Get the E-Commerce Minute Newsletter from the E-Commerce Times » Subscribe Today
Welcome Guest | Sign In
ECommerceTimes.com
Get the ICMI Agent Experience Toolkit
Spotlight on Cybersecurity Awareness: Own IT, Secure IT, Protect IT
September 27, 2019
Cybersecurity should be a concern for all businesses -- large and small. Cybersecurity also should be a concern for consumers, government agencies, and basically anyone who relies on the Internet in our increasingly connected world. Among efforts to focus attention on the threatscape is designating October as National Cyber Security Awareness Month.
Multi-Cloud Strategy May Pose Higher Security Risk: Study
September 6, 2019
Users of a multi-cloud storage strategy may be twice as likely to face a security breach as those that use hybrid or single clouds, suggests a report from UK-based security specialist Nominet. Fifty-two percent of survey respondents who adopted a multi-cloud approach suffered a data breach over the past 12 months, compared to 24 percent of hybrid cloud users, and 24 percent of single-cloud users.
Report: Chinese Hackers Eye US Cancer Research
August 27, 2019
Hackers affiliated with the Chinese government have been making a concerted effort to steal medical research, particularly cancer research, from U.S. institutions. The step-up in medical research theft by Chinese APT hacker groups appears to be linked to China's growing concern over cancer mortality rates and increasing healthcare costs. Cancer in the leading cause of death in China.
Security Pros: Be on High Alert for Certificate Changes
August 22, 2019
They say that the key to good security is constant vigilance. As a practical matter, this means that it's important for security and network pros to pay attention to two things: changes in the threat landscape, so they can be on the alert for how their systems might be attacked; and changes and developments in the technologies they employ. These consequences matter quite a bit.
Yubico Offers Dual Lightning, USB-C Dongle to Secure Devices
August 21, 2019
Owners of iPhones looking for an extra measure of protection when using applications and logging into websites can get it with a new dongle from Yubico. Its new YubiKey 5Ci, which retails for $70, supports both USB-C and Apple's Lightning connectors on a single device. The dual connectors can give security-conscious consumers and enterprise users strong hardware-backed authentication.
Faulty Driver Coding Exposes Microsoft Windows to Malware Risks
August 15, 2019
Numerous driver design flaws by 20 different hardware vendors expose Microsoft Windows users to widespread security compromises that can cause persistent malware attacks. A report titled "Screwed Drivers," which Eclypsium security researchers presented at DEF CON, urges Microsoft to support solutions to better protect against this class of vulnerabilities.
28M Records Exposed in Biometric Security Data Breach
August 15, 2019
Researchers associated with vpnMentor, which provides virtual private network reviews, discovered a data breach involving nearly 28 million records in a BioStar 2 biometric security database belonging to Suprema. "BioStar 2's database was left open, unprotected and unencrypted," vpnMentor said. "After we reached out to them, they were able to close the leak."
Microsoft Exposes Russian Cyberattacks on Phones, Printers, Video Decoders
August 7, 2019
The Russian hacking group known for stealing sensitive emails from the Democratic National Committee during the 2016 presidential election season has been cracking into printers, phones and video decoders to gain access to corporate networks, the Microsoft Security Response Center Team reported. The group is known by a number of names including "Strontium," "Fancy Bear" and "APT 28."
Capital One Discloses Massive Data Breach, Hacker Arrested
July 31, 2019
Capital One Financial Corporation has announced a data breach affecting some 100 million people in the U.S. and another 6 million in Canada. The FBI arrested the alleged perpetrator of the breach in Seattle. Capital One on July 19 discovered someone had accessed its data stored online and obtained personal information of credit card customers and people who had applied for credit card products.
Equifax Data Breach Settlement No Wrist Slap
July 23, 2019
The United States Federal Trade Commission announced that Equifax has agreed to pay a minimum of $575 million as part of a global settlement of claims against it arising from a 2017 data breach that affected 147 million Americans. The settlement with the FTC, the Consumer Financial Protection Bureau, and 50 states and territories potentially could reach $700 million.
Isn't It Time to Buy Cyber Insurance?
July 15, 2019
Every day we read stories about data breaches and cyberattacks on business and government websites, and the resulting the loss of personally identifiable information. Cybercrime is on the rise, and given the ever-evolving methods of attack, meaningful relief and reliable measures to fend off cybercriminals are unlikely in the foreseeable future. Companies need to insure against cybertheft.
Zoom Flaw Turns Mac Cam into Spy Cam
July 10, 2019
A security researcher has found a flaw in the popular video conferencing app Zoom that could be used to turn on the camera on a Macintosh computer without a user's permission. The vulnerability allows any website to forcibly join a user to a Zoom call, with their video camera activated, without a user's permission, explained Jonathan Leitschuh, a senior software engineer at Gradle.
The Router's Obstacle-Strewn Route to Home IoT Security
July 10, 2019
It is newly minted conventional wisdom that not a single information security conference goes by without a presentation about the abysmal state of IoT security. While this is a boon for researchers looking to make a name for themselves, this sorry state of affairs is definitely not beneficial for anyone who owns a connected device. IoT device owners aren't the only ones fed up, though.
The Threat of a Deepfake Fiasco
July 5, 2019
An AI technology called "deepfake" may be the next big threat we face as a society. Consider a recent video clip of Facebook CEO Marc Zuckerberg saying some outlandish things. You might think it is real -- but it's a deepfake. It's his image, and it sure sounds like him, but he never actually made that speech. "Can't be," you might think. "That has to be Zuckerberg talking." Wrong.
Can You Hear Me Now? Staying Connected During a Cybersecurity Incident
July 3, 2019
While good communication is pretty much universally beneficial, there are times when it's more so than others. One such time? During a cybersecurity incident. Incident responders know that communication is paramount. Even a few minutes might mean the difference between closing an issue vs. allowing a risky situation to persist longer than it needs to.
Chinese Hackers Linked to Global Attacks on Telcos
June 26, 2019
Chinese hackers likely are responsible for a series of cyberattacks against telecommunications companies around the world, security researchers have reported. The campaign, dubbed "Operation Soft Cell," has been active since 2012, according to Cybereason. There is some evidence suggesting even earlier activity against the telecommunications providers, all of whom were outside North America.
Stripe Offers SMBs Chargeback Fraud Relief
June 4, 2019
Payment processing company Stripe has launched Chargeback Protection, a machine learning-based system to limit the impact of fraudulent credit card transactions on merchants. A chargeback is a demand by a credit card provider for a retailer to make good on a fraudulent or disputed transaction by repaying the full purchase amount plus a chargeback fee.
The Importance of Strong Domain Security to Brand Value
June 3, 2019
Building and sustaining a brand has gotten more challenging. The global marketplace, empowered by the Internet, has delivered a raft of opportunities to businesses, but it also has opened the door for challenges. These challenges include increased competition as the result of a wider market, and increased possibilities for brand abuse. Added to that mix is the ever-present cyberthreat.
Cybercriminals Score Billions in Cryptocurrency Thefts
May 21, 2019
Is anyone surprised to learn that in just the first quarter of 2019 more than $1.2 billion worth of cryptocurrency was stolen? Probably not. This story follows the old line from bank robber Willie Sutton who is credited with saying that he robbed banks "because that's where the money is." So not much has changed. Cryptocurrencies are not exactly money, though, even if they do have a market value.
5 Effective Talent Retention Strategies for Security Teams
May 20, 2019
In IT, we've been hearing about the "cybersecurity skills shortage" for a few years. There is no shortage of statistics and data about it: More than 70 percent of participating organizations reported being impacted by the skills shortage, according to an ESG/ISSA research report. Likewise, more than half of the organizations surveyed for an ISACA report noted unfilled cybersecurity positions.
Zombieload, Fallout, and 2 Other CPU Flaws Have Intel on the Hop
May 16, 2019
The high-tech industry once again is in a tizzy over flaws discovered in Intel CPUs -- four new MDS vulnerabilities have come to light. MDS is a sub-class of previously disclosed vulnerabilities that sample data leaked from small structures within the CPU using a locally executed speculative execution side channel. The practical exploitation of MDS flaws is a very complex undertaking, however.
Software Bug Gives Spyware Free Rein With a Single WhatsApp Call
May 15, 2019
Many users of Facebook's WhatsApp messaging software are scrambling to patch the program in response to news of a flaw that allowed spyware to be installed on mobile phones running Android and iOS. "This new type of attack is deeply worrying and shows how even the most trusted mobile apps and platforms can be vulnerable," said Mike Campin, vice president of engineering at Wandera.
Spring Cleaning Your Network Security
May 7, 2019
Spring may be my favorite time of year. The snow is melting, the sun is shining, and the air smells just a little bit fresher. It's as though the world is setting an example for the rest of us, letting us know that it's time to start fresh. It's time for spring cleaning -- and in the security world, spring cleaning means more than just wiping down countertops and lighting a few scented candles.
Open Source Flaw Management Shows Signs of Improvement: Report
April 30, 2019
Almost two years after the infamous Equifax breach, many organizations still struggle to identify and manage open source risk across their application portfolios. Meanwhile, the latest report tracking open source security shows a 40 percent rise in the average number of open source components detected in each codebase analyzed. The scanned software includes commercial applications.
Is Nvidia Tesla's Kryptonite?
April 29, 2019
Tesla sure didn't have a good week last week, given the kind of press coverage it got. I'm not that worried about Tesla going away, though, as its products are far too popular for it to disappear. On the other hand, management clearly needs to be fixed. What got me started looking at Tesla last week was that it pretty much announced that Nvidia was its Kryptonite.
Phishers Bait Hooks for Netflix, Amex Users
March 22, 2019
Cybersecurity experts at Microsoft's Windows Defender Security Intelligence Team this week reported their discovery of two new email-based phishing campaigns. One targets Amex users while the other targets Netflix customers. Both campaigns reportedly are very well-crafted, featuring legitimate logos and even fill-in forms that closely mimic those on the respective company's own websites.
End of the Line for Windows 7: Open Road for Hackers
March 7, 2019
Microsoft has been urging customers to upgrade from its Windows 7 operating system, while attempting to ease the transition with several options for extended support. It will stop providing routine fixes and security patches effective January 2020. Regular support for Windows Server 2008 also will end at that time. Windows 7 enterprise customers can subscribe to Extended Security Updates.
Breaches: Fix the Issue, Not the Blame
March 5, 2019
Following a natural disaster that causes property damage to businesses and homes -- say a hurricane, fire or flood -- how often do you hear suggestions that the victims were at fault for their misfortune, or that they could have done something to prevent the event from occurring in the first place? Not often, right? We all know that events like that are possible. We plan around those possibilities, and we don't blame the victims.
B0r0nt0K Ransomware Threatens Linux Servers
February 27, 2019
A new cryptovirus called "B0r0nt0K" has been putting Linux and possibly Windows Web servers at risk of encrypting all of the infected domain's files. The new ransomware threat and the ransom of 20 bitcoins -- about $75,000 -- first came to light last week in a forum post. A client's website had all its files encrypted and renamed with the .rontok extension appended to them, the forum user indicated.
JPMorgan Chase Rolls Out Digital Token
February 15, 2019
JPMorgan Chase on Thursday announced that it has created and successfully tested a digital coin. Each JPM Coin represents $1 in funds held in designated accounts at JPMorgan Chase N.A. The token was created using Quorum, a variant of Ethereum developed by JPMorgan Chase, to enable instantaneous payment transfers between its clients' institutional accounts.
See More Articles in Enterprise Security Section >>
Get the ICMI Agent Experience Toolkit
How do you feel about your use of the Internet?
I spend a lot of time online and it's mostly high value.
I spend a lot of time online and much of it is wasted.
I'd like to experience more immersive online activities, like VR.
I'd like to spend more time in the real world.
I'd like to be always connected, perhaps with eyewear.
It's important to disconnect from the Web at regular intervals.
I go online as little as possible and I intend to keep it that way.
Amazon Advertising: Strategies to Drive Success
Salesforce is a Leader in the Gartner Magic Quadrant 2019 for Digital Commerce