Welcome Guest | Sign In
TechNewsWorld.com
Don't Let the Next Catastrophic Phishing Scandal End Your Career
March 27, 2017
What I think is amazing about all of the massive data breaches we hear about is that we know most are not reported. For every email, customer record, or financial theft in the news, there likely are hundreds that remain in the shadows. Yet another incident came to light last week. A clever Lithuanian individual was able to pull a whopping $100 million from a bunch of unnamed Internet companies.
Consumer Advocates Bemoan Senate Vote to Lift ISP Privacy Restrictions
March 25, 2017
Privacy advocates and consumer groups are fighting back against the U.S. Senate's Thursday vote to undo privacy restrictions on Internet service providers. In a 50-48 party line vote, the Senate approved the Congressional Review Act, S.J. Res. 34. If the House of Representatives gives it the green light, it then will go to the president to be signed into law.
Group Demands Apple Pay Ransom for iCloud Credentials
March 24, 2017
Apple has received a ransom threat from a hacking group claiming to have access to data for up to 800 million iCloud accounts. The hackers, said to be a group called the "Turkish Crime Family," have threatened to reset passwords and remotely wipe the iPhones of millions of iCloud users if Apple fails to hand over a total of $700,000. They have given the company an ultimatum to respond by April 7.
WikiLeaks Exposes CIA's Device Surveillance Tricks
March 23, 2017
WikiLeaks has released more Vault 7 documentation online, including details about several CIA projects to infect Apple's Mac computer firmware and operating system. The site unloaded its first batch of stolen Vault 7 data earlier this month. The CIA's Embedded Development Branch developed malware that could persist even if the targeted computer were reformatted and its OS were reinstalled.
IBM Launches Enterprise-Strength Blockchain as a Service
March 20, 2017
IBM has unveiled the first enterprise-ready Blockchain as a Service offering based on The Linux Foundation's open source Hyperledger Fabric. IBM Blockchain, which lets developers quickly establish highly secure blockchain networks on the IBM cloud, is a transformative step in being able to deploy high-speed, secure business transactions through the network on a large scale, the company said.
Intelligence-Driven Supply Chain Resilience
March 20, 2017
Information security practices are undergoing a transformation. For at least a decade, environments have been becoming less perimeter-centric: Gone are the good old days when in-line controls protected the trusted, safe interior from the "wild west" of the outside. As environments become more complex and externalized, the traditional "perimeter" loses meaning.
Dun & Bradstreet Marketing Database Exposed
March 17, 2017
A Dun & Bradstreet database, 52 GB in size and containing more than 33.6 million records with very specific details, has been exposed. Cybersecurity researcher Troy Hunt, who received it for study, on Wednesday confirmed that the records already were organized and developed as if intended for distribution to a potential client. The database apparently was compiled for the use of marketers.
Crafty Phishing Technique Can Trick Even Tech-Savvy Gmail Users
March 17, 2017
Gmail users recently have been targeted by a sophisticated series of phishing attacks that use emails from a known contact. The emails contain an image of an attachment that appears to be legitimate, according to Wordfence. The sophisticated attack displays "accounts.gmail.com" in the browser's location bar and leads users to what appears to be a legitimate Google sign-in page.
Pro-Turkey Hackers Hit Prominent Twitter Accounts
March 16, 2017
Hundreds, if not thousands, of Twitter users, many of them high-profile, were hacked Tuesday by someone who appeared to support Turkey in its diplomatic row with the Netherlands. Their accounts displayed a Swastika -- reversed to face to the right -- as well as the Turkish flag and hashtags to the Nazialmanya and Nazihollanda accounts, which displayed comments on the attack.
US Charges 2 Russian Intel Agents, 2 Hackers in Yahoo Case
March 16, 2017
The Justice Department has announced charges against four individuals, including two officers of Russia's FSB, for carrying out a massive cyberbreach that affected about 500 million Yahoo account holders. A federal grand jury in Northern California charged the defendants -- the FSB officials and two Russian cybercriminals -- with using stolen data to gain illegal access to numerous accounts.
Federal Agencies Mirror Commercial Websites for Encryption
March 15, 2017
Private and public sector organizations share a common goal in hosting Internet websites: making sure that connections with customers and citizens are secure. However, complete security is not yet universal in either sector. Google and Mozilla, for example, are among many entities promoting Internet security via the adoption of HTTPS versus the basic and less secure HTTP technology.
Facebook Gets Tough on Spy Apps
March 15, 2017
Facebook has updated its Facebook and Instagram policies to prohibit developers from using data obtained from those platforms in surveillance tools, according to Rob Sherman, deputy chief privacy officer. Facebook already has taken enforcement actions against devs who created and marketed surveillance tools in violation of the company's previous policy, he noted.
Malware Found Preinstalled on Dozens of Android Phones
March 13, 2017
Malware has been discovered preinstalled on 36 Android phones belonging to two companies, security software maker Check Point reported. "In all instances, the malware was not downloaded to the device as a result of the users' use -- it arrived with it," noted Oren Koriat, a member of Check Point's Mobile Research Team. The malicious apps were added somewhere along the supply chain.
Donald Trump Should Channel Steve Jobs on Security
March 13, 2017
We saw yet another government breach last week, and more secrets went out to WikiLeaks. I'm of a mixed mind on this one, because the CIA tools disclosed likely were emulated by others, and WikiLeaks is helping consumer technology companies ensure they no longer work. I don't know about you, but I really don't want any organization spying on me -- not even my own government.
Tech Companies Weigh Responses to WikiLeaks Exposure
March 11, 2017
Following WikiLeaks' publication earlier this week of classified documents stolen from the CIA, major technology companies, including Apple, Samsung, Microsoft and Cisco, have been scrambling to assess the risks posed to their customers by the revelations. The so-called "Vault 7" leak includes information about methods and tools the CIA crafted to hack into products produced by those companies.
Online Trust Alliance Launches IoT Security Campaign
March 8, 2017
The Online Trust Alliance is calling on businesses, consumers and government to share responsibility for ensuring that Internet of Things devices are not weaponized, outlining actions that businesses, consumers and government can take to ensure the security and privacy of IoT devices. It calls for a campaign to have retailers and consumers reject IoT products that pose a security threat.
WikiLeaks Dumps CIA Hacking Docs Online
March 8, 2017
WikiLeaks on Tuesday dumped thousands of classified documents onto the Internet, exposing hacking programs used by the CIA. The torrent of data is just the first in a series of dumps WikLeaks is calling "Vault 7." This first installment includes 8,761 documents and files stolen from an isolated high-security network within the CIA's Center for Cyber Intelligence in Langley, Virginia.
IBM's Quantum Leap Could Redefine 'Magic'
March 6, 2017
No, I'm not talking about that Quantum Leap. IBM just made a really interesting announcement in that it is enhancing its online quantum computer systems with a new API and improving its simulator so it can handle 20 qubits. Listening to the prebriefing was a bit like pretending I was Penny trying to understand Sheldon Cooper on Big Bang Theory.
Google Invites Open Source Devs to Give E2EMail Encryption a Go
March 4, 2017
Google has released its E2EMail encryption code to open source as a way of pushing development of the technology. "Google has been criticized over the amount of time and seeming lack of progress it has made in E2EMail encryption, so open sourcing the code could help the project proceed more quickly," said Charles King, principal analyst at Pund-IT. That will not stop critics, though, he added.
FCC Reverses Course on Internet Privacy Rules
March 2, 2017
The Federal Communications Commission and the Federal Trade Commission on Tuesday issued a joint statement following the FCC's temporary stay of data security regulations. FCC Chairman Ajit Pai and FTC Acting Chairman Maureen K. Ohlhausen issued the statement to address the FCC's decision, in essence, to overturn rules designed to bolster broadband consumer privacy.
Time to Get Serious About IoT Cybersecurity
March 2, 2017
Both companies and individuals will have incredible opportunities ahead with the Internet of Things. IoT is starting to combine with AI, cloud-based services, and many other new segments, creating a very fertile growing field. However, it also poses a growing threat for security. A secure IoT framework does not yet exist. That's where the new IoT Cybersecurity Alliance comes into play.
Twitter Adds Heft to Anti-Harassment Toolbox
March 2, 2017
Twitter on Wednesday announced that over the next few months it will roll out changes designed to increase the safety of users, including the following: Its algorithms will help identify accounts as they engage in abusive behavior, so the burden no longer will be on victims to report it; and users will be able to restrict their tweets to followers for a set amount of time.
Cloudflare Nips Cloudbleed Bug in the Bud
March 1, 2017
Cloudflare has fixed the Cloudbleed software bug responsible for a buffer overrun problem that caused its edge servers to return private information in response to some HTTP requests. That private information included HTTP cookies, authentication tokens and HTTP POST bodies. However, SSL private keys weren't leaked, said Cloudflare CTO John Graham-Cumming in an online post.
Google Cracks Key Security Code, Calls for New Standard
February 24, 2017
Google on Thursday announced that its two years of collaboration with CWI resulted in the launch of a successful attack against the SHA-1 cryptographic algorithm, a widely used standard protocol used to protect sensitive data in millions of computers. The breakthrough research hows that the industry needs to send the SHA-1 standard into retirement, Google said.
What a Linux Desktop Does Better
February 23, 2017
After I resolved to adopt Linux, my confidence grew slowly but surely. Security-oriented considerations were compelling enough to convince me to switch, but I soon discovered many more advantages to the Linux desktop. For those still unsure about making the transition, or those who have done so but may not know everything their system can do, I'll showcase here some of the Linux desktop's advantages.
Verizon Cuts Better Deal for Breach-Battered Yahoo
February 21, 2017
Verizon and Yahoo on Tuesday announced new terms for the acquisition deal they inked last summer. Verizon will pay $350 million less than the original contract price, which places the new value of the deal at $4.48 billion. Yahoo will be responsible for 50 percent of any breach-related cash liabilities incurred as a result of non-SEC government investigations and third-party litigation, under the new agreement.
Microsoft Seeks Global Cybersecurity Accord
February 18, 2017
Microsoft has called on governments around the world to create a "digital Geneva Convention" as a way to normalize international cybersecurity rules and protect civilian use of the Internet. President Brad Smith, who is also Microsoft's chief legal officer, addressed the issue at the annual RSA conference held earlier this week, saying that governments need to establish international rules.
Trump's Not the Only One With a Phone Security Problem
February 17, 2017
Is your Android phone secure? President Donald Trump's favorite smartphone reportedly is an older Android device. Security concerns flared recently, following indications that he sent some tweets from it. Of course, the president has been given a special secure device, but it's not clear whether he is using it. My question is, if the president is not secure using an ordinary phone for his primary wireless communications... are any of us?
FTC's Lawsuit Should Make You Feel Very Insecure About the IoT
February 14, 2017
Even though D-Link expressly promised that many of its wireless devices had the highest level of security available, the FTC last month filed a lawsuit that alleges otherwise. The FTC filing includes copies of online marketing materials and technical specifications for D-Link's products, and flatly declares that "thousands of Defendants' routers and cameras have been vulnerable to attacks."
Capsule8 Launches Linux-Based Container Security Platform
February 11, 2017
Cybersecurity startup Capsule8 this week announced that it has raised $2.5 million to launch the industry's first container-aware, real-time threat protection platform designed to protect legacy and next-generation Linux infrastructures from existing and potential attacks. CEO John Viega, CTO Dino Dai Zovi and Chief Scientist Brandon Edwards, all veteran hackers, cofounded the firm.
See More Articles in Security Section >>
Facebook Twitter LinkedIn Google+ RSS
What's your reaction to the Turkish Crime Family's claim that it can access hundreds of millions of iCloud accounts?
I'm very worried -- I take all cyberthreats seriously.
I'm feeling secure -- I changed my password and set up 2FA.
I'm angry -- companies need to be more responsible.
I'm not at all concerned -- I trust Apple.
I'm resigned -- I expect to be breached at some point.
I don't care much -- the world has bigger problems.