can save IoT vendors from having to reinvent the wheel, said Jim Zerbe, head of IoT product at Neustar, a real-time information services and analytics company. For a long time, machine-to-machine security has relied on industry-specific technologies and “security through obscurity,” resulting in easily hackable systems. Standard, open technologies across industries can attract armies of developers to build strong defenses. Insurers will help to usher in that approach, said Bruce Gustafson, Ericsson’s vice president of government and industry affairs for North America. Cyber insurance is a young business still trying to calculate the risk of a breach, but as it matures, insurers will look for safeguards they can rely on. The idea is that they’ll take to data security standards—the stronger the better—the same way they’ve pushed seat belts and airbags to cut down on auto accident risk. Source: PC World

Dudes, we totally fooled Verizon and AOL

sh_CIA_280A hacker who claims to have broken into the AOL account of CIA Director John Brennan says he got access by posing as a Verizon worker to trick an employee into revealing the spy chief’s personal data. Using information such as the four digits of Brennan’s bank card, which Verizon easily relinquished, the hacker and his associates were able to reset the password on Brennan’s AOL account repeatedly as the spy chief fought to regain control of it. The documents they accessed included the sensitive 47-page SF-86 application that Brennan had filled out for his top-secret government security clearance. The hacker, who says he’s under 20 years old, said he and two other people worked on the breach. He says they did a reverse lookup of Brennan’s mobile phone number to discover that he was a Verizon customer. Then one of them posed as a Verizon technician and called the company asking for details about Brennan’s account. “(W)e told them we work for Verizon, and we have a customer on scheduled callback,” he said, adding that he was unable to access Verizon’s customer database on his own because “our tools were down.” After providing the Verizon employee with a fabricated employee Vcode—a unique code he says Verizon assigns employees—they got Brennan’s account number, his four-digit PIN, the backup mobile number on the account, Brennan’s AOL email address, and the last four digits on his bank card. They then called AOL and said they were “locked out of our AOL account,” he said. “They asked security questions like the last 4 on [the bank] card and we got that from Verizon, so we told them that, and they reset the password.” AOL also asked for the name and phone number associated with the account, all of which the hackers had obtained from Verizon. Source: MSN News

The question is, are you secure in your security?

F-Secure has released the Cyber Security Stress Test, an online questionnaire to help companies and employees learn more about the kinds of weaknesses that can expose them to data breaches. IT professionals can use the 20-question test to find gaps in their security strategies. A recent F-Secure survey shows that companies are making investments in solutions that are out of sync with their security priorities, creating a situation where they’re exposing themselves to the very risks they want to avoid.  The Cyber Security Stress Test covers such topics as endpoint protection, network security, and company roles and policies. The test attempts to provide indicators that IT personnel can use to identify problematic areas in their company’s security. Source: Market Wired

House panel looks at letting hack victims strike back

Hacker breaks into computerThe House Foreign Relations Committee is looking into legislation that could help American companies retaliate against malicious cyber activity, Rep. Mike McCaul, R-Texas, said. “Right now, one of the laws on the books is it is illegal to hack back … so we are looking at possibly bringing in some legislation that deals with this,” McCaul said. Current policy prohibits U.S. companies from “hacking back,” or otherwise retaliating to cyber attacks, cyber theft and other malicious actions against them. However, McCaul explained that he sees “a growing movement in the private sector for us to legislate in this area.” U.S. companies, he noted, are frustrated at their inability to conduct active network defense. Despite hack-backs being illegal, many U.S. companies do it anyway, “because the rest of the world does it, except for us,” McCaul said. Source: Sputnik News

Apple chief wants that back door closed

Apple’s chief executive officer and the director of the National Security Agency squared off about how much access technology companies should afford U.S. intelligence agencies. Apple CEO Tim Cook asserted his opposition to back doors in data encryption meant to allow intelligence agencies to sneak through, minutes after NSA Director Admiral Michael Rogers acknowledged a balance that needed to be struck between safeguarding user privacy and an ability to identify security threats. Law enforcement and intelligence agencies have argued that access to private data is essential for national security and fighting crime. Technology companies oppose so-called back doors because it compromises user information and may jeopardize their businesses. “You can’t have a back door in the software because you can’t have a back door that’s only for the good guys,” Cook said. Source: Today Online

Sun shines on Sony workers in lawsuit deal

sh_sony_280Sony Pictures Entertainment will pay up to $8 million to resolve a lawsuit by employees who claimed their personal data was stolen in a 2014 hacking tied to the studio’s release of The Interview, a comedy set in North Korea. The settlement with the Sony unit and current and former employees was disclosed in papers filed in federal court. Under the deal, Sony will pay up to $2.5 million, or $10,000 per person, to reimburse employees for identity theft losses and up to $2 million, or $1,000 per person, to reimburse them for protective measures they took after the cyber attack. Sony also has agreed to pay up to $3.49 million to cover legal fees and costs, according to court papers. The settlement must be approved by a judge. Source: Reuters

Counting the costs down to the penny

PivotPoint Risk Analytics launched a product that aims to help organizations quantify their cybersecurity risk by gauging how much a breach could cost, including a breakdown of how much additional security controls in areas such as account access, incident response, training and malware defenses could reduce that figure. The product asks about their biggest moneymaking operations and most critical operations, and how business would be affected if specific systems were shut down or data were leaked. Seven cyber insurers have partnered with the company, says Julian Waits, president and chief executive of PivotPoint. If its estimates prove reliable, the product could be a game-changer for the cyber insurance industry, which struggles with underwriting in a nascent field where things such as lost sales, a damaged brand, and liability lawsuits are difficult to quantify. “We can go, ‘Here are the places where they have holes in their security,’ ” Waits says. “If you can spend some money in these areas fortifying yourself, you can lower that risk.” Source: Market Watch

Care services might be caring for the wrong folks

sh_disabled_280An advocacy group for people with disabilities is working to arrange legal help for individuals concerned about their health information after an alleged data breach involving two licensed home care agencies. Anyone who is or was affiliated with Angels in Your Home as a client or health care aide can contact the Center for Disabilities Rights, CEO Bruce Darling said. “As an advocacy organization, we represent the needs of people with disabilities in general,” Darling said. “We are encouraging … individuals who believe or know their information was compromised, misused or stolen (to contact CDR) so we can coordinate between the impacted disabled individuals and the legal community to make sure that they have representation.” On Sunday, CDR issued a news release alleging that protected health information of clients of Angels in Your Home was taken by the former CEO of that agency and was being used to recruit clients to a new agency, All-American Home Care. Michael Smith, attorney for former Angels in Your Home CEO Marco Altieri, denied the allegations, but declined further comment. Attorneys or representatives for current Angels in Your Home leadership did not respond to voice mail or email messages. Source: The (Rochester, N.Y.) Democrat and Chronicle

Will CISA finally see the light of day?

Senate Majority Leader Mitch McConnell says that a long-stalled cyber bill is next on the Senate’s agenda. “It’s my plan to move to cybersecurity. We have an agreement to get on the bill. We have a number of amendments in the queue,” the Kentucky Republican said. The Cybersecurity Information Sharing Act (CISA) has been stalled for months because of a packed Senate floor schedule and a fight from privacy advocates about the legislation, which is meant to increase the ability to share information on cyber threats between the government and businesses. CISA originally came to the Senate floor earlier this year ahead of the August recess. Lawmakers punted on the legislation but agreed to consider at least 22 amendments with no limit on time when the legislation was brought back up. McConnell, however, added that the Senate could take a vote on final passage of the cyber bill “as soon as next week.” Source: The Hill