Since cybercrime laws lag behind technology, lawyers are constantly seeking creative ways to stretch old laws to fit new crimes, such as the latest - comparing the movie-sharing app Popcorn Time to a burglar’s tool in order to press criminal charges.Lawyers for an Adam Sandler movie are arguing that Popcorn Time performs the same function as burglars’ tools in order “to commit or facilitate … a theft by physical taking,” language used in an old Oregon law about traditional burglary.The lawyers say Popcorn Time lets users violate the movie’s copyrights by enabling downloads of pirated copies, and so they are suing for the civil crime of copyright infringement.To read this article in full or to leave a comment, please click here
DARPA
If you were designing state-of-the-art optical or imaging systems from a clean slate, how would you such technologies?That seems to be the main question behind a Request For Information issued recently by the scientists at the Defense Advanced Research Projects Agency (DARPA) Defense Sciences Office.To read this article in full or to leave a comment, please click here
Nearly half of all U.S. employees use at least one Apple device at work, but most of those gadgets lack common security protocols required by many enterprises, according to a new survey commissioned by Centrify, a company that sells enterprise security and management software for Apple products.MORE ON NETWORK WORLD: Free security tools you should try
Last month, Centrify asked 1,004 business professionals about how they use computers and smartphones in the workplace. Respondents used a total of 1,309 Apple devices at work, including 191 Macs, 387 iPads and 731 iPhones, according to Centrify. All of the respondents were employed full-time at companies with at least 20 employees, from various industries including healthcare and financial services, according to Centrify.To read this article in full or to leave a comment, please click here
The U.S. Federal Trade Commission has the authority to take action against companies that fail to protect customer data, an appeals court ruled Monday.The U.S. Court of Appeals for the Third Circuit upheld the FTC's 2012 lawsuit against hotel and time-share operator Wyndham Worldwide. The FTC filed a complaint against Wyndham for three data breaches in 2008 and 2009 that led to more than US $10.6 million in fraudulent charges. The appeals court ruling, upholding a 2014 district court decision, suggests the FTC can hold companies responsible for failing to use reasonable security practices.To read this article in full or to leave a comment, please click here
The U.S. Federal Trade Commission has the authority to take action against companies that fail to protect customer data, an appeals court ruled Monday.The U.S. Court of Appeals for the Third Circuit upheld the FTC's 2012 lawsuit against hotel and time-share operator Wyndham Worldwide. The FTC filed a complaint against Wyndham for three data breaches in 2008 and 2009 that led to more than US $10.6 million in fraudulent charges. The appeals court ruling, upholding a 2014 district court decision, suggests the FTC can hold companies responsible for failing to use reasonable security practices.To read this article in full or to leave a comment, please click here
The newest Windows 10 privacy freak out involves Windows Hello which is supposed to be a convenient security feature turned on or off by selecting Settings > Accounts > Sign-in options. Windows Hello replaces traditional passwords with biometric recognition, allowing users to unlock their PC with a swipe or glance. You’ve likely seen Microsoft’s 30 second Windows 10 commercial which shows a toddler who “won’t have to obsess over security” as she will be able to unlock Windows 10 with a smile.To read this article in full or to leave a comment, please click here
Earlier this month, Check Point Software released its 2015 security report which found that mobile devices have become the biggest threat for today's enterprises. I like the fact that more vendors are doing their own studies and sharing the findings. Cybersecurity has so many facets that it's very challenging for IT departments to understand where to focus their energy, so surveys like this help.The survey revealed something that I think many businesses have turned a bit of a blind eye to, and that's the impact of mobile devices, primarily due to the wide acceptance of BYOD. The last Network Purchase Intention Study by ZK Research (disclosure: I'm an employee of ZK Research) showed that 82% of businesses now have some kind of BYOD plan in place. Even heavily regulated industries like healthcare and financial services are putting BYOD programs in place because of pressure from the lines of business. Years ago, CEOs and managers didn't want consumer devices in the workplace as they were considered a distraction. Today, businesses that do not allow workers to use mobile devices are putting themselves at a competitive disadvantage.To read this article in full or to leave a comment, please click here
Enterprise organizations are actively consuming external threat intelligence, purchasing additional threat intelligence feeds, and sharing internally-derived threat intelligence with small circles of trusted third-parties. Based upon these trends, it certainly seems like the threat intelligence market is well- established but in this case, appearances are far from reality.In my humble opinion, threat intelligence consumption and sharing is extremely immature today with the market divided by a few haves (i.e. large banks, defense contractors, large IT vendors, intelligence agencies) and a large majority of have-nots – everyone else.This immaturity is illustrated by some recent ESG research (note: I am an ESG employee). A panel of cybersecurity professionals working at enterprise organizations (i.e. more than 1,000 employees) were asked to identify weaknesses associated with their firm’s threat intelligence consumption and sharing programs. The data indicates:To read this article in full or to leave a comment, please click here
This vendor-written tech primer has been edited by Network World to eliminate product promotion, but readers should note it will likely favor the submitter’s approach.In late 2007, AOL security researcher William Salusky and his team discovered one of the first reported instances of malvertising -- a digital ad running on aol.com had been configured to serve up malware to unsuspecting visitors. This turned out to be the beginning of a new era where attackers use a company’s digital footprint (web infrastructures and mobile apps) to distribute malware and commit fraud.For security teams, protecting the digital footprint, which resides outside the firewall, poses three distinct challenges. Namely, securing assets you know about, securing assets you don’t know about (like those created by someone within the organization or by an authorized third-party), and identifying rogue assets that are impersonating the organization’s brand or sub-brands.To read this article in full or to leave a comment, please click here
CrytoLocker is malware cyber criminals use to encrypt the contents of a computer until users pay up.But that's only one type of cyber extortion, according to Tim Francis, enterprise cyber lead at Hartford, Conn.-based insurance company Travelers.Criminals can also threaten to shut down computer systems or erase data, to infect a company with a virus, to publish proprietary information or personally identifiable information of customers or employees, launch a denial-of-service attack, or hold social media accounts hostage.Criminals can also start the attack first, and refuse to stop until the money is paid.MORE ON CSO:Lost in the clouds: Your private data has been indexed by Google
It's no longer just a lone disgruntled employee targeting a single company, Francis said. CryptoLocker is just one example of how cyber extortion technology has been commodified, making it accessible to a wider variety of criminals.To read this article in full or to leave a comment, please click here
Even before Microsoft’s updated Privacy Statement and Services Agreement kicked in on August 1, privacy advocates from the European Digital Rights group warned the new privacy policy was “bad news for privacy.” Then Windows 10 default settings proved to be skewed toward spying on users by default. The fact that users are opted in unless they take steps to opt out is so bad for privacy that people who do not normally bother to read Microsoft’s Services EULA (end-use license agreement) started doing so.To read this article in full or to leave a comment, please click here
The upcoming movie about a NASA astronaut left for dead on Mars in the 2030s features a number of technologies NASA says are currently under development.NASA said the book and the movie, “The Martian,” merges fictional and factual chronicles about Mars, building upon the work NASA and others have done exploring Mars and moving it into a future where NASA astronauts are regularly traveling to the red planet to live and explore.+More on Network World: 15 reasons why Mars is one hot, hot, hot planet+Indeed, as Matt Damon, who plays the central character Mark Watney in the movie says: “I have to make water and grow food on a planet where nothing grows” to basically stretch a couple months worth of food and supplies into four years becomes a modern day MacGyver in a spacesuit and uses some amazing technologies to try to survive.To read this article in full or to leave a comment, please click here
The term "cryptopocalypse" was probably first coined at the Black Hat USA information security convention in 2013.A talk presented by four security and technology experts at the show explored cryptographic weaknesses and attempted to answer the hypothetical question: "What happens the day after RSA is broken?"RSA is a widely used public-key cryptosystem used in digital signatures.The answer, they determined then, was: "almost total failure of trust in the Internet," for one thing. The reason? Almost everything we do on the Internet is in some way protected by cryptography.To read this article in full or to leave a comment, please click here
Recent visitors to Plenty of Fish (pof.com), an online dating website with over 3 million daily active users, had their browsers redirected to exploits that installed malware.
The attack was launched through a malicious advertisement that was distributed through a third-party ad network, researchers from security firm Malwarebytes said in a blog post Thursday.
The malicious ad pointed to the Nuclear exploit kit, a Web-based attack tool that exploits known vulnerabilities in browsers and popular browser plug-ins like Flash Player, Java, Adobe Reader and Silverlight.To read this article in full or to leave a comment, please click here
Corporate security executives should have a professional interest in the Ashley Madison breach because publicly posted data about its customers represents a fertile field for spear phishers trying to attack business networks.
Anyone whose name and contact information appears in the 9.7GB stolen names contact information will likely be susceptible to opening emails purportedly from Ashley Madison, divorce lawyers and private investigators, says Tom Kellerman, chief cybersecurity officer for Trend Micro.
+ ALSO ON NETWORK WORLD Hackers release full data dump from Ashley Madison, extramarital dating site +To read this article in full or to leave a comment, please click here
A hacking group suspected of operating from China has had success stealing information from mostly Indian targets, often pertaining to border disputes and trade issues, according to FireEye.
The gang specializes in sending targeted phishing emails to victims in the hope of gaining wider access to their networks, a practice known as spear phishing, said Bryce Boland, CTO for Asia-Pacific at the security firm.
FireEye hasn’t give a name to the group, but has watched it since 2011, Boland said.
The company has gathered data on the group based on attacks attempted against its customers. Analysis of Internet infrastructure used by the group, including command-and-control servers, have given insight into the scope of its operations, Boland said.To read this article in full or to leave a comment, please click here
The woes of AshleyMadison.com’s owners continued Thursday, with a second large release of internal data that security experts suspect is authentic.
An 18.5 GB file was released on file-sharing networks by a group called the Impact Team. The same group claimed responsibility for the initial breach last month of the website, which caters to those seeking extramarital affairs.
Because of the large file size, IDG News Service wasn’t able to take a look at the data. But David Kennedy, founder and CEO of the Ohio-based security company TrustedSec, said it appears to be legitimate.
His company had taken a brief look at the data. It contains what purports to be email from Avid Life Media’s CEO, Noel Biderman, as well as other employees.To read this article in full or to leave a comment, please click here
The exponential rise in security incidents has caused many businesses to look hard at getting their own houses in order before they become the next headline. As part of those efforts, businesses are turning to security consultants to perform audits, penetration testing and other assessments of their systems. These are admirable activities, worthy of consideration by any prudent organization. But these engagements should be entered into with all the care that a business would use in any other transaction in which a third party is granted access to the company’s most sensitive systems and data. Unfortunately, this is seldom the case.
All too often, in their rush to move forward with these assessments, businesses fail to adequately address the most fundamental of contract terms. Cost overruns are common. In some instances, security consultants create more risk than they resolve.To read this article in full or to leave a comment, please click here(Insider Story)
A vulnerability in the iOS sandbox for third party applications, like those installed by companies on their employees' devices, can expose sensitive configuration settings and credentials.
The flaw was discovered by researchers from mobile security firm Appthority and impacts apps deployed on iOS devices through mobile device management (MDM) or enterprise mobility management (EEM) products. These products allow administrators to automatically push applications, configuration settings and data access rules to enterprise mobile devices.
Before a new iOS device is brought inside the network of a company that uses a mobile management system, an MDM account is created for it and a client application is installed. The MDM client is used to install corporate apps and to enforce access policies for corporate data and email.To read this article in full or to leave a comment, please click here