Items tagged with cybersecurity

It feels like we hear about a new cybersecurity attack nearly everyday. Hackers use phishing, keylogging, and targeted attacks to gain access to sensitive information. Is there anything we can do to prevent what appears to be the inevitable? According to a recent study by Google, basic account hygiene can greatly reduce hijacking. Google conducted a year-long study alongside researchers from New York University and the University of California, San Diego. They studied wide-scale attacks and presented their findings at the Web Conference in San Francisco. The purpose of the study was to determine whether basic security measures could truly decrease the success rate of hackers. The study determined... Read more...
The United States and People’s Republic of China have been engaged in a trade war for the last few years. The US is reportedly about to take this battle to the next level. President Trump will likely sign an executive order this week that would prohibit telecommunications companies from using equipment from companies such as Huawei. Three anonymous officials insisted that an upcoming executive order would ban telecommunications providers from using products from other companies that have been deemed a threat to national security. It is no secret that the United States believes that Chinese telecommunications company Huawei is a threat. The Central Intelligence Agency (CIA) recently confirmed... Read more...
There are few things more annoying in the modern world than having to change your password every few months. Experts have long argued that password reset rules do little to actually promote security. Microsoft is the latest company to propose dropping password expiration policies. Aaron Margosis the Principal Consultant with Microsoft Public Sector Services, recently remarked that, “periodic password expiration is an ancient and obsolete mitigation of very low value.” Margosis first noted that the amount of time between password changes is ridiculously long. If a password has been stolen, then the account password needs to be changed immediately. A 60-90 day interval will not prevent... Read more...
Typically when we talk about malware, we are talking about malicious code that is hidden inside software to try and take advantage of end users. An example is a malware that was hiding aboard a fake Adobe Flash update that was designed to install cryptocurrency mining software or other nefarious payloads. Earlier this month, another malware making the rounds was able to steal PayPal account balances despite users having two-factor authentication enabled. Today, a new malware has been identified and this one isn't attacking end users, it's attacking major newspapers around the U.S., underscoring new areas of concern with respect to IT security. The Los Angles Times has confirmed a malware attack... Read more...
Two-factor authentication (2FA) is usually touted as an effective layer of security for online account. Many people have recently learned the hard way that this method may not be as helpful as it seems. Hackers have targeted nearly 1,000 Google and Yahoo accounts by bypassing two-factor authentication. Amnesty International, a non-profit group, recently published a report that documented the phishing attacks. The attacks have specifically targeted journalists and activists in the Middle East and North Africa in 2017 and 2018. Amnesty International believes that the hackers are based in Persian Gulf countries. How does the attack work? First, the attackers sent out convincing “security alerts”... Read more...
The United States is currently trying to persuade its allies to ban all Huawei devices. Government officials are concerned that Huawei and other Chinese telecommunication companies are a cybersecurity threat. The United States fears that the devices could be used to spy on users and could be easily controlled by the Chinese intelligence agencies. This past August, President Trump attempted to prohibit government use of devices from Huawei and fellow Chinese telecommunications company ZTE. Australia quickly followed in the United States’ footsteps and banned both companies from supplying 5G technology. The United States is now particularly concerned that these devices could be used against... Read more...
There have been many concerns over the last few years that foreign entities have been interfering in elections. Microsoft is launching its AccountGuard initiative to protect elections and political campaigns from cyberattacks. AccountGuard is a free program for candidates, campaign offices, and other political institutions that already use Office 365, and it covers both personal and organizational accounts. Microsoft will notify the person or organizations if their accounts are threatened, will offer security advice and training, and will allow their customers to adopt previews of new programs. Microsoft believes that AccountGuard is particularly relevant in light of their recent entanglement... Read more...
Equifax may be now getting its public lashings for a cybersecurity breach that resulted in personal information of 143 million Americans being exposed to hackers, but it appears that the Securities and Exchange Commission (SEC) has a few skeletons in its closet as well. The regulatory agencies announced late last night that its EDGAR database was hacked last year. At the time, the SEC did not make any public disclosures regarding the hack, which took advantage of a vulnerability in the EDGAR test filing system. However, once it discovered the intrusion, it quickly patched it and went about its normal activities. However, in August 2017, the SEC noticed that the prior EDGAR infiltration might... Read more...
This could be the mother of all cyberattacks; Equifax just announced that it experienced a "cybersecurity incident" that occurred between mid-May of this year through late July. During that time, malicious parties were able to gain access to some of its online databases courtesy of a website vulnerability. As a result, over 143 million -- yes, MILLION -- U.S. consumers are affected by the data breach. We're not just talking about names and birth dates (yes, those were included), but also Social Security numbers. In some cases, even driver license numbers were obtained by the hackers. And that's not all; dispute documents with "personal identifying information" of 182,000 customers was accessed... Read more...
  The United Kingdom is basking in the glory of its latest warship: the HMS Queen Elizabeth. The 65,000-ton aircraft carrier cost nearly $4 billion to construct and began its first sea trials on Monday. But the carrier’s big budget price tag isn’t the only thing that is raising eyebrows; it is the British Royal Navy’s decision to allow critical systems on the ship to be powered by Microsoft’s ancient Windows XP operating system. Windows XP was first released to the public in 2001, and commercial support for the operating system ended in 2014. However, many businesses and militaries around the globe still use Windows XP to this day even though newer operating systems like Windows 7, Windows... Read more...
In what is being billed as one of the largest data leaks recorded in the United States, an analytics firm contracted by the Republican National Committee (RNC) was found to have exposed the personal details and political biases of nearly 200 million Americans. According to Chris Vickery, a risk analyst for cybersecurity firm UpGuard, the information was left exposed on the internet due to a “misconfigured database” using Amazon Web Services for server storage. The firm responsible for this serious lapse in security was Deep Root Analytics. Over 1.1 terabytes of data was made publicly available via the internet for twelve whole days (it wasn’t password protected). During that time, anyone could... Read more...
Do we need a “digital” Geneva Convention? Microsoft certainly thinks so. The corporation’s Chief Legal Officer Brad Smith recently argued that a digital Geneva Convention would potentially be able to protect civilians from state-sponsored cyber-warfare. First, what is the Geneva Convention? The Geneva Convention is comprised of four treaties and three protocols that outline the international law for humanitarian treatment in war. One of the main purposes of the Geneva Convention is to protect civilians, soldiers incapable of fighting, and prisoners of war.Smith noted that 74 percent of businesses expect to be hacked this year, and the estimated loss from cybercrime will be $3 trillion USD by... Read more...
What do you collect? Rare stamps? Falcons fans’ tears? How about classified national defense documents? Former National Security Agency (NSA) contractor Harold Thomas Martin III was recently indicted by a federal grand jury on the charge that he purposely collected classified information regarding national defense. He faces twenty criminal accounts, each punishable by up to 10 years in prison. Rod J. Rosenstein, the United States attorney for Maryland, remarked, “The indictment alleges that for as long as two decades, Harold Martin flagrantly abused the trust placed in him by the government by stealing documents containing highly classified information.”Martin spent over twenty years hoarding... Read more...
The White House recently appointed Gregory Touhill, a retired U.S. Air Force brigadier general, as the government’s first federal cyber security chief. The position was announced eight months ago as an attempt prevent and defend against hackers. The position is part of a $19 billion “cyber security national action plan”. Touhill will be responsible for creating and implementing new cyber security plans as well as conducting audits. He will report to Tony Scott, the federal chief information officer and former executive at business software company VMware. Touhill could potentially be replaced when the next president is sworn it, because the position is a political one. President Obama at a cybersecurity... Read more...
1 2 3 Next