Marriott Suffers New Data Breach

Hotel chain Marriott disclosed a security breach that impacted more than 5.2 million hotel guests who used the company's loyalty app.

from Cyber Security News https://ift.tt/2UvkFPU

Two New COVID-19 Related Phishing Scams

Two new phishing attacks are taking advantage of the current situation regarding the COVID-19 pandemic.

from Cyber Security News https://ift.tt/3dFMZH7

UK Government Cracks Down on Spread of False Coronavirus Information Online

Specialist units across the UK government are working to combat false and misleading narratives about coronavirus, ensuring the public has the right information to protect themselves and save lives.

from Cyber Security News https://ift.tt/39A4hBY

Zoom Removes Feature Sending Data to Facebook

Video-conferencing software Zoom has removed its “Login with Facebook” feature using the Facebook SDK for iOS as the Facebook SDK was collecting device information unnecessary for Zoom to provide its services. 

from Cyber Security News https://ift.tt/346oj6c

New Report: Uncovering the Likeness & Disparities in Today’s Digital Age between Seniors & Millennials

Seniors and millennials may be more alike than many believe - they are both connecting to a similar number of Internet of Things devices (at least 7 Wi-Fi devices) and both engaging in similar, risky online behaviors, reveals a new Generali Global Assistance and the Identity Theft Resource Center study. 

from Cyber Security News https://ift.tt/3apT2gN

Ill. Attorney General Kwame Raoul Warns Public of COVID-19 Scams

Illinois Attorney General Kwame Raoul is alerting residents to a wave of COVID-19 scams occurring as a result of the coronavirus pandemic.

from Cyber Security News https://ift.tt/2WTVZlW

Telecom Carriers Charged with Facilitating Hundreds of Millions of Fraudulent Robocalls to U.S. Consumers

The U.S. District Court for the Eastern District of New York entered orders in two separate civil actions, barring eight individuals and entities from continuing to facilitate the transmission of massive volumes of fraudulent robocalls to consumers in the United States, the Department of Justice (DOJ) announced.

from Cyber Security News https://ift.tt/3dOhw5A

FSA Federal Names Tim Prange to Head DHS Administrative Services Division

Forfeiture Support Associates, LLC d/b/a FSA Federal announced that Tim Prange has joined the company to lead its new division providing support services to the U.S. Department of Homeland Security United States Citizenship and Immigration Services.

from Cyber Security News https://ift.tt/3bGFNIZ

Cybersecurity Experts Come Together to Fight Coronavirus-Related Cyberatacks

An international group of nearly 400 volunteers with expertise in cybersecurity formed to fight cyberattacks related to the novel coronavirus.

from Cyber Security News https://ift.tt/33NYXcW

Jeffrey Brown Named Chief Information Security Officer for State of Connecticut

Jeffrey Brown has been named the new chief information security officer for the State of Connecticut, where he will be responsible for development, execution and monitoring of a world-class cybersecurity program.

from Cyber Security News https://ift.tt/3duY5yv

Nefilim Ransomware Threatens to Release Data

A new ransomware called Nefilim that shares much of the same code as Nemty has started to become active and threatens to release stolen data.

from Cyber Security News https://ift.tt/2WMqhHk

Critical Infrastructure Cyberattacks a Greater Concern than Enterprise Data Breaches

A new global report from Claroty details a number of potential contributing factors for today's CISOs to consider, including the convergence of IT and OT roles.

from Cyber Security News https://ift.tt/3amRTqa

Concerned about Nation State Cyberattacks? Here’s how to Protect Your Organization

In light of recent geopolitical events, there is heightened concern of espionage, nation state attacks and hacktivism.

from Cyber Security News https://ift.tt/2UmLS7z

Right or Wrong? The Hackers Vs. Ashley Madison

In July of 2015, hackers from the group Impact Team announced that they had hacked Ashley Madison, a website catering to married individuals seeking an illicit relationship. The hackers claimed that they were in possession of account information for over 30 million users of the site.

Impact Team told Ashley Madison that they would release all the information they took if the website did not shut down. The site’s owners refused to bow to the pressure, and the data flooded out for everyone to see.

The entire incident has sparked a heated debate. The nature of the Ashley Madison site leads some to believe that the users “had it coming,” in some respects. Since the website’s sole purpose is to encourage and facilitate extramarital affairs, one can assume that the patrons of the website had every intention of cheating on their spouses or committed partners— definitely not the ideal way of resolving relationship difficulties.

However, some people maintain the purpose of Ashley Madison does not excuse the actions of the hackers. The fact remains that the Ashley Madison users relied on security, anonymity, and protection, all of which was promised them by the site’s owners. With the incursion of the hackers, that trust was broken.

Ashley Madison is no longer a safe, trusted haven for people desiring to break their marriage vows, and the website is no doubt hemorrhaging money as a result of the breach. In fact, several users have already begun proceedings to sue Ashley Madison for failing to protect their information. The Canadian parent company of the site, Avid Life Media, has put up a reward of $500,000 Canadian, or $377,000 in American currency, to motivate those with information about the hackers to come forward.

While the Ashley Madison site is disreputable, it is not illegal. When the hackers released the data they had collected, they jeopardized the stability of thousands of families. According to reports, some users have committed suicide as a result of their indiscretions going public. Others have been victims of extortion and blackmail. Still others may never recover from the effect on their personal and work relationships.

No matter what the target, the attack on private citizens’ personal information was a crime. Imagine the results if hackers focused on another site, perhaps that of a health insurance company, a dating website, or a major online retailer? Suppose they made demands that the company could not meet and then released information, including financial data, personal health records, social security numbers, and more? The effects would be devastating to millions of people.

The motive of the attack— shutting down Ashley Madison— may have been well-intentioned. However, if the perpetrators escape completely unscathed, without any form of punishment, the entire incident encourages cyber-terrorists to act against others, confident in their own anonymity. Of course, the attack has had another effect as well— discouraging users from trusting their personal information to a website like Ashley Madison. No matter how many guarantees a company may make, the discretion of the user is always the best safeguard.

from We Hate Malware https://ift.tt/33T1lzm

NIST Cybersecurity Recommendations for Working from Home

The Information Technology Laboratory (ITL), a component of the NIST Computer Resource Center, has issued a bulletin that reiterates NIST standards for teleworking.

from Cyber Security News https://ift.tt/2UgodFM

Carnegie Mellon University Launches Cybersecurity Program

Carnegie Mellon University announced it will offer a new master’s program in cybersecurity designed to address the growing need for IT security professionals in Washington D.C.

from Cyber Security News https://ift.tt/3bnzf1y

Gartner: A 5-Phase Approach for Resilient Business Continuity Models during Coronavirus Disruptions

A five-phase strategic and systematic approach to strengthen the resilience of organizations’ current business models is key to business continuity during the coronavirus pandemic, according to Gartner, Inc. 

from Cyber Security News https://ift.tt/2Uzkkut

Data Breach Report: Cloud Storage Exposes 270,000 Users’ Private Information

Led by cybersecurity analysts Noam Rotem and Ran Locar, vpnMentor’s research team recently found a serious breach in an open Amazon S3 bucket owned by secure cloud storage provider Data Deposit Box.

from Cyber Security News https://ift.tt/2UyAPXO

Leading a Company Through Crisis: Communication, Support and Technical Considerations

As COVID-19 has prompted an unprecedented number of companies and government agencies worldwide to suddenly shift to a remote-work model, uncertainties abound. 

from Cyber Security News https://ift.tt/2wDey31

11 Types of Spoofing Attacks Every Security Professional Should Know About

The term “spoofing” might have a comic implication in some contexts, but it’s no joke when it comes to information security. In fact, this is a subject matter of a whole separate chapter in a seasoned cybercriminal’s handbook. It comprises a multitude of techniques aimed at camouflaging a malicious actor or device as somebody or something else. Out of all the nefarious scenarios that fit the mold of a spoofing attack, the following 11 types are growingly impactful for the enterprise these days.

from Cyber Security News https://ift.tt/2vQLFQA

New Security Report Shows Explosion in Evasive Malware in Q4 2019

Evasive malware grew to record high levels in 2019; over two-thirds of malware detected by WatchGuard in Q4 2019 evaded signature-based antivirus solutions, says a new report. 

from Cyber Security News https://ift.tt/2J9uah9

White House Announces New Partnership to Provide Access to Supercomputing Resources to Fight COVID-19

The White House announced the launch of the COVID-19 High Performance Computing Consortium to provide COVID-19 researchers worldwide with access to the world’s most powerful high performance computing resources that can significantly advance the pace of scientific discovery in the fight to stop the virus.

from Cyber Security News https://ift.tt/2UC40Jz

Jack Clare Named Chief Information Officer at United Natural Foods

United Natural Foods, Inc. (UNFI), a large grocery distributor in the U.S., announced that Jack Clare has been named its new Chief Information Officer. 

from Cyber Security News https://ift.tt/2QCpKUn

What is Two-Factor Authentication? The Tip of the Security Spear

How can the modern office environment improve their operational strategy to help bolster the security of data and help employees brush up on better cybersecurity strategies? One primary method that is simple and often overlooked is two-factor authentication. 

from Cyber Security News https://ift.tt/2UoEJCc

CISA Releases Guidance on Identifying Critical Infrastructure during COVID-19

The Cybersecurity and Infrastructure Security Agency (CISA) released guidance to help state and local jurisdictions and the private sector identify and manage their essential workforce while responding to COVID-19.  

from Cyber Security News https://ift.tt/3draZ0f

Unidentified Database Exposes Records of 200 Million Americans

The CyberNews research team uncovered an unsecured database owned by an unidentified party, comprising 800 gigabytes of personal user information.The database was left on a publicly accessible server and contained more than 200 million detailed user records. 

from Cyber Security News https://ift.tt/3aftgvt

UK-Based Security Company Exposes Database Containing More than 5 Billion Records

Security researcher Bob Diachenko has found an unprotected and publicly available Elasticsearch database, which appears to be managed by a UK-based security company, according to the SSL certificate and reverse DNS records. 

from Cyber Security News https://ift.tt/3dnMFg0

Dan Mugge Named Chief Technology Officer at ClosingCorp

ClosingCorp®, a provider of residential real estate closing cost data and technology for the mortgage and real estate services industries, announced that Dan Mugge has rejoined the company as chief technology officer.

from Cyber Security News https://ift.tt/2J7xqJU

Cops with High-Tech Headgear: Google Glass in Law Enforcement

When you’re watching your favorite crime drama on TV, you may wonder how much of the cool technology is real and practical. Investment in technology is an important part of every police department across the country, but some cities place a greater emphasis on having the latest tech available to their officers. Check out Google Glass, one of many real-life gadgets that makes crime-solving and criminal-catching easier.

Google Draws Inspiration from Star Trek

You’ve probably seen pictures of Google Glass, a head-mounted device that resembles a much skinnier, cooler version of Geordi La Forge’s eyewear from Star Trek. In fact, Google claims that Star Trek was its inspiration for developing wearable electronics that seamlessly integrate into the user’s life. Google Glass rests along the brow line of the user and features a curved portion with a tiny screen near the right eye. The projection system in the device overlays objects and information over the wearer’s regular field of vision.

Dubai Takes the Lead

So how does this next-gen technology help officers in the field? In Dubai, in the United Arab Emirates, police departments have implemented a trial phase in which Google Glass aids its officers in identifying traffic problems and violations. In the future, detectives in Dubai will have Google Glass’s assistance for facial recognition, making it easier for them to identify perpetrators quickly.

The high price point of the Glass, around $1,500, gives most police departments pause. Not so with the Dubai police force, who drive fast, expensive cars that go with the city’s reputation as a high-end, luxurious tourist destination.

Cops Recognize Future Potential

Officers in North America may not have the Dubai law enforcement’s budget, but they recognize the value of a more limited investment in Google Glass. With future developments on the way for Google Glass, officers on patrol could instantly compare a face before them to a facial recognition database. Once a match is found, the office could immediately have access to names, outstanding warrants, criminal records, known associates, and other key information.

Google Glass Serves as a Body Camera

Some officers in Byron, Georgia are already using Google Glass as a body camera. Unlike other body cameras, which often yield fuzzy or jumpy footage, Google Glass provides close-up video that is surprisingly smooth and vivid. In addition, the footage reveals the situation from the perspective of the officer, which is vital when the department has to review what occurred during a crisis.

Currently, Google Glass is somewhat limited in its display capabilities, showing mostly short bits of text, taking video, recording audio, or accepting voice commands. As Google adds more features to Glass, policemen can use it to keep their cities safer, assist citizens faster, and save more lives.

from We Hate Malware https://ift.tt/3deFc2N

Should Facial Recognition be Used to Identify Individuals with Coronavirus?

Facial recognition companies are seeing opportunity in their services with the Coronavirus in identifying individuals without the risk of close contact, according to OneZero. 

from Cyber Security News https://ift.tt/3bjw3El

Phil Calvin Named New Chief Technology Officer at Vineti

Vineti, Inc. announced the hiring of Phil Calvin as the company’s new Chief Technology Officer.

from Cyber Security News https://ift.tt/2U27qGi

Dan Andersson Named Chief Technology Officer at GoExpedi

GoExpedi announced that Dan Andersson, former Executive Vice President of Engineering with PICKUP, has joined the team as Chief Technology Officer.

from Cyber Security News https://ift.tt/2UhaDkc

SANS Security Awareness Releases Free 'Securely Working from Home' Deployment Kit to Aid Organizations Impacted by Coronavirus

SANS Security Awareness has created the “Securely Working from Home” Deployment Kit. This free kit provides security awareness professionals with a step-by-step guide on how to rapidly deploy a training program for their remote staff. 

from Cyber Security News https://ift.tt/3978qwY

Ravi Acharya Named Chief Technology Officer at National Vision

National Vision Holdings, Inc. announced that Ravi Acharya has joined the company as Chief Technology Officer, reporting to Chief Executive Officer Reade Fahs.

from Cyber Security News https://ift.tt/2wn5VJK

Jamie Whitcombe-Jones Named Chief Information Security Officer at Allianz UK

Allianz UK has appointed Jamie Whitcombe-Jones to the role of chief information security officer.

from Cyber Security News https://ift.tt/3dciIPL

Digital Shadows Report: Dark Web's Reaction to COVID-19

Are discussions of COVID-19 as popular on the dark web as they are on the clear web? How are cybercriminals discussing COVID-19?

from Cyber Security News https://ift.tt/3a255Rm

Data Breach Report: British Printing Press Leaks Confidential Material and More

The vpnMentor cybersecurity research team uncovered a leaking S3 Bucket with over 270k records and greater than 343GB in size on an Amazon server, belonging to Doxzoo.

from Cyber Security News https://ift.tt/3dc7vyL

5 Minutes with John Stewart

John Stewart, SVP, Chief Security and Trust Officer for Cisco, recently announced that he is leaving his role. What's next for him and his career? 

from Cyber Security News https://ift.tt/2xS5SpL

Medicine Man Technologies Names Nirup Krishnamurthy as Chief Integration and Information Officer

Medicine Man Technologies, Inc. announced Nirup Krishnamurthy has joined the Company as Chief Integration and Information Officer, reporting directly to Justin Dye, Chief Executive Officer.

from Cyber Security News https://ift.tt/3a1Fg3T

SIA Announces Denis R. Hebert Identity Management Scholarship Program

The Security Industry Association (SIA) is now accepting applications for the 2020 Denis R. Hebert Identity Management Scholarship. T

from Cyber Security News https://ift.tt/2IWKn9F

Lookout Research: Commercial Surveillanceware Operators Latest to Take Advantage of COVID-19

Lookout researchers, who were investigating potentially malicious mobile applications pertaining to COVID-19, discovered an Android application that appears to be the most recent piece of tooling in a larger mobile surveillance campaign operating out of Libya and targeting Libyan individuals.

from Cyber Security News https://ift.tt/2UjSFxy

Open Exchange Rates Data Breach Leaks Passwords and User Information

Open Exchange Rates, a public API, has sent a notification of data breach to its customers, announcing that hackers had access to their systems and data for a month.

from Cyber Security News https://ift.tt/2WzRMUr

Linda Marie Arredondo Named Chief Information Officer at Express Employment Professionals

Linda Marie Arredondo has joined Express Employment Professionals as its first-ever Chief Information Officer (CIO).

from Cyber Security News https://ift.tt/2UcYEnP

Koodo Mobile's Data Breach Notification: Customer Accounts and Data Sold on Dark Web

Koodo Mobile, a Canadian mobile flanker brand started by Telus in 2008, has announced customer data has been breached and is now being sold on various Dark Web websites. 

from Cyber Security News https://ift.tt/3db4QoK

NantHealth Appoints Deanna L. Wise to Its Board of Directors

NantHealth, Inc announced the appointment of Deanna L. Wise, Senior Vice President and Chief Information Officer for Banner Health, to NantHealth’s board of directors.

from Cyber Security News https://ift.tt/38YKPi7

Experian’s Data Breach Preparedness Study: Increased Investments in Security Aren’t Stopping Breaches

Experian® released its seventh annual corporate preparedness study, Is Your Company Ready for a Big Data Breach?, revealing that cybercriminals may still be one step ahead of companies’ security practices and investments.

from Cyber Security News https://ift.tt/2UbssB8

NIST Updates and Expands Its Flagship Catalog of Information System Safeguards

NIST is updating its Security and Privacy Controls for Information Systems and Organizations framework, a collection of hundreds of specific measures for strengthening the systems, component products and services that underlie the nation’s businesses, government and critical infrastructure. 

from Cyber Security News https://ift.tt/3b1Fzf5

Brno University Hospital in Czech Republic Suffers Cyberattack During COVID-19 Outbreak

Brno University Hospital in the Czech Republic, the nation's second largest hospital, has suffered a crippling cyberattack amid the coronavirus outbreak, causing it to suspend scheduled operations. 

from Cyber Security News https://ift.tt/3bf5fFh

Two Corporate Finance Companies Leak Half a Million Legal and Financial Documents Online

vpnMentor’s research team, led by Noam Rotem, recently uncovered a breached database leaking a massive amount of sensitive financial documents online.

from Cyber Security News https://ift.tt/3b7vwVB

Iowa Secretary of State Paul Pate Plans to Provide $1 million to Assist Counties with Cybersecurity

Iowa Secretary of State Paul Pate announced a plan to provide $1 million to Iowa counties to assist them with cybersecurity resources ahead of the 2020 elections.

from Cyber Security News https://ift.tt/38W3onc

Kevin Larkin Named Chief Information Officer at the Federal Home Loan Bank of Des Moines

Kevin Larkin has been named the new Chief Information Officer at the Federal Home Loan Bank of Des Moines, Iowa. 

from Cyber Security News https://ift.tt/2WmZxNo

Keith Carey Named Chief Information Officer at Hemlock Semiconductor Operations

Hemlock Semiconductor Operations (HSC)  has named Keith Carey as its new chief information officer.

from Cyber Security News https://ift.tt/2Wl6QVK

Sherry Lawdermilt Named Chief Information Officer at BSU and Northwest Technical College

BSU and Northwest Technical College have named Sherry Lawdermilt chief information officer.

from Cyber Security News https://ift.tt/2Ud9iuF

U.S. Health and Human Services Department Suffers Cyberattack

The U.S. Health and Human Services Department suffered a Distributed Denial of Service (DDoS) attack. 

from Cyber Security News https://ift.tt/38SfMEI

Steve Brunker Named Chief Information Officer at Hillman Companies

The Hillman Companies, Inc. announced that Steve Brunker has been named Hillman’s Chief Information Officer. 

from Cyber Security News https://ift.tt/2QinQrM

José Dieudonné Named Chief Information Officer at Muhlenberg College

Following a national search, Muhlenberg has named José Dieudonné as the College's chief information officer.

from Cyber Security News https://ift.tt/33ncojK

Mark McMath Named Enterprise Chief Information Officer at the Medical University of South Carolina

Mark McMath has been named enterprise chief information officer (CIO) for Information Solutions at the Medical University of South Carolina (MUSC).

from Cyber Security News https://ift.tt/3aY6vfx

Medical Microfish? 3D Science Takes the Next Step

The possibilities of 3D printing are expanding every day as researchers, scientists, and your next-door neighbor think of new, creative uses for the technology. While it’s nowhere near the Star Trek replicator technology, which can produce a steaming hot, nutritious meal within seconds, 3D printing definitely has incredible potential. The latest implementation? Tiny microfish that can “swim” around in your body.

Enter the Microfish

At the University of California, San Diego, researchers claim to have made a bunch of nano-sized fish. These 3D-printed techno-creatures move through liquids much as fish would— hence the name “microfish.” The team created the microfish with the ability to carry along various nanoparticles. The fish can inject these particles into organs or cells within the human body.

Propulsion and Steering

How do the scientists steer their creations? They included platinum nanoparticles inside the fish. When the fish are in a solution of hydrogen peroxide, these particles react with the liquid to move the microfish forward. To direct the fish, the researchers also put in bits of magnetic iron oxide, which allows the microfish to be directed using magnets.

Design Opportunities

The 3D printing technology allows users to create items of almost any size, as long as the printer has the right parts and settings. Right now, teams like the UC San Diego group can design microscopic units that include various nanoparticles; and in the future, as the technology develops, they will no doubt be able to engineer more complex systems that respond to various if-then scenarios.

Cleanup Crew

What’s the future goal for the microfish? The research team hopes that such miniature robots could one day deliver medicine to patients. Perhaps they could also function as cleaning entities, removing toxins from water or from a bloodstream.

In fact, the research team has already tested a cleaning scenario with the microfish. They made some microfish with polydiacetylene, a toxin neutralizing agent, in nanoparticle form. Next, they created a solution that included harmful toxins. When introduced to the solution, the fish swam as directed, collecting and neutralizing the toxic particles with surprising speed. Scientists had expected them to function at the normal speed of a chemical reaction, but the microfish could move rapidly through the liquid and therefore completed the task much faster.

Future Goals

Undoubtedly, the science and research has much farther to go before we begin injecting ourselves with microfish. However, the medical field is always looking for new, effective, less traumatic ways of improving patient health. With the 3D printing moving ahead so quickly, the days of medical microfish may be just around the corner.

from We Hate Malware https://ift.tt/2xyk9rl

Scams, Fraud and Misinformation: How Cybercriminals are Taking Advantage of Coronavirus

Concern over the Coronavirus (COVID-19) has dominated global headlines. And now cybercriminals are using all tools at hand to take advantage of this concern to spread phishing and social engineering scams and misinformation. 

from Cyber Security News https://ift.tt/39Nis7D

Billtrust Names Joe Eng as Chief Information Officer

Joe Eng has joined Billtrust as Chief Information Officer. Eng will oversee Billtrust's IT infrastructure, security and product strategy and development teams. 

from Cyber Security News https://ift.tt/2WasRGK

FIRST Releases Updated Computer Security Incident Response Team (CSIRT) Services Framework

The Forum of Incident Response and Security Teams (FIRST) has released an updated version of its Computer Security Incident Response Team (CSIRT) Services Framework.

from Cyber Security News https://ift.tt/3cTipcp

European Electricity Association Confirms Hackers Breached its Office Network

ENTSO-E, the European Network of Transmission System Operators, has announced that it found evidence of a successful cyber intrusion in its office network. 

from Cyber Security News https://ift.tt/2TLTPCP

Microsoft: New Wormable, Unpatched Bug in SMB File-Sharing System

Microsoft has published a security advisory, warning users that there is a remote code execution vulnerability in the way that the Microsoft Server Message Block 3.1.1 (SMBv3) protocol handles certain requests.

from Cyber Security News https://ift.tt/2WekvO2

Marriott International Appoints Jim Scholefield Chief Information And Digital Officer

Marriott International, Inc. announced the appointment of Jim Scholefield as Chief Information and Digital Officer (CIDO). 

from Cyber Security News https://ift.tt/2w2iz0q

Mohegan Gaming & Entertainment Appoints Mark Rosa as Senior VP and Chief Information Officer

Mark Rosa has been named Senior Vice President (SVP) and Chief Information Officer (CIO) of Mohegan Gaming & Entertainment to oversee strategic business decisions related to technology across all MGE properties.

from Cyber Security News https://ift.tt/3aMGi3v

TikTok to Launch Transparency Center for Content Moderation and Data Practices

Social media app TikTok is launching a new content moderation center to allow experts to examine and verify TikTok's practices in order to boost transparency efforts. 

from Cyber Security News https://ift.tt/2W6bGWv

Nearly 60% of Security Professionals Trust Cybersecurity Findings Verified by Humans over AI

New research revealed that while over half of organizations use artificial intelligence (AI) or machine learning in their security stack, nearly 60 percent are still more confident in cyberthreat findings verified by humans over AI.

from Cyber Security News https://ift.tt/2Q5Sy7c

75% of Healthcare Organizations Globally Have Experienced Cyberattacks

Nearly two-thirds of healthcare organizations globally have experienced a cyberattack in their lifetime, while 53 percent were attacked within the last 12 months, according to new research by Keeper Security. 

from Cyber Security News https://ift.tt/2w0DmS2

J.R. Sloan Named Chief Information Officer for State of Arizona

J.R. Sloan has been named as the permanent chief information officer (CIO) for the state of Arizona. He had been serving as interim CIO since July 2019.

from Cyber Security News https://ift.tt/3cZGaQi

Lisa Davis Named Chief Information Officer of Blue Shield of California

Blue Shield of California has appointed Lisa Davis as the nonprofit health plan's chief information officer.

from Cyber Security News https://ift.tt/2Q5RvnT

Javier Polit Joins Mondelez International as Chief Information Officer

Javier Polit has been named Chief Information Officer (CIO) at Mondelēz International.

from Cyber Security News https://ift.tt/38BjC4J

Cybersecurity at Val Verde ISD

How does the team at the Val Verde ISD protect the data of its students, faculty and staff? 

from Cyber Security News https://ift.tt/2THGw6p

Hackers Claim 1 Million Dollar Zero Day Bounty

The not so black market of exploits sold by virtual arms dealers is starting to creep from the shadows and onto front page news.  This is partly thanks to the new firm named Zerodium, a semi-startup whose main objective is finding exploits in software and harware and selling them to high profile companies, financial institutions, and governments.  The theory is simple: find hacks in software and sell them for profit.

The clients of Zerodium and others like it are often countries, institutions, and governments seeking to either protect themselves from these exploits or to use the hacks for espionage and intelligence.  Zerodium proudly flaunts the fact that they do not give up the secrets to the software companies themselves.

Recently headlines were made when Zerodium offered up a $1 Million USD bounty for a jailbreak exploit for the iPhone.  Hackers were successful in finding a hole in a browser (either Chrome or Safari, it hasn’t been publicly confirmed yet) that allows the infiltration of the phone to gather data.

It was a very public announcement for a type of business transaction that has usually been kept in the shadows.  Zerodium did not break any laws as of yet – it’s not a crime to discover holes in code nor sell them.  Neither are they responsible to give such information back to the company or individual who owns the code in question.

Although Apple’s iOS isn’t the easiest nut to crack, it’s not impossible.  The only thing you need is a lot of money.  That’s why Chaouki Bekrar, founder of Zerodium, offered up the huge bounty.  Bekrar will conceivably go on to sell this hack to an as yet unknown United States agency.

Bekrar has been publicly criticized by heavy hitters such as Google, who compare his dealings as selling bullets in a virtual war.  Given the move to virtual everything these days, Bekrar could conceivably be seen as a kind of arms dealer.  Zerodium is different in that it builds rather than buys zero day exploits such as this.

Zerodium will not immediately make the vulnerability known to Apple, although they “may” later send it to Apple’s engineers so that they can patch it.

Companies have long sponsored “hackathons,” awarding prize money to those who can dismantle a company’s software.  However Zerodium is now going rogue, engineering hacks for profit.

Although Bekrar’s earlier company Vupen only dealt with NATO members, they are still criticized for operating in a very grey area that has some ethical questions.  The exploits are merely sold, and what those exploits are used for can become unknown very quickly.

With the success of this rather ingenious marketing ploy, it’s likely that copycat corporations will pop up following Zerodium’s lead.  The world of tech is certainly beginning to look like a cyber thriller scifi novel.

 

from We Hate Malware https://ift.tt/39EtxIk

Jose Martinez Named Chief Information Officer For OneAmerica

OneAmerica® named José Martínez as senior vice president and chief information officer (CIO) for the Indianapolis-based insurance and financial services company.

from Cyber Security News https://ift.tt/39GvFiL

Tracy Barnes Named Indiana's Chief Information Officer

Tracy Barnes has been promoted to chief information officer for the state of Indiana. He has served as chief of staff for Lt. Gov. Suzanne Crouch since 2017.

from Cyber Security News https://ift.tt/39IzBzi

U.S. Senators Introduce Legislation to Ensure Network Security in Trade Negotiations

The Network Security Trade Act would ensure that the equipment and technology that are used to create the global communications and U.S. infrastructure are not compromised.

from Cyber Security News https://ift.tt/39GB2hF

U.S. Ex-Inspector General Indicted for Stealing Data on 250,000 DHS Employees

A former Acting Inspector General for the U.S. Department of Homeland Security (DHS) has been charged of alleged theft of proprietary software and confidential databases from the U.S. government.

from Cyber Security News https://ift.tt/39FAc4Y

What’s Driving Identity Access Management in 2020?

As we look ahead to the rest of 2020, securing identity access will once again be everywhere, but we are predicting that with the help of artificial intelligence and machine learning (AIML), there will be a more positive narrative to creating and managing an immutable digital identity.

from Cyber Security News https://ift.tt/2v4J6K6

2020: The Year of Mobile Sneak Attacks?

A new McAfee report reveals that hackers are using hidden mobile apps, third-party login and counterfeit gaming videos to target consumers.

from Cyber Security News https://ift.tt/332Nrdr

DoJ and DHS Announce Initiative to Combat Online Child Sexual Exploitation and Abuse

The Justice Department and Homeland Security, along with government counterparts from Australia, Canada, New Zealand, and the United Kingdom, announced the publication of Voluntary Principles to Counter Online Child Sexual Exploitation and Abuse. 

from Cyber Security News https://ift.tt/2IJOMN7

Kara Pelecky Named Chief Information Officer at STANLEY Security

Kara Pelecky has been named Chief Information Officer at STANLEY Security, where she will be responsible for the strategic vision, leadership and ongoing implementation of STANLEY Security’s information technology initiatives.

from Cyber Security News https://ift.tt/3cJ7thG

The Passwords that Hackers Try First

Finnish cybersecurity firm F-Secure released its Attack Landscape H2 2019 report and in it, included some of the first passwords that hackers use when try to hack a device.

from Cyber Security News https://ift.tt/39zJyz2

Inside the Insider Threat

The insider threat costs organizations billions of dollars every year, and is the biggest threat to the global economy, global security and critical infrastructure.

from Cyber Security News https://ift.tt/2TAarxt

Security Researcher Publishes Details About Zero-Day Vulnerability in Zoho Enterprise Product

A security researcher recently published details on Twitter about a zero-day vulnerability in a Zoho enterprise product.

from Cyber Security News https://ift.tt/38vXx7A

T-Mobile's Data Breach Exposes Customer's Data and Financial Information

Mobile telecommunication company T-Mobile US, Inc. has revealed that a data breach on its systems that compromised some of its customers’ personal information. 

from Cyber Security News https://ift.tt/2wyDJDy

Coronavirus: Global Deaths Could Reach 15 Million

New research from The Australian National University (ANU) discusses seven scenarios in how the coronavirus could affect the global economy, including the number of people who could die from the virus. 

from Cyber Security News https://ift.tt/3cEhn3O

Roland Cloutier Joins TikTok as CISO

TikTok announced that cybersecurity expert and security industry veteran Roland Cloutier will join the company as CISO.

from Cyber Security News https://ift.tt/2uWlozF

China Expands “Pre-Crime” Data Program

It sounds like something out of a science fiction book or movie: it is confirmed that the Chinese government is expanding upon its already robust surveillance database in order to automatically track people and crunch the data in order to predict who is highly likely to commit an act of terrorism.

According to a recent ARS Technica blog post, the Chinese government is basing much of its current technology upon advances that have already been made in US law enforcement surveillance.  These “predictive policing” technologies track people based on their purchases, online interactions, phone calls, movements, and more.  The government is then able to dispatch police and military power to where crime is likely to occur.

In a communist environment such as China, this power is very Orwellian.  Imagine if Tiananmen Square had never happened?  If the communist party was able to predict this event and stop it in its tracks before it ever occurred?  New technology is starting to be able to monitor an entire population for deviance from the norm.

It’s pretty scary, however China is getting a lot of ideas from the United States itself.  Although the US has a lot of laws in place respecting personal privacy, China does not have a lot of those limitations in place.

Back in 1994 predictive policing was first used in New York City where data allowed the police force to deploy officers to places where crime was statistically likely to occur.  Although crime fell 34% in three years it also opened a can of worms about the nature of the unconstitutional “stop and frisk” tendencies in which minorities where often targeted just for being in the wrong place at the wrong time.

But again, China doesn’t have many limitations on personal privacy, and its ability to use the internet to monitor citizens is much stronger.  It can use predictive policing in a much more pinpointed fashion, and even target individual citizens.

China increased spending in this arena quite a bit, and is urging cities to set up cameras and connect itself into the larger web of surveillance technology including internet and other monitoring systems.

In a strange turn of events, China recently strengthened laws and even included the ability to force tech and internet companies to provide the Chinese government with backdoors and the ability to decrypt user data.  The US as well as many international human rights groups objected to such laws, however most recently the FBI is ordering Apple to provide a backdoor into an iPhone used by a terrorist.  This lawsuit is being followed very closely by the Chinese.

It’s an interesting development in a country that already has quite a bit of unchecked power over its citizens.  However the United States isn’t that far behind when it comes to predictive policing elements.  What do you think about this new technology?  Is it a help to society or a threat to personal privacy?  Leave a comment below

from We Hate Malware https://ift.tt/2vGjCD6

Why Ethical Hacking? (The What and Why of Ethical Hacking)

When people hear the term hacking, they often think of someone infecting their computer with a virus, crashing a network and stealing money, or holding a company hostage from their daily operations with ransomware. Most people do not know that ethical hackers are people who are hired to think like a hacker or bad actor. They meticulously probe a company's systems to find any weaknesses and bring them to the attention of the business before the bad actors exploit them. Ethical hacking is an investment that companies in the modern world can't afford to do without.  

from Cyber Security News https://ift.tt/38qMnRB

Cybersecurity Response to the California Consumer Privacy Act

2020 is here and companies that fall under the California Consumer Privacy Act (CCPA) requirements need to take immediate actionable steps now. While many companies are aware that they are subject to the law, 85 percent say they have only partially implemented policies to comply or have done nothing to prepare, according to a recent poll. Non-compliant businesses will not only face hefty fees but potentially adverse impacts to their brand, a loss of customers and negative PR. What are three tips to ensure your enterprise complies with the CCPA?

from Cyber Security News https://ift.tt/3aHj92H

Access Control: Don’t Give Cybercriminals the Keys to Your Business

The use of IP-based access control solutions to manage employee comings and goings has dramatically increased in recent years. The Internet of Things (IoT) has added connectivity to an abundance of devices that better facilitate access which has users – and potential users – rightfully concerned about the security of these newer technologies.

from Cyber Security News https://ift.tt/2vJLI0h

Cruise Operator Carnival Corporation Discloses Cyber Attack

Two units of cruise operator Carnival Corp. disclosed that they were the targets of a cyber attack, which they identified in May 2019. 

from Cyber Security News https://ift.tt/2v1ErsA

New Report: A Profile into Kilos, New Search Engine for the Dark Web

Why is Kilos - a new cybercriminal engine - quickly becoming popular, and what are the threats that security researchers and operations team face with Kilos? 

from Cyber Security News https://ift.tt/2VO4puC

Steve Pugh Named Chief Security Officer at Twilio

Steve Pugh joined has joined Twilio as its chief security officer to lead the company’s global trust and security team responsible for corporate, physical and cybersecurity.

from Cyber Security News https://ift.tt/2uY9o0I

Cisco 2020 CISO Benchmark Report: 42% of Security Leaders Suffering from Cybersecurity Fatigue

Complexity continues to be cybersecurity's worst enemy, according to Cisco's sixth annual CISO Benchmark Report, which surveys the security posture of 2,800 security professionals from 13 countries around the globe

from Cyber Security News https://ift.tt/2VJH5xR

Jeff Franklin Named Chief Cybersecurity Officer for Iowa's Secretary of State’s Office

Jeff Franklin, who served as the State of Iowa’s Chief Information Security Officer for the past 10 years, has been named Iowa's Chief Cybersecurity Officer.

from Cyber Security News https://ift.tt/3cxdPQX

Susan Doniz Named Boeing's New Chief Information Officer

Boeing named Susan Doniz as the company's chief information officer and senior vice president of Information Technology & Data Analytics.

from Cyber Security News https://ift.tt/38q96NR

Security Executives on the Move

Which security executives have recently changed positions? Have you begun a new role? Email us at ritcheyd@bnpmedia.com

from Cyber Security News https://ift.tt/3asARXg

Cybercriminals Increasingly Harnessing Stolen Identity Data to Launch Global Attacks

A new report by LexisNexis® Risk Solutions, Cybercrime Report covering July 2019 through December 2019, reveals how fraud has increasingly become borderless on a global scale.

from Cyber Security News https://ift.tt/3asaNeS

Global Economic Crime Rates Remain High; Customer Fraud Continues to Rise

Fraud and economic crime rates remain at record highs, impacting companies in more ways than ever. PwC's bi-annual survey of business crime reports that fraud committed by customers tops the list of all crimes experienced (at 35%), up from 29% in 2018.

from Cyber Security News https://ift.tt/2TEL0tr

Cybercriminals are Increasingly Turning to Ransomware as a Secondary Source of Income

According to a new FireEye report, Mandiant M-Trends 2020 Report, cybercriminals are increasingly turning to ransomware as a secondary source of income.

from Cyber Security News https://ift.tt/32My6xu

Washington Privacy Act Update: Private Right of Action Added in House

On Friday, February 28, 2020 the Washington House Innovation, Technology & Economic Development Committee (ITED) voted to pass a strengthened version of the Washington Privacy Act (WPA) out of committee. On February 14, the Washington Senate voted overwhelmingly to pass the WPA. Yet, after moving to the House, the WPA encountered substantial resistance from privacy advocates. At a public hearing on February 21, 2020 privacy advocates argued against the WPA’s lack of a private right of action, facial recognition provisions and preemption of local laws, among other things.

from Cyber Security News https://ift.tt/2xby8n3

Number of Student Data Breaches, Ransomware Attacks Nearly Triple in Last Year

Public K-12 education agencies across the country experienced a total of 348 cybersecurity incidents during calendar year 2019, says a report from the  K-12 Cybersecurity Resource Center.

from Cyber Security News https://ift.tt/3cnRpSh

Surge in Attacker Access to Privileged Accounts and Services Puts Businesses at Risk

A new report reveals that there is a major security gap that is obvious, important and urgent: the ability to know if privileged accounts and services are compromised.

from Cyber Security News https://ift.tt/38kDZmP

Technical College System Announces Online Academy to Expand Cloud Computing Workforce

The Technical College System of Georgia (TCSG) has announced an innovative program designed to prepare more Georgians with the modern technology skills necessary for careers utilizing cloud technologies.

from Cyber Security News https://ift.tt/39oPCdS

Registration Open for Tenth Annual (ISC)2 Security Congress

(ISC)² has opened registration for its 10th annual Security Congress taking place at the Hyatt Regency Orlando in Orlando, FL from November 16-18.

from Cyber Security News https://ift.tt/38bttOE

Walgreens Announces its Mobile App Leaks Personal Data

Walgreens, the second-largest pharmacy store chain in the United States behind CVS Health, announced that its mobile app leaked users' personal data. 

from Cyber Security News https://ift.tt/38m3LqV

‘Vulnerable’ iOS Cut-and-Paste Data in iPhone or iPad Devices

Any cut-and-paste data temporarily stored to an iPhone or iPad’s memory can be accessed by all apps - malicious or not - installed on a device. 

from Cyber Security News https://ift.tt/2TeYRHz

Computer Scientists’ New Tool Fools Hackers into Sharing Keys for Better Cybersecurity

Instead of blocking hackers, a new cybersecurity defense approach developed by University of Texas at Dallas computer scientists actually welcomes them.

from Cyber Security News https://ift.tt/3cx1a0y

Dangers Associated With Internet Connected Devices

The buzz word being thrown around in the technology world today is Internet of Things (IoT). With the developments of the internet, it is steadily finding its way into our everyday devices such as lamps, refrigerators, vehicles and even coffeemakers.

While smart technology has definitely led to ground breaking innovations and conveniences, it also has brought new forms of risks that warrant security concerns. Herein are just some of the dangers of internet connected devices.

1. CAR HACKING.

Today many vehicles are incorporating built in automotive smart systems. Such systems are vulnerable to exploitation. Last year German security specialist Dieter Spaar indicated that certain weak point in the BMW Connected Drive Technology, could allow hackers to gain control of the vehicles by accessing function applications remotely.

A similar demonstration was done on a Jeep Cherokee that led to questions being asked of these systems’ security protocols. The demonstration showed that anyone with an internet connection could control the brakes and critical control systems. This was done through a smart phone network where corrupted data was sent to the Jeep’s navigation and entertainment system.

These two mainstream cases show a worrying possibility where vehicles with smart devices can be vulnerable to cyber-attacks. As such, the potential risk of remotely initiated accidents is higher than ever. This is not to mention that malicious hackers can also manipulate GPS navigation systems and lead unsuspecting drivers into ambushes. The real world implication of such smart automotive systems should be a security concern to drivers everywhere.

2. INTERNET CONNECTED HOME DEVICES.

A study by Kaspersky lab security expert David Jacoby revealed that nearly all smart home devices are susceptible to a cyber-attack. For instance, a hacker on the same network as your home monitoring cameras can connect to any of them and have access to their live feeds. They can also acquire your password and use it to modify the cameras’ firmware.

This kind of breach makes it easy for malicious individuals to plan a break in. Another experiment showed that it was also possible to bypass a smart phone controlled home security system by using simple software. The software prevented the alarm system from going off when a door or window was opened.

3. INDUSTRIAL CONTROL SYSTEMS ATTACKS.

Interconnected control systems of important industrial plants can also be exploited. Quite recently, a malware called Stuxnet was used to disrupt the functions of centrifuges of a nuclear power plant in Iran. If simple software could allow this, dedicated cyber criminals could carry out attacks with catastrophic results. Bold hackers are always finding weak spots on even the most secure control system networks.

Further compounding to this problem is the fact that such threats are not clearly understood. This is due to the dynamic nature of the internet where hackers are always changing their techniques and algorithms. The biggest concern by far of internet connected industrial systems is scale. A security breach on such systems would affect a large number of people.

Although internet connected devices make certain aspects of our lives easier. Their proliferation into certain areas should be carefully monitored and effective security protocols put in place. There are recommended steps that must be taken by everyone utilizing smart devices to ensure their security.

from We Hate Malware https://ift.tt/2TwODRN