Microsoft is adding a range of new security management and reporting features to its Office 365 and Azure cloud services as part of the company's holistic approach to enterprise security announced last year.In April, the company will release a new product called Microsoft Cloud App Security that will allow customers to gain better visibility, control and security for data hosted in cloud apps like Office 365, Box, SalesForce, ServiceNow and Ariba. The new product is based on technology from Adallom, a cloud access security broker Microsoft acquired in September.To read this article in full or to leave a comment, please click here
Apple reportedly wants to take itself out of the equation when it comes to decrypting data on a criminal suspect’s iOS device. Company engineers are working on a solution that would make it impossible for Apple to help law enforcement break into an iPhone and gain access to the encrypted data contained within, according to The New York Times.The report is yet another storyline to come out of the continuing saga of Apple’s battle with the Federal Bureau of Investigation over the iPhone 5c used by San Bernardino, California shooter Syed Rizwan Farook. That iPhone, running iOS 9, is locked with a passcode and thus all data on the phone is encrypted until the device is unlocked with the proper password.To read this article in full or to leave a comment, please click here
If a U.S. court grants the FBI's request for Apple to help it unlock a terrorism suspect's iPhone, the case will likely open the door to many similar law enforcement requests, the agency's director said Thursday.
A ruling in favor of the FBI by a California judge "will be instructive for other courts," FBI Director James Comey said during a congressional hearing. A decision in the San Bernardino mass shooting case "will guide how other courts handle similar requests," he added.
Lawmakers questioned the broader impact of the FBI's request, and a judge's initial ruling in favor of the agency, during a hearing on worldwide security threats before the House of Representatives Intelligence Committee.To read this article in full or to leave a comment, please click here
Information security audits are on the rise, as organizations look to not only bolster their security postures, but demonstrate their efforts to other parties such as regulators.Audits, which are measurable technical assessments of systems, applications and other IT components, can involve any number of manual and automated processes. Whether conducted by internal auditors or outside consultants, they are an effective way for companies to evaluate where they stand in terms of protecting data resources.The high-profile data breaches of recent years have forced many organizations to take a closer look at their security technologies and policies, experts say.To read this article in full or to leave a comment, please click here
Walk into a security operations center (SOC) and the first impression you get is of an immense war room, with large screens across the entire front wall displaying a world map and endless rows of tabular data.Analysts sit in rows facing the screens as they scrutinize streams of data on their own monitors. Most of the light comes from the wall screens, creating a cavelike atmosphere. The overall feel is one of quiet efficiency.[ Deep Dive: How to rethink security for the new world of IT. | Discover how to secure your systems with InfoWorld's Security newsletter. ]
Welcome to Alert Logic’s 24/7 security operations center in Houston, Texas. This is where Alert Logic’s analysts monitor customer applications and networks, hunting for signs of an attack or a breach. For organizations with limited budgets and a small (or not) dedicated security team, working with a managed security services provider like Alert Logic helps close the security gap.To read this article in full or to leave a comment, please click here(Insider Story)
Ransomware is a familiar plague in the online world – it has existed for more than 25 years and become increasingly common during the past decade.But, until recently, it has been aimed more at organizations or individual computers than devices. And that is changing. With the explosive growth of the Internet of Things (IoT) – estimates of how many connected devices will be in use by 2020 range all the way up to 200 billion – experts say it is about to get much more common at the consumer level. An attack surface that broad and that vulnerable is irresistible to cybercriminals.[ ALSO: Many ransomware victims plead with attackers ]To read this article in full or to leave a comment, please click here
Less than two months after a ban came into effect for new SSL/TLS certificates signed with the weak SHA-1 hashing algorithm, exemptions are already starting to take shape.Mozilla announced Wednesday that it will allow Symantec, which runs one of the world's largest certificate authorities, to issue nine new such certificates to a customer in order to accommodate over 10,000 payment terminals that haven't been upgraded in time.According to a discussion on the Mozilla security policy mailing list, Worldpay, a large payment processor, failed to migrate some of its SSL/TLS servers to SHA-2 certificates. As a result of an oversight, the company also didn't obtain new SHA-1 certificates for those servers before Dec. 31, 2015, when it was still allowed to do so.To read this article in full or to leave a comment, please click here
There's a disturbing new angle to cyberattacks that has become more common over the last year, and it is proving costly for organizations: extortion.Over the last year, companies have at times paid more than US$1 million in hush money to cyberattackers who have stolen their sensitive data and threatened to release it online, said Charles Carmakal, a vice president with Mandiant, the computer forensics unit of FireEye, in an interview on Wednesday."This is where a human adversary has deliberately targeted an organization, has stolen data, has reviewed that data and understands the value of it," Carmakal said. "We have seen seven-figure payouts by organizations that are afraid for that data to be published."To read this article in full or to leave a comment, please click here
Apple’s refusal to help the FBI unlock an iPhone 5c used by one of the terrorists in the San Bernardino, California attack on Dec. 2 has prompted the Maricopa County attorney’s office in Arizona to ban providing new iPhones to its staff.
“Apple’s refusal to cooperate with a legitimate law enforcement investigation to unlock a phone used by terrorists puts Apple on the side of terrorists instead of on the side of public safety,” Maricopa County Attorney Bill Montgomery said in a statement on Wednesday.
Montgomery described as a corporate public relations stunt Apple’s positioning of its refusal to cooperate on privacy grounds. The evidence obtained through searches using warrants to unlock encrypted smartphones, including iPhones, have proven critical to the investigation and prosecution of defendants charged with drug trafficking, sexual exploitation, murder and other serious offenses, he added.To read this article in full or to leave a comment, please click here
Apple’s refusal to help the FBI unlock an iPhone 5c used by one of the terrorists in the San Bernardino, California attack on Dec. 2 has prompted the Maricopa County attorney’s office in Arizona to ban providing new iPhones to its staff.“Apple’s refusal to cooperate with a legitimate law enforcement investigation to unlock a phone used by terrorists puts Apple on the side of terrorists instead of on the side of public safety,” Maricopa County Attorney Bill Montgomery said in a statement on Wednesday.MORE: iPhone7 Rumor RollupTo read this article in full or to leave a comment, please click here
Tim Cook has said the U.S. government is requiring Apple to write "the software equivalent of cancer" by demanding that it help unlock an iPhone used by one of the San Bernardino terrorists.
“What’s at stake here is, can the government compel Apple to write software that we believe would make hundreds of millions of customers vulnerable around the world -- including the U.S. -- and also trample civil liberties,” Cook said.
He made his remarks in a 30-minute interview that aired on ABC News Wednesday evening. The CEO was pressed repeatedly on why Apple shouldn't make an exception for a single iPhone that was used by a terrorist.To read this article in full or to leave a comment, please click here
Tim Cook has said the U.S. government is requiring Apple to write "the software equivalent of cancer" by demanding that it help unlock an iPhone used by one of the San Bernardino terrorists.“What’s at stake here is, can the government compel Apple to write software that we believe would make hundreds of millions of customers vulnerable around the world -- including the U.S. -- and also trample civil liberties,” Cook said.+ ALSO Apple v. FBI – Who’s for, against opening up the terrorist’s iPhone +To read this article in full or to leave a comment, please click here
Social engineering can be easily used to trick users into confirming authentication codes, says a computer science professor at NYU.Generally thought to be secure, the process whereby a verification code, usually delivered by e-mail or text, is sent to a user who’s lost their password, can in fact be hacked.And the way it’s done? Just ask the user for the officially-sent verification code, says Nasir Memon, professor of Computer Science and Engineering at the New York University Tandon School of Engineering.A second, bogus text or e-mail simply asks the user to forward the original, legitimate verification text. And people do it, no questions asked, Memon reckons.To read this article in full or to leave a comment, please click here
The U.S. Congress should allow an expert commission to recommend ways to resolve the contentious debate over police access to encrypted communications before passing "knee-jerk" legislation, one lawmaker said.Even as Apple and the FBI fight in court over access to a terrorist suspect's iPhone, a 9/11 Commission-style digital security panel should try to find a compromise between smartphone users' privacy and law enforcement access to encrypted devices, Representative Michael McCaul, a Texas Republican, said Wednesday.To read this article in full or to leave a comment, please click here
Another day, another flaw revealed in the Internet of insecure things. If you have a Nissan Leaf, then prepare yourself to potentially be pranked by friends, frenemies – even complete strangers on the other side of the world. All a person needs is your Vehicle Identification Number (VIN) – which happens to be visible on your Leaf for anyone who wants to see it – and for you to use the Nissan Leaf remote management app.
Security pro Troy Hunt revealed that pranksters can switch on and off your heat or AC while your car is parked as well as exploit other options available to Nissan Leaf electric car owners via the companion NissanConnect EV app. The vulnerabilities are in the mobile management APIs which allow car owners to “check the state of battery charge, start charging, check when battery charge will complete, see estimated driving range, and turn on or off climate control system.” If anyone has your VIN, and you use the app, then they too can control those options via a web browser.To read this article in full or to leave a comment, please click here
TrustPipe, a startup that made bold claims last year about stopping 100% of network-borne attacks on endpoints, has retooled its software and distribution system in order to better fit into enterprise security schemes.
Ridgely Evers
The changes it plotted out last fall were so extensive that the company held off delivering its platform to customers, says co-founder and CEO Ridgely Evers. The revised version is available now.To read this article in full or to leave a comment, please click here
BARCELONA -- BlackBerry on Wednesday announced a new 60-person cybersecurity consulting service, which will include staff from its recent acquisition of UK-based Encription Limited.The purchase of Encription was completed Feb. 19, but terms were not disclosed.BlackBerry officials at Mobile World Congress said cybersecurity consulting is a lucrative field because of a global explosion of cyberattacks on businesses and governments.Data breaches cost the global economy more than $400 billion a year, BlackBerry said, citing 2015 data from the Ponemon Institute. Gartner said cybersecurity consulting is about a $16.5 billion annual global business, and that it is expected to grow to $23 billion by 2019.To read this article in full or to leave a comment, please click here
Two security researchers have demonstrated security vulnerabilities in the Nissan Leaf electric car by using mobile management APIs supplied by the car manufacturer.The unsecured APIs allow anyone who knows the VIN number of a car to access non-critical features such as climate control and battery charge management from anywhere across the Internet. Additionally, someone exploiting the unauthenticated APIs can see the car's estimated driving range.+ ALSO: Car hackers urge you to patch your Chrysler, Ram, Durango, or Jeep +To read this article in full or to leave a comment, please click here
The group of hackers that crippled the computer infrastructure of Sony Pictures Entertainment in late 2014 has been responsible for a large number of attacks against organizations from South Korea, the U.S. and other countries over the past seven years.The group has been dubbed Lazarus by a coalition of security vendors who have worked together over the past two years to investigate its activities. During this time they've established links between Lazarus and 1,000 malicious file samples organized in over 45 distinct malware families.The researchers found evidence of attacks by this group against organizations from the government, media, military, aerospace, financial, and critical infrastructure sectors stretching as far back as 2009. The attacks included cyberespionage, denial of service, data theft and data destruction.To read this article in full or to leave a comment, please click here
Struggling smartphone vendor BlackBerry is looking to diversify its business by launching a cybersecurity consulting service, focusing in part on the Internet of Things, and providing related tools to customers.The Ontario smartphone vendor, an early standard bearer for multifunction mobile phones, announced Wednesday it has acquired U.K. cybersecurity consulting firm Encription. The company did not disclose the terms of the deal, which was completed last week.BlackBerry's move into cybersecurity consulting isn't a huge leap, as the company has long positioned itself as a security-minded smartphone vendor. Late last year, the company launched the Priv, a security- and privacy-focused smartphone running a modified version of Android.To read this article in full or to leave a comment, please click here