Welcome Guest | Sign In
LinuxInsider.com
China's Business-Unfriendly Cybersecurity Stance
November 30, 2016
China's parliament earlier this month passed a law aimed at addressing the country's concerns about hacking and terrorism, which has spiked concerns among foreign businesses and human rights advocates. One interpretation of the new law is that it only codifies China's existing cybersecurity practices. However, 46 global business groups across a variety of industries didn't see it that way.
Feds Need to Bolster Cyberprotection Speed and Range
November 29, 2016
Providing cybersecurity adequate to meet increasing threats is a perpetual catch-up process. Public sector agencies are particularly sensitive targets, with high visibility not only to the citizens they serve, but also to cyberattackers. A recent survey uncovered both a lack of speed in detecting and responding to attacks, and weak defenses of the full range of possible attack channels.
$5 PoisonTap Tool Easily Breaks Into Locked PCs
November 25, 2016
Proving once again that you can do a lot of damage with a little investment and a lot of ingenuity, security researcher Samy Kamkar recently managed to take down a locked, password-protected computer using a $5 Raspberry Pi. The low-tech cookie-siphoning intrusion is one of Kamkar's simplest hacks ever. He previously has unlocked car doors, garages, wireless remote cameras and other devices.
Russia's Fancy Bear Attacks Microsoft, Adobe as Election Nears
November 4, 2016
Microsoft earlier this week said it had fallen victim to "Strontium," its code name for the Russian hacking group also known as "Fancy Bear," which has been linked to recent attacks on Democratic Party systems. The group launched a spear phishing attack that targeted vulnerabilities in both the Windows operating system and Adobe Flash, according to Microsoft EVP Terry Myerson.
Antique Kernel Flaw Opens Door to New Dirty Cow Exploit
October 25, 2016
A Linux security vulnerability first discovered more than a decade ago once again poses a threat, Red Hat warned last week, as an exploit that could allow attackers to gain enhanced privileges on affected computers has turned up in the wild. Users need to take steps to patch their systems to prevent the exploit, known as "Dirty Cow," from granting access to unprivileged attackers.
What Should be on the Next President's Cyberagenda?
October 14, 2016
When the new president takes up residence at 1600 Pennsylvania Ave., cybersecurity will be on the shortlist for action. TechNewsWorld asked more than a dozen experts what should be at the top of the new leader of the free world's cyberagenda. Following are some of their responses. "The president has to set the tone early on cybersecurity within the first 100 days," said Cybereason's Sam Curry.
Odinaff Trojan Targets Banks, Financial Firms Worldwide
October 12, 2016
Symantec on Tuesday reported on a malware campaign that has targeted financial organizations worldwide for the past 10 months. Dubbed "Trojan.Odinaff," it has infiltrated the banking, securities, trading and payroll sectors, as well as organizations that provide them with support services. Odinaff is used in the first stage of an attack, to get a foothold into a network.
Newsweek Joins Growing Club of Possible Russian Cyberattack Targets
October 7, 2016
Newsweek is the latest media institution to get caught up in a series of cyberattacks that have targeted major government, political and media organizations, raising suspicions of links to Russia. The news magazine sustained a massive DDoS attack the day after it published a cover story about Republican presidential candidate Donald Trump's business activities in the late 1990s.
US Launches IT Contract to Spur Cybersecurity Purchases
October 6, 2016
The U.S. government plans to initiate an updated contracting vehicle for the acquisition of cybersecurity information technologies for federal agencies this month. The purpose of the program is to make it easier and more efficient for federal agencies to obtain cyberprotection services. Specifically, GSA will include cybertechnology providers on a major listing of approved federal contractors.
Garden-Variety Cybercrooks Breached Yahoo, Says Security Firm
September 30, 2016
The hackers who stole the data of hundreds of millions of Yahoo users two years ago were two cybercriminal gangs, InfoArmor reported. That finding contradicts the notion that state-sponsored actors were behind the attack, which Yahoo suggested when it disclosed the breach. Further, the number of users' records stolen is closer to 1 billion than to the 500 million Yahoo acknowledged.
Adobe Leaps From AWS to Microsoft's Cloud
September 28, 2016
Microsoft has announced a series of major enhancements to its enterprise cloud platform, as well as a new strategic partnership with Adobe, advancing its drive to attract new business from core competitors like Salesforce and Amazon. Microsoft has entered a strategic partnership to make Azure the preferred cloud platform for the Adobe Marketing Cloud, Adobe Creative Cloud and Adobe Document Cloud.
Cisco Battles Shadow Broker Exploits
September 28, 2016
Cisco has swung into action to combat a hacker group's exploitation of vulnerabilities in its firmware. The group, known as the "Shadow Brokers," released online malware and other exploits possibly stolen from the Equation Group, which is believed to have ties to the U.S. National Security Agency. Cisco earlier this month disclosed the vulnerability, even though patches were not yet ready.
Hack of Half a Billion Records Takes Shine Off Yahoo's Data Trove
September 23, 2016
Yahoo on Thursday disclosed that a data breach in late 2014 resulted in the theft of information from at least 500 million customer accounts. It appears that state-sponsored hackers carried out the attack, the company said. Account information compromised includes names, email addresses, telephone numbers, dates of birth, hashed passwords, and security questions and answers.
Oracle Snags Palerra to Beef Up Cloud Security
September 20, 2016
Oracle has agreed to buy cloud access security broker Palerra, whose LORIC software manages security and compliance for applications, workloads, and sensitive data stored across cloud services. Palerra "offers a unique combination of visibility into cloud usage, data security, user behavior analytics and security configurations, with automated incident responses," wrote Oracle SVP Peter Barker.
Congress to Bureaucrats: Trust No One
September 20, 2016
Congress earlier this month lowered the hammer on the U.S. Office of Personnel Management in a report on the massive data breach that resulted in the theft of 4.2 million former and current government employees' personnel files, as well as 21.5 million individuals' security clearance information, including fingerprints associated with 5.6 million of them.
Sony Kicks The Last Guardian Down the Road Again
September 16, 2016
The first wave of previews for SIE's long-in-development video game epic The Last Guardian appeared following a demo at the Tokyo Game Show earlier this week, and reactions were mixed. Much of the coverage of this PS4 game, first announced at E3 in 2007, has focused on its long development process and delays. It originally was to be a follow-up to Fumito Ueda's Shadow of the Colossus.
Nation States May Be Plotting Internet Takedown, Warns Cybersec Pro
September 14, 2016
Unknown attackers have been testing the defenses of companies that run critical parts of the Internet, possibly to figure out how to take them down, cybersecurity expert Bruce Schneier warned. Large nation states -- perhaps China or Russia -- are the likely culprits, he suggested. "Nation state actors are going to probe to find weaknesses in all of our technologies," said Tripwire's Travis Smith.
Massive Data Breach Puts French Sub Maker in Crosshairs
September 1, 2016
Officials in France and India are investigating a massive data breach involving thousands of documents belonging to defense industry contractor DCNS, which was scheduled to deliver six Scorpene-class submarines to the Indian navy later this year. Hackers stole more than 22,000 pages of documents that included detailed technical information on the vessels, some of which was published online.
To Protect Enterprise Data, Secure the Code
August 20, 2016
Responsibility for securing enterprise applications has been moving down the development lifecycle, and for good reason. It not only makes the enterprise more secure, but also saves companies time and money. For example, the average time to fix a vulnerability in IBM's application security solution has dropped from 20 hours to 30 minutes, according to Forrester Consulting.
Russian Gang Suspected of Hacking Oracle's POS System
August 20, 2016
Oracle has been investigating a point-of-sale system breach that may be the work of Russian cyberthieves. Hackers compromised at least 700 computers on the MICROS POS system, used by hundreds of thousands of hotels, restaurants and retail outlets worldwide to process credit card transactions, Krebs on Security reported earlier this month. More than 330,000 cash registers worldwide use MICROS.
Edward Snowden Sheds Light on Shadow Brokers
August 18, 2016
Edward Snowden has injected himself into an escalating cyberstruggle that could affect the U.S. presidential election. The reported hack of The Equation Group might have been a warning shot from Russia, Snowden claimed. The group, which is widely believed to be a front operation for the NSA, apparently was hacked over the weekend by a previously unknown outfit called the "Shadow Brokers."
Super-Sophisticated Spyware Spotted After 5-Year Run
August 16, 2016
Symantec and Kaspersky Lab last week separately announced the discovery of a highly sophisticated APT that had eluded security researchers for at least five years. A previously unknown group called "Strider" has been using Remsec, an advanced tool that seems to be designed primarily for spying. Its code contains a reference to Sauron, the main villain in The Lord of the Rings.
TCP Flaw Opens Linux Systems to Hijackers
August 11, 2016
A flaw in the RFC 5961 specification the Internet Engineering Task Force developed to protect TCP against blind in-window attacks could threaten Android smartphones, as well as every Linux computer on the planet. The flaw is described in a paper a team of researchers presented at the 25th Usenix Security Symposium, ongoing in Austin, Texas, through Friday.
900 Million Androids Could Be Easy Prey for QuadRooter Exploits
August 9, 2016
Four newly identified vulnerabilities could affect 900 million Android devices, Check Point researchers disclosed. The vulnerabilities, which the researchers dubbed "QuadRooter," affect Android devices that use Qualcomm chipsets. They exist in the chipset software drivers. The drivers, which control communications between chipset components, are incorporated into Android builds.
Apple to Enlist the Aid of a Few Good Hackers
August 6, 2016
Apple has introduced its first bug bounty program, set to launch in September. Ivan Krstic, head of Apple security engineering and architecture, announced the program at the Black Hat security conference in Las Vegas. The focus reportedly is on an exceptionally high level of service, and on quality over quantity. Participation in the program initially will be by invitation only.
Linux Botnets on a Rampage
August 5, 2016
Linux-operated botnet Distributed Denial of Service attacks surged in this year's second quarter, due to growing interest in targeting Chinese servers, according to a Kaspersky Lab report released this week. South Korea kept its top ranking for having the most command-and-control servers. Brazil, Italy and Israel ranked among the leaders behind South Korea for hosting C&C servers, according to Kaspersky Lab.
Old Tech Can Create New Security Woes
August 3, 2016
"Patch your systems in a timely manner" is a mantra of security experts, but what happens when the patch well runs dry because a product's maker no longer supports it? That is a situation facing many large enterprises, and it's one that poses security risks. Between 30 percent and 50 percent of the hardware and software assets in the average large enterprise have reached their end-of-life date.
Federal Agencies Seek Cyberdefenders
August 2, 2016
The U.S. government is in the process of hiring a small army of IT specialists to bolster its efforts to protect data held at federal agencies from cybersecurity threats. The feds hired 3,000 new cybersecurity and IT professionals in the first six months of the current fiscal year. The hiring spree is just one component of a "first ever" Federal Cybersecurity Workforce Strategy.
Windows 10 Is About to Get More Secure, Easier to Use
August 1, 2016
Microsoft is poised to roll out its Windows 10 Anniversary Update on Tuesday. The free update includes two security innovations for individual customers: Windows Hello for apps and websites; and Windows Defender. Enterprises will get Windows Defender Advanced Threat Protection, which detects, investigates and responds to advanced malicious attacks on networks; and Windows Information Protection.
KeySniffer Follows the Scent of Cheap Wireless Keyboards
July 29, 2016
A vulnerability in inexpensive wireless keyboards lets hackers steal private data, Bastille reported this week. The vulnerability lets hackers use a new attack the firm dubbed "KeySniffer" to eavesdrop on and capture every keystroke typed from up to 250 feet away. The stolen data is rendered in clear text. It lets hackers search for victims' credit card information, passwords and more.
See More Articles in Enterprise Security Section >>
Facebook Twitter LinkedIn Google+ RSS
What is your No. 1 priority for a new laptop?
Robust features and functionality
Form factor, including size and weight
A good selection of ports and drives
Flexibility to support a variety of uses
A brand name I can trust