President-elect Donald Trump's pick for Homeland Security chief wants to forge closer ties with the private sector in the cyber arena.Gen. John F. Kelly (Ret.), a more than four-decade veteran of the Marine Corps, appeared this week before the Senate Homeland Security and Governmental Affairs Committee for his confirmation hearing, the second of Trump's appointees to begin that process.In his testimony on cybersecurity, Kelly noted the challenges of keeping pace with an ever-evolving spate of threats from a variety of actors, and stressed the importance of the government coordinating its defense efforts and intelligence with the private-sector firms that could be targeted by attackers.To read this article in full or to leave a comment, please click here
President-elect Donald Trump's nominee to head the Central Intelligence Agency wants to create a massive surveillance database by resurrecting a U.S. telephone records collection program, but some senators questioned what limits he would accept.CIA nominee Mike Pompeo, currently a Republican representative from Kansas, has called on Congress to reverse its mid-2015 decision to rein in the phone metadata collection program run by the National Security Agency, a sister agency to the CIA that focuses on signals intelligence.To read this article in full or to leave a comment, please click here
Former New York Mayor Rudy Giuliani says Donald Trump has tapped him to gather top cybersecurity leaders to meet with the administration regularly to share “all the information available in the private sector” with the goal of improving national cyber defenses “because we’re so far behind.”
“The president elect-decided he wanted to bring in on a regular basis the people in the private sector, the corporate leaders in particular and thought leaders in the private sector who are working on security for cyber because we’re so far behind,” Giuliani said on Fox and Friends.To read this article in full or to leave a comment, please click here
The life of the corporate desktop team can turn into a legal nightmare quickly if end users haven’t agreed that it’s OK for techs to search their machines, something that has come to light in a California child pornography case involving Best Buy’s Geek Squad.In that case, Geeks working on a customer laptop found a pornographic picture and turned it over to the FBI, which paid them $500 and prosecuted the owner of the machine.Now the Geeks in question are in hot water because the arrangement with the FBI violates the corporate policies of Best Buy, which runs Geek Squad.To read this article in full or to leave a comment, please click here
The Wireless Desktop 900 keyboard from Microsoft has quiet-touch keys and customizable buttons for access to the Windows features you use most. The full-size ambidextrous mouse provides comfortable, precise navigation. The Wireless Desktop 900 also includes Advanced Encryption Standard to help protect your information by encrypting your keystrokes. Both the keyboard and the mouse have an average battery life of 2-years. The typical list price of $50 has been reduced to $28.28, making this a good deal on Amazon where it averages 4.5 out of 5 stars (read recent reviews) from over 140 reviewers. See it now on Amazon.To read this article in full or to leave a comment, please click here
Nyotron today launched its cybersecurity product in the U.S. Nothing too exciting about that, but the history of the company’s founder might pique your interest.Nir Gaist is the sort of over-achiever that one either worries hugely about or admires greatly (or probably both in equal measure). Nyotron’s CEO and founder, Gaist started programing at the age of six. (Which leads me to ask, what took him so long?) In 2008, he and his brother Ofer Gaist, now COO, started Nyotron as a penetration testing company. Before founding the company, and as a departure from his buddies who were probably playing Candy Crush or something, Nir hacked an Israeli service provider, which was so impressed with his skills it ended up hiring him. From there, he went on to test telephone systems, online banking protocols, ATMs and more for the largest banks in Israel. To read this article in full or to leave a comment, please click here
In November of 2015, First National Bank of South Africa received a ransom email from the Armada Collective, which was quickly followed by a teaser flood attack that the bank proactively mitigated. Sort of a shot across the bow to make sure the bank knew the criminals were serious.Bank officials didn’t flinch. According to a verbatim in Radware’s recently released Global Application & Security survey, the bank detected and mitigated the teaser flood attack before officials discovered the email, which had been sent to an unattended mailbox while the company was closed. With a hybrid DDoS mitigation solution in place, the flood attack had no impact and was immediately diverted to a scrubbing center for cleanup.To read this article in full or to leave a comment, please click here
It is going to cost yaImage by ThinkstockA recent IBM study found that the average cost of a data breach has hit $4 million—up from $3.8 million in 2015. There are countless factors that could affect the cost of a data breach in your organization, and it’s virtually impossible to predict the exact cost. You might be able to estimate a range with the help of a data breach calculator, but no single tool is perfect.To read this article in full or to leave a comment, please click here
President-elect Donald Trump plans to consult "the greatest computer minds” for input on bolstering U.S. hacking defenses, as experts say an overhaul to the country's cybersecurity is badly needed.“We’re going to put those minds together, and we're going to form a defense,” Trump said in a Wednesday press conference.Trump made the statement as he said Russia, China and other parties continue to launch cyber attacks against the U.S. In recent weeks, he’s also been confronting claims that the Kremlin used hacks and online propaganda in a covert campaign to tilt the election in his favor.To read this article in full or to leave a comment, please click here
The raw intelligence document published this week that contains salacious stories about Donald Trump also offers up a glimpse into how Russia goes about its cyber spying – including the tidbit that it has cracked Telegram’s encrypted instant messaging service.While none of the 35-page document is substantiated, it is detailed, and at least some of it is considered credible enough by U.S. intelligence agencies for them to have briefed Trump and President Barack Obama on it.According to the documents prepared by a former British spy, a “cyber operative” for the Russian Federal Security Service (FSB) told him that Telegram no longer posed an issue for the government. “His/her understanding was that the FSB now successfully had cracked this communication software and therefore it was no longer secure to use,” the document says.To read this article in full or to leave a comment, please click here
Security, not availability, is now the number one priority driving the adoption of application services, according to a new report by F5 Networks.Applications are becoming core to the digital economy, and organizations are increasingly turning to application services to keep them humming. In its third annual State of Application Delivery report, F5 Networks found that the average number of app services used by organizations increased from 11 in 2016 to 14 today. Sangeeta Anand, senior vice president of product management and marketing at F5 Networks, adds that the average organization plans to deploy 17 app services in the next 12 months.To read this article in full or to leave a comment, please click here
WASHINGTON -- The chairman of the U.S. House Committee on Homeland Security said Wednesday his top priority in 2017 will be to push for creation of a cybersecurity agency within the Department of Homeland Security.
“DHS needs focus and resources, and they are doing a decent job, but could be doing a lot better with the help of Congress,” said U.S. Rep. Michael McCaul (R-Texas) in comments to reporters at the National Press Club. “It’s not a Republican or Democratic issue.” Ed Schipul
U.S. Rep. Michael McCaul (R-Texas)To read this article in full or to leave a comment, please click here
The above headline on a post to Reddit piqued my interest this afternoon because it was in that site’s section devoted to system administration and those people know a bug when they encounter one.The Redditor elaborates: “I found a bug in my ASA today. Eth 0/2 was totally unusable and seemed ‘blocked.’ These Cisco bugs are really getting out of hand. I'm just glad I didn't open this port up to the web.”Scare quotes around blocked? Gratuitous mention of the web. I smelled a ruse before even opening the first of three pictures.No. 1, labeled “checking layer 1:”To read this article in full or to leave a comment, please click here
Security researchers have found a new ransomware program dubbed Spora that can perform strong offline file encryption and brings several innovations to the ransom payment model.The malware has targeted Russian-speaking users so far, but its authors have also created an English version of their decryption portal, suggesting they will likely expand their attacks to other countries soon.Spora stands out because it can encrypt files without having to contact a command-and-control (CnC) server and does so in a way still allows for every victim to have a unique decryption key.Traditional ransomware programs generate an AES (Advanced Encryption Standard) key for every encrypted file and then encrypts these keys with an RSA public key generated by a CnC server.To read this article in full or to leave a comment, please click here
Windows 10 Insider previews are sometimes just full of surprises. An unmentioned feature in Build 15002 was recently uncovered by Windows Central that appears to be a complementary feature to Windows Hello, the biometric login system that automatically unlocks your PC when you sit in front of it.Dubbed Dynamic Lock, this newly discovered feature is designed to automatically lock down your computer when Windows detects that you’re away. It’s not clear if the feature is working yet and Microsoft has yet to discuss it publicly. For that reason it’s unknown what Dynamic Lock actually does. Though Windows Central says Microsoft’s internal name for the feature is “Windows Goodbye,” which indeed suggests a close relationship with Windows Hello.To read this article in full or to leave a comment, please click here
Russia was likely behind the hacks of the Democratic National Committee and Hillary Clinton's presidential campaign, U.S. President-elect Donald Trump has finally acknowledged.
In his first news conference in about six months, Trump also said Wednesday that cybersecurity will be a top priority for his administration. He wants proposals on new hacking defenses within 90 days. "We get hacked by everybody," he said.
Trump's new found belief that Russia was responsible for cyberattacks during the presidential campaign comes after months of doubting U.S. intelligence reports that blamed Russia. But Trump also suggested U.S. intelligence may have leaked a 35-page dossier that accuses his campaign of working with Russian intelligence.To read this article in full or to leave a comment, please click here
I admit it: I sometimes suffer from “security fatigue,” and I bet you do, too.If you’ve ever reused a password for a new site login, thinking the site isn’t that important, you suffer from it. If you’ve clicked on a tempting email offer or social media request, even if it looked sketchy, you’ve got it. And if you’ve sent a business document to your private email so you can keep working on it at home, you’ve definitely got it.+ Also on Network World: The CSO password management survival guide +
You’re not alone. Security fatigue is a bug the majority of us have. A NIST study recently reported that most people don’t do the right thing when it comes to cybersecurity because they are too lazy, too hurried, or not convinced that they are a target for cybercrime.To read this article in full or to leave a comment, please click here
Have you ever seen a starling murmuration as the flock twists and turns in fantastic aerial acrobatics as if the mass shares one brain? Next time you think you see one, look again. It might not be a swarm of birds, but a swarm of 3D-printed, autonomous micro-drones.The U.S. Department of Defense announced a successful test of 103 Perdix drones. Granted, the drones are not a beautiful product of nature like starlings, but the swarm does act like a “collective organism” that shares a single brain for decision making.To read this article in full or to leave a comment, please click here
Best Buy offered its response to claims its Geek Squad repair technicians snoop through PCs brought in for repair, making a claim that is fairly obvious, given its situation. It stems from my last blog post, "Why you shouldn't trust Geek Squad ever again," which in turn was inspired by an Orange County Weekly article that claimed the FBI was paying Geek Squad staffers a $500 reward for any incriminating evidence they find in a device brought in for repair.To read this article in full or to leave a comment, please click here
You're in luckWe've cobbled together a slew of things for the geeky among you to do on Jan. 13 -- Friday the 13th that isth. And we suggest you do it up because you won’t get another chance until Oct. 13, 2017.Don’t miss the day!Mobile apps exist solely for the purpose of reminding you when Friday the 13th is coming up. Pocketkai’s free iOS app will remind you of the one to three Friday the 13ths coming up each year for the next 50 years. The Bogeyman’s Android app will do likewise, for the next 10 Friday the 13ths.To read this article in full or to leave a comment, please click here