Parents might need to keep an eye out

Share on FacebookShare on Google+Tweet about this on TwitterShare on LinkedInEmail this to someonePrint this page

A Glob­al Pri­va­cy Enforce­ment Net­work project ana­lyzed 1,494 web­sites and apps around the world and found 67 per­cent col­lect­ed children’s per­son­al infor­ma­tion and 50 per­cent shared that infor­ma­tion with oth­er orga­ni­za­tions. Of the web­sites and apps exam­ined, results found that 22 per­cent pro­vid­ed an oppor­tu­ni­ty for chil­dren to give their phone num­ber, 23 per­cent let users upload pho­tos or video, 58 per­cent offered chil­dren the oppor­tu­ni­ty to be redi­rect­ed to a dif­fer­ent web­site, and 71 per­cent did not offer an acces­si­ble means for delet­ing account infor­ma­tion. Source: Glob­al News

OPM protection contract awarded at last

sh_OPM breach_750The Oba­ma admin­is­tra­tion will spend more than $133 mil­lion to pro­vide ID theft pro­tec­tion ser­vices to the 21.5 mil­lion peo­ple whose infor­ma­tion was stolen in a hack of the Office of Per­son­nel Man­age­ment. The OPM and Defense Depart­ment said they have award­ed a con­tract to ID Experts, which will pro­vide vic­tims and their depen­dent minor chil­dren with free cred­it mon­i­tor­ing, iden­ti­ty mon­i­tor­ing, iden­ti­ty theft insur­ance and iden­ti­ty restora­tion ser­vices for three years. The gov­ern­ment is mail­ing notices to those affect­ed by the data breach lat­er this month. Source: NBC News

The few, the proud

sh_Marine_280A new cyber­se­cu­ri­ty chair at Marine Corps Uni­ver­si­ty will over­see the inte­gra­tion of cyber stud­ies into near­ly every facet of pro­fes­sion­al mil­i­tary edu­ca­tion for Marines, from lance cor­po­rals through senior com­man­ders. Retired Air Force Col. Gary Brown says bol­ster­ing cyber edu­ca­tion is cru­cial. All Marines are con­nect­ed to a net­work, mak­ing them poten­tial secu­ri­ty lia­bil­i­ties as they check emails or use social media. “Every­body is attached to the (Inter­net), and so, every­body presents an attack sur­face or a vul­ner­a­bil­i­ty to the enter­prise,” he said. “The No. 1 thing we need to do is edu­cate peo­ple about those threats to the net­work that they present.” Source: Marine Times

Need for speed is worth big bucks

Cyber­se­cu­ri­ty soft­ware firm Tani­um has raised $120 mil­lion from invest­ment firms as more fed­er­al agen­cies rely on its tech­nol­o­gy to fend off attacks from nation-states and hack­ers, the com­pa­ny said. Tani­um closed the invest­ing round—its third in just more than a year—at a $3.5 bil­lion val­u­a­tion. The com­pa­ny was val­ued at $1.8 bil­lion in March, the last time it raised cash. Tani­um is the high­est-val­ued ven­ture-backed cyber secu­ri­ty com­pa­ny world­wide, accord­ing to CB Insights, which does research on ven­ture cap­i­tal. The com­pa­ny pro­vides com­put­er sys­tem secu­ri­ty and man­age­ment for gov­ern­ment agen­cies and com­pa­nies, allow­ing them to scan and assess every device on a net­work with­in sec­onds. Tanium’s tech­nol­o­gy can check up to sev­er­al mil­lion com­put­ers on a net­work for signs of a hack or bug and deploy a patch or quar­an­tine the infec­tion in 15 sec­onds or less. Source: Reuters

Maybe the problem is on the front end

sh_software bug_280The Depart­ment of Home­land Secu­ri­ty says that 90 per­cent of secu­ri­ty inci­dents result from exploits against defects in soft­ware, which implies that poor soft­ware devel­op­ment may be the biggest cyber threat. The “For­rester Wave: Appli­ca­tion Secu­ri­ty Report,” which eval­u­ates ven­dors for secu­ri­ty and risk pro­fes­sion­als, says many firms have rushed to bring appli­ca­tions online, build­ing out con­sumer-fac­ing web­sites, buy­ing com­mer­cial off-the-shelf prod­ucts, and devel­op­ing mobile appli­ca­tions to enable and engage with their cus­tomers and part­ners with­out think­ing about the secu­ri­ty of the appli­ca­tion itself. As a result, busi­ness­es are expos­ing their most sen­si­tive cor­po­rate and cus­tomer data to pos­si­ble exter­nal threats and breach­es. “Many orga­ni­za­tions have sig­nif­i­cant net­work secu­ri­ty in place, but it’s not enough as 84 per­cent of all cyber attacks are hap­pen­ing on the appli­ca­tion lay­er” said Tim Clark, head of brand jour­nal­ism at SAP, one of the world’s largest appli­ca­tion secu­ri­ty ven­dors. Source: CSO Online

Baby of mine—and everyone else’s?

sh_baby monitorA secu­ri­ty firm test­ed nine Inter­net-con­nect­ed baby mon­i­tors, includ­ing some of the most wide­ly avail­able mod­els, and found flaws that would allow strangers to drop into nurs­eries dig­i­tal­ly. “Eight of the nine cam­eras got an F and one got a D-minus,” says secu­ri­ty researcher Mark Stanislav of Rapid 7. “Every cam­era had one hid­den account that a con­sumer can’t change because it’s hard-cod­ed or not eas­i­ly acces­si­ble. Whether intend­ed for admin or sup­port, it gives an out­sider back-door access to the cam­era.” Stanislav test­ed cam­eras from iBa­by, Philips, TREND­net, Sum­mer Infant, Lens Lab­o­ra­to­ry, and Gynoii, choos­ing cam­eras that were avail­able on Babies-R-Us and most pop­u­lar on Ama­zon, rang­ing in price from $55 to $260. Source: Fusion

Computer specialist’ offers to sell Clinton emails for $500,000

Emails alleged­ly from Hillary Rod­ham Clinton’s per­son­al account are being offered to the media for a half-mil­lion dol­lars, but the mes­sages said to have come from the pres­i­den­tial hope­ful actu­al­ly may have been online for years. Radar Online report­ed that a self-pro­claimed com­put­er spe­cial­ist had approached the enter­tain­ment web­site and offered to sell a trove of emails tak­en from the Demo­c­ra­t­ic front-runner’s per­son­al email account for $500,000. “Hillary or some­one from her camp erased the out­box con­tain­ing her emails, but for­got to erase the emails that were in her sent box,” an insid­er told the web­site. “If these emails get out to the pub­lic domain, not only is Hillary fin­ished as a poten­tial pres­i­den­tial nom­i­nee, she could put our country’s nation­al secu­ri­ty at risk.” A Google search sug­gests the emails in ques­tion actu­al­ly sur­faced online in 2013 after a hack­er using the han­dle “Guc­cifer” breached the email account of Clin­ton con­fi­dant Sid­ney Blu­men­thal and released its con­tents. Source: The Wash­ing­ton Times

Head in the sand

sh_ostrich_180Banks need to be active and use intel­li­gence gath­ered in-house or by secu­ri­ty intel­li­gence providers to bat­tle cyber crim­i­nals, says Thom­son Reuters in a report titled: “Cyber Crime: The Fast-Mov­ing Men­ace.” Sev­er­al finan­cial ser­vices orga­ni­za­tions have tak­en hits from cyber crime, but although they believe the threat is grow­ing, many don’t think they will be hit. The report notes also that many banks are fail­ing to take some basic steps to pro­tect them­selves from cyber crime. In addi­tion, some banks’ lega­cy tech­nol­o­gy and appli­ca­tions are 25 or 30 years old, and are dif­fi­cult to fix and pro­tect. The report notes that 99 per­cent of breach­es involved old vul­ner­a­bil­i­ties that gov­ern­ments, banks and com­pa­nies had failed to patch. Source: Reuters via Val­ue­Walk

From the tool box

Spe­cial­ist lines under­writ­ing agency CFC has launched an online hub offer­ing spe­cial­ized cyber-risk man­age­ment and response ser­vices. CFC has part­nered with sev­er­al tech­nol­o­gy providers to offer clients access to risk-man­age­ment tools, tem­plates and advice to help them avoid a breach. This includes dis­count­ed access to encryp­tion soft­ware and secu­ri­ty mon­i­tor­ing, as well as free pri­va­cy con­sult­ing and anti-virus tech­nol­o­gy. Clients are able to choose the tools that best suit their indi­vid­ual needs. Source: Insur­ance Jour­nal