Data everywhere Image by ThinkstockFirewalls, APT protection, antivirus, etc., are all necessary to protect an organization’s integrity. But when you get down to the nitty gritty, it’s about the data – the intellectual property, the customer PII, the M&A info, your customer data and all the information that keeps the business running. With today’s multiplatform environment, your sensitive information may no longer completely be under your control. It could be on any device, shared in unauthorized locations, or accessed by the right people the wrong way. You need to manage every facet of what is being accessed, by whom, when, where, and how.To read this article in full or to leave a comment, please click here
Mobile security is a bit of a misnomer. Few of us can say we’ve been attacked by a piece of malware or have quarantined an actual virus. The odds are stacked against us. Mobile operators like Verizon and Sprint routinely scan for threats, and both Google Android and the Apple iPhone include multiple security measures on their devices, from fingerprint scanners to full encryption.Yet, there’s a sneaking suspicion that mobile security is a bigger concern. According to one HP report, 67 percent of employees in the U.S. now work remotely. We’re relying on phones more and more. We store sensitive business documents on them and use them to make purchases.To read this article in full or to leave a comment, please click here
U.S. President Barack Obama said his country has had problems with cyber intrusions from Russia and other countries in the past, but aims to establish some norms of behavior rather than let the issue escalate as happened in arms races in the past.Obama’s statement on the sidelines of the G20 summit in China, after he met with Russian President Vladimir Putin, did not refer specifically to a recent hack of the Democratic National Committee of the Democratic Party that the U.S. Federal Bureau of Investigation is probing.Politically embarrassing emails from the breach were leaked ahead of the convention of the party, with many security experts holding that the hack had the backing of Russian intelligence services. Whistleblowing website WikiLeaks released the emails but did not disclose their source. The U.S. government hasn’t blamed Russia for the incident.To read this article in full or to leave a comment, please click here
Concerns at the Apache Software Foundation that the Apache OpenOffice project it hosts might be failing have prompted a debate about retiring the project, and triggered the resignation of at least one member of the project's management committee. The office productivity suite was once a key element of efforts to build an open source alternative to Microsoft's dominance of the desktop.Now its remaining developers struggle to keep on top of security issues in the code, and the ASF Board has asked the project's management committee to explain itself and propose a remedy, committee chair Dennis E. Hamilton said in an email to project contributors last week.To read this article in full or to leave a comment, please click here
Not everyone gets Labor Day off as a holiday, but that doesn’t mean the majority of people not working have literally gone on vacation. In the future, people scheduled to work on holidays and those with the days off but not the means to go on an exotic vacation, they can pick any day to explore wonders such as the Amazon rainforest or white beaches of the Caribbean. At least, that is what Expedia claimed; by using virtual and augmented reality, people won’t even need to leave home to explore some of the world’s wonders.If you really are not into the idea of a stay-at-home vacation, then VR and AR could also be used in a “try before you buy” vacation scenario. That tech might also be the answer to long-distance love affairs. Some futurists, such as Google’s Dr. Ray Kurweil, have predicted, “We will spend considerable time in virtual and augmented realities allowing us to visit with each other even if hundreds of miles apart. We’ll even be able to touch each other.”To read this article in full or to leave a comment, please click here
A bad malware signature caused Sophos antivirus products to detect a critical Windows file as malicious on Sunday, preventing some users from accessing their computers.The false positive detection flagged winlogon.exe, an important component of the Windows Login subsystem, as a Trojan program called Troj/FarFli-CT. Because the file was blocked, some users who attempted to log into their computers were greeted by a black screen.Sophos issued an update to fix the problem within a few hours and said that the issue only affected a specific 32-bit version of Windows 7 SP1 and not Windows XP, Vista, 8 or 10."Based on current case volume and customer feedback, we believe the number of impacted systems to be minimal and confined to a small number of cases," the company said in a support article.To read this article in full or to leave a comment, please click here
Two different hacking groups, both which claim to be of the non-malicious variety, have been busy bringing suspended Twitter accounts back from the dead and power-spamming Variety subscribers.OurMine hacked Variety, power-spammed subscribersIf folks who like news about Hollywood hadn’t heard of the hacking group OurMine, then some of them are very familiar with the group’s name now.OurMine reportedly compromised Variety’s content management system around 9 am PT on Saturday and published a post which Engadget said was later removed, but the hacking collective’s antics didn’t stop there. Variety’s subscribers were hammered with spam.To read this article in full or to leave a comment, please click here
In 2013, an unknown user accessed an email account on Hillary Clinton’s private email server through Tor, the anonymous web surfing tool, according to new FBI documents.On Friday, the FBI provided details on the possible breach in newly released files about its investigation of Clinton’s use of a private email server when she was the U.S. secretary of state.The affected email account belonged to a member of Bill Clinton's staff. In January 2013, an unknown user managed to log in to the account and browse email folders and attachments.To read this article in full or to leave a comment, please click here
The latest in a string of hacks against retail point-of-sale systems has hit the operator of a cloud-based service with about 38,000 business clients.Montreal-based Lightspeed reported the breach on Thursday and said it affected a system that retailers can use from tablets, smartphones and other devices. The incident occurs as a growing number of retailers and hotels have been targeted by hackers, who typically install malware into the point-of-sale systems to steal credit card numbers.To read this article in full or to leave a comment, please click here
In my last blog, I wrote about what I was anticipating as far as cybersecurity for VMworld. Now that I’m back from Vegas, it’s time for me to report on how reality aligned with my expectations.1. NSX penetration. It seems like VMware has made progress in terms of NSX market penetration over the past year. At VMworld 2015, VMware talked about around 1,000 production environments for NSX while at VMworld 2016, VMware mentioned somewhere between 1,700 to 2,000 production NSX customers. Still a small percentage of the total VMware installed base but at least 70% growth year-over-year. Yes, some of these customers are likely just getting started or are using NSX on an extremely limited basis, but I still see good progress happening as more and more organizations begin playing with and using NSX. VMware describes three primary uses for NSX: Disaster recovery, security, and network operations automation. It is worth noting that around 60% to 70% of NSX deployment is skewed toward security use cases. To read this article in full or to leave a comment, please click here
Five years after a security breach forced the Linux Foundation to take kernel.org offline and to rebuild several of its servers, police have arrested a suspect in the case.Donald Ryan Austin, a 27-year-old computer programmer from El Portal, Florida, was arrested during a traffic stop on Aug. 28 based on a sealed indictment returned by a federal grand jury in the Northern District of California in June.Austin is charged with intentionally damaging four protected servers operated by the Linux Foundation and one of its members in 2011. More specifically, the programmer is accused to have installed rootkit and trojan software on the servers in order to steal the credentials of authorized users connecting to them via SSH (Secure Shell).To read this article in full or to leave a comment, please click here
Apple yesterday issued an emergency security update for the Mac, patching the same trio of vulnerabilities the company fixed last week on the iPhone.
According to one of the groups that first revealed the flaws, the vulnerabilities could have been "weaponized" for use against OS X, the Mac's operating system.
The out-of-band update was aimed at OS X El Capitan (aka 10.11) and Yosemite (10.10), the 2015 and 2014 editions, respectively. Older versions, including 2014's OS X Mavericks, went unpatched: Apple is nearing the release of its annual Mac operating system upgrade and thus the end of support for the edition of three years ago.
Like the urgent update Apple released last week for the iPhone -- iOS 9.3.5 -- the Mac patches quash three bugs, two in the operating system's kernel and the third in the Safari browser.To read this article in full or to leave a comment, please click here
Microsoft has expanded its bug bounty programs to cover the open-source .NET Core and ASP.NET Core application development platforms.The .NET Core and ASP.NET Core technologies are used to create server applications that can run on Windows, Linux, and Mac. The ability to write code once and have it run on multiple platforms have made these technologies popular with enterprise software developers.Microsoft will pay monetary rewards between US$500 and $15,000 for critical vulnerabilities in the RTM (release to manufacturing), Beta, or RC (release candidate) releases of these platforms.Flaws in Microsoft's cross-platform Kestrel web server are also covered by the new bug bounty program, as well as vulnerabilities in the default ASP.NET Core templates provided with the ASP.NET Web Tools Extension for Visual Studio 2015 or later.To read this article in full or to leave a comment, please click here
Iris scanner technology is emerging in smartphones, including the new Samsung Note 7, but is expected to come soon to cars and ATM machines to verify a user’s identity.Experts say an iris scan can be more reliable than a fingerprint scan, which is a big reason it is expected to be used in more devices in coming years. Each iris, the colorful part of the eye that forms a ring around the pupil, is unique and therefore a good biometric indicator.Samsung’s Android 6-based Note 7, which shipped on Aug. 19, takes advantage of the technology as well as the Windows 10 Mobile-based HP Elite X3.To read this article in full or to leave a comment, please click here
Security experts have been saying for decades that human weakness can trump the best technology.Apparently, it can also trump conventional wisdom.Since passwords became the chief method of online authentication, conventional wisdom has been that changing them every month or so would improve a person’s, or an organization’s, security.Not according to Lorrie Cranor, chief technologist of the Federal Trade Commission (FTC), who created something of a media buzz earlier this year when she declared in a blog post that it was, “time to rethink mandatory password changes.” To read this article in full or to leave a comment, please click here
Days after reports that a new ransomware attack was deleting files from web servers, security researchers determined that some of the affected servers were hacked through insecure deployments of the Redis database.Over the past week, reports popped up on support forums about web servers being wiped clean and hosting a ransom note through which attackers offered to return the deleted files in exchange for two bitcoins (around US$1,150). Experts from tech support forum BleepingComputer.com dubbed the new threat FairWare.To read this article in full or to leave a comment, please click here
A Romanian hacker known as Guccifer has been sentenced to 52 months in prison after breaking into internet accounts of about 100 U.S. citizens, including government officials.The 44-year-old Marcel Lehel Lazar was sentenced on Thursday. He was extradited from Romania and brought to court in the U.S., where he pleaded guilty to the hacking-related charges in May.From Oct. 2012 to Jan. 2014, Lazar targeted the email and social media accounts of his U.S.-based victims, as a way to steal their personal information and email messages. That included hacking a family member of two former U.S. presidents and several former U.S. officials. “In many instances, Lazar publicly released his victims’ private email correspondence, medical and financial information and personal photographs,” the Department of Justice said in a statement.To read this article in full or to leave a comment, please click here
Stolen data obtained from music site Last.fm back in 2012 has surfaced, and it looks like hackers made off with accounts belonging to more than 43 million users.That's according to LeakedSource, a repository for data breaches that obtained a copy of the stolen data. Included in the trove are users' names, email addresses and passwords secured with an aging hashing algorithm called MD5, LeakedSource reported in a blog post on Thursday.Last.fm hasn’t responded so far to a request for comment. The music service reported the breach four years ago and asked all its users to change their passwords immediately. It never made clear how many accounts were affected, however, or the hashing method it used to secure the passwords.To read this article in full or to leave a comment, please click here
The U.S. Department of Justice today said Marcel Lazar, aka hacker “Guccifer,” was sentenced today to 52 months in prison for unauthorized access to a protected computer and aggravated identity theft.+More on Network World: FBI: Bank robbery? There’s an app for that+Lazar, originally from Romania, was extradited to the U.S. earlier this year and was awaiting this sentencing for breaking into the email and social media accounts of various U.S. officials including former U.S. Secretary of State Colin Powell as well as a the daughter of former President George H.W. Bush.To read this article in full or to leave a comment, please click here
In cryptography, the "man in the middle" is usually an attacker -- but when Keezel wants to get between you and the Wi-Fi connection in your hotel or your home, it's for your own good.After a long crowdfunding campaign, the company is getting ready to ship its Wi-Fi security device, also called Keezel, in October. Any orders it picks up at the IFA trade show in Berlin this week will be fulfilled from a second production run in November, said Keezel CEO Aike Muller.One problem Keezel aims to solve is that hotel and other public Wi-Fi services are often unencrypted, leaving your data wide open to eavesdropping by others in the area. If there is authentication, it's often only for billing purposes, and performed by a captive portal after the traffic has gone over the air in the clear.To read this article in full or to leave a comment, please click here