There have been more egregious episodes of U.S. border agents hassling and/or needlessly detaining citizens and valid visa-holders since the White House changed hands, but perhaps none has been more bizarre – or even darkly comical – than this one.
Celestine Omin, a 28-year-old software engineer from Lagos, Nigeria, was traveling to the U.S. on Sunday as part of his job with Andela, a startup backed by Facebook’s Mark Zuckerberg and Priscilla Chan. Upon arrival at JFK Airport, he was questioned by one border agent, waited for an hour, and then was brought to a different room to be questioned by a second agent. From a LinkedIn story:To read this article in full or to leave a comment, please click here
BARCELONA -- Homeowners worried about cybersecurity attacks on IP-connected devices like lights, baby monitors, home security systems and cameras, will soon be able to take advantage of a $200 network monitoring device called Dojo.The device was shown at Mobile World Congress here this week and will go on sale online in April. While the Dojo device isn’t intended to provide enterprise-level security, it could be used to help, in a small way, in warding off massive attacks like the one that used the Mirai botnet which took advantage of unsecure, consumer-grade cameras and other devices last October.To read this article in full or to leave a comment, please click here
Cisco is playing down a security issue with its Smart Install switch management software that could allow unauthenticated access to customer configuration details.Cisco defines Smart Install as a legacy feature that provides zero-touch deployment for new switches, typically access layer switches.+More on Network World: Cisco Jasper grows Internet of Things reach, breadth+To read this article in full or to leave a comment, please click here
The profitability of ransomware made it the top cyber threat last year in two categories: the number of attacks and the amount of money generated for crooks, according to a Trend Micro lookback on data collected from customers.Not only is the ransomware business booming, it’s innovating, with Trend Micro researchers identifying 752 new families last year, up from 29 in 2015.Add to this the rise of ransomware as a service (RaaS) and payments made to anonymous bitcoin accounts, and the result is a booming criminal enterprise worth $1 billion last year, according to TrendLabs 2016 Security Roundup. Neophyte crooks are being drawn in because it’s so easy to set up a ransomware operation, the report says. “Since RaaS is available in the underground, the service provides fledgling cybercriminals the necessary tools to run their own extortion campaigns,” it says.To read this article in full or to leave a comment, please click here
For the past few weeks attackers have been probing networks for switches that can potentially be hijacked using the Cisco Smart Install (SMI) protocol. Researchers from Cisco's Talos team have now released a tool that allows network owners to discover devices that might be vulnerable to such attacks.The Cisco SMI protocol is used for so-called zero-touch deployment of new devices, primarily access layer switches running Cisco IOS or IOS XE software. The protocol allows newly installed switches to automatically download their configuration via SMI from an existing switch or router configured as an integrated branch director (IBD).The director can copy the client's startup-config file or replace it with a custom one, can load a particular IOS image on the client and can execute high-privilege configuration mode commands on it. Because the SMI protocol does not support any authorization or authentication mechanism by default, attackers can potentially hijack SMI-enabled devices.To read this article in full or to leave a comment, please click here
No one wants to learn that they have been hacked; if a company is not doing so well, then it might really be scared after it is breached. But burying your head in sand and hoping it will all go away if you ignore it for long enough is simply not going to make the breach disappear. In the case of CloudPets, owned by SpiralToys, it wasn’t the cute and huggable smart stuffed toys hackers were hugging, but the data.
Here it is:- Toy captured kids voices- Data exposed via MongoDB- 2.2m recordings- DB ransom'd- And much more...https://t.co/HvePnZleXRTo read this article in full or to leave a comment, please click here
On March 1, new regulations go into effect in New York State, requiring that all regulated financial services institutions have a cybersecurity program in place, appoint a Chief Information Security Officer, and monitor the cybersecurity policies of their business partners.It might seem a little sudden, since the regulations were only finalized a month ago. But it's actually not as bad as it sounds."There's a transitional period," said Brad Keller, senior director of third party strategy at Prevalent. "Everyone has six months to be in compliance."To read this article in full or to leave a comment, please click here
While plenty of controversy has surrounded President Donald Trump’s fledgling administration, it hasn’t yet faced a major crisis.But according to Forrester Research, aside from any political or military events, the new president will face a cyber crisis sometime within his first 100 days.The company made the prediction last fall, prior to the election, as part of its “Predictions 2017” brief, so it didn’t specifically focus on either Trump or Democratic candidate Hillary Clinton.To read this article in full or to leave a comment, please click here
ThreateningImage by ThinkstockCybersecurity is a heroic task. Every day, businesses and organizations face an onslaught of attacks from malicious actors across the globe. As part of your organization’s cybersecurity efforts, it is your job to not just catch these attacks as they happen, but try to mitigate threats and prevent them before anything occurs.To read this article in full or to leave a comment, please click here
Engineers at South Korea's SK Telecom have developed a tiny chip that could help secure communications on a myriad of portable electronics and IOT devices.The chip is just 5 millimeters square -- smaller than a fingernail -- and is capable of generating mathematically provable random numbers. Such numbers are the basis for highly-secure encryption systems and producing them in such a small package hasn't been possible until now.The chip, on show at this week's Mobile World Congress in Barcelona, could be in sample production as early as March this year and will cost a few dollars once in commercial production, said Sean Kwak, director at SK Telecom's quantum technology lab.To read this article in full or to leave a comment, please click here
If you own a stuffed animal from CloudPets, then you better change your password to the product. The toys -- which can receive and send voice messages from children and parents -- have been involved in a data breach dealing with more than 800,000 user accounts.The breach, which grabbed headlines on Monday, is drawing concerns from security researchers because it may have given hackers access to voice recordings from the toy's customers. But the company behind the products, Spiral Toys, is denying that any customers were hacked. "Were voice recordings stolen? Absolutely not," said Mark Myers, CEO of the company.Security researcher Troy Hunt, who tracks data breaches, brought the incident to light on Monday. Hackers appear to have accessed an exposed CloudPets' database, which contained email addresses and hashed passwords, and they even sought to ransom the information back in January, he said in a blog post.To read this article in full or to leave a comment, please click here
Space X today said two unnamed private citizens have paid the company a “significant deposit” to fly them to the moon and back to Earth.“We expect to conduct health and fitness tests, as well as begin initial training later this year. Other flight teams have also expressed strong interest and we expect more to follow. Additional information will be released about the flight teams, contingent upon their approval and confirmation of the health and fitness test results,” Space X stated.Space X said the mission will take place after the space company launches its unmanned Dragon (Version 2) spacecraft to the International Space Station later this year.To read this article in full or to leave a comment, please click here
Google is asking developers to take over its effort to make end-to-end email encryption more user-friendly, raising questions over whether it'll ever become an official feature in the company’s browser.On Friday, the search giant said its email encryption tool, originally announced in 2014, was no longer a Google product. Instead, it's become a "full community-driven open source project," the company said in a blog post.To read this article in full or to leave a comment, please click here
This vendor-written tech primer has been edited by Network World to eliminate product promotion, but readers should note it will likely favor the submitter’s approach.As if ransomware wasn’t bad enough, there is a new twist called doxware. The term "doxware" is a combination of doxing — posting hacked personal information online — and ransomware. Attackers notify victims that their sensitive, confidential or personal files will be released online. If contact lists are also stolen, the perpetrators may threaten to release information to the lists or send them links to the online content.Doxware and ransomware share some similarities. They both encrypt the victim's files, both include a demand for payment, and both attacks are highly automated. However, in a ransomware attack, files do not have to be removed from the target; encrypting the files is sufficient. A doxware attack is meaningless unless the files are uploaded to the attacker's system. Uploading all of the victim's files is unwieldy, so doxware attacks tend to be more focused, prioritizing files that include trigger words such as confidential, privileged communication, sensitive or private. To read this article in full or to leave a comment, please click here
A recently announced SHA-1 collision attack has the potential to break code repositories that use the Subversion (SVN) revision control system. The first victim was the repository for the WebKit browser engine that was corrupted after someone committed two different PDF files with the same SHA-1 hash to it.The incident happened hours after researchers from Google and Centrum Wiskunde & Informatica (CWI) in the Netherlands announced the first practical collision attack against the SHA-1 hash function on Thursday. Their demonstration consisted of creating two PDF files with different contents that had the same SHA-1 digest.To read this article in full or to leave a comment, please click here
SK Telecom and Nokia have developed a prototype quantum cryptography system that combines the South Korean company's quantum key server with an encryption device from Nokia.The system, shown Monday at Mobile World Congress in Barcelona, was put together to demonstrate interoperability between the two vendors and comes as SK Telecom kicks off a push to get telecom carriers and equipment vendors working together on next-generation quantum-secured networks.Quantum cryptography involves the transmission of encryption keys across fiber optic networks. It relies on the principles of quantum mechanics to detect if an eavesdropper has viewed a key en route.To read this article in full or to leave a comment, please click here
As the number of consumers turning to online shopping increases, the rise of online fraud is also rising.Those committing internet crimes are depriving their victims of either funds, interests, personal property and/or sensitive data. As the threat escalates, consumers and companies alike are seeking various methods to tackle the phenomenon.Ecommerce fraud has a long and controversial history. Thus, providing a forecast for the months ahead can help retailers adopt an adequate solution to confront the many challenges in 2017.1. Identity theft and friendly fraud
The main threat will remain identity theft. Fraudsters will seek your personal information. Their main goal is to use a different identity and, for example, place an online order. Identity theft also includes a concept known as man-in-the-middle attacks where credit-card data is intercepted and copied as it is transferred online. To read this article in full or to leave a comment, please click here
It sounds like a smartphone user's worst fear: Software that starts up before the phone's operating system, intercepting and encrypting every byte sent to or from the flash memory or the network interface.
This is not some new kind of ransomware, though, this is the D4 Secure Platform from Cog Systems.
The product grew out of custom security software the company developed for governments, and which it saw could also be put to use in the enterprise as a way to make smartphones more productive while still maintaining a high level of security.
It includes a Type 1 hypervisor, a virtualized VPN and additional storage encryption that wrap the standard Android OS in additional layers of protection largely invisible to the end user.To read this article in full or to leave a comment, please click here
My home is my sanctuary. My computers (and handheld devices) all run free software systems that have been (fairly) tightly buttoned down and secured. My online documents, messaging and emails are handled either on my own servers or by companies dedicated to open source and security. Is my personal information 100 percent safe and unhackable? No, but it’s pretty good. And it’s about as good as I can get it without making significant sacrifices in the name of privacy. But eventually I need to leave my home. And that is where things get much more difficult. Let’s talk, briefly, about the challenges faced when trying to maintain a certain level of personal privacy when traveling around your city. To read this article in full or to leave a comment, please click here
Left to chance, unless you happen to bump into someone leaving the building with a box full of documents, you might never catch an insider red-handed. That is where an insider risk team comes in — group of employees from various departments who have created policies that create a system to notice if those confidential items have left the building.“Insider risk is a real cybersecurity challenge. When a security professional or executive gets that call that there’s suspicious activity — and it looks like it’s someone on the inside who turned rogue — the organization needs to have the right policies and playbooks, technologies, and right team ready to go,” said Rinki Sethi, senior director of information security at Palo Alto Networks.To read this article in full or to leave a comment, please click here