Welcome Guest | Sign In
LinuxInsider.com
Microsoft Hardens Latest Windows Version Against Hackers
January 17, 2017
Microsoft has fortified the latest version of Windows to make it more secure than previous editions, but the strongest protections will be available only to those willing to pay a steep price for them. Windows 10 Anniversary Update has introduced many mitigation techniques in core Windows components and the Microsoft Edge browser, researchers Matt Oh and Elia Florio wrote in a blog post last week.
US Pushes Cybersecurity Acquisition Tools as Contracts Flow
January 16, 2017
Vendors of cybersecurity offerings are finding that the U.S. government is serious about improving the protection of federal IT assets. A steady stream of data protection contracts has been flowing to providers, including some notable high-value transactions during the last half of 2016. One example is a Department of Homeland Security contract, with a potential value of $395 million.
Las Vegas Captures Ransomware Crown
January 7, 2017
Las Vegas is arguably the gambling capital of the world, but it's also the king city for ransomware, based on recent research. Among the world's nations, the United States ranked highest in ransomware incidents, according to a Malwarebytes report on the prevalence and distribution of extortion apps. The area of the country that logged the most incidents was the Las Vegas-Henderson, Nevada, region.
2017: More Apple Security Flaws, Cyberattacks, Hacktivisim
December 28, 2016
More security vulnerabilities will appear in the software of Adobe and Apple than in Microsoft's, more attacks on the Internet's infrastructure will occur, and cybersecurity events will stoke international tensions. Those are a few of the predictions for 2017 that security experts have made. Signs of hackers' increased interest in Adobe and Apple started appearing in 2016, Trend Micro noted.
Yahoo Suffers Major Data Breach Deja Vu
December 16, 2016
Yahoo has revealed that Net bandits stole data associated with 1 billion of its user accounts -- one of the largest data breaches in Internet history. The theft, which occurred in 2013, is distinct from the theft disclosed earlier this fall, in which 500 million accounts were compromised, Yahoo CISO Bob Lord explained. Stolen data may include names, email addresses, telephone numbers and more.
Ransomware Fighters Get New Free Tool
December 7, 2016
Ransomware has become a gold mine for digital criminals. In the first three months of this year, electronic extortionists squeezed $209 million from victims desperate to recover their data after it was scrambled by the malicious software, based on FBI estimates. At that rate, ransomware could funnel as much as $1 billion into criminal coffers this year.
Multinational Effort Halts Malware Avalanche
December 6, 2016
The DoJ on Monday released new details about the multinational takedown of Avalanche, a multimillion-dollar malware and money-laundering network, following a four-year probe led by German police and prosecutors. Assistant Attorney General Leslie R. Caldwell, Acting U.S. Attorney Soo C. Song and Assistant Director Scott S. Smith of the FBI's Cyber Division made the announcement in Pittsburgh.
China's Business-Unfriendly Cybersecurity Stance
November 30, 2016
China's parliament earlier this month passed a law aimed at addressing the country's concerns about hacking and terrorism, which has spiked concerns among foreign businesses and human rights advocates. One interpretation of the new law is that it only codifies China's existing cybersecurity practices. However, 46 global business groups across a variety of industries didn't see it that way.
Feds Need to Bolster Cyberprotection Speed and Range
November 29, 2016
Providing cybersecurity adequate to meet increasing threats is a perpetual catch-up process. Public sector agencies are particularly sensitive targets, with high visibility not only to the citizens they serve, but also to cyberattackers. A recent survey uncovered both a lack of speed in detecting and responding to attacks, and weak defenses of the full range of possible attack channels.
$5 PoisonTap Tool Easily Breaks Into Locked PCs
November 25, 2016
Proving once again that you can do a lot of damage with a little investment and a lot of ingenuity, security researcher Samy Kamkar recently managed to take down a locked, password-protected computer using a $5 Raspberry Pi. The low-tech cookie-siphoning intrusion is one of Kamkar's simplest hacks ever. He previously has unlocked car doors, garages, wireless remote cameras and other devices.
Russia's Fancy Bear Attacks Microsoft, Adobe as Election Nears
November 4, 2016
Microsoft earlier this week said it had fallen victim to "Strontium," its code name for the Russian hacking group also known as "Fancy Bear," which has been linked to recent attacks on Democratic Party systems. The group launched a spear phishing attack that targeted vulnerabilities in both the Windows operating system and Adobe Flash, according to Microsoft EVP Terry Myerson.
Antique Kernel Flaw Opens Door to New Dirty Cow Exploit
October 25, 2016
A Linux security vulnerability first discovered more than a decade ago once again poses a threat, Red Hat warned last week, as an exploit that could allow attackers to gain enhanced privileges on affected computers has turned up in the wild. Users need to take steps to patch their systems to prevent the exploit, known as "Dirty Cow," from granting access to unprivileged attackers.
What Should be on the Next President's Cyberagenda?
October 14, 2016
When the new president takes up residence at 1600 Pennsylvania Ave., cybersecurity will be on the shortlist for action. TechNewsWorld asked more than a dozen experts what should be at the top of the new leader of the free world's cyberagenda. Following are some of their responses. "The president has to set the tone early on cybersecurity within the first 100 days," said Cybereason's Sam Curry.
Odinaff Trojan Targets Banks, Financial Firms Worldwide
October 12, 2016
Symantec on Tuesday reported on a malware campaign that has targeted financial organizations worldwide for the past 10 months. Dubbed "Trojan.Odinaff," it has infiltrated the banking, securities, trading and payroll sectors, as well as organizations that provide them with support services. Odinaff is used in the first stage of an attack, to get a foothold into a network.
Newsweek Joins Growing Club of Possible Russian Cyberattack Targets
October 7, 2016
Newsweek is the latest media institution to get caught up in a series of cyberattacks that have targeted major government, political and media organizations, raising suspicions of links to Russia. The news magazine sustained a massive DDoS attack the day after it published a cover story about Republican presidential candidate Donald Trump's business activities in the late 1990s.
US Launches IT Contract to Spur Cybersecurity Purchases
October 6, 2016
The U.S. government plans to initiate an updated contracting vehicle for the acquisition of cybersecurity information technologies for federal agencies this month. The purpose of the program is to make it easier and more efficient for federal agencies to obtain cyberprotection services. Specifically, GSA will include cybertechnology providers on a major listing of approved federal contractors.
Garden-Variety Cybercrooks Breached Yahoo, Says Security Firm
September 30, 2016
The hackers who stole the data of hundreds of millions of Yahoo users two years ago were two cybercriminal gangs, InfoArmor reported. That finding contradicts the notion that state-sponsored actors were behind the attack, which Yahoo suggested when it disclosed the breach. Further, the number of users' records stolen is closer to 1 billion than to the 500 million Yahoo acknowledged.
Adobe Leaps From AWS to Microsoft's Cloud
September 28, 2016
Microsoft has announced a series of major enhancements to its enterprise cloud platform, as well as a new strategic partnership with Adobe, advancing its drive to attract new business from core competitors like Salesforce and Amazon. Microsoft has entered a strategic partnership to make Azure the preferred cloud platform for the Adobe Marketing Cloud, Adobe Creative Cloud and Adobe Document Cloud.
Cisco Battles Shadow Broker Exploits
September 28, 2016
Cisco has swung into action to combat a hacker group's exploitation of vulnerabilities in its firmware. The group, known as the "Shadow Brokers," released online malware and other exploits possibly stolen from the Equation Group, which is believed to have ties to the U.S. National Security Agency. Cisco earlier this month disclosed the vulnerability, even though patches were not yet ready.
Hack of Half a Billion Records Takes Shine Off Yahoo's Data Trove
September 23, 2016
Yahoo on Thursday disclosed that a data breach in late 2014 resulted in the theft of information from at least 500 million customer accounts. It appears that state-sponsored hackers carried out the attack, the company said. Account information compromised includes names, email addresses, telephone numbers, dates of birth, hashed passwords, and security questions and answers.
Oracle Snags Palerra to Beef Up Cloud Security
September 20, 2016
Oracle has agreed to buy cloud access security broker Palerra, whose LORIC software manages security and compliance for applications, workloads, and sensitive data stored across cloud services. Palerra "offers a unique combination of visibility into cloud usage, data security, user behavior analytics and security configurations, with automated incident responses," wrote Oracle SVP Peter Barker.
Congress to Bureaucrats: Trust No One
September 20, 2016
Congress earlier this month lowered the hammer on the U.S. Office of Personnel Management in a report on the massive data breach that resulted in the theft of 4.2 million former and current government employees' personnel files, as well as 21.5 million individuals' security clearance information, including fingerprints associated with 5.6 million of them.
Sony Kicks The Last Guardian Down the Road Again
September 16, 2016
The first wave of previews for SIE's long-in-development video game epic The Last Guardian appeared following a demo at the Tokyo Game Show earlier this week, and reactions were mixed. Much of the coverage of this PS4 game, first announced at E3 in 2007, has focused on its long development process and delays. It originally was to be a follow-up to Fumito Ueda's Shadow of the Colossus.
Nation States May Be Plotting Internet Takedown, Warns Cybersec Pro
September 14, 2016
Unknown attackers have been testing the defenses of companies that run critical parts of the Internet, possibly to figure out how to take them down, cybersecurity expert Bruce Schneier warned. Large nation states -- perhaps China or Russia -- are the likely culprits, he suggested. "Nation state actors are going to probe to find weaknesses in all of our technologies," said Tripwire's Travis Smith.
Massive Data Breach Puts French Sub Maker in Crosshairs
September 1, 2016
Officials in France and India are investigating a massive data breach involving thousands of documents belonging to defense industry contractor DCNS, which was scheduled to deliver six Scorpene-class submarines to the Indian navy later this year. Hackers stole more than 22,000 pages of documents that included detailed technical information on the vessels, some of which was published online.
To Protect Enterprise Data, Secure the Code
August 20, 2016
Responsibility for securing enterprise applications has been moving down the development lifecycle, and for good reason. It not only makes the enterprise more secure, but also saves companies time and money. For example, the average time to fix a vulnerability in IBM's application security solution has dropped from 20 hours to 30 minutes, according to Forrester Consulting.
Russian Gang Suspected of Hacking Oracle's POS System
August 20, 2016
Oracle has been investigating a point-of-sale system breach that may be the work of Russian cyberthieves. Hackers compromised at least 700 computers on the MICROS POS system, used by hundreds of thousands of hotels, restaurants and retail outlets worldwide to process credit card transactions, Krebs on Security reported earlier this month. More than 330,000 cash registers worldwide use MICROS.
Edward Snowden Sheds Light on Shadow Brokers
August 18, 2016
Edward Snowden has injected himself into an escalating cyberstruggle that could affect the U.S. presidential election. The reported hack of The Equation Group might have been a warning shot from Russia, Snowden claimed. The group, which is widely believed to be a front operation for the NSA, apparently was hacked over the weekend by a previously unknown outfit called the "Shadow Brokers."
Super-Sophisticated Spyware Spotted After 5-Year Run
August 16, 2016
Symantec and Kaspersky Lab last week separately announced the discovery of a highly sophisticated APT that had eluded security researchers for at least five years. A previously unknown group called "Strider" has been using Remsec, an advanced tool that seems to be designed primarily for spying. Its code contains a reference to Sauron, the main villain in The Lord of the Rings.
TCP Flaw Opens Linux Systems to Hijackers
August 11, 2016
A flaw in the RFC 5961 specification the Internet Engineering Task Force developed to protect TCP against blind in-window attacks could threaten Android smartphones, as well as every Linux computer on the planet. The flaw is described in a paper a team of researchers presented at the 25th Usenix Security Symposium, ongoing in Austin, Texas, through Friday.
See More Articles in Enterprise Security Section >>
Facebook Twitter LinkedIn Google+ RSS
What's most likely to cost a company your customer loyalty?
a major product fail
major unethical corporate behavior
public advocacy of social or political views I oppose
a really bad customer service experience
stagnation -- I'm attracted to innovation
none of the above -- I'll stick through thick and thin