Parents might need to keep an eye out

Share on FacebookShare on Google+Tweet about this on TwitterShare on LinkedInEmail this to someonePrint this page

A Global Privacy Enforcement Network project analyzed 1,494 websites and apps around the world and found 67 percent collected children’s personal information and 50 percent shared that information with other organizations. Of the websites and apps examined, results found that 22 percent provided an opportunity for children to give their phone number, 23 percent let users upload photos or video, 58 percent offered children the opportunity to be redirected to a different website, and 71 percent did not offer an accessible means for deleting account information. Source: Global News

OPM protection contract awarded at last

sh_OPM breach_750The Obama administration will spend more than $133 million to provide ID theft protection services to the 21.5 million people whose information was stolen in a hack of the Office of Personnel Management. The OPM and Defense Department said they have awarded a contract to ID Experts, which will provide victims and their dependent minor children with free credit monitoring, identity monitoring, identity theft insurance and identity restoration services for three years. The government is mailing notices to those affected by the data breach later this month. Source: NBC News

The few, the proud

sh_Marine_280A new cybersecurity chair at Marine Corps University will oversee the integration of cyber studies into nearly every facet of professional military education for Marines, from lance corporals through senior commanders. Retired Air Force Col. Gary Brown says bolstering cyber education is crucial. All Marines are connected to a network, making them potential security liabilities as they check emails or use social media. “Everybody is attached to the (Internet), and so, everybody presents an attack surface or a vulnerability to the enterprise,” he said. “The No. 1 thing we need to do is educate people about those threats to the network that they present.” Source: Marine Times

Need for speed is worth big bucks

Cybersecurity software firm Tanium has raised $120 million from investment firms as more federal agencies rely on its technology to fend off attacks from nation-states and hackers, the company said. Tanium closed the investing round—its third in just more than a year—at a $3.5 billion valuation. The company was valued at $1.8 billion in March, the last time it raised cash. Tanium is the highest-valued venture-backed cyber security company worldwide, according to CB Insights, which does research on venture capital. The company provides computer system security and management for government agencies and companies, allowing them to scan and assess every device on a network within seconds. Tanium’s technology can check up to several million computers on a network for signs of a hack or bug and deploy a patch or quarantine the infection in 15 seconds or less. Source: Reuters

Maybe the problem is on the front end

sh_software bug_280The Department of Homeland Security says that 90 percent of security incidents result from exploits against defects in software, which implies that poor software development may be the biggest cyber threat. The “Forrester Wave: Application Security Report,” which evaluates vendors for security and risk professionals, says many firms have rushed to bring applications online, building out consumer-facing websites, buying commercial off-the-shelf products, and developing mobile applications to enable and engage with their customers and partners without thinking about the security of the application itself. As a result, businesses are exposing their most sensitive corporate and customer data to possible external threats and breaches. “Many organizations have significant network security in place, but it’s not enough as 84 percent of all cyber attacks are happening on the application layer” said Tim Clark, head of brand journalism at SAP, one of the world’s largest application security vendors. Source: CSO Online

Baby of mine—and everyone else’s?

sh_baby monitorA security firm tested nine Internet-connected baby monitors, including some of the most widely available models, and found flaws that would allow strangers to drop into nurseries digitally. “Eight of the nine cameras got an F and one got a D-minus,” says security researcher Mark Stanislav of Rapid 7. “Every camera had one hidden account that a consumer can’t change because it’s hard-coded or not easily accessible. Whether intended for admin or support, it gives an outsider back-door access to the camera.” Stanislav tested cameras from iBaby, Philips, TRENDnet, Summer Infant, Lens Laboratory, and Gynoii, choosing cameras that were available on Babies-R-Us and most popular on Amazon, ranging in price from $55 to $260. Source: Fusion

‘Computer specialist’ offers to sell Clinton emails for $500,000

Emails allegedly from Hillary Rodham Clinton’s personal account are being offered to the media for a half-million dollars, but the messages said to have come from the presidential hopeful actually may have been online for years. Radar Online reported that a self-proclaimed computer specialist had approached the entertainment website and offered to sell a trove of emails taken from the Democratic front-runner’s personal email account for $500,000. “Hillary or someone from her camp erased the outbox containing her emails, but forgot to erase the emails that were in her sent box,” an insider told the website. “If these emails get out to the public domain, not only is Hillary finished as a potential presidential nominee, she could put our country’s national security at risk.” A Google search suggests the emails in question actually surfaced online in 2013 after a hacker using the handle “Guccifer” breached the email account of Clinton confidant Sidney Blumenthal and released its contents. Source: The Washington Times

Head in the sand

sh_ostrich_180Banks need to be active and use intelligence gathered in-house or by security intelligence providers to battle cyber criminals, says Thomson Reuters in a report titled: “Cyber Crime: The Fast-Moving Menace.” Several financial services organizations have taken hits from cyber crime, but although they believe the threat is growing, many don’t think they will be hit. The report notes also that many banks are failing to take some basic steps to protect themselves from cyber crime. In addition, some banks’ legacy technology and applications are 25 or 30 years old, and are difficult to fix and protect. The report notes that 99 percent of breaches involved old vulnerabilities that governments, banks and companies had failed to patch. Source: Reuters via ValueWalk

From the tool box

Specialist lines underwriting agency CFC has launched an online hub offering specialized cyber-risk management and response services. CFC has partnered with several technology providers to offer clients access to risk-management tools, templates and advice to help them avoid a breach. This includes discounted access to encryption software and security monitoring, as well as free privacy consulting and anti-virus technology. Clients are able to choose the tools that best suit their individual needs. Source: Insurance Journal