Accurate, Focused Research on Law, Technology and Knowledge Discovery With Daily Postings Since 2002
DOJ news release: “Marcel Lehel Lazar, 44, of Arad, Romania, a hacker who used the online moniker “Guccifer,” was sentenced today to 52 months in prison for unauthorized access to a protected computer and aggravated identity theft…Lazar pleaded guilty before U.S. District Judge James C. Cacheris of the Eastern District of Virginia on May 25, …
Snipped – via Bohyun Kim. Associate Director, Library Applications and Knowledge Systems, at the University of Maryland-Baltimore, Health Sciences and Human Services Library – Keeping Up With Cybersecurity, Usability, and Privacy What is Cybersecurity? Cybersecurity is a broad term. It refers to the activities, practices, and technology that keep computers, networks, programs, and data secure …
Via Andrea Arias at the FTC: “…The Framework provides organizations with a risk-based compilation of guidelines that can help them identify, implement, and improve cybersecurity practices. The Framework does not introduce new standards or concepts; rather, it leverages and integrates cybersecurity practices that have been developed by organizations like NIST and the International Standardization Organization …
Anne Johnson and Lynette I. Millett, Rapporteurs; Forum on Cyber Resilience Workshop Series; National Academies of Sciences, Engineering, and Medicine: “In January 2016, the National Academies of Sciences, Engineering, and Medicine hosted the Workshop on Data Breach Aftermath and Recovery for Individuals and Institutions. Participants examined existing technical and policy remediations, and they discussed possible …
BYU Marriott School News – “Software developers listen up: if you want people to pay attention to your security warnings on their computers or mobile devices, you need to make them pop up at better times. A new study from BYU, in collaboration with Google Chrome engineers, finds the status quo of warning messages appearing …
“Private law firms will be hired by police to pursue criminal suspects for profit, under a radical new scheme to target cyber criminals and fraudsters. In a pilot project by the City of London police, the lead force on fraud in England and Wales, officers will pass details of suspects and cases to law firms, …
“New Ponemon Institute Report Finds Most Employees Have Too Much Access, Multiplying Damage When Accounts Are Compromised: August 2016” Closing Security Gaps to Protect Corporate Data: A Study of US and European Organizations – “…IT respondents say insider negligence is more than twice as likely to cause the compromise of insider accounts as any other …
PCWorld: “The hacker who claims to have breached the Democratic National Committee’s computers is now taking credit for hacking confidential files from a related campaign group. Guccifer 2.0 alleged on Friday that he also attacked the servers of the Democractic Congressional Campaign Committee (DCCC). He posted some of the purported files on his blog, and …
“NIST has recently expanded the flexibility and enhanced the security of Personal Identity Verification (PIV) credentials by updating the following guidelines: • Special Publication (SP) 800-156, Representation of PIV Chain-of-Trust for Import and Export, provides details regarding the use of chain -of -trust for import and export among PIV Card issuers. • SP 800-166, Derived …
Commonalities in Vehicle Vulnerabilities, Corey Thuen, Senior Security Consultant, IOActive: “With the Connected Car becoming commonplace in the market, vehicle cybersecurity grows more important by the year. At the forefront of this growing area of security research, IOActive has amassed real-world vulnerability data illustrating the general issues and potential solutions to the cybersecurity issues facing …
Inspection of Federal Computer Security at the U.S. Department of the Interior, August 9, 2016: “In accordance with Section 406 of the Cybersecurity Act of 2015, we inspected DOI’s policies, procedures, and practices for securing its computer networks and systems for all covered systems related to logical access control policies and practices, use of multifactor …
EFF Surveillance Self Defense – “When an attacker sends an email or link that looks innocent, but is actually malicious, it’s called phishing. Phishing attacks are a common way that users get infected with malware—programs that hide on your computer and can be used to remotely control it, steal information, or spy on you. In …
