Welcome Guest | Sign In
LinuxInsider.com
To Protect Enterprise Data, Secure the Code
August 20, 2016
Responsibility for securing enterprise applications has been moving down the development lifecycle, and for good reason. It not only makes the enterprise more secure, but also saves companies time and money. For example, the average time to fix a vulnerability in IBM's application security solution has dropped from 20 hours to 30 minutes, according to Forrester Consulting.
Russian Gang Suspected of Hacking Oracle's POS System
August 20, 2016
Oracle has been investigating a point-of-sale system breach that may be the work of Russian cyberthieves. Hackers compromised at least 700 computers on the MICROS POS system, used by hundreds of thousands of hotels, restaurants and retail outlets worldwide to process credit card transactions, Krebs on Security reported earlier this month. More than 330,000 cash registers worldwide use MICROS.
Edward Snowden Sheds Light on Shadow Brokers
August 18, 2016
Edward Snowden has injected himself into an escalating cyberstruggle that could affect the U.S. presidential election. The reported hack of The Equation Group might have been a warning shot from Russia, Snowden claimed. The group, which is widely believed to be a front operation for the NSA, apparently was hacked over the weekend by a previously unknown outfit called the "Shadow Brokers."
Super-Sophisticated Spyware Spotted After 5-Year Run
August 16, 2016
Symantec and Kaspersky Lab last week separately announced the discovery of a highly sophisticated APT that had eluded security researchers for at least five years. A previously unknown group called "Strider" has been using Remsec, an advanced tool that seems to be designed primarily for spying. Its code contains a reference to Sauron, the main villain in The Lord of the Rings.
TCP Flaw Opens Linux Systems to Hijackers
August 11, 2016
A flaw in the RFC 5961 specification the Internet Engineering Task Force developed to protect TCP against blind in-window attacks could threaten Android smartphones, as well as every Linux computer on the planet. The flaw is described in a paper a team of researchers presented at the 25th Usenix Security Symposium, ongoing in Austin, Texas, through Friday.
900 Million Androids Could Be Easy Prey for QuadRooter Exploits
August 9, 2016
Four newly identified vulnerabilities could affect 900 million Android devices, Check Point researchers disclosed. The vulnerabilities, which the researchers dubbed "QuadRooter," affect Android devices that use Qualcomm chipsets. They exist in the chipset software drivers. The drivers, which control communications between chipset components, are incorporated into Android builds.
Apple to Enlist the Aid of a Few Good Hackers
August 6, 2016
Apple has introduced its first bug bounty program, set to launch in September. Ivan Krstic, head of Apple security engineering and architecture, announced the program at the Black Hat security conference in Las Vegas. The focus reportedly is on an exceptionally high level of service, and on quality over quantity. Participation in the program initially will be by invitation only.
Linux Botnets on a Rampage
August 5, 2016
Linux-operated botnet Distributed Denial of Service attacks surged in this year's second quarter, due to growing interest in targeting Chinese servers, according to a Kaspersky Lab report released this week. South Korea kept its top ranking for having the most command-and-control servers. Brazil, Italy and Israel ranked among the leaders behind South Korea for hosting C&C servers, according to Kaspersky Lab.
Old Tech Can Create New Security Woes
August 3, 2016
"Patch your systems in a timely manner" is a mantra of security experts, but what happens when the patch well runs dry because a product's maker no longer supports it? That is a situation facing many large enterprises, and it's one that poses security risks. Between 30 percent and 50 percent of the hardware and software assets in the average large enterprise have reached their end-of-life date.
Federal Agencies Seek Cyberdefenders
August 2, 2016
The U.S. government is in the process of hiring a small army of IT specialists to bolster its efforts to protect data held at federal agencies from cybersecurity threats. The feds hired 3,000 new cybersecurity and IT professionals in the first six months of the current fiscal year. The hiring spree is just one component of a "first ever" Federal Cybersecurity Workforce Strategy.
Windows 10 Is About to Get More Secure, Easier to Use
August 1, 2016
Microsoft is poised to roll out its Windows 10 Anniversary Update on Tuesday. The free update includes two security innovations for individual customers: Windows Hello for apps and websites; and Windows Defender. Enterprises will get Windows Defender Advanced Threat Protection, which detects, investigates and responds to advanced malicious attacks on networks; and Windows Information Protection.
KeySniffer Follows the Scent of Cheap Wireless Keyboards
July 29, 2016
A vulnerability in inexpensive wireless keyboards lets hackers steal private data, Bastille reported this week. The vulnerability lets hackers use a new attack the firm dubbed "KeySniffer" to eavesdrop on and capture every keystroke typed from up to 250 feet away. The stolen data is rendered in clear text. It lets hackers search for victims' credit card information, passwords and more.
Public-Private Team Leads Assault on Ransomware
July 28, 2016
Ransomware has become a scourge on the Internet -- but two information security companies, along with a pair of law enforcement agencies, this week launched an initiative to do something about it. No More Ransom is the centerpiece of a collaborative effort involving Kapersky Lab, Intel Security, the Dutch National Police and Europol. The new portal aims to educate the public about ransomware.
FBI Launches Probe Into DNC Email Hack
July 26, 2016
The FBI on Monday confirmed it has opened an investigation into allegations that the Wikileaks email dump of nearly 20,000 DNC emails over the weekend might be linked to the Russian government. Hackers connected to Russian intelligence agencies allegedly have been working to help tilt the U.S. presidential election. "The FBI is investigating a cyber intrusion involving the DNC," the agency said.
Civil Rights Office Issues Ransomware Guidance
July 22, 2016
Ransomware infections are on the rise, and healthcare organizations are ripe targets, which may be why the federal government addressed the subject last week. Ransomware attacks have risen from about 1,000 a day last year to 4,000 a day this year, Symantec has reported. Many of those attacks are for small change, but some of the larger ones have been directed at healthcare providers.
Congressional Committee Report Finds Something Rotten at FDIC
July 18, 2016
Officials at the U.S. Federal Deposit Insurance Corporation, which insures deposits in U.S. banks, made false statements to Congress and failed to make timely notification of serious cybersecurity breaches, according to a U.S. House of Representatives Committee on Science, Space and Technology's interim staff report. FDIC CIO Lawrence Gross has created a toxic work environment, it also says.
Mobile Ransomware Has Mushroomed: Report
July 8, 2016
The number of mobile ransomware victims across the globe has increased fourfold compared to a year ago, suggests a Kaspersky Lab report. Kaspersky software protected 136,532 users targeted by ransomware from April 2015 to March 2016 -- up from 35,413. "The growth curve may be less than that seen for PC ransomware, but it is still significant enough to confirm a worrying trend," the report notes.
BlackBerry Lets Go of Its Classic Phone
July 5, 2016
BlackBerry on Tuesday announced it will cease manufacturing the BlackBerry Classic. "The Classic has long surpassed the average lifespan for a smartphone in today's market," noted COO Ralph Pini. "To keep innovating and advancing our portfolio, we are updating our smartphone lineup with state-of-the-art devices." BlackBerry intends to continue supporting its BlackBerry 10 platform, however.
Symantec Scrambles to Fix Flaws After Google Sounds Alarm
July 5, 2016
Symantec last week confirmed that it had developed fixes for a series of eight vulnerabilities found in its portfolio of security products for enterprise and consumer customers, after an outside researcher identified the problem. A researcher from Google's Project Zero alerted the company, but there was no evidence of the vulnerability being exploited in the wild.
Pichai Account Trespassers Claim Their Hacking Heart's in the Right Place
June 29, 2016
Hackers late Sunday broke into CEO Sundar Pichai's Quora account and through it accessed his Twitter followers, according to reports. The group taking credit for the breach, OurMine Security, previously hit other prominent high-tech figures, including Facebook CEO Mark Zuckerberg, Spotify CEO Daniel Elk, Amazon CTO Werner Vogels and former Twitter CEO Dick Costolo.
Study: Third-Party Apps Pose Risks for Enterprises
June 23, 2016
Since mobile computing put an end to the good old days when IT departments had absolute control over software deployed in the enterprise, there's been a rise in employees' use of third-party applications -- a rise that poses security risks to corporate environments. That is one of the findings in a report CloudLock released last week.
Google Makes It Easier to Do the 2-Step
June 21, 2016
Google on Monday began rolling out a new two-step authentication feature, Google Prompt, targeting enterprise employees. The new option consists of a pop-up that displays a mobile user's name and profile image, and that specifies the location and device involved in the attempted sign-in. The device owner is asked whether to allow or deny the sign-in.
Russians Hack DNC Servers to Get Goods on Trump
June 15, 2016
Two groups of Russian hackers burrowed into the Democratic National Committee's servers and spent months stealing information on Donald Trump, the Republican Party's presumptive presidential nominee, according to Crowdstrike. The security firm identified "two sophisticated adversaries on the network," noted CTO Dmitri Alperovitch, dubbed "Cozy Bear" and "Fancy Bear."
Banking Trojans Take Backseat to Ransomware
June 4, 2016
The banking trojan -- a type of malware used to steal credentials for bank accounts -- has been a staple of cyberthieves for years. However, ransomware, which has proven both easy to use and highly successful, has started eroding its popularity. In a typical banking trojan attack, a robber mounts a phishing campaign to entice a target to open an attachment or click on a link.
Hacker Hawks 2-Year-Old Cache of 117M LinkedIn User IDs
May 23, 2016
A hacker reportedly has offered to sell the account information of 117 million LinkedIn users, which was stolen in a 2012 hack. The data includes users' email addresses and passwords.The hacker, who goes by the handle "Peace," reportedly offered the data on The Real Deal -- a site on the dark web -- for 5 bitcoins -- about $2,200. LeakedSource last week announced it had more than 167 million stolen records.
Gang Surrenders Key to TeslaCrypt Ransomware Kingdom
May 20, 2016
Eset on Wednesday announced that it has fashioned a free tool that victims of all variants of the TeslaCrypt ransomware can use to unlock affected files. After the criminal gang behind TeslaCrypt recently abandoned support of the malicious software, an Eset analyst contacted the group anonymously, using the channel offered to ransomware victims, and asked for the universal master decryption key.
Flaw Puts a Billion Wireless Mice at Risk
May 20, 2016
Wireless mice and keyboards are the perfect accessories for a world in which devices increasingly are shuffling off their connection coils, but those accessories -- especially untethered rodents -- also can create new threats for those who use them. One such threat is Mousejack. The attack exploits a vulnerability found in 80 percent of wireless mice.
Docker Ramps Up Container Security
May 13, 2016
Docker this week announced the rollout of security scanning technology to safeguard container content across the entire software supply chain. Docker Security Scanning is an opt-in service for Docker Cloud private repository plans. It provides a security assessment of the software included in container images. It enables detailed image security profiles.
Data Breaches Chip Away at IT Pros' Confidence in Security
May 12, 2016
The daily barrage of data breach news appears to be eroding confidence in security solutions. Fifty percent of IT pros aren't confident about the ability of their security measures to protect their data, according to a survey released last week by Barkly. The high percentage of IT pros with doubts about their security systems caught Barkly CTO Jack Danahy off-guard.
Report: Companies in the Dark About Their Open Source Risk Exposure
May 10, 2016
Commercial software is full of security vulnerabilities from unpatched open source components developers use, according to a report Black Duck Software issued last week. Software companies misjudge how much open source code their commercial products contain, according to the report, which is based on an analysis of 200 applications researchers viewed over the previous six months.
See More Articles in Enterprise Security Section >>
Facebook Twitter LinkedIn Google+ RSS
Is fake news a major problem?
Yes -- people don't know which news to trust.
No -- it's very easy to spot.
Yes -- it's propaganda warfare, and the U.S. is losing.
No -- people have always believed what suited them.
Yes -- but only temporarily, as people are catching on.
No -- much of it actually isn't fake.