WikiLeaks has continued to dump Clinton-related emails, such as three Goldman Sachs speeches that Clinton was paid about $225,000 to give, but a series of unusual tweets sent parts of the internet into a tizzy, claiming Assange had been killed and the tweets were triggered by a dead man’s switch.Yesterday, WikiLeaks’ regular tweets were interrupted by three tweets that contained hashes.To read this article in full or to leave a comment, please click here
The U.K.'s spy agencies breached the European Convention on Human Rights for years by secretly collecting almost everything about British citizens' communications except their content, a U.K. court has ruled.However, now that the U.K. government has admitted what it is doing, the collection is legal, the Investigatory Powers Tribunal ruled Monday.It has yet to rule on the issue of proportionality, or whether the agencies' actions were reasonable given the threat they sought to counter.Responding to a June 2015 complaint by campaign group Privacy International, the tribunal said the secret intelligence agencies had breached the ECHR for years because of the way they gathered bulk communications data (BCD) and bulk personal data (BPD).To read this article in full or to leave a comment, please click here
A "state actor" has cut off internet access for Julian Assange, the founder of WikiLeaks, the transparency activist organization said Monday.Assange's internet link has been "intentionally severed by a state party," WikiLeaks said in a Monday morning tweet."We have activated the appropriate contingency plans," the organization added.In recent days, WikiLeaks has published thousands of leaked emails from the account of John Podesta, chairman of U.S. presidential candidate Hillary Clinton's campaign. Clinton's campaign, along with President Barack Obama's administration, have accused WikiLeaks of cooperating with Russian hackers in an effort to raise questions about the legitimacy of the upcoming U.S. presidential election.To read this article in full or to leave a comment, please click here
Four U.S. lawmakers are questioning a Department of Justice decision to appeal a July court decision quashing a search warrant that would have required Microsoft to disclose contents of emails stored on a server in Ireland.Last Thursday, Preet Bharara, U.S. Attorney for the Southern District of New York, filed an appeal of the ruling by a three-judge panel of the U.S. Court of Appeals for the Second Circuit.To read this article in full or to leave a comment, please click here
Cybercriminals have unleashed a new banking Trojan program on the internet and it bears striking similarities to Dyre, a malware threat believed to have been dead for almost a year.The new Trojan is called TrickBot and first appeared in September, targeting users of banks in Australia. After a closer analysis, researchers from Fidelis Cybersecurity believe that it is a rewrite of the Dyre Trojan that plagued online banking users for over a year until the gang behind it was dismantled by Russian authorities.While TrickBot is still a work in progress and doesn't have all of Dyre's features, there are enough similarities in their components to suggest that at the very least one served as inspiration for the other. At the same time, there are also significant differences in how some functions have been implemented in the new Trojan, which also has more C++ code than its predecessor.To read this article in full or to leave a comment, please click here
Given it’s national cybersecurity awareness month, I hope all cybersecurity professionals are familiar with the Cybersecurity Canon. For those who are not, the goal of the cybersecurity canon is as follows:
To identify a list of must-read books for all cybersecurity practitioners—be they from industry, government or academia—where the content is timeless, genuinely represents an aspect of the community that is true and precise, reflects the highest quality and, if not read, will leave a hole in the cybersecurity professional’s education that will make the practitioner incomplete.To read this article in full or to leave a comment, please click here
Log management software helps IT managers understand and act on the flood of log data spewing from IT systems — to investigate security problems, prevent outages and improve the online customer experience. In essence, logs are a specialized source of business intelligence, while also providing an audit trail for regulatory compliance.Five of the top log management software products are Splunk, LogRhythm, AlienVault, HPE ArcSight Logger and SevOne, according to online reviews by enterprise users in the IT Central Station community. Those users say that the most important criteria to consider when choosing log management software are speed, stability, ease of use, and robust search capabilities.To read this article in full or to leave a comment, please click here(Insider Story)
Check Point has long been known as a firewall company but it is reaching beyond its roots with a new series of protective technologies under its SandBlast line.SandBlast has been around for several years, but received several significant updates over the past year to make it a truly effective endpoint protection product that can handle a wide variety of zero-day exploits across your entire enterprise.The goal behind SandBlast is simply stated: you want to lock down as many entry points for malware as possible, and make your network less of a target for hackers to establish a beachhead and run these exploits.To read this article in full or to leave a comment, please click here(Insider Story)
New products of the weekOur roundup of intriguing new products. Read how to submit an entry to Network World's products of the week slideshow.ScreenBeam 960Key features: ScreenBeam 960 is an enterprise-grade wireless display receiver for business professionals, medical practitioners and educators who need wireless display connectivity to collaborate, create and communicate. More info.§ For medium-to-large scale deployments§ Designed specifically for commercial applications and dense wireless environments§ No Wi-Fi network required§ Supports Windows 7/8, 8.1 and 10To read this article in full or to leave a comment, please click here
This powerful shredder from AmazonBasics micro-cuts a letter-sized sheet of paper into 2,235 useless pieces of confetti, up to 17 sheets at a time. Inserted one at a time into the designated slot, it also destroys credit cards, CDs, DVDs, and Blu Rays, rendering them completely unusable. It features a generous 7-gallon bin that pulls out for easy disposal. This micro-cut shredder averages 4.5 out of 5 stars on Amazon from over 170 people (82% rate a full 5 stars: read reviews). Its typical list price of $165 has been reduced 13% to $144.To read this article in full or to leave a comment, please click here
This powerful shredder from AmazonBasics micro-cuts a letter-sized sheet of paper into 2,235 useless pieces of confetti, up to 17 sheets at a time. Inserted one at a time into the designated slot, it also destroys credit cards, CDs, DVDs, and Blu Rays, rendering them completely unusable. It features a generous 7-gallon bin that pulls out for easy disposal. This micro-cut shredder averages 4.5 out of 5 stars on Amazon from over 170 people (82% rate a full 5 stars: read reviews). Its typical list price of $165 has been reduced 13% to $144.To read this article in full or to leave a comment, please click here
For at least six months, the online store at the National Republican Senatorial Committee site had “hidden skimming software” in the form of malicious JavaScript code; it was far from the only store which hackers had compromised via exploiting vulnerabilities in unpatched versions of ecommerce platforms, such as Magento. In fact, at least 5,925 stores were unwittingly participating in online skimming attacks run by multiple cybercriminal groups. Dutch researcher Willem de Groot estimated that 85 stores are compromised daily.To read this article in full or to leave a comment, please click here
For at least six months, the online store at the National Republican Senatorial Committee site had “hidden skimming software” in the form of malicious JavaScript code. It was far from the only store hackers had compromised via exploiting vulnerabilities in unpatched versions of ecommerce platforms, such as Magento. In fact, at least 5,925 stores were unwittingly participating in online skimming attacks run by multiple cybercriminal groups. Dutch researcher Willem de Groot estimated that 85 stores are compromised daily.To read this article in full or to leave a comment, please click here
For now, the US Secret Service has no reasonable assurance that its information systems are properly secured to protect Law Enforcement Sensitive case management information.That was but one of the conclusions laid at the feet of the US Secret Service today by the Department of Homeland Security’s Inspector General, John Roth in a scathing report on the agency tasked with protecting the President and other important government officials.+More on Network World: Federal cyber incidents grew an astounding 1,300% between 2006 and 2015+To read this article in full or to leave a comment, please click here
A bipartisan group of 48 U.S. lawmakers wants two government agencies to explain a surveillance program in which Yahoo reportedly scanned all the messages of its email users on behalf of the FBI.After recent news reports of the email scanning program, the Department of Justice and the Office of the Director of National Intelligence need to brief Congress about the efforts, the lawmakers said in a letter to the two agencies.The first news reports about the program contained "conflicting reports about which legal authority was used" for the email scans, said the letter, organized by Representatives Justin Amash, a Michigan Republican, and Ted Lieu, a California Democrat.To read this article in full or to leave a comment, please click here
The Royal Navy is testing just how much robot craft can do by themselves in military exercises off the British coast.Operation Unmanned Warrior 16 is a chance for allied nations and the defense industry to show off their latest maritime autonomous systems, as part of a broader military exercise called Joint Warrior."Fire and forget" torpedoes capable of homing in on the noise emitted by a target -- then sinking it -- have been around since World War II, but the systems involved in this exercise are less offensive.More than 50 craft are taking part this week, including uncrewed helicopters and underwater vehicles, and an autonomous rigid inflatable boat (RIB). They will perform tasks such as surveillance, intelligence-gathering and mine countermeasures.To read this article in full or to leave a comment, please click here
Users around the world have had trouble accessing some HTTPS websites due to an error at GlobalSign, one of the world's largest certificate authorities.As part of a planned exercise, GlobalSign revoked one of its cross-certificates that allowed end-user certificates to chain to alternate root certificates. GlobalSign operates multiple roots, which are trusted in browsers and operating systems by default, and links them together through these cross-certificates.The revocation of such a certificate was interpreted by some browsers and systems also as a revocation of the intermediate certificates that chained back to it. This was not really the case or the company's intention.To read this article in full or to leave a comment, please click here
When it comes to the cybersecurity skills shortage, ESG research reveals the following:
Forty-six percent of organizations claim that they have a “problematic shortage” of cybersecurity skills. This represents an increase of 18 percent compared to 2015.
A vast majority (87 percent) admit that it is “very difficult,” “difficult,” or “somewhat difficult” to recruit and hire cybersecurity professionals.
Yup, there is a definite shortage of cybersecurity professionals available, so recruiters are tripping over each other as they try to poach talent from their existing employers. According to a recently published report by ESG and the Information Systems Security Association (ISSA), 46 percent of cybersecurity professionals are solicited to consider other cybersecurity jobs by various types of recruiters at least once per week! This situation has led to salary inflation and massive disruption. To read this article in full or to leave a comment, please click here
Data security is a simmering issue in offshore outsourcing. The offshore workers who staff help desks, call centers and manage systems are accessing data in the U.S. The University of California IT employees, who will soon lose their jobs to overseas workers, are trying point this out.The IT employees say workers in India will have access to UCSF medical and financial information as well as to files with research and study data. The data will reside on hardware based in the U.S.They believe the university has an obligation to disclose its plans to the broader university community and give researchers, in particular, options about who can access this data.To read this article in full or to leave a comment, please click here
Don't be surprised if your company decides to do away with password logins. A new survey has found that most organizations are leaning toward phasing out password authentication.The results comes from Wakefield Research, which surveyed 200 IT decision makers in the U.S. last month. Sixty-nine percent of the respondents said they will probably do away with passwords completely in the next five years.Password login systems, though commonplace, are too vulnerable to hacking, according to SecureAuth, the company that commissioned the study. Not surprisingly, SecureAuth sells alternatives to password-based logins.To read this article in full or to leave a comment, please click here