Real-life cyber mysteriesImage by ThinkstockWhy spend your beach time this summer reading fictional mystery novels when real world mysteries are swirling through the cyber sphere? BAE Systems has put together a summer reading list for cyber security professionals. It includes titles that cover the international underworld of money laundering, the greatest criminal minds in hacking, insights into understanding how cyber criminals think, the impact of potential cyber attacks and cyber wars on mission critical targets as well as practical advice and business lessons on cyber security.To read this article in full or to leave a comment, please click here
Because of a plethora of data from sensor networks, Internet of Things devices and big data resources combined with a dearth of data scientists to effectively mold that data, we are leaving many important applications – from intelligence to science and workforce management – on the table.It is a situation the researchers at DARPA want to remedy with a new program called Data-Driven Discovery of Models (D3M). The goal of D3M is to develop algorithms and software to help overcome the data-science expertise gap by facilitating non-experts to construct complex empirical models through automation of large parts of the model-creation process. If successful, researchers using D3M tools will effectively have access to an army of “virtual data scientists,” DARPA stated.To read this article in full or to leave a comment, please click here
Sally called the security desk. She can’t find her personal smartphone. Maybe she lost it. Perhaps it fell behind her sofa. Maybe she left it at a restaurant last night. Perhaps someone stole it. Or maybe she put it down somewhere this morning.Whatever the case may be, it's not good—especially since Sally is a well-regarded and trusted mid-level manager with mobile access to many corporate applications and intranet sites that have a lot of sensitive and proprietary information.Now what?There are several types of dangers presented by a lost Bring Your Own Device (BYOD) smartphone or tablet, and many IT professionals and security specialists think only about some of them. They are all problematic. We’ll run through some of the scenarios in a moment, but first: Does your company have policies about lost personal devices?To read this article in full or to leave a comment, please click here
Tracking down the phisherImage by REUTERS/Danish IsmailSeveral weeks ago, a key member of the WatchGuard Technologies finance team was targeted by a spear phishing attempt. Spear phishing is a type of phishing attack in which the perpetrator customizes their attack to a particular individual or group of individuals. The attacker gathers information on the victim and then tailors the attack to be more likely to fool the target. The would-be attack arrived as an email appearing to come from the finance employee’s manager, requesting an urgent wire transfer.To read this article in full or to leave a comment, please click here
Computer maker Acer recently revealed to California’s Attorney General (AG) that hackers broke into the company’s online store and grabbed sensitive customer data. The leaked data includes information such as customer names, addresses, and credit card numbers including expiry dates and three-digit CVC security codes. The hack affects 34,500 customers based in the United States, Canada, and Puerto Rico, as first reported by ZDNet.To read this article in full or to leave a comment, please click here
With great power comes great responsibility -- and also a great big target painted on your head. At least, that's the case lately with corporate boards of directors and cybercriminals launching spearphishing attacks."Since the beginning of the year we have serviced about 350 different clients that have had spearphishing attacks," said Michael Bruemmer, vice president for data breach resolution at Experian Information Solutions. "About a third were specifically targeted at board members."Board members get emails asking them for tax information or requesting bank transfers, which they typically forward to the company employee who is responsible and asking them to take care of it.To read this article in full or to leave a comment, please click here
If you live in the U.S. or Canada and purchased an Acer device from the company within the last year from its online store, then your credit card information is likely in the hands of cyber thugs. According to a sample breach notification letter sent to the California Attorney General’s office, Acer said, “We recently identified a security issue involving the information of certain customers who used our ecommerce site between May 12, 2015 and April 28, 2016, which resulted in unauthorized access by a third party.” Acer
Mark Groveunder, Acer’s vice president of customer service, warned affected customers that the data stolen included names, addresses, credit card numbers as well the associated expiration date and three-digit CVV security code.To read this article in full or to leave a comment, please click here
New products of the weekOur roundup of intriguing new products. Read how to submit an entry to Network World's products of the week slideshow.BetterCloud WorkflowsKey features: BetterCloud Workflows automate user provisioning, deprovisioning and access management within Google for Work applications, giving IT greater control over data, costs and time in the modern, cloud-first workplace. More info.To read this article in full or to leave a comment, please click here
For a long time there was a commonly held belief that open source products were inherently more secure because there was nothing hidden. The thought was that with the code for popular applications out in the open, there’d be scores of good guys looking at every line and bugs and flaws would be few and far between. Alas, this turned out to be a pipe dream because even the most examined code can still contain flaws so obscure and arcane, even highly skilled and incredibly talented coders can’t find them. Why? It’s usually because the good guys don’t have the time to play hacker as intensely as the real hackers do. For the bad guys, the rewards for finding exploitable flaws are tangible while for the good guys, the cost of not finding flaws far exceeds, by orders of magnitude, the value of the few flaws they do find because those flaws are the most easily found.To read this article in full or to leave a comment, please click here
New data breaches are coming to light almost weekly and they reveal a simple but troubling fact: many people still choose weak passwords and reuse them across multiple sites. The reality is, remembering dozens of complex passwords is almost impossible, and carrying them around on a scrap of paper that you have to keep updating is a huge hassle. That’s why password managers exist. Here’s why they’re important, and how to get the most out of them.To read this article in full or to leave a comment, please click here
An article on Boing Boing is stirring up fears that Intel x86 processors have a secret control mechanism that no one is allowed to audit or examine, so consequently, this could expose systems to unkillable, undetectable rootkit attacks. In an article that is equal parts technical and fear-inducing, Damien Zammit is up front about his goal. He declared he had made it his mission to get Intel to replace this system with a free, open source replacement "before it's too late."+ Also on Network World: Intel declares independence from the PC +To read this article in full or to leave a comment, please click here
Just half an hour of web browsing is enough time for machine learning mechanisms to uncover a person’s personality and produce identifying digital signatures, researchers say.Those traits can include conscientiousness and neuroticism, among other characteristics, the scientists from Universiti Teknologi Malaysia say in their media release published by AAAS, the science society.And it might identify the individual, too."Our research suggests a person's personality traits can be deduced by their general internet usage,” says Dr. Ikusan R. Adeyemi, a research scholar at the university.To read this article in full or to leave a comment, please click here
The U.S. House of Representatives voted down an anti-surveillance amendment after some of its members expressed concern about its impact on the fight against terrorism, in the wake of Sunday’s massacre at a nightclub in Orlando.The measure was proposed by Congressman Thomas Massie, a Republican from Kentucky, and Congresswoman Zoe Lofrgren, a Democrat from California, as as an amendment to the Department of Defense Appropriations Act.It would prevent warrantless searches by law enforcement of information on Americans from a foreign intelligence communications database and prohibit with some exceptions the National Security Agency and the Central Intelligence Agency from using any funds appropriated under the Act to require that companies weaken the security of their products or services to enable surveillance of users.To read this article in full or to leave a comment, please click here
A 20-year-old Estonia man has pleaded guilty to stealing data on more than 1,300 U.S. military and government personnel and providing it to the Islamic State.Ferizi’s goal was to “incite terrorist attacks,” the U.S. Department of Justice said on Wednesday.Ferizi once led a hacking group called Kosova Hacker’s Security, or KHS, which claims to have defaced over 20,000 websites.To read this article in full or to leave a comment, please click here
This vendor-written tech primer has been edited by Network World to eliminate product promotion, but readers should note it will likely favor the submitter’s approach.According to some estimates, attackers have infiltrated 96% of all networks, so you need to detect and stop them before they have time to escalate privileges, find valuable assets and steal data. The good news is an attack doesn’t end with an infection or a take-over of an endpoint; that is where it begins. From there an attack is highly active, and the attacker can be identified and stopped if you know how to find them. These five strategies will help.* Search for the telltale signs of a breach. Look for port scans, excessive failed log-ins and other types of reconnaissance as an attacker tries to map out your network.To read this article in full or to leave a comment, please click here
At CircleCityCon, CSO's Steve Ragan chats with Amanda Berlin, who was giving a talk about how security staffers given multiple roles can survive beyond the "just putting out the fires" scenario.
At CircleCityCon, CSO's Steve Ragan talks with Dave Lewis (CSO blogger) and Jeremy Nielson about tactics, tools and practices that penetration testers (pentesters) use to find vulnerabilities, and how security officials can catch them.
The FBI needs to get a better handle on accuracy and privacy issues its facial recognition technology has brought to the law enforcement community.
Congressional watchdogs at the Government Accountability Office this week said the current FBI use of face recognition technology “raises potential concerns regarding both the effectiveness of the technology in aiding law enforcement investigations and the protection of privacy and individual civil liberties.”
+ More on Network World: Quick look: Cisco Tetration Analytics | Cisco platform lets IT rein-in disruptive data center operations, security, applications +To read this article in full or to leave a comment, please click here
At CircleCityCon, CSO's Steve Ragan chats with Paul Jorgensen, host of the PVC Security Podcast, about ad hoc processes within many security operations centers (SOCs) and how organizations can prevent these types of mistakes.