Risk News

Manchester bombing suspect identified, U.S. officials say; Islamic State claims responsibility
"The Islamic State claimed Tuesday that one of its “soldiers” carried out an apparent suicide blast in Manchester that killed at least 22 people, including teenagers and others streaming out of a pop concert."
Annie's take:

Worst attack in England since 7/7/2005. The world grieves.
Cyberattacks Prompt Massive Security Spending Surge
"The fight against cyberattacks has sparked exponential growth in global protection spending, with the cyber security market estimated at $120 billion this year, more than 30 times its size just over a decade ago."
Annie's take:

More proof that executives only pay attention when some extremely expensive set of events takes place that they cannot ignore because their own boards of directors are asking how protected the firm is.
Flooded with thoughtful net neutrality comments, FCC highlights “mean tweets”
"Widespread support for strong net neutrality rules continues, both from individuals who use the Internet and companies that offer websites and applications over the Internet."
Annie's take:

The first of what will be two votes was taken this morning. You can say that net neutrality has gone down in flames.
Trump’s careening toward an inevitable showdown with an undeniable truth
"Ten days ago, Donald Trump’s rocky presidency was in relatively calm waters."
Annie's take:

Waiting for the other shoe to drop. It is an indicator of how little he thinks of Trump that Putin offered to release a transcript of the White House meeting.
Clues point to possible North Korean involvement in massive cyberattack
"Security researchers have found digital clues in the malware used in last weekend’s global ransomware attack that might indicate North Korea is involved, although they caution the evidence is not conclusive."
Annie's take:

We are still early in the investigation.
Microsoft issues ‘highly unusual’ Windows XP patch to prevent massive ransomware attack
"UK hospitals, Telefonica, FedEx, and other businesses were hit by a massive ransomware attack on Friday."
Annie's take:

Very glad to see Microsoft stepped up here on Windows XP. So much of the US government still runs on it.
Cyberattack’s Impact Could Worsen in ‘Second Wave’ of Ransomware
"Security experts are warning that the global cyberattack that began on Friday is likely to be magnified in the new workweek as users return to their offices and turn on their computers."
Annie's take:

Microsoft had already published a patch for this exploit, perhaps after having been informed by NSA or by researching what the Shadow Brokers had. Let's hope all institutions will take a close look at their patching programs going forward.
Cyberattack in U.K. Hits 16 Health Institutions
"An extensive cyberattack hit Britain’s National Health Service on Friday, blocking doctors from gaining access to patient files, causing emergency rooms to divert patients and stoking fears about hackers’ ability to wreak havoc on vital public services."
Annie's take:

Terrifying to anyone who needs medical services. Evidently the attacks include Spain and Portugal as well.
An Open Letter to the Deputy Attorney General
"Dear Deputy Attorney General Rod Rosenstein: It’s rare that any single person has to bear as much responsibility for safeguarding American democracy as you find yourself carrying now."
Annie's take:

The president acted to protect his own reputation and interests, to slow down the ongoing investigations into ties with Russian actors on last November's election. Now we wait to see what decision the Deputy Attorney General will make on appointing a special prosecutor to take it out of the political realm.
Man: Border agents threatened to “be dicks,” take my phone if I didn’t unlock it
"As he sat in a darkened corner of a neighborhood bar, Aaron Gach, an artist and lecturer at a local art college, told Ars about what happened to him in a February 2017 episode at San Francisco International Airport, where he agreed to unlock his iPhone and have it be searched by border agents rather than risk being detained and delayed further."
Annie's take:

The ACLU has never been busier.
Government Joins The Finance Sector At The Top Of The Cyber Attack List
"New research reveals that cyberattacks on the government sector doubled in 2016, hiking to 14% from 7% of all cyber security attacks in 2015. Attacks on the finance sector also rose dramatically from just 3% in 2015 to 14% of all attacks in 2016."
Annie's take:

Not surprising. Contributing factors well laid out here.
Learning the Hard Way How the Government Works
"We’re evidently in a new stage of political grief – blaming others, be it others who didn’t vote as we thought they should, or those who didn’t vote at all."
Annie's take:

Here's my call to action along with an excellent research note from Brian Stanley.
How Uber Deceives the Authorities Worldwide
"Uber has for years engaged in a worldwide program to deceive the authorities in markets where its low-cost ride-hailing service was resisted by law enforcement or, in some instances, had been banned."
Annie's take:

Someone -- or authorities perhaps -- need to take this company in hand. The Justice Department has now evidently opened an inquiry.
False positives still cause threat alert fatigue
"It is commonly referred to as information overload. An infosec professional throws out a wide net in hopes of stopping malware before it gets too deep into the network, but like a motion-sensor light, sometimes the alert catches a squirrel instead of a burglar."
Annie's take:

Great article! FireEye is a significant player in this space, and the Target example used here should have been sufficient warning to all firms to re-evaluate where they set threshholds on alarms.
Bremerton tech firm helps businesses respond to cyber attack
"In a fourth-floor room lined with flatscreen monitors a team of analysts scans alerts flowing in from computer networks across the country, watching for signs of cyber attack."
Annie's take:

My good friend and colleague Mike Hamilton founded a firm that continues to grow and have impact.
Machine learning and math can’t trump smart attackers
"When you’ve been fighting black-hat hackers for decades, you learn a thing or two about them."
Annie's take:

One of a series of short articles, the links for which are published at the bottom of the article.