The FBI is said to be investigating yet another suspected hack of a Democratic Party organization, this time of the Democratic Congressional Campaign Committee that raises funds for Democrats running for the House of Representatives.The previously unreported hack of the DCCC is likely to have been aimed at gathering information on donors rather than steal funds, four sources told Reuters.The intrusion is likely to raise fresh concerns about Russia trying to meddle in the U.S. elections. Another hack of the Democratic National Committee, suspected by security investigators to have been perpetrated by Russians, led to an embarrassing dump on Friday of leaked emails that showed that the Democratic Party's national strategy and fund-raising committee had favored Hillary Clinton over Senator Bernie Sanders, her rival in the presidential nomination campaign.To read this article in full or to leave a comment, please click here
Donald Trump’s muddled stance on hacking has disturbed security experts at time when the tech industry is looking for clarity on the U.S.'s cyber policy.On Wednesday, the outspoken presidential candidate seemed to call on Russia to break into rival Hillary Clinton’s email system.“Russia, if you’re listening, I hope you’re able to find the 30,000 emails that are missing,” Trump said, referring to emails Clinton had deleted from a private email server. On Thursday, he walked back his comment and said he was being sarcastic.To read this article in full or to leave a comment, please click here
When Black Hat convenes next week in Las Vegas, it will be a rich environment for gathering tools that can be used to tighten security but also - in the wrong hands - to carry out exploits.Researchers presenting generally point out the value these releases hold for researchers like themselves who operate in experimental environments as well as for enterprise security pros who want to build better defenses against such attack tools.Presenters will detail a broad range of exploits they’ve carried out against devices, protocols and technologies from HTTP to internet of things gear to the techniques penetration testers use to test the networks of their clients.To read this article in full or to leave a comment, please click here
National Moth Week, Black Hat exploit presentations, edible insects, Pornhub's bug bounty, Flash vulnerabilities and Zica prevention at the Rio Olympics all came up on this week's Bugs & Bugs Facebook Live event, the program on which we discuss the latest in computer bugs and real insects (view saved version of video below).As my colleague Tim Greene, our resident IT security editor discusses, next week's Black Hat event in Las Vegas will be filled with intriguing presentations by white hat hackers sharing their latest exploits, including one involving Bluetooth Low Energy that could impact internet of things devices. Tim also hits on researchers taking Pornhub up on its $20K bug bounty challenge, which turns out to benefit PHP developers everywhere, and dives into the latest on Flash exploits, which Cisco warns can lead to ransomeware attacks.To read this article in full or to leave a comment, please click here
I was at CiscoLive a few weeks ago in the 100 degree+ heat of Las Vegas and like other cybersecurity professionals I am off to Sin City again next week for Black Hat.Now Black Hat has become a technically-focused little brother of the RSA Security Conference, chock full of cybersecurity geeks at the beginning of the week and forensic investigators, researchers, analysts, and hackers as Black Hat turns to Defcon. Given this focus, I’m looking forward to hearing about a number of things including:1. Anti-ransomware fact and hyperbole. Last December, I predicted a rise in ransomware in my blog, even going so far to talk about enterprise ransomware that impacted multiple systems on the network simultaneously. Unfortunately, I was right about this one as ransomware has become a cybersecurity scourge of 2016. Nasty stuff and once you’re hit, there is little you can do except replace the hard drive, reimage systems and hope you’ve done a recent full backup. Alternatively, you can pony up a bunch of rubles to Vladimir in Odessa. Nevertheless, there are in fact ways to prevent ransomware before it bricks your system. New types of Continue reading
Security researchers have shut down a large-scale malvertising operation that used sophisticated techniques to remain undetected for months and served exploits to millions of computers.The operation, dubbed AdGholas, has been running since at least October 2015. According to security vendor Proofpoint, the gang behind it managed to distribute malicious advertisements through more than 100 ad exchanges, attracting between 1 million and 5 million page hits per day.The Proofpoint researchers estimate that 10 to 20 percent of computers that loaded the rogue ads were redirected to servers hosting exploit kits -- web-based attack tools that attempt to silently exploit vulnerabilities in popular applications in order to install malware.To read this article in full or to leave a comment, please click here
Future versions of Android will be more resilient to exploits thanks to developers' efforts to integrate the latest Linux kernel defenses into the operating system.
Android's security model relies heavily on the Linux kernel that sits at its core. As such, Android developers have always been interested in adding new security features that are intended to prevent potentially malicious code from reaching the kernel, which is the most privileged area of the operating system.
One older example is Security Enhancements for Android (SEAndroid), a set of kernel add-ons and tools that make exploitation of certain vulnerabilities harder by enforcing access controls.To read this article in full or to leave a comment, please click here
In the latest episode of Security Sessions, CSO Editor-in-Chief Joan Goodchild chats with Ted Harrington of Independent Security Evaluators about how different generations (mainly millennials and Baby Boomers) view both security and privacy matters. These differences and attitudes can have a big effect on how companies train them on proper security procedures.
Microsoft is rolling out a change in minimum hardware requirements for Windows 10 PCs and mobile devices, and expects hardware makers to comply in order to make their devices more secure.Starting Thursday, PC makers should include a hardware-based security feature called TPM (Trusted Platform Module) 2.0 in Windows 10 PCs, smartphones and tablets.The TPM 2.0 feature will be beneficial for users as it will do a better job of protecting sensitive information on a PC. A TPM 2.0 security layer -- which can be in the form of a chip or firmware -- can safeguard user data by managing and storing cryptographic keys in a trusted container.To read this article in full or to leave a comment, please click here
LogMeIn, the makers of the popular remote desktop software as well as IT security and conferencing offerings, will become part of a Citrix subsidiary in the wake of a complicated, $1.8 billion transaction announced Tuesday by the two companies.The transaction is what’s called a Reverse Morris Trust, which apparently allows the untaxed transfer of a subsidiary to new ownership by spinning off a new company and completing a merger. In this case, Citrix has created a wholly-owned subsidiary called GetGo, which owns its GoToMeeting products.+ ALSO ON NETWORK WORLD: Dropbox aims for enterprise with new team and IT admin features | Cisco: Potent ransomware is targeting the enterprise at a scary rate +To read this article in full or to leave a comment, please click here
Even password manager LastPass can be fooled. A Google security researcher has found a way to remotely hijack the software.It works by first luring the user to a malicious site. The site will then exploit a flaw in a LastPass add-on for the Firefox browser, giving it control over the password management software.LastPass wrote about the vulnerability on Wednesday and said that a fix is already out for Firefox users.Google security research Tavis Ormandy first discovered the issue. When examining the password manager, he tweeted on Tuesday, "Are people really using this lastpass thing? I took a quick look and can see a bunch of obvious critical problems. I'll send a report asap."To read this article in full or to leave a comment, please click here
Malware researchers for Kaspersky Lab took to Reddit’s IAmA chat today and pronounced an affection for the hacker-hero TV show “Mr. Robot” but not NSA hacker Edward Snowden.Responding to a question about how they like it, the team’s global director Costin Raiu says, “Mr Robot is a strong 9.5 for me. Most of the scenes are top class and the usage of tools, operating systems and other tiny details, from social engineering to opsec is very good. I guess having help from some real world security experts (the folks at Avast did a great job!”+More on Network World: Cisco: Potent ransomware is targeting the enterprise at a scary rate+To read this article in full or to leave a comment, please click here
U.S. presidential candidate Donald Trump has called on Russia to hack his rival Hillary Clinton’s email.
“Russia, if you’re listening, I hope you’re able to find the 30,000 emails that are missing,” he said during a press conference Wednesday. “I think you’ll probably be rewarded mightily by our press.”
Trumps remarks came as reporters questioned him about ties to Russian President Vladimir Putin. Security experts and government officials have suggested Russian hackers were behind a breach at the Democratic National Committee that lead to WikiLeaks publishing unflattering internal campaign emails.To read this article in full or to leave a comment, please click here
Aside from the efforts of security researchers and antivirus companies, malware victims can sometimes also benefit from the fighting between rival cybercriminal groups.That happened this week when the creators of the Petya and Mischa ransomware programs leaked about 3,500 RSA private keys allegedly corresponding to systems infected with Chimera, another ransomware application.In a post Tuesday on Pastebin, Mischa's developers claimed that earlier this year they got access to big parts of the development system used by Chimera's creators.As a result of that hack, they obtained the source code for Chimera and integrated some of it into their own ransomware project, according to the Pastebin message.To read this article in full or to leave a comment, please click here
“Misusing the internet”. . . precisely what might that mean? Unfortunately, people in Pakistan may be about to find out as the vague “misusing the internet” would be punishable by up to three years in prison and a fine of one million Pakistani rupees (currently equal to about $9,550); that's according to an overview of the cybercrime bill written by the newspaper Dawn.That was just one example of what is in the controversial Prevention of Electronic Crimes Bill (PECB) [pdf] which was approved by the Senate Standing Committee on Information Technology and Telecommunications. The country’s National Assembly previously approved the bill and it will move on to the Pakistan senate for approval before it is signed into law by President Mamnoon Hussian.To read this article in full or to leave a comment, please click here
“Misusing the internet”—precisely what might that mean? Unfortunately, people in Pakistan may be about to find out, as the vague “misusing the internet” would be punishable by up to three years in prison and a fine of one million Pakistani rupees (currently equal to about $9,550). That's according to an overview of the cybercrime bill written by the newspaper Dawn.That was just one example of what is in the controversial Prevention of Electronic Crimes Bill (PECB) [pdf] that was approved by the Senate Standing Committee on Information Technology and Telecommunications. The country’s National Assembly previously approved the bill, and it will move on to the Pakistan senate for approval before it is signed into law by President Mamnoon Hussian.To read this article in full or to leave a comment, please click here
Strategy 1: After major incidents, take time for self-rejuvenation Image by PexelsAfter a significant incident or breach, take the appropriate amount of time to recharge. When things go wrong in this job, and they do, the days are long, stressful, and thankless. But similarly to first responders, it’s important to take time for self and center oneself and recharge after the dust has settled. It’s the only way to live to fight for another day.To read this article in full or to leave a comment, please click here(Insider Story)
Near Field Communication (NFC) – the “mobile wallet” technology – hasn’t exactly gone mainstream yet. And experts don’t expect it will anytime soon, even with some high-profile promo at the upcoming Olympic and Paralympic Games in Rio.While it has been available to consumers for a couple of years from mega-vendors like Google, Samsung and Apple, it is a long way from displacing the legacy credit card. Google even dropped support for its Google Wallet Card last month (Android Pay is still available).But, perhaps hearing about, or seeing, Olympic athletes using an NFC device will get the masses more interested.To read this article in full or to leave a comment, please click here
Must-have smart gadgets for your small officeImage by ThinkstockAre you setting up a new small office? Simply looking to revamp an existing location with some spiffy "smart" automation technology? We combed through piles of today's novelty IoT tech to find practical gadgets that can transform your workspace into a smart office that's sure to be the envy of all your coworkers and clients.To read this article in full or to leave a comment, please click here(Insider Story)
First, the easy part:Identity Finder, a company focused on helping organizations reduce the risks they face when it comes to the leakage of sensitive data, is rebranding as Spirion. At the same time, it has named Dr. Jo Webber as its new CEO. Webber, who previously headed up Energy Solutions International among, comes on board at a good time for the company. It has seen 250 percent growth in customer adoption across many different verticals. That customer growth is fueled in part by concerns around recent high-profile cases of data leakage from retail, health, insurance and other sources. These leaks have meant that both boards and CEOs are increasingly putting huge pressure on CIOs to ensure data is safe.To read this article in full or to leave a comment, please click here