Posted on July 22, 2011 by Josh Arrington
As the summer heat continues to rise, it’s clear that news about the frequency of IT security breaches refuses to take a vacation. This week the founder of popular online news site Reddit was caught red-handed while security influencers stayed cool reporting on some real threats for the utilities and government industries. Here is our take on this week’s hottest IT security stories:
- Reddit Founder Hacks into MIT and Gets Himself Caught — Computerworld’s Grant Gross provided us with details of the indictment of the co-founder of online news site Reddit. Aaron Swartz was charged with computer intrusion, fraud and data theft for allegedly stealing 4.8 million documents from an MIT network. If convicted, Swartz, who is also the founder of the political advocacy group Demand Progress, faces a possible 35 years in prison and fines of up to $1million.
- Be Afraid, Be Very Afraid – We’ve all fallen for “doom-and-gloom-we’re-all-gonna-die” stories that make you want to stock your bomb shelter. CSO’s Bill Brenner typically takes these reports as B-S; this week however, he shared an interesting report from Brian Ross, “New Terror Report Warns of Insider Threat to Utilities” to which he says “the insider threat is real.” While Brenner is referring to physical security in this particular piece, given the numerous flaws and vulnerabilities reported in SCADA software over the past few months we can’t help but draw the connection to an IT security threat as well.
- Hackers Infiltrate Computers at the German Federal Police and Customs Service – It’s one thing to hack into a system and get the heck out of there – but to stay in that system undetected for say, months, is a whole other ballgame. In what could be an incredibly devastating data loss for the German Federal Police and Customs Service – hackers reportedly gained access to federal police computers in September 2010 and were able steal information undetected for months. In addition, hackers were able to gain access to the German customs service and publish stolen files on the Internet. In the words of an anonymous security officer, “that is pretty much the worst thing that could happen.”
What other hot stories would you add to this list?
Posted on July 11, 2011 by Josh Arrington
Despite our nice little July 4th break in the U.S. this week’s news continues to suggest that 2011 has been anything but an IT security “holiday” for a number of organizations. Let’s take a look at some of the week’s biggest news items:
Big Brother, Where Art Thou? – Remember the consultant who was able to exploit a hardcoded, default password in a police cruiser’s digital video recorder system to gain access to controls and manipulate its use? We thought that was bad news, but now according to figures released by the Big Brother Watch, over 900 police officers and other staffers were subjected to internal discipline for breaching the data protection act (DPA) in the U.K. It’s one thing when law enforcement’s technology is susceptible to a data breach, it’s another when the actual officers are illegally viewing computer records for “non-policing purposes.” Talk about an abuse of privileges.
Not an Even Trade Between U.S. and China - A ThreatPost article details the arrest of a CME Group employee who allegedly stole trade secrets and proprietary source code used to run trading systems for the Chicago Mercantile Exchange and passed them along to China. The implications here obviously are far reaching as the employee downloaded “thousands of files” containing “source code and proprietary algorithms” used by CME to run its trading systems.” What is unclear, however, is how he gained access to the systems—was it through an escalation of privilege to access this sensitive information?
IT Security Rewind, uh, Rewind – Clearly, we think it’s important to recap the week’s most important IT security related developments, so we are always excited to identify similarly detailed reports, like this one from Help Net Security, that covers recent security incidents. The report recaps some of the biggest events of the year—from RSA to Citibank—and highlights the impact of the breaches on the organizations and their users.
That’s it for this week—thoughts? Comments? Bring ‘em on.
- Excessive Admins and Privileged Security – Part II
- Excessive Admins and Privileged Security – Part I
- Grossly Underestimating the Privileged Account Security Problem Part 3: Automating Privileged Account Management and Cyber-Ark DNA™ (Discovery & Audit)
- Google’s Insecurities
- Grossly Underestimating the Privileged Account Security Problem Part 2: Defining Privilege with Cyber-Ark CMO, John Worrall
“The Compromise of Privileged Accounts was a Crucial Factor in 100% of APTs”: CyberSheath Releases the First APT/Privileged Account Research Report
Posted on April 24, 2013
Posted on April 1, 2013
Protecting Privileged Accounts can be the Difference Between “Managing” and “Securing” File Transfers
Posted on January 10, 2013
Copyright 2013 Cyber-Ark Software - All Rights Reserved