Archive

Category Archives for "Network World Security"

German consumer groups sue WhatsApp over privacy policy changes

WhatsApp's privacy policy change allowing Facebook to target advertising at its users has landed the company in a German court.The Federation of German Consumer Organizations (VZBZ) has filed suit against WhatsApp in the Berlin regional court, alleging that the company collects and stores data illegally and passes it on to Facebook, the federation said Monday.Facebook acquired WhatsApp in October 2014, but it wasn't until August 2016 that WhatsApp said it would modify its privacy policy to allow it to share lists of users' contacts with Facebook. The move made it possible to match WhatsApp accounts with Facebook ones where users had registered a phone number, giving the parent company more data with which to make new friend suggestions and another way to target advertising.To read this article in full or to leave a comment, please click here

Cops use pacemaker data to charge homeowner with arson, insurance fraud

If you are dependent upon an embedded medical device, should the device that helps keep you alive also be allowed to incriminate you in a crime? After all, the Fifth Amendment of the U.S. Constitution protects a person from being forced to incriminate themselves.Nonetheless, that’s what happened after a house fire in Middletown, Ohio.WCPO Cincinnati caught video of the actual fire, as well delivered news that the owner’s cat died in the fire. As a pet owner, it would be hard to believe that a person would set a fire and leave their pet to die in that fire. The fire in question occurred back in September 2016; the fire department was just starting an investigation to determine the cause of the blaze.To read this article in full or to leave a comment, please click here

How to eliminate insider threats

Insider threats are a major security problemImage by ThinkstockFor years, the primary security objective has been to protect the perimeter—the focus on keeping outsiders from gaining access and doing harm. But statistics prove that more risk exists within an organization. Indeed, many compliance regulations require monitoring of systems to identify and eliminate insider threat. According to Forrester, 58 percent of breaches are caused from internal incidents or with a business partner’s organization. And 55 percent of attacks are originated by an insider as cited in the 2015 IBM Cyber Security Intelligence Index.To read this article in full or to leave a comment, please click here

IDG Contributor Network: 6 ways to launch a targeted cyberattack

The threat of a targeted attack for any business is real and substantial. It's vital to ensure that your organization can identify constantly evolving threats, find abnormal and suspicious activity, and take effective action to keep your data safe. Consider that, on average, attackers are in a network for more than 140 days before they're detected, and 60% of network intrusions are eventually traced back to credentials, according to according to Microsoft. Most successful targeted attacks follow six steps or stages, though it's important to remember that these steps often run in parallel. Multifaceted attacks are common, so a robust threat response plan should address all six steps and avoid jumping to conclusions.To read this article in full or to leave a comment, please click here

IDG Contributor Network: TechDemocracy: Helping execs and boards ensure cybersafety

I sit on a number of not-for-profit and commercial boards of directors. I am lucky in that I have a pretty good understanding of how their technology landscape can introduce risks into the business. As someone who spends much of his time in the tech world, I can bring this knowledge and awareness into the companies I work with. But that isn't the usual way things work. Most boards of directors are made up of individuals who have little or no awareness of their organization's technology footprint and the impacts it can have when something goes wrong. This is the problem space that TechDemocracy, a global cyberrisk assurance solution provider, is trying to solve with its Intellicta platform.To read this article in full or to leave a comment, please click here

IDG Contributor Network: Hackers could use hidden mal-audio to attack Google Now

There's a fabulous story about a slew of Amazon Echo devices that took it upon themselves to order expensive doll houses from the ecommerce retailer all because a news show host uttered the phrase “Alexa ordered me a dollhouse” on air. The machines heard it from the TV switched on in the room.Researchers say it’s not an unlikely scenario. They say not only can attackers issue mal-audio voice commands to any AI listening device that is in audible range, but they can also do it using hidden voice commands. Those are commands that might not even be noticed by the user.To read this article in full or to leave a comment, please click here

New products of the week 1.30.17

New products of the weekImage by NSSOur roundup of intriguing new products. Read how to submit an entry to Network World's products of the week slideshow.Blue Medora vRealize Operations Management Pack for Amazon AuroraImage by bluemedoraTo read this article in full or to leave a comment, please click here

Ransomware locked hotel out of its electronic key lock system

A 4-star hotel in the Austrian Alps, the Romantik Seehotel Jaegerwirt, admitted to bowing to extortion after ransomware locked up the computer running the hotel’s electronic key lock system.This was not the first time that cyber thugs attacked the hotel. During one of the attacks, the hackers reportedly left a backdoor into the system.The third attack occurred during the opening weekend of the winter season. The computer hit with ransomware controlled the electronic key lock system, the reservation system and the cash desk system.Guests, who paid about nearly $300 a night for a room, could not open their rooms with their existing keycards; new keycards could not be programmed. Arriving guests couldn’t have their reservations confirmed.To read this article in full or to leave a comment, please click here

LeakedSource’s shutdown is a blow to amateur hackers

Amateur hackers are alarmed with the apparent demise of LeakedSource, a controversial breach notification site that’s been accused of doing more harm than good.U.S. law enforcement has allegedly confiscated its servers, and now some hackers are wondering if customers of LeakedSource might be next.  “All the people who used PayPal, credit card, etc. to buy membership, the FBI now have your email, payment details and lookup history,” wrote one user on HackForums.net.To read this article in full or to leave a comment, please click here

Five arrested for hacking into ATMs and stealing $3.2 million

Law enforcement authorities from Europe and Asia have arrested five members of an international cybercriminal group that specialized in hacking into automated teller machine (ATMs).The investigation began in early 2016, according to Europol. Three suspects were arrested in Taiwan, one in Romania, and one in Belarus. Most of them had multiple citizenships and could travel easily between countries, the agency said Friday.Hacking into ATMs to steal money is nothing new, and there are malware programs built specifically for such machines that allow criminals to withdraw money using hidden commands.To infect ATMs with such malware most attackers either receive help from bank insiders or buy service keys that can be used to open the front panels of ATMs and access their communications ports.To read this article in full or to leave a comment, please click here

Trump, May agree to take on ISIS in cyberspace

The U.K. and U.S. are planning to work more closely to combat the spread of extreme Islamist ideology in cyberspace, British Prime Minister Theresa May said on Friday.May was speaking at a White House news conference, alongside U.S. President Donald Trump, held to outline the results of talks between the two leaders. May is in Washington as the first foreign head of state to meet Trump.She noted the conventional military fight against ISIS is working and the group is losing territory but noted the two countries "need to redouble our efforts.""Today we’re discussing how we can do this by deepening intelligence and security cooperation and critically, by stepping up our efforts to counter Daesh in cyberspace," she said, using an alternate name for the terrorist group.To read this article in full or to leave a comment, please click here

Intelligence agency opens $325,000 advanced, automated fingerprint gathering competition

Researchers at the Intelligence Advanced Research Projects Activity (IARPA) are looking to the public to build a next-generation, automated fingerprint recognition system.The idea behind the competition, called the “Nail to Nail (N2N) Fingerprint Challenge” – which offers $325,000 worth of prizes – is to develop a system that allows for more distinguishing data to be collected from fingerprint biometrics but also eliminates the time and cost associated with using human operators, IARPA said. N2N fingerprints capture the entire fingerprint from the edge of one finger nail bed to the other.To read this article in full or to leave a comment, please click here

Compliance focus, too much security expertise hurts awareness programs

Security awareness teams aren't getting the support they need to be successful, according to the SANS Institute. But some unexpected factors can cause programs to fail as well, including a focus on compliance -- and too much security expertise on the team."Most organizations actually have a security awareness program," said Lance Spitzner, director of the Securing the Human Program at the SANS Institute, looking back at what the industry learned in 2016. "Yet we continue to have problems."To read this article in full or to leave a comment, please click here

Trump’s executive order won’t destroy Privacy Shield, says EU

Fears that U.S. President Trump has destroyed the Privacy Shield Transatlantic data transfer agreement with one of the many executive orders he has signed this week are unfounded, the European Commission said Friday.On Wednesday, Trump signed an executive order entitled "Enhancing Public Safety in the Interior of the U.S.," one of several he has issued since taking office on Jan. 20. Such executive orders are used by U.S presidents to manage the operations of the federal government.To read this article in full or to leave a comment, please click here

Cisco starts patching critical flaw in WebEx browser extension

Cisco Systems has started to patch a critical vulnerability in its WebEx collaboration and conferencing browser extension that could allow attackers to remotely execute malicious code on computers.The company released a patched version of the extension -- 1.0.7 -- for Google Chrome on Thursday and is working on similar patches for the Internet Explorer and Mozilla Firefox versions.The vulnerability was found by Google security researcher Tavis Ormandy and stemmed from the fact that the WebEx extension exposed functionality to any website that had "cwcsf-nativemsg-iframe-43c85c0d-d633-af5e-c056-32dc7efc570b.html" in its URL or inside an iframe. Some of that WebEx functionality allowed for the execution of arbitrary code on computers.To read this article in full or to leave a comment, please click here

AI-based typing biometrics might be authentication’s next big thing

Identifying or authenticating people based on how they type is not a new idea, but thanks to advances in artificial intelligence it can now be done with a very high level of accuracy, making it a viable replacement for other forms of biometrics.Research in the field of keystroke dynamics, also known as keyboard or typing biometrics, spans back over 20 years. The technique has already been used for various applications that need to differentiate among computer users, but its widespread adoption as a method of authentication has been held back by insufficient levels of accuracy.Keystroke dynamics relies on unique patterns derived from the timing between key presses and releases during a person's normal keyboard use. The accuracy for matching such typing-based "fingerprints" to individual persons by using traditional statistical analysis and mathematical equations varies around 60 percent to 70 percent, according to Raul Popa, CEO and data scientist at Romanian startup firm TypingDNA.To read this article in full or to leave a comment, please click here