Deception technologies such as honeypots are becoming increasingly popular with enterprises as the products get more flexible and the tools allow security analysts swamped with incident reports to zero in on cases of actual ongoing infiltration.According to a report released in August by research firm Technavio, the deception technology market is growing at a compound annual growth rate of 9 percent, and is predicted to reach $1.33 billion by 2020.The technology includes not only the traditional honeypots but also a new class of multi-layered, distributed endpoint decoys, according to Technavio analyst Amrita Choudhury.To read this article in full or to leave a comment, please click here
Deception technologies such as honeypots are becoming increasingly popular with enterprises as the products get more flexible and the tools allow security analysts swamped with incident reports to zero in on cases of actual ongoing infiltration.According to a report released in August by research firm Technavio, the deception technology market is growing at a compound annual growth rate of 9 percent, and is predicted to reach $1.33 billion by 2020.The technology includes not only the traditional honeypots but also a new class of multi-layered, distributed endpoint decoys, according to Technavio analyst Amrita Choudhury.To read this article in full or to leave a comment, please click here
Skyhigh announced today that it has received a patent for its technology, which moves that encryption gateway into a hosted environment.Enterprises looking to protect sensitive data stored in cloud services can funnel user traffic through on-premises encryption gateways that allow them to keep control of their encryption keys. Moving the encryption process to Skyhigh's servers allows for easier access by remote employees, mobile users, business partners, or customers, said Rajiv Gupta, Skyhigh's CEO. He says the company offers these encryption gateways in various locations, allowing customers to comply with data residency and privacy laws.To read this article in full or to leave a comment, please click here
Skyhigh announced today that it has received a patent for its technology, which moves that encryption gateway into a hosted environment.Enterprises looking to protect sensitive data stored in cloud services can funnel user traffic through on-premises encryption gateways that allow them to keep control of their encryption keys. Moving the encryption process to Skyhigh's servers allows for easier access by remote employees, mobile users, business partners, or customers, said Rajiv Gupta, Skyhigh's CEO. He says the company offers these encryption gateways in various locations, allowing customers to comply with data residency and privacy laws.To read this article in full or to leave a comment, please click here
The fast-growing Cerber ransomware earned nearly $200,000 in July despite a payment rate of just 0.3 percent as a result of its affiliate distribution model, according to a new report by Check Point and IntSights Cyber Intelligence.That puts it on track to make $2.3 million this year, said Maya Horowitz, group manager of threat intelligence at Israel-based Check Point Software Technologies Ltd..In the affiliate model, non-technical customers can run their own campaigns using the platform and get to keep 60 percent of the profits. Affiliates get access to easy-to-use management tools, Cerber's Bitcoin laundering system, as well as the ransomware itself. Each day, eight new Cerber ransomware campaigns are launched, she said, with over 150 affiliates at current count.To read this article in full or to leave a comment, please click here
The fast-growing Cerber ransomware earned nearly $200,000 in July despite a payment rate of just 0.3 percent as a result of its affiliate distribution model, according to a new report by Check Point and IntSights Cyber Intelligence.That puts it on track to make $2.3 million this year, said Maya Horowitz, group manager of threat intelligence at Israel-based Check Point Software Technologies Ltd..In the affiliate model, non-technical customers can run their own campaigns using the platform and get to keep 60 percent of the profits. Affiliates get access to easy-to-use management tools, Cerber's Bitcoin laundering system, as well as the ransomware itself. Each day, eight new Cerber ransomware campaigns are launched, she said, with over 150 affiliates at current count.To read this article in full or to leave a comment, please click here
Security researcher Salvador Mendoza demonstrated a flaw in Samsung Pay at Black Hat last week, in which the tokens used to secure transactions could be predicted, and used to authorize fraudulent payments.
Samsung responded with a statement calling the report "simply not true."
"Samsung Pay is safe, secure and consumers can be assured that there is no known risk associated to using our payment service," the company said.
But then, in a separate, more detailed document, Samsung admitted that it is possible to capture a token, but said that it was extremely difficult to do so.To read this article in full or to leave a comment, please click here
Security researcher Salvador Mendoza demonstrated a flaw in Samsung Pay at Black Hat last week, in which the tokens used to secure transactions could be predicted, and used to authorize fraudulent payments.
Samsung responded with a statement calling the report "simply not true."
"Samsung Pay is safe, secure and consumers can be assured that there is no known risk associated to using our payment service," the company said.
But then, in a separate, more detailed document, Samsung admitted that it is possible to capture a token, but said that it was extremely difficult to do so.To read this article in full or to leave a comment, please click here
Insurance companies typically have decades of data, if not more, on which to base their risk estimates.That's not the case with cyber risk, however. There's very little historical data available, the data is not complete, and the threat landscape doesn't just change year by year, but day by day. There isn't even a standard set of definitions that everyone can agree on.That's starting to change, as insurers expand their services so that they can better educate their customers about cyber risk and even help them defend against attacks before they happen and deal with the fallout of when a breach does occur.I say potahto
One of the first problems when it comes to buying cyberinsurance is that nobody knows exactly what it means. Corporate financial officers, security managers, and insurance brokers have different understanding of risk, for example.To read this article in full or to leave a comment, please click here
Almost half of all companies have been the victims of a ransomware attack during the past 12 months, according to a new report. And while globally, 40 percent of them have paid the ransom, 97 percent of U.S. companies did not.Specifically, 75 percent of enterprise victims paid up in Canada, 58 percent in the U.K., and 22 percent in Germany, according to an Osterman Research survey of hundreds of senior executives in the U.S., Canada, German and the U.K.ALSO ON CSO: How to respond to ransomware threats
This is partly due to the fact that, in the United States, the attacks were much more likely to hit lower-level employees. In the U.S., enterprises reported that 71 percent of lower-level staff were affected, compared to 29 percent in the U.K., 23 percent in Canada, and 14 percent in Germany.To read this article in full or to leave a comment, please click here
Almost half of all companies have been the victims of a ransomware attack during the past 12 months, according to a new report. And while globally, 40 percent of them have paid the ransom, 97 percent of U.S. companies did not.Specifically, 75 percent of enterprise victims paid up in Canada, 58 percent in the U.K., and 22 percent in Germany, according to an Osterman Research survey of hundreds of senior executives in the U.S., Canada, German and the U.K.ALSO ON CSO: How to respond to ransomware threats
This is partly due to the fact that, in the United States, the attacks were much more likely to hit lower-level employees. In the U.S., enterprises reported that 71 percent of lower-level staff were affected, compared to 29 percent in the U.K., 23 percent in Canada, and 14 percent in Germany.To read this article in full or to leave a comment, please click here
Health care organizations were 114 times more likely to hit by ransomware infections than financial firms, and 21 times more likely than educational institutions, according to a new research report by Solutionary.The Omaha-based security firm detects millions of attacks a year, according to threat intelligence analyst Terrance DeJesus. But while health care accounts for just 7.4 percent of the company's client base, it saw 88 percent of all ransomware attacks during the first half of this year."These numbers do not count all of the email delivery or exploit kit activity that happens pre-infection and would be attempts to deliver ransomware," he said. "These are confirmed ransomware outbreaks on directly affected systems."To read this article in full or to leave a comment, please click here
Health care organizations were 114 times more likely to hit by ransomware infections than financial firms, and 21 times more likely than educational institutions, according to a new research report by Solutionary.The Omaha-based security firm detects millions of attacks a year, according to threat intelligence analyst Terrance DeJesus. But while health care accounts for just 7.4 percent of the company's client base, it saw 88 percent of all ransomware attacks during the first half of this year."These numbers do not count all of the email delivery or exploit kit activity that happens pre-infection and would be attempts to deliver ransomware," he said. "These are confirmed ransomware outbreaks on directly affected systems."To read this article in full or to leave a comment, please click here
The U.S. Department of Human Services has released new guidance for health care organizations that focuses on the growing threat of ransomware, stresses the need for better education and regular backups, and confirms that a ransomware attack against plain-text health information is, in fact, a breach that must be disclosed.
The guidance recommends that organizations identify the risks facing their patient information, create a plan to address those links, set up procedures to protect systems from malware, train users to spot malware, limit access to sensitive information to just the people who need it most, and have a disaster recovery plan that includes frequent data backups.To read this article in full or to leave a comment, please click here
The U.S. Department of Human Services has released new guidance for health care organizations that focuses on the growing threat of ransomware, stresses the need for better education and regular backups, and confirms that a ransomware attack against plain-text health information is, in fact, a breach that must be disclosed.
The guidance recommends that organizations identify the risks facing their patient information, create a plan to address those links, set up procedures to protect systems from malware, train users to spot malware, limit access to sensitive information to just the people who need it most, and have a disaster recovery plan that includes frequent data backups.To read this article in full or to leave a comment, please click here
These days not a headline goes by without some cybercriminal jumping all over it. Now, with the Olympics coming up and travelers wary of the Zika virus, scammers are creating fake websites and apps to steal money or to infect users with malware."There are actually sites that say they sell tickets, but never actually give you tickets," said James Pledger, research director at RiskIQ.Sometimes, it's easy to spot the fakes.INSIDER: Traditional anti-virus is dead: Long live the new and improved AV
"One of the most common things is very poor English," he said. "Or they'll only accept payment in online currencies or wire transfers. Other indicators are that there are a lot of complaints, or they've been up for a very short time frame."To read this article in full or to leave a comment, please click here
These days not a headline goes by without some cybercriminal jumping all over it. Now, with the Olympics coming up and travelers wary of the Zika virus, scammers are creating fake websites and apps to steal money or to infect users with malware."There are actually sites that say they sell tickets, but never actually give you tickets," said James Pledger, research director at RiskIQ.Sometimes, it's easy to spot the fakes.INSIDER: Traditional anti-virus is dead: Long live the new and improved AV
"One of the most common things is very poor English," he said. "Or they'll only accept payment in online currencies or wire transfers. Other indicators are that there are a lot of complaints, or they've been up for a very short time frame."To read this article in full or to leave a comment, please click here
Police officers held up a sign saying "Welcome to Hell" at the Rio airport last week, according to local and international news reports, and the region's acting governor warned of a total collapse in public security. More funding is on its way, but it might not be enough to make a difference in time for the Olympic games. Meanwhile, physical safety isn't the only thing that travelers need to worry about -- security experts warn that travelers need to be extremely careful when they access computer networks, as well.MORE ON NETWORK WORLD: 26 crazy and scary things the TSA has found on travelers
"The Rio situation is a mess," said Shaun Murphy, CEO at communication security firm PrivateGiant. "I would suspect that from a cyber security front, it's going to be just as messy."To read this article in full or to leave a comment, please click here
Police officers held up a sign saying "Welcome to Hell" at the Rio airport last week, according to local and international news reports, and the region's acting governor warned of a total collapse in public security. More funding is on its way, but it might not be enough to make a difference in time for the Olympic games. Meanwhile, physical safety isn't the only thing that travelers need to worry about -- security experts warn that travelers need to be extremely careful when they access computer networks, as well.MORE ON NETWORK WORLD: 26 crazy and scary things the TSA has found on travelers
"The Rio situation is a mess," said Shaun Murphy, CEO at communication security firm PrivateGiant. "I would suspect that from a cyber security front, it's going to be just as messy."To read this article in full or to leave a comment, please click here
The Flash Keyboard app has been downloaded more than 50 million times -- but is capable of some extremely dangerous behaviors."It looked like it was a convenient keyboard that had some nice features," said Bill Anderson, chief product officer at mobile security company OptioLabs. "The marketing copy in the app store looked great."For a while, the app was in the top 20 downloads for the Google Play Store, he added.MORE ON NETWORK WORLD: 6 simple tricks for protecting your passwords
"The problem was that it asked for just about every permission that an app could ask for," he said. "It was an especially long list. And surprisingly, most people said yes. But the permissions were so excessive that it turned this thing into a potentially marvelous way to hack phones."To read this article in full or to leave a comment, please click here