What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2016-09-29 10:42:00 | Microsoft opens up its \'million dollar\' bug-finder (lien direct) | Microsoft is previewing a cloud-based bug detector, dubbed Project Springfield, that it calls one of its most sophisticated tools for finding potential security vulnerabilities.Project Springfield uses "whitebox fuzzing," which uncovered one-third of the "million dollar" security bugs during the development of Windows 7. Microsoft has been using a component of the project called SAGE since the mid-2000s to test products prior to release, including fuzzing both Windows and Office applications. [ From Docker containers and Nano Server to software-defined storage and networking improvements, Windows Server 2016 is packed with great additions: Get the scoop on Windows Server 2016 from InfoWorld. | Stay up on key Microsoft technologies with the Windows Report newsletter. ] For this project, SAGE is bundled with other tools for fuzz testing, featuring a dashboard and other interfaces that enable use by people without an extensive security background. The tests are run using Microsoft's Azure cloud.To read this article in full or to leave a comment, please click here | |||
|
2016-09-29 09:00:00 | IDG Contributor Network: Passwords will be wirelessly transmitted through bodies (lien direct) | Low-frequency transmissions created by off-the-shelf biometric devices, such as fingerprint sensors, can be diverted through the body and can securely transmit password-like authentication.The off-the-shelf biometric sensors, such as touchpads, are “re-purposed to send out information,†says Shyam Gollakota, University of Washington assistant professor of computer science and engineering and senior author on the research paper, in a University of Washington article. The secret passphrases and such are confined to the human body, so they can't be eavesdropped on.To read this article in full or to leave a comment, please click here | |||
|
2016-09-29 06:48:00 | IDG Contributor Network: The future of security: A combination of cyber and physical defense (lien direct) | Our increasingly connected world gives hackers even more ways to exploit technology for malicious purposes. We're now entering a period when cyber attacks could cause major physical damage. To protect people from these combined cyber and physical threats, information security experts and law enforcement, which traditionally handles physical security, will have to share strategies.+ Also on Network World:Â The IoT is uranium +After all, the boundaries between cyber and physical attacks are already blurring. In March, the U.S. Department of Justice claimed seven Iranians hacked the control systems of a small dam in New York state in 2013. The dam was offline for repair, preventing the hackers from controlling the flow of water. However, the incident demonstrated that hackers could take over infrastructure that was controlled by computers.To read this article in full or to leave a comment, please click here | |||
|
2016-09-29 05:00:00 | Why employees are still a security risk (lien direct) | In the latest episode of Security Sessions, CSO Editor-in-Chief Joan Goodchild speaks with Michael Bruemmer, vice president at Experian Data Breach Resolution, about a recent survey that said companies are unprepared to stop employee-caused data breaches. | |||
|
2016-09-29 04:56:00 | Doctors: E-health records raise costs, don\'t help patient outcomes (lien direct) | Three out of four U.S. physicians believe that electronic healthcare records (EHRs) increase practice costs -- outweighing any efficiency savings -- and seven out of 10 think they reduce productivity, according to a new survey.Deloitte's "2016 Survey of US Physicians" released this week found little had changed since its last report two years ago, when doctors surveyed at the time generally held negative opinions of EHRs.The latest survey found nearly all physicians would like to see improvements in EHRs, with 62% calling for them to be more interoperable and 57% looking for improved workflow and increased productivity.To read this article in full or to leave a comment, please click here | Deloitte | ||
|
2016-09-29 01:06:39 | FBI reports more attempts to hack voter registration system (lien direct) | The U.S. Federal Bureau of Investigation has found more attempts to hack the voter registration systems of states, ahead of national elections.The agency had reportedly found evidence in August that foreign hackers had breached state election databases in Illinois and Arizona, but it appears that there have been other attempts as well, besides frequent scanning activities, which the FBI describes as preludes for possible hacking attempts."There have been a variety of scanning activities, which is a preamble for potential intrusion activities, as well as some attempted intrusions at voter registration databases beyond those we knew about in July and August," FBI Director James Comey told the House Judiciary Committee on Wednesday.To read this article in full or to leave a comment, please click here | |||
|
2016-09-28 16:32:33 | The Yahoo hackers weren\'t state-sponsored, a security firm says (lien direct) | Common criminals, not state-sponsored hackers, carried out the massive 2014 data breach that exposed information about millions of Yahoo user accounts, a security firm said Wednesday. Yahoo has blamed state actors for the attack, but it was actually elite hackers-for-hire who did it, according to InfoArmor, which claims to have some of the stolen information. Â Â The independent security firm found the alleged data as part of its investigation into "Group E," a team of five professional hackers believed to be from Eastern Europe.To read this article in full or to leave a comment, please click here | Yahoo | ||
|
2016-09-28 10:40:00 | Most dangerous cyber celebrities of 2016 (lien direct) | Dangerous celebrities Intel has reeled off the 10th annual McAfee Most Dangerous Celebrities list based on likelihood of getting hit with a virus or malware when searching on the celebs' names. “Consumers today remain fascinated with celebrity culture and go online to find the latest pop culture news,†said Gary Davis, chief consumer security evangelist at Intel Security. “With this craving for real-time information, many search and click without considering potential security risks.†Last year, |
|||
|
2016-09-28 09:41:12 | Meet Apache Spot, a new open source project for cybersecurity (lien direct) | Hard on the heels of the discovery of the largest known data breach in history, Cloudera and Intel on Wednesday announced that they've donated a new open source project to the Apache Software Foundation with a focus on using big data analytics and machine learning for cybersecurity.Originally created by Intel and launched as the Open Network Insight (ONI) project in February, the effort is now called Apache Spot and has been accepted into the ASF Incubator."The idea is, let's create a common data model that any application developer can take advantage of to bring new analytic capabilities to bear on cybersecurity problems," Mike Olson, Cloudera co-founder and chief strategy officer, told an audience at the Strata+Hadoop World show in New York. "This is a big deal, and could have a huge impact around the world."To read this article in full or to leave a comment, please click here | Yahoo | ||
|
2016-09-28 08:46:00 | Down the rabbit hole, part 2: To ensure security and privacy, open source is required (lien direct) | I am currently embarking on a quest to make my entire life as private and secure as possible-while still having a good time and enjoying the fruits of the modern world. In this article, I won't go into why I am doing this. For that, see my article introducing this endeavor.What I'd like to talk about right now are some pretty high-level things-laying out the ground rules, if you will, for what I'm trying to accomplish.First, let me start by saying none of this is about open source or free software. Licensing of software, while extremely important, is not the focus here. This is about privacy and security and absolutely nothing else.To read this article in full or to leave a comment, please click here | |||
|
2016-09-28 08:17:00 | Creepy clowns cause sheriff to consult with FBI and Homeland Security (lien direct) | If you are going to be dressing up in a costume for Halloween, then you might want to avoid dressing like a creepy clown, considering the sinister clown hysteria sweeping the nation. You don't want to wear a clown costume in Kentucky where a sheriff contacted the FBI and Homeland Security over the “creepy clown†threat. In fact, in Gallatin County, Kentucky, the sheriff warned that people behind “clown threats†might face charges of “inducing panic and terroristic threatening.â€Pennywise from Stephen King's It really ruined clowns for a lot of people, changing their opinion of clowns from funny or cute to scary and creepy as can be. When the evil clown craze first started cranking up, some people suggested the clown sightings were pranks tied to some sort of promotion for the upcoming film It. Others suggested the clown sightings were inspired by Rob Zombie's film 31, which includes kidnapped hostages trying to survive a violent game against a gang of sadistic clowns.To read this article in full or to leave a comment, please click here | |||
|
2016-09-28 05:31:00 | Elon Musk\'s next great adventure: Colonizing Mars (lien direct) | You cannot say that Elon Musk doesn't dream big. Today he outlined what would be his biggest aspiration ever – colonizing Mars.If you watched Musk, who is SpaceX Founder, CEO, and Lead Designer deliver the details today on his Mars colonizing mission to the International Astronautical Congress in Guadalajara, Mexico you may have been struck by the matter-of-fact way he delivered the details of what even he calls a very complex and dangerous mission.“I think the first trips to Mars are going to be really, very dangerous. The risk of fatality will be high. There is just no way around it," he said. "It would basically be, 'Are you prepared to die?' Then if that's ok, then you are a candidate for going."To read this article in full or to leave a comment, please click here | Guideline | ||
|
2016-09-27 11:00:00 | Down the rabbit hole, part 1: Making my life private and secure (lien direct) | Over the years I've done a number of-let's just call them “experiments in computeringâ€-where I attempt to use my computers in such a way that is outside of my comfort zone. Living entirely in a terminal. Getting rid of all Google software and services. Using nothing but a version of FreeDOS. That sort of thing. I typically give myself the simple goal of “do it for 30 days, and see how it goes.†In the process, I always learn something-about what I like, about what is possible. And even if I don't learn a cotton-pickin' thing of value, it's still kinda fun-kinda. To read this article in full or to leave a comment, please click here | |||
|
2016-09-27 10:38:08 | Six senators demand more details about the Yahoo data breach (lien direct) | Six U.S. senators have called Yahoo's massive data breach "unacceptable," and they're demanding that the company provide more details about the incident.In a letter addressed to Yahoo's CEO, the lawmakers said they were particularly "disturbed" that the breach occurred in 2014, but that Yahoo only publicized it last week."That means millions of Americans' data may have been compromised for two years," the letter said. "This is unacceptable."The hacking incident, which Yahoo said it only learned recently, affects at least 500 million users, making it perhaps the largest known data breach in history. Account information, including email addresses, telephone numbers, and hashed passwords, may have been stolen.To read this article in full or to leave a comment, please click here | Guideline | Yahoo | |
|
2016-09-27 08:57:00 | Ransomware roundup: Targeting servers, government, honoring Donald Trump and Voldemort (lien direct) | Security researchers have discovered more ransomware under development, namely one paying homage to Voldemort and another featuring Donald Trump, as well as one variant currently targeting servers and yet a different ransomware hitting government agencies and education institutions. Let's start with the ransomware that has moved past development into actively locking up computers.DXXD ransomware targeting serversOn Bleeping Computer forums, there were reports of servers being hit with DXXD ransomware; after a file has been encrypted, “dxxd†is added to the end of a filename such as myimportantfile.jpgdxxd.To read this article in full or to leave a comment, please click here | |||
|
2016-09-27 08:23:02 | Swift CEO reveals three more failed attacks on banking network (lien direct) | Banks stopped three new attempts to abuse the Swift financial transfer network this summer, its CEO Gottfried Leibbrandt said Monday, as he announced Swift's plan to impose tighter security controls on its customers.Swift provides the network that banks use to exchange funds internationally, and hit the headlines in February when attackers almost got away with a billion-dollar heist at Bangladesh Bank. In the end, they only succeeded in stealing US$81 million after hacking bank systems connected to the Swift network.That prompted Swift to ratchet up security around its systems, which weren't themselves breached, updating the software it provides banks and adding new audit and verification tools.To read this article in full or to leave a comment, please click here | |||
|
2016-09-27 05:52:00 | Security blogger Krebs says IoT DDoS attack was payback for a blog (lien direct) | Security blogger Brian Krebs says a massive distributed denial-of-service attack that took down his Web site last week was likely the consequences for his outing of two Israelis who ran a DDoS-for-hire business.+More on Network World: The IoT is uranium+The pair, whom he identifies as Itay Huri and Yarden Bidani, both 18, were arrested in Israel at the request of the FBI six days after Krebs posted his blog and are now under house arrest.To read this article in full or to leave a comment, please click here | |||
|
2016-09-27 04:00:00 | IDG Contributor Network: Always be prepared: Monitor, analyze and test your security (lien direct) | This is the final entry in our series on the 20 Critical Security Controls devised by the Center for Internet Security (CIS) as best practices to help the public and private sectors tighten their cybersecurity.We started down the path of building a solid security foundation by taking inventory of hardware and software, we looked at vulnerability assessment and administrative privileges, and we discussed how to build malware defenses. We also explored how to create a data recovery plan, how to protect your data, and the importance of monitoring and training employees.To read this article in full or to leave a comment, please click here | |||
|
2016-09-26 18:07:35 | Yahoo\'s claim of \'state-sponsored\' hackers meets with skepticism (lien direct) | Yahoo has blamed its massive data breach on a "state-sponsored actor." But the company isn't saying why it arrived at that conclusion. Nor has it provided any evidence.The lingering questions are causing some security experts to wonder why Yahoo isn't offering more details on a hack that stole account information from 500 million users."I think there's a lot of fishiness going on here," said Michael Lipinski, the chief security strategist at Securonix.Yahoo didn't respond to a request for comment. The company has protocols in place that can detect state-sponsored hacking into user accounts. In a December 2015 blog post, the company outlined its policy, saying it will warn users when this is suspected. To read this article in full or to leave a comment, please click here | Yahoo | ||
|
2016-09-26 14:05:00 | 34% off Master Lock Bluetooth Keyless Outdoor Padlock - Deal Alert (lien direct) | Use your smartphone to open this padlock from Master Lock. Share access, monitor access history and receive alerts if someone is tampering. Designed for outdoor use, its shackle offers 2 inch vertical clearance and is made of boron for maximum resistance to cutting and sawing. The lock features alternate methods of access for when Bluetooth isn't available or the replaceable battery dies. Its typical list price of $89 has been reduced 34% to $59 (see on Amazon). An indoor version is available, also at a discount (28% off, $50 -- See on Amazon).To read this article in full or to leave a comment, please click here | |||
|
2016-09-26 12:59:19 | New Mac Trojan uses the Russian space program as a front (lien direct) | Security researchers have found a new Mac OS X malware that appears to be targeting the aerospace industry.The Trojan, called Komplex, can download, execute, and delete files from an infected Mac, according to security firm Palo Alto Networks. Interestingly, the Trojan will also save a PDF document to the infected system concerning the Russian space program.The PDF document details planned Russian space projects from 2016 to 2025, but it acts as a decoy, Palo Alto Networks said in Monday blog post.In reality, the Trojan is a package of tools that will attempt to secretly communicate with its creators' command-and-control servers. This includes sending back data on the version, username, and process list running on the infected system. The Trojan can also receive instructions, and it will forward the results to the control servers.To read this article in full or to leave a comment, please click here | |||
|
2016-09-26 10:55:00 | A shout out to Akamai for candor in IoT botnet attack (lien direct) | Akamai deserves credit for the way it disclosed why it stopped protecting the Krebs on Security Web site last week after defending it for three days from the largest botnet it had ever encountered.It must have been embarrassing for the company to acknowledge that it was a business decision it was forced to make because of the expense and consumption of resources to keep the site up was too great.But the company did so and addressed a more important issue, namely that the attack was generated by a botnet of Internet of Things devices, mainly cameras, routers and DVRs, according to Krebs.To read this article in full or to leave a comment, please click here | |||
|
2016-09-26 10:40:00 | The IoT is uranium (lien direct) | Does the thought of 600 Gbps-plus of traffic hitting your URLs excite you? Do you get tingles up and down your spine thinking about watching your line of business apps frying? Perhaps that wonderful text, where an alert from you financial processor says “We've gone black, again, and expect to be back online perhaps maybe possibly tonight†thrills you.The Internet of Thingies (IoT) is actually nuclear, and we've witnessed the first use of a nuclear internet weapon. Brian Krebs' Krebs on Security site was smashed. It could happen to you. To read this article in full or to leave a comment, please click here | |||
|
2016-09-26 09:20:20 | Armies of hacked IoT devices launch unprecedented DDoS attacks (lien direct) | Security researchers have been warning for years that poor security for internet of things devices could have serious consequences. We're now seeing those warnings come true, with botnets made up of compromised IoT devices capable of launching distributed denial-of-service attacks of unprecedented scale. Octave Klaba, the founder and CTO of French hosting firm OVH, sounded the alarm on Twitter last week when his company was hit with two concurrent DDoS attacks whose combined bandwidth reached almost 1 terabit per second. One of the two attacks peaked at 799Gbps alone, making it the largest ever reported.To read this article in full or to leave a comment, please click here | |||
|
2016-09-26 08:53:16 | Illusive Networks seeks to slow Swift attackers through deception (lien direct) | Today's savvy bank robbers don't break into vaults looking for gold or diamonds: They're more likely to be hacking networks looking for access to the Swift payment system. Illusive Networks wants to catch them in the act.In February, hackers exploited Bangladesh Bank's access to the Swift fund transfer network to steal US$81 million -- and almost got away with $951 million.They had infiltrated the bank's network, installing malware on the Swift Alliance Access server that exchanged messages with the gateway to Swift's secure fund transfer system. They used the bank's Swift credentials to order payments, while their malware interfered with the printing of confirmation messages, delaying the bank's discovery of the electronic heist.To read this article in full or to leave a comment, please click here | |||
|
2016-09-26 08:40:00 | The U.S. presidential candidates on technology, privacy issues (lien direct) | With the general election creeping ever closer here in the United States, now seemed like a good time to get an official stance from the four presidential candidates who will be on the ballot about critical issues around technology and privacy.I narrowed my list of questions for them down to just four (my original list was around 12) in order to make this easy for each campaign to answer. And each campaign was asked the exact same questions-with no variation whatsoever.Even so, the only campaign to respond to me in any real way was Jill Stein's. The Hillary Clinton, Gary Johnson and Donald Trump campaigns declined to provide concrete stances or clarifications-though I did get some helpful links from a Johnson surrogate.To read this article in full or to leave a comment, please click here | |||
|
2016-09-26 07:31:00 | Meet MailSniper, a tool to search Microsoft Exchange emails for sensitive info (lien direct) | Meet MailSniper, a new pen tester tool that may be of interest to you if you need to find sensitive data such as passwords, credit card numbers and healthcare data, or need to access databases, or even to discover insider and network architecture information.MailSniper is a penetration testing tool, written in PowerShell, to allow for mass searching through email across every mailbox of an organization's Microsoft Exchange environment.Beau Bullock, from the penetration testing firm Black Hills Information Security, cited a 2016 Mandiant M-Trends Report (pdf) which claimed organizations are compromised an average of 146 days before detecting a breach. That long of a window gives attackers plenty of time to locate, compromise and exfiltrate sensitive data; pen testers, however, may only have a window of five days or less to do the same thing in order to prove risk to an organization.To read this article in full or to leave a comment, please click here | |||
|
2016-09-26 07:09:00 | Why you should embrace SaaS ID management (lien direct) |
Adopting single sign-on software to federate access to corporate applications is a key task priority for many CIOs seeking to make employees more efficient without sacrificing security.Experian has consolidated identity management with a single cloud application, laying the foundation for a hybrid cloud computing model that supports its credit scoring software. The company has standardized on software from startup Okta, which has quickly become a favorite among CIOs seeking to gain efficiencies in anything from adopting cloud and mobile services to onboarding employees.
Experian CIO Barry Libenson.To read this article in full or to leave a comment, please click here |
|||
|
2016-09-26 06:00:01 | Here\'s how Microsoft is using containerization to protect Edge users (lien direct) | One of the biggest security risks for computer users is their web browser. According to Microsoft, 90 percent of phishing emails use the browser to initiate attacks, which can then be used to help attackers establish a beachhead inside a company. Microsoft is aiming to better protect users and organizations from the threats that they face with a new feature called Windows Defender Application Guard. It's designed to isolate Microsoft Edge from the rest of the files and processes running on a user's computer and prevent computer exploits from taking hold. This is a move that could drive greater adoption of Microsoft's browser in the enterprise, at a time when the company is fiercely competing with Google in that space. Security of company assets is a big problem for enterprises, and Microsoft is offering them another way to help protect their users without requiring those users to be security experts.To read this article in full or to leave a comment, please click here | |||
|
2016-09-26 04:50:00 | What\'s in your code? Why you need a software bill of materials (lien direct) | Writing secure applications doesn't mean simply checking the code you've written to make sure there are no logic errors or coding mistakes. Attackers are increasingly targeting vulnerabilities in third-party libraries as part of their attacks, so you have to check the safety of all the dependencies and components, too.In manufacturing, companies create a bill of materials, listing in detail all the items included when building a product so that buyers know exactly what they're buying. Processed food packaging, for example, typically tells you what's inside so that you can make an informed buying decision.[ Also on InfoWorld: 19 open source GitHub projects for security pros. | Discover how to secure your systems with InfoWorld's Security newsletter. ] When it comes to software, untangling the code to know what libraries are in use and which dependencies exist is hard. It's a challenge most IT teams don't have the time or resources to unravel.To read this article in full or to leave a comment, please click here | |||
|
2016-09-26 03:12:00 | New products of the week 9.26.16 (lien direct) | New products of the week Our roundup of intriguing new products. Read how to submit an entry to Network World's products of the week slideshow.Adaptiva OneSite 6.0 Key features – OneSite 6.0 is the IT industry's first serverless option for distributing software from the cloud at on-premise speeds, using Microsoft System Center Configuration (ConfigMgr). More info.To read this article in full or to leave a comment, please click here |
|||
|
2016-09-25 23:42:29 | Trump hotel chain fined over data breaches (lien direct) | Trump Hotel Collection has arrived at a settlement with New York Attorney General Eric T. Schneiderman over hacks that are said to have led to the exposure of over 70,000 credit card numbers and other personal data.The hotel chain, one of the businesses of Republican presidential candidate Donald Trump, has agreed to pay US$50,000 in penalties and promised to take measures to beef up its data security practices, according to the attorney general's office.The chain is one of many hotels and retailers that have been hit recently by malware that skimmed payment card information.The key charges apparently against Trump Hotel Collection (THC) are that it didn't have adequate protection and even after the attacks became known, did not quickly inform the people affected, in breach of New York law.To read this article in full or to leave a comment, please click here | |||
|
2016-09-25 22:24:00 | How to keep terrifying medical device hacks from becoming reality (lien direct) | While some of the scariest IoT hacks envisioned – those involving hijacked medical devices such as pacemakers and insulin pumps – have yet to surface in the real world, those in the medical and IT security fields are not letting down their guard. They've seen enough ransomware and other attacks on healthcare outfits of late to know they are major cyberattack targets.The reality is that more medical devices are becoming connected ones, and that's increasing the security threat surface, said panelists this past week at the Security of Things Forum in Cambridge, Mass.To read this article in full or to leave a comment, please click here | |||
|
2016-09-25 08:52:00 | KrebsOnSecurity moves to Project Shield for protection against DDoS attack censorship (lien direct) | Unless you are a bad guy intent upon nefarious schemes to exploit technology in order to make money, then you probably have a great amount of respect for security reporter Brian Krebs. The crimes, breaches and attacks he has exposed have been so stunning that it boggles the mind. If cyber thugs have a “most wanted†list, then Krebs is likely at, or very near, the top. Yet what kind of messed up world do we live in if criminals can exploit horribly insecure internet-of-things devices with such success that it can silence the voice of a journalist like Krebs?He most recently ticked off allies of vDOS; Krebs wrote about the DDoS-for-hire company and the two teenagers allegedly behind it were arrested. Although it's nothing new for his site, KrebsOnSecurity, to come under attack, like it did after his vDOS exposé, nearly two weeks later, Krebs' site was hit “with the largest DDoS the internet has ever seen. 665 Gbps†(gigabits per second). Some of the POST request attacks included the string “freeapplej4ck,†referring to one of the alleged teenage owners of vDOS.To read this article in full or to leave a comment, please click here | |||
|
2016-09-23 15:08:00 | Cisco, IBM may be interested in buying Imperva (lien direct) | Security vendor Imperva is shopping itself around and may be attractive to the likes of Cisco and IBM, according to Bloomberg.The Motley Fool reports that Imperva's stock rose 20% today after Bloomberg's report, which the Fool notes could actually drive buyers away because it would mean a more costly deal.Bloomberg named a number of other possible buyers including Forecpoint (owned by Raytheon and Vista Equity Partners), Akamai and Fortinet.To read this article in full or to leave a comment, please click here | |||
|
2016-09-23 11:21:00 | The next target for phishing and fraud: ChatOps (lien direct) | This vendor-written tech primer has been edited by Network World to eliminate product promotion, but readers should note it will likely favor the submitter's approach.Enterprise chat applications have surged in popularity, driven in large part by Slack, which now claims to serve more than three million users daily. What's more, the popularity of these apps has given rise to a new phenomenon known as ChatOps, which is what happens when these new messaging systems are used to automate operational tasks. The ChatOps term was coined by GitHub to describe a collaboration model that connects people, tools, processes and automation into a transparent workflow. According to Sean Regan, Atlassian's Head of Product Marketing for HipChat, this flow connects the work needed, the work happening and the work done in a consistent location staffed by people, bots and related tools. Its transparent nature hastens the feedback loop, facilitates information sharing, and enhances team collaboration, but also ushers in a new set of challenges for securityand risk professionals.To read this article in full or to leave a comment, please click here | |||
|
2016-09-23 10:53:00 | Largest DDoS attack ever delivered by botnet of hijacked IoT devices (lien direct) | Securing the internet of things should become a major priority now that an army of compromised devices – perhaps 1 million strong - has swamped one of the industry's top distributed denial-of-service protection services.A giant botnet made up of hijacked internet-connected things like cameras, lightbulbs, and thermostats has launched the largest DDoS attack ever against a top security blogger, an attack so big Akamai had to cancel his account because defending it ate up too many resources.It wasn't that Akamai couldn't mitigate the attack – it did so for three days – but doing so became too costly, so the company made a business decision to cut the affected customer loose, says Andy Ellis the company's chief security officer.To read this article in full or to leave a comment, please click here | |||
|
2016-09-23 10:26:25 | Here\'s what you should know, and do, about the Yahoo breach (lien direct) | Yahoo's announcement that state-sponsored hackers have stolen the details of at least 500 million accounts shocks both through scale -- it's the largest data breach ever -- and the potential security implications for users.That's because Yahoo, unlike MySpace, LinkedIn and other online services that suffered large breaches in recent years, is an email provider; and email accounts are central to users' online lives. Not only are email addresses used for private communications, but they serve as recovery points and log-in credentials for accounts on many other websites.To read this article in full or to leave a comment, please click here | Yahoo | ||
|
2016-09-23 08:25:33 | Privacy groups urge US FTC to investigate WhatsApp promises (lien direct) | The U.S. Federal Trade Commission should stop mobile messaging service WhatsApp from sharing user data with parent company Facebook in violation of earlier privacy promises, several privacy groups said.The FTC should step in to stop WhatsApp from violating "commitments the company previously made to subscribers," the 17 groups said in a letter sent to the agency Thursday. WhatsApp has long billed itself as a secure and private messaging service. WhatsApp's recently released plan to share user data with Facebook as a way to target advertising could amount to an "unfair and deceptive" trade practice, said the groups, including the Center for Digital Democracy, Consumer Action, Consumer Watchdog, and Demand Progress.To read this article in full or to leave a comment, please click here | |||
|
2016-09-23 05:00:00 | Impending cumulative updates unnerve Windows patch experts (lien direct) | Microsoft's decision to force Windows 10's patch and maintenance model on customers running the older-but-more-popular Windows 7 has patch experts nervous."Bottom line, everyone is holding their breath, hoping for the best, expecting the worst," said Susan Bradley in an email. Bradley is well known in Windows circles for her expertise on Microsoft's patching processes: She writes on the topic for the Windows Secrets newsletter and moderates the PatchMangement.org mailing list, where business IT administrators discuss update tradecraft.Bradley's anxiety stems from Microsoft's announcement last month that beginning in October it will offer only cumulative security updates for Windows 7 and 8.1, ending the decades-old practice of letting customers choose which patches they apply.To read this article in full or to leave a comment, please click here | |||
|
2016-09-23 01:03:40 | Vint Cerf\'s dream do-over: 2 ways he\'d make the internet different (lien direct) | Vint Cerf is considered a father of the internet, but that doesn't mean there aren't things he would do differently if given a fresh chance to create it all over again."If I could have justified it, putting in a 128-bit address space would have been nice so we wouldn't have to go through this painful, 20-year process of going from IPv4 to IPv6," Cerf told an audience of journalists Thursday during a press conference at the Heidelberg Laureate Forum in Germany.IPv4, the first publicly used version of the Internet Protocol, included an addressing system that used 32-bit numerical identifiers. It soon became apparent that it would lead to an exhaustion of addresses, however, spurring the creation of IPv6 as a replacement. Roughly a year ago, North America officially ran out of new addresses based on IPv4. Â To read this article in full or to leave a comment, please click here | Guideline | ||
|
2016-09-22 19:39:15 | Yahoo uncovered breach after probing a black market sale (lien direct) | A hacker's attempt to sell user data he claimed was stolen from Yahoo actually led the company to uncover a far more severe breach.Yahoo confirmed Thursday a data breach, which affects at least 500 million users, but it could be unrelated to the black market sale of alleged Yahoo accounts, according to a source familiar with the matter.The information comes even as security experts have been questioning why Yahoo took so long to warn the public when it was known that a hacker was claiming to be selling the data online around early August.To read this article in full or to leave a comment, please click here | Yahoo | ||
|
2016-09-22 17:33:46 | Hackers have a treasure trove of data with the Yahoo breach (lien direct) | The massive breach at Yahoo means that a treasure trove of stolen data is in the hands of hackers -- putting millions of internet users at risk.At least half a billion Yahoo accounts have been affected in one of the biggest data breaches in history. Information including names, email addresses, telephone numbers and hashed passwords may have been stolen.Yahoo has blamed the attack on a "state-sponsored actor," but it's far from clear who hacked the internet company and how the culprits pulled off the attack.Blaming it on a state-sponsored actor, however, indicates that Yahoo may have found evidence that the hackers were targeting the company over a long period of time, said Vitali Kremez, a cybercrime analyst at security firm Flashpoint.To read this article in full or to leave a comment, please click here | Yahoo | ||
|
2016-09-22 13:36:47 | The massive Yahoo hack ranks as the world\'s biggest -- so far (lien direct) | When Yahoo said on Thursday that data from at least 500 million user accounts had been hacked, it wasn't just admitting to a huge failing in data security -- it was admitting to the biggest hack the world has ever seen.Until Thursday, the previous largest known hack was the 2008 breach that hit almost 360 million MySpace accounts, according to a ranking by the "Have I been pwned" website. Like the Yahoo breach, the hack was only publicly disclosed this year after data was offered on a hacker forum.And only three breaches had ranked above the 100 million level:LinkedIn reported a loss of 167 million email addresses and passwords. They were originally stolen in 2012 but not publicly disclosed until 2016, again after the data was offered on an underground "dark market" site.To read this article in full or to leave a comment, please click here | Yahoo | ||
|
2016-09-22 12:16:27 | Yahoo data breach affects at least 500 million users (lien direct) | A massive breach at Yahoo compromised account details from at least 500 million users, and the company is blaming the attack on state-sponsored hackers.Names, email addresses, telephone numbers, and hashed passwords may have been stolen as part of the hack, which occurred in late 2014, Yahoo said.The company reported the breach on Thursday, after a stolen database from the company went on sale on the black market last month.However, the hacker behind the sale claimed that the stolen database involved only 200 million users and was likely obtained in 2012.To read this article in full or to leave a comment, please click here | Yahoo | ||
|
2016-09-22 12:15:00 | Homeland Security issues call to action on IoT security (lien direct) | U.S. Department of Homeland Security's Robert Silvers says his purpose in speaking at the Security of Things Forum in Cambridge on Thursday wasn't to scare anyone, but then he went ahead and called on everyone in the room to “accelerate everything you're doing†to secure the internet of things. As the Assistant Secretary for Cyber Policy at DHS says, IoT security is a public safety issue that involves protecting both the nation's physical and cyber infrastructures.Acknowledging a growing national dependency on the internet of things, be it in the medical, utility or transportation fields, Silvers says IoT has his department's full attention. And a straightforward undertaking it is not, he says.To read this article in full or to leave a comment, please click here | |||
|
2016-09-22 12:02:00 | Federal cyber incidents grew an astounding 1,300% between 2006 and 2015 (lien direct) | That's one amazingly scary number: Since 2006 cyber incidents involving the Federal government have grown 1,300%.Another Government Accountability Office report on Federal cybersecurity out this week offers little in the way of optimism for the cyber-safeguard of the massive resources the government has control over.+More on Network World: Network security weaknesses plague federal agencies+“Federal information systems and networks are inherently at risk. They are highly complex and dynamic, technologically diverse, and often geographically dispersed. This complexity increases the difficulty in identifying, managing, and protecting the myriad of operating systems, applications, and devices comprising the systems and networks. Compounding the risk, systems used by federal agencies are often riddled with security vulnerabilities-both known and unknown. For example, the national vulnerability database maintained by the Mitre Corporation has identified 78,907 publicly known cybersecurity vulnerabilities and exposures as of September 15, 2016, with more being added each day,†the GAO wrote.To read this article in full or to leave a comment, please click here | |||
|
2016-09-22 11:37:37 | Site that leaked Colin Powell\'s emails dumps First Lady\'s passport (lien direct) | The site that leaked Colin Powell's stolen emails has also allegedly obtained a scan of Michelle Obama's passport. On Thursday, the site DCLeaks began circulating the passport image on Twitter and leaking it to the press. The image includes the U.S. First Lady's alleged passport number. The site tweeted out the scan after obtaining stolen emails it claims are from a White House aide named Ian Mellul. The files, which are posted on DCLeaks, appear to come from Mellul's Gmail account and date back to February 2015.Although DCLeaks claims to be the work of "American hacktivists," some security experts suspect that the site is a front for Russian state-sponsored hackers.  To read this article in full or to leave a comment, please click here | |||
|
2016-09-22 08:03:00 | Yahoo reportedly to confirm massive data breach (lien direct) | Following reports that Yahoo will confirm a data breach that affects hundreds of millions of accounts, some users reported Thursday on Twitter and elsewhere that they were prompted to change their email password when trying to log in.Yahoo launched an investigation into a possible breach in early August after someone offered to sell a data dump of over 200 million Yahoo accounts on an underground market, including usernames, easy-to-crack password hashes, dates of birth and backup email addresses.The company has since determined that the breach is real and that it's even worse than initially believed, news website Recode reported Thursday, citing unnamed sources familiar with the investigation.To read this article in full or to leave a comment, please click here | Yahoo | ||
|
2016-09-22 08:02:00 | Keeping Up with Incident Response (lien direct) | A fire department in a large city certainly has a difficult job but its mission is fairly straightforward. When a fire is detected, the fire department dispatches an appropriately sized staff to assess, contain, and put out the fire, clean up, investigate what happened, and prepare themselves for the next blaze.Yup, a pretty simple process when a manageable number of fires are burning but what would happen if there were hundreds or thousands of simultaneous infernos? My guess is that a senior fire chief (and perhaps other participants from local government and law enforcement) would have to make decisions on which blazes to resource and which to ignore. These decisions would certainly be based upon information analysis and best practices but there is still some risk that the disregarded fires would end up being far worse than expected, turn into disasters, and call into question the judgement of all involved.To read this article in full or to leave a comment, please click here |
To see everything:
Our RSS (filtrered)
