Accurate, Focused Research on Law, Technology and Knowledge Discovery Since 2002

Category Archives: Cybercrime

Bourne-Again Shell (Bash) Remote Code Execution Vulnerability

“US-CERT is aware of a Bash vulnerability affecting Unix-based operating systems such as Linux and Mac OS X. Exploitation of this vulnerability may allow a remote attacker to execute arbitrary code on an affected system. The flaw was originally assigned CVE-2014-6271, but it was later discovered that the patch had an issue in the parser and did not fully address the problem. MITRE later assigned CVE-2014-7169 to cover the remaining problems after the application of the first patch. US-CERT recommends users and administrators review TA14-268A, Vulnerability Note VU#252743 and the Redhat Security Blog(link is external) for additional details and to refer to their respective Linux or Unix-based OS vendor(s) for an appropriate patch. A GNU Bash patch is also available for experienced users and administrators to implement.”

Operating systems with updates include:

Information Sharing Environment: Annual Report to Congress – 2014

“This report is submitted by the Program Manager for the Information Sharing Environment (PM-ISE) on behalf of the President, as required by Section 1016 (h) (2) of the Intelligence Reform and Terrorism Prevention Act (IRTPA) of 2004, as amended. Accompanying, but distinct from this report, are substantial performance data and links to best practices, lessons learned,Continue Reading

Results of the 2014 Global Privacy Enforcement Network Sweep

“The second Global Privacy Enforcement Network (GPEN) Privacy Sweep demonstrates the ongoing commitment of privacy enforcement authorities to work together to promote privacy protection around the world. Some 26 privacy enforcement authorities in 19 countries participated in the 2014 Sweep, which took place May 12-18. Over the course of the week, participants downloaded 1,211 popular mobile appsContinue Reading

New GAO Reports – Army Corps of Engineers, Bureau of Prisons, CFPB, ID Theft, Oil and Gas Transportation, Affordable Care Act

ARMY CORPS OF ENGINEERS: The Corps Needs to Take Steps to Identify All Projects and Studies Eligible for Deauthorization, GAO-14-699: Published: Aug 21, 2014. Publicly Released: Sep 22, 2014. BUREAU OF PRISONS: Management of New Prison Activations Can Be Improved, GAO-14-709: Published: Aug 22, 2014. Publicly Released: Sep 22, 2014. CONSUMER FINANCIAL PROTECTION BUREAU:Some Privacy and Security Procedures for Data CollectionsContinue Reading

New GAO Reports – Critical Infrastructure Protection, EPA Regs and Electricity

CRITICAL INFRASTRUCTURE PROTECTION: DHS Action Needed to Enhance Integration and Coordination of Vulnerability Assessment Efforts, GAO-14-507: Published: Sep 15, 2014. Publicly Released: Sep 15, 2014: “DHS is not positioned to manage an integrated and coordinated government-wide approach for assessments as called for in the NIPP because it does not have sufficient information about the assessment tools andContinue Reading

Cyberthreats in past year impact 93% of financial services organizations

“Cyberattacks targeting financial services firms are on the rise, but are these organizations doing enough to protect business and customer data? According to a Kaspersky Lab and B2B International survey of worldwide IT professionals, 93% of financial services organizations experienced various cyberthreats in the past 12 months. And while cyber-attacks targeting financial services firms are on the rise, nearly oneContinue Reading

DARPA Open Catalog

“Welcome to the DARPA Open Catalog, which contains a curated list of DARPA-sponsored software and peer-reviewed publications. DARPA sponsors fundamental and applied research in a variety of areas including data science, cyber, anomaly detection, etc., that may lead to experimental results and reusable technology designed to benefit multiple government domains. The DARPA Open Catalog organizes publiclyContinue Reading

2014 Cost of Data Breach: Global Analysis

News release: “Throughout the world, companies are finding that data breaches have become as common as a cold but far more expensive to treat. With the exception of Germany, companies had to spend more on their investigations, notification and response when their sensitive and confidential information was lost or stolen. As revealed in the 2014Continue Reading

High level hacking of US financial system linked to Russia as FBI investigates

Bloomberg: “Russian hackers attacked the U.S. financial system in mid-August, infiltrating and stealing data from JPMorgan Chase & Co. (JPM) and at least one other bank, an incident the FBI is investigating as a possible retaliation for government-sponsored sanctions, according to two people familiar with the probe. The attack resulted in the loss of gigabytes of sensitive data,Continue Reading

IBM X-Force Threat Intelligence Quarterly, 3Q 2014

Get a closer look at Heartbleed—from the latest attack activity to mitigation strategies - using 2014 mid-year data and ongoing research. IBM, August 2014. “Welcome to the latest quarterly report from the IBM® X-Force® research and development team. In this report, we’ll look at how the Heartbleed vulnerability—CVE-2014-0160, disclosed in April 2014—impacted organizations around the world.Continue Reading

How a Chinese National Gained Access to Arizona’s Terror Center

ProPublica:  The un-vetted computer engineer plugged into law enforcement networks and a database of 5 million Arizona drivers in a possible breach that was kept secret for years. by Ryan Gabrielson, ProPublica and Andrew Becker, Center for Investigative Reporting, August 26, 2014. “LIZHONG FAN’S DESK WAS AMONG A CROWD of cubicles at the Arizona Counter Terrorism InformationContinue Reading

New on LLRX – Four Part Series on Privacy and Data Security Violations

Via LLRX.com – fours new articles by law professor Daniel J. Solove on privacy, data protection and the harm caused by breaches. Privacy and Data Security Violations: What’s the Harm? - Daniel J. Solove is a Law professor at George Washington University Law School, an expert in information privacy law, and founder of TeachPrivacy, a privacy and securityContinue Reading