Home Podcasts Videos Guest Posts Q&A News This Week Bio Contact
 

NEWS THIS WEEK: Kaspersky ban underway for U.S. agencies; Equifax data breach lawsuits pile up; Europe plans new agency to quell cyber threats

September 15th, 2017

By Byron V. Acohido

The U.S. government moved to ban the use of a Russian brand of security software by federal agencies amid concerns the company has ties to state-sponsored cyber espionage activities. Acting Homeland Security Secretary Elaine Duke ordered that federal civilian agencies identify Kaspersky Lab software on their networks. After 90 days, unless otherwise directed, they must remove the software, on the grounds that the company has connections to the Russian government, and its software poses a security risk. The Department of Homeland Security “is concerned about the ties between certain Kaspersky officials and Russian intelligence and other government agencies, and requirements under Russian law that allow Russian intelligence agencies to request or compel assistance from Kaspersky and to intercept communications transiting Russian networks,” the department said in a statement. “The risk that the Russian government, whether acting on its own or in collaboration with Kaspersky, could capitalize on access provided by Kaspersky products to compromise federal information and information systems directly implicates U.S. national security.” Source: The Washington Post

Lawsuits against Equifax start to pile up after massive data breach

Equifax is facing nearly two dozen class-action lawsuits, along with a separate suit from Massachusetts, over the data breach that compromised the personal information—names, addresses, birth dates and Social Security numbers—of more than 143 million people. Sensitive data from about half of the U.S. population has been available to hackers for weeks. Check your status on Equifax’s website: Equifaxsecurity2017.com. Source: PBS

One line in lengthy bill may allow law enforcement to pursue WikiLeaks

A Senate panel may be trying to give federal law enforcement a new tool to go after the anti-secrecy group WikiLeaks and its U.S. collaborators. A one-sentence “Sense of Congress” clause tacked onto the end of an 11,700-word bill approved by the Senate Intelligence Committee is likely to come before the full Senate this month. The clause says that WikiLeaks “resembles a non-state hostile intelligence service” and that the U.S. government “should treat it as such.” Source: The Sacramento Bee

Latest iPhone would use facial recognition, but Apple says privacy preserved

The recently announced iPhone X has an advanced array of cameras for facial recognition, which allows the phone to become unlocked just by looking at it. The cameras can learn a user’s face and note gradual changes. Apple promised that it would not collect the data on faces, and the information would only be kept on the smartphone, not sent to Apple servers. Source: The Washington Post

Exploits would allow hackers into phones, computers

Security company Armis found eight exploits, collectively called BlueBorne, which can allow an attacker access to a phone without touching it. The attack can allow access to computers and phones, as well as other digital devices. The vector allows hackers to identify a device, connect to it via Bluetooth, and control the screen and apps. Source: Tech Crunch

National Intelligence leader warns of consequences of attacks on grid

Several nations around the globe are capable of launching catastrophic cyber attacks but have refrained from doing so because it would be perceived as an act of war, a veteran security expert said. “We have not experienced—yet—a catastrophic attack. But I think everyone … is aware of the ever-growing threat to our national security,” said Dan Coats, director of National Intelligence, adding that attacks on electrical grids and other utilities are a rising concern. Source: South China Morning Post

IT professionals feel they don’t get no respect, survey shows

A study shows that companies are failing to give IT professionals—the people implementing and operating security strategies for most organizations—the training and responsibility they need to take on a more proactive cybersecurity role. The study, from security training company (ISC)2 also reveals that many IT professionals feel their security guidance is being ignored. Only 35 percent agree that their security suggestions are followed. Source: Beta News

Researchers consider possibility of vaccine against cyber attacks

Some cybersecurity experts are working on what they describe as “vaccines” to stop cyber attacks. In the case of the recent Petya ransomware attack, researchers developed a vaccine in the form of a single computer file that would instantly disable one type of virus as soon as it infected a computer, before it could cause any damage. This is different from traditional anti-virus software that tries to spot and remove any malware on a computer, but this could be after it has done its work. Source: TechXplore

European Commission proposes agency to fight cyber threats

The European Commission issued cybersecurity policy proposals that include the designation of a pan-European agency with a mandate to address cyber threats and attacks. The proposal follows European Commission President Jean-Claude Juncker’s State of the European Union speech, in which he backed setting up a “European cyber security agency.” The EU faced 4,000 ransomware attacks per day last year. Source: Info Security

English sports league seeks defense against cyber attacks from Russia

The English Football Association asked FIFA to shield its national team from Russian cyber attacks ahead of the 2018 World Cup in Russia after emails between the football associations reportedly were hacked. The request was made after emails between the FA and FIFA discussing doping were leaked by the Fancy Bears hacking group, which is suspected of ties to the Russian security services. Source: The Moscow Times

Watch out for those sex robots, says professor who warns of hacks

A cybersecurity professor from Deakin University warned that robots could kill their owners if hackers get inside their heads. Cybersecurity lecturer Nick Patterson said that hacking into modern-day robots, including sexbots, would be easy compared with more sophisticated gadgets such as smartphones and computers. “Hackers can hack into a robot or a robotic device and have full control of the connections, arms, legs and other attached tools like, in some cases, knives or welding devices,” he said. Source: Fox News

This article originally appeared on ThirdCertainty.com

 

PODCAST: How web browsers present an attack vector useful to criminal hackers — and business rivals

By Byron V. Acohido

Web browsers continue to represent, arguably, the most wide-open attack vector at any given company.

This is because Mozilla Firefox, Google Chrome, Microsoft Explorer and Apple Safari all use a basic architecture ideally suited for a threat actor to manipulate. To put it bluntly, it’s all too easy for an attacker to download malicious code onto an employee’s computer—and then use that infected machine as a foothold to probe deeper into the breached network.

Related article: How ‘software containers’ …more

PODCAST: How a daily ‘cyber hygiene’ routine can prevent a catastrophic network breach

By Byron V. Acohido

Cyber attacks don’t discriminate between small and large businesses. Despite small business owners believing they are too small to be at risk, 43 percent of cyber attacks target small businesses. Yet, only one in four small businesses are prepared for such an attack, according to a recent report by Symantec.

Related article: How ‘privileged access’ accounts can pose a major risk

Practicing effective cyber hygiene is one …more

ROUNDTABLE: Will massive Equifax breach be the wake up call for companies, regulators, consumers?

By Byron V. Acohido

The pain has only just begun for Equifax. Last Thursday, the giant credit bureau disclosed that hackers stole personal information for 143 million of its customers, presumably mostly Americans, but also Canadians and Europeans.

In less than 24 hours, two Oregonians, Mary McHill and Brook Reinhard, filed a federal class-action lawsuit accusing the Georgia-based company of failing to maintain adequate electronic security safeguards as …more

NEWS THIS WEEK: Equifax admits losing data for 143 consumers; Symantec finds dozens of U.S. power plants compromised; Trump wants hacked email lawsuit thrown out

By Byron V. Acohido

Credit-reporting agency Equifax said hackers gained access to sensitive personal data—Social Security numbers, birth dates and home addresses—for up to 143 million Americans, a major cybersecurity breach at a firm that serves as one of the three major clearinghouses for credit histories. Equifax said the breach began in May and continued until it was discovered in late July. It said hackers exploited a “website application vulnerability” and obtained personal …more

PODCAST: Why ‘machine identities’ represent a wide-open attack vector — and what your company should do about it

By Byron V. Acohido

Companies spend about $8 billion a year on identity and access management (IAM) systems, geared to keep track of humans, but spend practically nothing guarding machine identities. This is a problem because, according to consultancy firm Gartner, 50 percent of all network attacks in 2017 will use stolen or forged machine identities to launch the attack.

Just as people use names and passwords to get onto the network and identify themselves to a machine, the …more

PODCAST: Survey shows consumers fully aware of ‘smart home’ security, privacy risks

By Byron V. Acohido

If you don’t already have an Internet of Things (IoT) device in your home, chances are you will in the not too distant future.

Following record growth in 2016, which saw 80 million smart devices delivered to homes across the world (an increase of 64 percent from the year before), analysts are saying that 2017 is the year of the smart home.

According to Gartner, by the end of 2017 there will be …more