Skip to main content

Friday Five: 2/5/16 Edition

by Anne Scholl on Friday October 14, 2016

Contact Us
Free Demo

Happy Friday! Here is our weekly roundup of popular cyber security news.

1. Last Minute US-Europe Deal Replaces Safe Harbor with Privacy Shield by Iain Thomson

European and U.S. lawmakers made a last minute resolution on Monday to allow data transmissions between Europe and the U.S. to continue legally. After fifteen years in the running, the Safe Harbor agreement was struck down in court last October. The new agreement, called Privacy Shield, is already under scrutiny; some fear the U.S. laws are not commensurate with European laws and that they may be too broad. Read the article for more on Privacy Shield.

2. eBay Has No Plans to Fix “Severe” Bug That Allows Malware Distribution by Dan Goodin

As of now eBay has no intentions to remediate a “severe” vulnerability that attackers can exploit to distribute “malicious code and phishing pages” through the eBay website. By using a programming style known as JSF**K, attackers can bypass eBay’s controls that aim to prevent users from posting content that can execute malicious code on visitors’ devices. Despite having known about the vulnerability since December, eBay has stated that they “have not found any fraudulent activity stemming from this incident” and seemingly do not intend to fix the flaw. Read the Ars Technica article to learn more.

3. Russia to Spend a Whopping $250m to Strengthen Its Cyber-Offensive Capabilities by Eugene Gerden

Seemingly not thrilled by the U.S.’s cyber efforts, Russia announced plans for its own advances in offensive cyber-technology this week. Claiming to have access to top hacking talent, Russia plans to spend $200-250 million (USD) per year developing offensive technology targeting opposing militaries’ command and control systems and other critical infrastructure. A Russian Federal Security Service spokesperson told SC Magazine UK that Russia’s plan is “in response to similar plans announced by the US at the beginning of 2015.” Read the full article for more on Russia's plan.

4. Audit Uncovers Flaws in U.S.’s “EINSTEIN” Cybersecurity Program by Bradley Barth

A new report released by the U.S. Government Accountability Office (GAO) this week exposed some security issues in EINSTEIN, the Department of Homeland Security’s National Cybersecurity Protection System (NCPS). Since 2003, the DHS has used EINSTEIN secure federal agency network traffic through intrusion prevention and detection as well as security analytics and information sharing. Despite having an allocated budget of $5.7 billion through 2018, the GAO audit found that EINSTEIN is lacking in its defenses against zero-day attacks as well as its traffic monitoring capabilities, among others. For more on the security issues relating to EINSTEIN, read the article.

5. NASA Brushes Off Claims That One of Its Drones Was Hacked by Thomas Fox-Brewster

The week started off with hacking group Anonsec claiming on Sunday that it had successfully hacked a NASA drone to take “semi-partial control” mid-flight. The group also released roughly 250 GB of data – including drone logs and employee information – it claimed to have stolen after hacking NASA’s networks. On Monday, NASA denied Anonsec’s claims in a statement to Forbes that “Control of our Global Hawk aircraft was not compromised. NASA has no evidence to indicate the alleged hacked data are anything other than already publicly available data.” NASA’s investigation is still underway. Read the full article for more.

Tags:  Security News

Recommended Resources

The Definitive Guide to DLP

  • The seven trends that have made DLP hot again
  • How to determine the right approach for your organization
  • Making the business case to executives

The Definitive Guide to Data Classification

  • Why Data Classification is Foundational
  • How to Classify Your Data
  • Selling Data Classification to the Business