• Survey: Americans Spent $1.4B on Credit Freeze Fees in Wake of Equifax Breach
    Almost 20 percent of Americans froze their credit file with one or more of the big three credit bureaus in the wake of last year’s data breach at Equifax, costing consumers an estimated $1.4 billion, according to a new study. The findings come as lawmakers in Congress are debating legislation that would make credit freezes free in every state. The figures, commissioned by small business loan provider Fundera and conducted by Wakefield Research, surveyed some 1,000 adults in the U.S. Respondents were asked to self-report how much they spent on the freezes; 32 percent said the freezes cost them $10 or less, but 38 percent said the total cost was $30 or more. The average cost to consumers who froze their credit after the Equifax breach was $23. A credit freeze blocks potential creditors from being able to view or “pull” your credit file, making it far more difficult for identity thieves to apply... Read more »
  • 15-Year-old Finds Flaw in Ledger Crypto Wallet
    A 15-year-old security researcher has discovered a serious flaw in cryptocurrency hardware wallets made by Ledger, a French company whose popular products are designed to physically safeguard public and private keys used to receive or spend the user’s cryptocurrencies. Ledger’s Nano-S cryptocurrency hardware wallet. Source: Amazon. Hardware wallets like those sold by Ledger are designed to protect the user’s private keys from malicious software that might try to harvest those credentials from the user’s computer.  The devices enable transactions via a connection to a USB port on the user’s computer, but they don’t reveal the private key to the PC. Yet Saleem Rashid, a 15-year-old security researcher from the United Kingdom, discovered a way to acquire the private keys from Ledger devices. Rashid’s method requires an attacker to have physical access to the device, and normally such hacks would be unremarkable because they fall under the #1 rule of security — namely, if... Read more »
  • Adrian Lamo, ‘Homeless Hacker’ Who Turned in Chelsea Manning, Dead at 37
    Adrian Lamo, the hacker probably best known for breaking into The New York Times‘s network and for reporting Chelsea Manning‘s theft of classified documents to the FBI, was found dead in a Kansas apartment on Wednesday. Lamo was widely reviled and criticized for turning in Manning, but that chapter of his life eclipsed the profile of a complex individual who taught me quite a bit about security over the years. Adrian Lamo, in 2006. Source: Wikipedia. I first met Lamo in 2001 when I was a correspondent for Newsbytes.com, a now-defunct tech publication that was owned by The Washington Post at the time. A mutual friend introduced us over AOL Instant Messenger, explaining that Lamo had worked out a simple method allowing him to waltz into the networks of some of the world’s largest media companies using nothing more than a Web browser. The panoply of alternate nicknames he used on instant messenger... Read more »
  • Who Is Afraid of More Spams and Scams?
    Security researchers who rely on data included in Web site domain name records to combat spammers and scammers will likely lose access to that information for at least six months starting at the end of May 2018, under a new proposal that seeks to bring the system in line with new European privacy laws. The result, some experts warn, will likely mean more spams and scams landing in your inbox. On May 25, the General Data Protection Regulation (GDPR) takes effect. The law, enacted by the European Parliament, requires companies to get affirmative consent for any personal information they collect on people within the European Union. Organizations that violate the GDPR could face fines of up to four percent of global annual revenues. In response, the Internet Corporation for Assigned Names and Numbers (ICANN) — the nonprofit entity that manages the global domain name system — has proposed redacting key bits of personal data from WHOIS, the system... Read more »
  • Flash, Windows Users: It’s Time to Patch
    Adobe and Microsoft each pushed critical security updates to their products today. Adobe’s got a new version of Flash Player available, and Microsoft released 14 updates covering more than 75 vulnerabilities, two of which were publicly disclosed prior to today’s patch release. The Microsoft updates affect all supported Windows operating systems, as well as all supported versions of Internet Explorer/Edge, Office, Sharepoint and Exchange Server. All of the critical vulnerabilities from Microsoft are in browsers and browser-related technologies, according to a post from security firm Qualys. “It is recommended that these be prioritized for workstation-type devices,” wrote Jimmy Graham, director of product management at Qualys. “Any system that accesses the Internet via a browser should be patched.” The Microsoft vulnerabilities that were publicly disclosed prior to today involve Microsoft Exchange Server 2010 through 2016 editions (CVE-2018-0940) and ASP.NET Core 2.0 (CVE-2018-0808), said Chris Goettl at Ivanti. Microsoft says it has no evidence that attackers have... Read more »
  • Checked Your Credit Since the Equifax Hack?
    A recent consumer survey suggests that half of all Americans still haven’t checked their credit report since the Equifax breach last year exposed the Social Security numbers, dates of birth, addresses and other personal information on nearly 150 million people. If you’re in that fifty percent, please make an effort to remedy that soon. Credit reports from the three major bureaus — Equifax, Experian and TransUnion — can be obtained online for free at annualcreditreport.com — the only Web site mandated by Congress to serve each American a free credit report every year. Annualcreditreport.com is run by a Florida-based company, but its data is supplied by the major credit bureaus, which struggled mightily to meet consumer demand for free credit reports in the immediate aftermath of the Equifax breach. Personally, I was unable to order a credit report for either me or my wife even two weeks after the Equifax breach went... Read more »
  • Look-Alike Domains and Visual Confusion
    How good are you at telling the difference between domain names you know and trust and impostor or look-alike domains? The answer may depend on how familiar you are with the nuances of internationalized domain names (IDNs), as well as which browser or Web application you’re using. For example, how does your browser interpret the following domain? I’ll give you a hint: Despite appearances, it is most certainly not the actual domain for software firm CA Technologies (formerly Computer Associates Intl Inc.), which owns the original ca.com domain name: https://www.са.com/ Go ahead and click on the link above or cut-and-paste it into a browser address bar. If you’re using Google Chrome, Apple’s Safari, or some recent version of Microsoft‘s Internet Explorer or Edge browsers, you should notice that the address converts to “xn--80a7a.com.” This is called “punycode,” and it allows browsers to render domains with non-Latin alphabets like Cyrillic and Ukrainian. Below is what... Read more »
  • What Is Your Bank’s Security Banking On?
    A large number of banks, credit unions and other financial institutions just pushed customers onto new e-banking platforms that asked them to reset their account passwords by entering a username plus some other static identifier — such as the first six digits of their Social Security number (SSN), or a mix of partial SSN, date of birth and surname. Here’s a closer look at what may be going on (spoiler: small, regional banks and credit unions have grown far too reliant on the whims of just a few major online banking platform providers). You might think it odd that any self-respecting financial institution would seek to authenticate customers via static data like partial SSN for passwords, and you’d be completely justified for thinking that, too. Nobody has any business using these static identifiers for authentication because they are for sale on most Americans quite cheaply in the cybercrime underground. The Equifax... Read more »
  • Powerful New DDoS Method Adds Extortion
    Attackers have seized on a relatively new method for executing distributed denial-of-service (DDoS) attacks of unprecedented disruptive power, using it to launch record-breaking DDoS assaults over the past week. Now evidence suggests this novel attack method is fueling digital shakedowns in which victims are asked to pay a ransom to call off crippling cyberattacks. On March 1, DDoS mitigation firm Akamai revealed that one of its clients was hit with a DDoS attack that clocked in at 1.3 Tbps, which would make it the largest publicly recorded DDoS attack ever. The type of DDoS method used in this record-breaking attack abuses a legitimate and relatively common service called “memcached” (pronounced “mem-cash-dee”) to massively amp up the power of their DDoS attacks. Installed by default on many Linux operating system versions, memcached is designed to cache data and ease the strain on heavier data stores, like disk or databases. It is typically found in... Read more »
  • Financial Cyber Threat Sharing Group Phished
    The Financial Services Information Sharing and Analysis Center (FS-ISAC), an industry forum for sharing data about critical cybersecurity threats facing the banking and finance industries, said today that a successful phishing attack on one of its employees was used to launch additional phishing attacks against FS-ISAC members. The fallout from the back-to-back phishing attacks appears to have been limited and contained, as many FS-ISAC members who received the phishing attack quickly detected and reported it as suspicious. But the incident is a good reminder to be on your guard, remember that anyone can get phished, and that most phishing attacks succeed by abusing the sense of trust already established between the sender and recipient. The confidential alert FS-ISAC sent to members about a successful phishing attack that spawned phishing emails coming from the FS-ISAC. Notice of the phishing incident came in an alert FS-ISAC shared with its members today and obtained by KrebsOnSecurity.... Read more »
  • Cybersecurity officials warn of state email breach
    Cybersecurity officials warn of state email breach ... Officials say that the email address were posted online, but that the corresponding passwords were not posted. ... Security officials say that people should never click on links provided in unsolicited emails due to the risk that it may be a scam or virus.... Read more »
  • Cyber security professionals needed to combat growing threats
    Cyber criminals are successfully penetrating even the most high-profile companies and governmental agencies. While these breaches were truly alarming, Paul Keener, academic director for the University of San Diego's master of science in cyber security degrees, warns that what most people forget is ...... Read more »
  • Northwestern launches joint cybersecurity operations center with other Big Ten schools
    Northwestern joined four other Big Ten universities Wednesday in launching a joint cybersecurity operations center, according to a news release. NU, Indiana University, Purdue University, Rutgers University and the University of Nebraska-Lincoln launched OmniSOC — a specialized, sector-based ...... Read more »
  • Meet CableLabs Cybersecurity Expert Michael Glenn
    Watch our video to learn more about CableLabs VP of Security Technologies Micheal Glenn and how he uses security to improve people's lives.... Read more »
  • Lee Co. using heightened cybersecurity to avoid foreign hacking during election
    The governor wanted to hire five cybersecurity experts but didn't get the money this year. Now the state is using federal grant money to help counties pay for the upgrades. Lee County already has them, and they say they're working. Fort Myers resident Cary Grawl said the Russian attempts to hack the ...... Read more »
  • To Better Protect Themselves, Universities Partner on Cybersecurity
    (TNS) — Indiana University has partnered with four other Big Ten institutions to help protect themselves against cyber security threats. The partnership, modeled from a similar agreement between eight of the largest U.S. banks, is the first of its kind in higher education, said Brad Wheeler, IU's vice ...... Read more »
  • Why it pays to be the early bird in adopting a cybersecurity strategy
    Cybersecurity strategy has arrived at the popular definition of insanity: do more of the same and expect a different outcome. Although information technology (IT) professionals spend more money every year to strengthen their defences, things just keep getting worse. In the technology landscape, the ...... Read more »
  • John Bardis leaves cybersecurity post at HHS
    based MedAssets, a publicly traded group purchasing and revenue-cycle management company, in 1999. It grew it into one of the largest healthcare group purchasing organizations. He oversaw the firm's diversification into other areas, like revenue-cycle services, for hospital and health system clients.... Read more »
  • Becoming a cybersecurity professional: What are the options?
    Technology security tends to be the first area most individuals think of when considering a future in cybersecurity. Technology security normally includes such tools and devices as firewalls, intrusion detection systems, network security and architecture, antivirus/antimalware tools, system hardening ...... Read more »
  • Cybersecurity partnerships: Strength in numbers
    As the public sector wrestles with improving cybersecurity, some organizations are pooling their strengths and forming partnerships to better share threat information and provide tactical cybersecurity training to IT staff. In North Carolina, the Department of Public Safety is partnering with the Department of ...... Read more »
  • 5 Universities Partner to Combat Cyber Security Threats
    Five Big Ten Academic Alliance institutions have partnered to help protect their schools against cyber security. ... and the University of Nebraska-Lincoln announced on Wednesday the launch of OmniSO, a sector-based cyber security operations center that provides cyber intelligence to its members.... Read more »
  • 5 universities partner to combat cyber security threats
    Five Big Ten Academic Alliance institutions have partnered to help protect their schools against cyber security. Indiana University, Northwestern University, Purdue University, Rutgers University and the University of Nebraska-Lincoln announced on Wednesday the launch of OmniSO, a sector-based ...... Read more »
  • City of Atlanta confirms 'ransomware cyber attack' on network servers
    ATLANTA - The Federal Bureau of Investigation and Department of Homeland Security are investigating a ransomware cyber attack to the City of Atlanta's network servers. Atlanta COO Richard Cox confirmed the attack in a news conference Thursday afternoon. He said it happened at 5:40 a.m..... Read more »
  • Sidelined HHS Deputy CISO blasts agency, claims security center 'decimated'
    The HHS Healthcare Cybersecurity Communications and Integration Center, in fact, has already been at the center of ongoing questions since Sept. 6, 2017, when HHS Deputy CISO Leo Scanlon and HCCIC Director Maggie Amato were abruptly reassigned for what they said was an investigation into ...... Read more »
  • SMEs and Cybersecurity Challenges: A Wakeup Call
    SMEs are equally vulnerable to cyber attacks as large organizations. Here are some of the cybersecurity misconceptions many small to mid-sized businesses believe and the challenges they face. The digital world shares some eerie traits with the physical world, one of which is the abundance of people ...... Read more »
  • Utilizing Holistic Cybersecurity Measures Against Evolving Threats
    March 22, 2018 - It is essential for healthcare providers to evolve their cybersecurity program to stay ahead of evolving threats, utilizing holistic cybersecurity measures that focus on prevention, detection, and response. That was the focus of a HIMSS18 education session led by University Florida Health ...... Read more »
  • Cybersecurity's Importance in Aviation Highlighted During SXSW
    This year, multiple panels highlighted topics in the aviation industry, including one titled: “SkyHacking: Nose to Tail on Aviation Cybersecurity.” The lineup for this panel featured four experts in the industry including Deborah Lee James, 23rd Secretary of the Air Force, and Alan Pellegrini, North American ...... Read more »
  • At Banner Health, the Focus Turns to Evolving Cybersecurity Threats and How to Stop Them
    As part of Healthcare Informatics' Cybersecurity Special Report in its First Quarter 2018 print issue, in one of the report's four pieces, healthcare IT security experts emphasized a few key strategies that forward-thinking organizations are deploying to improve their data security defense—namely, ...... Read more »
  • Cyber attack hits Atlanta computers | 'Everyone who has done business' with city may be at risk
    ATLANTA - In a story first reported by 11Alive, city of Atlanta computers have been cyber attacked by ransomware that has encrypted some personal and financial data. "We don't know the extent of the attack," said Atlanta Mayor Keisha Lance Bottoms in a Thursday afternoon press conference.... Read more »
  • Onapsis Showcases Latest ERP Cybersecurity Research During RSA Conference 2018
    Boston, MA, March 22, 2018 (GLOBE NEWSWIRE) -- Onapsis, the global experts in SAP and Oracle application cybersecurity and compliance, today announced that it will be attending the 2018 RSA Conference in San Francisco, California April 16 - 20. The business-critical application security experts, ...... Read more »