OpManager: A single console to manage your complete IT infrastructure. Click here for a 30-day free trial.
Welcome Guest | Sign In
LinuxInsider.com
Duqu 2.0 Makes Other Malware Look Clunky
June 12, 2015
Duqu 2.0 may have just snatched the title of "most sophisticated malware ever," according to Kaspersky Lab, which published a report on the new threat this week. Kaspersky discovered Duqu 2.0 after the malware penetrated its own internal networks. "The philosophy and way of thinking of the Duqu 2.0 group is a generation ahead of anything seen in the APT world," said Kaspersky's Kurt Baumgartner.
Patch Tuesday Sunset Will Be a Mixed Bag for Windows Security
June 11, 2015
Microsoft will phase out Patch Tuesday -- its monthly potpourri of software product fixes -- when it rolls out Windows 10, which could be a mixed bag for the operating system's security. Patches will be applied automatically as they're ready. That means users no longer will have to wait until the second Tuesday in the month to secure their systems from potentially troublesome vulnerabilities.
US Snooping Costs High-Tech Sector $35B and Counting
June 10, 2015
Other countries' concerns over U.S. government surveillance programs likely will cost American businesses more than $35 billion, according to a report released Tuesday by the Information Technology & Innovation Foundation. Originally it was thought that the fallout from Edward Snowden's revelations of U.S. mass surveillance programs would be limited to cloud service providers.
US CIO Orders Federal Websites to Get More Secure
June 10, 2015
U.S. federal CIO Tony Scott on Monday sent a memo to the heads of executive departments and agencies requiring that all publicly accessible federal websites and Web services use HTTPS -- "the strongest privacy and integrity protection currently available for public Web connections." Some federal websites currently use HTTPS, but there has not been a consistent policy across the federal government.
Pega Healthcare CRM Promises 360-Degree View
June 9, 2015
Pega last week announced enhancements to Pegasystems Customer Service for Healthcare, an application that integrates customer service and care management to provide a 360-degree view of all customer interactions. The application provides call center agents with data across administrative, health and care management interactions with the goal of enabling them to provide better service.
OPM Security Was a Data Breach Waiting to Happen
June 9, 2015
Things could get worse before they get better as the FBI, US-CERT and Office of Personnel Management investigate a data breach that may have compromised the personal information of some 4 million current and past federal employees. Additional exposures of personal identifying information could be discovered, officials have warned. The OPM made the breach public last week.
BitTorrent's Bleep Hides Messages From Prying Eyes
June 4, 2015
BitTorrent's Bleep, a secure peer-to-peer messaging service, last month reached the end of its third trimester in alpha testing, and an official version became available for iOS, Android, OS X and PC. The official release is the first to reach iOS. Bleep's Whisper feature enables ephemeral messaging, along with the service's cloudless, end-to-end encrypted calling function.
Google's Android Permissions Get Granular
June 4, 2015
Google appears to be heeding warnings of security experts who say Android users need better control over what apps do with information from their phones. At I/O, its worldwide shindig for developers held last week, the company announced that the next version of its mobile operating system, Android M, would take a more granular approach to permissions for data requested by apps.
Google Creates One-Stop Privacy and Security Shop
June 2, 2015
Google has rolled out "My Account," a hub that lets users manage their Google settings, along with a new site that answers questions about its privacy and security practices. In addition to letting users manage their password and account-access settings, My Account allows them to review their security settings and activity. My Account also lets users manage personal information about themselves.
Feds' Photobucket Strategy Could Hobble White Hats
June 2, 2015
There's a new twist in the way feds are seeking to penalize bad actors for making and distributing software used in crimes, suggest recent arrests by Justice Department and FBI officials. "There's a more concerted campaign to go after go after those folks who are distributing in the underground," said Tom Kellermann, chief cybersecurity officer at Trend Micro.
Senate Ready to Rumble Over Freedom Act Amendments
June 2, 2015
The U.S. Senate on Tuesday voted to close debate on the USA Freedom Act, a measure that would prohibit the NSA from the indiscriminate collection Americans' phone call data. The bill already has passed in the House. However, the brawling over the bill is not quite over. The Senate has yet to address several proposed amendments to the legislation before voting on it later on Tuesday.
FBI to Dig Into IRS Data Breach Debacle
May 29, 2015
The United States Federal Bureau of Investigation is looking into a hack of the U.S. Internal Revenue Service that led to personal data being stolen from at least 100,000 taxpayers' accounts of the 200,000 that were hit. The hackers got the data by accessing the Get Transcript application, which lets taxpayers download data they filed with the service, the IRS announced Tuesday.
No Wrongdoing at NCIS, Says Defense Watchdog
May 28, 2015
The U.S. Department of Defense's Inspector General has rejected allegations that the Naval Criminal Investigative Service engaged in questionable domestic intelligence activity. The finding concluded a DoD IG probe spurred by allegations that NCIS was making available to military intelligence agencies its Law Enforcement Information Exchange, a database of 506.3 million law enforcement records.
Hush! Everybody's Listening!
May 27, 2015
Americans have been spied on by their own government for far longer than most realized, it turns out, and the United States National Security Agency's surveillance activities are just the tip of the iceberg. The FBI, which repeatedly has expressed dismay at Google and Apple securing their mobile OSes reportedly has become a major player in administering the NSA's warrantless surveillance program.
Are Feds Losing the Cybersecurity Fight?
May 27, 2015
U.S. government agencies have invested time, effort and significant funding in the last several years to meet the challenges of cybersecurity threats, but the payoff has been disappointing, according to a report from the ISC2 Foundation. As part of its seventh Global Information Security Workforce Study, the foundation included a section that involved a survey of 1,800 federal IT professionals.
Hackers Launch Sneak Attacks on Microsoft's Live ID
May 26, 2015
Hackers have been infiltrating Microsoft services by sending emails to targets saying their Live IDs have been used to distribute unsolicited email, and their accounts will be blocked unless they click on an embedded link and fulfill new security requirements, Kaspersky researcher Andrey Kostin reported last week. The hackers take advantage of OAuth's Open Redirect feature.
Containing the Zombie Malware Outbreak
May 22, 2015
Your computer could be operating as part of a botnet, sending out email spam, stealing confidential information, or furthering the spread of malware at this very moment. Computers can become zombies in many ways, but the most common technique is through a Trojan virus installed via malicious email attachments or drive-by downloads from infected websites.
Americans Hate Surveillance, Love Privacy: Report
May 21, 2015
Americans are deeply troubled by surveillance, data collection and the security of their data that's held by government agencies and private companies. The combined results of two Pew surveys suggest that the vast majority consider it important to be in control of their information. Eighty-eight percent of the respondents didn't want someone to watch or listen to them without their permission.
DoJ Calls On Private Sector to Strengthen Cybersecurity
May 20, 2015
The Justice Department is stepping up its program to engage more actively with the private sector on dealing with cybercrime and cybersecurity breaches. "We in government know that we cannot go it alone in fighting cybercrime. We need a strong partnership with you in the private sector," Assistant Attorney General Leslie Caldwell said at a recent Cybersecurity Industry Roundtable.
Venom Less Toxic Than Heartbleed
May 20, 2015
It was a little over a year ago that the Heartbleed bug shocked the Internet with its potential for mischief. Now another flaw in open source code has sent network administrators into damage control mode. The bug, called "Venom" for "Virtualized Environment Neglected Operations Manipulation," allows an intruder to jump out of a virtual machine and execute malicious code on its host.
The Rampant, Risky Babbling of Android Apps
May 19, 2015
Eurecom researchers recently developed an Android app that can monitor the network traffic of other apps to alert users of suspicious or malicious activity. With more than 1.2 million applications in the Google Play store, there are multiple programs for performing a particular task. That can make choosing an app a chore for users, they noted in a report released last month.
5 IT Security Implementation Myths
May 19, 2015
There's a common perception that implementing comprehensive IT security to protect against today's sophisticated threats and attacks is a difficult and expensive task, and that the benefits of replacing current solutions (even if highly ineffective) are seldom worthwhile. This mindset has resulted in many businesses dealing with a virtual patchwork of disparate systems.
FireEye, Microsoft Outsmart Clever Chinese Malware
May 15, 2015
FireEye and Microsoft have scotched a scheme by a group of cybercriminals based in China to use an IT pro forum to hide malicious activity, according to a report released Thursday. The Chinese gang known as "APT17" devised the scheme, which uses forum pages and profiles on Microsoft's TechNet, to cover traffic from machines infected with the group's Black Coffee malware.
Venom Vulnerability Could Violate Virtual Machines
May 14, 2015
Crowdstrike on Wednesday made public its discovery of yet another long-buried Linux vulnerability. "Venom," as it has been dubbed, was unearthed by the firm's senior security researcher, Jason Geffner. It is listed as vulnerability CVE-2015-3456. Venom exists in the virtual floppy drive code used by virtualization platforms based on QEMU, or quick emulator. It has been around since 2004.

See More Articles in Security Section >>
Facebook Twitter LinkedIn Google+ RSS
Should humans colonize Mars?
Yes. It's human nature to explore.
Yes. Earth is running out of resources.
No. It's too impractical and risky.
No. We should focus on saving Earth.
Maybe -- but not until a round-trip is possible.