Europeans worry Trump might not follow through on privacy

Share on FacebookShare on Google+Tweet about this on TwitterShare on LinkedInEmail this to someonePrint this page

The abil­i­ty of com­pa­nies to trans­fer every­thing from pay­roll files to social media posts to the U.S. from Europe could be in jeop­ardy. Tech exec­u­tives and Euro­pean offi­cials wor­ry that the Trump admin­is­tra­tion might con­sid­er remov­ing exist­ing pri­va­cy pro­tec­tions for Euro­peans. Strict pri­va­cy laws in the Euro­pean Union allow com­pa­nies to store per­son­al infor­ma­tion about Euro­peans on Amer­i­can soil only if the com­pa­nies com­mit to guar­an­tee­ing Euro­pean lev­els of pri­va­cy pro­tec­tion. But one of the main legal mech­a­nisms to do so, agreed between the U.S. and EU last year and used by almost 2,000 firms, is under­pinned legal­ly by writ­ten assur­ances and a pres­i­den­tial direc­tive enact­ed under for­mer Pres­i­dent Obama’s administration—much of which could be undone with the stroke of a pen by Pres­i­dent Trump. “We are watch­ing with some mea­sure of anx­i­ety,” said a senior staffer at one U.S. tech firm that uses the mech­a­nism, called Pri­va­cy Shield. Source: The Wall Street Journal

Hackers disable traffic, security cameras before inauguration

sh_security-camera_280Eight days before Pres­i­dent Trump was sworn in, hack­ers breached traf­fic and secu­ri­ty cam­eras around Wash­ing­ton, D.C. The cam­eras were part of the secu­ri­ty set­up for the inau­gu­ra­tion and were being mon­i­tored at an FBI com­mand cen­ter. There are 187 cam­eras in the city—monitoring every­thing from the White House to the Capi­tol to the inau­gur­al parade route—and about 70 per­cent of them had been com­man­deered. With­in hours of being noti­fied, the Secret Ser­vice was able to zero in on poten­tial sus­pects in Britain. Police there arrest­ed a man and a woman the day before the inau­gu­ra­tion. Source: CBS News

If it’s in print, then it must be true … or not

sh_printer_280A hack­er who goes by the name Stack­over­flowin claimed he hacked 150,000 inse­cure print­ers “to raise everyone’s aware­ness towards the dan­gers of leav­ing print­ers exposed online with­out a fire­wall or oth­er secu­ri­ty set­tings enabled.”  Using his own auto­mat­ed script, Stack­over­flowin detect­ed inse­cure print­ers man­u­fac­tured by such com­pa­nies as Hewlett-Packard, Broth­er, Epson and Canon. He instruct­ed the machines to print a doc­u­ment inform­ing vic­tims of the hack with ASCII art inter­spersed through­out. The hack tar­get­ed a large num­ber of receipt print­ers, as well as office print­ers. Source: Giz­mo­do

Cyber insurance coverage closer to being a routine purchase

Cyber insur­ance is emerg­ing as a real risk man­age­ment option for busi­ness­es if the worst should hap­pen. There is every pos­si­bil­i­ty it soon will become a neces­si­ty for any orga­ni­za­tion stor­ing per­son­al data. In the same way that dri­vers are required by law to have motor insur­ance, busi­ness­es may be oblig­at­ed to have mea­sures in place that guar­an­tee com­pen­sa­tion for cus­tomers left at risk by any data breach. Source: Infor­ma­tion Age

Playtime’s over: Toys R Us rewards program targeted

sh_toys-r-us_280Toys R Us noti­fied rewards pro­gram cus­tomers that it was reset­ting pass­words in response to an attempt­ed hack­ing. “This appears to be relat­ed to ear­li­er online breach­es of web­sites not asso­ci­at­ed with Toys R Us, Rewards R Us or our ven­dor,” the com­pa­ny said. Names and address­es may have been com­pro­mised, but no cred­it card details, bank­ing or pay­ment infor­ma­tion was in the data­base. The com­pa­ny said the thieves might have been try­ing to exploit how users have iden­ti­cal pass­words for mul­ti­ple accounts. Source: NBC News

Russian banks just can’t say nyet to these guys

Cyber thieves have stolen mil­lions of dol­lars from Russ­ian banks, cyber­se­cu­ri­ty and anti-virus provider Kasper­sky Labs report­ed. At least 29 Russ­ian banks were affect­ed in 2015, and the hack­ers are still active and on the prowl for new vic­tims. Three groups of hack­ers “inflict­ed mul­ti­ple mil­lions in terms of finan­cial dam­age to the banks.” The names of the tar­get­ed banks weren’t revealed. Source: WMUR, Man­ches­ter, N.H.

Pro-Trump PAC breached, hackers post ‘interesting’ messages

sh_trump-website_280A pro­lif­ic Repub­li­can super PAC push­ing Pres­i­dent Trump’s Cab­i­net took down its web­site tem­porar­i­ly after hack­ers got in and reti­tled sec­tions “Make Amer­i­ca S****y Again” and scrawled “Black Lives Mat­ter” across the video sec­tion. The 45 Com­mit­tee released a new ad push­ing Trump’s Cab­i­net picks this week. But the group was forced to take down its site after hack­ers got in and rela­beled some videos—a spot push­ing Tom Price for Health and Human Ser­vices sec­re­tary was renamed “Steve Ban­non is a White Suprema­cist” and the spot sup­port­ing Sen. Jeff Ses­sions was dubbed “Ses­sions is Deemed Too Racist to be a Fed­er­al Judge.” Source: CNN

Dark Web gets hacked but hacker says it was for a good cause

The Dark Web is hav­ing a rough time, as an Anony­mous-linked hack­er brought down about a fifth of the Tor network’s “secret” web­sites (more than 10,000) in a claimed vig­i­lante move. The intrud­er attacked a Dark Web-host­ing ser­vice, Free­dom Host­ing II, after dis­cov­er­ing that it was man­ag­ing child porn sites—they were using giga­bytes of data each when the host offi­cial­ly allows no more than 256MB. Source: Engad­get

Beckham says, hey, that’s not cool, mate

sh_david-beckham_280An alleged email hack result­ed in the release of many of David Beckham’s pri­vate emails being made pub­lic. The con­tent of the emails, alleged­ly between Beck­ham and a mem­ber of his team—which are said to have been released as part of the black­mail of the footballer—reportedly fea­ture unflat­ter­ing ref­er­ences to his work with char­i­ty UNICEF. Beck­ham, who has been a UNICEF good­will ambas­sador since 2005, was quot­ed in the emails as hav­ing crit­i­cized the hon­ors com­mit­tee on his fail­ure to be giv­en a knight­hood. Source: Vogue

U.S., Europe consult on election hacking prevention

The U.S. intel­li­gence com­mu­ni­ty is work­ing with gov­ern­ments across Europe to ensure they don’t fall vic­tim to the same dig­i­tal med­dling cam­paign that hit the U.S. pres­i­den­tial elec­tion. Intel­li­gence agen­cies have shared with sev­er­al for­eign gov­ern­ments the clas­si­fied ver­sion of their deep-dive report on what they believe was a Russ­ian plot to under­mine Hillary Clin­ton and tilt the elec­tion toward Don­ald Trump, accord­ing to a senior intel­li­gence offi­cial and intel­li­gence-ori­ent­ed law­mak­ers. Source: Politi­co

IRS warns schools, tribes, nonprofits about W2 scam …

sh_w-2-form_280The Inter­nal Rev­enue Ser­vice warned all employ­ers about the resur­gence of a W-2 based cyber scam, which is “spread­ing to oth­er sec­tors, includ­ing school dis­tricts, trib­al orga­ni­za­tions and non­prof­its.” This scam con­sists of an email sent to an employ­ee in the Human Resources or Account­ing depart­ment from an exec­u­tive with­in the orga­ni­za­tion. Both the TO and FROM email address­es are accu­rate inter­nal address­es, as are the sender’s and recipient’s names. The email requests that the recip­i­ent for­ward the company’s W-2 forms, or relat­ed data, to the sender. This request aligns with the job respon­si­bil­i­ties of both par­ties to the email. Source: Nation­al Law Review

… And this school didn’t get the message in time

The Col­lege of South­ern Ida­ho has report­ed a sig­nif­i­cant phish­ing scam after employ­ee inad­ver­tent­ly released W-2 tax infor­ma­tion. An individual—who was imper­son­at­ing a col­lege employee—sent an email Thurs­day to a CSI employ­ee request­ing W-2 forms. An employ­ee released infor­ma­tion lat­er that day for all col­lege employ­ees for 2015 and 2016. Source: The Twin Falls, Ida­ho, Mag­ic Valley

Taiwanese travelers might need to check their personal info

sh_taiwan_280Around 15,000 files con­tain­ing the per­son­al infor­ma­tion of Tai­wanese trav­el­ers are sus­pect­ed to have been stolen by hack­ers. Win­ston Chung, deputy head of the Min­istry of For­eign Affair’s Bureau of Con­sular Affairs, said the pos­si­ble leak was due an intru­sion into its email sys­tem. Hack­ers may have stolen email account pass­words, gain­ing access to emails the bureau had sent to its over­seas offices in the past three months. These emails con­tained per­son­al infor­ma­tion of cit­i­zens plan­ning to trav­el over­seas, includ­ing their names, per­son­al ID num­bers, cell­phone and pass­port num­bers and address­es. Source: Chi­na Post

Business practices aren’t very good across the board, survey finds

A study of 3,000 com­pa­nies in the Unit­ed States, Britain and Ger­many, con­duct­ed for spe­cial­ist insur­er His­cox, reveals that more than half (53 per­cent) of busi­ness­es’ secu­ri­ty is unpre­pared to deal with cyber attacks. The His­cox Cyber Readi­ness Report 2017 assess­es readi­ness in four areas: strat­e­gy, resourc­ing, tech­nol­o­gy, and process. While most com­pa­nies scored well for tech­nol­o­gy, only 30 per­cent qual­i­fy as “expert” in their over­all cyber readi­ness. Source: Small Busi­ness

I say, that’s not very sporting, now, is it?

sh_sports-direct_280A cyber attack­er hit Britain’s Sports Direct, gain­ing access to inter­nal sys­tems con­tain­ing details for phone num­bers, names and home and email address­es of the retail giant’s 30,000 staff mem­bers. Work­ers still haven’t been told about the breach, which took place in Sep­tem­ber. Sports Direct dis­cov­ered the attack three months lat­er after a phone num­ber was left on the company’s inter­nal site with a mes­sage encour­ag­ing boss­es to make con­tact. Source: The Sun

The word of the day is password; as in, you’re getting a new one

Indus­tri­al com­put­er sup­pli­er Log­ic Sup­ply reset user pass­words fol­low­ing a sus­pect­ed secu­ri­ty breach. Unau­tho­rized access through the firm’s web­site might have exposed customer/company names, user names and pass­words, and order infor­ma­tion. Pay­ment card details were not exposed, Log­ic Sup­ply said. Source: The Reg­is­ter

Facebook fights warrants in New York disability fraud case

sh_facebook_280Face­book is fight­ing to keep user accounts off-lim­its to pros­e­cu­tors inves­ti­gat­ing alleged Social Secu­ri­ty fraud by 911 first respon­ders. The Man­hat­tan Dis­trict Attorney’s Office sent the site 381 search war­rants relat­ed to the issue, which the gov­ern­ment says has defraud­ed the Social Secu­ri­ty of mil­lions of dol­lars in dis­abil­i­ty ben­e­fits. Pros­e­cu­tors say that some New York City police offi­cers and fire­fight­ers who retired after 9/11, claim­ing men­tal trau­ma, have con­tra­dict­ed their dis­abil­i­ty claims in pho­tographs, mes­sages and oth­er posts on Face­book. Face­book tried to quash the war­rants, but the court ruled that the Man­hat­tan DA fol­lowed the fed­er­al Stored Com­mu­ni­ca­tions Act, which gov­erns vol­un­tary and com­pelled dis­clo­sure of elec­tron­ic records held by third-par­ty Inter­net ser­vice providers. Source: Cour­t­house News

Hotel Giant gets unwelcome guests in credit card system

Inter­Con­ti­nen­tal Hotels Group acknowl­edged that a cred­it card breach impact­ed at least a dozen prop­er­ties. IHG said it found mali­cious soft­ware installed on point-of-sale servers at restau­rants and bars of 12 IHG-man­aged prop­er­ties from August through Decem­ber 2016. The stolen data includ­ed infor­ma­tion stored on the mag­net­ic stripe on the backs of cus­tomer cred­it and deb­it cards—the card­hold­er name, card num­ber, expi­ra­tion date, and inter­nal ver­i­fi­ca­tion code. Source: Krebs on Security