Internet giant Yahoo announced a massive data breach Wednesday that affected over one billion accounts, making it by far the largest data breach in history. This follows the disclosure in September of a different breach that affected more than 500 million of the company's customers.What stands out with this new security compromise is that it occurred over three years ago, in August 2013, and that hackers walked away with password hashes that can be easily cracked.To read this article in full or to leave a comment, please click here
A Wednesday summit between some of the most powerful people in technology and U.S. president-elect Donald Trump covered a wide ground but avoided discussion on two of the biggest issues facing the industry: the use of encryption and government surveillance.Trump's team called the meeting the start of "a conversation and partnership in order to spark innovation and create more jobs in the U.S." and said it could be repeated as often as once a quarter once he assumes the presidency.Many in Silicon Valley had been vocal opponents of Trump prior to the election, but in meeting executives of the region's biggest companies on Wednesday, Trump sought to gain their support. In particular, he asked them for "specific innovative solutions that have been blocked by narrow thinking in Washington," his team said in a statement.To read this article in full or to leave a comment, please click here
Google may know more about me than I know about myself.I'm not just saying that, either: I recently started poking around in Google's personal data repositories and realized that, between my wide-reaching use of the company's services and my own brain's inability to remember anything for more than seven seconds, Google may actually have the upper hand when it comes to knowledge about my life.From face-tagged photos of my past adventures (what year did I go to Nashville, again -- and who went with me to that Eddie Vedder show?) to the minute-by-minute play-by-play of my not-so-adventuresome days (wait, you mean I really only left the house once last Wednesday -- and just to get a freakin' sandwich?!), Google's got all sorts of goods on me. Heck, even my hopes and dreams (which may or may not involve sandwiches) are probably catalogued somewhere in its systems.To read this article in full or to leave a comment, please click here
Ho-ho, whoaImage by ThinkstockThe downtime created by the holiday season is a fan favorite for enterprise employees and hackers alike. As workers are enjoying time away from the office for vacations or working remotely, hackers are viewing this slow down as an optimal time to attack corporate systems. To avoid having your organization turn into this holiday’s victim, security professionals provide tips for IT managers to protect corporate data, as well as share recommendations for using the slower cycles to test security systems. To read this article in full or to leave a comment, please click here
Larger enterprises have the resources to not only afford the technology needed to grow in the digital age, but they also have the budget and manpower to build security into their overall ecosystems.Does the K-12 education sector have the means to do the same? As the use of technology becomes more prevalent in public schools, will collecting more data potentially increase the cybersecurity risks for the K-12 sector?Earlier this fall, the Center for Data Innovation released a report, Building a Data-Driven Education System in the United States, in which they said 93 percent of teachers are regularly using digital tools to assist classroom instruction in some capacity.To read this article in full or to leave a comment, please click here
The rapidly expanding wearable device market raises serious privacy concerns, as some device makers collect a massive amount of personal data and share it with other companies, according to a new study.Existing health privacy laws don't generally apply to wearable makers, the study says. While consumers are embracing fitness trackers, smart watches, and smart clothing, a "weak and fragmented" health privacy regulatory system in the U.S. fails to give consumers the privacy protections they may expect, said the study, released Thursday by the Center for Digital Democracy and the School of Communication at American University.To read this article in full or to leave a comment, please click here
Security researchers are disturbed it took Yahoo three years to discover that details of over 1 billion user accounts had been stolen back in 2013.It means that someone -- possibly a state-sponsored actor -- had access to one of the largest email user bases in the world, without anyone knowing. The stolen database may have even included information on email ids of U.S. government and military employees.“It is extremely alarming that Yahoo didn’t know about this,” said Alex Holden, chief information security officer with Hold Security.Yahoo said back in November it first learned about the breach when law enforcement began sharing with the company stolen data that had been provided by a hacker. At the time, the company was already dealing with a separate data breach, reported in September, involving 500 million user accounts.To read this article in full or to leave a comment, please click here
Members of congress are demanding answers over claims that Russia attempted to influence the U.S. presidential election with several high-profile hacks. U.S. intelligence agencies are confident that the Kremlin was involved, but incoming president Donald Trump remains skeptical. As they prepare to investigate, here’s some questions lawmakers should be asking to help them understand and respond to these hacks. What evidence do we have proving Russia’s involvement?
Attribution in any hack can be incredibly difficult, as Trump noted in a tweet, but cybersecurity experts say they have technical evidence showing that Democratic groups and figures were at the very least hacked with spear phishing emails and hard-to-detect malware from two suspected Russian hacking teams.To read this article in full or to leave a comment, please click here
In what is likely the largest data breach ever, Yahoo is reporting that data associated with more than 1 billion user accounts was stolen in August 2013.The incident is separate from a breach Yahoo reported in September involving at least 500 million users that originally occurred in late 2014 and shook public trust in the company.Stolen user data from this new breach involves names, email addresses, telephone numbers, dates of birth, and hashed passwords using an aging algorithm known as MD5 that can be cracked.To read this article in full or to leave a comment, please click here
Evernote is changing its privacy policy to let employees read its customers' notes, and they can't opt out. Users have until Jan. 23 to move their notes out of the company's system and delete their accounts if they want to avoid the sanctioned snooping. Companies using Evernote Business can have their administrators opt out, but users won't have individual control over it.The change a push by the company to enhance its machine learning capabilities by letting a select number of employees view the private information of its users to help with the training of algorithms."While our computer systems do a pretty good job, sometimes a limited amount of human review is simply unavoidable in order to make sure everything is working exactly as it should," the company said in a support bulletin.To read this article in full or to leave a comment, please click here
As 2016 draws to a close, we can reflect on a year where cybersecurity has played a major role. Even presidential campaigns haven’t been free from hacking scandals and data leaks. The average cost of a data breach for companies grew from $3.8 million last year to $4 million in 2016, according to the Ponemon Institute.Companies of all sizes have embraced the cloud and open source has become the standard for infrastructure software. Both pose their own blend of benefit and risk. A major datacenter attack or failure could be problematic for many companies, and we can certainly expect an increase in the number of cyber-attacks based on open source vulnerabilities.To read this article in full or to leave a comment, please click here
Game changers?Image by ThinkstockIn the networking industry, it seems that every year there’s a flurry of mergers and acquisitions. Turns out that 2016 was no different. Here are 10 that have the most game changing potential, since they have the potential to move the acquiring company into an entirely new market.To read this article in full or to leave a comment, please click here
While the Internet of Things has started to become useful, many are still freaked out about devices not working well together and becoming security liabilities. The University of New Hampshire InterOperability Laboratory (UNH-IOL) will attempt to address both of those concerns via its new IoT Testing Services.
Test services will apply to devices for homes, industrial networks, smart cities and connected cars, according to UNH-IOL. What's more, testing will be offered for the IPv6 Forum's IPv6 Ready IoT Logo in the spring.
MORE: Beware the ticking Internet of Things security time bombTo read this article in full or to leave a comment, please click here
A hefty judgement against Ashley Madison, the dating site for adulterers, is just the tip of the iceberg when it comes to penalties the company must pay as a result of the theft and public posting of its customers' data when the company was hacked last year.Ruby Corp., the parent company of Ashley Madison agreed to pay $8.75 million fine to the Federal Trade Commission and another $8.75 million to 13 states that also filed complaints. It will wind up paying just $1.6 million because it is strapped for assets.To read this article in full or to leave a comment, please click here
The company behind Ashley Madison, the adultery enabling website, has agreed to pay a US$1.6 million settlement related to a major data breach last year that exposed account details of 36 million users.Ashley Madison's operator, Toronto-based Ruby, is making the settlement for failing to protect the account information and for creating fake user profiles to lure in prospective customers, the U.S. Federal Trade Commission said on Wednesday.In July 2015, a hacking group called Impact Team managed to steal the account details and then post them online a month later -- potentially damaging the reputation of the customers using the adultery website.To read this article in full or to leave a comment, please click here
Cyber incidents dominated headlines this year, from Russia’s hacking of Democrat emails to internet cameras and DVRs launching DDoS attacks, leaving the impression among many that nothing should be entrusted to the internet.
These incidents reveal technical flaws that can be addressed and failure to employ best practices that might have prevented some of them from happening.
+More on Network World: Gartner Top 10 technology trends you should know for 2017+To read this article in full or to leave a comment, please click here
Picture this: Your company's network is facing a DDoS attack, but you have no idea who is responsible or what their motivation might be. Without this knowledge, you can't tell if they want money in exchange for stopping the attack or if the attack is a diversion to occupy your security team while your network is being penetrated and commercial secrets are stolen.In the aftermath of a network breach it can also be incredibly useful to know some information about the likely attackers. That's because knowing who they were — or just where they were from — can help you carry out a more accurate damage assessment exercise. This knowledge can guide you where to look for signs of data compromise, and what other specifics (such as exploit kits or Trojans that may have been left behind) to search for.To read this article in full or to leave a comment, please click here
Adobe Systems has released security updates for several products, including one for Flash Player that fixes a critical vulnerability that's already known and exploited by attackers.The Flash Player update fixes 17 vulnerabilities, 16 of which are critical and can be exploited to execute malicious code on affected systems. One of those vulnerabilities, tracked as CVE-2016-7892 in the Common Vulnerabilities and Exposures (CVE) catalogue, is already being used by hackers."Adobe is aware of a report that an exploit for CVE-2016-7892 exists in the wild, and is being used in limited, targeted attacks against users running Internet Explorer (32-bit) on Windows," the company said in a security advisory.To read this article in full or to leave a comment, please click here
Netgear stepped up by publishing a list of routers which are vulnerable to attack as well as releasing beta firmware to patch some of those models.The company confirmed the existence of the flaw which US-CERT believed was dangerous enough to advise users to stop using vulnerable routers. In addition to the originally announced vulnerable Netgear routers models R6400, R7000, R8000, Netgear warned that nine other router models are also vulnerable.To read this article in full or to leave a comment, please click here
With digital transformation dominating the business agenda, IT pros are under pressure to create a modern-day tech foundation sturdy enough to drive that change as they head into 2017. What milestones are they aiming for in the year ahead? Where should they direct their limited resources?According to Computerworld's Forecast 2017 survey, IT professionals will prioritize security, analytics, XaaS or "as a service" technology, virtualization and mobile apps in the coming year. If you're thinking of adding those technologies to your own 2017 to-do list, read on for findings from our survey, along with real-world advice from other IT leaders.To read this article in full or to leave a comment, please click here