| Congress to Bureaucrats: Trust No One September 20, 2016 
Congress earlier this month lowered the hammer on the U.S. Office
of Personnel Management in a report on the massive data breach that
resulted in the theft of 4.2 million former and current government
employees' personnel files, as well as 21.5 million individuals'
security clearance information, including fingerprints associated with
5.6 million of them.
|
Why Russian Hackers Are Doing the US a Favor September 19, 2016 
Colin Powell's hacked email once again showcases that what people
in office tell us and what they actually think are two very different
things. Politicians work for us -- we are supposedly their employers.
Yet we seem to know far less about what they do and think than what we
need to know in order to vote intelligently. Powell's comments are
actually far more damaging to Clinton than Trump.
|
| Cyberattacks on Athletes May Be Russian Distraction Tactic September 16, 2016 
Confidential information about international athletes surfaced on
the Internet Wednesday -- the second such exposure this week. Russian
hackers allegedly stole the information from the World Anti-Doping
Agency. It includes confidential data on medical drug exemptions given
to 25 athletes from eight countries. Information about four athletes
appeared online earlier in the week.
|
Nation States May Be Plotting Internet Takedown, Warns Cybersec Pro September 14, 2016 
Unknown attackers have been testing the defenses of companies that
run critical parts of the Internet, possibly to figure out how to take
them down, cybersecurity expert Bruce Schneier warned. Large nation
states -- perhaps China or Russia -- are the likely culprits, he
suggested. "Nation state actors are going to probe to find weaknesses in
all of our technologies," said Tripwire's Travis Smith.
|
| Alphabet Think Tank Spearheads Online Counterterrorism Campaign September 14, 2016 
Alphabet think tank Jigsaw and startup Moonshot CVE last week
demonstrated a new counterterrorism technology tool. The groups have
been collaborating to steer social media users away from terrorist
propaganda. They have developed sophisticated algorithms to target
potential ISIS sympathizers with counter narratives when they search for
certain terms online or through social media.
|
Attack-for-Hire Teens Collared in Israel September 14, 2016 
At the FBI's request, Israeli authorities last week arrested two
teens for operating vDOS, a DDoS-for-hire service that raked in more
than half a million dollars in two years. DDoS attacks flood websites
with garbage data in order to disrupt their operation and deny users
access. The pair were questioned and released after posting bond of
about $10,000 each.
|
| Dropbox Drops Other Shoe in Years-Old Data Breach September 8, 2016 
Dropbox has confirmed that more than 68 million emails and
passwords have been compromised from a hack that originally was
disclosed in 2012. Exposure from the breach was limited to email
addresses, Dropbox originally claimed. However, the hackers actually
stole hashed and salted passwords. Even so, there have been no
indications that they succeeded in accessing user accounts, the company
said.
|
Obama Warns Against Cyber Cold War September 6, 2016 
President Obama on Monday urged de-escalation of a potential arms
race involving cyberweapons. The president's remarks followed his
meeting with world leaders, including Russian President Vladimir Putin,
at the G20 Summit in Hangzhou, China. The U.S. has more offensive and
defensive capability than any other country on Earth, Obama noted. The
president urged adoption of new cybersecurity norms.
|
| Feds Warn States to Batten Down Hatches Following Election System Attacks September 2, 2016 
The FBI has launched investigations into malicious cyberattacks on
the electronic election infrastructures in Illinois and Arizona, and
federal officials last month warned states to take steps to protect
their systems as the presidential campaign heats up, according to
reports. The attacks, dating back to June, led to the illegal download
of information on more than 200,000 Illinois voters.
|
FairWare Hackers May Take Ransoms, Keep Stolen Files September 2, 2016 
The latest ransomware intrusion that targets Linux servers, dubbed
"FairWare," may be a classic server hack designed to bilk money from
victims with no intent to return stolen files after payment in bitcoins
is made. The attack reportedly targets a Linux server, deletes the Web
folder, and then demands a ransom payment of two bitcoins for return of
the stolen files.
|
| Massive Data Breach Puts French Sub Maker in Crosshairs September 1, 2016 
Officials in France and India are investigating a massive data
breach involving thousands of documents belonging to defense industry
contractor DCNS, which was scheduled to deliver six Scorpene-class
submarines to the Indian navy later this year. Hackers stole more than
22,000 pages of documents that included detailed technical information
on the vessels, some of which was published online.
|
Election Season Spawns Scams With Political Twist August 30, 2016 
Dirty tricks during political campaigns are nothing new, but the
Internet and the proliferation of mobile devices have allowed tricksters
to up their games a notch. It came to light last week, for example,
that Donald Trump's campaign app was hoovering the address books on his
supporters' phones. Trump's app wasn't doing anything illegal. It wasn't
even trying to hide what it was doing.
|
| Innocents Exposed as WikiLeaks Gushes Information August 27, 2016 
WikiLeaks reportedly has leaked sensitive personal information
belonging to hundreds of innocent individuals worldwide, including some
residing in several highly repressive countries.
The organization has revealed private credit card data, medical
information, personal addresses and other data of various individuals,
including the identification as gay of a Saudi Arabian who had been
arrested.
|
Apple Speeds iOS Patch to Bring Down Pegasus August 26, 2016 
Apple on Thursday issued a patch that addresses three recently
discovered critical iOS zero-day vulnerabilities, and advised users to
update their systems immediately. State-sponsored actors exploited the
flaws to target United Arab Emirates human rights defender Ahmed
Mansoor, and a Mexican journalist who reported on government corruption.
Researchers have dubbed the flaws "Trident."
|
| US Government's Social Media Vetting Idea Draws Fire August 26, 2016 
A coalition headed by the Center for Democracy & Technology,
the Internet Association, and the American Civil Liberties Union this
week filed objections to a Department of Homeland Security proposal to
collect social media information from visitors entering the United
States. The proposal, published in June, calls for the addition of a
request to the I-94W form required for aliens seeking entry.
|
WhatsApp Shaves Off a Little More Privacy August 25, 2016 
WhatsApp on Thursday announced an update to its terms and privacy
policy -- the first in four years. Among other things, the changes will
affect the ways users can communicate with businesses while continuing
to avoid third-party banner ads or spam messages, according to the
company. However, WhatsApp will begin to share some personal details
about its 1 billion users with Facebook.
|
| 25 Years of Linux: What a Long, Strange Trip It's Been August 25, 2016 
Happy Birthday Linux! You're 25! When Linux was born on Aug. 25,
1991, it was little more than a hobby for 21-year old Linus Torvald.
Today the Linux community is estimated to be upwards of 86 million users
strong. It has become the backbone of large enterprises, and it is
installed in government systems and embedded in devices worldwide. It
has grown into a major mainstream computing platform.
|
Twitter Steps Up Counterterrorism Efforts August 24, 2016
Twitter last week announced it had suspended 235,000 accounts since
February for promoting terrorism, bringing to 360,000 the total number
of suspensions since mid-2015.
Daily suspensions have increased more than 80 percent since last year,
spiking immediately after terrorist attacks. Twitter's response time for
suspending reported accounts has decreased dramatically.
|
| From the Olympic Non-Robbery to Ford Getting Out of Cars, to Evil NSA: A Strange Week August 22, 2016 
There were three stories that caught my eye last week that I think
deserve some additional discussion. One is the alleged robbery of U.S.
Olympians followed by questions of whether it really happened because
their phones weren't stolen. There may be a legitimate reason for that,
and it's one that suggests a lot of folks will be getting huge cellphone
bills next month.
|
To Protect Enterprise Data, Secure the Code August 20, 2016 
Responsibility for securing enterprise applications has been moving
down the development lifecycle, and for good reason. It not only makes
the enterprise more secure, but also saves companies time and money. For
example, the average time to fix a vulnerability in IBM's application
security solution has dropped from 20 hours to 30 minutes, according to
Forrester Consulting.
|
| Russian Gang Suspected of Hacking Oracle's POS System August 20, 2016 
Oracle has been investigating a point-of-sale system breach that
may be the work of Russian cyberthieves. Hackers compromised at least
700 computers on the MICROS POS system, used by hundreds of thousands of
hotels, restaurants and retail outlets worldwide to process credit card
transactions, Krebs on Security reported earlier this month. More than
330,000 cash registers worldwide use MICROS.
|
Edward Snowden Sheds Light on Shadow Brokers August 18, 2016 
Edward Snowden has injected himself into an escalating
cyberstruggle that could affect the U.S. presidential election. The
reported hack of The Equation Group might have been a warning shot from
Russia, Snowden claimed. The group, which is widely believed to be a
front operation for the NSA, apparently was hacked over the weekend by a
previously unknown outfit called the "Shadow Brokers."
|
| Super-Sophisticated Spyware Spotted After 5-Year Run August 16, 2016 
Symantec and Kaspersky Lab last week separately announced the
discovery of a highly sophisticated APT that had eluded security
researchers for at least five years. A previously unknown group called
"Strider" has been using Remsec, an advanced tool that seems to be
designed primarily for spying. Its code contains a reference to Sauron,
the main villain in The Lord of the Rings.
|
The Big Tech Election Stories No One Else Is Covering August 15, 2016 
Most analysts earn their daily bread by focusing on a particular
subject area and following that direction. However, I rebelled against
that established pattern. I tend to look between the lines more than
many of my peers do. That means when major news media outlets focus on a
story, I'm more likely to see what they missed. What interests me isn't
what's been covered but what hasn't been covered.
|
| Hackability of Volkswagen's Keyless Entry System Exposed August 12, 2016 
Hackers using cheap wireless devices pose a threat to millions of
cars equipped with Volkswagen's keyless entry system, according to a
study from the University of Birmingham. Scheduled for presentation
Friday at the USENIX security conference in Austin, Texas, the study
shows that thieves can use a simple wireless device to unlock the doors
of millions of cars remotely.
|
TCP Flaw Opens Linux Systems to Hijackers August 11, 2016 
A flaw in the RFC 5961 specification the Internet Engineering Task
Force developed to protect TCP against blind in-window attacks could
threaten Android smartphones, as well as every Linux computer on the
planet. The flaw is described in a paper a team of researchers presented
at the 25th Usenix Security Symposium, ongoing in Austin, Texas,
through Friday.
|
| Russia Plays the Cybervictim Card August 11, 2016 
Russia's FSB recently reported that it found a cyberspying virus in
the computer networks of more than 20 state authorities and defense
contractors. The claim that malware has infected various government and
defense companies came in the midst of a flurry of accusations that
Russia has engaged in cyberattacks against U.S. targets in an effort to
impact the presidential election.
|
DARPA Rewards Best Bug-Bombing Bots August 11, 2016 
The code warriors of the future literally might be computer code
acting as warriors to defend against attackers on computer networks.
DARPA gave us a glimpse into that future last Sunday, when it announced
the winners of its Cyber Grand Challenge at DEF CON. Seven teams
participated in the challenge to create systems that used bots to find
and fix software problems without human intervention.
|
| 900 Million Androids Could Be Easy Prey for QuadRooter Exploits August 9, 2016 
Four newly identified vulnerabilities could affect 900 million
Android devices, Check Point researchers disclosed. The vulnerabilities,
which the researchers dubbed "QuadRooter," affect Android devices that
use Qualcomm chipsets. They exist in the chipset software drivers. The
drivers, which control communications between chipset components, are
incorporated into Android builds.
|
Apple to Enlist the Aid of a Few Good Hackers August 6, 2016 
Apple has introduced its first bug bounty program, set to launch in
September.
Ivan Krstic, head of Apple security engineering and architecture,
announced the program at the Black Hat security conference in Las Vegas.
The focus reportedly is on an exceptionally high level of service, and
on quality over quantity. Participation in the program initially will be
by invitation only.
|
No comments:
Post a Comment