Subscribe: A Security Port Blog
Added By: Feedage Forager Feedage Grade B rated
Language: English
attacks  companies  company  cyber security  cyber  cybersecurity  data  hackers  information  new  people  security  time 
Rate this Feed
Rate this feedRate this feedRate this feedRate this feedRate this feed
Rate this feed 1 starRate this feed 2 starRate this feed 3 starRate this feed 4 starRate this feed 5 star

Comments (0)

Feed Details and Statistics Feed Statistics
Preview: A Security Port Blog

A Security Port Blog

Security related news, security information, virus warnings, alerts and security tips posted daily.

Published: Wed, 19 Sep 2007 01:00:00 -0400

Last Build Date: Sun, 28 Jan 2018 10:25:34 -0500


Artificial intelligence and cybersecurity: The real deal

Wed, 7 Mar 2018 09:00:52 -0500

If you want to understand what’s happening with artificial intelligence (AI) and cybersecurity, look no further than this week’s news.

On Monday, Palo Alto Networks introduced Magnifier, a behavioral analytics solution that uses structured and unstructured machine learning to model network behavior and improve threat detection. Additionally, Google’s parent company, Alphabet, announced Chronicle, a cybersecurity intelligence platform that throws massive amounts of storage, processing power, and advanced analytics at cybersecurity data to accelerate the search and discovery of needles in a rapidly growing haystack.

So, cybersecurity suppliers are innovating to bring AI-based cybersecurity products to market in a big way. OK, but is there demand for these types of advanced analytics products and services? Yes. According to ESG research, 12 percent of enterprise organizations have already deployed AI-based security analytics extensively, and 27 percent have deployed AI-based security analytics on a limited basis. These implementation trends will only gain momentum in 2018.

Cybersecurity spending priorities not keeping pace with emerging tech

Mon, 5 Feb 2018 09:00:00 -0500

Cyberattacks – they never stop. Lately, SamSam ransomware attacks have steadily increased across all industries, including healthcare. Just last week two Indiana hospitals were hit, and Allscripts hosted EHR was hobbled for days. Then there are Spectre and Meltdown, chip vulnerabilities that could wreak havoc on healthcare cybersecurity, potentially affecting personally identifiable information leakage and medical device security problems.

But EHRs and computer chips are basic technologies at the point. Even more transformative emerging tech are shaping the way industries including healthcare do business, according to a new study from cybersecurity vendor Thales, which found that 94 percent of organizations have sensitive data in cloud, big data, internet of things, blockchain and/or mobile environments.

Baby boomers more cybersecurity savvy than Gen-Z, study

Fri, 2 Mar 2018 09:00:00 -0500

Generation Z are the least ransomware savvy generation while baby boomers were more likely to accurately define ransomware and were the savviest when it comes to not forwarding emails from unknown senders.

A recent Webroot survey found 23.7 percent of Gen-Z were able to accurately define ransomware compared to 47.6 percent of baby boomers. Baby boomers were also the least likely to spread malware and other cyber threats as 94.2 percent said they had not forwarded emails from unknown senders within the past year.

Millennials fared in between the two with only 34.2 percent accurately defining ransomware. The study also found the selfie generation were most concerned about losing personal photos in a cyberattack were millennials as they comprise 28.9 percent of respondents afraid of a photo leak.

7 cybersecurity trends to watch out for in 2018

Wed, 28 Feb 2018 09:00:10 -0500

1. AI-powered attacks
2. More sandbox-evading malware
3. Ransomware and IoT
4. Many companies will fail to comply with the GDPR
5. Emerging standards for multi-factor authentication
6. The adoption of more sophisticated security technologies
7. A rise of state-sponsored attacks

The Five Laws Of Cybersecurity

Mon, 26 Feb 2018 09:00:54 -0500

Law No. 1: If There Is A Vulnerability, It Will Be Exploited

Law No. 2: Everything Is Vulnerable In Some Way

Law No. 3: Humans Trust Even When They Should Not

Law No. 4: With Innovation Comes Opportunity For Exploitation

Law No. 5: When In Doubt, See Law No. 1

Car cyber-security still sucks

Fri, 23 Feb 2018 09:00:28 -0500

In 2015, infosec gurus Charlie Miller and Chris Valasek demonstrated that they could take over and turn off a jeep from afar as it was being driven, a feat that magnified interest in car hacking.

Their wireless attack was conducted on an active vehicle. But it turns out the engine doesn't have to be running. This is separate from hacks that unlock doors wirelessly – we're talking about commandeering the engine control system potentially over the air, here.

Code boffins from the University of Michigan, in the US, have demonstrated that cars with Electronic Control Units (ECUs), common in recent model vehicles, can be compromised when the engine is off.

Why Are So Few Women in Cybersecurity?

Wed, 21 Feb 2018 09:00:11 -0500

Allison Anne Williams has a Ph.D. in mathematics, vast experience at the den of wizards known as the National Security Agency and entrepreneurial chops. She is accomplished and smart.

So what happened to her at a recent business meeting left her dismayed, although it is far from uncommon for women in cybersecurity.

Males hold 3 out of 4 jobs in the tech world, but it is in cybersecurity where the lack of participation of women is most acute. By one reckoning, only 14 percent of the U.S. workforce in cybersecurity is female. Those women that do break into the industry talk of glass ceilings, insensitivity in the workplace, a lack of mentors and popular culture that reinforces the image of male tech workers.

The gender imbalance has potential consequences for the nations security. The United States already suffers a shortage of cybersecurity workers, even as global hacking threats grow more acute. The labor shortage is forecast to worsen. A study last year by Frost & Sullivan, a consulting firm, found that North America will face a shortage of 265,000 cybersecurity workers by 2022.

How to stop your digital fortune from going up in smoke

Mon, 19 Feb 2018 09:00:00 -0500

Hackers are targeting cryptocurrencies.
More than 3 million bitcoins have been lost — maybe forever.

In the last few weeks, hundreds of frantic people have called into McCann Investigations in Houston, Texas. Some have lost their cryptocurrencies. Others had them stolen.

Wallet Recovery Services, which helps people find their lost cryptocurrencies, warns web site visitors to expect a slow response time due to its high volume of new requests.

Intel data center sales surge, warns of potential security flaw fallout

Fri, 16 Feb 2018 09:00:20 -0500

Intel stock rose 3.8 percent to $47.06, boosted by a 10 percent dividend hike and the forecast, which signaled that Intel is succeeding in containing fallout from recently disclosed security flaws that could allow hackers to steal data from computers.

Those flaws, dubbed Spectre and Meltdown, created global concern among technology users, and Intel acknowledged on Thursday, for the first time, that the fallout could hurt future results. But Intel executives consistently indicated that they did not expect that to happen.

Software fixes for the problems would be succeeded by solutions designed into Intel chips themselves later this year, Chief Executive Brian Krzanich said on a conference call.

How Secure Is Your Data When It is Stored in the Cloud?

Wed, 14 Feb 2018 09:00:00 -0500

As cloud storage becomes more common, data security is an increasing concern. Companies and schools have been increasing their use of services like Google Drive for some time, and lots of individual users also store files on Dropbox, Box, Amazon Drive, Microsoft OneDrive and the like. They’re no doubt concerned about keeping their information private—and millions more users might store data online if they were more certain of its security.
Data stored in the cloud is nearly always stored in an encrypted form that would need to be cracked before an intruder could read the information.

Can homeowners prevent neighbors from installing security cameras?

Mon, 12 Feb 2018 09:10:30 -0500

This is an excellent question and a very fact specific question.  In a homeowners association, lot owners are generally permitted to install security devices and cameras for security purposes.  The documents may require the association to approve the installation, but it can be accomplished.

That is very different from the relative privacy interests.  As you can imagine, if the cameras catch you walking your dog down a sidewalk in the middle of the day, that is very different from a camera pointed at your bedroom.  In the first example, you have very little expectation of privacy because you voluntarily walked out into a public space, and in the second situation, you have a very high expectation of privacy for obvious reasons.

First Jackpotting Attacks Hit U.S. ATMs

Fri, 9 Feb 2018 09:00:00 -0500

ATM jackpotting — a sophisticated crime in which thieves install malicious software and/or hardware at ATMs that forces the machines to spit out huge volumes of cash on demand — has long been a threat for banks in Europe and Asia, yet these attacks somehow have eluded U.S. ATM operators. But all that changed this week after the U.S. Secret Service quietly began warning financial institutions that jackpotting attacks have now been spotted targeting cash machines here in the United States.

To carry out a jackpotting attack, thieves first must gain physical access to the cash machine. From there they can use malware or specialized electronics — often a combination of both — to control the operations of the ATM.

Bluetooth Security Devices Ended Up Being Easier to Surveil

Wed, 7 Feb 2018 09:00:25 -0500

Security researchers at Duo Labs discovered that Bluetooth vulnerabilities personal safety devices from Wearsafe and Revolar left their users exposed to tracking from a distance. That Bluetooth can be used to track someone shouldn't be all that surprising, but the concern here centers more around the types of devices in question, as they're used to signal to friends that you're in some sort of distress. Presumably that means owners are already more sensitive to being followed, tracked, or surveilled.

Dutch Spies Snooped on Russias Elite Hackers

Mon, 5 Feb 2018 09:00:00 -0500

Cozy Bear is one of Russias elite hacking groups, in part responsible for the hack of the DNC in 2016 in an effort to influence the presidential campaign. They also, according to Dutch media reports, had been spied on by Dutch intelligence agents for at least a year. The observed the Russian hackers attempting to infiltrate both the State Department and the White House, and informed the NSA about the intrusions.

Millions of PCs Targeted by Cryptocurrency-Mining Malware

Thu, 1 Feb 2018 09:00:48 -0500

Malware is increasingly developing an appetite for cryptocurrency mining. One newly discovered strain has tried to infect millions of Windows machines, all in an effort to siphon their computing power and possibly sell it for mining purposes.

The operation has been going on for over four months, and may have targeted around 15 million machines or more, security firm Palo Alto Networks said Wednesday.

16 Best Password Manager Apps for Your Small Business

Tue, 30 Jan 2018 09:03:39 -0500

If you are thinking about making use of the different password managers available, take a look at the following 16 best password manager apps for your small business.

complete article

Super Bowl brings massive security resources to Minneapolis

Sun, 28 Jan 2018 10:05:41 -0500

Concrete barriers and chain-link fencing are going up around the site of the Super Bowl in downtown Minneapolis, where a contingent of local, state and national agencies is working to ensure that the game and dozens of related events are safe.

The downtown location of the Feb. 4 title game has presented challenges for authorities, who have had to get creative as they carved a secure perimeter around businesses and a major hospital near U.S. Bank Stadium. But it's not the first time the Super Bowl has dealt with the challenges of a city center, and authorities who have spent roughly two years thinking about every possible scenario say they are prepared.

What is cyber security? How to build a cyber security strategy

Wed, 24 Jan 2018 09:00:00 -0500

Cyber security is the practice of ensuring the integrity, confidentiality and availability (ICA) of information. It represents the ability to defend against and recover from accidents like hard drive failures or power outages, and from attacks by adversaries. The latter includes everyone from script kiddies to hackers and criminal groups capable of executing advanced persistent threats (APTs), and they pose serious threats to the enterprise. Business continuity and disaster recovery planning are every bit as critical to cyber security as application and network security.

Cybersecurity important for businesses

Mon, 22 Jan 2018 09:59:34 -0500

Broadband and information technology are powerful tools for small businesses. However, cybersecurity threats are real and businesses must implement the best tools and tactics to protect themselves, their customers and their data.

Using AI intelligently in cyber security

Fri, 19 Jan 2018 09:59:55 -0500

Bold claims have been made about the potential for cyber security solutions to detect and block attacks with little to no human involvement. During the last 12 months in particular the volume has been turned up on the potential of increased AI and automation helping to win the ongoing battle against cybercrime.

What AI has to offer is undoubtedly impressive, but it should not be taken as an indication that AI can be left to its own devices, fixing problems and eliminating threats without us lifting a finger.

Killer Sex Robots in the Future?

Wed, 17 Jan 2018 09:00:19 -0500

Sex robots could be hijacked by hackers and used to cause harm or even kill people, a cybersecurity expert has warned.

Artificial intelligence researchers have consistently warned of the security risks posed by internet-connected robots, with hundreds recently calling on governments to ban weaponized robots.

Top Security Challenges for 2018

Mon, 15 Jan 2018 09:00:54 -0500

In 2018, we anticipate that cybercriminals will look to target and exploit more security software.

Companies are publicly touting their GDPR readiness, but behind closed doors, I expect a lot of uncertainty about the ability to comply with these new and incredibly strict guidelines.

Criminal organizations will continue their ongoing development and become increasingly more sophisticated.

Even though the majority of cyber incidents are still motivated by espionage or criminal activity, more destructive attacks fueled by masquerading tools, especially by nation-state actors, will be an alarming and growing trend in 2018.

4 Keys to an Effective BYOD Mobile Security Policy

Fri, 12 Jan 2018 09:00:00 -0500

Most organizations have allowed employee mobile devices to become key parts of their IT infrastructure, whether they formally acknowledge it or not. Here are four ways companies can revisit their mobile security policy to acknowledge the role of Bring Your Own Device (BYOD) in enterprise security management, mitigating the risks while still providing employees flexibility and freedom.

1. Recognize Employee-Owned Devices
2. Revisit Heavyweight EMM Strategies
3. Use the Cloud and Containers to Solve Security Problems
4. Focus on the Greatest Risks and Provide Feedback

10 Cybersecurity Trends: What to Expect in 2018

Tue, 2 Jan 2018 14:45:13 -0500

1. More Big, Bad Breaches
2. More Poor Security Practices
3. More Endpoint Security Woes
4. More Takedowns
5. More Bitcoin Heists
6. More Extortion Shakedowns
7. Online Proxy Wars
8. Market Consolidation
9. More EU Breach Notifications
10. GDPR Fines

Database Security Market by Software, Service, Business Function, Deployment, Organization Size, and Vertical - Global Forecast to 2022 - Research and Markets

Wed, 10 Jan 2018 09:09:00 -0500

The global database security market size is expected to grow from USD 2.95 billion in 2017 to USD 7.01 billion by 2022, at a Compound Annual Growth Rate (CAGR) of 18.9% during the forecast period.

The database security market is driven by rising threats including SQL injection, Denial of Service (DoS) attacks, and malware attacks.

Growing demand for sophisticated security solutions and evolving regulatory landscapes are driving the database security market. However, limited security budgets and high installation cost of solutions may restrain the growth of database security market.

Database encryption is one of the crucial solutions for securing the database. The database encryption can be done in 2 ways: encryption of data at rest and encryption of data in transit with better authentication control. Vendors in the market offer various encryption solutions to protect sensitive business data from both insiders as well as outsiders.

Cybersecurity Predictions for 2018

Mon, 8 Jan 2018 09:59:08 -0500

There will be at least one large-scale data breach, if not more. Just as 2017 brought us the Yahoo breach and the massive Equifax losses, there is no reason at all–none–to think 2018 will be any safer. While we can’t say exactly who will be the victim, we can say with confidence that data breaches do not fundamentally change anything. Corporate behavior is unaffected and consumers quickly internalize the costs.

The U.S. Department of Homeland Security will finally get a cybersecurity leader for the National Protection and Programs Directorate. It’s only been a year.

No significant federal effort will be made to protect the cybersecurity of the 2018 election. As long as executive branch leadership holds the official view that no Russian interference occurred in 2016, there is little reason to expect the federal government will take action. As a result, there will be serious questions about the integrity of the 2018 elections.

There will be a significant disruption of internet traffic caused by a botnet attack. Service will be blacked out and messages will be diverted. The disruption will last more than an hour.

Pressure on social media organizations to monitor content will grow significantly. The restrictions will start with efforts to protect against sex trafficking. Silicon Valleys obtuseness to the nature of their influence will leads to calls for regulation. In response, they will engage in much greater self-censorship. Free speech will suffer.

Startup Is Using Blockchain Tech To Rethink Cyber Security In The Bitcoin Era

Fri, 5 Jan 2018 09:59:35 -0500

Paul Puey serves as the CEO of Edge, a cyber security company that empowers individuals to take control of their own online data by developing the proprietary tools, software and systems needed to keep their information tightly secured.

Experts argue that secure information should be housed at the edge of a network rather than in a centralized location. Following this approach, instead of relying on enterprise server security, edge-security first encrypts data from the user's device before it ever touches a network or server.

2018 ushered in with tight security across U.S.

Wed, 3 Jan 2018 01:59:00 -0500

As millions in the U.S. prepared to ring in 2018, there had already been massive celebrations around the world. In Sydney, Australia, a huge fireworks display lit up the harbor. In Hong Kong, a spectacular array of pyrotechnics wowed spectators. And in Dubai, an amazing light show on the side of the world's tallest building, the Burj Khalifa, welcomed the new year.

Technology and Security Gap

Mon, 4 Dec 2017 09:00:00 -0400

Technological advancements are increasing rapidly, but the general populations ability to utilize these new capabilities continues to lag behind. The growing number of recent cybersecurity attacks highlights a second gap; a shortage of skilled workforce in the cybersecurity industry, predicted to reach around 1.8 million workers by 2022.

There are numerous suggestions and ideas about how to close the gap, such as upskilling existing employees skill sets or utilizing automation. But a long-term strategy focused on training and educating the next generation will help to ensure enough people have the right skills for the future.
Children are now growing up in a digital age and should be in an ideal position and better equipped to take on the challenges of cybersecurity when they enter the workforce. This early exposure to the technology and best practices could easily be harnessed to give them a golden opportunity to be trained in the skills needed to fill the gap in the cybersecurity industry. But how do we to attract them into what many consider a geeky industry?

The cyber security skills your business needs

Fri, 1 Dec 2017 09:00:00 -0400

The cyber security skills gap is set to widen to between one million and two million positions by 2019 - a nightmare for organisations needing talent, but a significant opportunity for those candidates with the right skills.

That increasing skills gap, forecast by Intel Security, leaves businesses and economies vulnerable to cyber attacks, as they often find themselves outmanned and outgunned in the battle against hackers. Companies are looking for people that are going to be able to help them safeguard against these threats, and so there has never been a better time to get into cybersecurity.

The opportunities are certainly there, but what exactly are the skills needed for effective cybersecurity?

Cybersecurity and the CFO: Risk, Responsibility and Resilience

Wed, 29 Nov 2017 09:00:00 -0400

Your companys capital structure, the current sentiment of your stakeholders and constantly-evolving economic modeling are all things for you to worry about. You likely know what keeps your fellow executives up at night as well. But what about your organization’s cybersecurity team?

Old-schoolers might consider IT to be just an expensive line item when, in fact, your IT team’s successes and failures impact everything under your purview and beyond. Their nightmares should be your nightmares. Strategic investments, good governance and thoughtful reporting by your security team helps fortify your company’s business resilience, letting you enjoy some peace of mind while avoiding a situation of Equifax proportions.

Customers expect to be able to trust the safety of their private data and financial information within an organization. When any large-scale breach (like Equifax, which lasted from mid-May through July) occurs a considerable amount of that trust is lost, sometimes irrevocably.

But bigger than putting a dent in brand reputation, cyberattacks and data breaches can measurably affect an organization’s bottom line.

Why the governments cybersecurity matters

Mon, 27 Nov 2017 09:00:00 -0400

With the recent breach of personnel information from the Office of Management and Personnel and revelations that insiders within our intelligence community mishandled and exposed sensitive information, citizens may be asking themselves, How could it get worse? To be certain, our national security and national prosperity will be significantly threatened if we do not ensure that cybersecurity and protection of the people’s information are at the top of every agenda in every department and agency.

Cybersecurity is a risk management issue, and the United States government, like many businesses around the country, is accepting a lot of risk. This should be deeply concerning to all Americans, as it represents a critical threat to our national security, the openness of our economy and our way of life. However, the good news is it does not need to be this way. There are concrete and achievable steps that the government must take to reduce the level of risk, beginning with filling the vacant federal chief information officer and chief information security officer positions with experienced and qualified personnel, upgrading our network architecture and infrastructure, investing in workforce training and adopting many of the proven best practices that work in the private sector.

Examining The Three Classes Of Cybersecurity Needs

Sat, 25 Nov 2017 09:00:00 -0400

September 2017 witnessed a trifecta of mega-breaches: Equifax, SEC and Deloitte. Cybersecurity was already a messy and technical topic, and these disclosures have made it even more perplexing. There are hundreds of security product vendors, and the industry is collectively spending billions of dollars every year and is expected to top $100 billion by 2020. So why is it so hard for organizations to get their act together and prevent breaches? What exactly are we missing?

The cybersecurity problem is hard because organizations have massive and growing attack surfaces. There are myriad ways by which our networks can be breached, and it is very hard to keep up with the adversary. The industry still has unmet needs for tools and methods of appropriate scale to defend ourselves.

Cybersecurity a costly necessity

Thu, 23 Nov 2017 09:00:00 -0400

It was a perfect case of the complexities involved in trying to protect against attacks like last May’s WannaCry ransomware that infected more than 300,000 computers in 150 countries in a matter of days, demanding ransoms to regain access to their computers.

Rather than being held hostage to cyber criminals who have manage to get into the most heavily guarded computer systems of businesses, hospitals and government agencies, it’s essential to be knowledgeable and diligent, said Brian Levine, founder of UMass Cybersecurity Institute.

Yet security is hard.

Florida Sets Sights on Becoming Cybersecurity Front-Runner

Tue, 21 Nov 2017 09:00:00 -0400

Florida probably is not the first place that comes to mind in terms of a strong cybersecurity industry. In fact, it has a somewhat insecure reputation — the Sunshine State had the second highest rate for identity theft complaints in 2016, according to the Federal Trade Commission.

But local stakeholders are looking to change that, and Florida is making slow but incremental progress on a few fronts.

The mission that was given to us is make Florida the leading state in cybersecurity, said Sri Sridharan, executive director of the Florida Center for Cybersecurity.

The University of South Florida-affiliated center, which is hosting its annual cybersecurity conference Friday, was established by the Florida legislature in 2014 to position Florida as a national leader in cybersecurity.

Verisign Explores Blockchain for Domain Security System

Sun, 19 Nov 2017 09:00:00 -0400

One of the oldest internet security firms is exploring applications for blockchain in the field of domain name services.

According to a patent application released by the U.S. Patent and Trademark Office Thursday, Verisign is considering using blockchain technology as part of a potential new DNS Security Extension (DNSSEC) project.

DNSSEC protocols exist to protect users from accidentally being sent to malicious websites disguised to look like real ones. These protocols verify that the website the user is trying to reach is the one they actually reach.

Verisign proposed potentially building a system which uses a public ledger on a blockchain to store digital certificates, public keys or other authenticating objects.

The DNSSEC protocol would compare the authenticating objects stored on the ledger with the ones returned by the website to confirm they match. Other iterations of the protocol would use public and private keys as an additional security measure.

The use of a blockchain ensures that the objects stored on the ledger are immutable, affirming that the objects are secure from hacking or malicious attacks.

New Fare System Raises Security Concerns, but Officials Promise Safety

Fri, 17 Nov 2017 09:00:00 -0400

The MetroCard has had its downsides — Please swipe again’ are three words that are the curse of just about every New York City subway rider. More significantly, the wallet-size card has become outdated in a high-tech world. But at least it was hard to hack.

Now the Metropolitan Transportation Authority, which runs the subway, is finally planning a more modern fare system that will allow riders to wave smartphones and certain kinds of credit cards and debit cards at the turnstiles. But will commuters have to worry about hackers following them down into the subway?

Officials of the transportation authority and the company developing the new system say they will do everything they can to keep passengers’ personal information safe — a concern in an age of data breaches, like the ones involving online services like Equifax, Yahoo and LinkedIn, retailers like Home Depot and Target or banks like JPMorgan Chase and Citibank.

The officials say they are prepared to play defense against hackers who would no doubt relish the challenge of causing hiccups — or worse — for a fare-collection system as large and as complicated as the one coming to New York.

New Airport Security Rules

Wed, 15 Nov 2017 09:00:00 -0400

If you are flying to the U.S. from overseas, we have some good news: Laptops and other electronic devices larger than a cellphone are no longer banned on plane cabins.

The new rule that took effect on Thursday loosens restrictions on carry-on electronics but steps up other security requirements for airports and airlines.This means travelers may be subject to short interviews that could cause longer clearance times, flight delays and even recommendations to arrive at the airport earlier.

The Department of Homeland Security (DHS) announced the new measures designed to do away with the carry-on electronics restrictions in June, giving airlines 120 days to comply. The rules will impact 235,000 passengers on 2,000 flights daily to the U.S. on 180 airlines from 280 airports across 105 countries, according to Reuters.

Kaspersky CEO says hack claims cutting U.S. cyber security sales

Mon, 13 Nov 2017 09:00:00 -0400

Eugene Kaspersky told Reuters on Friday that the Moscow-based cyber security firm that bears his name would see a single-digit drop in U.S. sales this year as a result of suspicions about his companys ties to the Russian government, but its global revenue should still increase.

By turns frustrated and defiant in an 80-minute interview in his Moscow office, the founder and head of the embattled antivirus software maker denounced what he called an information war against his company, repeatedly asserting that “we’ve done nothing wrong.”

What are the security concerns of your body becoming the password?

Fri, 10 Nov 2017 09:00:00 -0400

In this day and age, your eyes can be your passport, your fingerprint, can be your ticket to a baseball game, and you can even use your face to unlock an iPhone.

More companies are embracing biometric identification, but its raising privacy and security concerns.

Major cyber-attack will happen soon, warns UKs security boss

Wed, 8 Nov 2017 09:00:00 -0400

A category one cyber-attack, the most serious tier possible, will happen sometime in the next few years, a director of the National Cybersecurity Centre has warned.

According to the agency, which reports to GCHQ and has responsibly for ensuring the UKs information security, a category one cybersecurity incident requires a national government response.

In the year since the agency was founded, it has covered 500 incidents, according to Ian Levy, the technical director, as well as 470 category three incidents and 30 category two, including the WannaCry ransomworm that took down IT in multiple NHS trusts and bodies.

The security aspects of modernization

Mon, 6 Nov 2017 09:00:00 -0400

IT modernization has resurfaced as a topic of conversation in the federal government in the past month. On Aug. 30, White House officials issued a draft report on the Trump administration's plan to modernize federal IT. It directs agencies to move more swiftly to the cloud, consolidate networks and prioritize the modernization of high-value, high-risk assets.

The following week, a report by research company Market Connections found that many agencies -- in the opinions of their own managers -- were not as successful in their modernization efforts as they could be.

New passport app at LAX aimed at moving arriving travelers through security quickly

Fri, 3 Nov 2017 09:00:00 -0400

The addition of a mobile passport app to Los Angeles International Airport will help travelers pass through security checkpoints faster, the airport and U.S. Customs and Border Protection said Thursday.

Mobile Passport Control can now be used at terminals 2, 4, 7 and Tom Bradley International Terminal and is the first authorized app to expedite passenger arrival into the U.S.

Eligible U.S. and Canadian citizens may voluntarily submit their passport information and answers to inspection-related questions to CBP via a smartphone or tablet app prior to arrival for speedier service.

4 Vital Cyber Security Measures Every Safety-Conscious Entrepreneur Needs to Take

Wed, 1 Nov 2017 09:00:00 -0400

The transition to increased connectivity and quick, seamless, one-click solutions has also given rise to security issues when it comes to the private information held by the institutions leveraging those innovative solutions that optimize business operations.

In their bid to be more connected, businesses have increased the touch points of their organizations across networks, increasing the opportunities cyber criminals have to penetrate: Every time any of us visit Angies List, BestAdvisor (U.K.), Yelp or any other review site to decide on what to purchase, then proceed to Amazon, Walmart or other ecommerce store, whipping out our credit cards and making a purchase, we are releasing vital pieces of personal information.

Things only get worse when we fill out a  detailed form online. This is fodder for the plethora of hackers seeking ways to penetrate personal and corporate firewalls ,to get to the private information they protect. No wonder so many organizations spend so much on security. No wonder we can't ignore the vital role cyber security plays for businesses and individuals.

Five Tips To Improve Your Corporate Security Program

Mon, 30 Oct 2017 09:00:00 -0400

With the continued proliferation of data breaches and other network security threats, cybersecurity spending is projected to climb to US$90 billion worldwide this year. As such, more companies are looking to build robust IT organizations with enhanced capabilities to combat the ever-evolving cyber threats. Companies are busy upgrading their systems, hiring employees and partnering with third parties to keep up with the pace of change. So, what do IT leaders need to prioritize to be sure their efforts have both an immediate and long-term impact on the integrity of their networks and systems?

The first step is to develop a strategy that brings an organization together to understand WHY cybersecurity is the responsibility of all employees.

Googles Android Oreo

Fri, 27 Oct 2017 09:00:00 -0400

In addition to the many tweaks and new features in Google’s Android 8.0 Oreo operating system introduced last month, the biggest changes are its security enhancements.

Oreo security additions are meaningful and go far beyond what recent OS updates have brought to the table.

U.S. Homeland Security found SEC had critical cyber weaknesses in January

Wed, 25 Oct 2017 09:00:00 -0400

It was not clear if the vulnerabilities detected by DHS are directly related to the cyber breach disclosed by the SEC. But it shows that even after the SEC says it patched promptly the software vulnerability after the 2016 hack, critical vulnerabilities still plagued the regulators systems.

Cyber Security News Roundup: Hackers! Hackers Everywhere!

Mon, 23 Oct 2017 09:00:00 -0400

The trouble with cyber security is that there is virtually no good press. You don’t make it in the news for fighting off an attempted DDoS attack or for successfully updating and patching your systems. Nobody cares about that stuff. We, as a society, are more interested in the disasters. They may not admit it, but the majority of the people in the stands at a NASCAR race aren’t there to admire the mechanical ingenuity on display, nor are they particularly interested in the beauty of a perfect racing line. They want to see cars go fast and they’ll happily take a crash or two along the way.

Should Apple iPhone X Trust Facial Recognition for Security?

Fri, 20 Oct 2017 09:00:11 -0400

Your face is the future of smartphone security. Apple made that clear last week when it unveiled the pricey iPhone X, which trades in the familiar home button and TouchID fingerprint scanner for a new camera system that unlocks the device using facial recognition.

The company has repeatedly proved its ability to push emerging technology into the mainstream—but with FaceID, Apple claims to have conquered many of the challenges that have prevented the widespread use of facial biometrics.

In spectacular fail, Adobe security team posts private PGP key on blog

Wed, 18 Oct 2017 09:00:00 -0400

Having some transparency about security problems with software is great, but Adobe's Product Security Incident Response Team (PSIRT) took that transparency a little too far today when a member of the team posted the PGP keys for PSIRTs e-mail account—both the public and the private keys. The keys have since been taken down, and a new public key has been posted in its stead.

Security barriers put to the test as vehicles become weapons

Mon, 16 Oct 2017 09:00:00 -0400

Bollards—those usually waist-high pillars that are often made out of a combination of carbon, steel or cement—are being seen just about everywhere these days, from sports arenas to the parking lots of convenience stores.

Calpipe put these types of bollards to the test at Texas A&M’s Transportation Institute. The Now was on the hot concrete of this former Air Force based-turned laboratory in Bryan, Texas, as researchers measured how well the bollards held up with a dummy vehicle going at speeds of 10, 20, and 30 miles per hour.

Homeland Security says election hackers targeted state

Fri, 13 Oct 2017 09:00:43 -0400

The federal government on Friday told election officials in 21 states — including Connecticut — that hackers targeted their systems last year, although in most cases the systems were not breached.

Cyber Security Regulations

Wed, 11 Oct 2017 12:00:00 -0400

We claim we are in a new era of cybersecurity threats and that ransomware is the threat du jour, given how WannaCry and Petya continue to make waves. But we are also in an era of a new wave of cybersecurity regulations. When looking at the latest attacks, some would argue that the same old vulnerabilities are to blame, and that is because organizations are dragging their feet in implementing the critical security measures to protect themselves.

High-profile breaches like those that impacted HBO, Target and Home Depot are just three examples -- but there are many others (too many to list for 2017 alone, and we still have roughly four-and-a-half months to go). As a result, we’re now seeing new regulations emerge that are forcing organizations to get their proverbial houses in order.

The Haves And Have-Nots In Cybersecurity: How Your Company Can Level The Playing Field

Mon, 9 Oct 2017 09:00:05 -0400

Simply put, the nations most-skilled cybersecurity experts want to work on big, interesting problems. Maintaining the firewall for a regional bank in Cleveland, say, or protecting a mid-size law firm does not qualify as interesting. Interesting is protecting trillions of dollars at Goldman Sachs—or going toe-to-toe with Russian, Chinese or North Korean hackers at the CIA or NSA.

Interesting also means getting paid a lot. And most companies have a hard time affording the salaries many top cybersecurity pros demand. According to a recent report from DICE, an IT-focused jobs website, the average Director of Security makes more than $178,000 a year. It is not surprising, given the demand. A report by research firm Frost & Sullivan forecasts that by 2020, 1.5 million cybersecurity jobs will go unfilled.

Cyber Security Help Wanted

Fri, 6 Oct 2017 09:00:00 -0400

People with Asperger Syndrome have distinct advantages when it comes to combating cyber crime.

Most hackers are atypical. A research document from Scotland Yard last year indicates the majority of hackers in England are Aspergers. Some of them are identified; others do not disclose it.
Aspergers are extremely detailed oriented, which leads to a no stone unturned approach to cybersecurity.
Aspergers are cognitively different, so they are naturally out of the box and find innovative solutions to problems without the usual cognitive Blind spot of non-autistic people.
Aspergers are extremely focused and can have a high level of concentration. They are capable of hyperfocusing and never let go when they are looking for something.
They have a high capacity for analysis. You can find brilliant Asperger people working as Security Operations Center (SOC) analysts, for example.
They have a demonstrated superior capacity to identify patterns. The Israeli army has created an elite squad unit 9900 composed solely of Autistics to deduct with pattern recognition troop movements on satellite images.
It is been scientifically proven that Aspergers are methodological and make more rational decisions (less cognitive biases).
Many Aspergers are optimal problem solvers — they focus on finding the best solutions, not one of the best.
Autistics have what is called Specific Interests: They will read and memorize huge amounts of information in an obsessive way and, therefore, excel in their field of expertise.
People on the spectrum search for intellectual stimulation, complex challenges, and many have the investigator profile, which is highly valuable for forensics and pen testing.

Companies should treat cybersecurity as a matter of ethics

Wed, 4 Oct 2017 09:00:00 -0400

Cybersecurity should not just be a matter of technology but also one of morality. Is it ethical to market and sell technology that leaves consumers and their homes vulnerable to hackers?

Malcolm Harkins thinks these are worthy questions. Harkins spent 24 years at Intel Corp., rising to the position of chief security and privacy officer. Given the increasing number and audacity of hacks, he thinks we have reached a tipping point of sorts where corporations need a fundamental rethink of cybersecurity.

And Harkins really does mean fundamental. He argues that companies should formally classify protecting consumer data and privacy as a social responsibility, akin to combatting climate change, fighting poverty, or promoting diversity. Codifying cybersecurity into a companys ethical DNA is the only way, he argues, to force businesses to weigh consumer safety and privacy risks before creating new products and services.

Windows 10 and Security

Mon, 2 Oct 2017 01:00:00 -0400

Windows 10 has been out for over two years now, but those who have yet to upgrade have been urged to do so or risk facing a huge security crisis.

Latest Netmarketshare figures have Microsofts Windows as the leading desktop browser, with a staggering 90.70 per cent share.

However, the version of Windows that is most popular is not Microsofts latest OS Windows 10 - but Windows 7, released back in 2009.

While Windows 7s market share is down from 60.75 in August 2015 to 48.43 per cent in August 2017, it is in fact UP on this time last year.

Then, Windows 7 had a 47.25 per cent market share.

Microsoft have already penciled in the end of support for Windows 7, and it is not far away.

January 14 2020 will mark the end of life for Windows 7, which is currently the most popular OS on the planet according to Netmarketshare figures.

And these users will need to update to a more recent versions of Windows, or risk exposing themselves to potential cyber attacks.

Private Security Outnumbers The Police In Most Countries Worldwide

Fri, 29 Sep 2017 09:00:00 -0400

Whether they are patrolling shopping malls, conducting screening at airports or protecting VIPs, private security guards have become an increasingly common sight across the world. In many countries, they are armed with handguns and even dress in uniforms similar to the police. The sector has experienced huge growth in recent years and today there are an estimated 20 million private security workers worldwide while the industry is worth approximately $180 billion. That is expected to grow even further to $240 billion by 2020, greater than the GDP of 100 countries including Portugal, Romania and Hungary.

Hotel Room Hacking

Wed, 27 Sep 2017 09:00:00 -0400

A man hacked his way into at least 78 hotel rooms over the course of several years, thanks to a known bug that let him slip in and out like a ghost.

Cybersecurity And You: Does Size Matter?

Mon, 25 Sep 2017 09:07:37 -0400

We have all been warned to change our passwords regularly, make sure they are not easy to guess, and keep a sharp eye on our credit card statements. And many of us are diligent in doing what we can to keep our information secure.

But the irony of the situation is that most times our personal data is hacked from behind the firewalls of the companies we do business with and not because of a lack of our own personal data hygiene.

Cybersecurity Is Not A One-Time Fix

Fri, 22 Sep 2017 09:00:55 -0400

Every company has at least one employee who will click on anything , said Brad Smith, Microsoft president and chief legal officer, at a company conference in July.

Although employees may be the weakest link in an organizations cybersecurity front lines, the evolution of malware and cybercrime are putting even the most security-conscious organizations at risk. Traditional approaches to security, which typically focus on keeping the bad guys out, often lead to too many layers and components, and too much complexity.

Androids Oreo Update

Wed, 20 Sep 2017 09:00:50 -0400

Androids recently released Oreo update packs in plenty of features, including a battery life boost and a notifications rethink. But Oreos most important improvements will happen behind the scenes, with a host of security updates designed to evolve with ever-expanding digital threats. From halting ransomware to blocking malicious apps and easing Androids longstanding fragmentation woes, Oreo tackles some big problems. For the security developers who work behind the scenes, though, it is just one more step on a journey that never really ends.

Three security steps that will help keep your smartphone safe

Mon, 18 Sep 2017 09:00:00 -0400

The first security step is to set a lock code or fingerprint access so that someone can not just come along and access the data on your misplaced or lost phone.

The second step is to be very careful about what apps you install on the machine. Many of them not only violate your privacy by, for example, accessing your contact list, but they can compromise security in other ways. Notice what permissions the app says it needs when you are installing it. If, for example, a game says it needs access to your phone contacts, do not install it.

Finally, smartphones are at least as vulnerable to hacking and malware as PCs so, yes, I recommend installing security software.

465K People With Pacemakers Need Security Update

Thu, 14 Sep 2017 09:00:00 -0400

Is it a recall? Is it a software update? Well, it's actually both. Abbott, the medical device company that produces implantable cardiac pacemakers under the St. Jude’s Medical brand, has issued a corrective action, per the Food and Drug Administration, to mitigate what it calls the risk of patient harm due to potential exploitation of cybersecurity vulnerabilities. That's right, it is asking 465,000 people with certain devices to visit their doctors and get a firmware update so that their implants are not so easy to hack into. They say patients should schedule a visit with their doctor, and that the process will take three minutes start to finish, during which time all essential features will run in backup mode, reports Consumerist. It's unclear how many people in other countries are affected.

Test Messaging Software or Security Companies

Tue, 12 Sep 2017 01:00:00 -0400

Text messaging is used a variety of ways in the security industry. Some of the industry specific uses for PageGate include:

Security Alerts
Emergency Notifications
Alarm Notification Automation
Dispatch Notifications
Communicate Critical Information Related to a Scene
On-call and Re-call Notifications
Allows for Better Decision Making
Reminders of Payment Due Date
Notification of Received Payments
Notification of Discounts, Deals and Promotions
Routine Employee Communications

Test Messaging Software or Security Companies

350% more cybersecurity pros in Washington, D.C., area than rest of U.S.

Sun, 10 Sep 2017 14:33:50 -0400

Two entrepreneurs place a big bet on cybersecurity startups along the Capital Beltway.

Silicon Valley is home to the largest population of cybersecurity product companies in the world.

Sand Hill Road in Menlo Park, California, is the epicenter of technology (and cybersecurity) venture capital. Scores of venture capital (VC) firms dotting the Bay Area have made it an attractive HQ location for startups seeking funding.

Investors—especially angels and first round financiers—prefer to be close to their portfolio companies. Simply put, where there are VCs, there will be startups.

China Enforces First Action Under Developing Cyber Security Law

Fri, 8 Sep 2017 14:29:13 -0400

Chinas Cyber Security Law (the Law) went into effect on June 1. We have now seen the first enforcement action under the Law (news report in Chinese here). Chongqings Public Security Bureau  (PSB) issued a warning to a local Internet data center company for failure to preserve a blog.  The company was ordered to rectify that deficiency within 15 days. While this is a small violation, it marks the first enforcement action under the Law.

10 bad habits cybersecurity professionals must break

Wed, 6 Sep 2017 14:27:28 -0400

Demand for cybersecurity professionals continues to rise, with the projected talent gap in the field reaching 1.8 million jobs by 2022. Those that take on these roles play a key role in the enterprise, as the average cost of a data breach worldwide is now $3.62 million.

A number of common mistakes arise in the field that can make your job more difficult and put your company at risk. Here are 10 bad habits cybersecurity workers must break to be most effective in their role.

1. Overconfidence
2. Bypassing corporate controls
3. Negligence toward false positives
4. Failing to review the environment as a whole
5. Disregarding the user
6. Letting your skills lapse
7. Not patching immediately
8. Alert fatigue syndrome
9. Relying too heavily on third party vendors
10. Ignoring the business side

Automotive Defense

Mon, 4 Sep 2017 14:24:01 -0400

Red Balloon Security, a world leader in embedded device security, is announcing the release of a new cybersecurity product to protect automobiles from a wide range of potential cyber attacks. Called Symbiote for Automotive Defense, the new embedded device defense system is officially launching at the escar USA Conference 2017 in Detroit, on June 21.

Best Hacks from BlackHat and DefCon

Fri, 1 Sep 2017 14:21:20 -0400

Hackers Hijack a Carwash to Cause Vehicle-Destroying Mayhem
Leave it to hackers to turn the wholesome American institution of the carwash into a horrifying death trap.

Chinese Hackers Take Over a Tesla—Again
In September of last year, security researchers at the Keen Labs group of the Chinese tech giant Tencent pulled off an impressive feat of automotive hacking, completely undermining the security of a Tesla S to disable its brakes after it automatically connected to their rogue Wi-Fi hotspot.

Sonic Gun Attack Can Glitch Oculus Headsets or Hoverboards
One group of hackers has modernized the old party trick of the woman singing a high pitched note at the perfect frequency to break a wine glass.

Taking Down the Avalanche Botnet
On Wednesday, FBI Cyber Division Unit Chief Tom Grasso gave a Black Hat audience details of the December Avalanche takedown orchestrated by a group of international law enforcement agencies.

Black Hat at 20, DefCon at 25: Not just about breaking things

Wed, 30 Aug 2017 14:20:20 -0400

Where in cyberspace is Norm?

If your job involves protecting sensitive information from prying eyes, or making sure that the right data is available to the right people at the right time, then Black Hat can make you feel burdened and beleaguered. So many threats and so many attack vectors, versus your organizations meagre security resources. Of course, all of that would be less of a problem if cyberspace were populated solely by law abiding digital citizens who abided by civilized norms.

Hackers break into voting machines within 2 hours at Defcon

Mon, 28 Aug 2017 14:19:38 -0400

After nearly an hour and a half, Carsten Schürmann, an associate professor with IT-University of Copenhagen, successfully cracked into a voting machine at Las Vegas Defcon convention on Friday night, CNET reports.

Top Security Firm May Be Leaking Terabytes of Confidential Data From Fortune 100 Companies

Sat, 26 Aug 2017 14:19:15 -0400

A leading American security company and purveyor of anti-malware detection services is waking up to a damning report about a massive vulnerability in its flagship product. The report describes an unimaginable leak, the scope of which covers a wide range of confidential data, including customer credentials and financial records, among other sensitive files.

In a blog posted late Tuesday night, information security firm DirectDefense announced the discovery of inherent flaw in a leading anti-malware product offered by Carbon Black, a US-based company that supplies security products to nearly a third of the the largest 100 public and privately held companies in the United States.

Security firm discovers several major security flaws in Xiaomis MIUI

Thu, 24 Aug 2017 14:18:25 -0400

With a little over six percent market share, Xiaomi re-established itself as one of the top 5 Android smartphone manufacturers in the world. As such, millions of people use the company’s devices, so when Xiaomi’s MIUI Android skin is reported to have several security vulnerabilities, it would be wise for both users and the company to take notice.

Discovered by India-based security firm eScan Antivirus, one of the vulnerabilities centers around the Mi Mover app, which lets you transfer settings and other data from an Android device to a Xiaomi phone.

8 Critical IoT Security Technologies

Tue, 22 Aug 2017 14:17:42 -0400

The growth of IoT devices coupled with the rise in cyberattacks means that system security cannot be engineered after the design.

A recent report by Gartner predicts that there will be 20.4 billion connected Internet of Things (IoT) devices by 2020, with 5.5 million new things getting connected every day. Furthermore, more than half of major new business processes and systems will include an IoT component by 2020.

These numbers are staggering and suggest that standard PC security and anti-virus solutions will not be able to counter future cybersecurity threats on connected IoT devices.

Hacking in Hollywood: Why the Industry Needs to Shore Up Security

Sun, 20 Aug 2017 14:16:55 -0400

A  cyber attack at Sony Pictures in 2014 resulted in the release of sensitive internal documents, the eventual ouster of the top executive and multimillion-dollar settlements with employees. Hackers struck again in 2016, this time targeting a post-production vendor of Netflix with a threat to leak unreleased shows if their ransom demand was not met. The latest attack is against HBO, and hackers have upped the ante with a demand for millions of dollars to stop the leak of internal emails, passwords, salary information, stars’ phone numbers and scripts for Game of Thrones.

ITs 9 biggest security threats

Fri, 18 Aug 2017 14:14:37 -0400

Years ago the typical hacking scenario involved a lone attacker and maybe some buddies working late at night on Mountain Dew, looking for public-facing IP addresses. When they found one, they enumerated the advertising services (Web server, SQL server and so on), broke in using a multitude of vulnerabilities, then explored the compromised company to their heart's content. Often their intent was exploratory. If they did something illegal, it was typically a spur-of-the-moment crime of opportunity.

My, how times have changed.

When describing a typical hacking scenario, these days you must begin well before the hack or even the hacker, with the organization behind the attack. Today, hacking is all crime, all the time, complete with bidding markets for malware, crime syndicates, botnets for hire, state actors, and cyber warfare gone amok.

Threat No. 1: Cyber crime syndicates
Threat No. 2: Small-time cons -- and the money mules and launderers supporting them
Threat No. 3: Hacktivists
Threat No. 4: Intellectual property theft and corporate espionage
Threat No. 5: Malware mercenaries
Threat No. 6: Botnets as a service
Threat No. 7: All-in-one malware
Threat No. 8: The increasingly compromised web
Threat No. 9: Cyber warfare

Study finds evidence of poor computer security practices in DNA sequencing

Wed, 16 Aug 2017 14:13:30 -0400

A new study from University of Washington (UW) researchers finds evidence of poor computer security practices used in DNA sequencing tools.
By analyzing the security hygiene of common, open-source DNA processing programs, researchers at the University of Washington confirmed that known security gaps could allow unauthorized parties to gain control of computer systems, potentially giving them access to personal information or even the ability to manipulate DNA results.

The DNA is a system that encodes information in sequences of nucleotides. Rapid improvement in DNA sequencing has sparked a proliferation of medical and genetic tests that promise to reveal everything from one's ancestry to fitness levels to microorganisms that live in ones gut.

However, some open-source software programs used to analyze DNA sequencing data were written in unsafe languages known to be vulnerable to attacks, in part because they were first crafted by small research groups who likely were not expecting much adversarial pressure.

But as the cost of DNA sequencing has plummeted over the last decade, open-source programs have been adopted more widely in medical- and consumer-focused applications.

Terrorists, hackers and scammers: Many enemies as L.A. plans Olympics security

Mon, 14 Aug 2017 14:12:32 -0400

Come the 2028 Olympic Games, technology will play a much more central role in protecting the games. Modern-day defense is not about a show of force as much as detection, prevention and disruption, Beck and others said.

Terrorists, hackers and more

In the evolving world of terrorism and other threats, a keyboard, a drone or a computer virus could be as deadly as a gun, they say.

The potential targets have also evolved — not just main venues but soft targets where people gather. And violence is just one scenario the 2028 security team will have to consider. Another is hacking.

Cloud Security: 8 Things You Need to Know When Choosing a Storage Service

Wed, 19 Apr 2017 09:00:00 -0400

When you decide to start using a cloud storage or online backup provider, you may have some worries about security: we have all seen the sensational headlines about starlets having naked pictures of themselves stolen from their online accounts.

However, with proper security measures, your stored files can be just as safe in the cloud as they are on your laptop — if not safer. In this article we’ll talk a little about the most common ways cloud services protect your data.

With cloud storage, you don’t have to worry about the physical security of your data: even if your laptop or tablet gets stolen, you will not have lost your documents and images. Most cloud storage breaches were actually facilitated by users who gave away their passwords, often as the victims of phishing.

complete article

Pope urges EU: Resist false security promised by populists

Mon, 17 Apr 2017 09:00:00 -0400

Pope Francis urged European leaders on Friday to resist the false forms of security promised by populists who want to wall themselves off and instead bank on a future of greater solidarity and union.

Francis welcomed 27 EU leaders to the Vatican on the eve of a summit to mark the 60th anniversary of the Treaty of Rome, the founding charter of the bloc.

The summit falls just days before Britain triggers a procedure to leave the EU and comes amid a wave of anti-EU populist sentiment sweeping the continent that threatens the very essence of the EU.

In his remarks, Francis said Europeans seem to have forgotten the tragedy of the walls and divisions that inspired leaders decades ago to hope for a better future through union.

LastPass security flaw could have let hackers steal passwords through browser extensions

Sat, 15 Apr 2017 09:00:00 -0400

A LastPass security vulnerability could have allowed malicious attackers to steal users’ passwords, a researcher revealed this week.


On Monday, Google researcher Tavis Ormandy reported the vulnerability in the popular password management tool. In an outline of the problem, Ormandy explains that a coding flaw allowed anyone to proxy unauthenticated messages to a LastPass browser extension.

Is Privacy Real? The CIA Is Jeopardizing America's Digital Security, Experts Warn

Thu, 13 Apr 2017 09:00:00 -0400

WikiLeaks released its latest cache of confidential C.I.A. documents Thursday as part of its Vault 7 operation, exposing the U.S. government of its hacking and digital espionage capabilities — this time having to do with iPhones and other smart devices used by hundreds of millions of people across the globe. But there was an issue concerning cyber security experts and computers scientists much more damning then any of the secretive information featured in the new leaks: the C.I.A.'s total disregard of safety measures put in place for discovering these dangerous flaws in smart gadgets.

The federal agency has kept its discovery of many exploits (software tools targeting flaws in products, typically used for malicious hacking purposes) a secret, stockpiling that information rather than reporting it to multinational corporations, throwing millions of Americans into the crosshairs of a dangerous, intergovernmental spying game in the process.

How to improve your digital security

Tue, 11 Apr 2017 09:00:00 -0400

Want to control your own digital security? There’s a wide array of options for secure messaging apps, email services and browsers that help you do-it-yourself.

4 myths -- and facts -- about online security

Sun, 9 Apr 2017 09:00:00 -0400

Myth 1. Emails are always secure
Fewer than half -- 46% -- of people said they know email is not always encrypted. Encryption ensures only the sender and recipient are able to access the emails.

Myth 2. Private browsing is always private
Surfing the web in private (or incognito) mode prevents the browser -- like Chrome, Firefox, or Safari -- from collecting data about your activities. But it doesn't prevent an internet service provider, like Comcast, from monitoring your activity.

Myth 3. Turning off GPS means no one can track me
Almost half of people surveyed either didn't know or were unsure whether disabling GPS prevents all tracking. Your phone's built-in location service is just one way data can be collected.

Myth 4. My password is enough to protect me
Strong passwords are good, but security experts also recommend using two-factor authentication for account security. This means you must have a second login, like a security code sent to your phone, to sign into accounts. It prevents hackers from getting into your account, even if they know the password.

Phishing 101 at the School of Hard Knocks

Fri, 7 Apr 2017 09:00:00 -0400

A recent, massive spike in sophisticated and successful phishing attacks is prompting many universities to speed up timetables for deploying mandatory two-factor authentication (2FA) — requiring a one-time code in addition to a password — for access to student and faculty services online. This is the story of one university that accelerated plans to require 2FA after witnessing nearly twice as many phishing victims in the first two-and-half months of this year than it saw in all of 2015.

Bowling Green State University in Ohio has more than 20,000 students and faculty, and like virtually any other mid-sized state school its Internet users are constantly under attack from scammers trying to phish login credentials for email and online services.

BGSU had planned later this summer to make 2FA mandatory for access to the school’s portal — the primary place where students register for classes, pay bills, and otherwise manage their financial relationship to the university.

That is, until a surge in successful phishing attacks resulted in several students having bank accounts and W-2 tax forms siphoned.

Popular security cam flaw lets burglars disable them

Wed, 5 Apr 2017 09:00:00 -0400

Nests outdoor indoor Nest Cam, Dropcam and Dropcam Pro have been found to have three vulnerabilities that allow would-be burglars to exploit the cameras via Bluetooth to make them stop recording footage.

These exploits, reported to affect firmware version 5.2.1., were discovered by security researcher Jason Doyle and already alerted Nest about them back in October.

No patches have been issued yet at this time but according to Engadget, Nest is aware of the issue, [has] developed a fix for it, and will roll it out to customers in the coming days.

The first two bugs allow an attacker to trigger a memory buffer overflow in the cameras by sending super-long Wi-Fi data, such as an SSID name parameter or a Wi-Fi password parameter, via Bluetooth Low Energy (BLE). This overflow causes the cameras to crash and restart.

The third bug lets an attacker trick the cameras to temporarily disconnect from its current Wi-Fi network by sending it a new, non-existent Wi-Fi network SSID to connect to, again via Bluetooth. This causes the cameras to keep attempting to connect to the phantom network then reconnect to the original Wi-Fi network every 90 seconds. This time, the window is vital since Nest cameras depend on the cloud to store their footage. Each disconnection means the cameras temporarily stop recording and saving footage to their internet-based servers.

London Attack Reminds May of Post-Brexit Security Ties Need

Mon, 3 Apr 2017 09:00:00 -0400

The worst terror attack on British soil since 2005 took place a year to the day after the deadly bombings on Brussels, and exactly one week before Mays government triggers Brexit. The unnamed British-born attacker was investigated by the British intelligence service MI5 some years ago but he was not part of the current intelligence picture, May told lawmakers on Thursday.

Expressions of solidarity and offers of help flooded in from the European Union governments May will be engaging in complex and probably acrimonious negotiations on how to decouple after more than 40 years together.

But for the woman who until eight months ago was in charge of keeping the country safe, the incident serves as a powerful argument to conserve a key aspect of EU cooperation in light of the interdependence of security services and terror plots across European capitals, from Paris to Berlin.

Most Android users running outdated security patches: report

Fri, 31 Mar 2017 09:00:00 -0400

Most Android phones are do not have the latest security patch -- despite efforts by Google to distribute software fixes monthly via phone carriers -- researchers at Skycure found.

Chances are, your Android phone would be easy pickings for hackers.

That's according to research released Thursday by cybersecurity company Skycure, which found that 71 percent of Android phones on the five major US carriers have not been patched with the latest security updates.

The report highlights the risks posed by not updating smartphones, and the challenges Google faces in delivering security updates to Android users.

Google and Symantec clash on website security checks

Wed, 29 Mar 2017 09:00:00 -0400

Search giant Google and security firm Symantec have clashed over the way websites are kept secure.

Google claims Symantec has done a poor job of using standard tools, called certificates, that check the identity of thousands of websites.

It will change its Chrome browser to stop recognising some Symantec certificates, causing problems for people who visit sites using them.

Symantec said Google's claims were exaggerated and irresponsible.

Complete security deception includes detection and incident response

Mon, 27 Mar 2017 09:00:00 -0400

Deception tools have been growing in popularity over the past several years, but customers need to ensure they are using the technology to its fullest potential.

The concept behind deception is fairly simple to understand: Security teams deploy a fake target that is monitored closely, which hackers will attack. Once the target is breached, the security team is alerted to the threat.

In my experience, the use of deception technology is relatively low compared to the amount of time, energy and money invested in traditional intrusion prevention systems. Part of the challenge of deception is that maintaining things such as decoys, breadcrumbs and honeypots can be difficult in environments that are always changing. However, networks are becoming more agile through the use of software, making deception technology more agile and easier to use.

6 Security Measures Every Startup Should Take in 2017

Mon, 20 Mar 2017 09:00:00 -0500

In 2015 alone, number of data breaches in the U.S. increased to about 781, about 500 percent more than the number recorded in 2005. The number of records compromised stood at about 169 million, up more than 250 percent from 2005. This resulted in a financial cost of about $205.94 million. Looking at global numbers, about 707.5 million records were compromised (that is about 22 records every second) in 2015 alone, with this number rising to more than 5.8 billion since 2013.

Regardless of how small or inconspicuous you may think your business is, havingcyber security measures in place  to protect your business’ data is a non-negotiable responsibility of every business owner and startup entrepreneur. Here are a few ways you can go about it.

1. Conduct sufficient screening and background checks.
2. Leverage a disaster recovery service.
3. Eliminate password vulnerability.
4. Use a multi-step authentication process.
5. Keep all your software up to date.
6. Be careful with links.

Homeland Security seeking border wall proposals

Fri, 17 Mar 2017 09:00:00 -0500

Have an idea on how to build the border wall? The Department of Homeland Security wants to hear from you.

Customs and Border Protection gave notice Friday that it will soon collect proposals to design and build prototype wall structures near the US-Mexico border, setting a mid-April timeline for awarding contracts.

FCC to halt rule that protects your private data from security breaches

Wed, 15 Mar 2017 09:00:00 -0500

The Federal Communications Commission plans to halt implementation of a privacy rule that requires ISPs to protect the security of its customers' personal information.

The data security rule is part of a broader privacy rulemaking implemented under former Chairman Tom Wheeler but opposed by the FCCs new Republican majority. The privacy order's data security obligations are scheduled to take effect on March 2, but Chairman Ajit Pai wants to prevent that from happening.

The data security rule requires ISPs and phone companies to take reasonable steps to protect customers' information—such as Social Security numbers, financial and health information, and Web browsing data—from theft and data breaches.

How used cars became a security nightmare

Mon, 13 Mar 2017 09:00:00 -0500

Application security for connected cars is far less mature than anyone should be comfortable with. This was clear at the RSA information security conference last week in San Francisco, where two presentations demonstrated different ways cars can be remotely controlled or even stolen by non-owners. All because the people designing connected car apps literally didn't think things through and consider the possibility of second owners -- or hackers.

At the RSA security conference last week in San Francisco, IBM's X-Force Red leader Charles Henderson told a twisted tale of a car he couldn't get rid of. Despite the fact that he'd sold his old car and gotten a new one, his previous vehicle's controls were still accessible through the its shoddy app.

Being a hacker, he was very careful when he traded his old car in at the dealership. He wanted to make sure none of his personal information went with it, so he performed factory resets on everything and de-authorized all the accounts connected to the car.

A major security flaw means you have to change your passwords again

Fri, 10 Mar 2017 09:00:00 -0500

The security firm Cloudflare disclosed late Thursday that a long-running bug in its security systems may have leaked information, including potentially personal information, from thousands of sites including Uber, Fitbit and OKCupid.

The problem was first uncovered by Google security expert Tavis Ormandy, who let Cloudflare know about the issue on Feb. 18. But the service had been leaking information for months in a way that allowed search engines to pick it up, according to Cloudflare.

Local startup grows in cyber security industry

Wed, 8 Mar 2017 09:00:00 -0500

A local company is making a name for itself in the cyber security world, an industry worth more than $120 billion and counting.

Miamisburg-based Secure Cyber Defense is a young startup, just recently marking two years in business. Shawn Waldman, president and CEO, told this newspaper that its growth was almost immediate. The company provides secure IT consulting, vulnerability scanning, network services, among other security services.

Microsoft unveils a bonanza of security capabilities

Mon, 6 Mar 2017 09:00:00 -0500

Companies concerned about cybersecurity have a fleet of new Microsoft tools coming their way. The company announced a host of new security capabilities Friday morning as part of the run-up to the massive RSA security conference next week in San Francisco.

On the Windows front, the company announced that it's adding the ability to use on-premises Active Directory with Windows Hello, its system for allowing biometric-based logins with Windows 10. Microsoft also launched new tools to help organizations get more use out of mobile device management products by giving them tools to migrate group policy settings to cloud-managed devices.

Russian hackers pose increasing threat

Fri, 3 Mar 2017 09:00:55 -0500

The Cold War may be over, but cyber war between Russia and the West is hotting up, according to the Governments new cyber-security chief.

Britain is increasingly being targeted by Russian state-sponsored cyber attacks, including attempts to steal top-secret national security details and to intervene in the democratic process, claims Ciaran Martin, who heads up GCHQ’s new National Cyber Security Centre (NCSC).

Mr Martin made his comments in an interview with The Sunday Times, warning that Britain is being hit by 60 significant cyber-attacks each month, some of which attempt to undermine the democratic process as well as national security.

White House Withholds Cyber-Security Order for Further Revision

Wed, 1 Mar 2017 09:00:20 -0500

President Donald Trump withheld an executive order on cyber-security that was ready for his signature leaving the Washington IT security community wondering what changes he intends to make.

An administration burned by the failure of its executive order on immigration to pass legal muster has held up consideration of its next big effort, which is an order on cyber-security. That executive order, something each administration has issued since the George W. Bush presidency, was withheld without explanation on the day it was supposed to be signed.

A look at the original EO as obtained by the Washington Post and the subsequent revision as obtained by Lawfare show substantial differences. The latest version, which is still a draft, shows two things, one is a wish list from lots of people, and the other which is a more thoughtful approach by someone with actual cyber-security expertise.