The Most Comprehensive Data Protection Solution

Discover, classify, and protect your data from all threats with the only Gartner Magic Quadrant DLP and Forrester Wave EDR Leader.

First and Only Solution to Converge:

  • Data Loss Prevention
  • Endpoint Detection and Response
  • User and Entity Behavior Analytics
DATAINSIDER

Digital Guardian's Blog

Friday Five: 2/5/16 Edition



Happy Friday! Here is our weekly roundup of popular cyber security news.

1. Last Minute US-Europe Deal Replaces Safe Harbor with Privacy Shield by Iain Thomson

European and U.S. lawmakers made a last minute resolution on Monday to allow data transmissions between Europe and the U.S. to continue legally. After fifteen years in the running, the Safe Harbor agreement was struck down in court last October. The new agreement, called Privacy Shield, is already under scrutiny; some fear the U.S. laws are not commensurate with European laws and that they may be too broad. Read the article for more on Privacy Shield.

2. eBay Has No Plans to Fix “Severe” Bug That Allows Malware Distribution by Dan Goodin

As of now eBay has no intentions to remediate a “severe” vulnerability that attackers can exploit to distribute “malicious code and phishing pages” through the eBay website. By using a programming style known as JSF**K, attackers can bypass eBay’s controls that aim to prevent users from posting content that can execute malicious code on visitors’ devices. Despite having known about the vulnerability since December, eBay has stated that they “have not found any fraudulent activity stemming from this incident” and seemingly do not intend to fix the flaw. Read the Ars Technica article to learn more.

3. Russia to Spend a Whopping $250m to Strengthen Its Cyber-Offensive Capabilities by Eugene Gerden

Seemingly not thrilled by the U.S.’s cyber efforts, Russia announced plans for its own advances in offensive cyber-technology this week. Claiming to have access to top hacking talent, Russia plans to spend $200-250 million (USD) per year developing offensive technology targeting opposing militaries’ command and control systems and other critical infrastructure. A Russian Federal Security Service spokesperson told SC Magazine UK that Russia’s plan is “in response to similar plans announced by the US at the beginning of 2015.” Read the full article for more on Russia's plan.

4. Audit Uncovers Flaws in U.S.’s “EINSTEIN” Cybersecurity Program by Bradley Barth

A new report released by the U.S. Government Accountability Office (GAO) this week exposed some security issues in EINSTEIN, the Department of Homeland Security’s National Cybersecurity Protection System (NCPS). Since 2003, the DHS has used EINSTEIN secure federal agency network traffic through intrusion prevention and detection as well as security analytics and information sharing. Despite having an allocated budget of $5.7 billion through 2018, the GAO audit found that EINSTEIN is lacking in its defenses against zero-day attacks as well as its traffic monitoring capabilities, among others. For more on the security issues relating to EINSTEIN, read the article.

5. NASA Brushes Off Claims That One of Its Drones Was Hacked by Thomas Fox-Brewster

The week started off with hacking group Anonsec claiming on Sunday that it had successfully hacked a NASA drone to take “semi-partial control” mid-flight. The group also released roughly 250 GB of data – including drone logs and employee information – it claimed to have stolen after hacking NASA’s networks. On Monday, NASA denied Anonsec’s claims in a statement to Forbes that “Control of our Global Hawk aircraft was not compromised. NASA has no evidence to indicate the alleged hacked data are anything other than already publicly available data.” NASA’s investigation is still underway. Read the full article for more.

Anne Scholl

ANALYST REPORTS

Gartner 2017 Magic Quadrant for Enterprise Data Loss Prevention (DLP)

Anne Scholl

Anne is senior marketing operations manager at Digital Guardian and spends most of her time managing marketing platforms, finding new ways to increase demand, and her favorite part of the work day, analyzing data to increase program effectiveness. She joins us after spending a couple of years at a cybersecurity startup. Previously Anne completed a Masters degree at NYU, studying cyber security policy. She has a fascination with the cyber industry and enjoys being a part of this cutting edge field.