Industry News

US National Vulnerability Database Hacked

Thursday, 14 March 2013 14:22

The US government's online catalog of cyber-vulnerabilities has been taken offline – ironically, due to a software vulnerability. The National Institute of Standards and Technology's National Vulnerability Database's (NVD) public-facing website and other services have been offline since Friday due to a malware infection on two web servers, it emerged on Wednesday.

High Definition Surveillance Solutions

Tuesday, 15 January 2013 17:53

I’ve always wondered what my cat did while I was away from home. Did she devour the leaves of the plant in the living room or merely nibble them? How often did she jump up on the kitchen counter to forage for food? Did she dash out through the open window to patrol the ledge from four stories up?

Plenty of video monitoring cameras offer home surveillance solutions, but they are either expensive or the video resolution is low. At $150, the Dropcam HD aims to hit the middle ground, serving as a decent child monitor or home security camera. As I was getting ready to head out of town on vacation, I was eager to try it out.

Last week's terrorist attacks on the United States are expected to shift government and legislative priorities on a host of technology issues. Internet privacy, for instance, the top technology policy issue barely more than a week ago, will likely be replaced by critical-infrastructure protection as the United States seeks to retaliate against what President Bush has called "an act of war." What this means is that pending legislation to protect corporate data about security incidents, voluntarily shared with the government, will likely be fast-tracked. Antispam legislation, on the other hand, may get pushed aside, according to officials at trade and privacy groups, as well as congressional sources.

Cyber-Criminals Eye Olympic Gold

Thursday, 10 January 2013 17:30

By Taylor Armerding

August 08, 2012 — CSO — The public's appetite for scandal around the world is practically insatiable. Not surprisingly, cybercriminals try to take advantage of it, especially during an event like the 2012 Olympic Games.

But the good news, say experts, is that the bulk of the scams are unsophisticated, looking to take advantage of so-called "low-hanging fruit."

Hackers Infiltrate New York Times

Thursday, 10 January 2013 16:56

From The New York Times

SAN FRANCISCO — For the last four months, Chinese hackers have persistently attacked The New York Times, infiltrating its computer systems and getting passwords for its reporters and After surreptitiously tracking the intruders to study their movements and help erect better defenses to block them, The Times and computer security experts have expelled the attackers and kept them from breaking back in.

The timing of the attacks coincided with the reporting for a Times investigation, published online on Oct. 25, that found that the relatives of Wen Jiabao, China’s prime minister, had accumulated a fortune worth several billion dollars through business dealings.

News Feed

CSO Online Social Engineering

  • When it comes to tracking down the bad actors behind malware and ransomware, cybersecurity firms are turning to linguists.

  • Most of us have clicked on an email that seemed legitimate, but wasn't. Here are our top phishing prevention tips for best technology practices, employee education and social media smarts.3 ways to stop 95-99 percent of spear-phishing attempts 1. Inbound email sandboxing Deploy a solution that checks the safety of an emailed link when a user clicks on it. This protects against a new phishing tactic that I've seen from cybercriminals. Bad guys send a brand new URL in an email to their targets to get through the organization's email security. The other tactic is when they inject malicious code into the website...

  • As millennials enter the workforce in large numbers, it is important for all security programs to realize the unique challenges that they pose. While it is not fair, proper or effective to say all millennials are alike, or that older generations don't share some of these traits, it is reasonable to acknowledge some distinct trends.Millennials are the first generation for whom computer devices are ubiquitous in their daily activities. Consider that laptops have become the computer of choice and can be taken anywhere. Cellphones are more powerful and functional than computers were a decade ago — and millenials have had...

  • During a routine secondary inspection by the U.S. Customs and Border Protection (CBP) personnel at Chicago's O'Hare Airport, Kevin Mallory was found to be carrying $16,500 after having declared he was not carrying over $10,000 on his customs forms. The Customs Officer allowed Mallory to amend his form, and Mallory went on his way.This incident on April 21, 2017, was the beginning of the unraveling of Mallory's espionage relationship with the People's Republic of China's intelligence services (PRCIS). You see, when Mallory arrived in Chicago, he was arriving from Shanghai, China, where he had just completed a series of meetings...

  • Tech support and IRS scams have become as common as random emails proclaiming that you've won the lottery, or emails from prince in some foreign land who wants to share their wealth.The IRS scams start with a voice mail threatening a lawsuit or arrest, and the tech support scams will sometimes appear at random online via pop-up ad. One potential victim in both situations used a bit of code to take matters in their own hands.Project Mayhem (Mayhem) on YouTube doesn't like scammers. In the videos below, the individual behind the account demonstrates their ire with a bit of code.The...

  • Most security organizations have long since lost the fight to keep employees from using social media on work computers; indeed, many people now have to be on Facebook or Twitter as part of their professional duties. The goal now is to help contain any damage from social media attacks—keeping in mind that even an attack via someone's personal account can affect their work lives.To that end, we spoke to some security pros about scams and attack vectors that are springing up on social medial. Here are their tips for avoiding social media scams.Social media accounts aren't a shortcut to riches....

  • The game of three-card Monte, which Isaac Choi (aka Yi Suk Choi) has been playing on his investors and employees, has finally come to an ignoble end with his indictment on June 8, 2017. The U.S. Department of Justice's (DOJ) announcement blandly notes Choi was arrested and charged with five counts of wire fraud. My memory recalled this case as being anything but bland. So, I reached out to the DOJ and asked to review the indictment (from which the DOJ notice derived) to confirm my memory that Choi not only duped his investors (not the first to do this), but he...

  • Passwords are lame. After all, the username/password combination became the industry standard for online user identification more than two decades ago, but it has now become the weakest link in protecting our information.Stronger authentication? Sure, most people agree that we need it, given the scope of cyber security threats today. The constant threat of compromised credentials and brute force attacks that can lead to devastating security breaches for organizations.Effectiveness is all about balance For IT and security decision makers, authentication is always a balancing act. On the one hand, they need to ensure that a given user is really who he...

  • Those who have followed China's technology acquisition over the last 30-plus years will recognize the latest pilfering of high-tech trade secrets as par for the course. It all started with Project 863, which was the methodical acquisition of western technology.The most recent incident, in support of China's Ministry of Industry and Information Technology (CMIIT), as well as China's National Offshore Oil Corporation (CNOOC), culminated in the arrest of six individuals of multiple nationalities and arrest warrants for seven (one individual, named but not arrested is currently in China).Amazingly, and indicative of the brass of the Chinese, the China-based company that...

  • The massive WannaCry outbreak caused an estimated $1 billion in damage costs in just its first four days, according to Stu Sjouwerman, CEO at KnowBe4.The WannaCry ransom payouts, however, have been minimal. Various media reports peg the payouts at anywhere from five figures to a few hundred thousand dollars. Even if everyone affected coughed up the $300 ransom demand, the total payouts would be roughly $60 million.To read this article in full or to leave a comment, please click here

  • When the WannaCry malware hit, many users were scrambling for fixes -- but some of the proffered solutions were actually just more malware, in disguise.Security experts recommend that companies stick with their existing security vendors and established update processes, and be careful about downloading fixes that they come across on the Internet."They're really exploiting everyone's fears," said Adam Malone, director of cyber investigations and breach response at New York-based PwC.Legitimate vendors aren't going to send out alerts via viral social media posts, he said. And patches usually don't require a download.To read this article in full or to leave a...

  • Got hit by WannaCry or worried that your organization will be?It goes without saying (hopefully!) that by now all IT organizations have read Microsoft's customer guidance for Wannacrypt attacks, and they will immediately deploy Microsoft Security Bulletin MS17-010.Beyond that patching, here are the top three pieces of advice for IT security pros and anyone concerned with WannaCry or any ransomware strain to heed:To read this article in full or to leave a comment, please click here