Cybersecurity

SPOTLIGHT ON SECURITY

Is the FTC Jumping the Gun on IoT Security?

The security community has been waving a red flag about how the Internet of Things could become a cybercriminal's paradise. Last week, those admonitions were given some credence when the Federal Trade Commission recommended that the makers of IoT gadgets adopt some "best practices" to protect consum...

Google has decided not to fix vulnerabilities in WebView for Android 4.3 and older, sparking heated discussions among developers. Those versions of WebView run on the WebKit browser. Fixing them "required changes to significant portions of the code and was no longer practical to do so safely," expla...

Canada's spy agency, the Communications Security Establishment, has been eavesdropping on 102 free file upload sites, including Sendspace, Rapidshare and Megaupload, which has been shut down. A CSE program called "Levitation" lets analysts access information on 10-15 million uploads and downloads of...

SPOTLIGHT ON SECURITY

POS Terminals Rich Vein for Gold-Digging Hackers

Hackers are like gold miners. Once they find a rich vein for their malware, they mine it until it's dry. Point-of-sale terminals are such a vein. Following the success of the Target breach in 2013, the hacker underground was quick to rush more POS malware to market. "Attackers have recognized that t...

SPOTLIGHT ON SECURITY

Businesses Waste Big Bucks Fighting Phantom Cyberattacks

Businesses spend an average of $1.27 million a year chasing cyberthreats that turn out to be dead ends. That is one of the findings in a report released last week on the cost of containing malware. In a typical week, an organization can receive nearly 17,000 malware alerts, although only 19 percent ...

Google's recent publication of Windows' vulnerabilities -- two within a week -- predictably raised Microsoft's ire. "Risk is significantly increased by publically announcing information that a cybercriminal could use to orchestrate an attack and assumes those that would take action are made aware of...

UK Prime Minister David Cameron, who is standing for re-election, has vowed to ban personal encrypted communications apps such as WhatsApp if he is voted in. He also will allow UK government security agencies to monitor communications, with warrants signed by the Home Secretary. "The first duty of a...

SPOTLIGHT ON SECURITY

Sony Sortie's Smoking Gun Still Missing

Recent research from security firm Cloudmark has raised doubt about the purported connection between North Korea and last November's intrusion on Sony Pictures Entertainment's computer networks. The FBI last week continued to press its case that North Korea was behind the cyberattack, pointing to an...

FBI Director James Comey has "very high confidence" that North Korea was behind last November's cyberattack on Sony, he said at a cybersecurity forum held last week at Fordham University. The attack resulted in large amounts of intellectual property, confidential communications and employee data bei...

SPOTLIGHT ON SECURITY

Fingerprint Theft Just a Shutter Click Away

Ever since smartphone makers started incorporating fingerprint scanners as a means of unlocking mobile phones, the Chaos Computer Club has attacked the technology with vigor. Not long after Apple added Touch ID to its iPhones, the German hackers demonstrated how to lift prints from a surface and cre...

Microsoft got a fiery start to 2015 when Google last week publicized a kernel vulnerability in Windows 8.1 Update. Google Project Zero's James Forshaw, who discovered the flaw, ranked it as a high-severity issue. Although Forshaw reported it to Microsoft last September, the company had not yet fixed...

Hacker Jan Krissler, aka "Starbug," this weekend told attendees at the 31st Chaos Computer Club convention in Hamburg, Germany, that he had replicated the fingerprints of German Defense Minister Ursula von der Leven using a standard photo camera and commercially available software from VeriFinger. K...

SPOTLIGHT ON SECURITY

Misfortune Cookie Crumbles Millions of Security Systems

Check Point Software Technologies recently revealed a flaw in millions of routers that allows the devices to be controlled by hackers. The company detected 12 million Internet-connected devices that have the flaw. The vulnerability, which Check Point dubbed "Misfortune Cookie," can be found in the c...

OPINION

The Big Tech Stories of 2015

Last week, we looked back at the largely untold, or under told, stories of 2014. This week, let's look ahead to some of the stories that are coming in 2015. We'll have robots, self-driving cars, armed autonomous drones, the professional proliferation of head mounted cameras, some scandals, and some ...

Vulnerabilities in Signaling System 7, telephony signaling protocols used by carriers worldwide, allow third parties to listen to people's cellphone calls and intercept text messages despite encryption, The Washington Post reported last week. German cybersecurity researchers Tobias Engel of Sternrau...

Technewsworld Channels