Subscribe: A Security Port Blog
http://www.security-port.com/blog-feed.xml
Added By: Feedage Forager Feedage Grade B rated
Language: English
Tags:
attack  attacks  company  cyber security  cyber  cybersecurity  data  devices  hackers  information  internet  new  security 
Rate this Feed
Rate this feedRate this feedRate this feedRate this feedRate this feed
Rate this feed 1 starRate this feed 2 starRate this feed 3 starRate this feed 4 starRate this feed 5 star

Comments (0)

Feed Details and Statistics Feed Statistics
Preview: A Security Port Blog

A Security Port Blog



Security related news, security information, virus warnings, alerts and security tips posted daily.



Published: Wed, 19 Sep 2007 01:00:00 -0400

Last Build Date: Sat, 23 Sep 2017 16:28:50 -0400

 



What are the security concerns of your body becoming the password?

Fri, 10 Nov 2017 09:00:00 -0400

In this day and age, your eyes can be your passport, your fingerprint, can be your ticket to a baseball game, and you can even use your face to unlock an iPhone.

More companies are embracing biometric identification, but its raising privacy and security concerns.



Major cyber-attack will happen soon, warns UKs security boss

Wed, 8 Nov 2017 09:00:00 -0400

A category one cyber-attack, the most serious tier possible, will happen sometime in the next few years, a director of the National Cybersecurity Centre has warned.

According to the agency, which reports to GCHQ and has responsibly for ensuring the UKs information security, a category one cybersecurity incident requires a national government response.

In the year since the agency was founded, it has covered 500 incidents, according to Ian Levy, the technical director, as well as 470 category three incidents and 30 category two, including the WannaCry ransomworm that took down IT in multiple NHS trusts and bodies.



The security aspects of modernization

Mon, 6 Nov 2017 09:00:00 -0400

IT modernization has resurfaced as a topic of conversation in the federal government in the past month. On Aug. 30, White House officials issued a draft report on the Trump administration's plan to modernize federal IT. It directs agencies to move more swiftly to the cloud, consolidate networks and prioritize the modernization of high-value, high-risk assets.

The following week, a report by research company Market Connections found that many agencies -- in the opinions of their own managers -- were not as successful in their modernization efforts as they could be.



New passport app at LAX aimed at moving arriving travelers through security quickly

Fri, 3 Nov 2017 09:00:00 -0400

The addition of a mobile passport app to Los Angeles International Airport will help travelers pass through security checkpoints faster, the airport and U.S. Customs and Border Protection said Thursday.

Mobile Passport Control can now be used at terminals 2, 4, 7 and Tom Bradley International Terminal and is the first authorized app to expedite passenger arrival into the U.S.

Eligible U.S. and Canadian citizens may voluntarily submit their passport information and answers to inspection-related questions to CBP via a smartphone or tablet app prior to arrival for speedier service.



4 Vital Cyber Security Measures Every Safety-Conscious Entrepreneur Needs to Take

Wed, 1 Nov 2017 09:00:00 -0400

The transition to increased connectivity and quick, seamless, one-click solutions has also given rise to security issues when it comes to the private information held by the institutions leveraging those innovative solutions that optimize business operations.

In their bid to be more connected, businesses have increased the touch points of their organizations across networks, increasing the opportunities cyber criminals have to penetrate: Every time any of us visit Angies List, BestAdvisor (U.K.), Yelp or any other review site to decide on what to purchase, then proceed to Amazon, Walmart or other ecommerce store, whipping out our credit cards and making a purchase, we are releasing vital pieces of personal information.

Things only get worse when we fill out a  detailed form online. This is fodder for the plethora of hackers seeking ways to penetrate personal and corporate firewalls ,to get to the private information they protect. No wonder so many organizations spend so much on security. No wonder we can't ignore the vital role cyber security plays for businesses and individuals.



Five Tips To Improve Your Corporate Security Program

Mon, 30 Oct 2017 09:00:00 -0400

With the continued proliferation of data breaches and other network security threats, cybersecurity spending is projected to climb to US$90 billion worldwide this year. As such, more companies are looking to build robust IT organizations with enhanced capabilities to combat the ever-evolving cyber threats. Companies are busy upgrading their systems, hiring employees and partnering with third parties to keep up with the pace of change. So, what do IT leaders need to prioritize to be sure their efforts have both an immediate and long-term impact on the integrity of their networks and systems?

The first step is to develop a strategy that brings an organization together to understand WHY cybersecurity is the responsibility of all employees.



Googles Android Oreo

Fri, 27 Oct 2017 09:00:00 -0400

In addition to the many tweaks and new features in Google’s Android 8.0 Oreo operating system introduced last month, the biggest changes are its security enhancements.

Oreo security additions are meaningful and go far beyond what recent OS updates have brought to the table.



U.S. Homeland Security found SEC had critical cyber weaknesses in January

Wed, 25 Oct 2017 09:00:00 -0400

It was not clear if the vulnerabilities detected by DHS are directly related to the cyber breach disclosed by the SEC. But it shows that even after the SEC says it patched promptly the software vulnerability after the 2016 hack, critical vulnerabilities still plagued the regulators systems.



Cyber Security News Roundup: Hackers! Hackers Everywhere!

Mon, 23 Oct 2017 09:00:00 -0400

The trouble with cyber security is that there is virtually no good press. You don’t make it in the news for fighting off an attempted DDoS attack or for successfully updating and patching your systems. Nobody cares about that stuff. We, as a society, are more interested in the disasters. They may not admit it, but the majority of the people in the stands at a NASCAR race aren’t there to admire the mechanical ingenuity on display, nor are they particularly interested in the beauty of a perfect racing line. They want to see cars go fast and they’ll happily take a crash or two along the way.



Should Apple iPhone X Trust Facial Recognition for Security?

Fri, 20 Oct 2017 09:00:11 -0400

Your face is the future of smartphone security. Apple made that clear last week when it unveiled the pricey iPhone X, which trades in the familiar home button and TouchID fingerprint scanner for a new camera system that unlocks the device using facial recognition.

The company has repeatedly proved its ability to push emerging technology into the mainstream—but with FaceID, Apple claims to have conquered many of the challenges that have prevented the widespread use of facial biometrics.



In spectacular fail, Adobe security team posts private PGP key on blog

Wed, 18 Oct 2017 09:00:00 -0400

Having some transparency about security problems with software is great, but Adobe's Product Security Incident Response Team (PSIRT) took that transparency a little too far today when a member of the team posted the PGP keys for PSIRTs e-mail account—both the public and the private keys. The keys have since been taken down, and a new public key has been posted in its stead.



Security barriers put to the test as vehicles become weapons

Mon, 16 Oct 2017 09:00:00 -0400

Bollards—those usually waist-high pillars that are often made out of a combination of carbon, steel or cement—are being seen just about everywhere these days, from sports arenas to the parking lots of convenience stores.

Calpipe put these types of bollards to the test at Texas A&M’s Transportation Institute. The Now was on the hot concrete of this former Air Force based-turned laboratory in Bryan, Texas, as researchers measured how well the bollards held up with a dummy vehicle going at speeds of 10, 20, and 30 miles per hour.



Homeland Security says election hackers targeted state

Fri, 13 Oct 2017 09:00:43 -0400

The federal government on Friday told election officials in 21 states — including Connecticut — that hackers targeted their systems last year, although in most cases the systems were not breached.



Cyber Security Regulations

Wed, 11 Oct 2017 12:00:00 -0400

We claim we are in a new era of cybersecurity threats and that ransomware is the threat du jour, given how WannaCry and Petya continue to make waves. But we are also in an era of a new wave of cybersecurity regulations. When looking at the latest attacks, some would argue that the same old vulnerabilities are to blame, and that is because organizations are dragging their feet in implementing the critical security measures to protect themselves.

High-profile breaches like those that impacted HBO, Target and Home Depot are just three examples -- but there are many others (too many to list for 2017 alone, and we still have roughly four-and-a-half months to go). As a result, we’re now seeing new regulations emerge that are forcing organizations to get their proverbial houses in order.



The Haves And Have-Nots In Cybersecurity: How Your Company Can Level The Playing Field

Mon, 9 Oct 2017 09:00:05 -0400

Simply put, the nations most-skilled cybersecurity experts want to work on big, interesting problems. Maintaining the firewall for a regional bank in Cleveland, say, or protecting a mid-size law firm does not qualify as interesting. Interesting is protecting trillions of dollars at Goldman Sachs—or going toe-to-toe with Russian, Chinese or North Korean hackers at the CIA or NSA.

Interesting also means getting paid a lot. And most companies have a hard time affording the salaries many top cybersecurity pros demand. According to a recent report from DICE, an IT-focused jobs website, the average Director of Security makes more than $178,000 a year. It is not surprising, given the demand. A report by research firm Frost & Sullivan forecasts that by 2020, 1.5 million cybersecurity jobs will go unfilled.



Cyber Security Help Wanted

Fri, 6 Oct 2017 09:00:00 -0400

People with Asperger Syndrome have distinct advantages when it comes to combating cyber crime.

Most hackers are atypical. A research document from Scotland Yard last year indicates the majority of hackers in England are Aspergers. Some of them are identified; others do not disclose it.
Aspergers are extremely detailed oriented, which leads to a no stone unturned approach to cybersecurity.
Aspergers are cognitively different, so they are naturally out of the box and find innovative solutions to problems without the usual cognitive Blind spot of non-autistic people.
Aspergers are extremely focused and can have a high level of concentration. They are capable of hyperfocusing and never let go when they are looking for something.
They have a high capacity for analysis. You can find brilliant Asperger people working as Security Operations Center (SOC) analysts, for example.
They have a demonstrated superior capacity to identify patterns. The Israeli army has created an elite squad unit 9900 composed solely of Autistics to deduct with pattern recognition troop movements on satellite images.
It is been scientifically proven that Aspergers are methodological and make more rational decisions (less cognitive biases).
Many Aspergers are optimal problem solvers — they focus on finding the best solutions, not one of the best.
Autistics have what is called Specific Interests: They will read and memorize huge amounts of information in an obsessive way and, therefore, excel in their field of expertise.
People on the spectrum search for intellectual stimulation, complex challenges, and many have the investigator profile, which is highly valuable for forensics and pen testing.



Companies should treat cybersecurity as a matter of ethics

Wed, 4 Oct 2017 09:00:00 -0400

Cybersecurity should not just be a matter of technology but also one of morality. Is it ethical to market and sell technology that leaves consumers and their homes vulnerable to hackers?

Malcolm Harkins thinks these are worthy questions. Harkins spent 24 years at Intel Corp., rising to the position of chief security and privacy officer. Given the increasing number and audacity of hacks, he thinks we have reached a tipping point of sorts where corporations need a fundamental rethink of cybersecurity.

And Harkins really does mean fundamental. He argues that companies should formally classify protecting consumer data and privacy as a social responsibility, akin to combatting climate change, fighting poverty, or promoting diversity. Codifying cybersecurity into a companys ethical DNA is the only way, he argues, to force businesses to weigh consumer safety and privacy risks before creating new products and services.



Windows 10 and Security

Mon, 2 Oct 2017 01:00:00 -0400

Windows 10 has been out for over two years now, but those who have yet to upgrade have been urged to do so or risk facing a huge security crisis.

Latest Netmarketshare figures have Microsofts Windows as the leading desktop browser, with a staggering 90.70 per cent share.

However, the version of Windows that is most popular is not Microsofts latest OS Windows 10 - but Windows 7, released back in 2009.

While Windows 7s market share is down from 60.75 in August 2015 to 48.43 per cent in August 2017, it is in fact UP on this time last year.

Then, Windows 7 had a 47.25 per cent market share.

Microsoft have already penciled in the end of support for Windows 7, and it is not far away.

January 14 2020 will mark the end of life for Windows 7, which is currently the most popular OS on the planet according to Netmarketshare figures.

And these users will need to update to a more recent versions of Windows, or risk exposing themselves to potential cyber attacks.



Private Security Outnumbers The Police In Most Countries Worldwide

Fri, 29 Sep 2017 09:00:00 -0400

Whether they are patrolling shopping malls, conducting screening at airports or protecting VIPs, private security guards have become an increasingly common sight across the world. In many countries, they are armed with handguns and even dress in uniforms similar to the police. The sector has experienced huge growth in recent years and today there are an estimated 20 million private security workers worldwide while the industry is worth approximately $180 billion. That is expected to grow even further to $240 billion by 2020, greater than the GDP of 100 countries including Portugal, Romania and Hungary.



Hotel Room Hacking

Wed, 27 Sep 2017 09:00:00 -0400

A man hacked his way into at least 78 hotel rooms over the course of several years, thanks to a known bug that let him slip in and out like a ghost.



Cybersecurity And You: Does Size Matter?

Mon, 25 Sep 2017 09:07:37 -0400

We have all been warned to change our passwords regularly, make sure they are not easy to guess, and keep a sharp eye on our credit card statements. And many of us are diligent in doing what we can to keep our information secure.

But the irony of the situation is that most times our personal data is hacked from behind the firewalls of the companies we do business with and not because of a lack of our own personal data hygiene.



Cybersecurity Is Not A One-Time Fix

Fri, 22 Sep 2017 09:00:55 -0400

Every company has at least one employee who will click on anything , said Brad Smith, Microsoft president and chief legal officer, at a company conference in July.

Although employees may be the weakest link in an organizations cybersecurity front lines, the evolution of malware and cybercrime are putting even the most security-conscious organizations at risk. Traditional approaches to security, which typically focus on keeping the bad guys out, often lead to too many layers and components, and too much complexity.



Androids Oreo Update

Wed, 20 Sep 2017 09:00:50 -0400

Androids recently released Oreo update packs in plenty of features, including a battery life boost and a notifications rethink. But Oreos most important improvements will happen behind the scenes, with a host of security updates designed to evolve with ever-expanding digital threats. From halting ransomware to blocking malicious apps and easing Androids longstanding fragmentation woes, Oreo tackles some big problems. For the security developers who work behind the scenes, though, it is just one more step on a journey that never really ends.



Three security steps that will help keep your smartphone safe

Mon, 18 Sep 2017 09:00:00 -0400

The first security step is to set a lock code or fingerprint access so that someone can not just come along and access the data on your misplaced or lost phone.

The second step is to be very careful about what apps you install on the machine. Many of them not only violate your privacy by, for example, accessing your contact list, but they can compromise security in other ways. Notice what permissions the app says it needs when you are installing it. If, for example, a game says it needs access to your phone contacts, do not install it.

Finally, smartphones are at least as vulnerable to hacking and malware as PCs so, yes, I recommend installing security software.



465K People With Pacemakers Need Security Update

Thu, 14 Sep 2017 09:00:00 -0400

Is it a recall? Is it a software update? Well, it's actually both. Abbott, the medical device company that produces implantable cardiac pacemakers under the St. Jude’s Medical brand, has issued a corrective action, per the Food and Drug Administration, to mitigate what it calls the risk of patient harm due to potential exploitation of cybersecurity vulnerabilities. That's right, it is asking 465,000 people with certain devices to visit their doctors and get a firmware update so that their implants are not so easy to hack into. They say patients should schedule a visit with their doctor, and that the process will take three minutes start to finish, during which time all essential features will run in backup mode, reports Consumerist. It's unclear how many people in other countries are affected.



Test Messaging Software or Security Companies

Tue, 12 Sep 2017 01:00:00 -0400

Text messaging is used a variety of ways in the security industry. Some of the industry specific uses for PageGate include:

Security Alerts
Emergency Notifications
Alarm Notification Automation
Dispatch Notifications
Communicate Critical Information Related to a Scene
On-call and Re-call Notifications
Allows for Better Decision Making
Reminders of Payment Due Date
Notification of Received Payments
Notification of Discounts, Deals and Promotions
Routine Employee Communications

Test Messaging Software or Security Companies



350% more cybersecurity pros in Washington, D.C., area than rest of U.S.

Sun, 10 Sep 2017 14:33:50 -0400

Two entrepreneurs place a big bet on cybersecurity startups along the Capital Beltway.

Silicon Valley is home to the largest population of cybersecurity product companies in the world.

Sand Hill Road in Menlo Park, California, is the epicenter of technology (and cybersecurity) venture capital. Scores of venture capital (VC) firms dotting the Bay Area have made it an attractive HQ location for startups seeking funding.

Investors—especially angels and first round financiers—prefer to be close to their portfolio companies. Simply put, where there are VCs, there will be startups.



China Enforces First Action Under Developing Cyber Security Law

Fri, 8 Sep 2017 14:29:13 -0400

Chinas Cyber Security Law (the Law) went into effect on June 1. We have now seen the first enforcement action under the Law (news report in Chinese here). Chongqings Public Security Bureau  (PSB) issued a warning to a local Internet data center company for failure to preserve a blog.  The company was ordered to rectify that deficiency within 15 days. While this is a small violation, it marks the first enforcement action under the Law.



10 bad habits cybersecurity professionals must break

Wed, 6 Sep 2017 14:27:28 -0400

Demand for cybersecurity professionals continues to rise, with the projected talent gap in the field reaching 1.8 million jobs by 2022. Those that take on these roles play a key role in the enterprise, as the average cost of a data breach worldwide is now $3.62 million.

A number of common mistakes arise in the field that can make your job more difficult and put your company at risk. Here are 10 bad habits cybersecurity workers must break to be most effective in their role.

1. Overconfidence
2. Bypassing corporate controls
3. Negligence toward false positives
4. Failing to review the environment as a whole
5. Disregarding the user
6. Letting your skills lapse
7. Not patching immediately
8. Alert fatigue syndrome
9. Relying too heavily on third party vendors
10. Ignoring the business side



Automotive Defense

Mon, 4 Sep 2017 14:24:01 -0400

Red Balloon Security, a world leader in embedded device security, is announcing the release of a new cybersecurity product to protect automobiles from a wide range of potential cyber attacks. Called Symbiote for Automotive Defense, the new embedded device defense system is officially launching at the escar USA Conference 2017 in Detroit, on June 21.



Best Hacks from BlackHat and DefCon

Fri, 1 Sep 2017 14:21:20 -0400

Hackers Hijack a Carwash to Cause Vehicle-Destroying Mayhem
Leave it to hackers to turn the wholesome American institution of the carwash into a horrifying death trap.

Chinese Hackers Take Over a Tesla—Again
In September of last year, security researchers at the Keen Labs group of the Chinese tech giant Tencent pulled off an impressive feat of automotive hacking, completely undermining the security of a Tesla S to disable its brakes after it automatically connected to their rogue Wi-Fi hotspot.

Sonic Gun Attack Can Glitch Oculus Headsets or Hoverboards
One group of hackers has modernized the old party trick of the woman singing a high pitched note at the perfect frequency to break a wine glass.

Taking Down the Avalanche Botnet
On Wednesday, FBI Cyber Division Unit Chief Tom Grasso gave a Black Hat audience details of the December Avalanche takedown orchestrated by a group of international law enforcement agencies.




Black Hat at 20, DefCon at 25: Not just about breaking things

Wed, 30 Aug 2017 14:20:20 -0400

Where in cyberspace is Norm?

If your job involves protecting sensitive information from prying eyes, or making sure that the right data is available to the right people at the right time, then Black Hat can make you feel burdened and beleaguered. So many threats and so many attack vectors, versus your organizations meagre security resources. Of course, all of that would be less of a problem if cyberspace were populated solely by law abiding digital citizens who abided by civilized norms.



Hackers break into voting machines within 2 hours at Defcon

Mon, 28 Aug 2017 14:19:38 -0400

After nearly an hour and a half, Carsten Schürmann, an associate professor with IT-University of Copenhagen, successfully cracked into a voting machine at Las Vegas Defcon convention on Friday night, CNET reports.



Top Security Firm May Be Leaking Terabytes of Confidential Data From Fortune 100 Companies

Sat, 26 Aug 2017 14:19:15 -0400

A leading American security company and purveyor of anti-malware detection services is waking up to a damning report about a massive vulnerability in its flagship product. The report describes an unimaginable leak, the scope of which covers a wide range of confidential data, including customer credentials and financial records, among other sensitive files.

In a blog posted late Tuesday night, information security firm DirectDefense announced the discovery of inherent flaw in a leading anti-malware product offered by Carbon Black, a US-based company that supplies security products to nearly a third of the the largest 100 public and privately held companies in the United States.



Security firm discovers several major security flaws in Xiaomis MIUI

Thu, 24 Aug 2017 14:18:25 -0400

With a little over six percent market share, Xiaomi re-established itself as one of the top 5 Android smartphone manufacturers in the world. As such, millions of people use the company’s devices, so when Xiaomi’s MIUI Android skin is reported to have several security vulnerabilities, it would be wise for both users and the company to take notice.

Discovered by India-based security firm eScan Antivirus, one of the vulnerabilities centers around the Mi Mover app, which lets you transfer settings and other data from an Android device to a Xiaomi phone.



8 Critical IoT Security Technologies

Tue, 22 Aug 2017 14:17:42 -0400

The growth of IoT devices coupled with the rise in cyberattacks means that system security cannot be engineered after the design.

A recent report by Gartner predicts that there will be 20.4 billion connected Internet of Things (IoT) devices by 2020, with 5.5 million new things getting connected every day. Furthermore, more than half of major new business processes and systems will include an IoT component by 2020.

These numbers are staggering and suggest that standard PC security and anti-virus solutions will not be able to counter future cybersecurity threats on connected IoT devices.



Hacking in Hollywood: Why the Industry Needs to Shore Up Security

Sun, 20 Aug 2017 14:16:55 -0400

A  cyber attack at Sony Pictures in 2014 resulted in the release of sensitive internal documents, the eventual ouster of the top executive and multimillion-dollar settlements with employees. Hackers struck again in 2016, this time targeting a post-production vendor of Netflix with a threat to leak unreleased shows if their ransom demand was not met. The latest attack is against HBO, and hackers have upped the ante with a demand for millions of dollars to stop the leak of internal emails, passwords, salary information, stars’ phone numbers and scripts for Game of Thrones.



ITs 9 biggest security threats

Fri, 18 Aug 2017 14:14:37 -0400

Years ago the typical hacking scenario involved a lone attacker and maybe some buddies working late at night on Mountain Dew, looking for public-facing IP addresses. When they found one, they enumerated the advertising services (Web server, SQL server and so on), broke in using a multitude of vulnerabilities, then explored the compromised company to their heart's content. Often their intent was exploratory. If they did something illegal, it was typically a spur-of-the-moment crime of opportunity.

My, how times have changed.

When describing a typical hacking scenario, these days you must begin well before the hack or even the hacker, with the organization behind the attack. Today, hacking is all crime, all the time, complete with bidding markets for malware, crime syndicates, botnets for hire, state actors, and cyber warfare gone amok.

Threat No. 1: Cyber crime syndicates
Threat No. 2: Small-time cons -- and the money mules and launderers supporting them
Threat No. 3: Hacktivists
Threat No. 4: Intellectual property theft and corporate espionage
Threat No. 5: Malware mercenaries
Threat No. 6: Botnets as a service
Threat No. 7: All-in-one malware
Threat No. 8: The increasingly compromised web
Threat No. 9: Cyber warfare



Study finds evidence of poor computer security practices in DNA sequencing

Wed, 16 Aug 2017 14:13:30 -0400

A new study from University of Washington (UW) researchers finds evidence of poor computer security practices used in DNA sequencing tools.
By analyzing the security hygiene of common, open-source DNA processing programs, researchers at the University of Washington confirmed that known security gaps could allow unauthorized parties to gain control of computer systems, potentially giving them access to personal information or even the ability to manipulate DNA results.

The DNA is a system that encodes information in sequences of nucleotides. Rapid improvement in DNA sequencing has sparked a proliferation of medical and genetic tests that promise to reveal everything from one's ancestry to fitness levels to microorganisms that live in ones gut.

However, some open-source software programs used to analyze DNA sequencing data were written in unsafe languages known to be vulnerable to attacks, in part because they were first crafted by small research groups who likely were not expecting much adversarial pressure.

But as the cost of DNA sequencing has plummeted over the last decade, open-source programs have been adopted more widely in medical- and consumer-focused applications.



Terrorists, hackers and scammers: Many enemies as L.A. plans Olympics security

Mon, 14 Aug 2017 14:12:32 -0400

Come the 2028 Olympic Games, technology will play a much more central role in protecting the games. Modern-day defense is not about a show of force as much as detection, prevention and disruption, Beck and others said.

Terrorists, hackers and more

In the evolving world of terrorism and other threats, a keyboard, a drone or a computer virus could be as deadly as a gun, they say.

The potential targets have also evolved — not just main venues but soft targets where people gather. And violence is just one scenario the 2028 security team will have to consider. Another is hacking.



Cloud Security: 8 Things You Need to Know When Choosing a Storage Service

Wed, 19 Apr 2017 09:00:00 -0400

When you decide to start using a cloud storage or online backup provider, you may have some worries about security: we have all seen the sensational headlines about starlets having naked pictures of themselves stolen from their online accounts.

However, with proper security measures, your stored files can be just as safe in the cloud as they are on your laptop — if not safer. In this article we’ll talk a little about the most common ways cloud services protect your data.

With cloud storage, you don’t have to worry about the physical security of your data: even if your laptop or tablet gets stolen, you will not have lost your documents and images. Most cloud storage breaches were actually facilitated by users who gave away their passwords, often as the victims of phishing.

complete article



Pope urges EU: Resist false security promised by populists

Mon, 17 Apr 2017 09:00:00 -0400

Pope Francis urged European leaders on Friday to resist the false forms of security promised by populists who want to wall themselves off and instead bank on a future of greater solidarity and union.

Francis welcomed 27 EU leaders to the Vatican on the eve of a summit to mark the 60th anniversary of the Treaty of Rome, the founding charter of the bloc.

The summit falls just days before Britain triggers a procedure to leave the EU and comes amid a wave of anti-EU populist sentiment sweeping the continent that threatens the very essence of the EU.

In his remarks, Francis said Europeans seem to have forgotten the tragedy of the walls and divisions that inspired leaders decades ago to hope for a better future through union.



LastPass security flaw could have let hackers steal passwords through browser extensions

Sat, 15 Apr 2017 09:00:00 -0400

A LastPass security vulnerability could have allowed malicious attackers to steal users’ passwords, a researcher revealed this week.

A HACKER COULD HAVE ACCESSED OBVIOUSLY BAD LASTPASS COMMANDS

On Monday, Google researcher Tavis Ormandy reported the vulnerability in the popular password management tool. In an outline of the problem, Ormandy explains that a coding flaw allowed anyone to proxy unauthenticated messages to a LastPass browser extension.



Is Privacy Real? The CIA Is Jeopardizing America's Digital Security, Experts Warn

Thu, 13 Apr 2017 09:00:00 -0400

WikiLeaks released its latest cache of confidential C.I.A. documents Thursday as part of its Vault 7 operation, exposing the U.S. government of its hacking and digital espionage capabilities — this time having to do with iPhones and other smart devices used by hundreds of millions of people across the globe. But there was an issue concerning cyber security experts and computers scientists much more damning then any of the secretive information featured in the new leaks: the C.I.A.'s total disregard of safety measures put in place for discovering these dangerous flaws in smart gadgets.

The federal agency has kept its discovery of many exploits (software tools targeting flaws in products, typically used for malicious hacking purposes) a secret, stockpiling that information rather than reporting it to multinational corporations, throwing millions of Americans into the crosshairs of a dangerous, intergovernmental spying game in the process.



How to improve your digital security

Tue, 11 Apr 2017 09:00:00 -0400

Want to control your own digital security? There’s a wide array of options for secure messaging apps, email services and browsers that help you do-it-yourself.



4 myths -- and facts -- about online security

Sun, 9 Apr 2017 09:00:00 -0400

Myth 1. Emails are always secure
Fewer than half -- 46% -- of people said they know email is not always encrypted. Encryption ensures only the sender and recipient are able to access the emails.

Myth 2. Private browsing is always private
Surfing the web in private (or incognito) mode prevents the browser -- like Chrome, Firefox, or Safari -- from collecting data about your activities. But it doesn't prevent an internet service provider, like Comcast, from monitoring your activity.

Myth 3. Turning off GPS means no one can track me
Almost half of people surveyed either didn't know or were unsure whether disabling GPS prevents all tracking. Your phone's built-in location service is just one way data can be collected.

Myth 4. My password is enough to protect me
Strong passwords are good, but security experts also recommend using two-factor authentication for account security. This means you must have a second login, like a security code sent to your phone, to sign into accounts. It prevents hackers from getting into your account, even if they know the password.



Phishing 101 at the School of Hard Knocks

Fri, 7 Apr 2017 09:00:00 -0400

A recent, massive spike in sophisticated and successful phishing attacks is prompting many universities to speed up timetables for deploying mandatory two-factor authentication (2FA) — requiring a one-time code in addition to a password — for access to student and faculty services online. This is the story of one university that accelerated plans to require 2FA after witnessing nearly twice as many phishing victims in the first two-and-half months of this year than it saw in all of 2015.

Bowling Green State University in Ohio has more than 20,000 students and faculty, and like virtually any other mid-sized state school its Internet users are constantly under attack from scammers trying to phish login credentials for email and online services.

BGSU had planned later this summer to make 2FA mandatory for access to the school’s portal — the primary place where students register for classes, pay bills, and otherwise manage their financial relationship to the university.

That is, until a surge in successful phishing attacks resulted in several students having bank accounts and W-2 tax forms siphoned.



Popular security cam flaw lets burglars disable them

Wed, 5 Apr 2017 09:00:00 -0400

Nests outdoor indoor Nest Cam, Dropcam and Dropcam Pro have been found to have three vulnerabilities that allow would-be burglars to exploit the cameras via Bluetooth to make them stop recording footage.

These exploits, reported to affect firmware version 5.2.1., were discovered by security researcher Jason Doyle and already alerted Nest about them back in October.

No patches have been issued yet at this time but according to Engadget, Nest is aware of the issue, [has] developed a fix for it, and will roll it out to customers in the coming days.

The first two bugs allow an attacker to trigger a memory buffer overflow in the cameras by sending super-long Wi-Fi data, such as an SSID name parameter or a Wi-Fi password parameter, via Bluetooth Low Energy (BLE). This overflow causes the cameras to crash and restart.

The third bug lets an attacker trick the cameras to temporarily disconnect from its current Wi-Fi network by sending it a new, non-existent Wi-Fi network SSID to connect to, again via Bluetooth. This causes the cameras to keep attempting to connect to the phantom network then reconnect to the original Wi-Fi network every 90 seconds. This time, the window is vital since Nest cameras depend on the cloud to store their footage. Each disconnection means the cameras temporarily stop recording and saving footage to their internet-based servers.



London Attack Reminds May of Post-Brexit Security Ties Need

Mon, 3 Apr 2017 09:00:00 -0400

The worst terror attack on British soil since 2005 took place a year to the day after the deadly bombings on Brussels, and exactly one week before Mays government triggers Brexit. The unnamed British-born attacker was investigated by the British intelligence service MI5 some years ago but he was not part of the current intelligence picture, May told lawmakers on Thursday.

Expressions of solidarity and offers of help flooded in from the European Union governments May will be engaging in complex and probably acrimonious negotiations on how to decouple after more than 40 years together.

But for the woman who until eight months ago was in charge of keeping the country safe, the incident serves as a powerful argument to conserve a key aspect of EU cooperation in light of the interdependence of security services and terror plots across European capitals, from Paris to Berlin.



Most Android users running outdated security patches: report

Fri, 31 Mar 2017 09:00:00 -0400

Most Android phones are do not have the latest security patch -- despite efforts by Google to distribute software fixes monthly via phone carriers -- researchers at Skycure found.

Chances are, your Android phone would be easy pickings for hackers.

That's according to research released Thursday by cybersecurity company Skycure, which found that 71 percent of Android phones on the five major US carriers have not been patched with the latest security updates.

The report highlights the risks posed by not updating smartphones, and the challenges Google faces in delivering security updates to Android users.



Google and Symantec clash on website security checks

Wed, 29 Mar 2017 09:00:00 -0400

Search giant Google and security firm Symantec have clashed over the way websites are kept secure.

Google claims Symantec has done a poor job of using standard tools, called certificates, that check the identity of thousands of websites.

It will change its Chrome browser to stop recognising some Symantec certificates, causing problems for people who visit sites using them.

Symantec said Google's claims were exaggerated and irresponsible.



Complete security deception includes detection and incident response

Mon, 27 Mar 2017 09:00:00 -0400

Deception tools have been growing in popularity over the past several years, but customers need to ensure they are using the technology to its fullest potential.

The concept behind deception is fairly simple to understand: Security teams deploy a fake target that is monitored closely, which hackers will attack. Once the target is breached, the security team is alerted to the threat.

In my experience, the use of deception technology is relatively low compared to the amount of time, energy and money invested in traditional intrusion prevention systems. Part of the challenge of deception is that maintaining things such as decoys, breadcrumbs and honeypots can be difficult in environments that are always changing. However, networks are becoming more agile through the use of software, making deception technology more agile and easier to use.



6 Security Measures Every Startup Should Take in 2017

Mon, 20 Mar 2017 09:00:00 -0500

In 2015 alone, number of data breaches in the U.S. increased to about 781, about 500 percent more than the number recorded in 2005. The number of records compromised stood at about 169 million, up more than 250 percent from 2005. This resulted in a financial cost of about $205.94 million. Looking at global numbers, about 707.5 million records were compromised (that is about 22 records every second) in 2015 alone, with this number rising to more than 5.8 billion since 2013.

Regardless of how small or inconspicuous you may think your business is, havingcyber security measures in place  to protect your business’ data is a non-negotiable responsibility of every business owner and startup entrepreneur. Here are a few ways you can go about it.

1. Conduct sufficient screening and background checks.
2. Leverage a disaster recovery service.
3. Eliminate password vulnerability.
4. Use a multi-step authentication process.
5. Keep all your software up to date.
6. Be careful with links.



Homeland Security seeking border wall proposals

Fri, 17 Mar 2017 09:00:00 -0500

Have an idea on how to build the border wall? The Department of Homeland Security wants to hear from you.

Customs and Border Protection gave notice Friday that it will soon collect proposals to design and build prototype wall structures near the US-Mexico border, setting a mid-April timeline for awarding contracts.



FCC to halt rule that protects your private data from security breaches

Wed, 15 Mar 2017 09:00:00 -0500

The Federal Communications Commission plans to halt implementation of a privacy rule that requires ISPs to protect the security of its customers' personal information.

The data security rule is part of a broader privacy rulemaking implemented under former Chairman Tom Wheeler but opposed by the FCCs new Republican majority. The privacy order's data security obligations are scheduled to take effect on March 2, but Chairman Ajit Pai wants to prevent that from happening.

The data security rule requires ISPs and phone companies to take reasonable steps to protect customers' information—such as Social Security numbers, financial and health information, and Web browsing data—from theft and data breaches.



How used cars became a security nightmare

Mon, 13 Mar 2017 09:00:00 -0500

Application security for connected cars is far less mature than anyone should be comfortable with. This was clear at the RSA information security conference last week in San Francisco, where two presentations demonstrated different ways cars can be remotely controlled or even stolen by non-owners. All because the people designing connected car apps literally didn't think things through and consider the possibility of second owners -- or hackers.

At the RSA security conference last week in San Francisco, IBM's X-Force Red leader Charles Henderson told a twisted tale of a car he couldn't get rid of. Despite the fact that he'd sold his old car and gotten a new one, his previous vehicle's controls were still accessible through the its shoddy app.

Being a hacker, he was very careful when he traded his old car in at the dealership. He wanted to make sure none of his personal information went with it, so he performed factory resets on everything and de-authorized all the accounts connected to the car.



A major security flaw means you have to change your passwords again

Fri, 10 Mar 2017 09:00:00 -0500

The security firm Cloudflare disclosed late Thursday that a long-running bug in its security systems may have leaked information, including potentially personal information, from thousands of sites including Uber, Fitbit and OKCupid.

The problem was first uncovered by Google security expert Tavis Ormandy, who let Cloudflare know about the issue on Feb. 18. But the service had been leaking information for months in a way that allowed search engines to pick it up, according to Cloudflare.



Local startup grows in cyber security industry

Wed, 8 Mar 2017 09:00:00 -0500

A local company is making a name for itself in the cyber security world, an industry worth more than $120 billion and counting.

Miamisburg-based Secure Cyber Defense is a young startup, just recently marking two years in business. Shawn Waldman, president and CEO, told this newspaper that its growth was almost immediate. The company provides secure IT consulting, vulnerability scanning, network services, among other security services.



Microsoft unveils a bonanza of security capabilities

Mon, 6 Mar 2017 09:00:00 -0500

Companies concerned about cybersecurity have a fleet of new Microsoft tools coming their way. The company announced a host of new security capabilities Friday morning as part of the run-up to the massive RSA security conference next week in San Francisco.

On the Windows front, the company announced that it's adding the ability to use on-premises Active Directory with Windows Hello, its system for allowing biometric-based logins with Windows 10. Microsoft also launched new tools to help organizations get more use out of mobile device management products by giving them tools to migrate group policy settings to cloud-managed devices.



Russian hackers pose increasing threat

Fri, 3 Mar 2017 09:00:55 -0500

The Cold War may be over, but cyber war between Russia and the West is hotting up, according to the Governments new cyber-security chief.

Britain is increasingly being targeted by Russian state-sponsored cyber attacks, including attempts to steal top-secret national security details and to intervene in the democratic process, claims Ciaran Martin, who heads up GCHQ’s new National Cyber Security Centre (NCSC).

Mr Martin made his comments in an interview with The Sunday Times, warning that Britain is being hit by 60 significant cyber-attacks each month, some of which attempt to undermine the democratic process as well as national security.



White House Withholds Cyber-Security Order for Further Revision

Wed, 1 Mar 2017 09:00:20 -0500

President Donald Trump withheld an executive order on cyber-security that was ready for his signature leaving the Washington IT security community wondering what changes he intends to make.

An administration burned by the failure of its executive order on immigration to pass legal muster has held up consideration of its next big effort, which is an order on cyber-security. That executive order, something each administration has issued since the George W. Bush presidency, was withheld without explanation on the day it was supposed to be signed.

A look at the original EO as obtained by the Washington Post and the subsequent revision as obtained by Lawfare show substantial differences. The latest version, which is still a draft, shows two things, one is a wish list from lots of people, and the other which is a more thoughtful approach by someone with actual cyber-security expertise.



Cyber security lessons offered to schools in England

Mon, 27 Feb 2017 09:00:00 -0500

Schoolchildren in England will be offered lessons in cyber security in a bid to find the experts of the future to defend the UK from attacks.

It is hoped 5,700 pupils aged 14 and over will spend up to four hours a week on the subject in a five-year pilot.

Classroom and online teaching, real-world challenges and work experience will be made available from September.

A Commons committee last week warned that a skills shortage was undermining confidence in the UK's cyber defences.

The risk that criminals or foreign powers might hack into critical UK computer systems is now ranked as one of the top four threats to national security.



Email Privacy

Fri, 24 Feb 2017 12:00:00 -0500

In the political sphere, the Email Privacy Act, which would reform dated and problematic aspects of the Electronic Communications Privacy Act, took a step in Congress toward becoming law. Trump’s Homeland Security Advisor Tom Bossert seems promising—he’s known as an effective and even-keeled dude. And links between Silicon Valley and the Pentagon remain strong in spite of recent political turmoil in the US. Oh, and there’s no easy fix for a clever and effective slot machine cheat developed by Russian criminals that has been plaguing casinos around the world for years. So have fun with that one.



Vulnerabilities Cyber Security Research

Wed, 22 Feb 2017 09:00:00 -0500

There is a lot going on in the world, but the slow march of cybersecurity research and incidents plods on no matter what else is happening. This week research showed that many mobile VPNs fall short on delivering security and privacy benefits. International law may be the best mechanism for addressing large-scale ransomware attacks on Internet of Things devices (like hotel door locks). Attacks using a stealthy type of fileless malware that hides in computer RAM are on the rise. And it’s time to get real about strategies for keeping smart TV manufacturers from spying.



Cybersecurity in the Age of Digital Transformation

Mon, 20 Feb 2017 09:00:00 -0500

Technologies such as big data analytics, the Internet of Things (IoT), blockchain, and mobile computing are reinventing the way companies handle everything from decision making to customer service. The automation of virtually all business processes and the increasing digital connectedness of the entire value chain create agility, but they also significantly raise cybersecurity risks and threat levels.

The key to addressing those risks and threats is building security into applications, as well as into interconnected devices, right from the start.



Google launches new security-focused page for Android developers

Sat, 18 Feb 2017 09:00:00 -0500

Security has become more of an concern for Android device owners, some of which may be afraid to download apps from the Google Play Store for fear of malware or data leaks. Now, Google has quietly launched a new security-focused page on its Android Developers site that offers tips to app creators to make sure their clients are free of those kind of issues.




Symantec revokes faulty security certificates

Thu, 16 Feb 2017 01:59:30 -0500

Last week, SSLMate's Andrew Ayer publicly revealed the discovery of misissued Symantec certificates, which were issued for domains including example.com and a variety of test.com certificates, such as test1.com, test2.com, and test.com.

We revoked all reported certificates which were still valid that had not previously been revoked within the 24 hour CA/B Forum guideline -- these certificates each had O=test, Medin said. Our investigation is continuing.



IRS to delay tax refunds as a security precaution

Tue, 14 Feb 2017 01:00:44 -0500

Refunds for more than 40 million low-income families could be delayed by the IRS this year, as the tax agency looks to leverage the extra time to combat identity theft and fraud.

These delays will surely impact some of the families filing their taxes this week, which is the official start to this year’s tax season. For many of them, their refund check is the largest payment they’ll see all year.

This is not the first time the IRS has delayed refund



Study: 62% of security pros do not know where their sensitive data is

Sun, 12 Feb 2017 09:00:00 -0500

Ask organizations today about the value of data and you’re likely to hear it measured in terms of competitive advantage, customer experience and revenue generation. As Dante Disparte and Daniel Wagner put it in a December 2016 HBR article, data is becoming a centerpiece of corporate value creation.

Today most organizations are data-driven to one degree or another. Data contributes not only to brand equity, but to what constitutes product and service delivery in globally connected and hyper-competitive markets, the pair wrote.

But the value of data security is still largely defined in terms of risk, cost, and regulatory compliance, notes Forrester Research in the executive summary of a new report commissioned by data protection software provider Varonis Systems.



Charter Spectrum Tweeted Out Some Spectacularly Awful Security Advice

Fri, 10 Feb 2017 09:00:00 -0500

Charter is a major internet service provider, and the conduit between many Americans and their sweet, sweet internet. As such, one would think the company would have a basic grasp of how Wi-Fi security works—specifically, that it would know better than to tell its roughly 31,700 Twitter followers to change their Wi-Fi passwords in support of their favorite sports teams.

Unfortunately, it did just that on Monday afternoon while attempting to celebrate the teams headed to the Super Bowl. The tweet was first noticed by TechCrunch and has since been deleted, presum



IT Security: Why A Disaster Recovery Strategy Must Be Top Of Mind In Todays Environment

Wed, 8 Feb 2017 09:00:00 -0500

It is no secret that data security is essential to our modern, technology-driven marketplace. With the internet of things and artificial intelligence growing commonplace, the expectations for continued innovation and constant availability are stronger than ever. I don’t know about you, but when I log into Netflix, I expect to watch movies without interruption. Yet I would be pretty upset if Netflix delivered this streaming at the cost of my privacy.

My personal demand for easy accessibility, like everyones, is in constant struggle with security, which tends to slow down user access (think of how login credentials hinder fast banking on your phone). These two immensely important values are challenging for businesses as they try to push innovation forward.

An entire empire has been built on stealing sensitive company data, holding data hostage or releasing scandalous information to the public. This has made cyber attacks the No. 1 threat for businesses, according to data from Business Continuity Institute.



Microsoft is making Windows 10 security easier

Mon, 6 Feb 2017 09:00:00 -0500

It is easy to mock bad passwords and phishing scam victims, but PC security is hard to grok for the average user. That iswhy Microsoft is introducing the Windows Defender Security Center as part of the Windows 10 Creators Update coming in April. Within a central hub, you'll be able to see settings for threat protection, performance and more at a glance.



People are The Biggest Security Risk

Fri, 3 Feb 2017 09:00:00 -0500

Social Engineering Is Often Overlooked

Kevin Mitnick is a criminal-turned-security-expert, kind of like a cybersecurity version of Frank Abagnale. He still hacks for a living, but these days it is in the name of legal penetration testing. His number one piece of advice to clients is to never forget that people are the weakest security link.



Protecting your cybersecurity in 2017

Wed, 1 Feb 2017 09:00:00 -0500

Two weeks ago I made cybersecurity predictions for 2017, and it didn’t take long for one of my predictions to be realized.  In fact, it occurred before 2016 was even over.

Earlier this week federal indictments were brought against three Chinese nationals on charges of hacking into at least seven law firms and stealing inside information about mergers and acquisitions involving clients of the law firm.  Prosecutors say this inside information was used by the hackers to make stock trades before the public was aware of the impending mergers or takeovers and  to make illegal profits of more than four million dollars on the transactions.

This cybercrime is noteworthy not just because it represents a relatively new development in cybercrime but also because it points out that for us as individuals, our own cybersecurity is dependent on the cybersecurity of the many companies and institutions that hold personal information about us.  So, one resolution that you should make for the new year is to limit the companies and governmental agencies to which you provide personal information as much as you can.



Naive employees driving cyber security concerns

Mon, 30 Jan 2017 09:00:53 -0500

Despite the perception that hackers are an organization’s biggest cyber security threat, insiders, including careless or naive employees, are now viewed as an equally important problem, according to new research conducted by Dimensional Research on behalf of Preempt.

The growing security threat from insiders report found that 49% of IT security professionals surveyed were more concerned about internal threats than external threats, with the majority (87%) most concerned about naive individuals or employees who bend the rules to get their job done. Only 13% were more concerned about malicious insiders who intend to do harm.

Malware unintentionally installed by employees ranked as the top internal security concern with 73% of respondents claiming they were worried about it, ahead of stolen or compromised credentials (66%), snatched data (65%) and abuse of admin privileges (63%).



The Real Cybersecurity Issues Behind the Overhyped Russia Hacks the Grid Story

Fri, 27 Jan 2017 09:00:00 -0500

Over the past few days, we have seen a story about Russian agents hacking the U.S. power grid spread like wildfire across the internet -- only to be debunked as a wild overstatement of the facts at hand.

Yes, a single laptop belonging to Vermont utility Burlington Electric was found to have visited an IP address cited by the Department of Homeland Security and the FBI as being associated with a Russian hacking operation, dubbed Grizzly Steppe, that also hacked the U.S government during the election.

But there is no evidence that this amounted to anything other than a utility employee checking his or her Yahoo email account, as the Washington Post reported Monday in what amounts to an extensive retraction of its Friday story that started the firestorm.



2016 Breaches

Wed, 25 Jan 2017 09:00:00 -0500

Presidential Election hacks

The last clamorous even of 2016 is the executive order of the President Barack Obama that ejected 35 people in retaliation for the cyber-attacks against the numerous cyber-attacks against politicians involved in the Presidential Election. Russian hackers broke into the systems of the Democratic National Committee, Democratic Congressional Campaign Committee, and Podesta Emails.

Shadow Brokers hacked the NSA-linked group Equation Group

Last summer a mysterious hacker group calling themselves the Shadow Brokers hacked into “Equation Group” arsenal. In February 2015, security researchers at Kaspersky revealed the existence of a hacker group, called Equation Group, that has been active since 2001 and that targeted practically every industry with sophisticated zero-day malware. Researchers linked the Equation Group to the NSA Agency.

YAHOO Data breach

In 2016, security experts discovered two data breaches suffered by Yahoo in 2012 and 2014. The second one occurred in fall 2013 is the biggest one regarding sheer magnitude, experts estimated it has impacted one billion accounts. Personal users’ information was compromised, including names, email addresses, phone numbers, birthdays, hashed passwords, and security questions and answers. No financial data was exposed.

Weaponizing the Internet of Things – The DYN DNS hack

In 2016, we assisted in massive DDoS attacks powered by Internet of Things devices that created serious problems.



Cyber Security

Mon, 23 Jan 2017 09:00:00 -0500

Last year consumer, corporate, and political targets were hammered by ransomware extortion attempts, phishing excursions, and DDoS attacks. Driven by this slew of high-profile attacks, cybersecurity has rapidly emerged as a priority in 2017 for enterprise companies and SMBs.

To visualize emerging cybersecurity issues, TechRepublic and data firm Affinio sampled and diagrammed social media data from influential communities. TechRepublic previously used Affinio technology to better understand digital business trends, including voter priorities during the 2016 presidential campaign, how tech groups talk about Edward Snowden, and web media related to the Russian cyberattack.

Affinio extracts insights from web, mobile, and social media data. The companys algorithm grabs snapshots of naturally-forming user clumps and communities, then visualizes how each group is connected. For example, unsurprisingly, health care experts tend to communicate online with other health care experts. Affinio analysis shows that health care experts also communicate with information experts, tech news consumers, and digital marketers.



This Wi-Fi router will protect your smart fridge from hackers

Fri, 20 Jan 2017 09:00:00 -0500

A new batch of routers seeks to ward off hacks that leverage your smart homes computing power for nefarious purposes.

This added protection responds to a growing security threat for households. In October, hackers used a code called Mirai to hijack home devices like DVRs and routers and create a botnet that then took down many popular websites.

Amid the outcry, security firms have seen a need and a market. Multiple devices that offer home protection from hacks are set to hit store shelves beginning in the spring.



The Download on the DNC Hack

Wed, 18 Jan 2017 09:00:41 -0500

Over the past few days, several longtime readers have asked why I have not written about two stories that have consumed the news media of late: The alleged Russian hacking attacks against the U.S. Democratic National Committee (DNC) and, more recently, the discovery of malware on a laptop at a Vermont power utility that has been attributed to Russian hacker groups.

I have avoided covering these stories mainly because I do not have any original reporting to add to them, and because I generally avoid chasing the story of the day — preferring instead to focus on producing original journalism on cybercrime and computer security.



Your New IT Hard Target: Printer Security

Mon, 16 Jan 2017 09:00:00 -0500

Printers being hacked is nothing new. It’s even hit the headlines a few times with one being used to store pirated files, then another being programmed to display a paperclip on every page it printed. It seemed harmless at first. But then Columbia University discovered you could actually cause a printer’s fuser to continually heat up, potentially burning up more than your maintenance budget.

The real page turner happened when it was revealed that someone outside your organization could use it as a weak point to attack your network. But that’s not all. Someone invading your printer’s memory can retrieve documents, set it so they’re sent a copy of everything you print and scan, and more.




IoT predictions: IoT security in 2017

Fri, 13 Jan 2017 09:00:00 -0500

Nobody doubted that IoT security was a disaster when, well, disaster struck — the Mirai botnet took down swaths of the internet through a fairly simple, preventable attack.

But experts believe there are going to be more susceptible devices in 2017 than ever — and hackers will be on the lookout.

Sometime during 2017 we should anticipate the release of an automatically propagating IoT worm that installs a small, persistent malicious payload that not only continues to infect and propagate amongst other vulnerable IoT devices, but automatically changes all the passwords necessary to remotely manage the device itself, said Gunter Ollman, CSO at Vectra Networks.



Amazon Alexa is stepping into home security automation with ADT

Wed, 11 Jan 2017 09:00:00 -0500

At the 2017 CES in Las Vegas, home security company ADT announced that it was adding support for the Amazon Echo and Echo Dot.

ADT customers will soon be able to control their home security system through the Amazon Alexa voice service. On Wednesday, at the 2017 Consumer Electronics Show (CES), ADT announced that its Pulse ecosystem will now support the Amazon Echo and Echo Dot products.

Pulse gives ADT customers remote access to their security system and offers some home automation features. With the integration of Amazon Alexa, ADT customers will now be able to arm and disarm their security system using voice commands and a secure PIN, according to a press release.



Call to Centralize Security in Germany Broaches a Postwar Taboo

Mon, 9 Jan 2017 09:00:00 -0500

As Germany struggles to respond to worsening attacks inspired by Islamic terrorists, the country’s top security official on Tuesday strongly advocated consolidating greater intelligence and security powers with the federal government, a taboo since World War II.

Thomas de Maizière, Germanys interior minister and a close ally of Chancellor Angela Merkel, argued that such a step was needed to steel the country against modern threats posed by terrorism, cyberattacks and an increased number of migrants seeking to enter the country.

The federal governments of Germany’s European partners and other established democracies already hold such powers, he noted, stressing that It is time to re-examine Germany’s security setup.



5 easy steps to better online security

Fri, 6 Jan 2017 09:00:00 -0500

A finger tap is the most common and necessary action we take on our computers and devices. It’s also the most dangerous.

Cybersecurity — the personal behaviors and actions you take to protect yourself in the online world from identity thefts, frauds and other crimes aimed at stealing your personal information and data — is a serious personal issue. So we all need to know how to protect ourselves. Below are five action steps to do it; most take 10 minutes or less. (The book has 13 more.)


Action step 1: Create a secret email address
Estimated completion time: Less than 10 minutes


Creating a secret email address will boost your security by reducing the number of places hackers may find the email you use for your financial accounts.

Email address: Avoid using any personal information about yourself when you create your email address — the portion that comes before the @ sign.

Action step 2: Get a password manager
Estimated completion time: Less than 30 minutes

A password manager will enhance your safety and make your online life easier by eliminating the need to clog your brain remembering weak passwords. It lets you store your passwords in an encrypted file on your computer or in the cloud,



Drones in homes: Flying cameras map security threats, warn homeowners

Wed, 4 Jan 2017 19:39:51 -0500

Armies of drones could soon help protect homeowners from unwanted visitors as part of a newly-developed smart security plan being mooted at the Consumer Electronics Show (CES) in Las Vegas.

A collaborative effort using products designed by Alarm.com and Quallcom Technology Inc, the system involves drones mapping out complex activity patterns of a property and responding to unexpected events such as a home invasion.

The development essentially allows a computer and drones to understand patterns of movement within a building and update people on anomalies that could potentially be a threat.



New Scanners and Conveyors Could Make Airline Security Faster and Safer

Mon, 5 Dec 2016 01:59:00 -0400

Instead of queuing up in order of arrival, travelers take an open spot alongside a conveyor belt. They then put their shoes, luggage, keys, and other items into tubs and push them onto the belt—skipping past slow pokes having trouble removing their shoes. Suspicious luggage is automatically diverted to a special area so it can be searched without having to stop the conveyor belt.



Do Not Let A Lack of Resources Compromise Your Cyber Security

Fri, 2 Dec 2016 13:59:42 -0400

For a company with limited resources, employees can be tremendously valuable watch dogs if they’re given the proper tools and education. Very few of us are experts on cyber security, and employees often expect their work files and information to be automatically protected through antivirus or company filters. Providing rudimentary information about cyber safety and best practices – and arming employees with a few quick tips like the following – can help prevent avoidable security incidents.



After DDOS attack, senator seeks industry-led security standards for IoT devices

Thu, 1 Dec 2016 09:00:00 -0400

U.S. Sen. Mark Warner, (D-Va.) said Thursday that he favors an industry-based approach before seeking some form of government regulation of IoT security.

IoT ought to be an area where industry collaborates and if they can set standards first, that is good, Warner said.



How security flaws work: SQL injection

Wed, 30 Nov 2016 09:00:00 -0400

SQL injection attacks exist at the opposite end of the complexity spectrum from buffer overflows, the subject of our last in-depth security analysis. Rather than manipulating the low-level details of how processors call functions, SQL injection attacks are generally used against high-level languages like PHP and Java, along with the database libraries that applications in these languages use. Where buffer overflows require all sorts of knowledge about processors and assemblers, SQL injection requires nothing more than fiddling with a URL.

As with buffer overflows, SQL injection flaws have a long history and continue to be widely used in real-world attacks. But unlike buffer overflows, theres really no excuse for the continued prevalence of SQL injection attacks: the tools to robustly protect against them are widely known. The problem is, many developers just don't bother to use them.



Simple Cyber Security Tips to Protect Your Online Accounts Against Hackers

Mon, 28 Nov 2016 12:00:00 -0400

At the end of the day, it all boils down to having a healthy sense of skepticism about the emails you receive, along with making and protecting strong passwords for all of your accounts, experts say.

Or, if you have the money, you could plunk down $14,000 or so for a military-grade smartphone to help thwart hackers — but a little cyber savvy will certainly cost a lot less.



Why security is really all about trust

Fri, 25 Nov 2016 09:00:51 -0400

Security is not black and white. It is not a choice between full security and no security --  it is a continuum with a lot of gray in between.

Full security, even if achievable, would secure things beyond the realm of reasonable usability. But even then hackers would find a way in.

The base component of trust in the security world is, of course, good security. Customers want to be assured that a product will not open the door to random hacking, harassment, and unauthorized activity. When a piece of software or hardware gets hacked too many times, customers look elsewhere.



FBI, Homeland Security sued for records on surveillance of Black Lives Matter activits

Wed, 23 Nov 2016 14:02:00 -0400

Human rights attorneys filed a lawsuit against the Federal Bureau of Investigation and Department of Homeland Security on Thursday for failing to release documents on the agencies’ surveillance of Black Lives Matter protests and activists.

The lawsuit was filed by the Center for Constitutional Rights and the Milton A. Kramer Law Clinic Center at Case Western Reserve University School of Law.

Federal surveillance of activists started when the Movement for Black Lives began during protests against the police killing of an unarmed black teenager, Michael Brown, in Ferguson, Missouri. A July 2015 Intercept report by journalist George Joseph revealed that, according to documents obtained through a Freedom of Information Act request, the Department of Homeland Security has collected information, including location data, on peaceful Black Lives Matter protests.



How tech like security cameras brought down Twitter, Amazon, and Netflix

Mon, 21 Nov 2016 09:00:00 -0400

Billions of devices are connected to the internet in some way, shape, or fashion. It is simply inevitable. They need it for maintenance, updates, convenience, and functionality. Some devices connect to the internet and you probably barely even knew, if at all. Things like Security Cameras, Smart Door locks, Your TV’s DVR, and some more obvious things like Smart TV’s, and Streaming Devices. Now the stunning part, all of those devices were used to bring down the sites you love like Twitter, Amazon, and Netflix. Yep. Things like security cameras brought Twitter to its knees. But how? There was a massive siege on Dyn, a New Hampshire-based company that monitors and routes Internet traffic. This devastating attack proved that the devices made to keep you secure aren’t secure themselves. That would be similar to having a depressed counselor. It doesn’t make sense, does it? But that is how the Internet of Things (IoT) is. There really is barely anything stopping someone taking control of these devices, because no one ever thought they could be used to bring down billion-dollar companies. Dyn was hit by something called a Distributed Denial of Service attack, or a DDoS attack. What happens in one of these attacks is that a barrage of devices send fake requests to the servers for information. This prevents real requests from getting through to the server, either severely slowing down services or totally taking them offline. Right now there is no idea who performed the attack. It could be one very determined person, a group of [...]



Microsoft Cloud Security

Sat, 19 Nov 2016 09:00:00 -0400

Microsoft Cloud App Security is a component of Microsoft Enterprise Mobility + Security E5, and enables customers to discover and secure all the cloud apps in use within their organizations. Once the apps are discovered, customers can put comprehensive controls in place for management and monitoring. Microsoft Cloud App Security helps you do three things:

Gain visibility into what cloud applications are being used in your organization today
Implement data control over those applications
Leverage ongoing behavioral analytics as a part of the threat protection model

The architecture for how Cloud App Security accomplishes this is shown in the image below. In most cases, Step 1 is already being done. Users are going about their daily work and using cloud apps. Step 2 is where cloud traffic logs are analyzed by Cloud App Security to determine which apps are in use. In Step 3, an administrator reviews the apps, and either sanctions or restricts them. Finally, Step 4 leverages the APIs of the cloud apps to implement connections, controls, and ongoing monitoring for compliance and threat analysis. This process happens as a repeating cycle.



Hacked Cameras, DVRs Powered Today’s Massive Internet Outage

Thu, 17 Nov 2016 09:00:00 -0400

A massive and sustained Internet attack that has caused outages and network congestion today for a large number of Web sites was launched with the help of hacked “Internet of Things” (IoT) devices, such as CCTV video cameras and digital video recorders, new data suggests.

Earlier today cyber criminals began training their attack cannons on Dyn, an Internet infrastructure company that provides critical technology services to some of the Internet’s top destinations. The attack began creating problems for Internet users reaching an array of sites, including Twitter, Amazon, Tumblr, Reddit, Spotify and Netflix.

At first, it was unclear who or what was behind the attack on Dyn. But over the past few hours, at least one computer security firm has come out saying the attack involved Mirai, the same malware strain that was used in the record 620 Gpbs attack on my site last month. At the end September 2016, the hacker responsible for creating the Mirai malware released the source code for it, effectively letting anyone build their own attack army using Mirai.

Mirai scours the Web for IoT devices protected by little more than factory-default usernames and passwords, and then enlists the devices in attacks that hurl junk traffic at an online target until it can no longer accommodate legitimate visitors or users.

According to researchers at security firm Flashpoint, today’s attack was launched at least in part by a Mirai-based botnet.



Record Immigrant Numbers Force Homeland Security to Search for New Jail Space

Tue, 15 Nov 2016 09:00:38 -0400

U.S. officials expect number of undocumented immigrants awaiting deportation to reach 45,000 in the coming months.

Homeland Security officials are quietly scrambling to find 5,000 more prison and jail beds to handle a record number of undocumented immigrants being detained in the U.S., according to officials familiar with the discussions.

Homeland Security Secretary Jeh Johnson met Tuesday with senior leaders at the Immigration and Customs Enforcement agency and the Customs and Border Protection agency—both of which are in his department—so officials could review their plans to handle thousands more people expected to cross the southwest border with Mexico in coming weeks, the officials said.

ICE is currently holding more than 40,000 people in detention centers—more than it has ever had in custody before—and has warned budget officials that it needs a quick infusion of $136 million more just to keep running detention centers until early December, according to internal Department of Homeland Security documents and officials.



3 ways Windows Server 2016 is tackling security

Sun, 13 Nov 2016 13:32:18 -0400

Every version of Windows — client and server — has promised improved security. But with Windows 10 and Windows Server 2016, Microsoft is going beyond the usual incremental improvements and closing of loopholes and giving you the tools to reduce the dangers of phished credentials, over-privileged admins and untrustworthy binaries.




Geofeedia

Fri, 11 Nov 2016 09:00:00 -0400

Geofeedia marketed its abilities to law enforcement agencies and has signed up more than 500 such clients, according to an email obtained by the American Civil Liberties Union. In one document posted by the organization, as part of a report released on Tuesday, the company appears to point to how officials in Baltimore, with Geofeedias help, were able to monitor and respond to the violent protests that broke out after Freddie Gray died in police custody in April 2015.

Geofeedia appears to have used programs that Facebook, Twitter and other social media companies offered that allow app makers or advertising companies to create third-party tools, like ways for publishers to see where their stories are being shared on social media.

Facebook, Twitter and Instagram say they have cut off Geofeedia’s access to their information. But civil liberties advocates criticized the companies for lax oversight and challenged them to create better mechanisms to monitor how their data is being used.



After massive cyberattack, shoddy smart device security comes back to haunt

Wed, 9 Nov 2016 09:00:00 -0400

Almost everyone affected by the cyberattack had a part to play — from shipping shoddy devices to a consumer apathy towards security.

Friday morning saw the largest internet blackout in US history. Almost every corner of the web was affected in some way -- streaming services like Spotify, social sites like Twitter and Reddit, and news sites like Wired and Vox appeared offline to vast swathes of the eastern seaboard.

After suffering three separate distributed denial-of-service (DDoS) attacks, Dyn, the domain name system provider for hundreds of major websites, recovered and the web started to spring back to life.

The flooding attack was designed to overload systems and prevent people from accessing the sites they want on a scale never seen before this.

All signs point to a massive botnet utilizing the Internet of Things, powered by malware known as Mirai, which allows the botnets operator to turn a large number of internet-connected devices -- surveillance cameras, smart home devices, and even baby monitors -- against a single target.