The California State Legislature recently passed a bill called “Information Privacy: Connected Devices” that creates regulations for IoT devices sold in the United States. SB-327, which applies to all devices that connect to the Internet and include an Internet Protocol or Bluetooth address, would require that security audits be conducted on components purchased overseas. The bill is the first of its kind in the U.S. and has been forwarded to Governor Jerry Brown for his signature. While some have criticized the bill for not being specific or thorough enough, it could place pressure on manufacturers to offer better device-level protection against cyberattacks. Continue reading California Passes Security Bill to Regulate Connected Devices

The Wi-Fi Alliance just unveiled WPA3, five months after it was first announced. The nonprofit organization that certifies Wi-Fi networking standards introduced a certification for two versions of WPA3, the successor standard to WPA2: WPA3-Personal and WPA3-Enterprise as well as Wi-Fi Easy Connect, a program that makes it easier to pair Wi-Fi devices without displays. Wi-Fi Alliance vice president of marketing Kevin Robinson dubs WPA3 as “the next generation of security for personal and enterprise networks.” Continue reading Wi-Fi Alliance Finalizes the WPA3 Wireless Security Protocol

Cyber criminals recently hacked the municipal computers of Rockport, Maine, demanding $1,200 in Bitcoin to unlock them. That’s just one example of a surge of ransomware aimed at municipal computer systems, both large and small, including the city of Atlanta and a St. Louis library system. According to Ponemon Institute, an information systems research firm, these kinds of public sector hacks are increasing faster than those on private ones. City officials are often unprepared to deal with the consequences. Continue reading Municipalities Increasingly Targeted for Ransomware Attacks

Since Apple’s publicized showdown with the FBI following the San Bernardino shooting in 2015, after the company refused to unlock a suspected killer’s iPhone, law enforcement agencies have been turning to third parties in order to access information from iPhones. Now Apple has indicated an upcoming software update, designed to enhance security, will block access to an iPhone’s Lightning port one hour after it is locked. Some authorities believe the update also impacts their ability to access phone data in criminal investigations, which could reignite the privacy debate that followed San Bernardino. Continue reading Apple Closing Loophole That Lets Authorities Hack iPhones

Cisco Systems and U.S. and Ukrainian authorities have warned that a network of half a million routers and storage devices has been hacked and is capable of a massive cyberattack. Security researchers said that the attack could take place during soccer’s UEFA Champions League’s final match on Saturday in Kiev. The devices, in 54 countries, are infected with VPNFilter malware that can shut them down, said Cisco security researcher Craig Williams. The U.S. government is working to reclaim control of the infected servers. Continue reading Cisco Warns of Huge Hacked Network Primed for Cyberattacks

The Internet of Things is more vulnerable than previously proven. Up until now the most common attack via IoT device has been to enlist thousands of them into botnets. Another method of attack is to find entry via a weak IoT device to conduct a ransomware attack. Now, IoT security firm Senrio has demonstrated that attackers can jump from one IoT device to another, without moving through PCs and servers, making their path even harder to discover. In other words, one vulnerable IoT device can create network disruption. Continue reading Unregulated IoT Devices Now Entry Point for Elaborate Hacks

Last week, Facebook executives detailed their plan to protect future elections from meddling on the social media platform, elaborating on Facebook’s “use of human moderators, third-party fact checkers, and automation to catch fake accounts, foreign interference, fake news, and to increase transparency in political ads,” reports Wired. This comes in response to what happened nearly three years ago, when “a Russian propaganda group infiltrated Facebook and other tech platforms in hopes of seeding chaos in the 2016 U.S. election.”

Continue reading Facebook Rolls Out Plan in Effort to Increase Platform Security

Popular travel booking site Orbitz, owned by Expedia, confirmed yesterday that it “identified and remediated a data security incident affecting a legacy travel booking platform.” The company explained that a hack late last year exposed customer data and billing information spanning two years. Personal data may have included birth dates, mailing addresses, email addresses, gender, payment card info, and more. According to Orbitz, about 880,000 credit cards may have been affected. However, the company noted that the current Orbitz.com site was not breached. Continue reading Hacker Accessed Customer Data From Orbitz Legacy System

Today’s consumers are “overconfident in their security prowess,” which has resulted in a record year for cyberattacks, according to the “2017 Norton Cyber Security Insights Report.” The Symantec report found that 978 million people across 20 countries were impacted last year by cybercrime, and 44 percent of consumers were affected in the last 12 months. “As a result,” notes the report, “consumers who were victims of cybercrime globally lost $172 billion — an average of $142 per victim — and nearly 24 hours globally (or almost three full work days) dealing with the aftermath.” Continue reading Symantec Publishes Global Security Findings in Latest Report

Those who doubted virtual currency have had their worst fears confirmed: cryptocurrency’s value has plummeted 50 percent from its peak in early January, pushing Bitcoin, for example, below $7,000. Among the problems bedeviling virtual currencies are hackers, scams and Ponzi schemes. Now, the Securities and Exchange Commission and the Commodity Futures Trading Commission are scheduled to testify to the Senate banking committee about how they have been trying to corral cryptocurrency markets. Continue reading Cryptocurrencies Are Experiencing a Significant Drop in Value

There were twice as many people as chairs throughout the nearly four-hour “Future of Blockchain” CES conference program this week. The enthusiasm of the program’s attendees mirrored that of exhibitors as well as the general anticipation surrounding blockchain and its applications at the show. The new offerings discussed at CES 2018 ranged from Kodak’s resurgence as a rights management platform to fast food chains asking users to mine tokens by eating chicken wings. A number of entertainment-specific blockchain technologies showed promise beyond an alternative means of purchasing content. Continue reading Blockchain at CES: Evaluating the Tech’s Hype and Potential

Intel confirmed a report indicating that its microprocessor chips contain two major security flaws, which makes the vast majority of world computers vulnerable to hacking. Intel is working with Advanced Micro Devices (AMD), ARM Holdings and other chipmakers and operating system providers to develop a comprehensive, industry-wide approach to combating the potential problems. The two major security flaws, dubbed Meltdown and Spectre, could let hackers access the entire memory contents of computers. Continue reading Flaws in Intel Chips Could Present Security Risk for Computers

IoT security researchers at Microsoft Research are focused on the near future when microcontrollers, which are small, low-power computers on a single chip, gain connectivity. Microcontrollers are already installed in billions of gadgets, so their eventual connectivity will explode the number of Internet of Things devices, all of which will require greater security. Microsoft Research’s Project Sopris aims to provide cost-effective security for microcontrollers, which currently don’t have enough compute power to offer security. Continue reading Microsoft Is Developing Cost-Effective Security for IoT Devices

Cars are still the obvious centerpiece of the LA Auto Show (December 1-10), but, increasingly, the hackers are starting to outnumber the gearheads. At AutoMobility LA, a four-day preview event for industry insiders and press preceding the consumer-focused show, cybersecurity and artificial intelligence were talked about with the same frequency as horsepower and mpg. Show organizers stressed the importance of bringing together “the entire new mobility ecosystem” and showcased a number of startups with vehicle debuts mixed in. Additionally, the event featured the first ever hackathon at an auto show. Continue reading New Technology Is a Clear Focal Point of 2017 LA Auto Show

Uber Technologies acknowledged that one year ago it paid hackers $100,000 to hide a data breach that impacted 47 million accounts. The company fired then-chief security officer Joe Sullivan and deputy Craig Clark for both the breach itself and concealing it. The hackers got the names, emails and phone numbers of millions of riders as well as 600,000 drivers’ license numbers, although apparently Social Security numbers and credit card numbers were not accessed. Uber says it will inform those impacted by the breach in “coming days.” Continue reading New Uber CEO Faces the Impact of Undisclosed Data Breach