Europeans worry Trump might not follow through on privacy

Share on FacebookShare on Google+Tweet about this on TwitterShare on LinkedInEmail this to someonePrint this page

The ability of companies to transfer everything from payroll files to social media posts to the U.S. from Europe could be in jeopardy. Tech executives and European officials worry that the Trump administration might consider removing existing privacy protections for Europeans. Strict privacy laws in the European Union allow companies to store personal information about Europeans on American soil only if the companies commit to guaranteeing European levels of privacy protection. But one of the main legal mechanisms to do so, agreed between the U.S. and EU last year and used by almost 2,000 firms, is underpinned legally by written assurances and a presidential directive enacted under former President Obama’s administration—much of which could be undone with the stroke of a pen by President Trump. “We are watching with some measure of anxiety,” said a senior staffer at one U.S. tech firm that uses the mechanism, called Privacy Shield. Source: The Wall Street Journal

Hackers disable traffic, security cameras before inauguration

sh_security-camera_280Eight days before President Trump was sworn in, hackers breached traffic and security cameras around Washington, D.C. The cameras were part of the security setup for the inauguration and were being monitored at an FBI command center. There are 187 cameras in the city—monitoring everything from the White House to the Capitol to the inaugural parade route—and about 70 percent of them had been commandeered. Within hours of being notified, the Secret Service was able to zero in on potential suspects in Britain. Police there arrested a man and a woman the day before the inauguration. Source: CBS News

If it’s in print, then it must be true … or not

sh_printer_280A hacker who goes by the name Stackoverflowin claimed he hacked 150,000 insecure printers “to raise everyone’s awareness towards the dangers of leaving printers exposed online without a firewall or other security settings enabled.”  Using his own automated script, Stackoverflowin detected insecure printers manufactured by such companies as Hewlett-Packard, Brother, Epson and Canon. He instructed the machines to print a document informing victims of the hack with ASCII art interspersed throughout. The hack targeted a large number of receipt printers, as well as office printers. Source: Gizmodo

Cyber insurance coverage closer to being a routine purchase

Cyber insurance is emerging as a real risk management option for businesses if the worst should happen. There is every possibility it soon will become a necessity for any organization storing personal data. In the same way that drivers are required by law to have motor insurance, businesses may be obligated to have measures in place that guarantee compensation for customers left at risk by any data breach. Source: Information Age

Playtime’s over: Toys R Us rewards program targeted

sh_toys-r-us_280Toys R Us notified rewards program customers that it was resetting passwords in response to an attempted hacking. “This appears to be related to earlier online breaches of websites not associated with Toys R Us, Rewards R Us or our vendor,” the company said. Names and addresses may have been compromised, but no credit card details, banking or payment information was in the database. The company said the thieves might have been trying to exploit how users have identical passwords for multiple accounts. Source: NBC News

Russian banks just can’t say nyet to these guys

Cyber thieves have stolen millions of dollars from Russian banks, cybersecurity and anti-virus provider Kaspersky Labs reported. At least 29 Russian banks were affected in 2015, and the hackers are still active and on the prowl for new victims. Three groups of hackers “inflicted multiple millions in terms of financial damage to the banks.” The names of the targeted banks weren’t revealed. Source: WMUR, Manchester, N.H.

Pro-Trump PAC breached, hackers post ‘interesting’ messages

sh_trump-website_280A prolific Republican super PAC pushing President Trump’s Cabinet took down its website temporarily after hackers got in and retitled sections “Make America S****y Again” and scrawled “Black Lives Matter” across the video section. The 45 Committee released a new ad pushing Trump’s Cabinet picks this week. But the group was forced to take down its site after hackers got in and relabeled some videos—a spot pushing Tom Price for Health and Human Services secretary was renamed “Steve Bannon is a White Supremacist” and the spot supporting Sen. Jeff Sessions was dubbed “Sessions is Deemed Too Racist to be a Federal Judge.” Source: CNN

Dark Web gets hacked but hacker says it was for a good cause

The Dark Web is having a rough time, as an Anonymous-linked hacker brought down about a fifth of the Tor network’s “secret” websites (more than 10,000) in a claimed vigilante move. The intruder attacked a Dark Web-hosting service, Freedom Hosting II, after discovering that it was managing child porn sites—they were using gigabytes of data each when the host officially allows no more than 256MB. Source: Engadget

Beckham says, hey, that’s not cool, mate

sh_david-beckham_280An alleged email hack resulted in the release of many of David Beckham’s private emails being made public. The content of the emails, allegedly between Beckham and a member of his team—which are said to have been released as part of the blackmail of the footballer—reportedly feature unflattering references to his work with charity UNICEF. Beckham, who has been a UNICEF goodwill ambassador since 2005, was quoted in the emails as having criticized the honors committee on his failure to be given a knighthood. Source: Vogue

U.S., Europe consult on election hacking prevention

The U.S. intelligence community is working with governments across Europe to ensure they don’t fall victim to the same digital meddling campaign that hit the U.S. presidential election. Intelligence agencies have shared with several foreign governments the classified version of their deep-dive report on what they believe was a Russian plot to undermine Hillary Clinton and tilt the election toward Donald Trump, according to a senior intelligence official and intelligence-oriented lawmakers. Source: Politico

IRS warns schools, tribes, nonprofits about W2 scam …

sh_w-2-form_280The Internal Revenue Service warned all employers about the resurgence of a W-2 based cyber scam, which is “spreading to other sectors, including school districts, tribal organizations and nonprofits.” This scam consists of an email sent to an employee in the Human Resources or Accounting department from an executive within the organization. Both the TO and FROM email addresses are accurate internal addresses, as are the sender’s and recipient’s names. The email requests that the recipient forward the company’s W-2 forms, or related data, to the sender. This request aligns with the job responsibilities of both parties to the email. Source: National Law Review

… And this school didn’t get the message in time

The College of Southern Idaho has reported a significant phishing scam after employee inadvertently released W-2 tax information. An individual—who was impersonating a college employee—sent an email Thursday to a CSI employee requesting W-2 forms. An employee released information later that day for all college employees for 2015 and 2016. Source: The Twin Falls, Idaho, Magic Valley

Taiwanese travelers might need to check their personal info

sh_taiwan_280Around 15,000 files containing the personal information of Taiwanese travelers are suspected to have been stolen by hackers. Winston Chung, deputy head of the Ministry of Foreign Affair’s Bureau of Consular Affairs, said the possible leak was due an intrusion into its email system. Hackers may have stolen email account passwords, gaining access to emails the bureau had sent to its overseas offices in the past three months. These emails contained personal information of citizens planning to travel overseas, including their names, personal ID numbers, cellphone and passport numbers and addresses. Source: China Post

Business practices aren’t very good across the board, survey finds

A study of 3,000 companies in the United States, Britain and Germany, conducted for specialist insurer Hiscox, reveals that more than half (53 percent) of businesses’ security is unprepared to deal with cyber attacks. The Hiscox Cyber Readiness Report 2017 assesses readiness in four areas: strategy, resourcing, technology, and process. While most companies scored well for technology, only 30 percent qualify as “expert” in their overall cyber readiness. Source: Small Business

I say, that’s not very sporting, now, is it?

sh_sports-direct_280A cyber attacker hit Britain’s Sports Direct, gaining access to internal systems containing details for phone numbers, names and home and email addresses of the retail giant’s 30,000 staff members. Workers still haven’t been told about the breach, which took place in September. Sports Direct discovered the attack three months later after a phone number was left on the company’s internal site with a message encouraging bosses to make contact. Source: The Sun

The word of the day is password; as in, you’re getting a new one

Industrial computer supplier Logic Supply reset user passwords following a suspected security breach. Unauthorized access through the firm’s website might have exposed customer/company names, user names and passwords, and order information. Payment card details were not exposed, Logic Supply said. Source: The Register

Facebook fights warrants in New York disability fraud case

sh_facebook_280Facebook is fighting to keep user accounts off-limits to prosecutors investigating alleged Social Security fraud by 9/11 first responders. The Manhattan District Attorney’s Office sent the site 381 search warrants related to the issue, which the government says has defrauded the Social Security of millions of dollars in disability benefits. Prosecutors say that some New York City police officers and firefighters who retired after 9/11, claiming mental trauma, have contradicted their disability claims in photographs, messages and other posts on Facebook. Facebook tried to quash the warrants, but the court ruled that the Manhattan DA followed the federal Stored Communications Act, which governs voluntary and compelled disclosure of electronic records held by third-party Internet service providers. Source: Courthouse News

Hotel Giant gets unwelcome guests in credit card system

InterContinental Hotels Group acknowledged that a credit card breach impacted at least a dozen properties. IHG said it found malicious software installed on point-of-sale servers at restaurants and bars of 12 IHG-managed properties from August through December 2016. The stolen data included information stored on the magnetic stripe on the backs of customer credit and debit cards—the cardholder name, card number, expiration date, and internal verification code. Source: Krebs on Security