Trying to filter out phishing emails is tough work, even for organizations trying to find a better way through automation, according to a new study from security software company GreatHorn.The company makes software that seeks out phishing attempts and can autonomously block them, but even its customers don’t switch on all the features, according to GreatHorn’s study of how customers dealt with just over half a million spear phishing attempts.The most common autonomous action, taken a third of the time against suspicious emails, was to alert an admin when a policy was violated and let them decide what to do. This option is also chosen in order to create a record of potential threats, the company says. Another 6% of emails trigger alerts to the recipients so they can be on the lookout for similar attempts.To read this article in full or to leave a comment, please click here
That lingering Hearbleed flaw recently discovered in 200,000 devices is more insidious than that number indicates.According to a report posted by Shodan, the Heartbleed vulnerability first exposed in April 2014 was still found in 199,594 internet-accessible devices during a scan it performed last weekend.But according to open-source security firm Black Duck, about 11% of more than 200 applications it audited between Oct. 2015 and March 2016 contained the flaw, which enables a buffer overread that endangers data from clients and servers running affected versions of OpenSSL.To read this article in full or to leave a comment, please click here
That lingering Heartbleed flaw recently discovered in 200,000 devices is more insidious than that number indicates.According to a report posted by Shodan, the Heartbleed vulnerability first exposed in April 2014 was still found in 199,594 internet-accessible devices during a scan it performed last weekend.But according to open-source security firm Black Duck, about 11% of more than 200 applications it audited between Oct. 2015 and March 2016 contained the flaw, which enables a buffer overread that endangers data from clients and servers running affected versions of OpenSSL.To read this article in full or to leave a comment, please click here
That lingering Heartbleed flaw recently discovered in 200,000 devices is more insidious than that number indicates.According to a report posted by Shodan, the Heartbleed vulnerability first exposed in April 2014 was still found in 199,594 internet-accessible devices during a scan it performed last weekend.But according to open-source security firm Black Duck, about 11% of more than 200 applications it audited between Oct. 2015 and March 2016 contained the flaw, which enables a buffer overread that endangers data from clients and servers running affected versions of OpenSSL.To read this article in full or to leave a comment, please click here
It looks like the Donald Trump administration is interested in encryption backdoors, but, like his predecessor’s, so far it has fallen short of coming out for them or against them.
Trump himself famously urged a boycott of Apple for refusing to help the FBI crack an iPhone used by the terrorist who attacked in San Bernardino, Calif., which indicated he favored backdoors. But that was last year.
The latest comes from Sen. Jeff Sessions, Trump’s nominee for attorney general, who says he favors strong encryption but also favors law enforcement being able to “overcome encryption” when necessary.To read this article in full or to leave a comment, please click here
It looks like the Donald Trump administration is interested in encryption backdoors, but, like his predecessor’s, so far it has fallen short of coming out for them or against them.
Trump himself famously urged a boycott of Apple for refusing to help the FBI crack an iPhone used by the terrorist who attacked in San Bernardino, Calif., which indicated he favored backdoors. But that was last year.
The latest comes from Sen. Jeff Sessions, Trump’s nominee for attorney general, who says he favors strong encryption but also favors law enforcement being able to “overcome encryption” when necessary.To read this article in full or to leave a comment, please click here
Cisco’s Webex Browser Extension contain a critical bug that can open up customers’ entire computers to remote code execution attacks if the browsers visit websites containing specially crafted malicious code.The company says it is in the process of correcting the problem, and has apparently made a few initial steps toward a permanent fix. It says there is no workaround available.+More on Network World: 10 of the latest craziest and scariest things the TSA found on your fellow travelers+To read this article in full or to leave a comment, please click here
Cisco’s Webex Browser Extension contain a critical bug that can open up customers’ entire computers to remote code execution attacks if the browsers visit websites containing specially crafted malicious code.The company says it is in the process of correcting the problem, and has apparently made a few initial steps toward a permanent fix. It says there is no workaround available.+More on Network World: 10 of the latest craziest and scariest things the TSA found on your fellow travelers+To read this article in full or to leave a comment, please click here
IBM Security plans to buy San Francisco-based Agile 3 Solutions, which makes software for visualizing data risk for analysis by senior executives.The deal is expected to close within weeks, but the financial terms were not released. It will include the purchase of Ravy Technologies, an Agile 3 subcontractor based in India.Agile 3’s software identifies risks to business programs and assets, and enables actions to head off possible exploits that could affect business processes. It provides a dashboard for measuring compliance with regulations and legislation.NEWSLETTERS: Get the latest tech news sent directly to your in-box
IBM Security customers will be able to buy Agile 3 technology as a service through IBM Data Security Services or as features rolled into IBM Guardian, the company’s data-protection software. The company says the addition of the software will help identify and protect critical data.To read this article in full or to leave a comment, please click here
IBM Security plans to buy San Francisco-based Agile 3 Solutions, which makes software for visualizing data risk for analysis by senior executives.The deal is expected to close within weeks, but the financial terms were not released. It will include the purchase of Ravy Technologies, an Agile 3 subcontractor based in India.Agile 3’s software identifies risks to business programs and assets, and enables actions to head off possible exploits that could affect business processes. It provides a dashboard for measuring compliance with regulations and legislation.NEWSLETTERS: Get the latest tech news sent directly to your in-box
IBM Security customers will be able to buy Agile 3 technology as a service through IBM Data Security Services or as features rolled into IBM Guardian, the company’s data-protection software. The company says the addition of the software will help identify and protect critical data.To read this article in full or to leave a comment, please click here
There’s good news for security pros worried that their organizations may be liable if their employees’ personal information gets hacked: a panel of judges in Pennsylvania says workers can’t collect damages from their employer if things like Social Security numbers, bank account information, birth dates, addresses and salaries are compromised in a data breach.Even though the stolen data was used to file phony tax returns in order to get the refunds, the workers at University of Pittsburgh Medical Center (UPMC) had no reasonable expectation that the data would be safe, the Superior Court of Pennsylvania ruled recently.The case, known as in Dittman v. UPMC, pertains solely to employee records, not customer records, and not patient records, which are protected by HIPAA.To read this article in full or to leave a comment, please click here
There’s good news for security pros worried that their organizations may be liable if their employees’ personal information gets hacked: a panel of judges in Pennsylvania says workers can’t collect damages from their employer if things like Social Security numbers, bank account information, birth dates, addresses and salaries are compromised in a data breach.Even though the stolen data was used to file phony tax returns in order to get the refunds, the workers at University of Pittsburgh Medical Center (UPMC) had no reasonable expectation that the data would be safe, the Superior Court of Pennsylvania ruled recently.The case, known as in Dittman v. UPMC, pertains solely to employee records, not customer records, and not patient records, which are protected by HIPAA.To read this article in full or to leave a comment, please click here
Former New York Mayor Rudy Giuliani says Donald Trump has tapped him to gather top cybersecurity leaders to meet with the administration regularly to share “all the information available in the private sector” with the goal of improving national cyber defenses “because we’re so far behind.”“The president elect-decided he wanted to bring in on a regular basis the people in the private sector, the corporate leaders in particular and thought leaders in the private sector who are working on security for cyber because we’re so far behind,” Giuliani said on Fox and Friends.To read this article in full or to leave a comment, please click here
Former New York Mayor Rudy Giuliani says Donald Trump has tapped him to gather top cybersecurity leaders to meet with the administration regularly to share “all the information available in the private sector” with the goal of improving national cyber defenses “because we’re so far behind.”
“The president elect-decided he wanted to bring in on a regular basis the people in the private sector, the corporate leaders in particular and thought leaders in the private sector who are working on security for cyber because we’re so far behind,” Giuliani said on Fox and Friends.To read this article in full or to leave a comment, please click here
The life of the corporate desktop team can turn into a legal nightmare quickly if end users haven’t agreed that it’s OK for techs to search their machines, something that has come to light in a California child pornography case involving Best Buy’s Geek Squad.In that case, Geeks working on a customer laptop found a pornographic picture and turned it over to the FBI, which paid them $500 and prosecuted the owner of the machine.Now the Geeks in question are in hot water because the arrangement with the FBI violates the corporate policies of Best Buy, which runs Geek Squad.To read this article in full or to leave a comment, please click here
The life of the corporate desktop team can turn into a legal nightmare quickly if end users haven’t agreed that it’s OK for techs to search their machines, something that has come to light in a California child pornography case involving Best Buy’s Geek Squad.In that case, Geeks working on a customer laptop found a pornographic picture and turned it over to the FBI, which paid them $500 and prosecuted the owner of the machine.Now the Geeks in question are in hot water because the arrangement with the FBI violates the corporate policies of Best Buy, which runs Geek Squad.To read this article in full or to leave a comment, please click here
The raw intelligence document published this week that contains salacious stories about Donald Trump also offers up a glimpse into how Russia goes about its cyber spying – including the tidbit that it has cracked Telegram’s encrypted instant messaging service.While none of the 35-page document is substantiated, it is detailed, and at least some of it is considered credible enough by U.S. intelligence agencies for them to have briefed Trump and President Barack Obama on it.According to the documents prepared by a former British spy, a “cyber operative” for the Russian Federal Security Service (FSB) told him that Telegram no longer posed an issue for the government. “His/her understanding was that the FSB now successfully had cracked this communication software and therefore it was no longer secure to use,” the document says.To read this article in full or to leave a comment, please click here
The raw intelligence document published this week that contains salacious stories about Donald Trump also offers up a glimpse into how Russia goes about its cyber spying – including the tidbit that it has cracked Telegram’s encrypted instant messaging service.While none of the 35-page document is substantiated, it is detailed, and at least some of it is considered credible enough by U.S. intelligence agencies for them to have briefed Trump and President Barack Obama on it.According to the documents prepared by a former British spy, a “cyber operative” for the Russian Federal Security Service (FSB) told him that Telegram no longer posed an issue for the government. “His/her understanding was that the FSB now successfully had cracked this communication software and therefore it was no longer secure to use,” the document says.To read this article in full or to leave a comment, please click here
A startup with a strong pedigree is trying to address the problem that businesses have keeping up with the ever-increasing options for authentication.Transmit Security is shipping a server platform that off-loads the authentication chores that would otherwise reside within applications, making it simpler to roll out authentication in the first place and to upgrade it later without ever touching the applications themselves. Rakesh Loonkar
Rakesh LoonkarTo read this article in full or to leave a comment, please click here
A startup with a strong pedigree is trying to address the problem that businesses have keeping up with the ever-increasing options for authentication.Transmit Security is shipping a server platform that off-loads the authentication chores that would otherwise reside within applications, making it simpler to roll out authentication in the first place and to upgrade it later without ever touching the applications themselves. Rakesh Loonkar
Rakesh LoonkarTo read this article in full or to leave a comment, please click here
Tim Greene