The Flash Keyboard app has been downloaded more than 50 million times -- but is capable of some extremely dangerous behaviors."It looked like it was a convenient keyboard that had some nice features," said Bill Anderson, chief product officer at mobile security company OptioLabs. "The marketing copy in the app store looked great."For a while, the app was in the top 20 downloads for the Google Play Store, he added.MORE ON NETWORK WORLD: 6 simple tricks for protecting your passwords
"The problem was that it asked for just about every permission that an app could ask for," he said. "It was an especially long list. And surprisingly, most people said yes. But the permissions were so excessive that it turned this thing into a potentially marvelous way to hack phones."To read this article in full or to leave a comment, please click here
Companies that use remote device management software to oversee employee devices used for business have the ability to collect a lot more information than employees may be comfortable with, according to a report released today."The intent of these MDM solutions is not to spy on employees, but to monitor for things like malware and general security," said Salim Hafid, product manager at Bitglass, which produced the report.But if the company wants to, these tools provide the ability to do a lot more, he said. That includes seeing where the phone is located, what apps are on the phone, and even what websites the user was accessing.To read this article in full or to leave a comment, please click here
Companies that use remote device management software to oversee employee devices used for business have the ability to collect a lot more information than employees may be comfortable with, according to a report released today."The intent of these MDM solutions is not to spy on employees, but to monitor for things like malware and general security," said Salim Hafid, product manager at Bitglass, which produced the report.But if the company wants to, these tools provide the ability to do a lot more, he said. That includes seeing where the phone is located, what apps are on the phone, and even what websites the user was accessing.To read this article in full or to leave a comment, please click here
With great power comes great responsibility -- and also a great big target painted on your head. At least, that's the case lately with corporate boards of directors and cybercriminals launching spearphishing attacks."Since the beginning of the year we have serviced about 350 different clients that have had spearphishing attacks," said Michael Bruemmer, vice president for data breach resolution at Experian Information Solutions. "About a third were specifically targeted at board members."Board members get emails asking them for tax information or requesting bank transfers, which they typically forward to the company employee who is responsible and asking them to take care of it.To read this article in full or to leave a comment, please click here
With great power comes great responsibility -- and also a great big target painted on your head. At least, that's the case lately with corporate boards of directors and cybercriminals launching spearphishing attacks."Since the beginning of the year we have serviced about 350 different clients that have had spearphishing attacks," said Michael Bruemmer, vice president for data breach resolution at Experian Information Solutions. "About a third were specifically targeted at board members."Board members get emails asking them for tax information or requesting bank transfers, which they typically forward to the company employee who is responsible and asking them to take care of it.To read this article in full or to leave a comment, please click here
A majority of companies don't have the technology in place to keep employees from sharing confidential documents, according to a study released today.In particular, only 36 percent of over 600 IT practitioners at large companies said that their companies were able to restrict the sharing of confidential documents with third parties, and only 27 percent were able to restrict sharing between employees."A lot of people focus on regulatory compliance, like personally identifiable information or PCI," said Ron Arden, COO at data security vendor Fasoo, which sponsored the study. PCI DSS, the Payment Card Industry Data Security Standard, spells out how companies must protect credit card data.To read this article in full or to leave a comment, please click here
A majority of companies don't have the technology in place to keep employees from sharing confidential documents, according to a study released today.In particular, only 36 percent of over 600 IT practitioners at large companies said that their companies were able to restrict the sharing of confidential documents with third parties, and only 27 percent were able to restrict sharing between employees."A lot of people focus on regulatory compliance, like personally identifiable information or PCI," said Ron Arden, COO at data security vendor Fasoo, which sponsored the study. PCI DSS, the Payment Card Industry Data Security Standard, spells out how companies must protect credit card data.To read this article in full or to leave a comment, please click here
Shaming carriers and smartphone manufacturers into applying patches faster is a step forward, but a lot more needs to be done to improve security of the Android platform, security experts say.Last month, Bloomberg, citing unnamed sources, is considering releasing a list of vendors ranked by how up-to-date their headsets are.This has long been a problem for Android. Unlike Apple, which can unilaterally push out updates to its customers as they come out, the situation with Android is a lot more complicated.When a patch comes out, only Nexus phones get them automatically, said Kyle Lady, research and development engineer at Duo Security.To read this article in full or to leave a comment, please click here
Shaming carriers and smartphone manufacturers into applying patches faster is a step forward, but a lot more needs to be done to improve security of the Android platform, security experts say.Last month, Bloomberg, citing unnamed sources, is considering releasing a list of vendors ranked by how up-to-date their headsets are.This has long been a problem for Android. Unlike Apple, which can unilaterally push out updates to its customers as they come out, the situation with Android is a lot more complicated.When a patch comes out, only Nexus phones get them automatically, said Kyle Lady, research and development engineer at Duo Security.To read this article in full or to leave a comment, please click here
As of the end of March, 93 percent of all phishing emails contained encryption ransomware, according to a report released today by PhishMe.That was up from 56 percent in December, and less than 10 percent every other month of last year.And the number of phishing emails hit 6.3 million in the first quarter of this year, a 789 percent increase over the last quarter of 2015.RELATED: How to respond to ransomware threats
The anti-phishing vendor also counted the number of different variants of phishing emails that it saw. Ransomware accounted for 51 percent of all variants in March, up from just 29 percent in February and 15 percent in January.To read this article in full or to leave a comment, please click here
As of the end of March, 93 percent of all phishing emails contained encryption ransomware, according to a report released today by PhishMe.That was up from 56 percent in December, and less than 10 percent every other month of last year.And the number of phishing emails hit 6.3 million in the first quarter of this year, a 789 percent increase over the last quarter of 2015.RELATED: How to respond to ransomware threats
The anti-phishing vendor also counted the number of different variants of phishing emails that it saw. Ransomware accounted for 51 percent of all variants in March, up from just 29 percent in February and 15 percent in January.To read this article in full or to leave a comment, please click here
In theory, nobody should be paying any money to the ransomware extortionists. Doesn't everyone have backups these days? Even consumer has access to a wide variety of free or low-cost backup services.
But the headlines are full of reports about institutions such as hospitals and police departments, organizations that should have business continuity plans in place with solid backup strategies.To read this article in full or to leave a comment, please click here
A recent test of pre-installed updater software on 10 laptops showed that every single one had security problems."We went and bought about 10 laptops," said Darren Kemp, security researcher at Duo Security. "And every single vendor had their own piece of software to perform software updates, including the Microsoft Signature Editions, and they were all pretty terrible."For example, some laptop manufacturers weren't using encryption in their updaters."We found exploitable vulnerabilities in every vendor," he said.We found exploitable vulnerabilities in every vendor.
Darren Kemp, security researcher at Duo SecurityTo read this article in full or to leave a comment, please click here
A recent test of pre-installed updater software on 10 laptops showed that every single one had security problems."We went and bought about 10 laptops," said Darren Kemp, security researcher at Duo Security. "And every single vendor had their own piece of software to perform software updates, including the Microsoft Signature Editions, and they were all pretty terrible."For example, some laptop manufacturers weren't using encryption in their updaters."We found exploitable vulnerabilities in every vendor," he said.We found exploitable vulnerabilities in every vendor.
Darren Kemp, security researcher at Duo SecurityTo read this article in full or to leave a comment, please click here
Last week, the chair of the Securities and Exchange Commission called cybersecurity the biggest risk facing the global financial industry."Cyber risks can produce far-reaching impacts," said SEC chair Mary Jo White.For example, cybercriminals recently stole $81 million from a bank in Bangladesh by using Swift, the global money transfer network.The SEC promises to step up regulation and Swift itself is expected to launch a new cyber security initiative this week that includes independent security audits of its customers. Meanwhile, top finance officials from G-7 nations met in Japan to discuss plans to improve global cybersecurity coordination.To read this article in full or to leave a comment, please click here
Last week, the chair of the Securities and Exchange Commission called cybersecurity the biggest risk facing the global financial industry."Cyber risks can produce far-reaching impacts," said SEC chair Mary Jo White.For example, cybercriminals recently stole $81 million from a bank in Bangladesh by using Swift, the global money transfer network.The SEC promises to step up regulation and Swift itself is expected to launch a new cyber security initiative this week that includes independent security audits of its customers. Meanwhile, top finance officials from G-7 nations met in Japan to discuss plans to improve global cybersecurity coordination.To read this article in full or to leave a comment, please click here
Cybercrime may be booming but its business model is vulnerable on many fronts, according to a new report."We've been observing that they've been acting like a business for a while," said Shogo Cottrell, security strategist at Hewlett Packard Enterprise, which produced the report.The profit motivation accounts for more than three-quarters of all data breaches and has been rising in recent years, according to this year's Verizon data breach report.But cybercrime also shares many of the vulnerabilities that traditional businesses do, said Cottrell.MORE ON CSO: How to spot a phishing email
For example, a criminal group's reputation is even more important in the underground economy than brand reputation in the legitimate world.To read this article in full or to leave a comment, please click here
Cybercrime may be booming but its business model is vulnerable on many fronts, according to a new report."We've been observing that they've been acting like a business for a while," said Shogo Cottrell, security strategist at Hewlett Packard Enterprise, which produced the report.The profit motivation accounts for more than three-quarters of all data breaches and has been rising in recent years, according to this year's Verizon data breach report.But cybercrime also shares many of the vulnerabilities that traditional businesses do, said Cottrell.MORE ON CSO: How to spot a phishing email
For example, a criminal group's reputation is even more important in the underground economy than brand reputation in the legitimate world.To read this article in full or to leave a comment, please click here
Although cybercriminals have been turning out specialized hacking and attack tools at a rapid pace, terrorists are often using legitimate, consumer-focused technologies, according to a new Trend Micro report."They're abusing legitimate technology for their own gain," said Ed Cabrera, vice president of cybersecurity strategy at Trend Micro.Sometimes, the vendors involved shut down accounts that are being used by terrorists, he said."As accounts become not usable, they pivot to other applications," he said.To read this article in full or to leave a comment, please click here
Although cybercriminals have been turning out specialized hacking and attack tools at a rapid pace, terrorists are often using legitimate, consumer-focused technologies, according to a new Trend Micro report."They're abusing legitimate technology for their own gain," said Ed Cabrera, vice president of cybersecurity strategy at Trend Micro.Sometimes, the vendors involved shut down accounts that are being used by terrorists, he said."As accounts become not usable, they pivot to other applications," he said.To read this article in full or to leave a comment, please click here