The CBS legal and political drama The Good Wife ends its 7-season run on May 8, and if you’re not a regular viewer of the show it might surprise you to learn how clever the writers are at coming up with plots ripped from the day’s top technology news headlines.
Back in 2007 I documented “What ‘The Sopranos’ taught me about technology,” and here’s my rundown of what The Good Wife has taught its audience about tech and its influence on everything from politics to the law to sex. For the uninitiated, The Good Wife in the show title is Alicia Florrick, who had put aside her legal career during her husband Peter’s rise in politics, only to get back into it after he ruins their marriage by cheating on her. To read this article in full or to leave a comment, please click here
One of the things that stands out in Verizon's 2016 Data Breach Investigations Report is that “63% of confirmed data breaches involve using weak, default or stolen passwords.”The thing is, many of the breaches could have been prevented had a company been using two-factor authentication (2FA).Authors of the Verizon report wrote:
We are realists here, we know that implementation of multi-factor authentication is not easy. We know that a standard username and password combo may very well be enough to protect your fantasy football league. We also know that implementation of stronger authentication mechanisms is a bar raise, not a panacea. Even with all of that, 63% of confirmed data breaches involved leveraging weak/default/stolen passwords. This statistic drives our recommendation that this is a bar worth raising.To read this article in full or to leave a comment, please click here
Cyberwar against ISIS could bring into play tools and tactics that corporate security pros face every day, only this time they will be used as part of a larger objective than criminal profit.The goals of the offensive are to disrupt communications within ISIS and between the group and potential recruits, according to a story in the New York Times.To meet those goals, U.S. Cyber Command could use such means as DDoS and man-in-the-middle attacks, banking Trojans and even ransomware-type attacks that irreversibly encrypt machines (but skip the ransom), experts say.To read this article in full or to leave a comment, please click here
Looking for a qualified candidate or new job? CSO's security recruiter directory is your one-stop shop.
The recruiters listed below can help you find your next Chief Security Officer (CSO), Chief Information Security Officer (CISO), or VP of Security and fill hard-to-hire positions in risk management, security operations, security engineering, compliance, application security, penetration testers, and computer forensics, among many others.
If you're a security recruiting firm, we want your information! Our goal is to provide the most complete recruiter resource available, but to do that we need your assistance. Please send the name, contact info and a few sentences about your company and its specialties to Amy Bennett ([email protected]).To read this article in full or to leave a comment, please click here(Insider Story)
On April 27, 1986, a Florida man with workplace access to a satellite transmission dish – and a financial beef with HBO -- pulled off the kind of audacious stunt that were it to happen today would likely land him in prison for a long, long time.From a 2011 Buzzblog post:
John MacDougall, then 25, was the lonely pamphleteer of lore, only instead of paper and ink he was armed with a 30-foot transmission dish, an electronic keyboard, and a burning objection to HBO's decision in 1986 to begin scrambling its satellite signal and charging viewers $12.95 a month.To read this article in full or to leave a comment, please click here
A cyberespionage group active in Asia has been leveraging a Windows feature known as hotpatching in order to better hide its malware from security products.The group, which malware researchers from Microsoft call Platinum, has been active since at least 2009 and has primarily targeted government organizations, defense institutes, intelligence agencies and telecommunications providers in South and Southeast Asia, especially from Malaysia, Indonesia and China.So far the group has used spear phishing -- fraudulent emails that target specific organizations or individuals -- as its main attack method, often combining it with exploits for previously unknown, or zero-day, vulnerabilities that install custom malware. It places great importance on remaining undetected.To read this article in full or to leave a comment, please click here
The FBI claims that being forced to share its iPhone-hacking tool with Apple wouldn’t be worth it–because the government agency doesn’t actually know how it works.
This week, the FBI will notify the White House that it doesn’t actually know the underlying code that facilitated hacking into the iPhone belonging to one of the San Bernardino shooters. Because of this, the FBI claims that it doesn’t make sense to launch an internal government investigation to decide whether to share the information with Apple.To read this article in full or to leave a comment, please click here
There’s a reason “123456” remains the most popular password. We tend to use passwords we can easily recall. And that means they’re easy to hack.A good password manager is the best way to relieve the burden of memorizing complex logins and keep your data secure. These tools encrypt your login info in a virtual vault—either locally or in the cloud—and lock it with a single master password.Considering that the security of sensitive data is at stake, you shouldn’t take choosing a password manager lightly. This guide will tell you what features to look for in a password manager and compare four of the best.To read this article in full or to leave a comment, please click here
Cybersecurity – and security breaches – continues to be a hot topic. And small ecommerce businesses, especially ones using an open source platform, are particularly susceptible to hacks and breaches. So what can small ecommerce shops do to protect their sites as well as any sensitive (customer) data? Following are 10 suggestions from ecommerce security experts.
[Related: 5 tips for defending against advanced persistent threats ]
1. Educate employees. “Cyberattacks are becoming more and more sophisticated and it's easy to be fooled by emails, links and attachments that look like everyday business requests,” says Norman Guadagno, chief evangelist, Carbonite. “It only takes one click for malware, viruses and ransomware to in infiltrate your system, compromising important business data.”To read this article in full or to leave a comment, please click here
The United States isn’t as deeply unprepared for electromagnetic threats – either from space or man-made -- as it was a few years ago but a lot of work remains and awareness of the danger needs to be amped-up if the country wants to truly protect the electric grid.That was the general conclusion from a report by the watchdogs at the Government Accountability Office this that looked at federal efforts to address electromagnetic risks to the electric grid.+More on Network World: Threat or menace?: Gaging electromagnetic risks to the electric grid+To read this article in full or to leave a comment, please click here
You’d think you’d hear about a hack that affects over seven million people … unless the company chooses to “cover it up.” Thankfully that is changing thanks to security researcher Troy Hunt, via Have I Been Pwned. Have I Been Pwned?
Scale-wise, it's a big breach. Lifeboat is listed in Have I Been Pwned’s top 10 breaches; it currently is ranked eighth with 7,089,395 compromised accounts.To read this article in full or to leave a comment, please click here
Extorting money from companies under the threat of launching distributed denial-of-service attacks (DDoS) against their online properties has proven lucrative for cybercriminals. So much so that one group has managed to earn over $100,000 without any evidence that it's even capable of mounting attacks.Since early March, hundreds of businesses have received threatening emails from a group calling itself the Armada Collective, asking to be paid between 10 and 50 bitcoins -- US$4,600 to $23,000 -- as a "protection fee" or face DDoS attacks exceeding 1Tbps.While many of them did not comply, some did; the group's bitcoin wallet address shows incoming payments of over $100,000 in total. Yet none of the companies who declined to pay the protection fee were attacked, website protection firm CloudFlare found.To read this article in full or to leave a comment, please click here
SWIFT, the international banking transactions network, has warned customers of "a number" of recent incidents in which criminals sent fraudulent messages through its system.The warning from SWIFT (Society for Worldwide Interbank Financial Telecommunication) suggests that a February attack on the Bangladesh Bank, in which thieves got away with US $81 million, was not an isolated incident.SWIFT is aware of malware that "aims to reduce financial institutions’ abilities" to find evidence of fraudulent transactions on their local systems, the organization said Tuesday. The malware has "no impact on SWIFT’s network or core messaging services," it added.To read this article in full or to leave a comment, please click here
Traditionally the way an organization gives its remote employees access to corporate applications is via a Virtual Private Network (VPN). VPNs have never been a whole lot of fun to use, but as the world moves to ever higher numbers of discrete applications and a huge variety of access devices, the traditional VPN model is looking tired.Zscaler aims to change that with Zscaler Private Access, a new service that promises organizations to provide access to internal applications and services while ensuring the security of their networks.Zscaler is an internet security company. The company offers a secure web gateway, fully from the cloud. In doing so, Zscaler is helping to move security further out into the internet backbone. Indeed, Zscaler is operated from over 100 data centers globally. Zscaler covers a host of security needs, including internet security, next-generation firewall, web security, sandboxing/advanced persistent threat (APT) protection, data loss prevention, SSL inspection, traffic shaping, policy management and threat intelligence.To read this article in full or to leave a comment, please click here
The aptly named advanced persistent threat (APT) is a type of network attack in which an attacker selects a specific target, uses social engineering and advanced technologies to break into a network and then focuses on that target for weeks, months or years until the attack has successfully played out (or been thwarted). Once inside a network, the attacker's goal is to remain undetected while using some type of malware to capture confidential information, which is ultimately sent to a different location for analysis and then sold on the black market.APTs are highly organized, sometimes with a complete staff, and have plenty of monetary and technological resources. Although APTs may use common hacker tools, they more often employ sophisticated, customized software that's less likely to be picked up by a security protection system. Types of APTs or delivery mechanisms include zero-day attacks, phishing, advanced malware and a variety of Web compromises.To read this article in full or to leave a comment, please click here(Insider Story)
The ninth annual Verizon Data Breach Report came out this morning with bad news on multiple fronts, including click-through rates on phishing messages, how long it takes companies to detect breaches, and even whether companies spot the breaches at all.Phishing emails continued to be a primary starting point for attacks, said Bryan Sartin, executive director, global security services at Verizon.The number of phishing email messages that were opened hit 30 percent in this year's report, up from 23 percent last year.In addition, 12 percent of users don't just open the email but open the attachment as well, while 11 percent follow links in the email to online forms where they then input sensitive data such as login credentials.To read this article in full or to leave a comment, please click here
In February, attackers tried to steal $951 million using the SWIFT bank transfer system by submitting transfer requests from the Central Bank of Bangladesh to the Federal Reserve Bank of New York. Before the cyber heist was detected, attackers got away with $81 million by routing and laundering the funds through a bank account in the Philippines. Most of the transfers were thwarted for an unexplained reason.Reuters reported the details of the cyber heist based on an interview with defense contractor and security researcher BAE Systems. It wasn’t clear if BAE Systems worked independently, for SWIFT or for the Bangladesh Bank. The report exposes that the SWIFT software has the same design flaws as the Target point-of-sale (POS) system. Both imprudently relied on the assumption of an impenetrable perimeter for security. The fault appears to be SWIFT’s—if BAE is correct in its report that “the malware registers itself as a service and operates within an environment running SWIFT’s Alliance software suite, powered by an Oracle Database.”To read this article in full or to leave a comment, please click here
It might have been a pretty nice life for Thomas Hauk -- for a while anyway -- but frauds usually explode and this one was nothing different.The US Marshals this week announced the auction of the Hauk’s spoils -- 25 vehicles, including Ferrari, Mclaren, BW and Porche cars worth more than $1.5 million.+More on Network World: 26 of the craziest and scariest things the TSA has found on travelers+To read this article in full or to leave a comment, please click here
An international group of investors announced today that Sirin Labs, a startup with $72 million in venture funding, is planning to create a smartphone that combines premium performance and functionality with strong privacy protection.Sirin’s announcement gave few details about the device, internally dubbed the SP1, but the company says that interested parties won’t have long to wait for additional information, as it should go on sale within the next two months. The SP1’s design, according to Sirin, will attempt to graft high-end flagship features onto a far greater emphasis on security than most modern smartphones.+ALSO ON NETWORK WORLD: Top U.S. universities failing at cybersecurity education + Malvertising attack silently infects old Android devices with ransomwareTo read this article in full or to leave a comment, please click here
While always an integral part of a company’s security procedures, firewalls are becoming even more important as more companies move to the cloud and software defined networks.
A firewall is a network security system that controls and monitors incoming and outgoing network traffic, based on preset security parameters. Firewalls create a barrier between a secure internal network and a potentially less-secure outside network.
Four of the top firewall solutions on the market are Fortinet FortiGate, Cisco ASA, Sophos UTM and Palo Alto Networks WildFire, according to online reviews by enterprise users in the IT Central Station community.To read this article in full or to leave a comment, please click here(Insider Story)