Government Pursues ‘Zero Trust’ Approach to Cybersecurity

The “zero trust” policy envisioned by President Biden in May when he signed an executive order to improve cybersecurity has begun taking shape with the release last week of a draft blueprint by the White House Office of Management and Budget (OMB). While Biden’s order covers the public and private sectors “and ultimately the American people’s security and privacy,” zero trust focuses on identifying and implementing best practices for the federal government’s digital platforms and processes. Deployment will take years of investment and effort. To help jump-start the initiative, some primers have hit the news feeds. Continue reading Government Pursues ‘Zero Trust’ Approach to Cybersecurity

SEC Probe of SolarWinds Attack Concerns Corporate Execs

A Securities and Exchange Commission investigation into the 2020 Russian cyberattack of SolarWinds has corporate executives concerned over the possibility that information unearthed in the probe will expose them to liability. Companies suspected of or known to have been downloading compromised software updates from SolarWinds have received letters requesting records of all breaches since October 2019, raising fears that sensitive cyber incidents previously unreported and unrelated to SolarWinds may be revealed, providing the SEC with details that many companies may never have wanted to disclose. Continue reading SEC Probe of SolarWinds Attack Concerns Corporate Execs

Tech Firms Raid Security Flaws with ‘Bug Bounty’ Programs

In the security world, “bug bounty” programs are becoming more common, from Facebook to the Department of Defense. Hackers who can reveal the hidden vulnerabilities of a device, system or corporation can reap significant financial rewards. Apple launched its program in 2016 and offers payouts of up to $1 million for the most elusive flaws. The tech giant reportedly spent $3.7 million on such exercises in the 12-month period ending in July 2021, during which time Google shelled out $6.7 million and Microsoft spent $13.6 million. Such programs have become a valuable tool in security maintenance, putting hackers’ inquisitive natures to productive use.  Continue reading Tech Firms Raid Security Flaws with ‘Bug Bounty’ Programs

Media Consortium Reveals Extent of Pegasus Spyware Reach

A consortium of media outlets dubbed the Pegasus Project found that Israeli surveillance firm NSO Group licensed its military-grade spyware Pegasus to governments that used it to hack 37 smartphones of business executives, human rights activists and journalists. Two women close to murdered Saudi journalist Jamal Khasghoggi were also reportedly targeted. Amnesty International and journalism non-profit Forbidden Stories shared a list of 50,000 phone numbers that dates to 2016 and included the 37 targets. New evidence also suggests that thousands of iPhones worldwide may have been compromised.  Continue reading Media Consortium Reveals Extent of Pegasus Spyware Reach

Prominent Twitter Accounts Hacked for Cryptocurrency Fraud

On Wednesday, scammers launched one of the most audacious attacks in recent memory, posting messages from the Twitter accounts of Joe Biden, Barack Obama, Kanye West, Bill Gates and Elon Musk that if people sent Bitcoin, the famous person would send back double the money. The first attack targeted high-profile cryptocurrency leaders and companies, but soon broadened to include a list of prominent U.S. politicians and entertainment and tech executives. It appears that an internal Twitter account was involved in the attacks, but it has yet to be determined whether an employee was willfully complicit. Continue reading Prominent Twitter Accounts Hacked for Cryptocurrency Fraud

ThiefQuest Is New Ransomware and Spyware Aimed at Macs

K7 Labs malware researcher Dinesh Devadoss discovered a new form of malware aimed at Mac computers. ThiefQuest (originally dubbed EvilQuest, until researchers discovered that’s the name of a Steam game) isn’t simply ransomware but also contains spyware that allows it to exfiltrate an infected computer’s files, search it for passwords and cryptocurrency wallet data, and nab passwords and credit card numbers. Even after a computer reboots, the spyware lingers as a backdoor that could be used for a second-stage attack. Continue reading ThiefQuest Is New Ransomware and Spyware Aimed at Macs

Supreme Court Will Review Computer Fraud and Abuse Act

Many cybersecurity experts believe the current anti-hacking law, the 1986 Computer Fraud and Abuse Act (CFAA), is woefully out of date and applied too broadly by prosecutors and law enforcement. The Supreme Court is now taking another look at the law with a case in which a former Georgia police officer, Nathan Van Buren, was convicted in 2017 after allegedly selling information from a police database to an acquaintance for $6,000. Stanford University law professor Jeffrey L. Fisher is the lead attorney in the case. Continue reading Supreme Court Will Review Computer Fraud and Abuse Act

Exposed Database of Facebook User Data Is Found Online

More than 419 million records of Facebook users in the United States, United Kingdom and Vietnam — including Facebook IDs and user phone numbers — were recently found online (although Facebook disputes that number). The exposed server was reportedly not password-protected, which suggests the database was accessible to anyone. The server contained user data across multiple databases that could potentially enable spam calls and SIM-swapping attacks. According to Facebook, the breach involved user data collected prior to the introduction of new security measures. The company has since taken the exposed data set offline.  Continue reading Exposed Database of Facebook User Data Is Found Online

Apple’s 2020 iPhones to Introduce 5G and Design Updates

Industry insider Ming-Chi Kuo reported that Apple plans to introduce some significant changes in its 2020 iPhones, including 5G connectivity and design upgrades. But owners of iPhones and other iOS devices are likely concerned about the recent news that every one of the world’s current 1.4 billion iPhones and iPads can be hacked. Israel-based Cellebrite demonstrated that it can perform a “full file extraction” on any iOS device, as well as on high-end Android devices. Further, law enforcement can pay for that ability without having to send devices to Cellebrite. Continue reading Apple’s 2020 iPhones to Introduce 5G and Design Updates

Chinese, Iranian, Russian Hackers Honing Their Attack Skills

The National Security Agency and security firm FireEye recently detected extensive attacks by Iran on U.S. banks, businesses and government agencies, prompting the Department of Homeland Security to declare an emergency during the government shutdown. The attacks from Iran took place at the same time that China renewed its efforts to steal trade and military secrets, from Boeing, General Electric Aviation and T-Mobile. Meanwhile, Microsoft detected a Russian government operation targeting think tanks critical of Russia. Continue reading Chinese, Iranian, Russian Hackers Honing Their Attack Skills

HPA Tech Retreat: CDSA Promotes Trusted Partner Network

The Content Delivery & Security Association (CDSA), in collaboration with the Motion Picture Association of America (MPAA), are responding to next-gen threats with the Trusted Partner Network (TPN), “a voluntary process by which vendors can assess the security preparedness of their facilities, staffs and workflows against industry best practices.” CDSA executive director Guy Finley, who is also MESA president, and CDSA chairman of the board Ben Stanbury, Amazon’s chief security officer, described TPN at the HPA Tech Retreat. Continue reading HPA Tech Retreat: CDSA Promotes Trusted Partner Network

Have You Been Hacked? Very Likely In Light of Mega-Breach

Security researcher Troy Hunt, who offers a way to search if your email addresses or passwords have been breached, maintains Collection #1, the largest breach ever, which holds 772,904,991 unique emails and 21 million unique passwords, all of which have been recently posted to a hacking forum. Those numbers represent a “cleaned-up” version of the raw data, which comprise 2.7 billion rows of email addresses and passwords, including over one billion unique combinations of hacked emails and passwords. Continue reading Have You Been Hacked? Very Likely In Light of Mega-Breach

Congress Passes Bill Intended to Boost Quantum Computing

Congress passed a bill that aims to speed up the development of quantum computing in the United States. The technology is anticipated to revolutionize cybersecurity among other areas. The House approved the bill in a 348-11 vote. President Trump is expected to sign it into law, since quantum computing has been a priority of his administration. China has been focused on the technology and plans to open a laboratory in 2020. With the new bill, U.S. legislators hope to push efforts to keep up with or surpass rivals. Continue reading Congress Passes Bill Intended to Boost Quantum Computing

ARM to Enhance IoT Management With Purchase of Stream

ARM announced that it has acquired Stream Technologies in a deal that will bring Stream’s connectivity management capabilities to ARM’s Mbed IoT Device Management Platform. The integration of Stream tech is expected to provide customers with greater efficiencies and cost savings while managing connected devices regardless of location or network (Stream supports connectivity across wireless protocols including cellular, satellite and LoRa). ARM also recently announced a new processor designed to prevent attacks and tampering with IoT devices. Continue reading ARM to Enhance IoT Management With Purchase of Stream

Google Upgrades Gmail With New Look and Security Features

Google just introduced upgrades to its Gmail service, which includes a new look to the web app and a variety of new features. G Suite, its business-centric paid productivity service that includes Gmail, is the main focus of the upgrades, but many features will also be included in the free Gmail service. Gmail product manager Jacob Bank said the overhaul is intended to make “Gmail the most secure, the smartest, and the easiest to use email client” with “a ground-up rewrite” of the flagship Gmail product. Continue reading Google Upgrades Gmail With New Look and Security Features

Page 1 of 512345