Blog

CyberScout is the nation’s premier consultative provider of identity and data risk management, resolution and education services.

Researcher: OnStar system let me hack in

Security researcher Samy Kamkar posted a YouTube video of an OwnStar device that he says let him monitor and intercept communications between General Motors’ OnStar RemoteLink app and any OnStar-equipped car. GM worked to quickly issue a fix, but Kamkar told CNET that the fix was not successful. With the OwnStar device, Kamkar indicated he was able to issue commands through OnStar’s RemoteLink app—which lets drivers control some features of their cars such as locking doors and turning on lights with a mobile device—to any of GM’s compatible cars. OnStar, an in-vehicle system that provides security services, hands-free calling, and turn-by-turn navigation, is available in more than 30 GM vehicles. Kamkar was able to act as if he owned the car in the video, finding the exact location, unlocking the doors and starting the engine. Source: CNet

sh_planned parenthood_400

Planned Parenthood hacked a second time

Planned Parenthood said electronic traffic to its websites was snarled by computer hackers in the second cyber attack mounted against the health care organization this week amid a controversy about alleged sales of aborted fetal tissue. Websites operated by Planned Parenthood and its political branch, Planned Parenthood Action, were clogged by a wide-scale “distributed denial-of-service,” or DDoS, attack, the organization said. In such attacks, a Web server is deliberately flooded with massive amounts of data to block access from legitimate users. Service was restored shortly after the attack. Source: Reuters

Cyber legislation headed to Senate floor … or maybe not

Senate Majority Leader Mitch McConnell, R-Ky., said that the Senate could take up cyber legislation next week, if Democrats block a bill to defund Planned Parenthood. “If we are unable to get on the defund Planned Parenthood bill on Monday … then we’re going to turn to cybersecurity next week and see if we can achieve something for the American people … before the August recess,” he said. However, some senators are wary about the plan to pivot quickly to the stalled cybersecurity bill. Immediately after McConnell revealed his intent to bring up the long-stalled Cybersecurity Information Sharing Act, both supporters and opponents of the bill questioned the strategy. Source: The Hill

sh_computer chip_400

A problem with the pay scale

The FBI is struggling to attract computer scientists to its cybersecurity program mainly due to low pay, a Justice Department report says, highlighting weaknesses in the effort to shield against cyber threats. As of January 2015, the FBI had only hired 52 of the 134 computer scientists it was authorized to employ under the Justice Department’s Next Generation Cyber Initiative, launched in 2012. Although cyber task forces have been set up at all 56 FBI field offices, five did not have a computer scientist assigned to them, the report by the Office of the Inspector General found. Source: Business Insider

Tweeting an unhappy tune

Security experts suspect that hackers working on behalf of the Russian government are behind a cyber campaign in which infected computers are controlled through hidden messages embedded in image files shared on Twitter. Security firm FireEye all but blamed the Kremlin for an offensive campaign revealed in a report this week. The researchers said the hackers relied on a type of malware that they’ve dubbed “HAMMERTOSS” to carry out attacks in which infected machines are instructed to execute commands and upload user data to the cloud. It involves a multistep process: A Twitter account is registered using a custom algorithm, then a tweet is posted from the profile containing a Web link and a clue that signals what to do with the data on the malicious site once it’s been visited. An infected computer will then, hypothetically, surf to the site and download its contents, then use the clue from the tweet to decipher instructions buried in an image on the site that then runs commands. Source: The Washington Times

sh_israel flag_400

Weapons of war of a different kind

Israel sold more cyber-wares than arms in 2014. According to figures published by the cyber task force in the prime minister’s office, Israeli companies sold about $6 billion of Internet-security software, equivalent to about a tenth of worldwide sales of such products. A big chunk came from Check Point, best known for its ZoneAlarm antivirus software for home computers, and a provider of a range of online-security products for business. But Israel also is producing lots of cybersecurity startups. Last year, eight were sold to foreign investors, for a total of $700 million. In September CyberArk, which specializes in protecting firms against attackers who pose as system administrators and other insiders, had one of the year’s biggest IPOs on the NASDAQ, and its current valuation is around $2 billion. Source: The Economist

Straighten up, soldier

Cyber bullying among service members is getting out of hand, and Army leaders are calling on soldiers to straighten up—or face career-ending consequences. In an All-Army Activities message, the service reminded soldiers about maintaining a professional presence on and off line. “Harassment, bullying, hazing, stalking, discrimination, retaliation and any other type of misconduct that undermines dignity and respect are not consistent with Army values and negatively impact command climate and readiness,” said spokesman Paul Prince. “Soldiers or civilian employees who participate in or condone misconduct, whether offline or online, may be subject to criminal, disciplinary and/or administrative action.” Source: The Army Times

sh_cloud insurance_170x198

Coverage from a cloudburst

Cloudsurance has launched an insurance program designed to help mitigate the risks of cloud computing, such as downtime, data loss and cyber attack by providing coverage for cloud-based data and IT assets. The company will provide basic insurance to consumers who use cloud storage services such as Dropbox and Box. Coverage will include data-loss insurance, designed to financially compensate customers if a cloud provider loses their data. It also will include downtime insurance, in case a cloud provider goes down, causing a customer’s cloud-based assets to become unavailable. Cyber-attack insurance will compensate clients financially if their cloud provider is affected by a cyber-attack that hurts their IT assets. Source: Insurance Journal

Can we just forget about this ruling?

Google is appealing a French data-protection order to expand Europe’s “right to be forgotten” to its websites worldwide, kicking off a legal tussle about the scope of a rule established by the European Union’s top court. The company sent a request to France’s Commission Nationale de l’Informatique et des Libertés asking it to rescind an order that would force Google to apply Europe’s right to be forgotten to “all domain names” of the search engine, including google.com, not just Google sites aimed at Europe, such as google.co.uk. The CNIL said it would take up to two months to consider Google’s appeal before deciding whether to withdraw its order, or open sanctions proceedings that could lead to an initial fine of up to $165,000. Source: The Wall Street Journal

Offer 24/7 CyberScout Protection

CyberScout's partnership options help you safeguard the identity and privacy of your policyholders, customers, members and employees. Discover how a customized program can help build brand loyalty, customer retention, and quickly generate long-term recurring revenue.

Get Started