Journalist convicted of helping Anonymous hack the LA Times

A journalist accused of helping a rogue hacking group briefly take control of the LA Times' website was convicted by a federal jury in California on Wednesday.Matthew Keys, 28, of Vacaville, California, was convicted of conspiracy to make unauthorized changes to a computer, transmitting malicious code and attempted transmission of malicious code, according to the Department of Justice.One of Keys' attorneys, Jay Leiderman, wrote on Twitter that "we'll proceed forward to sentencing and look forward to appealing this verdict."To read this article in full or to leave a comment, please click here

Dell said to be talking with EMC about possible blockbuster merger

Dell is reportedly in talks to buy all or part of enterprise storage powerhouse EMC, which would mark a bold and unexpected new chapter in the PC maker's history.A total merger would be one of the biggest deals ever in the technology industry, with EMC holding a market value of about US$50 billion. It would also bring together two of the most important vendors to enterprise IT departments. MORE ON MERGERS: 2015 Networking & IT M&A Tracker The report about the deal Wednesday in the Wall Street Journal cited unnamed sources, and cautioned that the the companies might not finalize any agreement. To read this article in full or to leave a comment, please click here

Android malware hammers phones with unwanted ads

Android users in more than 20 countries have been infected with a particularly aggressive malware program that bombards devices with unwanted advertisements.Researchers from FireEye found that the malicious component, nicknamed Kemoge, has been seeded inside what appear to be legitimate apps offered on third-party application stores."This is another malicious adware family, possibly written by Chinese developers or controlled by Chinese hackers, spreading on a global scale that represents a significant threat," wrote Yulong Zhang, a staff research scientist with FireEye.To read this article in full or to leave a comment, please click here

Amazon makes it easier to lock down the cloud

If there's a common refrain in enterprise security these days, it's that nobody wants to become the next Sony, Experian, Scottrade, Target or Home Depot. Moving workloads to a public cloud service means that companies can leave some of the day-to-day work of securing their infrastructure to professionals who manage those services. To read this article in full or to leave a comment, please click here

Amazon makes it easier to lock down the cloud

If there's a common refrain in enterprise security these days, it's that nobody wants to become the next Sony, Experian, Scottrade, Target or Home Depot. Moving workloads to a public cloud service means that companies can leave some of the day-to-day work of securing their infrastructure to professionals who manage those services. To read this article in full or to leave a comment, please click here

Hackers who targeted Samsung Pay may be looking to track individuals

The security breach at Samsung subsidiary LoopPay was probably more about spying than about gathering consumer data for profit, and the worst could be yet to come, a security analyst said Wednesday. Samsung acknowledged the attack on LoopPay, which it acquired in February for technology that it uses in its Samsung Pay service. It said hackers only breached LoopPay's office network, not systems used by Samsung Pay. The affected servers have been isolated and no personal payment information was put at risk, according to Samsung.To read this article in full or to leave a comment, please click here

They’re baaaack! Verizon’s zombie cookies to track users across massive AOL ad network

Remember Verizon’s zombie cookies, hidden super-cookie identifiers that tracked users across the Internet? They’re baaaack! moviemaniacsDE Poltergeist screenshot Verizon was previously caught manipulating users’ traffic by inserting supercookies. “By attaching a Unique Identifier Header to all traffic that passes through their network, Verizon could effectively build profiles about users habits, the sites they visit, and deliver targeted advertisements based on this tracking,” explained EVDO. “This Unique Identifier Header was then popularly renamed the ‘Zombie Cookie’ since even after being deleted, the tracking cookie would be added back to the network and users would be tracked again.”To read this article in full or to leave a comment, please click here

Former NSA chief undercuts FBI’s desire for encryption backdoors

The former head of the NSA says the U.S. is better served by strong encryption than it would be by encryption schemes with backdoors that allow law enforcement to decrypt the content of communications, according to reports, and he should know.Under Michael Hayden’s watch as director of the NSA, the agency exploited back doors into phone switches in Greece in order to spy on calls including those made by the Greek prime minister and the mayor of Athens.The legal-intercept capabilities baked into the switches are supposed to be used only under strict legal supervision, but they can be abused. According to a story by James Bamford for The Intercept, documents stolen by Edward Snowden help show that the NSA took unauthorized advantage of legal-intercept backdoors in the Greek phone system to eavesdrop on what calling parties assumed would be private communications.To read this article in full or to leave a comment, please click here

Arista stock up on review of Cisco patent claims

The U.S. Patent and Trademark Office this week reportedly agreed to consider the validity of two Cisco patents at issue in litigation with data center switching rival Arista Networks.The development boosted Arista stock by over 5% on Tuesday, Oct. 6, according to Bloomberg. Cisco is suing Arista for copyright and patent infringement, and is seeking an injunction on the sale of Arista products that allegedly infringe on the Cisco patents.To read this article in full or to leave a comment, please click here

Non-technical manager’s guide to protecting energy ICS/SCADA

Sophisticated cyber-attacks known as Advanced Persistent Threats (APT) are a growing challenge to the energy sector of our nation’s critical infrastructure. These attacks can largely be attributed to well-funded, dedicated nation-state actors.APT attacks against Industrial Control Systems (ICS) and to Supervisory Control and Data Acquisition (SCADA) systems are increasing; the U.S. Department of Homeland Security (DHS) Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) cited ICS/SCADA and control system networks as one of the top two targets for hackers and viruses. These vulnerabilities begin with the human interface (13% of vulnerabilities required local access) and end with the actual Internet-facing ICS/SCADA hardware (87% of vulnerabilities are web-accessible).To read this article in full or to leave a comment, please click here

Attackers target OWA for domain credentials

A targeted attack against Outlook Web Application (OWA) illustrates how far adversaries will go to establish persistent control over the organization's entire network.As seen in recent breaches, attackers typically use stolen credentials or malware to get a foothold on the network, and then target the domain controller. Once attackers successfully compromise the domain controller, they can impersonate any user and move freely throughout the enterprise network. Since the OWA server, which provides companies with a Web interface for accessing Outlook and Microsoft Exchange, depends on the domain controller for authentication, whoever gains access to the OWA server automatically wins the domain credentials prize.To read this article in full or to leave a comment, please click here

1 3,209 3,210 3,211 3,212 3,213 3,756