Our Full-Service B2B Marketing Program Delivers Sales-Ready Leads Click to Learn More!
Welcome Guest | Sign In
ECommerceTimes.com
Study: Third-Party Apps Pose Risks for Enterprises
June 23, 2016
Since mobile computing put an end to the good old days when IT departments had absolute control over software deployed in the enterprise, there's been a rise in employees' use of third-party applications -- a rise that poses security risks to corporate environments. That is one of the findings in a report CloudLock released last week.
Google Makes It Easier to Do the 2-Step
June 21, 2016
Google on Monday began rolling out a new two-step authentication feature, Google Prompt, targeting enterprise employees. The new option consists of a pop-up that displays a mobile user's name and profile image, and that specifies the location and device involved in the attempted sign-in. The device owner is asked whether to allow or deny the sign-in.
Russians Hack DNC Servers to Get Goods on Trump
June 15, 2016
Two groups of Russian hackers burrowed into the Democratic National Committee's servers and spent months stealing information on Donald Trump, the Republican Party's presumptive presidential nominee, according to Crowdstrike. The security firm identified "two sophisticated adversaries on the network," noted CTO Dmitri Alperovitch, dubbed "Cozy Bear" and "Fancy Bear."
Banking Trojans Take Backseat to Ransomware
June 4, 2016
The banking trojan -- a type of malware used to steal credentials for bank accounts -- has been a staple of cyberthieves for years. However, ransomware, which has proven both easy to use and highly successful, has started eroding its popularity. In a typical banking trojan attack, a robber mounts a phishing campaign to entice a target to open an attachment or click on a link.
Hacker Hawks 2-Year-Old Cache of 117M LinkedIn User IDs
May 23, 2016
A hacker reportedly has offered to sell the account information of 117 million LinkedIn users, which was stolen in a 2012 hack. The data includes users' email addresses and passwords.The hacker, who goes by the handle "Peace," reportedly offered the data on The Real Deal -- a site on the dark web -- for 5 bitcoins -- about $2,200. LeakedSource last week announced it had more than 167 million stolen records.
Gang Surrenders Key to TeslaCrypt Ransomware Kingdom
May 20, 2016
Eset on Wednesday announced that it has fashioned a free tool that victims of all variants of the TeslaCrypt ransomware can use to unlock affected files. After the criminal gang behind TeslaCrypt recently abandoned support of the malicious software, an Eset analyst contacted the group anonymously, using the channel offered to ransomware victims, and asked for the universal master decryption key.
Flaw Puts a Billion Wireless Mice at Risk
May 20, 2016
Wireless mice and keyboards are the perfect accessories for a world in which devices increasingly are shuffling off their connection coils, but those accessories -- especially untethered rodents -- also can create new threats for those who use them. One such threat is Mousejack. The attack exploits a vulnerability found in 80 percent of wireless mice.
Docker Ramps Up Container Security
May 13, 2016
Docker this week announced the rollout of security scanning technology to safeguard container content across the entire software supply chain. Docker Security Scanning is an opt-in service for Docker Cloud private repository plans. It provides a security assessment of the software included in container images. It enables detailed image security profiles.
Data Breaches Chip Away at IT Pros' Confidence in Security
May 12, 2016
The daily barrage of data breach news appears to be eroding confidence in security solutions. Fifty percent of IT pros aren't confident about the ability of their security measures to protect their data, according to a survey released last week by Barkly. The high percentage of IT pros with doubts about their security systems caught Barkly CTO Jack Danahy off-guard.
Report: Companies in the Dark About Their Open Source Risk Exposure
May 10, 2016
Commercial software is full of security vulnerabilities from unpatched open source components developers use, according to a report Black Duck Software issued last week. Software companies misjudge how much open source code their commercial products contain, according to the report, which is based on an analysis of 200 applications researchers viewed over the previous six months.
ISIS Cyberthreat: Puny but Gaining Power
May 5, 2016
The Islamic State group's cyberwar capabilities are unsophisticated, but they won't be that way for long. That was the conclusion of a 25-page report released last week by Flashpoint. The report, "Hacking for ISIS: The Emergent Cyber Threat Landscape," found that the Islamic State's "overall capabilities are neither advanced nor do they demonstrate sophisticated targeting."
Cybersecurity Goals to Guide Federal Software Spending
May 4, 2016
The U.S. government is on track to significantly boost spending on cybersecurity solutions. However, evolving requirements to greatly improve federal protection of information technology resources will shape that spending. In fact, federal cyberprotection goals should be augmented and significantly modified, according to recent studies of the federal market.
IT Execs Join Federal Cybersecurity Panel
April 28, 2016
Key components of the Obama administration's multipronged cybersecurity initiative keep falling into place. One of the most recent developments was the formation of a federal Commission on Enhancing National Cybersecurity. Another was the formal introduction in Congress of the administration's information technology investment plan, which is heavily tilted toward cybersecurity protection.
White Hat Finds Security Threats on Facebook's Corporate Net
April 26, 2016
A white hat hacker last week announced the discovery of more than a half-dozen security flaws in some software Facebook used on its corporate network. While performing penetration testing third-party software in a network appliance Facebook used, Orange Tsai discovered seven vulnerabilities that attackers could use to compromise a system, as well as a backdoor script left by someone else.
Insurance Industry Buzzes Over Data Breach Ruling
April 21, 2016
If the rash of data breaches in recent months has done anything for businesses, it's raised their awareness of cyber liability insurance. The market for cyber liability insurance is expected to increase dramatically as businesses become more aware that their current policies don't adequately cover cyber-risks, according to the National Association of Insurance Commissioners.
Journalist Gets 2-Years in Prison for Aiding Anonymous Prank
April 19, 2016
A U.S. District Court judge last week sentenced Matthew Keys to two years in prison after he was found guilty of conspiring with the hacker group Anonymous to break into the Los Angeles Times' website and modify a news story. Keys had been site administrator for KTXL Fox 40, which was owned by Tribune, the same company that owned the Times.
Feds Prep for Cybersecurity Buying Spree
April 18, 2016
The U.S. government's objectives for improving cybersecurity are taking shape in updated contracting procedures, contracts and projected increases in spending. Recent developments have underscored the federal commitment to IT security. The GSA has asked vendors to respond by Wednesday to a research survey on what it should do to expedite federal acquisition of cybersecurity products and services.
Microsoft Sues DoJ Over Spying Gag Orders
April 15, 2016
Microsoft on Thursday filed suit against the U.S. Department of Justice challenging the gag orders that accompany requests to access customers' private emails and other data. The orders prevent the company from notifying affected customers about the government's demands. The case is the fourth public lawsuit it has filed against the Justice Department in three years.
E2E Encryption Could Make WhatsApp a Spam Magnet
April 15, 2016
Facebook's WhatsApp last week announced it would roll out end-to-end encryption for its users, but the move could make the service more attractive to spammers. While encryption can safeguard information from data thieves, it also can block data protectors. The policy "will not stop the growth of spam on the platform and could make the problem worse," AdaptiveMobile's Simeon Coney said.
Hortonworks Ramps Up Hadoop Security
April 14, 2016
Hortonworks this week announced a series of enterprise security efforts to bolster performance and data safety with its Hortonworks Data Platform. The company announced that Pivotal Software will standardize on Hortonworks' Hadoop distribution. The thrust of the product announcements concerned updates on applying security policies and maintaining data governance.
CFPB Asserts Jurisdiction Over E-Commerce Privacy Regulation
April 12, 2016
Another federal agency has entered the arena for regulating e-commerce companies regarding the protection of consumer data. The federal Consumer Financial Protection Bureau has closed its first and so far only privacy case with a consent agreement between itself and an online payments processor. The CFPB charged that Dwolla misled consumers that its information was encrypted and stored securely.
Adobe Issues Emergency Patch to Head Off Flash Ransomware Attacks
April 11, 2016
Adobe last week issued an emergency security patch to fix a vulnerability in Flash that could leave users vulnerable to a ransomware attack. The vulnerability exists in Adobe Flash Player 21.0.0.197 and earlier versions for Windows, Macintosh, Linux and Chrome operating systems. It can cause a crash and leave the computer vulnerable to attackers, the company said.
DC Healthcare Provider Limps On After Malware Attack
April 1, 2016
Despite its computer systems being infected with malware since Monday, MedStar Health, which operates 10 hospitals and more than 250 outpatient facilities in and around Washington, D.C., has continued to provide patient care at near normal levels, according to several updates released this week. Since the malware attack occurred, MedStar Health has treated an average of 3,380 patients a day.
Firm Wins Patent for Novel Way to Detect Spearphishing
March 31, 2016
Hackers in recent weeks have stepped up their efforts to steal employee tax information from companies in all kinds of industries. Typically, the information contained on IRS form W-2 is used to file false tax returns or steal someone's identity. The situation has become so bad that the IRS earlier this month issued an alert to human resources and payroll professionals about the subject.
Chinese National Cops Plea in Defense Secrets Case
March 29, 2016
A Chinese aviation and aerospace businessman last week pleaded guilty to participating in a conspiracy to steal sensitive military and export-controlled data from major U.S. defense contractors and send the information to China, according to the U.S. Department of Justice. Su Bin, also known as Stephen Su and Stephen Subin, entered the plea before Judge Christina A. Snyder.
Ransomware's Aftermath Can Be More Costly Than Ransom
March 24, 2016
Downtime caused by a ransomware attack can cost a company more than paying a ransom to recover data encrypted by the malware, according to a report released last week by Intermedia. Nearly three-quarters (72 percent) of companies infected with ransomware could not access their data for at least two days because of the incident, and 32 percent couldn't access their data for five days or more.
Apple Ransomware Reveals Cert Problem
March 17, 2016
Researchers last week discovered the first ransomware in the wild aimed at Apple's hardware platform. While the threat was subdued quickly, it exposed the weakness of digital certificates in authenticating software to devices. The ransomware appeared as a legitimate application because it contained a digital certificate stolen from a bona fide Mac developer in Turkey.
White House Proposes $3B IT Update Fund
March 10, 2016
The Obama administration is seeking $3.1 billion for a modernization fund to update federal IT resources that need to be replaced with more efficient systems. The fund would bolster the government's annual spending on IT, which is set for a modest increase to $89.8 billion in the administration's proposed budget for fiscal 2017. Upgrading older systems has been a concern for some time.
Quantum Computer Leap Could Make Today's Encryption Passe
March 8, 2016
Researchers at MIT and the University of Innsbruck last week announced that they had designed and constructed the world's first scalable quantum computer, a development that could make existing encryption technology obsolete. They built the computer using five atoms in an ion trap. The researchers used laser pulses to carry out an algorithm on each atom to correctly factor the number 15.
Malvertisers Use Digital Fingerprints to Avoid Detection
March 4, 2016
In the world of computer security, fingerprints are found in more places than where the tips of hands touch. That's because the term is applied to any data set that can be used to make a unique identification. Antifraud programs online retailers use can identify customers by the structure of the files on their computers. In fact, the technique works so well, malicious actors use it.
See More Articles in Enterprise Security Section >>
Facebook Twitter LinkedIn Google+ RSS
Live streaming video...
is the next big thing.
is a passing fad.
will dramatically improve citizen journalism.
will feed a lot more disturbing imagery to the Web.
doesn't interest me.