No One Can Afford an Attack - Find the best Cybersecurity Pros to Protect Your Business Data
Welcome Guest | Sign In
ECommerceTimes.com
Malware Embedded in CCleaner Tool Puts Millions at Risk
September 19, 2017
Malicious code has been discovered in two versions of Piniform's CCleaner housekeeping utility, the company disclosed on Monday. Piniform is owned by Avast, whose security products are used by more than 400 million people. The malware infecting CCleaner could give hackers control over the devices of more than 2 million users. CCleaner is designed to rid computers and mobile phones of junk.
FTC Confirms Probe Into Equifax Data Breach
September 15, 2017
In a rare move, the U.S. Federal Trade Commission on Thursday confirmed that it has opened an investigation into the data breach at Equifax that compromised the sensitive personal information of 143 million U.S. consumers. The FTC announcement came less than a week after Equifax revealed that an unknown party had gained access to names, addresses, Social Security Numbers and other data belonging to nearly half the U.S. population.
Apache Mounts Strong Defense, Equifax Retreats
September 12, 2017
The Apache Software Foundation has responded to accusations that the massive data breach Equifax disclosed last week resulted from a flaw in Apache's open source code. One of the largest financial data breaches in U.S. history, it exposed names, addresses, Social Security Numbers, birth dates, driver's license numbers and other sensitive information belonging to 143 million U.S. consumers.
Credit Agency Equifax Cracked, 143 Million Consumers Exposed
September 8, 2017
Consumer credit reporting agency Equifax suffered a major criminal data breach that exposed personal information of as many as 143 million consumers in the U.S. between mid-May and July of this year. The attack exposed a range of sensitive personal data, including names, addresses, Social Security Numbers, dates of birth, and in some cases driver's license numbers, Equifax said.
Global Cyberattack on Energy Sector Stokes Deep Fears
September 7, 2017
The hacker group known as "Dragonfly" is behind sophisticated wave of recent cyberattacks on the energy sectors of Europe and North America, Symantec reported. The attacks could provide the group with the means to severely disrupt energy operations on both continents. Dragonfly launched a simililar campaign from 2011 to 2014, but it entered a quiet period in 2014 after its activities were exposed.
Consumers Gain More Power to Seek Data Breach Damages
August 21, 2017
There are no good outcomes of an electronic data system breach. At best, companies dealing with e-commerce technologies face the formidable task and the resulting cost of repairs. In addition having to fix information technology systems, companies suffering breaches may be increasingly vulnerable to legal action taken by customers whose personal data was affected.
The War Room: Experiential Security Planning
August 16, 2017
Ask any security practitioner about ransomware nowadays, and chances are good you'll get an earful. Recent outbreaks like Petya and WannaCry have left organizations around the world reeling, and statistics show that ransomware is on the rise. For example, 62 percent of participants surveyed for ISACA's recent "Global State of Cybersecurity" survey experienced a ransomware attack in 2016.
HBO Cyberattack Driven By Mysterious Motives
August 3, 2017
HBO on Wednesday admitted that it had been targeted by a cyberattack, confirming an anonymous email the alleged hackers distributed to media outlets last weekend. Among the content that may have been compromised were upcoming episodes of the series Ballers, Barry and Room 104, along with script outlines of the channel's hit show Games of Thrones.
Open Source Flaw 'Devil's Ivy' Puts Millions of IoT Devices at Risk
July 21, 2017
Millions of IoT devices are vulnerable to cybersecurity attacks due to a vulnerability initially discovered in remote security cameras. Senrio found the flaw in a security camera developed by Axis Communications, one of the world's biggest manufacturers of the devices. The Model 3004 security camera is used for security at the Los Angeles International Airport, according to Senrio.
Petya's Ransomware Cloaking Device
July 11, 2017
Recent ransomware threats have escalated into a global crisis, and cybersecurity experts and government authorities have redoubled their investigative efforts. Of grave concern is the possibility that the recent Petya attack had more sinister motives than typical ransomware operations, and that state actors were involved behind the scenes. The Petya attack actually used ransomware as a cover.
Petya Ransomware Sinks Global Businesses Into Chaos
June 28, 2017
A new ransomware exploit dubbed "Petya" struck major companies and infrastructure sites this week, following last month's WannaCry ransomware attack, which struck more than 300,000 computers worldwide. Petya is believed to be linked to the same set of hacking tools as WannaCry. Petya already has impacted a Ukrainian international airport and shut down radiation monitoring systems at Chernobyl.
Cyberattackers Kick Down a Few Parliament Email Doors
June 27, 2017
The United Kingdom's Parliament on Monday reported a cyberattack on its email system over the weekend, when hackers attempted to access user accounts without authorization. Due to the "robust measures" in place to protect the legislative body's accounts and networks, fewer than 1 percent of the 9,000 accounts on the network were compromised, officials said. Accounts that were compromised reportedly had weak passwords.
Sudo or Sudo Not, There Is No (4th) Try
June 24, 2017
If you're a Linux user, at some point in some tutorial or troubleshooting guide you've more than likely encountered Linux's magic word: "sudo". A casual observer probably can tell you that it's used to access restricted functions on your computer, but there is much more to it than that. My hope is that by taking a moment to learn about the power of "sudo", you will be better equipped to use it.
3 WannaCry Talking Points to Win Security Buy-In
June 21, 2017
By this point, most technology practitioners -- and nearly all security practitioners -- know about WannaCry. In fact, you might be sick of people analyzing it, rehashing it, sharing "lessons learned" about it, and otherwise laying out suggestions -- in some cases, contradictory -- about what you might do differently in the future. The level of unsolicited advice can border on the annoying.
Microsoft Buys Hexadite to Toughen Windows Security
June 9, 2017
Microsoft on Thursday said it has agreed to buy a Hexadite, which incorporates artificial intelligence in its automated responses to cyberthreats. The acquisition will help bolster the company's efforts to help commercial Windows 10 customers deal with advanced attacks on their networks, Microsoft said. The acquisition will include Hexadite's endpoint security automated remediation.
Hacking and Linux Go Together Like 2 Keys in a Key Pair
May 31, 2017
Ever since taking an interest Linux, with the specific aim of better understanding and enhancing my personal digital security, I have been fascinated by hacker conferences. As soon as I learned of their existence, I made a point of keeping tabs on the major conferences so I could browse through the latest videos in their archive once each one wraps up. I thought that was the closest I would get.
Crate.io Packs New Features, Services Into DB Upgrade
May 17, 2017
Crate.io on Tuesday announced an upgrade to its open source CrateDB, and introduced a commercial version. The database now is available as a managed service as well. CrateDB 2.0 features clustering enhancements and SQL improvements. The enterprise edition adds authentication and authorization features for enhanced security, which are not provided in the open source version.
Massive Ransomware Attack Reaps Meager Profits
May 17, 2017
The WannaCry ransom attack that quickly circled the globe last week is not yet fully contained. So far, it has impacted more than 300,000 computers in 150 countries. However, one of the remarkable things about it is that only a trifling $100,000 in ransom, give or take, apparently has been paid. That represents a surprisingly low response from an attack generally considered the biggest ever.
Microsoft Bashes NSA Following Massive Ransomware Attacks
May 15, 2017
Microsoft this weekend unleashed its wrath on the National Security Agency, alleging it was responsible for the ransomware attack that began last week and has spread to thousands of corporate, government and individual computer systems around the world. Microsoft Chief Legal Officer Brad Smith launched a blistering attack on the NSA and governments worldwide.
British Hospitals, FedEx Among Thousands Hit by Ransomware
May 13, 2017
Authorities are investigating a massive ransomware attack that reportedly hit more than 45,000 computers in 74 countries worldwide, including the UK's NHS England national health service, international delivery service FedEx, and Spanish telecom firm Telefonica. Security experts have linked the exploit to an earlier leak by the Shadow Brokers, who allegedly pilfered hacking tools from the NSA.
Flaw in Intel Chips Could Open Door to Botnet Armies
May 9, 2017
A 7-year-old flaw in Intel chips could enable hijackers to gain total control of business computers and use them for malicious purposes. The Intel AMT vulnerability is the first of its kind, according to Embedi, which released technical details about it last week. Attackers could exploit the flaw to get full control over business computers, even those turned off but plugged into an outlet.
Surviving the Security 'Skills Desert'
May 8, 2017
If you've ever spent time in a desert, it may seem inconceivable to you that creatures actually can live there. The fact that animals not only survive, but also thrive in those conditions seems counterintuitive. In fact, a number of animals do so -- in many cases, they are aided by an array of specialized adaptations that allow them to leverage the environment to their advantage.
New Strain of Linux Malware Could Get Serious
April 25, 2017
A new strain of malware targeting Linux systems, dubbed "Linux/Shishiga," could morph into a dangerous security threat. Eset disclosed the threat, which represents a new Lua family unrelated to previously seen LuaBot malware. Linux/Shishiga uses four protocols -- SSH, Telnet, HTTP and BitTorrent -- and Lua scripts for modularity, wrote Detection Engineer Michal Malik and Eset researchers.
Microsoft Inches Toward a World Without Passwords
April 20, 2017
Microsoft has announced the general availability of its phone sign-in for customers with Microsoft accounts -- a system that could be the beginning of the end for passwords. The new system requires that customers add their accounts to the Microsoft Authenticator app, which comes in both iOS and Android versions, noted Alex Simons, director of program management of the Microsoft Identity Division.
Report: Commercial Software Riddled With Open Source Code Flaws
April 19, 2017
Black Duck Software has released its 2017 Open Source Security and Risk Analysis, detailing significant cross-industry risks related to open source vulnerabilities and license compliance challenges. Black Duck conducted audits of more than 1,071 open source applications for the study. There are widespread weaknesses in addressing open source security vulnerability risks across key industries.
Microsoft's Timely Response to Shadow Brokers Threat Raises Questions
April 18, 2017
Just as the Shadow Brokers hacker group started crowing about a dump of never-seen-before flaws in Windows, Microsoft announced it already had fixed most of the exploits. "Today, Microsoft triaged a large release of exploits made publicly available by Shadow Brokers," said Microsoft Principal Security Group Manager Phillip Misner. "Most of the exploits are already patched."
Don't Let the Next Catastrophic Phishing Scandal End Your Career
March 27, 2017
What I think is amazing about all of the massive data breaches we hear about is that we know most are not reported. For every email, customer record, or financial theft in the news, there likely are hundreds that remain in the shadows. Yet another incident came to light last week. A clever Lithuanian individual was able to pull a whopping $100 million from a bunch of unnamed Internet companies.
WikiLeaks Exposes CIA's Device Surveillance Tricks
March 23, 2017
WikiLeaks has released more Vault 7 documentation online, including details about several CIA projects to infect Apple's Mac computer firmware and operating system. The site unloaded its first batch of stolen Vault 7 data earlier this month. The CIA's Embedded Development Branch developed malware that could persist even if the targeted computer were reformatted and its OS were reinstalled.
IBM Launches Enterprise-Strength Blockchain as a Service
March 20, 2017
IBM has unveiled the first enterprise-ready Blockchain as a Service offering based on The Linux Foundation's open source Hyperledger Fabric. IBM Blockchain, which lets developers quickly establish highly secure blockchain networks on the IBM cloud, is a transformative step in being able to deploy high-speed, secure business transactions through the network on a large scale, the company said.
Intelligence-Driven Supply Chain Resilience
March 20, 2017
Information security practices are undergoing a transformation. For at least a decade, environments have been becoming less perimeter-centric: Gone are the good old days when in-line controls protected the trusted, safe interior from the "wild west" of the outside. As environments become more complex and externalized, the traditional "perimeter" loses meaning.
See More Articles in Enterprise Security Section >>
Facebook Twitter LinkedIn Google+ RSS
What do you think of Apple's new iPhones?
I plan to buy an iPhone X.
I plan to buy an iPhone 8 or 8 Plus.
With the X, the iPhone 8 models already seem inferior.
Any of the new iPhones is better than any other phone.
No phone is worth $1K to me.
I'd never buy an iPhone, regardless of price.
The Entrepreneur's Phone System