As the Senate Intelligence Committee held its first public hearings examining Russian hacking yesterday, lawmakers received a stark warning that the intrusions have been far broader in scope than the intelligence community’s finding that Russian hackers meddled in the 2016 presidential election to help Donald Trump defeat Hillary Clinton.

Sen. Marco Rubio (R-Fla.) seemed to confirm as much when he announced that former aides to his presidential campaign, had been targeted by an apparent cyberattack emanating from a Russian IP address last July and again just this Wednesday.

Clinton Watts, a senior fellow at the Foreign Policy Research Institute, said that his organization in the past week had detected Russian involvement in a social media campaign aimed at discrediting House Speaker Paul Ryan (D-Wis.).

To read this article in full or to leave a comment, please click here

Imagine these scenarios:

• Insiders at a financial institution place transactions using e-execution and then deny involvement when trades lose money.
• Regulated individuals share secrets and collude to fix pricing via messaging services.
• Fraud occurs through re-diverted funds within Treasury departments.
• Funds are embezzled or re-directed for personal gain.
• Confidential data is accessed for market price fixing, front running or gaining market advantage
• Executives request staff members to access confidential or highly secure content to create a more simplistic briefing process.
• Data is accessed and leaked for personal benefit.

The common denominator to every one of these scenarios is individuals denying their involvement or abdicating responsibility in a transaction. These types of acts are happening every day across virtually every industry — pharma, finance, the public sector — costing companies incredible amounts of money to investigate and putting operating licenses at risk.

To read this article in full or to leave a comment, please click here

The Russian government used “thousands” of internet trolls and bots to spread fake news, in addition to hacking into political campaigns leading up to the 2016 U.S. election, according to one lawmaker.

Disinformation spread on social media was designed to raise doubts about the U.S. election and the campaign of Democratic presidential candidate Hillary Clinton, said Senator Mark Warner, a Virginia Democrat.

“This Russian propaganda on steroids was designed to poison the national conversation in America,” Warner said Thursday during a Senate hearing on Russian election hacking. The Russian government used “thousands of paid internet trolls” and bots to spread disinformation on social media.

To read this article in full or to leave a comment, please click here

When Congress voted down broadband privacy regulations this week, it threw data security under the bus as well. Internet users who want to protect their data can expect to pay a “privacy tax” as a result.

The House voted 215-205 to repeal rules that, among other things, required broadband providers to take “reasonable” steps to protect customers’ information. The rules also would have mandated that telecoms notify customers within 30 days “after reasonable determination of [a data] breach.” And if a breach affected at least 5,000 customers, they would have had to notify the FBI, the Secret Service, and the FCC within seven business days. The privacy rules regarding notifications were slated to take effect in June.

To read this article in full or to leave a comment, please click here

Developers keep finding new ways to deliver higher-quality software faster—and automation is playing a big part in that transformation. But to avoid introducing new flaws at that same hurry-up pace, security needs to be integrated directly into the development lifecycle.

For many modern dev shops, Jenkins has become the open source engine of CI/CD (continuous integration/continuous delivery). Jenkins and its community have given rise to hundreds of plugins, including those that automate security. There’s no reason why repetitive tasks, such as determining how an application handles malicious inputs or checking for known vulnerable components, must be performed manually. Jenkins’ thriving marketplace of plugins can deliver the automated security testing you need.

To read this article in full or to leave a comment, please click here