Tag Archive for: Challenges

Recent legal developments bode well for security researchers, but challenges remain

/in


Despite the hoodie-wearing bad guy image, most hackers are bona fide security researchers protecting users by probing and testing the security configurations of digital networks and assets. Yet the law has often failed to distinguish between malicious hackers and good-faith security researchers.

This failure to distinguish between the two hacker camps has, however, improved over the past two years, according to Harley Geiger, an attorney with Venable LLP, who serves as counsel in the Privacy and Data Security group. Speaking at Shmoocon 2023, Geiger pointed to three changes in hacker law in 2021 and 2022 that minimize security researchers’ risks.

“Over the past couple of years, these developments have changed the sources of greatest legal risk for good faith security research,” he said. Specifically in the US, the Computer Fraud and Abuse Act (CFAA), the most controversial law affecting hackers, the Department of Justice’s (DOJ’s) charging policy under the CFAA, and the Digital Millennium Copyright Act have evolved in favor of hackers. However, laws at the US state level affecting hackers and China’s recently adopted vulnerability disclosure law pose threats to security researchers and counterbalance some of these positive changes.

Computer Fraud and Abuse Act changes

The CFAA was enacted in 1986 as an amendment to the Comprehensive Crime Control Act and was the first US federal law to address hacking. “The CFAA has been the boogeyman for the community for quite a long time,” Geiger said. “It’s maybe the most famous anti-hacking law. This is a criminal law and a civil law, and that’s important to remember. You can be prosecuted under the CFAA criminally, and you can also be threatened with private lawsuits.”

The CFAA prohibits several things, including accessing a computer without authorization and exceeding authorized access to a computer. “That phrase, exceeding authorized access to a computer, is really important,” Geiger said. “It used to mean that if you were authorized to use a computer for one thing, but then you used it for another purpose, something that you weren’t authorized to do on the computer that you were allowed to use, then that may…

Source…

Pulitzer Prize winner Daniel Golden talks global challenges of ransomware

/in


This month, the Mid-Coast Forum on Foreign Relations hosted journalist and author Daniel Golden to discuss the global challenge of ransomware.

headshot of Dan Golden

Daniel Golden

The Mid-Coast Forum on Foreign Relations seeks to promote study and discussion of the development, formulation, and implementation of United States foreign policies by means of a program of speakers, the organization of discussion and study groups, and the production and distribution of relevant materials.

Golden, currently a senior editor and reporter at ProPublica, has been part of three Pulitzer Prize teams at the Wall Street Journal, ProPublica and Bloomberg.

He has notably reported on the topics of college admissions, recruitment by universities, asylum-seekers, corporate tax evasion, the U.S. intelligence agencies, and ransomware.

Listen to the talk at: Midcoast Forum, Daniel Golden, December 2022.

Those interested in learning more about the Forum or seeing future speaker events can visit midcoastforum.org. The Maine Monitor will periodically share recordings of the Forum’s talks.

Source…

New Report Uncovers Cybersecurity Challenges Facing K-12 Schools

/in


A tour through the busy halls and classrooms of our K-12 public schools would not reveal any clues to the underlying threat they face daily from cyber threat actors intent on disrupting the digital safety and security of students, staff, and their data. K-12 schools have emerged in the past several years as one of the most frequently targeted of our public institutions in the United States. While the hardworking IT and cyber professionals in this sector have made great strides in applying effective cyber defenses, more can be done. The Multi-State Information Sharing and Analysis Center (MS-ISAC) produced our first K-12 Report as a way for K-12 leaders to better understand their cyber risk and take decisive actions to mitigate it.

At the MS-ISAC, we have a unique vantage point to view the cybersecurity challenges and threats faced by various critical infrastructure sectors among state and local governments in the U.S. We manage the largest cyber threat database on U.S. State, Local, Tribal, and Territorial (SLTT) governments, informed by telemetry from thousands of sensors deployed across SLTT networks, the Cybersecurity and Infrastructure Security Agency (CISA), the FBI, and more than 200 threat intelligence sources. We process more than 100 petabytes of data each month – the equivalent of two billion four-drawer filing cabinets full of information related to the cybersecurity of state and local governments. While our more than 3,700 K-12 school and district members are among the most highly targeted, they are also among the most active segment of our 14,000 organizational members in the MS-ISAC. Given the cyber threat they face, they have to be.

The cybersecurity threat to K-12 schools is persistent, and the potential harm of cyber attacks threatens both the vital work of our education system and the data security of an entire generation of young Americans. Ransomware remains the most impactful cybersecurity threat to K-12 schools, often resulting in significant financial loss and taking schools offline for days. Some K-12 ransomware attacks have taken months to fully remediate. Cyber threat actors’ demands seemed to have increased over time, with ransom demands exceeding…

Source…

Houston expert shares tips for navigating cybersecurity challenges amid the holiday season

/in


It’s a grinch’s cyber-playground, and this holiday season, you’re at risk — even if you think it won’t happen to you.

The good news is you can protect yourself from scams and fraud. Just remember that cybercriminals don’t discriminate, they can prey on anyone.

These statistics may surprise you:

  • Anxiety about having a mobile device hacked differs by demographic; low-income Black women rank mobile security as their number one concern, while the general population ranks mobile security as their third largest concern, according to a recent Recon Analytics survey of more than 3,297 U.S. consumers.
  • 44 percent of millennials have been victims of online crime in the last year and 31 percent admit they share their passwords with others.
  • Romance scams resulted in the most financial losses for adults aged 60 and over
  • Younger consumers took fewest actions after being notified of a data breach affecting their identity/online accounts in Q1 2022
  • Nearly 50 percent of American gamers have experienced a cyberattack on their gaming account or device
  • 47 percent of women who live in cities say their identities and/or data has been compromised in the past 6 months due to lack of home internet protections, compared with 53 percent of city men who say the same thing, according to a recent Recon Analytics survey.

People everywhere, regardless of gender, race, income level, education, or age, deserve to feel safe online. And yet, many aren’t aware how to protect themselves, don’t make it a priority, or wait to act until they are alerted to suspicious activity.

With words like malware, phishing, spoofing, and encryption, learning to protect yourself can feel like a college-level course. But it doesn’t have to be that complicated.

Top 5 ways to guard against cyberthreats

By following five simple steps, you can start to protect your network, devices and data from many digital threats.

  1. Understand cyberattacks are real. One of the first hacks was documented in 1963 and today, nearly 60 years later, hackers are attacking phones and computers every 39 seconds. Cyberattacks continue to grow in number every year.
  2. Be proactive. Don’t wait for an attack to happen. Monitor your accounts daily so you are…

Source…