Government Pursues ‘Zero Trust’ Approach to Cybersecurity

The “zero trust” policy envisioned by President Biden in May when he signed an executive order to improve cybersecurity has begun taking shape with the release last week of a draft blueprint by the White House Office of Management and Budget (OMB). While Biden’s order covers the public and private sectors “and ultimately the American people’s security and privacy,” zero trust focuses on identifying and implementing best practices for the federal government’s digital platforms and processes. Deployment will take years of investment and effort. To help jump-start the initiative, some primers have hit the news feeds. Continue reading Government Pursues ‘Zero Trust’ Approach to Cybersecurity

SEC Probe of SolarWinds Attack Concerns Corporate Execs

A Securities and Exchange Commission investigation into the 2020 Russian cyberattack of SolarWinds has corporate executives concerned over the possibility that information unearthed in the probe will expose them to liability. Companies suspected of or known to have been downloading compromised software updates from SolarWinds have received letters requesting records of all breaches since October 2019, raising fears that sensitive cyber incidents previously unreported and unrelated to SolarWinds may be revealed, providing the SEC with details that many companies may never have wanted to disclose. Continue reading SEC Probe of SolarWinds Attack Concerns Corporate Execs

Google Expands Workspace Features and Opens to All Users

Google is providing full access to Workspace (formerly G Suite) for its 3+ billion existing users in consumer, enterprise and education markets. Users turn on Google Chat in Gmail to enable the full experience. Although Google Drive and Docs have already been free, Workspace brings features such as smart suggestions in emails and documents. Google is also debuting Google Workspace Individual, a paid version aimed at small business owners, offering “booking services, professional video meetings, personalized email marketing” and more. Continue reading Google Expands Workspace Features and Opens to All Users

C-Suite Trends: Spending on Defensive AI, IT to Rise in 2021

MIT Technology Review Insights and cybersecurity firm Darktrace published a survey of 300+ worldwide C-level executives, directors and managers that reveals 96 percent are adopting “defensive AI” against AI-driven attacks. Of this cohort, 55 percent said traditional security solutions aren’t able to anticipate such AI-driven attacks. Defensive AI is comprised of self-learning algorithms that recognize normal user, device and system patterns and can spot anomalies. Gartner reported that global spending on IT will reach $4.1 trillion this year. Continue reading C-Suite Trends: Spending on Defensive AI, IT to Rise in 2021

Facebook Detects Malware That Was Being Used for Ad Fraud

Facebook shut down malware out of China that stole user credentials to serve ads for diet pills, sexual health products and counterfeit goods including designer handbags, shoes and sunglasses. The hackers used the consumer’s associated payment method to purchase the ads, at the cost to victims of $4 million. The social media company first exposed these attacks in 2018 and traced them to ILikeAd Media International, filing a civil suit against the firm and the two Chinese nationals who allegedly developed the malware. Continue reading Facebook Detects Malware That Was Being Used for Ad Fraud

Unsecured Databases Leak 235 Million Social Media Profiles

On August 1, security research firm Comparitech, led by Bob Diachenko, discovered a massive data leak of nearly 235 million Instagram, TikTok and YouTube user profiles. The leak was due to an unsecured database, which is quickly becoming a widespread cause of similar breaches. An audit of the dark web found about 15 billion stolen logins from 100,000 such unsecured database breaches. The data leak discovered by Diachenko and his team was spread across several datasets, including two of 100 million each of Instagram users. Continue reading Unsecured Databases Leak 235 Million Social Media Profiles

Twitter Hack Technique Is Being Replicated for Other Attacks

Last month, three alleged hackers were arrested for manipulating Twitter to control 45 accounts of high-profile figures including Jeff Bezos, Joe Biden and Elon Musk. Now, the technique these young malefactors used — dubbed “phone spear phishing” — is being used by so many other bad actors that experts dub it a crime wave. Phone spear phishing, also known as “vishing,” a mashup of “voice phishing,” has been used this last month to attack banks, web hosting companies and cryptocurrency exchanges, said investigators. Continue reading Twitter Hack Technique Is Being Replicated for Other Attacks

Latest Twitter Hack Puts Spotlight on Internal Security Issues

Since 2015, Twitter chief executive Jack Dorsey and the company board have been warned annually about internal cybersecurity risks. In fact, there are about 1,500 employees plus contractors with the power to make changes in 186 million daily user accounts, and the company had experienced breaches due to internal sources. Then, on July 15, hackers tricked employees to compromise 130 Twitter accounts, including those of Jeff Bezos, Joe Biden, Barack Obama and Elon Musk, stealing data from eight unidentified accounts. Continue reading Latest Twitter Hack Puts Spotlight on Internal Security Issues

Games Are Targets for Ransomware and Credential Stuffing

Cybersecurity firm Cyren recently discovered Syrk, a free tool that allows players to cheat at video game “Fortnite.” It also learned that Syrk can disable anti-malware software and encrypt batches of user files for ransom. Akamai has reported a significant rise in so-called credential-stuffing attacks, by which criminals use stolen identities in automated attacks to break into accounts. Akamai found 55 billion credential stuffing attacks from November 2017 to the end of March 2019. Gaming sites had 12 billion of these attacks. Continue reading Games Are Targets for Ransomware and Credential Stuffing

Google Adopts Open-Source, Secure Password-Less Logins

The FIDO Alliance, a consortium for open source authentication standards, is trying to make passwords obsolete, expanding its secure login protocols. Its efforts were boosted by Google’s announcement that it added certified support for the FIDO2 standard, impacting the vast majority of devices running Android 7 or later. That means owners of these Android 7-based devices should be able to log in seamlessly without passwords on mobile browsers such as Chrome. Websites can now be designed to interact with FIDO2 management. Continue reading Google Adopts Open-Source, Secure Password-Less Logins

Google, Yubico Security Keys May Lead to End of Passwords

Swedish-based Yubico, in business for 10 years, debuted its latest online security product, YubiKey 5, a device that plugs into a computer to authenticate the user with a “handshake” that is more secure than a password or authentication code. Google has come out with a similar device, the Titan Key. Both devices can also be used with some smartphones, by plugging into a port or via a wireless communication. These keys are the first arrivals in an Internet security strategy that might displace the password. Continue reading Google, Yubico Security Keys May Lead to End of Passwords

Machine Learning Used in Detection of Harmful Android Apps

The Google Play Protect detection service, which scans Android apps for malicious activity, is enabled on more than 2 billion devices and detected 60.3 percent of Potentially Harmful Apps (PHAs) in 2017 using machine learning, according to Google’s Android Security 2017 Year in Review report. Google removed over 700,000 apps for violating its policies last year. While Play Protect uses a variety of tactics, machine learning is highly effective for catching PHAs, detecting things like inappropriate content, impersonation, and malware.

Continue reading Machine Learning Used in Detection of Harmful Android Apps

Ghostery Goes Open Source and Intros New Business Model

Ghostery, an ad blocker recommended by Edward Snowden, just published all its code on GitHub. The company was acquired last year by Cliqz, “the first browser with integrated privacy protection,” including anti-tracking and anti-phishing. Ghostery’s revenue model has been hard to understand for some users, who opt-in to share data about the ad trackers they find on the web. Ghostery then sells that data to e-commerce websites and other companies, a seeming incongruity with its stated mission. Continue reading Ghostery Goes Open Source and Intros New Business Model

Symantec Publishes Global Security Findings in Latest Report

Today’s consumers are “overconfident in their security prowess,” which has resulted in a record year for cyberattacks, according to the “2017 Norton Cyber Security Insights Report.” The Symantec report found that 978 million people across 20 countries were impacted last year by cybercrime, and 44 percent of consumers were affected in the last 12 months. “As a result,” notes the report, “consumers who were victims of cybercrime globally lost $172 billion — an average of $142 per victim — and nearly 24 hours globally (or almost three full work days) dealing with the aftermath.” Continue reading Symantec Publishes Global Security Findings in Latest Report

Google Creates a Unified Corporate, Consumer Gmail Policy

Google has just standardized its Gmail policy, saying it will no longer scan the user emails of its free consumer service in order to serve targeted ads. The company adopted this policy with its G Suite corporate customers’ emails, and now adds its consumer service to avoid confusion and create a single policy. Google says the new policy, which will impact 1.2 billion consumers, will become active later this year. The company will continue to serve ads, but will draw data from YouTube or search rather than emails. Continue reading Google Creates a Unified Corporate, Consumer Gmail Policy

Page 1 of 212