Michael Kan
Author Archives: Michael Kan
- Home → Author's archive:
Michael Kan
0
Amid cyberattacks, ISPs try to clean up the internet
If your computer’s been hacked, Dale Drew might actually know something about that.He's CSO (chief security officer) at Level 3 Communications, a major internet backbone provider that's routinely on the lookout for cyberattacks on the network level. The company has linked more than 150 million IP addresses to malicious activity worldwide.That means all of those IP addresses have computers behind them that are probably involved in distributed denial-of-service attacks, email spam, or breaches of company servers, Drew said.Hackers have managed to hijack those computers to "cause harm to the internet," but the owners don't always know that, Drew said. To read this article in full or to leave a comment, please click here
0
Amid cyberattacks, ISPs try to clean up the internet
If your computer’s been hacked, Dale Drew might actually know something about that.He's CSO (chief security officer) at Level 3 Communications, a major internet backbone provider that's routinely on the lookout for cyberattacks on the network level. The company has linked more than 150 million IP addresses to malicious activity worldwide.That means all of those IP addresses have computers behind them that are probably involved in distributed denial-of-service attacks, email spam, or breaches of company servers, Drew said.Hackers have managed to hijack those computers to "cause harm to the internet," but the owners don't always know that, Drew said. To read this article in full or to leave a comment, please click here
0
A hard drive’s LED light can be used to covertly leak data
The seemingly harmless blinking lights on servers and desktop PCs may give away secrets if a hacker can hijack them with malware. Researchers in Israel have come up with an innovative hack that turns a computer's LED light into a signaling system that shows passwords and other sensitive data. The researchers at Ben-Gurion University of the Negev demonstrated the hack in a YouTube video posted Wednesday. It shows a hacked computer broadcasting the data through a computer’s LED light, with a drone flying nearby reading the pattern. The researchers designed the scheme to underscore vulnerabilities of air-gapped systems, or computers that have been intentionally disconnected from the internet.To read this article in full or to leave a comment, please click here
0
A hard drive’s LED light can be used to covertly leak data
The seemingly harmless blinking lights on servers and desktop PCs may give away secrets if a hacker can hijack them with malware. Researchers in Israel have come up with an innovative hack that turns a computer's LED light into a signaling system that shows passwords and other sensitive data. The researchers at Ben-Gurion University of the Negev demonstrated the hack in a YouTube video posted Wednesday. It shows a hacked computer broadcasting the data through a computer’s LED light, with a drone flying nearby reading the pattern. The researchers designed the scheme to underscore vulnerabilities of air-gapped systems, or computers that have been intentionally disconnected from the internet.To read this article in full or to leave a comment, please click here
0
Here’s how the US government can bolster cybersecurity
Almost 20 years ago, Chris Wysopal was among a group of hackers who testified before U.S. Congress, warning it about the dangers of the internet.Unfortunately, the U.S. government is still struggling to act, he said. "You’re just going to keep ending up with the status quo," he said, pointing to the U.S. government's failure to regulate the tech industry or incentivize any change.It’s a feeling that was shared by the experts who attended this week’s RSA cybersecurity show. Clearly, the U.S. government needs to do more on cybersecurity, but what? Public and Private sector Perhaps, the need for U.S. action hasn't been more urgent. In last year's election, Russia was accused of hacking U.S. political groups and figures in an effort to influence the outcome.To read this article in full or to leave a comment, please click here
0
Here’s how the US government can bolster cybersecurity
Almost 20 years ago, Chris Wysopal was among a group of hackers who testified before U.S. Congress, warning it about the dangers of the internet.Unfortunately, the U.S. government is still struggling to act, he said. "You’re just going to keep ending up with the status quo," he said, pointing to the U.S. government's failure to regulate the tech industry or incentivize any change.It’s a feeling that was shared by the experts who attended this week’s RSA cybersecurity show. Clearly, the U.S. government needs to do more on cybersecurity, but what? Public and Private sector Perhaps, the need for U.S. action hasn't been more urgent. In last year's election, Russia was accused of hacking U.S. political groups and figures in an effort to influence the outcome.To read this article in full or to leave a comment, please click here
0
Experts at RSA give their best cybersecurity advice
Come to the RSA show, and you’ll find plenty of cybersecurity technology. The top vendors from across the industry are here, showing products for fighting ransomware, preventing data breaches and more.But even the best security software is useless if users and businesses aren’t taking the right steps to protect themselves. So we asked experts at the show for their best cybersecurity tips.Joe Stewart, director of malware research at Dell SecureWorks He advises everyone to set up two-factor authentication to protect their internet accounts, especially email. It can be particularly useful when stopping hackers who are trying to steal login passwords from users, whether through malware or email phishing schemes.To read this article in full or to leave a comment, please click here
0
Experts at RSA give their best cybersecurity advice
Come to the RSA show, and you’ll find plenty of cybersecurity technology. The top vendors from across the industry are here, showing products for fighting ransomware, preventing data breaches and more.But even the best security software is useless if users and businesses aren’t taking the right steps to protect themselves. So we asked experts at the show for their best cybersecurity tips.Joe Stewart, director of malware research at Dell SecureWorks He advises everyone to set up two-factor authentication to protect their internet accounts, especially email. It can be particularly useful when stopping hackers who are trying to steal login passwords from users, whether through malware or email phishing schemes.To read this article in full or to leave a comment, please click here
0
A.I. faces hype, skepticism at RSA cybersecurity show
Vendors at this week's RSA cybersecurity show in San Francisco are pushing artificial intelligence and machine learning as the new way to detect the latest threats, but RSA CTO Zulfikar Ramzan is giving visitors a reality check."I think it (the technology) moves the needle," he said on Wednesday. "The real open question to me is how much has that needle actually moved in practice?"It's not as much as vendors claim, Ramzan warned, but for customers it won't be easy cutting through the hype and marketing. The reality is that a lot of the technology now being pushed isn’t necessarily new.In particular, he was talking about machine learning, a subfield in A.I. that’s become a popular marketing term in cybersecurity. In practice, it essentially involves building algorithms to spot bad computer behavior from good.To read this article in full or to leave a comment, please click here
0
A.I. faces hype, skepticism at RSA cybersecurity show
Vendors at this week's RSA cybersecurity show in San Francisco are pushing artificial intelligence and machine learning as the new way to detect the latest threats, but RSA CTO Zulfikar Ramzan is giving visitors a reality check."I think it (the technology) moves the needle," he said on Wednesday. "The real open question to me is how much has that needle actually moved in practice?"It's not as much as vendors claim, Ramzan warned, but for customers it won't be easy cutting through the hype and marketing. The reality is that a lot of the technology now being pushed isn’t necessarily new.In particular, he was talking about machine learning, a subfield in A.I. that’s become a popular marketing term in cybersecurity. In practice, it essentially involves building algorithms to spot bad computer behavior from good.To read this article in full or to leave a comment, please click here
0
Researchers trick ‘CEO’ email scammer into giving up identity
Businesses targeted in email scams don’t always have to play the victim. They can actually fight back.Researchers at Dell SecureWorks have documented how they identified a suspected email scammer from Nigeria, by essentially playing along with the scheme to fool the attacker into revealing his true whereabouts.Anyone can use these tips, said Joe Stewart, director of malware research at SecureWorks. “We’re letting them (the scammers) give us all the information about themselves,” he said.The email scheme SecureWorks dealt with involved a fraudster impersonating a CEO in what’s called a business email spoofing attack. The goal is often to trick a victim into wiring funds to the scammer’s bank account.To read this article in full or to leave a comment, please click here
0
Researchers trick ‘CEO’ email scammer into giving up identity
Businesses targeted in email scams don’t always have to play the victim. They can actually fight back.Researchers at Dell SecureWorks have documented how they identified a suspected email scammer from Nigeria, by essentially playing along with the scheme to fool the attacker into revealing his true whereabouts.Anyone can use these tips, said Joe Stewart, director of malware research at SecureWorks. “We’re letting them (the scammers) give us all the information about themselves,” he said.The email scheme SecureWorks dealt with involved a fraudster impersonating a CEO in what’s called a business email spoofing attack. The goal is often to trick a victim into wiring funds to the scammer’s bank account.To read this article in full or to leave a comment, please click here
0
Doubts abound over US action on cybersecurity
How should the U.S. respond to cyber attacks? That’s been a major question at this year’s RSA security conference, following Russia’s suspected attempt to influence last year’s election. Clearly, the government should be doing more on cybersecurity, said U.S. lawmakers and officials at the show, but they admit that politics and policy conflicts have hampered the government's approach. “I wish the federal government could do this, but it’s very hard, unfortunately, due to partisan politics,” said Virginia State Governor Terry McAuliffe, during a speech at the show. “They haven’t been able to take the lead on this issue as they should have.”To read this article in full or to leave a comment, please click here
0
Doubts abound over US action on cybersecurity
How should the U.S. respond to cyber attacks? That’s been a major question at this year’s RSA security conference, following Russia’s suspected attempt to influence last year’s election. Clearly, the government should be doing more on cybersecurity, said U.S. lawmakers and officials at the show, but they admit that politics and policy conflicts have hampered the government's approach. “I wish the federal government could do this, but it’s very hard, unfortunately, due to partisan politics,” said Virginia State Governor Terry McAuliffe, during a speech at the show. “They haven’t been able to take the lead on this issue as they should have.”To read this article in full or to leave a comment, please click here
0
Cybersecurity alliance promoting intel-sharing seeks to expand
Hackers have probably had a harder time slipping past your security software, thanks to an alliance between some of the top vendors in the industry.The Cyber Threat Alliance, a group of security firms that often compete, says its efforts to share intelligence on the latest hacking threats have been paying off. Rivals including Fortinet, Intel Security, Palo Alto Networks and Symantec originally entered into the alliance over two years ago, even as doubts arose over whether it’d last.To read this article in full or to leave a comment, please click here
0
Cybersecurity alliance promoting intel-sharing seeks to expand
Hackers have probably had a harder time slipping past your security software, thanks to an alliance between some of the top vendors in the industry.The Cyber Threat Alliance, a group of security firms that often compete, says its efforts to share intelligence on the latest hacking threats have been paying off. Rivals including Fortinet, Intel Security, Palo Alto Networks and Symantec originally entered into the alliance over two years ago, even as doubts arose over whether it’d last.To read this article in full or to leave a comment, please click here
0
Researcher develops ransomware attack that targets water supply
A security researcher is showing that it’s not hard to hold industrial control systems for ransom. He's experimented with a simulated water treatment system based on actual programmable logic controllers (PLCs) and documented how these can be hacked.David Formby, a PhD student at Georgia Institute of Technology, conducted his experiment to warn the industry about the danger of poorly-secured PLCs. These small dedicated computers can be used to control important factory processes or utilities, but are sometimes connected to the internet.For instance, Formby found that 1,500 of these industrial PLCs are accessible online, he said while speaking at the RSA cybersecurity conference on Monday. It's not hard to imagine a hacker trying to exploit these exposed PLCs, he added. Cybercriminals have been infecting businesses across the world with ransomware, a form of malware that can hold data hostage in exchange for bitcoin.To read this article in full or to leave a comment, please click here
0
Researcher develops ransomware attack that targets water supply
A security researcher is showing that it’s not hard to hold industrial control systems for ransom. He's experimented with a simulated water treatment system based on actual programmable logic controllers (PLCs) and documented how these can be hacked.David Formby, a PhD student at Georgia Institute of Technology, conducted his experiment to warn the industry about the danger of poorly-secured PLCs. These small dedicated computers can be used to control important factory processes or utilities, but are sometimes connected to the internet.For instance, Formby found that 1,500 of these industrial PLCs are accessible online, he said while speaking at the RSA cybersecurity conference on Monday. It's not hard to imagine a hacker trying to exploit these exposed PLCs, he added. Cybercriminals have been infecting businesses across the world with ransomware, a form of malware that can hold data hostage in exchange for bitcoin.To read this article in full or to leave a comment, please click here
0
Experts worried about ransomware hitting critical infrastructure
Expect ransomware to grow more aggressive in the coming years, including higher ransom payments and attempts to go beyond attacking data -- by shutting down entire computer systems to utilities or factories.“I see no reason for ransomware to stop,” said Neil Jenkins, an official with the U.S. Department of Homeland Security. “It’s shown to be effective.”On Monday at the RSA cybersecurity conference, experts gave a grim outlook on the future of ransomware, which they fear will spread. Through the attacks, cybercriminals have already managed to rake in US$1 billion last year, according to at one estimate.To read this article in full or to leave a comment, please click here
0
Experts worried about ransomware hitting critical infrastructure
Expect ransomware to grow more aggressive in the coming years, including higher ransom payments and attempts to go beyond attacking data -- by shutting down entire computer systems to utilities or factories.“I see no reason for ransomware to stop,” said Neil Jenkins, an official with the U.S. Department of Homeland Security. “It’s shown to be effective.”On Monday at the RSA cybersecurity conference, experts gave a grim outlook on the future of ransomware, which they fear will spread. Through the attacks, cybercriminals have already managed to rake in US$1 billion last year, according to at one estimate.To read this article in full or to leave a comment, please click here