Welcome Guest | Sign In
TechNewsWorld.com
Don't Let the Next Catastrophic Phishing Scandal End Your Career
March 27, 2017
What I think is amazing about all of the massive data breaches we hear about is that we know most are not reported. For every email, customer record, or financial theft in the news, there likely are hundreds that remain in the shadows. Yet another incident came to light last week. A clever Lithuanian individual was able to pull a whopping $100 million from a bunch of unnamed Internet companies.
WikiLeaks Exposes CIA's Device Surveillance Tricks
March 23, 2017
WikiLeaks has released more Vault 7 documentation online, including details about several CIA projects to infect Apple's Mac computer firmware and operating system. The site unloaded its first batch of stolen Vault 7 data earlier this month. The CIA's Embedded Development Branch developed malware that could persist even if the targeted computer were reformatted and its OS were reinstalled.
IBM Launches Enterprise-Strength Blockchain as a Service
March 20, 2017
IBM has unveiled the first enterprise-ready Blockchain as a Service offering based on The Linux Foundation's open source Hyperledger Fabric. IBM Blockchain, which lets developers quickly establish highly secure blockchain networks on the IBM cloud, is a transformative step in being able to deploy high-speed, secure business transactions through the network on a large scale, the company said.
Intelligence-Driven Supply Chain Resilience
March 20, 2017
Information security practices are undergoing a transformation. For at least a decade, environments have been becoming less perimeter-centric: Gone are the good old days when in-line controls protected the trusted, safe interior from the "wild west" of the outside. As environments become more complex and externalized, the traditional "perimeter" loses meaning.
Dun & Bradstreet Marketing Database Exposed
March 17, 2017
A Dun & Bradstreet database, 52 GB in size and containing more than 33.6 million records with very specific details, has been exposed. Cybersecurity researcher Troy Hunt, who received it for study, on Wednesday confirmed that the records already were organized and developed as if intended for distribution to a potential client. The database apparently was compiled for the use of marketers.
US Charges 2 Russian Intel Agents, 2 Hackers in Yahoo Case
March 16, 2017
The Justice Department has announced charges against four individuals, including two officers of Russia's FSB, for carrying out a massive cyberbreach that affected about 500 million Yahoo account holders. A federal grand jury in Northern California charged the defendants -- the FSB officials and two Russian cybercriminals -- with using stolen data to gain illegal access to numerous accounts.
Federal Agencies Mirror Commercial Websites for Encryption
March 15, 2017
Private and public sector organizations share a common goal in hosting Internet websites: making sure that connections with customers and citizens are secure. However, complete security is not yet universal in either sector. Google and Mozilla, for example, are among many entities promoting Internet security via the adoption of HTTPS versus the basic and less secure HTTP technology.
Tech Companies Weigh Responses to WikiLeaks Exposure
March 11, 2017
Following WikiLeaks' publication earlier this week of classified documents stolen from the CIA, major technology companies, including Apple, Samsung, Microsoft and Cisco, have been scrambling to assess the risks posed to their customers by the revelations. The so-called "Vault 7" leak includes information about methods and tools the CIA crafted to hack into products produced by those companies.
Online Trust Alliance Launches IoT Security Campaign
March 8, 2017
The Online Trust Alliance is calling on businesses, consumers and government to share responsibility for ensuring that Internet of Things devices are not weaponized, outlining actions that businesses, consumers and government can take to ensure the security and privacy of IoT devices. It calls for a campaign to have retailers and consumers reject IoT products that pose a security threat.
Time to Get Serious About IoT Cybersecurity
March 2, 2017
Both companies and individuals will have incredible opportunities ahead with the Internet of Things. IoT is starting to combine with AI, cloud-based services, and many other new segments, creating a very fertile growing field. However, it also poses a growing threat for security. A secure IoT framework does not yet exist. That's where the new IoT Cybersecurity Alliance comes into play.
Cloudflare Nips Cloudbleed Bug in the Bud
March 1, 2017
Cloudflare has fixed the Cloudbleed software bug responsible for a buffer overrun problem that caused its edge servers to return private information in response to some HTTP requests. That private information included HTTP cookies, authentication tokens and HTTP POST bodies. However, SSL private keys weren't leaked, said Cloudflare CTO John Graham-Cumming in an online post.
Google Cracks Key Security Code, Calls for New Standard
February 24, 2017
Google on Thursday announced that its two years of collaboration with CWI resulted in the launch of a successful attack against the SHA-1 cryptographic algorithm, a widely used standard protocol used to protect sensitive data in millions of computers. The breakthrough research hows that the industry needs to send the SHA-1 standard into retirement, Google said.
Microsoft Seeks Global Cybersecurity Accord
February 18, 2017
Microsoft has called on governments around the world to create a "digital Geneva Convention" as a way to normalize international cybersecurity rules and protect civilian use of the Internet. President Brad Smith, who is also Microsoft's chief legal officer, addressed the issue at the annual RSA conference held earlier this week, saying that governments need to establish international rules.
Capsule8 Launches Linux-Based Container Security Platform
February 11, 2017
Cybersecurity startup Capsule8 this week announced that it has raised $2.5 million to launch the industry's first container-aware, real-time threat protection platform designed to protect legacy and next-generation Linux infrastructures from existing and potential attacks. CEO John Viega, CTO Dino Dai Zovi and Chief Scientist Brandon Edwards, all veteran hackers, cofounded the firm.
The Old Man and the Tsunami: A Security Story
January 23, 2017
There's a folk-story that all Japanese schoolchildren learn about an old man who lives in a village by the sea. One day, an earthquake hits. He's the only person in the village to realize that a tsunami will soon follow. He hurries to the nearby mountainside where the rice for the village is grown and sets the entire harvest aflame. All of the villagers race to the mountainside to deal with the conflagration -- their rice is their most precious resource.
Yahoo and the Year of Living Dangerously
January 20, 2017
If there is a lesson to be drawn from Internet search giant Yahoo's hellish past year, it is a grimly illustrative one: Never assume a cybersecurity disaster can't get worse. Last September, the Internet portal disclosed that it had suffered the most damaging and far-reaching data breach in history -- only to then announce in December the discovery of a second, earlier, and even larger hack.
Microsoft Hardens Latest Windows Version Against Hackers
January 17, 2017
Microsoft has fortified the latest version of Windows to make it more secure than previous editions, but the strongest protections will be available only to those willing to pay a steep price for them. Windows 10 Anniversary Update has introduced many mitigation techniques in core Windows components and the Microsoft Edge browser, researchers Matt Oh and Elia Florio wrote in a blog post last week.
US Pushes Cybersecurity Acquisition Tools as Contracts Flow
January 16, 2017
Vendors of cybersecurity offerings are finding that the U.S. government is serious about improving the protection of federal IT assets. A steady stream of data protection contracts has been flowing to providers, including some notable high-value transactions during the last half of 2016. One example is a Department of Homeland Security contract, with a potential value of $395 million.
Las Vegas Captures Ransomware Crown
January 7, 2017
Las Vegas is arguably the gambling capital of the world, but it's also the king city for ransomware, based on recent research. Among the world's nations, the United States ranked highest in ransomware incidents, according to a Malwarebytes report on the prevalence and distribution of extortion apps. The area of the country that logged the most incidents was the Las Vegas-Henderson, Nevada, region.
2017: More Apple Security Flaws, Cyberattacks, Hacktivisim
December 28, 2016
More security vulnerabilities will appear in the software of Adobe and Apple than in Microsoft's, more attacks on the Internet's infrastructure will occur, and cybersecurity events will stoke international tensions. Those are a few of the predictions for 2017 that security experts have made. Signs of hackers' increased interest in Adobe and Apple started appearing in 2016, Trend Micro noted.
Yahoo Suffers Major Data Breach Deja Vu
December 16, 2016
Yahoo has revealed that Net bandits stole data associated with 1 billion of its user accounts -- one of the largest data breaches in Internet history. The theft, which occurred in 2013, is distinct from the theft disclosed earlier this fall, in which 500 million accounts were compromised, Yahoo CISO Bob Lord explained. Stolen data may include names, email addresses, telephone numbers and more.
Ransomware Fighters Get New Free Tool
December 7, 2016
Ransomware has become a gold mine for digital criminals. In the first three months of this year, electronic extortionists squeezed $209 million from victims desperate to recover their data after it was scrambled by the malicious software, based on FBI estimates. At that rate, ransomware could funnel as much as $1 billion into criminal coffers this year.
Multinational Effort Halts Malware Avalanche
December 6, 2016
The DoJ on Monday released new details about the multinational takedown of Avalanche, a multimillion-dollar malware and money-laundering network, following a four-year probe led by German police and prosecutors. Assistant Attorney General Leslie R. Caldwell, Acting U.S. Attorney Soo C. Song and Assistant Director Scott S. Smith of the FBI's Cyber Division made the announcement in Pittsburgh.
China's Business-Unfriendly Cybersecurity Stance
November 30, 2016
China's parliament earlier this month passed a law aimed at addressing the country's concerns about hacking and terrorism, which has spiked concerns among foreign businesses and human rights advocates. One interpretation of the new law is that it only codifies China's existing cybersecurity practices. However, 46 global business groups across a variety of industries didn't see it that way.
Feds Need to Bolster Cyberprotection Speed and Range
November 29, 2016
Providing cybersecurity adequate to meet increasing threats is a perpetual catch-up process. Public sector agencies are particularly sensitive targets, with high visibility not only to the citizens they serve, but also to cyberattackers. A recent survey uncovered both a lack of speed in detecting and responding to attacks, and weak defenses of the full range of possible attack channels.
$5 PoisonTap Tool Easily Breaks Into Locked PCs
November 25, 2016
Proving once again that you can do a lot of damage with a little investment and a lot of ingenuity, security researcher Samy Kamkar recently managed to take down a locked, password-protected computer using a $5 Raspberry Pi. The low-tech cookie-siphoning intrusion is one of Kamkar's simplest hacks ever. He previously has unlocked car doors, garages, wireless remote cameras and other devices.
Russia's Fancy Bear Attacks Microsoft, Adobe as Election Nears
November 4, 2016
Microsoft earlier this week said it had fallen victim to "Strontium," its code name for the Russian hacking group also known as "Fancy Bear," which has been linked to recent attacks on Democratic Party systems. The group launched a spear phishing attack that targeted vulnerabilities in both the Windows operating system and Adobe Flash, according to Microsoft EVP Terry Myerson.
Antique Kernel Flaw Opens Door to New Dirty Cow Exploit
October 25, 2016
A Linux security vulnerability first discovered more than a decade ago once again poses a threat, Red Hat warned last week, as an exploit that could allow attackers to gain enhanced privileges on affected computers has turned up in the wild. Users need to take steps to patch their systems to prevent the exploit, known as "Dirty Cow," from granting access to unprivileged attackers.
What Should be on the Next President's Cyberagenda?
October 14, 2016
When the new president takes up residence at 1600 Pennsylvania Ave., cybersecurity will be on the shortlist for action. TechNewsWorld asked more than a dozen experts what should be at the top of the new leader of the free world's cyberagenda. Following are some of their responses. "The president has to set the tone early on cybersecurity within the first 100 days," said Cybereason's Sam Curry.
Odinaff Trojan Targets Banks, Financial Firms Worldwide
October 12, 2016
Symantec on Tuesday reported on a malware campaign that has targeted financial organizations worldwide for the past 10 months. Dubbed "Trojan.Odinaff," it has infiltrated the banking, securities, trading and payroll sectors, as well as organizations that provide them with support services. Odinaff is used in the first stage of an attack, to get a foothold into a network.
See More Articles in Enterprise Security Section >>
Facebook Twitter LinkedIn Google+ RSS
How do you feel about flying on a pilotless plane?
No way -- if there's a screw-up, you can't just jump out.
I'd do it -- flights are pretty much entirely automated anyway.
I'm skeptical but open minded, especially if fares would be much less.
I would try it if there were *someone* on board to take over in a pinch.
It's the wave of the future -- I'm resigned to it.