Info Security

Subscribe to Info Security  feed
Updated: 31 min 54 sec ago

STEM Teachers Focus on Cyber at Summer Camp

Tue, 07/31/2018 - 12:30
STEM Teachers Focus on Cyber at Summer Camp

Underway this week is NittanyGenCyber Camp, a five-day summer camp offered at Penn State University’s College of Information Sciences and Technology’s (IST) and designed for middle and high school STEM teachers. The week-long camp kicked off yesterday and will run through Friday, 3 August 2018.

This first-of-its-kind summer camp aims to provide teachers with fundamental cybersecurity principles, delivering them hands-on experience to inform them of cyber’s intersection with data science. Applications were due on 25 May 2018, and attendees include teachers from different New Jersey school districts and Pennsylvania’s West Essex Regional School District.

The summer camp is part of the GenCyber program, which offers cybersecurity summer camps to students and teachers at the K-12 level. It’s an effort to not only increase awareness in cybersecurity careers but also to diversify the cybersecurity workforce.

NittanyGenCyber camp is funded by a grant from the National Security Agency and the National Science Foundation, which is why it was able to provide the camp at no charge fee to its participants. Attendees also received a stipend to cover travel expenses.

Led by Penn State’s IST GenCyber principal investigator, Dongwon Lee, associate IST professor, and two co-principal investigators, Anna Squicciarini, associate IST professor, and Nick Giacobe, assistant teaching IST professor and director of the college’s undergraduate programs, the first workshop included a hands-on course using a security board game. Additional topics covered include OS basics, social engineering attacks, cryptography basics, online frauds and fakes, steganography basics, password, forensics, cyber competitions, ethics and access control.

“Researchers and other organizations have identified somewhere between 130,000 and 209,000 unfilled cybersecurity jobs exist in the U.S. today,” Giacobe told TAP into West Essex news.

“Worldwide, those estimates climb to 2.5-3.5 million unfilled cyber jobs by 2025. Regardless of which numbers you follow, the point is that there is a significant gap between the skills of the talent pool we have today versus what companies need today and tomorrow.”

Categories: Cyber Risk News

Dixons Carphone: Breach Hit 10 Million Personal Records

Tue, 07/31/2018 - 09:23
Dixons Carphone: Breach Hit 10 Million Personal Records

Dixons Carphone has revised up its estimate of how much customer data was stolen in a recently disclosed breach by almost nine million records.

The UK retailer revealed in June that hackers had accessed personal data on 1.2 million Currys PC World and Dixons Travel store customers — including names, addresses and email addresses.

However, in a new statement today it claimed that 10 million records containing personal data “may have been accessed” in the 2017 incident, whilst also admitting that “there is now evidence that some of this data may have left our systems.”

However, the high street giant was again at pains to point out that the compromised records “do not contain payment card or bank account details and there is no evidence that any fraud has resulted.”

Alongside the 1.2m records containing personal data, the original breach saw an ‘attempt’ to compromise 5.9m cards held in its systems. Dixons Carphone said that 5.8m of these had chip and PIN protection and that the stolen data did not include pin codes, card verification values (CVV) or authentication data — making it more difficult for the hackers to monetize although still exposing customers to a serious CNP fraud risk.

“Since our data security review uncovered last year’s breach, we’ve been working around the clock to put it right. That’s included closing off the unauthorized access, adding new security measures and launching an immediate investigation, which has allowed us to build a fuller understanding of the incident that we’re updating on today,” said CEO Alex Baldock.

“As a precaution, we’re now also contacting all our customers to apologise and advise on the steps they can take to protect themselves. Again, we’re disappointed in having fallen short here, and very sorry for any distress we’ve caused our customers.”

Mark Adams, regional VP for UK & Ireland at Veeam, argued it was worrying that Dixons Carphone got the scale of the breach so wrong.

“These days the public care a lot about how their data is handled and by whom, and they want organizations to be more proactive in managing that data, so the size of the breach is going to translate into a much higher loss than many will imagine,” he added. “With so much competition for business, this will be an expensive breach with a long tail of damage for the organization's brand and reputation.”

Categories: Cyber Risk News

Pentagon Reveals "Do Not Buy" Software List

Tue, 07/31/2018 - 08:58
Pentagon Reveals "Do Not Buy" Software List

The security stand-off between the United States and Russia and China is set to intensify after the Pentagon revealed it has been developing a “do not buy” list of software originating from the two hostile nations.

The Defense Department’s acquisitions boss, Ellen Lord, told reporters that the list was begun six months ago in concert with US intelligence agencies.

As the name suggests, once a vendor is included on the list, their products will be boycotted by the Pentagon as a security risk.

However, drawing up the list has apparently not always been easy given that Beijing and Moscow are keen to hide the true origin of some companies.

"What we are doing is making sure that we do not buy software that is Russian or Chinese provenance, for instance, and quite often that is difficult to tell at first glance because of holding companies," Lord reportedly said. "We have identified certain companies that do not operate in a way consistent with what we have for defense standards."

Chinese telecoms firm ZTE and Russian AV firm Kaspersky Lab have been early casualties in an escalating Balkanisation of global technology flows.

Kaspersky Lab was banned for government use after fears of ties to Russian intelligence which it claims were never substantiated by lawmakers, while both ZTE and Huawei could yet face similar bans on their products if a defense authorization bill for fiscal 2019 passes Congress.

“It really speaks to cybersecurity writ large, which is one of our greatest concerns right now," Lord said. "This is a challenge for us in terms of how to deal with the industrial base, particularly small companies who don’t always have the resources."

Terry Ray, CTO at Imperva, argued that governments have always placed strict controls on foreign technology providers.

“It is common for the US government to scan software used in its environments for backdoors and other embedded code, or configurations that may allow hidden or previously unidentified connections, inbound or outbound to the technology,” he said.

“At the moment, I have not seen details on any new inspection processes which makes me think the technical review will utilize existing techniques. However, it’s important to note that other well-developed countries operate similarly and prefer to purchase and implement in-country or open source technology, in lieu of off-the-shelf products offered by the US or its allies.”

Categories: Cyber Risk News