Welcome Guest | Sign In
Banking Trojans Take Backseat to Ransomware
June 4, 2016
The banking trojan -- a type of malware used to steal credentials for bank accounts -- has been a staple of cyberthieves for years. However, ransomware, which has proven both easy to use and highly successful, has started eroding its popularity. In a typical banking trojan attack, a robber mounts a phishing campaign to entice a target to open an attachment or click on a link.
Black Duck's Free Tool Digs Out Open Source Bugs
May 28, 2016
Black Duck Software this week released Security Checker, a free tool based on the company's Hub open source security solution. Security Checker is a drag-and-drop, Web-based tool that allows users to determine if known open source vulnerabilities exist in the components used to build applications. It scans the code in an uploaded archive file or Docker image and provides a report showing known bugs.
Google's Abacus May Count Out Passwords
May 24, 2016
By the end of the year, Android devs will be able to use a trust API from Google's Project Abacus in their apps, Google ATAP Director Dan Kaufman suggested at last week's I/O conference. The API, which will run in the background continually, is aimed at doing away with passwords. It will use a smartphone's sensors to create a cumulative trust score that will authenticate users.
Microsoft Tightens Screws on Terrorists Posting Online
May 23, 2016
Microsoft last week announced plans to crack down on terrorist content, perhaps in response to the Obama administration's intense effort to get Silicon Valley's help in preventing organizations like ISIS from using social media as a recruiting and fundraising tool. Microsoft has amended its terms of use to prohibit the posting of terrorist content on its various platforms.
Vendors Gain Congressional Support on IT Pricing
May 23, 2016
Selling information technology to the U.S. government is never easy, and it's even harder when a vendor cannot highlight the qualitative differences it believes separates its competencies from other providers competing for the same work. Yet a major contracting tool federal agencies use in seeking IT products and services tends to smother those differences in skills and competencies.
Hacker Hawks 2-Year-Old Cache of 117M LinkedIn User IDs
May 23, 2016
A hacker reportedly has offered to sell the account information of 117 million LinkedIn users, which was stolen in a 2012 hack. The data includes users' email addresses and passwords.The hacker, who goes by the handle "Peace," reportedly offered the data on The Real Deal -- a site on the dark web -- for 5 bitcoins -- about $2,200. LeakedSource last week announced it had more than 167 million stolen records.
Gang Surrenders Key to TeslaCrypt Ransomware Kingdom
May 20, 2016
Eset on Wednesday announced that it has fashioned a free tool that victims of all variants of the TeslaCrypt ransomware can use to unlock affected files. After the criminal gang behind TeslaCrypt recently abandoned support of the malicious software, an Eset analyst contacted the group anonymously, using the channel offered to ransomware victims, and asked for the universal master decryption key.
Flaw Puts a Billion Wireless Mice at Risk
May 20, 2016
Wireless mice and keyboards are the perfect accessories for a world in which devices increasingly are shuffling off their connection coils, but those accessories -- especially untethered rodents -- also can create new threats for those who use them. One such threat is Mousejack. The attack exploits a vulnerability found in 80 percent of wireless mice.
China Subjects Tech Imports to Heavy Security Scrutiny
May 19, 2016
China reportedly is investigating the encryption and data storage features of technology products sold there by large foreign companies such as Apple to determine whether the products pose a security threat. A committee associated with the Cyberspace Administration of China reportedly is conducting reviews that include interviews of company executives and other employees.
Google to Dim Flash Player in Chrome Browser
May 17, 2016
Google last week announced that it would minimize use of Adobe's Flash Player in its Chrome Web browser by the end of the year by turning off its default status. When Chrome encounters a Web page, it will report the presence of Flash Player only if a user has indicated that the domain should execute Flash or if the site is in one of the top 10 domains using Flash, ‎Google's Anthony LaForge said.
Docker Ramps Up Container Security
May 13, 2016
Docker this week announced the rollout of security scanning technology to safeguard container content across the entire software supply chain. Docker Security Scanning is an opt-in service for Docker Cloud private repository plans. It provides a security assessment of the software included in container images. It enables detailed image security profiles.
Data Breaches Chip Away at IT Pros' Confidence in Security
May 12, 2016
The daily barrage of data breach news appears to be eroding confidence in security solutions. Fifty percent of IT pros aren't confident about the ability of their security measures to protect their data, according to a survey released last week by Barkly. The high percentage of IT pros with doubts about their security systems caught Barkly CTO Jack Danahy off-guard.
Reddit Tech Forum May Ban Sites That Circumvent Ad Blockers
May 11, 2016
A forum on Reddit, /r/ Technology, on Monday announced it was considering blocking links to websites that require visitors to turn off their ad blockers before viewing content on the site. "It has come to our attention that many websites such as Forbes and Wired are now requiring users to disable ad blockers to view content," said creq, the moderator of the site. "We see this as a security risk."
Feds to Take a Hard Look at Mobile Device Patch Practices
May 11, 2016
The U.S. Federal Trade Commission and the Federal Communications Commission on Monday announced a joint investigation into the issue of mobile device security updates. The FTC issued an order requiring Apple, BlackBerry, Google, HTC America, LG Electronics USA, Microsoft, Motorola Mobility and Samsung Electronics America to provide information about how they issue security updates.
IBM to Drill Watson in Cybersecurity
May 11, 2016
IBM on Tuesday announced Watson for Cyber Security, a cloud-based version of its AI technology, trained in cybersecurity as part of a year-long research project. IBM will collaborate with eight universities with renowned cybersecurity programs, including MIT and the University of Waterloo in Canada. The universities' students will provide the data for Watson.
Report: Companies in the Dark About Their Open Source Risk Exposure
May 10, 2016
Commercial software is full of security vulnerabilities from unpatched open source components developers use, according to a report Black Duck Software issued last week. Software companies misjudge how much open source code their commercial products contain, according to the report, which is based on an analysis of 200 applications researchers viewed over the previous six months.
ISIS Cyberthreat: Puny but Gaining Power
May 5, 2016
The Islamic State group's cyberwar capabilities are unsophisticated, but they won't be that way for long. That was the conclusion of a 25-page report released last week by Flashpoint. The report, "Hacking for ISIS: The Emergent Cyber Threat Landscape," found that the Islamic State's "overall capabilities are neither advanced nor do they demonstrate sophisticated targeting."
Russian 'Collector' Sells Stolen Email Credentials for a Song
May 5, 2016
A hacker dubbed "The Collector" turned over 272 million stolen email credentials in his possession, Hold Security announced Wednesday. The hacker bragged online about the stash, which included usernames and passwords, the firm said. It got a copy of the data -- which the hacker was peddling for 50 rubles, or less than US$1 -- after giving him a shout-out in the forum.
Researchers Hijack Samsung's SmartThings IoT System
May 4, 2016
Researchers at the University of Michigan on Monday announced they had uncovered a series of vulnerabilities in the Samsung SmartThings home automation system that essentially could have allowed hackers to take control of various functions and break into a user's home. The researchers, working with Microsoft, were able to perform four proof-of-concept attacks.
Cybersecurity Goals to Guide Federal Software Spending
May 4, 2016
The U.S. government is on track to significantly boost spending on cybersecurity solutions. However, evolving requirements to greatly improve federal protection of information technology resources will shape that spending. In fact, federal cyberprotection goals should be augmented and significantly modified, according to recent studies of the federal market.
Supreme Court Grants Federal Agents Broader Surveillance Authority
May 3, 2016
The U.S. Supreme Court has approved a series of amendments to the federal rules of criminal procedure that would let judges issue search warrants for computers located outside their jurisdiction. Chief Justice John Roberts announced the changes in the Court's interpretation of the rules. They would allow a judge to issue warrants to search for electronic evidence at remote sites, for example.
BlockIQ Escalates War on Ad Blockers
April 28, 2016
As consumers turn to ad blockers to avoid advertising on their mobile and computer screens, marketers and content providers who depend on pitches to pay the bills are searching frantically for ways to counter the pesky programs. BlockIQ offers them one. BlockIQ, owned by AdSupply, which recently merged with Adaptive Medias, has launched BlockBypass.
FBI Says Its Hands Are Tied on Revealing iPhone Crack Details
April 28, 2016
The FBI on Wednesday confirmed its decision not to inform Apple of how it hacked into the encrypted iPhone used in last December's San Bernardino terrorist attack. The bureau was investigating the possibility that deceased shooters Syed Farook, who used the iPhone, and his wife may have had links to other terrorist plots. It also was searching for evidence tying the two to ISIS.
IT Execs Join Federal Cybersecurity Panel
April 28, 2016
Key components of the Obama administration's multipronged cybersecurity initiative keep falling into place. One of the most recent developments was the formation of a federal Commission on Enhancing National Cybersecurity. Another was the formal introduction in Congress of the administration's information technology investment plan, which is heavily tilted toward cybersecurity protection.
Pentagon to Open New Cyberfront in War Against ISIS
April 27, 2016
The Obama administration reportedly has authorized a new online campaign in its slow, grinding war against ISIS. The Pentagon's Cyber Command will target ISIS in a way that essentially will get inside the heads of terrorist commanders to disrupt their military operations. The plan amounts to dropping cyberbombs on the enemy, said Deputy Secretary of Defense Robert O. Work.
New Attack Technique Hides Spread of RATs in Asia
April 27, 2016
SentinelOne last week announced that it has detected a technique being used in Asia to infect systems with remote access Trojans that ensures that the payload remains in memory throughout its execution and doesn't touch the victim's computer disk in an unencrypted state. Attackers remain hidden from antivirus and next-generation technologies that focus only on file-based threats.
White Hat Finds Security Threats on Facebook's Corporate Net
April 26, 2016
A white hat hacker last week announced the discovery of more than a half-dozen security flaws in some software Facebook used on its corporate network. While performing penetration testing third-party software in a network appliance Facebook used, Orange Tsai discovered seven vulnerabilities that attackers could use to compromise a system, as well as a backdoor script left by someone else.
Treasury Department Examines Internet's Impact on Finance System
April 25, 2016
Information technology -- especially the Internet -- can have a positive impact on the U.S. financial system. Used improperly, however, such tools can wreak havoc on the financial sector and consumers. The Office of the Comptroller of the Currency, a unit of the U.S. Department of the Treasury, has launched an initiative on the future of e-commerce finance in light of technology innovation.
With Latest Opera Browser, Everybody Gets Free VPN
April 22, 2016
Opera on Wednesday announced that it would add a free VPN service to the latest version of its browser. VPNs, or virtual private networks, add an extra level of security for Web surfers. Companies use them to provide secure communications for employees remotely accessing office systems, and consumers use them to block unwanted snooping on their online activity.
Sports Fans and Social Media, Part 2: Perils, Pitfalls and Best Practices
April 22, 2016
This fall will see a 10-game pilot of professional football streamed on social media -- Twitter, to be specific. It's a continuation of the NFL's search for gold in the veins of digital broadcasting and an opportunity for sports brands to forge new and deeper relations with fans. For teams looking to bolster their brands, social networks have evolved into a critical channel.
See More Articles in Cybersecurity Section >>
Facebook Twitter LinkedIn Google+ RSS
What's your alarm level over cyberattacks on the Internet's infrastructure?
Red: A deadly cyberwar will occur -- It's when, not if.
Orange: A big one could be costly and threaten public safety.
Yellow: We need to improve cybersecurity at a faster pace.
Blue: Regional outages will become more frequent and more annoying.
Green: There's no way anyone could take out the entire Internet.