Cyber Security, Cyber Threat News

Cyber Security, Cyber Threat News via Twitter:

Tweets about cyber security OR cyber threat

more news below (web link on mobile below)

Follow @zqure

ICANN Security Awareness Resource Locator

ICANN Security Awareness Resource Locator: "All stakeholders should learn how to protect themselves, their families, or their organizations against online threats. The resources on this page can help consumers, business or IT professionals avoid online threats or harm and make informed choices regarding (personal) data disclosure or protection. The links on this list are external to ICANN's web site. ICANN has no influence over and is not responsible for changes to links or to content on these sites." Resources - ICANN --excerpts (go to foregoing link for full list):

Child or Consumer Online Safety
Get Safe Online
https://www.getsafeonline.org/

Stay Safe Online
http://www.staysafeonline.org

Stop. Think. Connect.
http://stopthinkconnect.org

Kid's Health
http://kidshealth.org/parent/positive/family/net_safety.html

Malta's Be Smart Online!
http://besmartonline.org.mt/

Australia Stay Smart Online
http://www.staysmartonline.gov.au/

A Parent's Guide to Internet Safety
https://www.fbi.gov/resources/parents
Information aimed to help parents understand the threats of child exploitation or harm. Explains signs that may indicate that a child is at risk online and how to respond. Interpol's Crimes Against Children site and Europol's Child Sexual Exploitation fact sheet provide complementary information.

National Cyber Awareness System
http://www.us-cert.gov/ncas/
The US CERT National security awareness system provides information about common security issues, tips for non-technical computer users, and articles for home and business users.

Microsoft Family Safety Center
http://www.microsoft.com/security/family-safety/default.aspx

STH. End User Training
http://www.securingthehuman.org/enduser/

National Cyber Awareness System
http://www.us-cert.gov/government-users/
The US CERT National security awareness system provides information about common security issues government users are likely to encounter, including training and best practices.

Stay Safe Online
http://www.staysafeonline.org/business-safe-online/
The Keep My Business Safe section of this site includes tip sheets, security planning or training guides, and articles describing how to's (how to assess your risk, conduct security assessments, monitor threats, or report incidents).

Information Warfare Site
http://www.iwar.org.uk
IWS offers a security awareness toolbox and very good paper describing the key elements of a security awareness program.

Cisco Systems Security Education Program
http://www.cisco.com/web/about/security/cspo/awareness/index.html#~acc~panel-5

Microsoft Security Awareness Toolkit
http://www.microsoft.com/en-us/download/details.aspx?id=11428

Infragard Awareness Programs
https://www.infragardawareness.com/

National Institute of Health Information Security and Privacy Awareness Training
http://irtsectraining.nih.gov/publicUser.aspx

National Institute for Science and Technology
http://csrc.nist.gov

NIST 800-50: Security Awareness and Training Program provides guidelines for government agency security awareness and training programs. NIST 800-16: Information Technology Security Training Requirements is a comprehensive document that can be used for generally any organization's security awareness programs.

ENISA Information Security Awareness Materials
https://www.enisa.europa.eu/media/multimedia/material
ENISA has published a User's Guide, How to Raise Information Security Awareness, and offers training videos, posters, screen savers, and illustrations (cartoons) in several EU languages (French, English, German, Spanish).

CERT Moldova
http://cert.gov.md/ (in Romanian)

CERT Moldova provides security awareness and best practices tips for a wide range of audiences.
CERT Sri Lanka
http://www.cert.ik

CERT Sri Lanka offers a knowledge base with information security policy domains, FAQs, general online safety tips, social media best practices and security tools.
ICT GOZO Malta Cyber Awareness
http://www.ictgozomalta.eu/cyber-security-awareness.html

This site offers online safety resources for kids, teens, parents, educators, businesses (Work Force Training Videos, Resources for Small Business), and techies in all European Union languages.

more news below (web link on mobile below)

Follow @zqure

Security Awareness, Posters, Infographics, Presentations, Videos

Security Awareness Posters, Infographics, Presentations, Videos:

STH. Secure the Human
http://www.securingthehuman.org/resources/posters

Security Intelligence
http://securityintelligence.com/top-10-cyber-security-infographics/

End User Security Awareness Presentation, Cristian Mihai, PWC
http://www.slideshare.net/frostinel/end-user-security-awareness-presentation-presentation

How to Build a Winning Security Awareness Program, CommLab India
http://www.slideshare.net/CommLab/how-to-build-a-winning-security-awareness-program-25843930

Creating a Meaningful Security Awareness Program
http://www.slideshare.net/bwoelk/engage-creating-a-meaningful-security-awareness-program

eMail Security Awareness, Dale Rapp
http://www.slideshare.net/DaleRapp/email-security-awareness

Social Engineering Audit and Security Awareness, CBIZ Inc
http://www.slideshare.net/CBIZinc/social-engineering-audit-security-awareness

CyberSecurity Awareness for Students, Kandarp Shah
http://www.slideshare.net/skandarp/cyber-security-awareness-for-students

Google Security Awareness Videos
https://www.youtube.com/user/GoogleCyberSecurity

Raising information security awareness, TerraNova Training
http://www.slideshare.net/Terranovatraining/terranovatraining-isa

Security Awareness Videos at antispam.br (in Portuguese)
http://www.antispam.br/videos/

Oman CERT Security Awareness Video Channel (in Arabic)
https://www.youtube.com/profile?user=omancert

more news below (web link on mobile below)

Follow @zqure

Best Password Vault

Take it from Leo--

What's the best password vault? | The Tech Guy: "Carla is overwhelmed by a ton of passwords she has to remember. What can she uses for just one password to rule them all? Leo says to use a password vault that will generate a unique and strong password that's difficult to crack. The best passwords are long and random with a combination of upper and lower case, numbers, letters and punctuation. That's what a password vault generator will buy you. Leo advises using LastPass. You can download and use it for free, or pay $12 for some additional features including mobile use. Other options include DashLane for the Mac, One Password for the Mac. And to remember your one lastpass password, use a pneumonic, where you use the first letter of each word of a phrase with punctuation, and then toss in a phone number. It will look random, but easy to remember or at least reconstruct."

more news below (web link on mobile below)

Follow @zqure

Russian Anonymous Marketplace, RAMP, Dark Web Drugs

How a Russian Dark Web Drug Market Outlived the Silk Road (And Silk Road 2) | WIRED: "... For more than two and a half years, the Russian Anonymous Marketplace, or RAMP, has maintained a thriving business in the Dark Web drug trade, offering one of the Internet’s widest arrays of narcotics to its Russian-speaking clientele. That’s roughly as long a tenure online as the original Silk Road achieved before it was seized in an FBI bust in October of last year. And it’s far longer than the new generation of anonymous drug markets that followed the Silk Road, including more than a dozen sites taken down last week in a massive coordinated police action. The largest of those seized sites, Silk Road 2, lasted exactly one year to the day...." (read more at the link above)

more news below (web link on mobile below)

Follow @zqure

How to encrypt Carbonite data

Leo Laporte answers--

How do I encrypt my Carbonite data? | The Tech Guy: "Bob uses BitLocker to secure his data. And when he uses Carbonite, he sees that his data is unencrypted when restoring it. Leo says that as long as you're logged in, bitlocker has unencrypted the data. And when you log out, it encrypts it again. But the good news is that when you back up Carbonite, the backup is encrypted. And Carbonite allows you to make the data completely encrypted. It's in the settings. BTW using BitLocker requires certificates. So make sure they're backed up. If they get corrupted, you'll lose the ability to access your encrypted data even if you know the password. There's also a good program called SpiderOak. It works like DropBox but uses end to end encryption."


more news below (web link on mobile below)

Follow @zqure

Threat Intelligence Not So Intelligent, Global Financial System Vulnerable

Threat Intelligence firm mistakes research for nation-state attack | CSO Online: "If anything, this incident proves two things; Redpoint scans will be detected by a honeypot, and when it comes to threat intelligence - sometimes it's not all that smart." (read more at link above)

JPMorgan Chase Says More Than 76 Million Accounts Compromised in Cyberattack - NYTimes.com: "Hackers were able to burrow deep into JPMorgan’s computer systems, accessing the accounts of more than 90 servers — a breach that underscores just how vulnerable the global financial system is to cybercrime. Until now, most of the largest hack attacks on corporations have been confined to retailers like Target and Home Depot."

more news below (web link on mobile below)

Follow @zqure

Voice Hackers Will Be Talking Their Way Into Your Technology

Will Siri be indicted as a co-conspirator?

Voice Hackers Will Soon Be Talking Their Way Into Your Technology:  "... this scary reality is not as far away as it might seem, as security researchers have already managed to trick Siri into letting them bypass the lock screen on an iPhone and post Facebook messages, access call history, send text messages and fire off emails. “Microphones should be disabled immediately and our current recommendation is that the user switch off features [involving voice commands],” he said in a phone interview with Forbes. “At the moment, leaving biometric technology as it is today is like leaving a computer without a password and just allowing anyone to walk by, click and take an action. “We realized there is something very basic here that everyone seems to have forgotten: authentication. If you have a smart TV at home, for instance, it will respond to a synthesized voice as well as yours.”..."


more news below (web link on mobile below)

Follow @zqure

Eugene Kaspersky: How to Deal With the Threat of Cyber-Attacks (video)

How to Deal With the Threat of Cyber-Attacks: Video - Bloomberg:
(Allow video to load after clicking play or go to link above)

Kaspersky Lab Founder and CEO Eugene Kaspersky discusses the threat from cyber-attacks on “Bottom Line.” (Source: Bloomberg 9/15)

more news below (web link on mobile below)

Follow @zqure

Scam: Computer Hackers Claim to be Law Enforcement

And corrupt law enforcement who want bribes!--

Scam: Computer Hackers Claiming to be Law Enforcement: "The Newberry County Sheriff's Department is warning computer owners about a scam involving hackers posing as law enforcement. According to deputies, scammers are using a virus to encrypt computer owners data and take over their computer. The scammers are claiming to be with law enforcement or FBI and accusing owners of looking at child pornography. They ask for a sum of money to be sent to a location to unlock the computer and clean it of pornography. Deputies say the hackers threaten to keep the owners' computer data and arrest them if they do not comply...."


more news below (web link on mobile below)

Follow @zqure

Cyber attacks, Cybersecurity, Cyber insurance

Hack attacks spur calls for cyber insurance
The Hill
Cyber insurance legally protects companies after a data breach, covers ... “If I am a company and I buy cybersecurity insurance, if I have bad security ...

Prepare for the Attack of the Data-Sucking Cyber Zombies
Entrepreneur (blog)
Having trained professionals who understand cyber security and know what to look for is essential to an overall security strategy. Whether you employ ...

more news below (web link on mobile below)

Follow @zqure

Cyber Attacks, Cyber Crime, Business Loss

Cyber Crime Means Business- Potentially Yours
Forbes
How to Manage the Growing Risk of Cyber Attacks (Wiley, 2014) and THREAT! ... The loss of this information is a national economic security crisis.
Data Breach Specter: 3 Cyber Security Stocks to Benefit - Analyst Blog - NASDAQ
Cyber-CAT brochure - marsh.com

Experts warn banks of more cyber attacks
Financial Times
Cyber security experts have warned of a constant threat of organised cyber criminals on the financial sector after the US Federal Bureau of ...

Cyber Security Education: Remove The Limits
InformationWeek
Historically, there have been two perceived approaches to cyber security -- the vertical, technical approach and the more horizontal, strategic ...

HACKERS STRIKE: It's a huge problem affecting millions of Americans
Q13 FOX
“Cyber security, I think, is the biggest threat facing personal privacy, national security, and the national economy. It affects everyone,” U.S. Attorney ...

Why Breach Detection Is Your New Must-Have, Cyber SecurityTool
TechCrunch
Cyber attacks are all over the news, and it seems like no one is immune — Home Depot, Target, Adobe and eBay included. So why are CIOs still ...

more news below (web link on mobile below)

Follow @zqure

North Korea, Cyber Warfare, Data Breaches, National Cybersecurity Center

North Korea cyber warfare capabilities exposed
ZDNet
North Korea's cyber warfare capabilities are on the rise despite being ... training up the next generation of cybersecurity and cyber warfare experts.

Cyber security more of a priority after Highly publicized data breaches
KCRG
CEDAR RAPIDS — More data breaches, including stolen credit card numbers and hacked personal photos of celebrities, has both individuals and ...
Grassley Cyber Security Remarks at National Cyber Security Alliance Seminar - Senator Chuck Grassley

Virginia accelerator welcomes new cohort of cybersecurity companies
Washington Post
Maryland is home to the U.S. Cyber Command at Fort Meade and the soon-to-be-built National Cybersecurity Center of Excellence in Montgomery ...

more news below (web link on mobile below)

Follow @zqure

NATO, Cyber attack, mutual defense

NATO nations 'will respond to a Cyber attack on one as though it were on all'
Register
NATO is set to agree a new cyber defence policy that would mean any severe ... through diplomatic channels, according to one seasoned IT security pro. ... The Tallinn Manual on the International Law Applicable to Cyber Warfare, ...
NATO agrees cyber attack could trigger military response - Reuters UK
In case of cyber attack: NATO members ready to pledge mutual defense - Ars Technica

Wanted By DHS: Breakout Ideas On Domestic Cybersecurity
InformationWeek
Department of Homeland Security plans to fund cyber defense research efforts to develop pragmatic tools that can be deployed quickly, says Forrester ...

This Week in Tech: Lawmakers take on cybersecurity
The Hill
The event is a joint effort by retail and financial services industries that have often sparred in the past but are joining forces to press for stronger cyber ...
Let's pass cybersecurity legislation - The Hill
Security clearances, contractor oversight, NATO cyber and more - FCW.com
Cyber Innovation Center receives $5M Department of Homeland Security grant - KTBS

UK launches online course to promote security in cyber space
Out-Law.com
The free 'Massive Open Online Course' (MOOC) is backed by the UK's NationalCyber Security Programme, which is investing £860 million over five ...
Government supports UK's next generation of cyber security professionals - Gov.uk

more news below (web link on mobile below)

Follow @zqure

Cybersecurity, Passwords, Technology

Cybersecurity NEWS:

SFGate
Beyond passwords: taking cybersecurity to the next level
SFGate
The password has failed. That ubiquitous annoyance of the digital age - the computer password - has proved itself to be profoundly unsafe. People ...

People too trusting when it comes to their cybersecurity, experts say
Kansas.com
College jobs experts say cybersecurity students like Brewer will in the future make a great deal of money – six figures, some of them. “He's a great guy, ...

Cybersecurity a major priority in independent broker-dealers' 2015 tech budgets
InvestmentNews
Cybersecurity concerns are front and center for independent broker-dealers as they plan next year's technology budgets, according to an ...


Haaretz
Iran still Israel's biggest threat, PM says at cyber conference
Jerusalem Post
Prime Minister Binyamin Netanyahu addressed the fourth Annual InternationalCybersecurity Conference at Tel Aviv University on Sunday, pushing ...
PM speaks at cybersecurity conference - Jerusalem Post

Cleared Intelligence Contractors Readying for New Cybersecurity Reporting Requirements
The National Law Review
When it became law on July 7, 2014, the 2014 Intelligence Authorization Act (“IAA”) gave the Director of National Intelligence (“DNI”) 90 calendar days ...

more news below (web link on mobile below)
Follow @zqure

Protecting Trade Secrets in the Digital Age

Protecting Trade Secrets in the Digital Age Requires Extra Vigilance: "Technology allows businesses around the world to easily communicate and access data, increasing both business opportunities and worker productivity. However, this same technology also makes corporate data more vulnerable to theft and harder to protect. Lost or stolen data has significant financial repercussions; misplaced devices or server crashes are estimated to cost the average business $586,000 a year. Data theft was recently estimated to cost companies $250 billion a year, according to the National Crime Prevention Council. Intellectual property — customer lists, a secret recipe, proprietary product blueprints, financial data, merger and acquisition plans, etc. — faces a variety of threats as more businesses and employees take advantage of wireless and portable devices...." (read more at link above)

more news below (web link on mobile below)

Follow @zqure

Network-Based Steganography Threats

The Growing Threat Of Network-Based Steganography | MIT Technology Review: "... They point out that before a countermeasure that does do this can be built, researchers will need to come up with a new set of fundamental approaches to counter the newly evolving forms of steganography. One thing is for sure: the detection and prevention of network steganography is set to become increasingly challenging as the threat from malware such as Duqu spreads. Be warned!
Ref: arxiv.org/abs/1407.2029 : Hidden and Uncontrolled – On the Emergence of Network Steganographic Threats"

more news below (web link on mobile below)

Follow @zqure

Exploit Kits, The Scourge of Cyberspace

Dark Net reveals how hackers exploit vulnerabilities - SFGate: ".... Users think they are clicking legitimate links to legitimate websites, and they still get infected with malware that carries bad consequences. For example, a hacker can encrypt a users' files - documents, photographs or videos - in a "crypto locker" and not release the data until the victim pays ransom... Nearly 70 percent of exploit kits originate in Russia, where cybercrime laws are relatively weak, according to a report by research firm Solutionary. In recent years, a thriving, coordinated underground economy has emerged, a place where criminals swap cash to develop and update the kits, identify targets and rent the "weapons" for as little as $50 a day. "These black markets are growing in size and complexity," according to a report by Rand Corp., a Washington think tank. "The hacker market - once a varied landscape of discrete, ad hoc networks of individuals initially motivated by little more than ego and notoriety - has emerged as a playground of financially driven, highly organized and sophisticated groups.... " (read more at link above)

more news below (web link on mobile below)

Follow @zqure

Protecting Trade Secrets, Remote Worker Security, Mobile employees

Protecting Trade Secrets in the Digital Age Requires Extra Vigilance | WeComply, a Thomson Reuters business - JDSupra:

Remote Worker Security -- Mobile employees using portable devices increase the potential for data loss in a variety of ways:

• Transferring files from a work device to an unprotected home computer or personal device.
• Using personal communications that don't meet corporate IT security standards.
• Discussing sensitive company matters where others can hear the conversation.
• Failing to use a laptop privacy guard when working remotely in a public place.
• Failing to properly safeguard mobile devices against loss or theft.
• Using hotel or other public "hot spots" where potential cybercriminals can steal information or establish a rogue network to steal information.

(read more at link above)

more news below (web link on mobile below)

Follow @zqure

Andreessen Horowitz, Cyber Security Firm Tanium (video)

Why Andreessen Is Investing $90M in Tanium: Video - Bloomberg:
(Allow video to load after clicking play or go to link above)

Steven Sinofsky, a board partner at Andreessen Horowitz, discusses the company's investment in cyber security firm Tanium with Cory Johnson on "Bloomberg West." Bloomberg LP, the parent of Bloomberg News, is an investor in Andreessen Horowitz. (Source: Bloomberg, June 23)

more news below (web link on mobile below)

Follow @zqure

FBI Fights Against Chinese Cyber-Espionage

Exclusive: Inside the FBI's Fight Against Chinese Cyber-Espionage: "SolarWorld was fighting a losing battle. The U.S. subsidiary of the German solar panel manufacturer knew that its Chinese competitors, backed by generous government subsidies, were flooding the American market with steeply discounted solar panels and equipment, making it practically impossible for U.S. firms to compete. What SolarWorld didn't know, however, was that at the same time it was pleading its case with U.S. trade officials, Chinese military hackers were breaking into the company's computers and stealing private information that would give Chinese solar firms an even bigger unfair advantage, including the company's pricing and marketing strategies..."

more news below (web link on mobile below)

Follow @zqure

Evolving Threat, Amplification DDoS Attacks

The Evolving Threat of Amplification DDoS Attacks | Between the Dots: "...The only real way to defend against attacks of this size is, unsurprisingly, massive network infrastructure that is engineered to withstand very large volumes of traffic.  Unfortunately, this isn’t how most customer networks are designed, and it’s certainly cost prohibitive for an organization to keep scaling up the network to match the ever-increasing size of these attacks. It’s an unwinnable arms race; attackers will always have access to more bandwidth than you. Leveraging a third-party cloud-based DDoS protection service like Verisign’s is likely to provide the best protection against these attacks. Our infrastructure is scaled and architected to defend against the largest-known attacks. Furthermore, we operate a fully redundant and interconnected network backbone to help ensure a massive attack doesn’t impact any one site or our ability to protect our customers...."

More info: For more information about DDoS trends, read Q1 2014 DDoS Trends report

more news below (web link on mobile below)

Follow @zqure

Cybercrime A Growth Industry, $445 Billion Lost

Cybercrime Remains Growth Industry With $445 Billion Lost - Businessweek: "Cybercrime remains a growth industry. That’s the main message from former U.S. intelligence officials, who in a report today outlined scenarios for how $445 billion a year in trade theft due to computer hackers will worsen. They warned that financial companies, retailers and energy companies are at risk from thieves who are becoming more sophisticated at pilfering data from their servers...." (read more at link above)

more news below (web link on mobile below)

Follow @zqure

Governments use secret cables to tap phones

Vodafone: governments use secret cables to tap phones - Telegraph: "Government agencies are able to listen to phone conversations live and even track the location of citizens without warrants using secret cables connected directly to network equipment, admits Vodafone today"

In some countries this means giving access to the content of phone calls and other electronic communications, or access to metadata such as the number of calls made, the numbers they were made to and the location of the caller when those calls were placed. In some countries, around six that Vodafone does business with but not including the UK, they are made to provide a "direct access" cable straight into their network to allow governments to siphon off any data they wish, without having to issue a warrant.

more news below (web link on mobile below)

Follow @zqure

Singapore, Massive Cyber Security Breach (video)

Singapore’s Massive Cyber Security Breach: Video - Bloomberg:
(Allow video to load after clicking play)

Bloomberg’s Haslinda Amin reports on the largest cyber security breach in Singapore’s history, affecting over 3 million SingPass accounts. SingPass accounts allow Singapore’s residents to access 340 online transactions with government agencies. She speaks to John Dawson on Bloomberg Television’s “On The Move Asia. (Source: Bloomberg June 5)

more news below (web link on mobile below)

Follow @zqure

What Cybercriminals Are Looking For (video)

What Exactly Are Cybercriminals Looking For?: Video - Bloomberg:
(Allow video to load after clicking play)

PWC Global and U.S. Cybersecurity Leader David Burg discusses cyber-threats on Bloomberg Television's “Bloomberg West.” (Source: Bloomberg, May 28)

more news below (web link on mobile below)

Follow @zqure

Cyber Cadets, West Point Graduates Hackers (video)

(Allow video to load after clicking play)

Cyber Cadets: West Point Graduates Hackers: Video - Bloomberg: "For the first time, this year's graduates of the U.S. Military Academy at West Point are able to join America's Cyber Command straight out of college. For years the Department of Defense has ostracised hackers but now they are encouraging and recruiting them. Bloomberg's Willem Marx explains. (Source: Bloomberg May 27)"

more news below (web link on mobile below)

Follow @zqure

Cyber-security: Wi-Fi users vulnerable to hacking

Cyber-security expert’s experiment shows Wi-Fi users in Las Vegas vulnerable to hacking - Las Vegas Sun News: "....As in his previous experiments, the results from Lyne’s warbiking in Las Vegas showed people and Wi-Fi networks here aren’t taking security precautions they need.... To avoid being hacked, he recommends people sign up for a virtual private network encryption that protects their computer on any Wi-Fi network. Meanwhile, small businesses and local Wi-Fi routers can be installed to have WPA2 encryption to protect it from hackers. Still, Lyne said the gulf between cyber security standards and the growth of wireless networks is expanding at a rapid rate. It’s a global problem, and he said he planned to present the information to the United Nations to try to change cyber security standards." (read more at link above)

more news below (web link on mobile below)

Follow @zqure

Job Hunting, Protect Your Identity From Scammers

Job Hunting? Protect Your Identity From Scammers. - WSJ.com: "Web-savvy criminals are increasingly targeting job hunters. They're posing as recruiters and creating fake websites to steal personal data that they use to commit identity fraud. Research consultancy Javelin Strategy & Research in Pleasanton, Calif., reports that in 2013 there were 13.1 million cases of identity fraud in the U.S."
(read more at link above)

more news below (web link on mobile below)

Follow @zqure

Cameras Watching You at Work Improve Safety (video)

(Allow video to load after clicking play)
How the Cameras Watching You at Work Improve Safety: Video - Bloomberg: "Arrowsight is a service which analyzes company surveillance video to target ways businesses can improve safety and efficiency. The company just partnered with Deloitte, and expects to expand into a half dozen new industries. Chief Executive Officer Adam Aronson tells us how he managed to get into the notoriously private medical industry, in this week's "Small to Big." (source Bloomberg June 5th)

more news below (web link on mobile below)

Follow @zqure

Android-based Pwn Phone

Android-based Pwn Phone is prepared to do evil for your network’s own good | Ars Technica: "...One of those “one-touch” penetration testing tools is EvilAP, a tool for creating a “malicious” Wi-Fi access point that can detect and respond to the Wi-Fi probe requests sent by devices as they look for previously used wireless access points. EvilAP can use the phone’s wireless broadband connection or another network to then pass through network requests while the phone’s user launches other attacks on the traffic. (These can include SSL Strip “man-in-the-middle” attacks against secure Web sessions.)..." (read more at link above)

more news below (web link on mobile below)

Follow @zqure

Antivirus Software Is Dead

Mish's Global Economic Trend Analysis: Symantec Says "Antivirus Software Is Dead": "The overall message from security providers is: don't expect the security systems we sell will work.  Individual consumers obviously cannot afford to pay Symantec, IBM or anyone else to assess the damage when software fails. The saving grace for individuals is that ambitious hackers primarily attack banks and retailers like Target, where if they break in, they can steal information on tens-of-thousands of credit cards or accounts at a time."

more news below (web link on mobile below)

Follow @zqure

Cybersecurity, Hackers, Last Defense

Hackers get to hone cybersecurity skills
Boston Globe
They were participating in a competition hosted by a Maryland-based nonprofit that offerscybersecurity courses and helps connect students to jobs in ...

Without safeguards, smart home can be a dumb choice, expert says
San Angelo Standard Times
The rise of smart technology worries cyber security expert Jerry Irvine, who believes many homeowners are unknowingly trading security for ...

You are the last line of defense from computer woes
Seacoastonline.com
The National Cyber Security Alliance has an excellent Web site at ... The U.S. Computer Emergency Readiness Team at www.us-cert.gov also has ...

more news below (web link on mobile below)

Follow @zqure

Cyber Warriors, Software Flaws, Hacktivists, Cyber Security

Cyber warriors, including Carnegie Mellon team, hunt down software flaws
Tribune-Review
“We're in an arms race,” said Chase Cunningham, the National Security ... Michael Daniel, the White House cybersecurity coordinator, said in a blog ...

Hacktivists can't win with Israeli security system
The Times of Israel
Foresight, an Israeli cyber-security firm, last week started to offer a new service, called Defacement Mitigator, which replaces a site with the original ...

CSIRO warns Australia needs a cultural change in dealing with cyber security - ABC News...
abc.net.au
A CSIRO report warns that Australian organisations are vulnerable to a new range of cyberattacks.
www.abc.net.au/news/2014-05-05/csiro-warns.../5429606

more news below (web link on mobile below)

Follow @zqure

DarkMarket, a Silk Road the FBI Can Never Seize

Inside the ‘DarkMarket’ Prototype, a Silk Road the FBI Can Never Seize | Threat Level | WIRED: "...If one group of Bitcoin black market enthusiasts has their way, the next online free-trade zone could be a much more elusive target. At a Toronto Bitcoin hackathon earlier this month, the group took home the $20,000 first prize with a proof-of-concept for a new online marketplace known as DarkMarket, a fully peer-to-peer system with no central authority for the feds to attack. If DarkMarket’s distributed architecture works, law enforcement would be forced to go after every contraband buyer and seller one by one, a notion that could signal a new round in the cat-and-mouse game of illicit online sales...."

more news below (web link on mobile below)

Follow @zqure

Hackers, Journalists, Cyberattacks

Watch out, journalists: Hackers are after you - CNET: ".... Speaking on Friday at the Black Hat hackers conference in Singapore, Google security engineers Shane Huntley and Morgan Marquis-Boire reported that 21 of the top-25 news organizations in the world have been targeted by hackers. Those hackers, the researchers told Reuters, are likely sponsored by foreign governments seeking information. State-sponsored hacking has taken on a life of its own over the last several years. Several countries around the world, including the US, China, and Russia, are believed to be engaging in hacking to gain information. It's no surprise that some state-sponsored hackers have broadened their scope to journalists, especially given the information many top journalists have on companies and government officials. Huntley and Marquis-Boire warned that, while the tech industry is coming to grips with online security requirements, many journalists and news organizations are just now becoming aware of the threats...."

more news below (web link on mobile below)

Follow @zqure

Glenn Greenwald’s Encryption Guru

Glenn Greenwald’s Encryption Guru - Alex Carp - POLITICO Magazine: ".... Schneier is a legendary encryption specialist who has written or edited 13 books on the subject, and worked for the Department of Defense, telecommunications companies, banks and governments. Most recently, he’s been a vocal advocate of the idea that the best security systems accept a reasonable amount of risk; a blind focus on protecting against every threat, he says, usually comes with unexpected costs....."

more news below (web link on mobile below)

Follow @zqure

Huawei, NSA, China, cyberattacks

Huawei on NSA: If foreign spies attacked a US firm, there’d be “outrage” | Ars Technica: "Chinese tech company still trying to track down NSA infiltration."

Of course, foreign countries have attacked US companies, including China's "Operation Aurora" waged against Google and other US firms in 2009, and such attacks continue today.

more news below (web link on mobile below)

Follow @zqure

Apps Covertly Mining Cryptocurrency

Caveat Emptor --

Apps with millions of Google Play downloads covertly mine cryptocurrency | Ars Technica:  ...According to a blog post published Tuesday by a researcher from antivirus provider Trend Micro, the apps are Songs, installed from one million to five million times, and Prized, which was installed from 10,000 to 50,000 times. Neither the app descriptions nor their terms of service make clear that the apps subject Android devices to the compute-intensive process of mining, Trend Micro Mobile Threats Analyst Veo Zhang wrote. As of Wednesday afternoon, the apps were still available....

more news below (web link on mobile below)

Follow @zqure

Cybersecurity, Cyberwar

Book Discussion Cybersecurity Cyberwar | Video | C-SPAN.org: "P.W. Singer talked about his book, Cybersecurity and Cyberwar: What Everyone Needs to Know, in which he discusses the topics of internet security and cyberwarfare. Mr. Singer co-authored the book with Allan Friedman. He spoke at the Stevens Institute of Technology in Hoboken, New Jersey" (video at link above)

more news below (web link on mobile below)

Follow @zqure

The CIA, Secret Arabists, Shaping of the Modern Middle East

Book Discussion Americas Great Game | Video | C-SPAN.org: "Hugh Wilford talked about his book, America’s Great Game: The CIA’s Secret Arabists and the Shaping of the Modern Middle East, in which he recounts the CIA’s early forays in the Middle East in the 1940s and 1950s. The operations were led by Theodore Roosevelt’s grandson, Kermit “Kim” Roosevelt, head of the region’s covert actions, who was assisted by his cousin Archie Roosevelt, chief of the Beirut Station. In his book, the author reports that these men’s actions, in conjunction with covert operations specialist Miles Copeland, would invariably lay the groundwork for foreign policy relations between the U.S. and the Middle East. Hugh Wilford spoke at Politics and Prose bookstore in Washington, D.C." (video at link above)

 more news below (web link on mobile below)

Follow @zqure

Sochi tech, Security

Disregard the fabrications of NBC --

Forget its hotels, Sochi’s tech has been up for the Olympic challenge | Ars Technica: “ . . . It is important that attendees understand communications while at the Games should not be considered private,” warned United States Computer Emergency Readiness Team, part of the Department of Homeland Security. Still, one should be careful about overestimating the Russian system’s capabilities. The recent sensationalized NBC story was swiftly debunked as far-fetched, and worrisome smartphone reboots,reported by a mobile security startup, could’ve been caused by hundreds of different reasons....."

more news below (web link on mobile below)

Follow @zqure

NSA asleep at the switch, Snowden Used Low-Cost Tool

NSA, intelligence? Or just an oxymoron?

Officials say Mr. Snowden used “web crawler” software. Moreover, Mr. Snowden succeeded nearly three years after the WikiLeaks disclosures, in which military and State Department files, of far less sensitivity, were taken using similar techniques. (source infra)

Snowden Used Low-Cost Tool to Best N.S.A. - NYTimes.com: " . . . the N.S.A.’s mission includes protecting the nation’s most sensitive military and intelligence computer systems from cyberattacks, especially the sophisticated attacks that emanate from Russia and China. Mr. Snowden’s “insider attack,” by contrast, was hardly sophisticated and should have been easily detected, investigators found...."

more news below (web link on mobile below)

Follow @zqure

Strengthening National Cybersecurity (video link)

Strengthening National Cybersecurity | Video | C-SPAN.org: "White House Cybersecurity Coordinator Michael Daniel spoke about the development and implementation of a national cybersecurity framework, specifically the strengthening of critical infrastructure cybersecurity, initiated by a 2013 executive order. Government and industry officials also participated in the discussion. USTelecom hosted the event. " (video at link above)

more news below (web link on mobile below)

Follow @zqure

Your Bank Accounts, Brokerage Accounts, Cybertheft

Keeping Swindlers Out of Your Bank and Brokerage Accounts - NYTimes.com: " . . . Data breaches at Target and Neiman Marcus were certainly scary. Personal information from tens of millions of people fell into the hands of cybercriminals. . . equally threatening and perhaps more personal attack is a hacker getting into your email and then using it to take money from your bank and brokerage accounts. It is a problem that is increasing at all wealth levels, from individuals with small investment accounts to family offices that serve the wealthiest clients. Naureen Hassan, senior vice president of client experience at Charles Schwab, which is the largest custodian of independent advisers in the country, said the firm had seen a fivefold increase in email-related fraud over the last two years...."

more news below

Follow @zqure

4 in 10 US Government Security Breaches Go Undetected

Almost every agency has been attacked, including the Departments of Homeland Security, Justice, Defense, State, Labor, Energy, and Commerce. NASA, the EPA, the FDA, the U.S. Copyright Office...

Report: 4 in 10 Government Security Breaches Go Undetected | Washington Free Beacon: "A new report by Sen. Tom Coburn (R., Okla.) details widespread cybersecurity breaches in the federal government, despite billions in spending to secure the nation’s most sensitive information. The report, released on Tuesday, found that approximately 40 percent of breaches go undetected, and highlighted “serious vulnerabilities in the government’s efforts to protect its own civilian computers and networks....”

more news below

Follow @zqure

Target Hackers May Be Tough to Find

Bitcoins, Criminals, Stolen Credit Card Numbers --

Experts: Target Hackers Will Be Tough to Find - ABC News: "The underground markets always have a steady supply of card numbers on sale and their locations are always moving as they try to elude law enforcement, says Daniel Ingevaldson, chief technology officer at Easy Solutions Inc., a firm that sells anti-fraud products and tracks the activity of the online black markets. A big jump in inventory usually indicates there's been a breach of a major retailer. That's what Ingevaldson's firm saw in the cases of both Target and Neiman Marcus, which also recently reported a breach. While many of these online bazaars and forums are based in Russia and Eastern Europe, much of the chatter is in English and appears to have been written by Americans, Ingevaldson says. The types of criminals who buy the card numbers run the gamut, ranging from purely online white-collar crooks to street gangs.
"In reality, card numbers can be bought by anybody with access to the forums and a few Bitcoins in their pocket," Ingevaldson says."

more news below

Follow @zqure

Target Data Breach, Hackers Phishing

Target is trying to limit the damage from a massive data breach. But there are signs that other hackers are trying to take advantage of the original data theft with elaborate "phishing" schemes.

more news below

Follow @zqure

Identity thieves, Tax refunds

Caveat Emptor Taxpayers! --

• If you file by mail, do it at a post office, not from an unlocked mailbox in front of your house.
• If you file electronically, use a secure computer on a secure network. It's OK to check the weather using a Wi-Fi hot spot, but don't do anything financial or tax-related on a public Wi-Fi network.

Identity thieves gear up to steal your tax refund: " . . . Most victims find out there's a problem when they get a letter from the IRS that says they've filed more than one return or that they earned wages from an unknown employer, which likely means someone stole your Social Security number to get a job. If you get such a notice, contact the IRS Identity Protection Specialized Unit right away at 800-908-4490, extension 245. There's paperwork you need to file and things you should do as quickly as possible because you are now vulnerable to all types of identity theft. "The Social Security number is the Holy Grail," Velasquez said. "Once you have enough information to file a phony tax return, you have enough information to open new lines of credit, commit medical identity theft and take over financial accounts." The refund thieves may also try to claim your tax refund next year, so if you're a victim get a verification PIN code from the IRS that you must use to file future returns. Do not respond to an unexpected email or text message that claims to be from the IRS. The IRS does not do business that way. Its initial contact is always by mail...."

more news below

Follow @zqure

How Companies Can Prevent Hackers (video)

How Companies Can Prevent Hackers: Video - Bloomberg: "Jan. 3 (Bloomberg) -- Sophos Senior Security Advisor Chester Wisniewski discusses cyber security with Deirdre Bolton on Bloomberg Television's "In The Loop. (Source: Bloomberg)"

more news below

Follow @zqure

NSA Has Back Doors for Numerous Devices

Catalog Reveals NSA Has Back Doors for Numerous Devices - SPIEGEL ONLINE: "These NSA agents, who specialize in secret back doors, are able to keep an eye on all levels of our digital lives -- from computing centers to individual computers, from laptops to mobile phones. For nearly every lock, ANT seems to have a key in its toolbox. And no matter what walls companies erect, the NSA's specialists seem already to have gotten past them...." (read more at link above)

more news below

Follow @zqure

Secret NSA contract, Government Misled Security Firm RSA

Exclusive: Secret contract tied NSA and security industry pioneer | Reuters: "The RSA deal shows one way the NSA carried out what Snowden's documents describe as a key strategy for enhancing surveillance: the systematic erosion of security tools. NSA documents released in recent months called for using "commercial relationships" to advance that goal, but did not name any security companies as collaborators. The NSA came under attack ... in a landmark report from a White House panel appointed to review U.S. surveillance policy. The panel noted that "encryption is an essential basis for trust on the Internet," and called for a halt to any NSA efforts to undermine it. Most of the dozen current and former RSA employees interviewed said that the company erred in agreeing to such a contract, and many cited RSA's corporate evolution away from pure cryptography products as one of the reasons it occurred. But several said that RSA also was misled by government officials, who portrayed the formula as a secure technological advance. "They did not show their true hand," one person briefed on the deal said of the NSA, asserting that government officials did not let on that they knew how to break the encryption."

more news below

Follow @zqure

NSA Can Easily Break Cellphone Encryption

NSA Can 'Easily' Break Cellphone Encryption, Report Says: The U.S. National Security Agency (NSA) has the technical capacity to crack the most commonly-used cellphone encryption technology, and in doing so it can decode and access the content of calls and text messages, according to a Washington Post report . . . Citing a top-secret document leaked by former intelligence contractor Edward Snowden, the report states that the agency can easily break a technology called A5/1, the world's most common stream cipher used to encrypt cellular data as it transmits to cell towers....

more news below

Follow @zqure

Hotspot Security (video)

Dec. 26 (Bloomberg) – Anchorfree Founder & CEO David Gorodyansky discusses how his company’s Hotspot Shield can help you to secure your personal information online with Mark Crumpton on Bloomberg Television’s “Money Moves.” (Source: Bloomberg)

more news below

Follow @zqure

Holes in DHS cybersecurity

Think ANY government is secure? Think again. . . .

IG finds holes in DHS’s cybersecurity - Tony Romm - POLITICO.com: "The Department of Homeland Security is leading the charge to bolster the country’s porous digital defenses, but it’s also struggled this year to safeguard its own systems against hackers and spies, according to its top watchdog. A report Monday from the DHS inspector general reiterated that the agency for months failed to patch its systems regularly against known cybersecurity threats or scan its networks consistently, in real time, to keep out digital malefactors...."

more news below

Follow @zqure