Cyberattack exposes 10 million records at US health insurer Excellus

Hackers have penetrated the IT systems of U.S. health insurer Excellus BlueCross BlueShield and gained access to personal, financial and medical information of more than 10 million people, the company disclosed Thursday.The initial attack occurred in December 2013, but the company did not learn about it until Aug. 5. Since then it has been working with the FBI and cybersecurity firm Mandiant to investigate the breach.The hackers may have had access to customer records which include names, addresses, telephone numbers, dates of birth, Social Security numbers, member identification numbers, financial accounts and medical claims information.To read this article in full or to leave a comment, please click here

IDG Contributor Network: ‘Get Smart’ when it comes to using cloud-based services for file sharing

For those of you old enough to remember the TV comedy series "Get Smart" featuring a spy that used his shoe for a phone, the good guys belonged to an agency called "Control," and the bad guys were affiliated with "Chaos." This month "Get Smart" celebrates its 50th anniversary, yet CIOs continue to struggle in a seemingly never-ending battle to restore control in a chaotic, cloudy world in which data security is less than transparent.Much like the BYOD trend, the use of cloud-based services for sharing files is widespread and it's likely that if you're a CIO, your employees are already using them, whether they are officially sanctioned or not. Dropbox has led the charge to offer cross-platform file syncing for your personal files, and all the major players have followed suit, from Google (Google Drive), to Microsoft (SkyDrive), to Apple (iCloud). There's also Box, Sugarsync, and many others. For consumers, they are perfect, providing easy instant access to photos and documents from any device. That familiarity and accessibility is why they've crept into the enterprise.To read this article in full or to leave a comment, please click here

Xerox PARC’s new chip will self destruct in 10 seconds

Engineers at Xerox PARC have developed a chip that will self-destruct upon command, providing a potentially revolutionary tool for high-security applications.The chip, developed as part of DARPA’s vanishing programmable resources project, could be used to store data such as encryption keys and, on command, shatter into thousands of pieces so small, reconstruction is impossible.It was demonstrated at DARPA’s Wait, What? event in St. Louis on Thursday.“The applications we are interested in are data security and things like that,” said Gregory Whiting, a senior scientist at PARC in Palo Alto, California. “We really wanted to come up with a system that was very rapid and compatible with commercial electronics.”To read this article in full or to leave a comment, please click here

Ashley Madison coding blunder made over 11 million passwords easy to crack

Until today, the creators of the hacked AshleyMadison.com infidelity website appeared to have done at least one thing well: protect user passwords with a strong hashing algorithm. That belief, however, was painfully disproved by a group of hobbyist password crackers.The 16-man team, called CynoSure Prime, sifted through the Ashley Madison source code that was posted online by hackers and found a major error in how passwords were handled on the website.They claim that this allowed them to crack over 11 million of the 36 million password hashes stored in the website's database, which has also been leaked.A few weeks ago such a feat seemed impossible because security experts quickly observed from the leaked data that Ashley Madison stored passwords in hashed form -- a common security practice -- using a cryptographic function called bcrypt.To read this article in full or to leave a comment, please click here

Oracle VirtualBox Network Modes

There’s been a whole heap (programming pun intended) of blogs around automation and virtualisation over the last few years, with some rather good ones of late centred around the now classic mix of VirtualBox, Vagrant and Ansible*|**. I’m particularly enjoying the Hey, I can DevOPS my Network too! series by Larry Smith Jr. at the moment. I may […]

The post Oracle VirtualBox Network Modes appeared first on Packet Pushers.

Security experts mostly critical of proposed threat intelligence sharing bill

This fall, the Senate is expected to take another look at the Cybersecurity Information Sharing Act, or CISA, but many security experts and privacy advocates are opposed.Cybersecurity has been in the news a lot this summer, and not just with several new high-profile breaches in government and the in private sector.Last month alone, the Pentagon began requiring defense contractors to report breaches, the White House Office of Management and Budget proposed new cybersecurity rules for contractor supply chains, and a court agreed that the Federal Trade Commission has the authority to enforce cybersecurity standards.MORE ON CSO:Millions of records compromised in these data breaches And many security experts agree that it's important for companies to share cybersecurity information, in real time, without risk of being publicly embarrassed, fined, or sued.To read this article in full or to leave a comment, please click here

10 things to do before you lose your laptop

Whether you’re in the office, at home, in school, or at coffee shops and hotels around the world, laptops are everywhere. The portable computer allows you to stay in touch and do productive work regardless of where you may be physically – especially when you factor in the extended battery life and cloud-based computing applications and services.On the other hand, the sheer portability of the laptop also makes it vulnerable to unauthorized access or outright theft or lost. Gartner recently estimated that a laptop is lost every 53 seconds.MORE ON NETWORK WORLD: 6 simple tricks for protecting your passwords While nobody plans to lose a laptop, there are some things that you can do to reduce both the risk and the potential legal repercussions should your laptop ever be misplaced or stolen. As with most security measures, the best defense is a good offense. Here are 10 things to do before you lose your laptop.To read this article in full or to leave a comment, please click here

Presidential longshot at CTIA 2015 promising nothing less than immortality

I hadn’t come to room 3301 of the Sands Expo to see Zoltan Istvan speak. I had come because the official CTIA Super Mobility 2015 conference app had pinged a notification to me that Mike Tyson – a boxer of some repute – was due to participate in a panel discussion and I wanted to startle my editors by landing a quote from Iron Mike.What I found, instead – I have no notion where Tyson was at the appointed time – was Zoltan Istvan, who is running for president. He is polished, polite and friendly. He was also gracious and patient with a reporter who bumbled into his speech by accident and essentially asked, “What the heck is going on here?”For those unfamiliar with his work, Istvan is a columnist for Vice, former reporter for National Geographic and author of a novel called The Transhumanist Wager, which lays out his hyper-futurist philosophy. In essence, he believes that humanity’s goal must be to create technology so advanced that we become immortal – conquering death with the infinitely sharp sword of logic. Through advances in medical science, the gentle melding of humans and machines and various other technological Continue reading

Apple Keynote 2015 – Enterprise & Personal

Excerpt: I am fascinated by Apple's business strategy and product management. Every year Apple makes a huge multi-billion dollar bet on delivering complex technology products into the hands of untrained users in the one of the toughest computing platforms - the smartphone. Plus they build custom silicon, new materials and software features in every version. And this time, they have an Enterprise product.

The post Apple Keynote 2015 – Enterprise & Personal appeared first on EtherealMind.

Risky Business #382 — Charlie Miller talks car hax, Uber

On this week's show we're checking in with Charlie Miller. We chat car hacking and we also (kind of) find out what he's up to now he's working at Uber.

This week's show is brought to you by HackLabs, an Australian security consultancy. They're a key sponsor of Australia's Cyber Security Challenge, which is basically a CTF for Australian CS students. What makes this one a bit different is it's being run by the Prime Minister's Office, which is, yeah, unexpected. Chris joins us later to discuss the challenge, that's this week's sponsor interview.

read more

North Korea is likely behind attacks exploiting a Korean word processing program

North Korea is likely behind cyberattacks that have focused on exploiting a word processing program widely used in South Korea, security firm FireEye said Thursday in a report.The proprietary program, called Hangul Word Processor, is used primarily in the south by the government and public institutions.The vulnerability, CVE-2015-6585, was patched three days ago by its developer Hancom.FireEye's conclusion is interesting because only a handful of attacks have been publicly attributed to the secretive nation, which is known to have well-developed cyber capabilities.To read this article in full or to leave a comment, please click here

What’s that drama?

The infosec community is known for its drama on places like Twitter. People missing the pieces can't figure out what happened. So I thought I'd write up the latest drama.

It starts with "Wesley McGrew" (@McGrewSecurity), an assistant professor at Mississippi state. He's been a frequent source of infosec drama for years now. Since I, myself, don't shy away from drama, I can't say that he's necessarily at fault, I'm just pointing out that he's been involved in several Big Infosec Drama Blowups.

Then there is "Adrian Crenshaw" (@irongeeek_adc) (aka. "Irongeek") who maintains a website http://irongeek.com, which hosts a lot of infosec videos. He'll work with conferences to make sure talks get recorded and uploaded to his site. A lot of smaller cons host their video there. If you frequently watch infosec videos, then you know the site.


I think this specific drama started back in April, when Irongeek made this April Fool's joke:
https://twitter.com/McGrewSecurity/status/583250910387789824

Many, most especially McGew, criticized Irongeek for this, claiming it was an "unfunny slap to women in security".

I don't know when it happened, but Irongeek punished McGrew by blocking students from McGrew's university, Mississippi State. This was noticed last week.

https://twitter. Continue reading
1 3,326 3,327 3,328 3,329 3,330 3,841