Illinois hospital chain to pay record $5.5M for exposing data about millions of patients

Illinois' largest hospital chain today agreed to pay a $5.5 million fine by the government for lax data security that led to the exposure of more than 4 million electronic patient records.The fine against Advocate Health Care Network, the largest ever levied under Health Insurance Portability and Accountability Act (HIPAA) regulations, is a result of the "extent and duration of the alleged noncompliance."The U.S. Department of Health and Human Services' Office for Civil Rights (OCR) began its investigation in 2013, when the healthcare chain submitted three breach notification reports pertaining to separate and distinct incidents involving its subsidiary, Advocate Medical Group (AMG).To read this article in full or to leave a comment, please click here

The advanced security techniques of criminal hackers

Staying secure online is an essential concern, for individual users, businesses, and cybercriminals alike. That’s right: Basic IT security applies whether you’re protecting sensitive data at an upstanding, ethical organization, or you’re in the business of stealing data from those same organizations.After all, the business may be cybercrime, but cybercriminals are still operating a business, with all the associated worries. Criminals rely on operations security (opsec) to stay ahead of law enforcement and security researchers intent on dismantling their operations, but also to protect their criminal enterprises from competitors planning on sabotage.To read this article in full or to leave a comment, please click here

The advanced security techniques of criminal hackers

Staying secure online is an essential concern, for individual users, businesses, and cybercriminals alike. That’s right: Basic IT security applies whether you’re protecting sensitive data at an upstanding, ethical organization, or you’re in the business of stealing data from those same organizations.After all, the business may be cybercrime, but cybercriminals are still operating a business, with all the associated worries. Criminals rely on operations security (opsec) to stay ahead of law enforcement and security researchers intent on dismantling their operations, but also to protect their criminal enterprises from competitors planning on sabotage.To read this article in full or to leave a comment, please click here

Supercomputers give a glimpse of cybersecurity’s automated future

Giant refrigerator-sized supercomputers battled each other on Thursday in a virtual contest to show that machines can find software vulnerabilities. The result: the supercomputers time and time again detected simulated flaws in software. It represents a technological achievement in vulnerability detection, at a time when it can take human researchers on an average a year to find software flaws. The hope is that computers can do a better job and perhaps detect and patch the flaws within months, weeks or even days. Thursday’s contest, called the Cyber Grand Challenge, was a step in that direction. The final round of the competition pitted computers from seven teams to play the hacking game “Capture the Flag,” which revolves around detecting software vulnerabilities.To read this article in full or to leave a comment, please click here

Supercomputers give a glimpse of cybersecurity’s automated future

Giant refrigerator-sized supercomputers battled each other on Thursday in a virtual contest to show that machines can find software vulnerabilities. The result: the supercomputers time and time again detected simulated flaws in software. It represents a technological achievement in vulnerability detection, at a time when it can take human researchers on an average a year to find software flaws. The hope is that computers can do a better job and perhaps detect and patch the flaws within months, weeks or even days. Thursday’s contest, called the Cyber Grand Challenge, was a step in that direction. The final round of the competition pitted computers from seven teams to play the hacking game “Capture the Flag,” which revolves around detecting software vulnerabilities.To read this article in full or to leave a comment, please click here

Apple’s bug bounty program favors quality over quantity

After years of reluctance to pay researchers for exploits, Apple has given in and is ready to hand out up to US$200,000 for critical vulnerabilities found in the latest version of iOS and the newest iPhones.Apple announced the program Thursday at the Black Hat security conference in Las Vegas. It starts in September, and unlike bounty programs run by other large technology companies it will be invite only.The program will start with a few dozen researchers hand-picked by Apple, though any outsider who submits a flaw that qualifies can receive a reward and be invited to join the program, said Ivan Krstić, the head of Apple Security Engineering and Architecture.To read this article in full or to leave a comment, please click here

Apple’s bug bounty program favors quality over quantity

After years of reluctance to pay researchers for exploits, Apple has given in and is ready to hand out up to US$200,000 for critical vulnerabilities found in the latest version of iOS and the newest iPhones.Apple announced the program Thursday at the Black Hat security conference in Las Vegas. It starts in September, and unlike bounty programs run by other large technology companies it will be invite only.The program will start with a few dozen researchers hand-picked by Apple, though any outsider who submits a flaw that qualifies can receive a reward and be invited to join the program, said Ivan Krstić, the head of Apple Security Engineering and Architecture.To read this article in full or to leave a comment, please click here

Apple’s bug bounty program favors quality over quantity

After years of reluctance to pay researchers for exploits, Apple has given in and is ready to hand out up to US$200,000 for critical vulnerabilities found in the latest version of iOS and the newest iPhones. Apple announced the program Thursday at the Black Hat security conference in Las Vegas. It starts in September, and unlike bounty programs run by other large technology companies it will be invite only. The program will start with a few dozen researchers hand-picked by Apple, though any outsider who submits a flaw that qualifies can receive a reward and be invited to join the program, said Ivan Krstić, the head of Apple Security Engineering and Architecture.To read this article in full or to leave a comment, please click here

This new Skype bot lets you chat with Spock

Microsoft has made no secret of its grand plans for chat bots, and this week it rolled out five new ones for Skype. Surely the most fun is "Spock," a bot that promises to help you "learn the ways of Vulcan logic."Back in April, Microsoft debuted a preview of Skype bots, the artificial intelligence-based helpers it hopes will make it easier for users to get things done. Today, more than 30,000 developers are building bots for Skype, it says.To read this article in full or to leave a comment, please click here

Black Hat: Quick look at hot issues

Security subjectsImage by Reuters/David BeckerBlack Hat includes a variety of security topics from how USB drives are a menace and how drones are fast becoming a threat you need to pay attention to and much more. Here we take a look at just a few of the hot topics presented at the conference.To read this article in full or to leave a comment, please click here

Black Hat: Quick look at hot issues

Security subjectsImage by Reuters/David BeckerBlack Hat includes a variety of security topics from how USB drives are a menace and how drones are fast becoming a threat you need to pay attention to and much more. Here we take a look at just a few of the hot topics presented at the conference.To read this article in full or to leave a comment, please click here

Forensics Challenge for CSIRT Team – Part 2 Solution

The goal of the tutorial is to provide a solution to the forensic challenge game that I created for testing forensic skills of CSIRT team. Please be careful and run a suspicious binary file located inside a provided virtual machine only in a secured environment in order to avoid unwanted damage or loss.

As you can notice, some files are being encrypted right after boot of a virtual machine. All these files have suffix .enc001. You can easily located them with the command:

$ find / -name "*.enc001" -type f 2>/dev/null

There is also a file named encryption_warning.txt located in a home directory of an actual user and it contains a following warning message.
*** Your files have been encrypted! ***
*** To decrypt them, run '/usr/local/bin/ls %1a%your_decryption_key ***

Without any doubts a utility ls is not a cryptography tool so it is a good place where we can start our investigation. The command /usr/local/bin/ls -la  shows files in a actual directory.

ubuntu@ubuntu:~$ /usr/local/bin/ls -la

Picture1-ls_Command_Existing_File

Picture 1 - Content of  Actual Directory

The output looks good. But what does happen if we display a non-existing file kdkdkdkdk?

ubuntu@ubuntu:~$ /usr/local/bin/ls kdkdkdkdk

Picture2-ls_Command_Non-Existing_File

Picture 2 - Two Error Messages

They are two interesting facts shown in the output of the command /usr/local/bin/ls . Firstly, two Continue reading

Raspberry Pi 3 gets the Windows 10 anniversary update

After Microsoft released an anniversary update of Windows 10 for PCs, a version is now available for the popular Raspberry Pi 3 developer board.The Anniversary Update is for Windows 10 IoT Core, a slimmed-down version of the OS for Raspberry Pi 3 and other developer boards. Users develop gadgets, robots, drones, and other smart devices with Raspberry Pi 3.The update has new features, as well as performance and application-support improvements, Microsoft said. It also provides an easier installation experience.Beyond Raspberry Pi 3, the Anniversary Update will also work with the MinnowMax, Raspberry Pi 2, and DragonBoard 410c developer boards.To read this article in full or to leave a comment, please click here

Google education guru: Classroom laptop bans make no sense

Google Chief Education Evangelist Jaime Casap’s oldest daughter scored a full ride to college on a swimming scholarship but she only lasted one semester out of frustration with the lack of technology at the school. She had been used to taking notes on her laptop in high school, for example, but was told she couldn’t bring her device into the college classroom. “I’ve been in education for 10 years and I remember talking to CIOs at universities saying technology is not a differentiator for their schools…that students don’t pick schools based on their technology,” says Casap, an adjunct lecturer in innovation at Arizona State University, where his daughter wound up attending and graduating from. “I can tell you that’s starting to change.”To read this article in full or to leave a comment, please click here

Qualcomm up in arms over LTE-U testing framework

The announcement this week of a final testing protocol aimed at discovering, once and for all, whether LTE-U technology can coexist peacefully with existing Wi-Fi networks has the LTE-U camp up in arms, as Qualcomm issued a thunderous denunciation of the Wi-Fi Alliance’s framework. The plan, said Qualcomm senior vice president for government affairs Dean Brenner, is heavily biased against LTE-U and offers no real opportunity to demonstrate the technology’s ability to work harmoniously alongside Wi-Fi networks. +ALSO ON NETWORK WORLD: Wi-Fi, LTE-U enter new phase of coexistence debate + LTE-U: A quick explainerTo read this article in full or to leave a comment, please click here

1 2,534 2,535 2,536 2,537 2,538 3,609