Trump goes back and forth on Russia hack

Share on FacebookShare on Google+Tweet about this on TwitterShare on LinkedInEmail this to someonePrint this page

Donald Trump was pressed on Russia early and often during a news conference, asserting that Russia will no longer hack American institutions but again not clearly saying whether he blames Russia for election-related cyber attacks. Trump first said he thinks Russia directed cyber attacks on Democratic Party targets, but later made his view less clear. He said the hacking “could be others” and repeatedly deflected attention to attacks by China and other countries and institutions. He contended that Russia would no longer hack the United States when he is president but did not answer questions about whether he will uphold sanctions in response to interference in the election. The U.S. intelligence community concluded that Russian President Vladimir Putin directed an effort to influence the election in Trump’s favor. … Russia hacked into Republican state political campaigns and old email domains of the Republican National Committee, but there is no evidence it penetrated President-elect Donald Trump’s campaign, said FBI Director James Comey. Sources: CNBC, Reuters

Forecast: Passwords on way out, cyber war likely

sh_password_400Experian Data Breach Resolution’s Data Breach Industry Forecast says five data breach trends will dominate 2017: aftershock password breaches will expedite the death of the password; nation-state cyber attacks will move from espionage to war; health care organizations will be the most targeted sector; criminals will focus on payment-based attacks; and international data breaches will cause headaches for multinational companies. Source: CIO.com

Falling for this could lead to a net loss

Cybersecurity company FireEye Labs is warning Netflix customers to beware of a scam targeting credit card and personal information. The scam email asks customers to update Netflix membership information. A link in the email directs people to a page that looks like an official Netflix login page. The fraudulent link requests billing and credit card information. Netflix says it will never ask for personal data such as payment information, Social Security number or account password in an email. Source: WBAY, Green Bay, Wisconsin

Geek Squad reports child porn to FBI for pay; privacy at issue

sh_geek-squad_280Over several years, a handful of Best Buy Geek Squad technicians conducting repairs have notified the FBI when they see signs of child pornography, earning payments from the agency. The existence of the small cadre of informants was revealed in the case of a California doctor facing federal charges after a technician flagged his hard drive. The case raises issues about privacy and government use of informants. Source: The Washington Post

Nation-state breached Anthem, report says

The California Department of Insurance says that the 2015 Anthem breach was the result of a nation-state attack. CrowdStrike determined that the attacker was acting on behalf of a foreign government, according to an Anthem examination report, which didn’t identify the government in question. The breach compromised 78.8 million consumer records including those of at least 12 million minors. Source: SC magazine

Heart implants get cyber patch to block hacks

sh_heart-implant_280Abbott Laboratories released a software patch for its St. Jude heart implants to guard against possible cyber attacks. The company disclosed the moves some five months after the U.S. government launched a probe into claims the devices were vulnerable to potentially life-threatening hacks that could cause implanted devices to pace at potentially dangerous rates or cause them to fail by draining their batteries. Source: Reuters

Hey, handsome: Hamas used sexy photos to get into phones

Palestinian group Hamas used pictures of attractive women to hack phones belonging to Israeli soldiers, an Israeli Defense Force intelligence official said. After sending the soldiers pictures, they would suggest downloading a “video chat” app that actually was a Trojan horse that allowed them access to the soldiers’ contacts and files, GPS data, photographs and text messages and allowed them to install applications. Hamas was able to take photos of offices and computer screens. Source: Geek Times

Showing peace sign in selfie could give away fingerprints

sh_peace-sign_280Flashing the peace sign in a selfie could be setting you up for identity theft. The “zoom-and-enhance” technique on phone cameras is capable of capturing a fingerprint accurately enough for someone to steal it. Source: CNet

Health care company fined for keeping quiet about breach

An Illinois health system reached a $475,000 settlement over allegations it waited too long to report a data breach. Presence Health uncovered a breach on Oct. 22, 2013, affecting 836 individuals, but didn’t report the breach to affected individuals until Feb. 3, 2014, the HHS Office for Civil Rights said. In addition to the payment, Presence agreed to a two-year corrective action plan. Source: BNA Bloomberg

You might have to wait a little while for that weed

sh_marijuana_280Marijuana shops across the country are being affected by the apparent hack of a sales and inventory system. MJ Freeway is a Denver company whose “seed-to-sale” tracking software is used by hundreds of marijuana companies to comply with state regulation. The software is a major tool for marijuana dispensaries, which use it to ring up sales to customers, track inventory, prepare required reports to state regulators and other business functions. MJ Freeway said the outage was the work of unknown hackers. Source: The Boston Globe

Machine-learning cyber protection system finds new home

Northrop Grumman has sold BluVector, a next-generation machine-learning threat detection and cyber-hunting solution, to LLR Partners. BluVector uses machine learning to provide network-based advanced threat detection and reduce response time from months to minutes, LLR Partners said. It enables security operations center analysts and incident response teams to get insight in real-time. Source: Washington Technology