Just what we don’t need…‘anarchy’ during the holiday shopping season. But a top payment executive at Walmart claimed that is what could happen due to the timing of forcing merchants to have chip-an-pin credit card payment terminals.U.S. banks replaced hundreds of millions of credit and debit cards that rely on magnetic strips, which store data, with new cards that contain a small gold EMV microchip; the new cards are hyped as being much more secure, even though the cards have been hacked through man-in-the-middle attacks. French scientists also discovered how criminals altered stolen credit cards that were supposed to be protected by a security chip and a PIN code the crooks didn’t know.To read this article in full or to leave a comment, please click here
The U.S. Copyright Office has given security researchers reason to hope that they'll be able to search for flaws in car systems and medical devices without the threat of legal action.On Tuesday, the Librarian of Congress, who makes final rulings on exemptions to copyright rules, granted several exceptions to Section 1201 of the Digital Millennium Copyright Act (DMCA), which prohibits the circumvention of the technological methods that are used to protect copyright works. The U.S. Copyright Office is a department of the Library of Congress.The exemptions allow for "good-faith security research" to be performed on computer programs that run on lawfully acquired cars, tractors and other motorized land vehicles; medical devices designed to be implanted in patients and their accompanying personal monitoring systems and other devices that are designed to be used by consumers, including voting machines.To read this article in full or to leave a comment, please click here
The U.S. Copyright Office has given security researchers reason to hope that they'll be able to search for flaws in car systems and medical devices without the threat of legal action.
On Tuesday, the Librarian of Congress, who makes final rulings on exemptions to copyright rules, granted several exceptions to Section 1201 of the Digital Millennium Copyright Act (DMCA), which prohibits the circumvention of the technological methods that are used to protect copyright works. The U.S. Copyright Office is a department of the Library of Congress.
The exemptions allow for "good-faith security research" to be performed on computer programs that run on lawfully acquired cars, tractors and other motorized land vehicles; medical devices designed to be implanted in patients and their accompanying personal monitoring systems and other devices that are designed to be used by consumers, including voting machines.To read this article in full or to leave a comment, please click here
Keep a sharp eye out forImage by ThinkstockSecurity experts remind us that awareness is an ongoing effort. Here are some best practices for keeping your organization educated and aware year-round.Get the C-Suite involvedImage by ThinkstockTo read this article in full or to leave a comment, please click here
Data-loss-prevention provider InteliSecure is taking in new money, new employees and an entire U.K. security company in an effort to establish itself as a high-end security boutique.The company has raised $22 million in equity financing and a $6 million debt financing in order to buy Pentura – a U.K. managed security service provider – as well as expand its operations globally and hire additional hard-to-find security personnel.
CEO Rob Eggebrecht
Its premiere service, protecting data by identifying the most critical assets, configuring the infrastructure to enforce security policies and managing it, is highly customized, says CEO Rob Eggebrecht.To read this article in full or to leave a comment, please click here
A bill that encourages businesses to share threat intelligence with each other and the government is closer to becoming a law than it has been for years now that it offers businesses near immunity from liability if the data they share is stolen and causes harm, but such sharing is still fraught with problems.
Nathan Taylor
The proposed Cybersecurity Information Sharing Act (CISA) proposal doesn’t force anyone to participate in sharing, but it creates incentives for businesses to do so willingly, says Nathan Taylor, a partner in the law firm Morrison & Foerster, who is following the bill as it wends its way through Congress.To read this article in full or to leave a comment, please click here
A survey of applications installed on Windows computers found that a lot of users don't run up-to-date versions of Apple programs.
Apple's multimedia program, QuickTime, and its iTunes software were ranked as some of the most "exposed" programs based on risk by Secunia Research, which is now part of Flexera Software.
Among U.S. users, some 61 percent of computers detected running QuickTime did not have the latest version. With iTunes, 47 percent of the installations were outdated versions.
It's not Apple's fault. Although many software companies alert users to new versions of applications, it's largely up to users to install them.To read this article in full or to leave a comment, please click here
Iranian hackers are showing strong interest in malware that can secretly pull data from Android devices, which are popular in the Middle East.The analysis comes from Recorded Future, a cybersecurity intelligence firm based in Somerville, Massachusetts.One of Recorded Future's specialties is monitoring hacking forums, looking for clues and chatter that might indicate future attacks.Over the last six months, there appears to have been high interest on Iranian hacking forums in remote access tools, or programs designed to listen to calls and collect text message and GPS data, according to a blog post.To read this article in full or to leave a comment, please click here
Over the past few years, we’ve witnessed increasing attacks against DNS infrastructure: DDoS attacks against authoritative name servers, name servers used as amplifiers in DDoS attacks, compromised registrar accounts used to modify delegation information, cache poisoning attacks, and abuse of name servers by malware. Thankfully, we’ve also seen the concurrent development of powerful new mechanisms for combating those threats, including the DNS Security Extensions, response policy zones, and response rate limiting.Perhaps the most promising means of enhancing DNS security, and the security of the Internet generally, has yet to be fully exploited. That’s Passive DNS data.To read this article in full or to leave a comment, please click here
Microsoft's best advice to combat tech support scams? Hang up the phone."You get a call from someone that's unsolicited, talking about technical support, hang up," said David Finn, the executive director of Microsoft's Digital Crime Unit, during a hearing held by the U.S. Senate last week. "That's the first thing. That is not a legitimate effort to sell something to you."Finn was one of several people who testified last Wednesday before the Senate's Special Committee on Aging, which held a hearing on technical support scams, which disproportionately target the elderly.Such scams, Finn said during his prepared testimony, are the "single largest consumer fraud perpetrated in America today." They victimize an estimated 3.3 million people and rake in $1.5 billion annually. "This translates to a victim nearly every 10 seconds, with an average loss of $454 per consumer," Finn said.To read this article in full or to leave a comment, please click here
Chipped cards have been hacked in the past, despite the security rhetoric from banks and merchants.Until recently, it was done through a Man-in-the-Middle attack.'Man-in-the-Middle' is where an attacker changes the communication between parties who think they're talking with each other directly.Security measures are now in place to stop this kind of chip scam, but it was not until scientists studied the forensics that the police could even figure it out.Second chip
It turns out that the fraud worked through a second chip embedded in the card, installed there by the crook.The glued-on dummy chip answered affirmatively when polled. It let a transaction go through when the terminal asked the card's original chip if the entered PIN was correct, Catalin Cimpanu explained in a Softpedia article.To read this article in full or to leave a comment, please click here
South Korean organizations are being targeted in attacks with a new stealthy backdoor program that gives attackers full access to infected computers.The malware has been dubbed Duuzer and while it's not exclusively used against targets in South Korea, it does seem that the hacker group behind it have a preference for that country's manufacturing industry, according to security firm Symantec.Duuzer was designed to work on both 32-bit and 64-bit Windows versions and opens a back door through which attackers can gather system information; create, list and kill processes; access, modify and delete files; execute commands and more."It’s clearly the work of skilled attackers looking to obtain valuable information," researchers from Symantec's security response team said in a blog post.To read this article in full or to leave a comment, please click here
There is a serious and growing gap between men and women when it comes to choosing a cybersecurity career – then again there’s also a serious disinterest in the field altogether from millennials.+More on Network World: What’s hot in driverless cars?+Those were the chief findings of a global study issued by Raytheon (NYSE: RTN) and the National Cyber Security Alliance (NCSA) this week that noted: In the U.S., 74% of young women and 57% of young men said schools did not offer the skills that are needed to pursue a degree in computer sciences.To read this article in full or to leave a comment, please click here
When Apple and the DOJ were back in court Monday, arguing over Apple’s refusal to unlock an iPhone seized by law enforcement during an investigation, Magistrate Judge James Orenstein told government attorneys, “What you're asking them [Apple] to do is do work for you.”But Justice Department attorney Saritha Komatireddy argued that it has compelled Apple to unlock at least 70 devices since 2008. The government believes it has the power to force Apple to comply under the All Writs Act. Just Security explained, “Under the government’s interpretation of the All Writs Act, anyone who makes software could be dragooned into assisting the government in investigating users of the software. If the court adopts this view, it would give investigators immense power.”To read this article in full or to leave a comment, please click here
Cisco this week said it would acquire security vendor Lancope for $452.5 million to bolster its threat visibility portfolio for enterprise networks.Lancope specializes in network behavior analytics, threat visibility and security intelligence. Its StealthWatch product is designed to continuously monitor the enterprise network and identify suspicious traffic patterns to detect attacks.+MORE ON NETWORK WORLD: Cisco plans to embed security everywhere+To read this article in full or to leave a comment, please click here
Four hours -- that's the time Joomla website owners had to apply a patch recently before attackers started to exploit the flaw it fixed. Those who still haven't updated their websites are likely to find them compromised.
On Thursday, the developers of Joomla released version 3.4.5 of the popular content management system in order to fix an SQL injection vulnerability that allows attackers to gain administrative privileges by hijacking an active administrator session.
Less than four hours after the update's release and the publishing of a technical overview by security researchers at Trustwave, attackers were already exploiting the flaw. Web security firm Sucuri said it saw attacks against two of its customers who operate very popular Joomla-based websites.To read this article in full or to leave a comment, please click here
One of the world's most targeted brands...Image by PayPalPayPal is one of the most commonly targeted brands for Phishing, nearly equal to banks when it comes to potential financial gain for criminals.Today, we're revisiting the concept of how to spot a Phishing email by focusing on a recent Phishing campaign that's targeting PayPal customers. We'll start by pointing out visual cues that will help you avoid becoming a victim, but we'll also go thorough the scam completely so you can see what it looks like.To read this article in full or to leave a comment, please click here
Smart cars, airports and hospitals are likely to increasingly become targets for hackers -- and now the European Union's Agency for Network and Information Security (ENISA) has them in its sights too.The agency has added intelligent transport systems and smart health services to its remit for 2016. It plans to analyse the security risks inherent in their communications networks, and wants governments to take up its recommendations for securing them by 2017, it said Monday.The research will focus on the problems posed by the introduction of smart objects and machine-to-machine communications to replace humans in airport supply chains, whether that's for the delivery of spare parts to aircraft, luggage to conveyor belts or bottled water to airport stores.To read this article in full or to leave a comment, please click here
Differing approaches to endpoint securityTraditional anti-virus doesn’t work well enough to be the sole line of defense against endpoint exploits. And while the traditional AV vendors have learned some new tricks and offer some solid features, most enterprises need more. They want an endpoint product that can prevent zero-day exploits and they want to be more proactive. We looked at two relatively new products, Carbon Black (now owned by Bit9) and Cylance Protect. Both are designed to approach securing your endpoints from a different and more complete perspective. Read the full review.To read this article in full or to leave a comment, please click here
We know by now that traditional anti-virus doesn’t work, or at least doesn’t work well enough to be the sole line of defense against endpoint exploits. And while the traditional endpoint protection vendors have learned some new tricks and offer some solid features, most enterprises need more.They want an endpoint product that can prevent zero-day infections from happening and they want to be more proactive.To read this article in full or to leave a comment, please click here(Insider Story)