Feed aggregator

IDG Contributor Network: Eight steps to the GDPR countdown

Computer World Security - Thu, 05/25/2017 - 15:52

One year from today, the recently passed regulation known as “GDPR” (General Data Protection Regulation) goes into effect. While EU-specific, it can still dramatically affect how businesses that work with personal data of citizens and residents of the EU. GDPR was approved a year ago and will be going into effect in another year. It applies directly to organizations within the EU, but also applies to organizations outside the EU if they 1) offer goods and services to the EU, 2) monitor the behavior EU subjects, or 3) process or retain personal data of EU citizens and residents. And the regulation can place very serious fines and sanctions for non-compliance.

To read this article in full or to leave a comment, please click here

Categories: Latest Security News

The WannaCry scramble

Computer World Security - Thu, 05/25/2017 - 13:05

A couple of weeks ago, possibly every security manager in the world was dealing with the repercussions of WannaCry, a ransomware worm that screamed across the internet and flooded the media. IT and security departments, placed on high alert, had to scramble — whether or not any of their systems had been infected. I was no exception.

Trouble Ticket

At issue: The WannaCry ransomware outbreak was cause for concern even at companies not immediately affected.

Action plan: Make sure that every device, including remote PCs, is patched, has antivirus protection and is backed up, and remind all employees that they play a big role in keeping the company safe.

To read this article in full or to leave a comment, please click here

Categories: Latest Security News

IDG Contributor Network: The complexity of password complexity

Computer World Security - Thu, 05/25/2017 - 08:47

Deploying password quality checking on your Debian-base Linux servers can help to ensure that your users assign reasonable passwords on their accounts, but the settings themselves can be a bit misleading. For example, setting a minimum password length of 12 characters does not mean that your users' passwords will all have twelve or more characters. Let's stroll down Complexity Boulevard and see how the settings work and examine some settings worth considering.

First, if you haven't done this already, install the password quality checking library with this command:

apt-get -y install libpam-pwquality

The files that contain most of the settings we're going to look at will be:

To read this article in full or to leave a comment, please click here

Categories: Latest Security News

Appeals court gives Wikimedia thumbs up to sue NSA for 'Upstream' surveillance

Computer World Security - Wed, 05/24/2017 - 11:26

Well, well, well, the NSA may not waltz away legally unscathed after spying on Americans’ private communications due to the dogged determination of the Wikimedia Foundation, the ACLU, the Knight First Amendment Institute at Columbia University and eight other co-plaintiffs.

The 4th US Circuit Court of Appeals ruled to give Wikimedia a chance to legally challenge the NSA’s mass surveillance as being unconstitutional. The government has previously argued that the NSA’s Upstream warrantless spying is authorized under Section 702 of the Foreign Intelligence Surveillance Act. Thanks to Upstream surveillance, the NSA sucks up and searches through American’s international internet communications.

To read this article in full or to leave a comment, please click here

Categories: Latest Security News

Former NSA chief weighs in on cybersecurity, cyberespionage at ZertoCon

Computer World Security - Tue, 05/23/2017 - 17:53

BOSTON -- Retired Gen. Michael Hayden held nothing back when speaking to cybersecurity pros today at the ZertoCon business continuity conference.

It's been more than a decade since he led the National Security Agency (NSA), but that didn't stop Hayden from asserting that the Russians were involved in last year's U.S. presidential election. His view: Only two presidents doubt that the Russians were involved in the 2016 election -- Donald Trump and Vladimir Putin.

"They [the Russians] had an affect on the election, there is no question that this happened," Hayden said. "The question is if there was collaboration with the campaign."

To read this article in full or to leave a comment, please click here

Categories: Latest Security News

IDG Contributor Network: Wikileaks reveals potent Windows malware from the CIA

Computer World Security - Tue, 05/23/2017 - 17:00

A few days ago, Microsoft’s top lawyer took the NSA to task over WannaCry, saying that problem was the agency’s creation because it built and stockpiled such malware for its own use.

Now WikiLeaks has revealed more government-created malware and this one is a nasty piece of work.

Codenamed “Athena,” the spyware targets all version of Windows from Windows XP to Windows 10, and was released in August 2015. It was created in part by a private New Hampshire-based cyber security firm called Siege Technologies.

To read this article in full or to leave a comment, please click here

Categories: Latest Security News

4 ways blockchain is the new business collaboration tool

Computer World Security - Tue, 05/23/2017 - 06:01

While blockchain may have cut its teeth on the cryptocurrency Bitcoin, the distributed electronic ledger technology is quickly making inroads across a variety of industries.

That's mainly because of its innate security and its potential for improving systems  operations all while reducing costs and creating new revenue streams.

David Schatsky, a managing director at consultancy Deloitte LLP, believes blockchain's diversity speaks to its versatility in addressing business needs, but "the impact that blockchain will have on businesses in various industries is not yet fully understood."

To read this article in full or to leave a comment, please click here

Categories: Latest Security News

Connecting with work from the road? Here's how to stay safe

Computer World Security - Tue, 05/23/2017 - 06:00

Every company has workaholics who can’t leave their duties behind when heading out on vacation. They're kind of worker who, if the hotel doesn’t have Wi-Fi, will rush to the closest coffee shop or eatery to stay connected, check email and jump onto a video conference call.

Those are the kinds of insecure wireless networks that make IT security managers nervous. 

And for good reason. Public Wi-Fi networks at cafes and coffee shops are open to, and can be accessed by, anyone, according to mobile security vendor iPass. They require neither security keys and passphrases nor firewall protection. That leaves  employees vulnerable to man-in-the-middle attacks.

To read this article in full or to leave a comment, please click here

Categories: Latest Security News

5 ways to stop future global malware attacks

Computer World Security - Mon, 05/22/2017 - 17:06

The global WannaCry ransomware attack, which crippled hospitals, government organizations, companies and individuals around the world, didn’t have to happen. It was no grand technological feat perpetrated by genius hacker masterminds. Instead, it took advantage of the lazy, patchwork way organizations handle security and the seamy roles that the National Security Agency (NSA) and big tech companies play in undermining security in the internet age.

And that, in fact, is a piece of good news. Because it means that stopping the next global malware attack needn’t be impossible. Here are five steps that can do it.

To read this article in full or to leave a comment, please click here

Categories: Latest Security News

No, Windows XP didn't fuel WannaCry

Computer World Security - Mon, 05/22/2017 - 15:57

The global WannaCry attack that started 10 days ago touched just a handful of Windows XP PCs, a security expert said Monday, contradicting the narrative that the aged OS was largely responsible for the ransomware's crippling impact.

"There were no real WannaCry infections of Windows XP," said Costin Raiu, director of Kaspersky Lab's global research and analysis team, in an interview Monday. "We've seen only a handful of cases, less than a dozen, and it looks like most of them were testers [self-infecting systems]."

[ Further reading: Fighting ransomware: A fresh look at Windows Server approaches ]

Raiu's claim countered an assertion made by virtually every media report and blog post published after "WannaCry" emerged June 12. Countless news stories blamed Windows XP, which Microsoft retired three years ago, for falling victim to the attack because the vulnerability that WannaCry exploited had not been patched in the obsolete OS.

To read this article in full or to leave a comment, please click here

Categories: Latest Security News

IDG Contributor Network: Winning the war on ransomware

Computer World Security - Mon, 05/22/2017 - 14:00

Back in the ‘70s, the United States suffered a severe oil shortage.

Lines at the gas station filled city blocks. Thieves siphoned gasoline not to save money but time. In response, the federal government created a measurement, miles per gallon. Since then, MPG has become a factor in many car purchase decisions. Today, fuel efficiency has improved threefold, and we have hybrid and electric cars.

We are facing another crisis that threatens our way of life — ransomware. Cybercriminals hold hostage individual, public sector and enterprise data with remarkable ease and frequency. Although paying ransoms may solve a short-term problem, it almost guarantees that attacks will continue creating a larger threat to our digital society.

To read this article in full or to leave a comment, please click here

Categories: Latest Security News

Leak: Secret Facebook rules on what violence, self-harm and child abuse can be posted

Computer World Security - Mon, 05/22/2017 - 09:18

Facebook allows users to livestream self-harm, post videos of violent deaths and photos of non-sexual child abuse, but comments which threaten to harm President Donald Trump are to be deleted, according to Facebook’s secret rule books for monitoring what its 2 billion users can post.

The Guardian got hold of leaked copies of over 100 internal Facebook manuals and documents that tell moderators how to handle content which includes violence, sex, hate speech, terrorism, nudity, self-harm, revenge porn and more controversial content – even cannibalism.

To read this article in full or to leave a comment, please click here

Categories: Latest Security News

For enterprise protection, antivirus software is no longer enough

Computer World Security - Mon, 05/22/2017 - 06:00

Antivirus software to protect corporate systems from malware is like a flu shot. You should have it, but it won't likely protect you from every strain of the flu.

To read this article in full or to leave a comment, please click here

(Insider Story)
Categories: Latest Security News

Windows Defender does not defend Windows 7 against WannaCry

Computer World Security - Sun, 05/21/2017 - 20:37

Thanks to Kaspersky, we now know that 98% of the Windows machines infected by WannaCry/WannaCrypt were running Windows 7. Since, once it gets a foothold, the malware can infect an entire network, most of the attention was focused on LAN based attacks. My previous blog was about using the Windows firewall as a defensive measure.

But any malware can spread in multiple ways so there is always a need for anti-malware software on Windows PCs. The May 12th blog post, Customer Guidance for WannaCrypt attacks, in which Microsoft announced the release of a bug fix for Windows XP, mentioned that 

To read this article in full or to leave a comment, please click here

Categories: Latest Security News

The ransomware epidemic: How to prep for a shakedown

Computer World Security - Fri, 05/19/2017 - 16:37
'Know your enemy' – understanding what to prepare for

Image by Reuters

While ransomware isn't new, this once-simple criminal hacker tactic has morphed into a devastatingly effective weapon wielded by more advanced cyber-criminals -- as seen with the recent Wannacry outbreack. These sophisticated attackers are highly motivated by the profitable nature of their efforts. Dan Larson, technical director at CrowdStrike, looks at the current state of ransomware, why organizations should take  threats seriously and how to build a strong defense.

To read this article in full or to leave a comment, please click here

Categories: Latest Security News

The Windows firewall is the overlooked defense against WannaCry and Adylkuzz

Computer World Security - Fri, 05/19/2017 - 12:25

Despite all the attention currently focused on Windows computers being infected with WannaCry ransomware, a defensive strategy has been overlooked. This being a Defensive Computing blog, I feel the need to point it out.

The story being told everywhere else is simplistic and incomplete. Basically, the story is that Windows computers without the appropriate bug fix are getting infected over the network by WannaCry ransomware and the Adylkuzz cryptocurrency miner. 

We are accustomed to this story. Bugs in software need patches. WannaCry exploits a bug in Windows, so we need to install the patch. For a couple days, I too, ascribed to this knee-jerk theme. But there is a gap in this simplistic take on the issue. Let me explain. 

To read this article in full or to leave a comment, please click here

Categories: Latest Security News

IDG Contributor Network: Who you gonna call?: Getting ready for the next cyber disaster

Computer World Security - Fri, 05/19/2017 - 09:03

Are you ready for the next cyber disaster? You may not ever be fully ready. Given the ever-increasing number and variety of threats out there, it's hard to imagine the many ways in which you could be hit. Twenty years ago, who would have imagined 9/11 or ransomware or the sophistication of today's social engineering techniques? But even if you can't be fully prepared, you can avoid being totally unprepared.

There are many things that you can do to be more likely to recover from a major attack or limit how hard it hits you. Being more in touch, more aware, and more prepared are key. Given the proliferation and variety of the threats today, avoiding disaster is a big deal and limiting impact a worthy goal. What are those who deal these issues everyday trying to tell us and how can we put their insights to good use?

To read this article in full or to leave a comment, please click here

Categories: Latest Security News

CW@50: Vint Cerf on his 'love affair' with tech and what’s coming next

Computer World Security - Fri, 05/19/2017 - 06:00

When internet pioneer Vinton Cerf was 10, he was working on advanced math, and by the time he was 17, he was tinkering at programming at UCLA and beginning a lifelong "love affair" with computing.

Today, Cerf, known as the father of the internet, says software bugs are among the biggest dangers to enterprise IT and warns of the mounting challenges the IT community must face in what he calls the "digital dark age."

Widely recognized for his contributions to technology, Cerf, 73, was awarded the U.S. National Medal of Technology for co-founding and developing the internet. He also was the recipient of the Presidential Medal of Freedom, the A.M. Turing Award and 29 honorary degrees.

To read this article in full or to leave a comment, please click here

Categories: Latest Security News

55% off Panda Security Ransomware and Virus Protection Products for Home Users - Deal Alert

Computer World Security - Thu, 05/18/2017 - 09:49

Panda security solutions will fully protect you against the newly released malware and ransomware attacks, and Panda is offering 55% off all security products for home users using the coupon code ANTIRANSOMWARE at checkout. See Panda's Internet Security product here, or their Antivirus Pro product here, and enter the code at checkout to activate the 55% savings. This code will work for all Panda Security products for home users. 

To read this article in full or to leave a comment, please click here

Categories: Latest Security News

IDG Contributor Network: FTC to crack down on bogus ‘tech support’ lines

Computer World Security - Wed, 05/17/2017 - 14:30

In an extremely fortunate bit of timing, I visited my parents just as my father nearly fell for one of the worst scams floating around on the Internet. He had inadvertently clicked on a bogus link that popped up an equally bogus blue screen claiming his computer had been compromised and he needed to call a toll free “Microsoft” support line to get help.

Of course it wasn’t Microsoft and the pop up was fraudulent, but he didn’t know that. I practically screamed “hang up!” at him and explained why after he did.

These tech support scams have always been growing in frequency and severity, and the fact that they have an 800 number (or some derivative) not only gives them validity and makes people more willing to call, but also shows they are flying under the radar and using legitimate means against their victims.

To read this article in full or to leave a comment, please click here

Categories: Latest Security News

Pages

Subscribe to SecurityFeeds aggregator