Archive

Category Archives for "Network World Security"

Verizon may want a $1 billion discount on Yahoo

Verizon may be getting cold feet with its acquisition of Yahoo. Reportedly, it's asking for a $1 billion discount on the original $4.8 billion deal for the Internet company.Recent news about Yahoo's massive data breach and its alleged secret email scanning program has diminished the company's value in the eyes of Verizon, according to a Thursday report by the New York Post.Tim Armstrong, the head of AOL, which Verizon acquired in 2015, reportedly has met with Yahoo executives about reducing the acquisition price.  "He’s pretty upset about the lack of disclosure and he’s saying can we get out of this or can we reduce the price?" the report said, quoting what it called a source familiar with Verizon's thinking.To read this article in full or to leave a comment, please click here

How companies can deal with insider data theft

To learn that your company's confidential data was stolen -- not by any hacker, but by an employee -- is a nightmare scenario that no one wants to face.But it's also a risk that's very real. The recent arrest of a former NSA contractor suspected of stealing classified government files is just the latest high-profile example, and security experts say all companies need to be on guard against potential insider threats.How serious is the threat? It's not every day that thieving employees take to the digital black market to sell their company's sensitive information, but it does happen, and incidents have been occurring more frequently, said Andrei Barysevich, a director at security firm Flashpoint.To read this article in full or to leave a comment, please click here

Spammers prefer Trump over Clinton, but are rapidly losing faith in Trump

Whatever difficulties Donald Trump may be having with white college-educated women, African Americans, Latinos, hawkish conservatives and the co-hosts of “Morning Joe,” he’s far and away the favorite presidential candidate of at least one demographic group: spammers. However, he seems to have lost significant support among that group as well. These conclusions are drawn from a year’s worth of data assembled by Network World Test Alliance member Joel Snyder, a senior partner at Opus One in Tucson, Ariz. Opus One has been testing anti-spam products for more than a decade, and, as the following chart shows, Trump-related spam has dwarfed Clinton-related spam over the past year … only less so as the campaign has worn on.To read this article in full or to leave a comment, please click here

What CSOs can learn from the Yahoo breach

In the latest episode of Security Sessions, CSO Editor-in-chief Joan Goodchild talks about the implications of the Yahoo data breach, in which up to 500 million accounts were hacked. Joining Goodchild in the discussion is Kevin O'Brien, CEO and founder of GreatHorn, who offers advice to CSOs and other IT security leaders on ways to learn from this particular breach.

FCC to vote on strict privacy rules for ISPs in late October

The U.S. Federal Communications Commission will push forward with controversial privacy regulations that would require broadband providers to get customer permission before using and sharing geolocation, browsing histories, and other personal information.Broadband providers have complained the proposal puts stronger privacy rules in place for them than for internet companies like Google and Facebook. But FCC Chairman Tom Wheeler has scheduled a final vote on the regulations for Oct. 27.Broadband customers should have the ability to make informed decisions about their privacy, and the rules are designed to help them, FCC officials said in a press briefing,To read this article in full or to leave a comment, please click here

Spotify ads slipped malware onto PCs and Macs

Spotify's ads crossed from nuisance over to outright nasty this week, after the music service’s advertising started serving up malware to users on Wednesday. The malware was able to automatically launch browser tabs on Windows and Mac PCs, according to complaints that surfaced online.As is typical for this kind of malware, the ads directed users’ browsers to other malware-containing sites in the hopes that someone would be duped into downloading more malicious software. The “malvertising” attack didn’t last long as Spotify was able to quickly correct the problem.“We’ve identified an issue where a small number of users were experiencing a problem with questionable website pop-ups in their default browsers as a result of an isolated issue with an ad on our Free tier,” Spotify said on several threads in its support forums. “We have now identified the source of the problem and have shut it down. We will continue to monitor the situation.”To read this article in full or to leave a comment, please click here

The state of cybersecurity professional careers

I’ve written about and researched the cybersecurity skills shortage for many years. For example, ESG research indicates that 46 percent of organizations claim to have a “problematic shortage” of cybersecurity skills this year—an 18 percent increase from 2015.Of course, I’m not the only one looking into the cybersecurity skills shortage. For example: According to Peninsula Press (a project of the Stanford University Journalism Program), more than 209,000 U.S.-based cybersecurity jobs remained unfilled, and postings are up 74 percent over the past five years. Analysis of the U.S. Bureau of Labor Statistics indicates that the demand for cybersecurity professionals is expected to grow 53 percent by 2018. So, many researchers agree, then, that we don’t have enough skilled prospects to fill all of the open cybersecurity jobs. OK, but that puts a heck of a lot of burden on the existing cybersecurity workforce. Are they up to the task? Do they have the right training? Are they managing their careers appropriately?To read this article in full or to leave a comment, please click here

EU privacy watchdogs have questions about Yahoo’s secret email scanning

European Union privacy watchdogs are concerned by reports that Yahoo has been secretly scanning its users' email at the request of U.S. intelligence services."It goes far beyond what is acceptable," said Johannes Caspar, Commissioner for Data Protection and Freedom of Information in Hamburg, Germany.Reuters reported on Tuesday that Yahoo had built a system for U.S. government agencies to search all of its users' incoming emails. Other tech companies were quick to distance themselves, saying they would have challenged any such request in court.To read this article in full or to leave a comment, please click here

Security vs. privacy: The endless fiery debate continues

The intractable nature of the “privacy vs. security” debate, in a world where the internet is a tool for criminals, spies and terrorists as well as for billions of law-abiding citizens, was on full display during Wednesday’s Cambridge Cyber Summit at MIT.Not surprisingly, it didn’t get resolved.The event, hosted by The Aspen Institute, CNBC and MIT, featured top-level government officials, private-sector experts and activists, who all agreed that there needs to be a “conversation” about how to “balance” the two, and that to achieve it will require more effective cooperation between the public and private sectors.But there was no agreement about where that balance lies. About the best they could do, after some conversation that got chaotic at times, was agree that they should continue the conversation.To read this article in full or to leave a comment, please click here

Yahoo’s secret email scans helped the FBI probe terrorists

What Yahoo was looking for with its alleged email scanning program may have been signs of code used by a foreign terrorist group. The company was searching for a digital "signature" of a communication method used by a state-sponsored terrorist group, according to a new report from The New York Times that provided more details on Yahoo's email scanning.  The report on Wednesday report didn't identify the signature or say if it involved any cryptographic computer code. But the article said it was the U.S. Department of Justice, and not the National Security Agency, that had obtained a court order forcing Yahoo to comply. A Reuters report on Tuesday wasn't clear about what agencies were involved in the probe.To read this article in full or to leave a comment, please click here

Phishing still fools people, but at least more are cautious

While people still have a really hard time telling the difference between legit and phishing emails, at least there is enough awareness of the phishing threat that many people will err on the side of caution when it comes to clicking on links.This was one finding from Carnegie Mellon University's CyLab in a study titled "Quantifying Phishing Susceptibility for Detection and Behavior Decisions" that published recently in the journal Human Factors.MORE: New tech can help catch spearphishing attacksTo read this article in full or to leave a comment, please click here

FBI arrests an NSA contractor suspected of stealing hacking tools

The FBI has arrested a U.S. government contractor for allegedly stealing classified documents, possibly including hacking tools.Harold Thomas Martin III, 51, has been charged with stealing government materials, including top secret information, the U.S. Department of Justice said on Wednesday.Martin, who held a top-secret national security clearance, allegedly took six classified documents produced in 2014."These documents were produced through sensitive government sources, methods, and capabilities, which are critical to a wide variety of national security issues," the DOJ said. To read this article in full or to leave a comment, please click here

IDG Contributor Network: Many people abandon security, risky behavior surges

People are sick and tired of being told to be more secure in their use of computers and when participating in online activities. So much so that they’re simply ignoring the blitz of annoying demands and are carrying on as imprudently as they’ve always done, according to National Institute of Standards and Technology (NIST) researchers.The U.S. Department of Commerce-operated lab recently published a report (subscription) on the subject in IEEE’s IT Professional Journal.The study’s participants “expressed a sense of resignation and loss of control” when the scientists asked them about their online activity, such as shopping and banking.To read this article in full or to leave a comment, please click here

Creepy clown craze actually addressed at White House press conference

It’s been a week since we looked at the clown hysteria sweeping the nation, including a sheriff consulting with the FBI and Homeland Security over the clown threat, and now creepy clowns have even been addressed during a White House press conference.On Tuesday, Bloomberg’s Justin Sink asked White House press secretary Josh Earnest about the creepy clown craze. Sink mentioned that The New York Times reported 12 people have been arrested for either making fake clown reports, threats, or chasing people, and law enforcement is seeking clown advise from DHS and the FBI. He asked if President Obama was keeping tabs on the creepy clown phenomena and if the White House had any comments to discourage clown pranks.To read this article in full or to leave a comment, please click here

Guccifer 2.0 claims to have hacked the Clinton Foundation

Hacker Guccifer 2.0 now claims to have hacked the Clinton Foundation, but the documents posted show Democratic campaign data from organizations already compromised.Guccifer 2.0, believed by some security experts to be a Russian team of  hackers, posted several documents Tuesday that he claims to have taken from servers at the Clinton Foundation, the charity founded by former U.S. President Bill Clinton, husband of Democratic presidential candidate Hillary Clinton.Earlier this year, Guccifer 2.0 claimed to have hacked both the Democratic National Committee and the Democratic Congressional Campaign Committee (DCCC), and the new documents appear to be more of the same. To read this article in full or to leave a comment, please click here

Yahoo calls report of secret email scanning ‘misleading’

Yahoo has called a Reuters article about a secret email scanning program "misleading," and said no such system exists. On Tuesday, the Reuters article claimed that Yahoo had created the custom software program after receiving a classified U.S. government order.  That software program is reportedly capable of scanning all incoming emails from Yahoo customers for information provided by U.S. intelligence officials.However, on Wednesday Yahoo disputed the report.“We narrowly interpret every government request for user data to minimize disclosure. The mail scanning described in the article does not exist on our systems," the company said in an email. To read this article in full or to leave a comment, please click here

Cerber ransomware kills database connections to access important data

In order to encrypt some of the most important data stored on computers and servers, the Cerber ransomware now tries to kill processes associated with database servers.The goal for ransomware programs is to affect as many valuable files as possible in order to increase the chance that affected users will pay to have them restored. For consumers these files are things like personal photos, videos, documents and even game saves, but for businesses, its usually data stored in databases.The problem for hackers is that write access to database files can be blocked by the OS if they're already being used by other processes, which prevents the ransomware program from encrypting them.To read this article in full or to leave a comment, please click here

Q&A: The myths and realities of hacking an election

Election hacking has become a key topic during this year's presidential elections, more so now that candidates and voters are being actively targeted by actors that are assumed to be acting with Russian support. In this modified edition of CSO Online's Hacked Opinions series, we explore the myths and realities of hacking an election, by speaking with a number of security experts.Q: Can the national election really be hacked? If so, how? "It’s unlikely that the national election could really be hacked to alter the outcome. Voter registration databases have recently proven vulnerable, but adding, modifying, or deleting records doesn’t produce the intended effect (changed outcome); it just raises questions about the integrity of the database on election day," said Levi Gundert, CP of Intelligence and Strategy, Recorded Future.To read this article in full or to leave a comment, please click here

Hacking an election is about influence and disruption, not voting machines

Every time there's an election, the topic of hacking one comes to the surface. During a presidential election, that conversation gets louder. Yet, even the elections held every two years see some sort of vote hacking coverage. But can you really hack an election? Maybe, but that depends on your goals.The topic of election hacking is different this year, and that's because someone is actually hacking political targets. Adding fuel to the fire, on Aug. 12, 2016, during an event in Pennsylvania, Donald Trump warned the crowd that if he loses the battleground state, it's because the vote was rigged.To read this article in full or to leave a comment, please click here

One election-system vendor uses developers in Serbia

Voting machines are privately manufactured and developed and, as with other many other IT systems, the code is typically proprietary.The use of proprietary systems in elections has its critics. One Silicon Valley group, the Open Source Election Technology Foundation, is pushing for an election system that shifts from proprietary, vendor-owned systems to one that that is owned "by the people of the United States."To read this article in full or to leave a comment, please click here