Welcome Guest | Sign In
DARPA Rewards Best Bug-Bombing Bots
August 11, 2016
The code warriors of the future literally might be computer code acting as warriors to defend against attackers on computer networks. DARPA gave us a glimpse into that future last Sunday, when it announced the winners of its Cyber Grand Challenge at DEF CON. Seven teams participated in the challenge to create systems that used bots to find and fix software problems without human intervention.
Apple to Enlist the Aid of a Few Good Hackers
August 6, 2016
Apple has introduced its first bug bounty program, set to launch in September. Ivan Krstic, head of Apple security engineering and architecture, announced the program at the Black Hat security conference in Las Vegas. The focus reportedly is on an exceptionally high level of service, and on quality over quantity. Participation in the program initially will be by invitation only.
Linux Botnets on a Rampage
August 5, 2016
Linux-operated botnet Distributed Denial of Service attacks surged in this year's second quarter, due to growing interest in targeting Chinese servers, according to a Kaspersky Lab report released this week. South Korea kept its top ranking for having the most command-and-control servers. Brazil, Italy and Israel ranked among the leaders behind South Korea for hosting C&C servers, according to Kaspersky Lab.
Old Tech Can Create New Security Woes
August 3, 2016
"Patch your systems in a timely manner" is a mantra of security experts, but what happens when the patch well runs dry because a product's maker no longer supports it? That is a situation facing many large enterprises, and it's one that poses security risks. Between 30 percent and 50 percent of the hardware and software assets in the average large enterprise have reached their end-of-life date.
Gadget Ogling: Pokémon Go Drones, New Old Nintendo, and Snowden-Secured Smartphones
August 2, 2016
Pokémon Go, the augmented-reality smartphone game that's been eating away at the fabric of society in recent weeks, is enormously fun. I enjoy the mechanics, and that it pushes me to go on longer walks. That's all well and good in the nicer weather, but when there's two feet of snow, I don't really want to traipse around so much. That's why Pokédrone might be my new favorite thing.
Federal Agencies Seek Cyberdefenders
August 2, 2016
The U.S. government is in the process of hiring a small army of IT specialists to bolster its efforts to protect data held at federal agencies from cybersecurity threats. The feds hired 3,000 new cybersecurity and IT professionals in the first six months of the current fiscal year. The hiring spree is just one component of a "first ever" Federal Cybersecurity Workforce Strategy.
Clinton Campaign Latest Target of Hackers Linked to Russia
July 30, 2016
The campaign of Democratic presidential nominee Hillary Clinton is the latest possible victim of a series of hack attacks some cybersecurity experts have linked to the Russian government. Campaign officials reportedly acknowledged that an analytics program it uses, which is maintained by the DNC, was accessed in a breach discovered earlier this month.
KeySniffer Follows the Scent of Cheap Wireless Keyboards
July 29, 2016
A vulnerability in inexpensive wireless keyboards lets hackers steal private data, Bastille reported this week. The vulnerability lets hackers use a new attack the firm dubbed "KeySniffer" to eavesdrop on and capture every keystroke typed from up to 250 feet away. The stolen data is rendered in clear text. It lets hackers search for victims' credit card information, passwords and more.
Trump Tries to Walk Back Comments on Clinton Emails
July 28, 2016
Republican presidential nominee Donald Trump on Thursday attempted to walk back some of his remarks at a Wednesday morning press briefing during the Democratic National Convention, including his suggestion that Russian intelligence services should look for more than 30,000 deleted emails belonging to former Secretary of State Hillary Clinton and reveal them to the world.
BlackBerry Offers Android Users a Secure New Smartphone
July 27, 2016
BlackBerry on Tuesday made a play for security-conscious Android users with the announcement of its new DTEK50. Running Android 6.0 Marshmallow and BlackBerry security software, the new unit is the "most secure Android smartphone" in the world, the company claimed. Many Android users have concerns about the their phone's security, according to a recent survey.
FBI Launches Probe Into DNC Email Hack
July 26, 2016
The FBI on Monday confirmed it has opened an investigation into allegations that the Wikileaks email dump of nearly 20,000 DNC emails over the weekend might be linked to the Russian government. Hackers connected to Russian intelligence agencies allegedly have been working to help tilt the U.S. presidential election. "The FBI is investigating a cyber intrusion involving the DNC," the agency said.
Civil Rights Office Issues Ransomware Guidance
July 22, 2016
Ransomware infections are on the rise, and healthcare organizations are ripe targets, which may be why the federal government addressed the subject last week. Ransomware attacks have risen from about 1,000 a day last year to 4,000 a day this year, Symantec has reported. Many of those attacks are for small change, but some of the larger ones have been directed at healthcare providers.
Snowden Puts His Mind to Designing Spy-Proof Smartphone Cases
July 21, 2016
NSA whistle-blower Edward Snowden and noted hacker Andrew "Bunnie" Huang on Thursday published a paper on their collaboration to design a smartphone case that will protect user privacy. The pair developed a prototype compatible with the 4.7-inch iPhone 6, as it's "driven primarily by what we understand to be the current preferences and tastes of reporters," the paper states.
The Internet of Medical Things, Part 3: Safety First
July 20, 2016
Though quick to capitalize on connected health devices and the coming Internet of Medical Things, hardware manufacturers may be moving too slowly when it comes to building the necessary protections into the back end. The National Security Agency last month told participants in a defense technology summit in Washington that it was looking into hacking connected medical devices.
Congressional Committee Report Finds Something Rotten at FDIC
July 18, 2016
Officials at the U.S. Federal Deposit Insurance Corporation, which insures deposits in U.S. banks, made false statements to Congress and failed to make timely notification of serious cybersecurity breaches, according to a U.S. House of Representatives Committee on Science, Space and Technology's interim staff report. FDIC CIO Lawrence Gross has created a toxic work environment, it also says.
Facebook Lets Messenger Conversations Go Dark
July 13, 2016
Facebook last week said it would begin testing long anticipated end-to-end encryption capabilities in its Messenger app, enabling users to have secret conversations. The new level of security means that a message will be visible only to the sender and the recipient -- Facebook won't even be able to read it. Users can set a timer to limit the amount of time that a message remains visible.
Google Dabbles in Post-Quantum Cryptography
July 12, 2016
Google has launched an experiment with post-quantum cryptography in Chrome. A small fraction of connections between Google's servers and Chrome on the desktop will use a post-quantum key-exchange algorithm in addition to the elliptic-curve key-exchange algorithm already being used. The idea is that large quantum computers eventually might be able to break current security algorithms retroactively.
Parsing the Clinton Email Scandal
July 11, 2016
I've been watching the Clinton email scandal closely, because I not only have been in and out of law enforcement and security for much of my early life, but also was an internal auditor for IBM and one of the leading email experts in the 1990s. I think this is the only time I've seen an investigator channel a prosecutor and give someone a pass without addressing why crimes were committed.
Mobile Ransomware Has Mushroomed: Report
July 8, 2016
The number of mobile ransomware victims across the globe has increased fourfold compared to a year ago, suggests a Kaspersky Lab report. Kaspersky software protected 136,532 users targeted by ransomware from April 2015 to March 2016 -- up from 35,413. "The growth curve may be less than that seen for PC ransomware, but it is still significant enough to confirm a worrying trend," the report notes.
FBI Director Raps Clinton but Recommends No Criminal Action
July 6, 2016
Although an FBI investigation concluded that Hillary Clinton's use of a separate email system during her tenure as Secretary of State may have violated federal law, Director James B. Comey recommended no criminal prosecution. Considered in light of the bureau's actions in similar cases in the past, Comey explained, the facts in the Clinton case do not warrant the filing of criminal charges.
Study: Third-Party Apps Pose Risks for Enterprises
June 23, 2016
Since mobile computing put an end to the good old days when IT departments had absolute control over software deployed in the enterprise, there's been a rise in employees' use of third-party applications -- a rise that poses security risks to corporate environments. That is one of the findings in a report CloudLock released last week.
Google Makes It Easier to Do the 2-Step
June 21, 2016
Google on Monday began rolling out a new two-step authentication feature, Google Prompt, targeting enterprise employees. The new option consists of a pop-up that displays a mobile user's name and profile image, and that specifies the location and device involved in the attempted sign-in. The device owner is asked whether to allow or deny the sign-in.
Russians Hack DNC Servers to Get Goods on Trump
June 15, 2016
Two groups of Russian hackers burrowed into the Democratic National Committee's servers and spent months stealing information on Donald Trump, the Republican Party's presumptive presidential nominee, according to Crowdstrike. The security firm identified "two sophisticated adversaries on the network," noted CTO Dmitri Alperovitch, dubbed "Cozy Bear" and "Fancy Bear."
Snowden and the NSA Gets Curiouser and Curiouser
June 8, 2016
Edward Snowden made a greater effort than originally believed to raise his concerns within the NSA before releasing thousands of classified documents detailing programs that allowed the agency to spy on U.S. citizens. The truth is more complex than the NSA let on, according to a report based on documents secured through two years of Freedom of Information Act litigation.
Yahoo Publishes NSLs Following Freedom Act Reforms
June 6, 2016
Yahoo last week published the text of three National Security Letters it received from the FBI in 2013. The letters demand the names, addresses, length of service, and electronic communications transactional records -- existing transaction and activity logs and all email header information -- of the targets. However, they do not ask for any content -- either the subject lines or bodies of emails.
Banking Trojans Take Backseat to Ransomware
June 4, 2016
The banking trojan -- a type of malware used to steal credentials for bank accounts -- has been a staple of cyberthieves for years. However, ransomware, which has proven both easy to use and highly successful, has started eroding its popularity. In a typical banking trojan attack, a robber mounts a phishing campaign to entice a target to open an attachment or click on a link.
Black Duck's Free Tool Digs Out Open Source Bugs
May 28, 2016
Black Duck Software this week released Security Checker, a free tool based on the company's Hub open source security solution. Security Checker is a drag-and-drop, Web-based tool that allows users to determine if known open source vulnerabilities exist in the components used to build applications. It scans the code in an uploaded archive file or Docker image and provides a report showing known bugs.
Google's Abacus May Count Out Passwords
May 24, 2016
By the end of the year, Android devs will be able to use a trust API from Google's Project Abacus in their apps, Google ATAP Director Dan Kaufman suggested at last week's I/O conference. The API, which will run in the background continually, is aimed at doing away with passwords. It will use a smartphone's sensors to create a cumulative trust score that will authenticate users.
Microsoft Tightens Screws on Terrorists Posting Online
May 23, 2016
Microsoft last week announced plans to crack down on terrorist content, perhaps in response to the Obama administration's intense effort to get Silicon Valley's help in preventing organizations like ISIS from using social media as a recruiting and fundraising tool. Microsoft has amended its terms of use to prohibit the posting of terrorist content on its various platforms.
Vendors Gain Congressional Support on IT Pricing
May 23, 2016
Selling information technology to the U.S. government is never easy, and it's even harder when a vendor cannot highlight the qualitative differences it believes separates its competencies from other providers competing for the same work. Yet a major contracting tool federal agencies use in seeking IT products and services tends to smother those differences in skills and competencies.
See More Articles in Cybersecurity Section >>
Facebook Twitter LinkedIn Google+ RSS
What's your alarm level over cyberattacks on the Internet's infrastructure?
Red: A deadly cyberwar will occur -- It's when, not if.
Orange: A big one could be costly and threaten public safety.
Yellow: We need to improve cybersecurity at a faster pace.
Blue: Regional outages will become more frequent and more annoying.
Green: There's no way anyone could take out the entire Internet.