Tech Firms Raid Security Flaws with ‘Bug Bounty’ Programs

In the security world, “bug bounty” programs are becoming more common, from Facebook to the Department of Defense. Hackers who can reveal the hidden vulnerabilities of a device, system or corporation can reap significant financial rewards. Apple launched its program in 2016 and offers payouts of up to $1 million for the most elusive flaws. The tech giant reportedly spent $3.7 million on such exercises in the 12-month period ending in July 2021, during which time Google shelled out $6.7 million and Microsoft spent $13.6 million. Such programs have become a valuable tool in security maintenance, putting hackers’ inquisitive natures to productive use.  Continue reading Tech Firms Raid Security Flaws with ‘Bug Bounty’ Programs

U.S. Cybersecurity Agency Enlists Amazon, Google, Microsoft

The U.S. Cybersecurity and Infrastructure Security Agency (CISA), part of the Department of Homeland Security, debuted the Joint Cyber Defense Collaborative (JCDC), which will leverage the expertise of Big Tech companies including Amazon, Google and Microsoft. According to CISA director Jen Easterly, the initiative’s aim is first to combat ransomware and cyberattacks on cloud-computing providers and ultimately to improve defense planning and information sharing between the government and private sectors. Continue reading U.S. Cybersecurity Agency Enlists Amazon, Google, Microsoft

New York Is First City to Open a Cyberattack Defense Center

New York City just opened its Cyber Critical Services and Infrastructure (CCSI) Project, a real-time operational center to protect the metropolitan area against cyberattacks. Located in lower Manhattan, the center shares intelligence with 282 partners, including the New York Police Department (NYPD), Amazon, International Business Machines (IBM), the Federal Reserve Bank and several New York healthcare systems. The anti-cybercriminal effort started two years ago but has been entirely virtual until now. Continue reading New York Is First City to Open a Cyberattack Defense Center

FBI Director Raises Alarm Over Ransomware Threats to U.S.

The FBI is investigating 100 ransomware variants, stated director Christopher Wray, who revealed that many of them trace back to Russian hackers. He noted that the cyberattacks share “a lot of parallels … a lot of importance, and a lot of focus by us on disruption and prevention” with the September 11 terrorist attacks. Most recently, a ransomware attack on Colonial Pipeline cost its operators $4.4 million to regain control and restore services (however, federal authorities recovered $2.3 million in cryptocurrency yesterday). Another attack targeted JBS, the world’s largest meat processing company.  Continue reading FBI Director Raises Alarm Over Ransomware Threats to U.S.

U.S. Takes Steps Against Russian and Chinese Cyberattacks

Blaming Russia for attacks that interfered in the 2020 U.S. presidential election, President Biden imposed new sanctions on 32 entities and individuals in that country. Although sanctions will make it more difficult to partake in the global economy, the White House did not immediately limit Russia’s ability to borrow money on the global market. Biden noted he “chose to be proportionate” and “is not looking to kick off a cycle of escalation and conflict with Russia.” The FBI has also recently taken strong steps to stop Chinese hacking. Continue reading U.S. Takes Steps Against Russian and Chinese Cyberattacks

C-Suite Trends: Spending on Defensive AI, IT to Rise in 2021

MIT Technology Review Insights and cybersecurity firm Darktrace published a survey of 300+ worldwide C-level executives, directors and managers that reveals 96 percent are adopting “defensive AI” against AI-driven attacks. Of this cohort, 55 percent said traditional security solutions aren’t able to anticipate such AI-driven attacks. Defensive AI is comprised of self-learning algorithms that recognize normal user, device and system patterns and can spot anomalies. Gartner reported that global spending on IT will reach $4.1 trillion this year. Continue reading C-Suite Trends: Spending on Defensive AI, IT to Rise in 2021

Akamai Reports a Rise in Game Hacking During the Pandemic

Cyberattacks against gamers have increased during the coronavirus pandemic, according a report from cloud services company Akamai, which detailed that hackers attempted almost 10 billion credential-stuffing attacks to take over accounts. Akamai security researcher Steve Ragan, who wrote the report, noted that, “as games move online and leverage cloud infrastructure and cross-platform and cross-generation play, that’s an attack surface.” “The bigger the attack surface, the more room [hackers] have to play,” he added. Continue reading Akamai Reports a Rise in Game Hacking During the Pandemic

Commission Finds U.S. Is Unprepared for Major Cyberattacks

The Cyberspace Solarium Commission released a report based on a months-long study that showed the U.S. government’s lack of ability to block cyber threats. The Commission lists 75 recommendations for major structural changes, including the creation of Congressional committees dedicated to cybersecurity and a White House-based national cybersecurity director to be confirmed by the Senate. The report is blunt in its assessment that the U.S. government’s current approach to cyberattacks is “fundamentally flawed.” Continue reading Commission Finds U.S. Is Unprepared for Major Cyberattacks

5G Offers Wireless Carriers More Security, Privacy Options

One of the benefits of 5G, expected to be 100 times faster than 4G networks, is the improved protection of sensitive data. Much of the conversation about 5G networks has focused on the security issues related to Chinese vendors of gear used in 5G networks. But Verizon chief information officer Chandra McMahon noted that “security is designed into 5G and there will be additional [security] technical features.” Another advantage is that 5G providers will rely on the cloud, providing more capacity and flexibility. Continue reading 5G Offers Wireless Carriers More Security, Privacy Options

Russia Boosts Efforts to Foil Extradition of Hackers to U.S.

Russian hackers have been responsible for serious cybercrimes in the last few years, including Sandworm, a group of hackers who attacked the 2018 Olympics, among other targets. Now, Russia is seeking to replace the 2001 Budapest Convention on Cybercrime with a new agreement that will align with its interests. The country is playing hardball in its attempt to prevent its citizens arrested abroad to be extradited to the U.S. for trial, including holding an Israeli citizen for trade with a Russian hacker held in that country. Continue reading Russia Boosts Efforts to Foil Extradition of Hackers to U.S.

Drones in Delivery Tests, U.S. Agency Bars Chinese UAVs

Amazon, Alphabet’s Wing and Uber Technologies are conducting government-approved trials of drones to deliver packages. Wing is in Christiansburg, Virginia and Uber will begin tests in San Diego before the end of 2019. United Parcel Service also gained FAA approval to create a fleet of drones to deliver health supplies and, ultimately, consumer packages. The FAA predicts that drones for commercial purposes will reach 2.7 million by 2020. Meanwhile, the Department of the Interior is grounding more than 800 drones that were manufactured in China, citing national security concerns. Continue reading Drones in Delivery Tests, U.S. Agency Bars Chinese UAVs

Google’s Cloud Platform Updates Focus on Security Issues

During its Cloud Next 2019 developer conference, Google revealed its Advanced Protection Program would be widely released and Titan Security Keys will be more readily available in retail. The former, which is intended to prevent cyberattacks against high profile targets such as politicians and business leaders, will debut in beta for G Suite, Google Cloud Platform (GCP), and Cloud Identity customers. The Advanced Protection Program “enforces the use” of the Titan Security Key or compatible third-party hardware, blocking access to third-party accounts not approved by admin. Continue reading Google’s Cloud Platform Updates Focus on Security Issues

Researchers Identify Bugs in Microsoft Excel, Apple macOS

Threat intelligence firm Mimecast revealed that hackers are exploiting a Microsoft Excel feature called Power Query to facilitate Office 365 attacks. This feature lets legitimate users combine data from various sources by linking to those components in a spreadsheet. Hackers replace a link with another that leads to a site infected with malware. The hacked Excel spreadsheets then allow attackers to install backdoors, using the software program’s own tools. Meanwhile, Apple has yet to fix a macOS bug first identified by a cybersecurity researcher in February. Continue reading Researchers Identify Bugs in Microsoft Excel, Apple macOS

Report: Suspected Chinese Hackers Target Global Telecoms

Hackers likely associated with the Chinese government broke into at least 10 global telecom carriers, stealing call logs, users’ locations and text-messaging records, according to a report from Boston-based Cybereason. The cybersecurity firm spent 2018 scrutinizing a multi-year, ongoing campaign, suspected to be directed by China and aimed at 20 military officials, spies, law enforcement and dissidents in Africa, Asia, Europe and the Middle East. Cybereason believes the recent hacks point to Chinese group APT10. Continue reading Report: Suspected Chinese Hackers Target Global Telecoms

WhatsApp Calls Used to Inject Spyware on Mobile Phones

Hackers have reportedly been injecting Israeli spyware onto smartphones via the popular Facebook-owned messaging service WhatsApp. The surveillance software, named Pegasus, was developed by Israeli firm NSO Group and can access an iPhone with a single missed voice call on WhatsApp. NSO claims that it carefully vets its customers; the company’s software is intended for government agencies to combat crime and terrorism. While it is currently unknown how many users may have been affected at this point (the problem was first discovered in early May), WhatsApp says it has created a patch to address the vulnerability. Continue reading WhatsApp Calls Used to Inject Spyware on Mobile Phones

Page 1 of 41234