Latest News

Apple’s Perplexing Procedure of Device Authorization and Association

Apple’s Perplexing Procedure of Device Authorization and Association

Music files on iTunes were protected with digital rights management (DRM) in the early years, but it’s now been eight years since this was removed. But other types of content sold on the iTunes Store still have DRM. For these types of media with DRM, there are restrictions as to how many devices you can use. The first is for computers that are authorized to sync and play content from the iTunes...

GitHub Open Sources OctoDNS, Latest Tool for Managing DNS Records

GitHub Open Sources OctoDNS, Latest Tool for Managing DNS Records

With the threat of DDoS attacks only expected to grow, experts urge organizations to build redundancy into their DNS services. GitHub, the online code-sharing and development platform, is introducing a new open source tool to make it easier to create that redundancy. OctoDNS is the system GitHub has been using for a few months now to manage its own DNS records, explained Ross McFarland, the lead...

  • More at ZDNet
  • |
  • |
The Affable, Ingenious, Candy-Loving Hackers of Stetson West

The Affable, Ingenious, Candy-Loving Hackers of Stetson West

Last spring, the Pentagon sponsored a “bug bounty,” inviting computer security enthusiasts to dig into Defense.gov, DoDLive, and a few of its other public-facing websites. David Dworken, a participant, found six vulnerabilities, ranging from cross-site scripting to insecure direct object reference. At the time of the Pentagon event, he was a computer whiz on his way to Northeastern University...

  • More at Wired
  • |
  • |
The Evident Inevitability of Zero-Day Attacks on Businesses is Ridiculous

The Evident Inevitability of Zero-Day Attacks on Businesses is Ridiculous

Although businesses are finally waking up to the realization that the big players in anti-virus technology can no longer protect us, many organizations seem to regard extortion via cyber attack as an inevitable cost of business. 0-day exploits are unrecognized attacks that come in a form not previously detected, and more often than not are hidden in email attachments until some member of staff...

New Home Depot Data Leak Reveals a Hole in Consumer Privacy Protection

New Home Depot Data Leak Reveals a Hole in Consumer Privacy Protection

Recently, Consumerist received an anonymous tip pointing to an internet address that hosted several digital images. The site also hosted 13 Excel spreadsheets of customer records. The internet address that hosted these spreadsheets was part of the HomeDepot.com domain; and all the files there were unencrypted, unprotected, discoverable by search engines, and completely accessible to the open...

A Hacker Group Took Over Some Medium Blogs

A Hacker Group Took Over Some Medium Blogs

On Thursday morning, the hacker group known as “OurMine” hijacked several Medium blogs—including a Fortune contributors network. The group hit Wired’s Backchannel site and probably a Bloomberg Tech blog, too. Medium’s team took the sites down soon after being notified, eventually regaining control and restoring their content. The hacker (or hackers) had taken over the Medium account of...

Lack of Communication Achilles' Heel for Fighters of Ransomware

Lack of Communication Achilles' Heel for Fighters of Ransomware

Collaboration is important when it comes to fighting ransomware, but the lack of communication around the issue remains a serious impediment, law enforcement says. “If we don’t know about it and no one keeps track of it, then no one cares,” Frank McLaughlin, a detective with the Boston Police Department’s cybersecurity division said during a SOURCE Boston panel Thursday morning....

Lawmakers Confront the Challenge of Cyber-Enabled ‘Fake News’

Lawmakers Confront the Challenge of Cyber-Enabled ‘Fake News’

Lawmakers on Thursday faced some hard-truths about the U.S. government’s work to counter cyber-enabled propaganda efforts by nations such as Russia. A group of senators heard testimony from experts and former officials about how the U.S. has failed to counter propaganda or "fake news." “Today, cyber and other disinformation-related tools have enabled Russia to achieve operational capabilities...

Julie Bishop: Australia Wants to Join World's Biggest 'Cyber-War' Drills

Julie Bishop: Australia Wants to Join World's Biggest 'Cyber-War' Drills

Australia is considering taking part in one of the world's biggest 'cyber-war' exercises – an annual NATO simulation which tests member countries' digital defences against a massive attack by a foreign power. Australia's Foreign minister Julie Bishop, who visited Operation Locked Shields in Estonia this week, said it had been an "eye-opening" experience. She said she would send Australia's new...

  • More at SMH
  • |
  • |
Why Businesses Have the Wrong Cybersecurity Mindset, and How They Can Mend It

Why Businesses Have the Wrong Cybersecurity Mindset, and How They Can Mend It

While businesses understand the importance of cybersecurity, they are relying on outdated strategies and misguided mindsets to protect themselves, according to a new report from CompTIA, released Tuesday. The report, titled " The Evolution of Security Skills," claims that many businesses remain too defensively-focused in the way they address cyberthreats. Instead, CompTIA calls on security pros...

CMU Heinz College and Software Engineering Institute Launch CRO Certificate

CMU Heinz College and Software Engineering Institute Launch CRO Certificate

"Due to increased risks to the business, whether market, regulatory, financial, and now cyber-risk, the need for a dedicated executive, or chief risk officer, to oversee this critical business function is more important than ever," said Summer Fowler, technical director, risk and resilience, SEI CERT Division. Major topics covered in the CRO Certificate program are strategic risk management, the...

Four Industries Under Attack by Cybercriminals That May Shock You

Four Industries Under Attack by Cybercriminals That May Shock You

Here are four less heralded industries under attack by cyberthieves: 1) Manufacturing: These businesses have long been considered behind the curve in terms of security readiness. Manufacturing entities also hold ample intellectual property and trade secrets. They are increasingly reliant on network-connected devices and industrial control systems that may not have adequate built-in protection. 2)...

Cyber-Vulnerabilities in Cardiac Devices: A Heart-To-Heart From the Hackers

Cyber-Vulnerabilities in Cardiac Devices: A Heart-To-Heart From the Hackers

On April 12, 2017, the U.S. Food and Drug Administration (“FDA”) transmitted a warning letter directly to Abbott, the international manufacturer of medical devices, pharmaceuticals, and diagnostic products. The FDA contended in its letter that Abbott’s manufacturing, marketing, and sale of implantable defibrillators and cardiac resynchronization devices, as well as of a monitor that...

OSX Malware Is Catching Up, and It Wishes to Read Your HTTPS Traffic

OSX Malware Is Catching Up, and It Wishes to Read Your HTTPS Traffic

This new malware – dubbed OSX/Dok — affects all versions of OSX, has 0 detections on VirusTotal, is signed with a valid developer certificate (authenticated by Apple), and is the first major scale malware to target OSX users via a coordinated email phishing campaign. Once OSX/Dok infection is complete, the attackers gain complete access to all victim communication, including communication...

Iranian Hackers Believed Behind Large Attacks on Israeli Targets

Iranian Hackers Believed Behind Large Attacks on Israeli Targets

The Israeli Cyber Defense Authority recently announced that it believes Iran was behind the a series of targeted attacks against some 250 individuals between April 19 and 24. The attackers – whom security experts say are members of the so-called OilRig aka Helix Kitten aka NewsBeef nation-state hacking group in Iran -- used stolen email accounts from Ben-Gurion to send their payload to victims....

Sensitive Data Often Accompanies Former Employees Out the Door

Sensitive Data Often Accompanies Former Employees Out the Door

In a survey from Osterman Research, 69 percent of organizations polled say that they have suffered significant data or knowledge loss resulting from employees who took information resources with them when they left the business. The motivations for taking the data are all over the map. Sometimes it's employees who are leaving for a competitor and want some competitive edge with contacts or IP....

  • More at CIO
  • |
  • |