Another political campaign has been hit by an email dump. This time, the target is French presidential candidate Emmanuel Macron.On Friday, his campaign said a massive and coordinated hack had breached the email inboxes of several staffers. This came after a mysterious user named “EMLEAKS” apparently dumped the stolen data through torrent files on text storage site Pastebin.It’s unclear if the information in the dump is genuine. Allegedly, the dump contains a 9GB trove of emails and photos. The torrent files, which were hosted on Archive.org, are no longer available there.But Macron’s campaign said the leaked files have been spreading over social media as the country prepares to vote for a new president on Sunday.To read this article in full or to leave a comment, please click here
Another political campaign has been hit by an email dump. This time, the target is French presidential candidate Emmanuel Macron.On Friday, his campaign said a massive and coordinated hack had breached the email inboxes of several staffers. This came after a mysterious user named “EMLEAKS” apparently dumped the stolen data through torrent files on text storage site Pastebin.It’s unclear if the information in the dump is genuine. Allegedly, the dump contains a 9GB trove of emails and photos. The torrent files, which were hosted on Archive.org, are no longer available there.But Macron’s campaign said the leaked files have been spreading over social media as the country prepares to vote for a new president on Sunday.To read this article in full or to leave a comment, please click here
Next week, PC vendors will start rolling out patches that fix a severe vulnerability found in certain Intel-based business systems, including laptops, making them easier to hack. Intel on Friday released a new notice urging clients to take steps to secure their systems.The chipmaker has also released a downloadable tool that can help IT administrators and users discover whether a machine they own has the vulnerability.In addition, vendors including Fujitsu, HP, and Lenovo have released lists showing which products are affected and when the patches will roll out. To read this article in full or to leave a comment, please click here
Next week, PC vendors will start rolling out patches that fix a severe vulnerability found in certain Intel-based business systems, including laptops, making them easier to hack. Intel on Friday released a new notice urging clients to take steps to secure their systems.The chipmaker has also released a downloadable tool that can help IT administrators and users discover whether a machine they own has the vulnerability.In addition, vendors including Fujitsu, HP, and Lenovo have released lists showing which products are affected and when the patches will roll out. To read this article in full or to leave a comment, please click here
There's a growing threat on the cybersecurity scene that could drain millions from unsuspecting businesses and leave them vulnerable to hacking threats.It isn’t a new strain of ransomware. It’s the cybersecurity industry itself.It's ironic, but the products vendors sell, and the marketing they use, sometimes leave buyers misinformed and less secure, according to several business directors who actually buy the tech. “There’s definitely a lot of vaporware,” said Damian Finol, an IT security manager at a major internet company. “There are definitely products that have really exaggerated claims about what they actually do.”For some vendors, it's more about the sale than about security, IT executives say. To close a deal, bad vendors tend to overpromise features that they claim will be added down the line but never materialize. That makes a buyer's job harder.To read this article in full or to leave a comment, please click here
Having trouble finding the right security products for your business? You’re not the only one.Today’s market is filled with hundreds of vendors and plenty of marketing hype. But figuring out which solutions are worthwhile can be a challenge, especially for businesses with little experience in cybersecurity. So we asked actual buyers of enterprise security products for tips, and here’s what they said. Damian Finol, security technical program manager at a major internet firm
Businesses have to do their research. That means looking at customer recommendations instead of relying on what vendors say. Testing the security products in house is also highly advised.To read this article in full or to leave a comment, please click here
There's a growing threat on the cybersecurity scene that could drain millions from unsuspecting businesses and leave them vulnerable to hacking threats.It isn’t a new strain of ransomware. It’s the cybersecurity industry itself.It's ironic, but the products vendors sell, and the marketing they use, sometimes leave buyers misinformed and less secure, according to several business directors who actually buy the tech. “There’s definitely a lot of vaporware,” said Damian Finol, an IT security manager at a major internet company. “There are definitely products that have really exaggerated claims about what they actually do.”For some vendors, it's more about the sale than about security, IT executives say. To close a deal, bad vendors tend to overpromise features that they claim will be added down the line but never materialize. That makes a buyer's job harder.To read this article in full or to leave a comment, please click here
Having trouble finding the right security products for your business? You’re not the only one.Today’s market is filled with hundreds of vendors and plenty of marketing hype. But figuring out which solutions are worthwhile can be a challenge, especially for businesses with little experience in cybersecurity. So we asked actual buyers of enterprise security products for tips, and here’s what they said. Damian Finol, security technical program manager at a major internet firm
Businesses have to do their research. That means looking at customer recommendations instead of relying on what vendors say. Testing the security products in house is also highly advised.To read this article in full or to leave a comment, please click here
Google has stopped Wednesday’s clever email phishing scheme, but the attack may very well make a comeback.One security researcher has already managed to replicate it, even as Google is trying to protect users from such attacks.“It looks exactly like the original spoof,” said Matt Austin, director of security research at Contrast Security.The phishing scheme -- which may have circulated to 1 million Gmail users -- is particularly effective because it fooled users with a dummy app that looked like Google Docs.To read this article in full or to leave a comment, please click here
Google has stopped Wednesday’s clever email phishing scheme, but the attack may very well make a comeback.One security researcher has already managed to replicate it, even as Google is trying to protect users from such attacks.“It looks exactly like the original spoof,” said Matt Austin, director of security research at Contrast Security.The phishing scheme -- which may have circulated to 1 million Gmail users -- is particularly effective because it fooled users with a dummy app that looked like Google Docs.To read this article in full or to leave a comment, please click here
Google Docs was pulled into a sneaky email phishing attack on Tuesday that was designed to trick users into giving up access to their Gmail accounts.The phishing emails, which circulated for about three hours before Google stopped them, invited the recipient to open what appeared to be a Google Doc. The teaser was a blue box that said, “Open in Docs.”In reality, the link led to a dummy app that asked users for permission to access their Gmail account. Reddit
An example of the phishing email that circulated on Tuesday.To read this article in full or to leave a comment, please click here
Google Docs was pulled into a sneaky email phishing attack on Tuesday that was designed to trick users into giving up access to their Gmail accounts.The phishing emails, which circulated for about three hours before Google stopped them, invited the recipient to open what appeared to be a Google Doc. The teaser was a blue box that said, “Open in Docs.”In reality, the link led to a dummy app that asked users for permission to access their Gmail account. Reddit
An example of the phishing email that circulated on Tuesday.To read this article in full or to leave a comment, please click here
China will start carrying out security checks of IT suppliers in the country, with the intent of keeping out internet products vulnerable to spying and hacking.The new rules, which take effect in June, mean that foreign vendors will face more scrutiny -- including government-mandated background checks, and supply chain vetting -- when selling IT products to China’s major business sectors.On Tuesday, the country’s Cyberspace Administration of China released the new rules, which call for the review of any important internet products and services that relate to the country’s security.To read this article in full or to leave a comment, please click here
Intel is reporting a firmware vulnerability that could let attackers take over remote management functions on computers built over nearly the past decade.The vulnerability, disclosed on Monday, affects features in Intel firmware that are designed for enterprise IT management. Enterprises using Intel Active Management Technology, Intel Small Business Technology and Intel Standard Manageability on their systems should patch them as soon as possible, the company says.The vulnerable firmware features can be found in some current Core processors and all the way back to Intel's first-generation Core, called Nehalem, which shipped in 2008. They're part of versions 6.0 through 11.6 of Intel's manageability firmware.To read this article in full or to leave a comment, please click here
Intel is reporting a firmware vulnerability that could let attackers take over remote management functions on computers built over nearly the past decade.The vulnerability, disclosed on Monday, affects features in Intel firmware that are designed for enterprise IT management. Enterprises using Intel Active Management Technology, Intel Small Business Technology and Intel Standard Manageability on their systems should patch them as soon as possible, the company says.The vulnerable firmware features can be found in some current Core processors and all the way back to Intel's first-generation Core, called Nehalem, which shipped in 2008. They're part of versions 6.0 through 11.6 of Intel's manageability firmware.To read this article in full or to leave a comment, please click here
President Donald Trump is launching a special council to upgrade the U.S. government’s IT services at a time when some systems more than 50 years old. Americans deserve better digital services from their government,” the"Americans deserve better digital services from their government," said an executive order from Trump, released on Monday.The order seeks to "promote the secure, efficient and economical use" of IT. As part of that goal, Trump is establishing the American Technology Council, which he will chair.To read this article in full or to leave a comment, please click here
President Donald Trump is launching a special council to upgrade the U.S. government’s IT services at a time when some systems more than 50 years old. Americans deserve better digital services from their government,” the"Americans deserve better digital services from their government," said an executive order from Trump, released on Monday.The order seeks to "promote the secure, efficient and economical use" of IT. As part of that goal, Trump is establishing the American Technology Council, which he will chair.To read this article in full or to leave a comment, please click here
The U.S. National Security Agency will no longer sift through emails, texts and other internet communications that mention targets of surveillance.The change, which the NSA announced on Friday, stops a controversial tactic that critics said violated U.S. citizens' privacy rights.The practice involved flagging communications where a foreign surveillance target was mentioned, even if that target wasn't involved in the conversation. Friday’s announcement means the NSA will stop collecting this data.“Instead, this surveillance will now be limited to only those communications that are directly ‘to’ or ‘from’ a foreign intelligence target,” the NSA said in a statement.To read this article in full or to leave a comment, please click here
The U.S. National Security Agency will no longer sift through emails, texts and other internet communications that mention targets of surveillance.The change, which the NSA announced on Friday, stops a controversial tactic that critics said violated U.S. citizens' privacy rights.The practice involved flagging communications where a foreign surveillance target was mentioned, even if that target wasn't involved in the conversation. Friday’s announcement means the NSA will stop collecting this data.“Instead, this surveillance will now be limited to only those communications that are directly ‘to’ or ‘from’ a foreign intelligence target,” the NSA said in a statement.To read this article in full or to leave a comment, please click here
A Google effort to push websites to implement encryption is expanding. Starting in October, the company will roll out new warnings to flag HTTP connections as insecure in its Chrome browser.For users, it means Chrome will display the words “not secure” in the browser’s address bar whenever they type any data into web pages that connect over HTTP.However, for users who like to browse through Chrome’s privacy-enhancing Incognito mode, the warnings will appear by default on all HTTP pages visited, not only when the user enters information onto the page.To read this article in full or to leave a comment, please click here
Michael Kan