Security Port

Security Forums
Security Articles
Security Port Blog
Security Blogs
Security Books
Security Glossary
Security Definitions
Security Directories
Security Wikis
Security Tradeshows
Security Newsletters
Security Alerts
Buyers Guides
Security Newsgroups
Security Organizations
Submit Security Sites
Security Magazines
Security Feeds
Security News
Security Software
Security Products
Search Databases


Security Port
Contains relevant information that pertains to security related issues and solutions.

Security Port

A Security Port Blog
Cybersecurity in the Age of Digital Transformation
02/20/2017

Technologies such as big data analytics, the Internet of Things (IoT), blockchain, and mobile computing are reinventing the way companies handle everything from decision making to customer service. The automation of virtually all business processes and the increasing digital connectedness of the entire value chain create agility, but they also significantly raise cybersecurity risks and threat levels.

The key to addressing those risks and threats is building security into applications, as well as into interconnected devices, right from the start.

Google launches new security-focused page for Android developers
02/18/2017

Security has become more of an concern for Android device owners, some of which may be afraid to download apps from the Google Play Store for fear of malware or data leaks. Now, Google has quietly launched a new security-focused page on its Android Developers site that offers tips to app creators to make sure their clients are free of those kind of issues.

Symantec revokes faulty security certificates
02/16/2017

Last week, SSLMate's Andrew Ayer publicly revealed the discovery of misissued Symantec certificates, which were issued for domains including example.com and a variety of test.com certificates, such as test1.com, test2.com, and test.com.

We revoked all reported certificates which were still valid that had not previously been revoked within the 24 hour CA/B Forum guideline -- these certificates each had O=test, Medin said. Our investigation is continuing.

IRS to delay tax refunds as a security precaution
02/14/2017

Refunds for more than 40 million low-income families could be delayed by the IRS this year, as the tax agency looks to leverage the extra time to combat identity theft and fraud.

These delays will surely impact some of the families filing their taxes this week, which is the official start to this year’s tax season. For many of them, their refund check is the largest payment they’ll see all year.

This is not the first time the IRS has delayed refund

Study: 62% of security pros do not know where their sensitive data is
02/12/2017

Ask organizations today about the value of data and you’re likely to hear it measured in terms of competitive advantage, customer experience and revenue generation. As Dante Disparte and Daniel Wagner put it in a December 2016 HBR article, data is becoming a centerpiece of corporate value creation.

Today most organizations are data-driven to one degree or another. Data contributes not only to brand equity, but to what constitutes product and service delivery in globally connected and hyper-competitive markets, the pair wrote.

But the value of data security is still largely defined in terms of risk, cost, and regulatory compliance, notes Forrester Research in the executive summary of a new report commissioned by data protection software provider Varonis Systems.

Charter Spectrum Tweeted Out Some Spectacularly Awful Security Advice
02/10/2017

Charter is a major internet service provider, and the conduit between many Americans and their sweet, sweet internet. As such, one would think the company would have a basic grasp of how Wi-Fi security works—specifically, that it would know better than to tell its roughly 31,700 Twitter followers to change their Wi-Fi passwords in support of their favorite sports teams.

Unfortunately, it did just that on Monday afternoon while attempting to celebrate the teams headed to the Super Bowl. The tweet was first noticed by TechCrunch and has since been deleted, presum

IT Security: Why A Disaster Recovery Strategy Must Be Top Of Mind In Todays Environment
02/08/2017

It is no secret that data security is essential to our modern, technology-driven marketplace. With the internet of things and artificial intelligence growing commonplace, the expectations for continued innovation and constant availability are stronger than ever. I don’t know about you, but when I log into Netflix, I expect to watch movies without interruption. Yet I would be pretty upset if Netflix delivered this streaming at the cost of my privacy.

My personal demand for easy accessibility, like everyones, is in constant struggle with security, which tends to slow down user access (think of how login credentials hinder fast banking on your phone). These two immensely important values are challenging for businesses as they try to push innovation forward.

An entire empire has been built on stealing sensitive company data, holding data hostage or releasing scandalous information to the public. This has made cyber attacks the No. 1 threat for businesses, according to data from Business Continuity Institute.

Microsoft is making Windows 10 security easier
02/06/2017

It is easy to mock bad passwords and phishing scam victims, but PC security is hard to grok for the average user. That iswhy Microsoft is introducing the Windows Defender Security Center as part of the Windows 10 Creators Update coming in April. Within a central hub, you'll be able to see settings for threat protection, performance and more at a glance.

People are The Biggest Security Risk
02/03/2017

Social Engineering Is Often Overlooked

Kevin Mitnick is a criminal-turned-security-expert, kind of like a cybersecurity version of Frank Abagnale. He still hacks for a living, but these days it is in the name of legal penetration testing. His number one piece of advice to clients is to never forget that people are the weakest security link.

Protecting your cybersecurity in 2017
02/01/2017

Two weeks ago I made cybersecurity predictions for 2017, and it didn’t take long for one of my predictions to be realized.  In fact, it occurred before 2016 was even over.

Earlier this week federal indictments were brought against three Chinese nationals on charges of hacking into at least seven law firms and stealing inside information about mergers and acquisitions involving clients of the law firm.  Prosecutors say this inside information was used by the hackers to make stock trades before the public was aware of the impending mergers or takeovers and  to make illegal profits of more than four million dollars on the transactions.

This cybercrime is noteworthy not just because it represents a relatively new development in cybercrime but also because it points out that for us as individuals, our own cybersecurity is dependent on the cybersecurity of the many companies and institutions that hold personal information about us.  So, one resolution that you should make for the new year is to limit the companies and governmental agencies to which you provide personal information as much as you can.

Naive employees driving cyber security concerns
01/30/2017

Despite the perception that hackers are an organization’s biggest cyber security threat, insiders, including careless or naive employees, are now viewed as an equally important problem, according to new research conducted by Dimensional Research on behalf of Preempt.

The growing security threat from insiders report found that 49% of IT security professionals surveyed were more concerned about internal threats than external threats, with the majority (87%) most concerned about naive individuals or employees who bend the rules to get their job done. Only 13% were more concerned about malicious insiders who intend to do harm.

Malware unintentionally installed by employees ranked as the top internal security concern with 73% of respondents claiming they were worried about it, ahead of stolen or compromised credentials (66%), snatched data (65%) and abuse of admin privileges (63%).

The Real Cybersecurity Issues Behind the Overhyped Russia Hacks the Grid Story
01/27/2017

Over the past few days, we have seen a story about Russian agents hacking the U.S. power grid spread like wildfire across the internet -- only to be debunked as a wild overstatement of the facts at hand.

Yes, a single laptop belonging to Vermont utility Burlington Electric was found to have visited an IP address cited by the Department of Homeland Security and the FBI as being associated with a Russian hacking operation, dubbed Grizzly Steppe, that also hacked the U.S government during the election.

But there is no evidence that this amounted to anything other than a utility employee checking his or her Yahoo email account, as the Washington Post reported Monday in what amounts to an extensive retraction of its Friday story that started the firestorm.

2016 Breaches
01/25/2017

Presidential Election hacks

The last clamorous even of 2016 is the executive order of the President Barack Obama that ejected 35 people in retaliation for the cyber-attacks against the numerous cyber-attacks against politicians involved in the Presidential Election. Russian hackers broke into the systems of the Democratic National Committee, Democratic Congressional Campaign Committee, and Podesta Emails.

Shadow Brokers hacked the NSA-linked group Equation Group

Last summer a mysterious hacker group calling themselves the Shadow Brokers hacked into “Equation Group” arsenal. In February 2015, security researchers at Kaspersky revealed the existence of a hacker group, called Equation Group, that has been active since 2001 and that targeted practically every industry with sophisticated zero-day malware. Researchers linked the Equation Group to the NSA Agency.

YAHOO Data breach

In 2016, security experts discovered two data breaches suffered by Yahoo in 2012 and 2014. The second one occurred in fall 2013 is the biggest one regarding sheer magnitude, experts estimated it has impacted one billion accounts. Personal users’ information was compromised, including names, email addresses, phone numbers, birthdays, hashed passwords, and security questions and answers. No financial data was exposed.

Weaponizing the Internet of Things – The DYN DNS hack

In 2016, we assisted in massive DDoS attacks powered by Internet of Things devices that created serious problems.

Cyber Security
01/23/2017

Last year consumer, corporate, and political targets were hammered by ransomware extortion attempts, phishing excursions, and DDoS attacks. Driven by this slew of high-profile attacks, cybersecurity has rapidly emerged as a priority in 2017 for enterprise companies and SMBs.

To visualize emerging cybersecurity issues, TechRepublic and data firm Affinio sampled and diagrammed social media data from influential communities. TechRepublic previously used Affinio technology to better understand digital business trends, including voter priorities during the 2016 presidential campaign, how tech groups talk about Edward Snowden, and web media related to the Russian cyberattack.

Affinio extracts insights from web, mobile, and social media data. The companys algorithm grabs snapshots of naturally-forming user clumps and communities, then visualizes how each group is connected. For example, unsurprisingly, health care experts tend to communicate online with other health care experts. Affinio analysis shows that health care experts also communicate with information experts, tech news consumers, and digital marketers.

This Wi-Fi router will protect your smart fridge from hackers
01/20/2017

A new batch of routers seeks to ward off hacks that leverage your smart homes computing power for nefarious purposes.

This added protection responds to a growing security threat for households. In October, hackers used a code called Mirai to hijack home devices like DVRs and routers and create a botnet that then took down many popular websites.

Amid the outcry, security firms have seen a need and a market. Multiple devices that offer home protection from hacks are set to hit store shelves beginning in the spring.

The Download on the DNC Hack
01/18/2017

Over the past few days, several longtime readers have asked why I have not written about two stories that have consumed the news media of late: The alleged Russian hacking attacks against the U.S. Democratic National Committee (DNC) and, more recently, the discovery of malware on a laptop at a Vermont power utility that has been attributed to Russian hacker groups.

I have avoided covering these stories mainly because I do not have any original reporting to add to them, and because I generally avoid chasing the story of the day — preferring instead to focus on producing original journalism on cybercrime and computer security.

Your New IT Hard Target: Printer Security
01/16/2017

Printers being hacked is nothing new. It’s even hit the headlines a few times with one being used to store pirated files, then another being programmed to display a paperclip on every page it printed. It seemed harmless at first. But then Columbia University discovered you could actually cause a printer’s fuser to continually heat up, potentially burning up more than your maintenance budget.

The real page turner happened when it was revealed that someone outside your organization could use it as a weak point to attack your network. But that’s not all. Someone invading your printer’s memory can retrieve documents, set it so they’re sent a copy of everything you print and scan, and more.

IoT predictions: IoT security in 2017
01/13/2017

Nobody doubted that IoT security was a disaster when, well, disaster struck — the Mirai botnet took down swaths of the internet through a fairly simple, preventable attack.

But experts believe there are going to be more susceptible devices in 2017 than ever — and hackers will be on the lookout.

Sometime during 2017 we should anticipate the release of an automatically propagating IoT worm that installs a small, persistent malicious payload that not only continues to infect and propagate amongst other vulnerable IoT devices, but automatically changes all the passwords necessary to remotely manage the device itself, said Gunter Ollman, CSO at Vectra Networks.

Amazon Alexa is stepping into home security automation with ADT
01/11/2017

At the 2017 CES in Las Vegas, home security company ADT announced that it was adding support for the Amazon Echo and Echo Dot.

ADT customers will soon be able to control their home security system through the Amazon Alexa voice service. On Wednesday, at the 2017 Consumer Electronics Show (CES), ADT announced that its Pulse ecosystem will now support the Amazon Echo and Echo Dot products.

Pulse gives ADT customers remote access to their security system and offers some home automation features. With the integration of Amazon Alexa, ADT customers will now be able to arm and disarm their security system using voice commands and a secure PIN, according to a press release.

Call to Centralize Security in Germany Broaches a Postwar Taboo
01/09/2017

As Germany struggles to respond to worsening attacks inspired by Islamic terrorists, the country’s top security official on Tuesday strongly advocated consolidating greater intelligence and security powers with the federal government, a taboo since World War II.

Thomas de Maizière, Germanys interior minister and a close ally of Chancellor Angela Merkel, argued that such a step was needed to steel the country against modern threats posed by terrorism, cyberattacks and an increased number of migrants seeking to enter the country.

The federal governments of Germany’s European partners and other established democracies already hold such powers, he noted, stressing that It is time to re-examine Germany’s security setup.

5 easy steps to better online security
01/06/2017

A finger tap is the most common and necessary action we take on our computers and devices. It’s also the most dangerous.

Cybersecurity — the personal behaviors and actions you take to protect yourself in the online world from identity thefts, frauds and other crimes aimed at stealing your personal information and data — is a serious personal issue. So we all need to know how to protect ourselves. Below are five action steps to do it; most take 10 minutes or less. (The book has 13 more.)


Action step 1: Create a secret email address
Estimated completion time: Less than 10 minutes


Creating a secret email address will boost your security by reducing the number of places hackers may find the email you use for your financial accounts.

Email address: Avoid using any personal information about yourself when you create your email address — the portion that comes before the @ sign.

Action step 2: Get a password manager
Estimated completion time: Less than 30 minutes

A password manager will enhance your safety and make your online life easier by eliminating the need to clog your brain remembering weak passwords. It lets you store your passwords in an encrypted file on your computer or in the cloud,

Drones in homes: Flying cameras map security threats, warn homeowners
01/04/2017

Armies of drones could soon help protect homeowners from unwanted visitors as part of a newly-developed smart security plan being mooted at the Consumer Electronics Show (CES) in Las Vegas.

A collaborative effort using products designed by Alarm.com and Quallcom Technology Inc, the system involves drones mapping out complex activity patterns of a property and responding to unexpected events such as a home invasion.

The development essentially allows a computer and drones to understand patterns of movement within a building and update people on anomalies that could potentially be a threat.

New Scanners and Conveyors Could Make Airline Security Faster and Safer
12/05/2016

Instead of queuing up in order of arrival, travelers take an open spot alongside a conveyor belt. They then put their shoes, luggage, keys, and other items into tubs and push them onto the belt—skipping past slow pokes having trouble removing their shoes. Suspicious luggage is automatically diverted to a special area so it can be searched without having to stop the conveyor belt.

Do Not Let A Lack of Resources Compromise Your Cyber Security
12/02/2016

For a company with limited resources, employees can be tremendously valuable watch dogs if they’re given the proper tools and education. Very few of us are experts on cyber security, and employees often expect their work files and information to be automatically protected through antivirus or company filters. Providing rudimentary information about cyber safety and best practices – and arming employees with a few quick tips like the following – can help prevent avoidable security incidents.

After DDOS attack, senator seeks industry-led security standards for IoT devices
12/01/2016

U.S. Sen. Mark Warner, (D-Va.) said Thursday that he favors an industry-based approach before seeking some form of government regulation of IoT security.

IoT ought to be an area where industry collaborates and if they can set standards first, that is good, Warner said.

How security flaws work: SQL injection
11/30/2016

SQL injection attacks exist at the opposite end of the complexity spectrum from buffer overflows, the subject of our last in-depth security analysis. Rather than manipulating the low-level details of how processors call functions, SQL injection attacks are generally used against high-level languages like PHP and Java, along with the database libraries that applications in these languages use. Where buffer overflows require all sorts of knowledge about processors and assemblers, SQL injection requires nothing more than fiddling with a URL.

As with buffer overflows, SQL injection flaws have a long history and continue to be widely used in real-world attacks. But unlike buffer overflows, theres really no excuse for the continued prevalence of SQL injection attacks: the tools to robustly protect against them are widely known. The problem is, many developers just don't bother to use them.

Simple Cyber Security Tips to Protect Your Online Accounts Against Hackers
11/28/2016

At the end of the day, it all boils down to having a healthy sense of skepticism about the emails you receive, along with making and protecting strong passwords for all of your accounts, experts say.

Or, if you have the money, you could plunk down $14,000 or so for a military-grade smartphone to help thwart hackers — but a little cyber savvy will certainly cost a lot less.

Why security is really all about trust
11/25/2016

Security is not black and white. It is not a choice between full security and no security --  it is a continuum with a lot of gray in between.

Full security, even if achievable, would secure things beyond the realm of reasonable usability. But even then hackers would find a way in.

The base component of trust in the security world is, of course, good security. Customers want to be assured that a product will not open the door to random hacking, harassment, and unauthorized activity. When a piece of software or hardware gets hacked too many times, customers look elsewhere.

FBI, Homeland Security sued for records on surveillance of Black Lives Matter activits
11/23/2016

Human rights attorneys filed a lawsuit against the Federal Bureau of Investigation and Department of Homeland Security on Thursday for failing to release documents on the agencies’ surveillance of Black Lives Matter protests and activists.

The lawsuit was filed by the Center for Constitutional Rights and the Milton A. Kramer Law Clinic Center at Case Western Reserve University School of Law.

Federal surveillance of activists started when the Movement for Black Lives began during protests against the police killing of an unarmed black teenager, Michael Brown, in Ferguson, Missouri. A July 2015 Intercept report by journalist George Joseph revealed that, according to documents obtained through a Freedom of Information Act request, the Department of Homeland Security has collected information, including location data, on peaceful Black Lives Matter protests.

How tech like security cameras brought down Twitter, Amazon, and Netflix
11/21/2016

Billions of devices are connected to the internet in some way, shape, or fashion. It is simply inevitable. They need it for maintenance, updates, convenience, and functionality. Some devices connect to the internet and you probably barely even knew, if at all. Things like Security Cameras, Smart Door locks, Your TV’s DVR, and some more obvious things like Smart TV’s, and Streaming Devices.

Now the stunning part, all of those devices were used to bring down the sites you love like Twitter, Amazon, and Netflix. Yep. Things like security cameras brought Twitter to its knees. But how?

There was a massive siege on Dyn, a New Hampshire-based company that monitors and routes Internet traffic. This devastating attack proved that the devices made to keep you secure aren’t secure themselves. That would be similar to having a depressed counselor. It doesn’t make sense, does it?

But that is how the Internet of Things (IoT) is. There really is barely anything stopping someone taking control of these devices, because no one ever thought they could be used to bring down billion-dollar companies.

Dyn was hit by something called a Distributed Denial of Service attack, or a DDoS attack. What happens in one of these attacks is that a barrage of devices send fake requests to the servers for information. This prevents real requests from getting through to the server, either severely slowing down services or totally taking them offline.

Right now there is no idea who performed the attack. It could be one very determined person, a group of people, or a government even (but probably not).

Microsoft Cloud Security
11/19/2016

Microsoft Cloud App Security is a component of Microsoft Enterprise Mobility + Security E5, and enables customers to discover and secure all the cloud apps in use within their organizations. Once the apps are discovered, customers can put comprehensive controls in place for management and monitoring. Microsoft Cloud App Security helps you do three things:

Gain visibility into what cloud applications are being used in your organization today
Implement data control over those applications
Leverage ongoing behavioral analytics as a part of the threat protection model

The architecture for how Cloud App Security accomplishes this is shown in the image below. In most cases, Step 1 is already being done. Users are going about their daily work and using cloud apps. Step 2 is where cloud traffic logs are analyzed by Cloud App Security to determine which apps are in use. In Step 3, an administrator reviews the apps, and either sanctions or restricts them. Finally, Step 4 leverages the APIs of the cloud apps to implement connections, controls, and ongoing monitoring for compliance and threat analysis. This process happens as a repeating cycle.

Hacked Cameras, DVRs Powered Today’s Massive Internet Outage
11/17/2016

A massive and sustained Internet attack that has caused outages and network congestion today for a large number of Web sites was launched with the help of hacked “Internet of Things” (IoT) devices, such as CCTV video cameras and digital video recorders, new data suggests.

Earlier today cyber criminals began training their attack cannons on Dyn, an Internet infrastructure company that provides critical technology services to some of the Internet’s top destinations. The attack began creating problems for Internet users reaching an array of sites, including Twitter, Amazon, Tumblr, Reddit, Spotify and Netflix.

At first, it was unclear who or what was behind the attack on Dyn. But over the past few hours, at least one computer security firm has come out saying the attack involved Mirai, the same malware strain that was used in the record 620 Gpbs attack on my site last month. At the end September 2016, the hacker responsible for creating the Mirai malware released the source code for it, effectively letting anyone build their own attack army using Mirai.

Mirai scours the Web for IoT devices protected by little more than factory-default usernames and passwords, and then enlists the devices in attacks that hurl junk traffic at an online target until it can no longer accommodate legitimate visitors or users.

According to researchers at security firm Flashpoint, today’s attack was launched at least in part by a Mirai-based botnet.

Record Immigrant Numbers Force Homeland Security to Search for New Jail Space
11/15/2016

U.S. officials expect number of undocumented immigrants awaiting deportation to reach 45,000 in the coming months.

Homeland Security officials are quietly scrambling to find 5,000 more prison and jail beds to handle a record number of undocumented immigrants being detained in the U.S., according to officials familiar with the discussions.

Homeland Security Secretary Jeh Johnson met Tuesday with senior leaders at the Immigration and Customs Enforcement agency and the Customs and Border Protection agency—both of which are in his department—so officials could review their plans to handle thousands more people expected to cross the southwest border with Mexico in coming weeks, the officials said.

ICE is currently holding more than 40,000 people in detention centers—more than it has ever had in custody before—and has warned budget officials that it needs a quick infusion of $136 million more just to keep running detention centers until early December, according to internal Department of Homeland Security documents and officials.

3 ways Windows Server 2016 is tackling security
11/13/2016

Every version of Windows — client and server — has promised improved security. But with Windows 10 and Windows Server 2016, Microsoft is going beyond the usual incremental improvements and closing of loopholes and giving you the tools to reduce the dangers of phished credentials, over-privileged admins and untrustworthy binaries.

Geofeedia
11/11/2016

Geofeedia marketed its abilities to law enforcement agencies and has signed up more than 500 such clients, according to an email obtained by the American Civil Liberties Union. In one document posted by the organization, as part of a report released on Tuesday, the company appears to point to how officials in Baltimore, with Geofeedias help, were able to monitor and respond to the violent protests that broke out after Freddie Gray died in police custody in April 2015.

Geofeedia appears to have used programs that Facebook, Twitter and other social media companies offered that allow app makers or advertising companies to create third-party tools, like ways for publishers to see where their stories are being shared on social media.

Facebook, Twitter and Instagram say they have cut off Geofeedia’s access to their information. But civil liberties advocates criticized the companies for lax oversight and challenged them to create better mechanisms to monitor how their data is being used.

After massive cyberattack, shoddy smart device security comes back to haunt
11/09/2016

Almost everyone affected by the cyberattack had a part to play — from shipping shoddy devices to a consumer apathy towards security.

Friday morning saw the largest internet blackout in US history. Almost every corner of the web was affected in some way -- streaming services like Spotify, social sites like Twitter and Reddit, and news sites like Wired and Vox appeared offline to vast swathes of the eastern seaboard.

After suffering three separate distributed denial-of-service (DDoS) attacks, Dyn, the domain name system provider for hundreds of major websites, recovered and the web started to spring back to life.

The flooding attack was designed to overload systems and prevent people from accessing the sites they want on a scale never seen before this.

All signs point to a massive botnet utilizing the Internet of Things, powered by malware known as Mirai, which allows the botnets operator to turn a large number of internet-connected devices -- surveillance cameras, smart home devices, and even baby monitors -- against a single target.

Happy Cyber Security Awareness Month
10/23/2016

Although not an official part of the holiday season, October being National Cyber Security Awareness Month is still a good thing. If people can take an awareness of cyber security and turn it into positive actions, maybe the good guys can win the war for the Internet.

Homeland Security increases focus on cybersecurity at the polls
11/07/2016

Department of Homeland Security officials may not expect malicious hackers to sway November's election, but the agency is offering more protections to help states secure voting systems.

After this summers Democratic National Committee breach, and a recent FBI warning of digital tampering with state election boards, Homeland Security has stepped up efforts bolster cybersecurity at the polls and for state election boards.

Make Sure You are Recording People With Your Home Security Cameras Legally
11/04/2016

It has never been easier to set up your own home security system. However, if your cameras can record audio, depending on your state you run afoul of wiretapping laws if you don’t have consent from people who visit your home.

As product review site The Wirecutter points out, setting up cameras to keep an eye on your home is perfectly fine. Recording, on the other hand, can introduce some legal complications. Especially if you are recording audio in a state that requires dual consent.

Video and audio recordings have different legal guidelines and there are worlds of nuance to navigate.

Uber to use driver selfies to enhance security
11/02/2016

Uber rolled out a new feature Friday that requires some drivers to confirm their identities via a selfie photo before each shift.

Real-Time ID Check is aimed at both preventing fraudulent use of a drivers account and providing consumers with a greater degree of confidence in the ride-sharing company.

What Consumers Need to Know About the Yahoo Security Breach
10/31/2016

What was taken?

The stolen information could include names, email addresses, dates of birth, telephone numbers, password information and possibly the question-answer combinations for security questions, which are often used to reset passwords, said Yahoo in a statement.

However, Yahoo said that the passwords that were compromised were hashed, a way of encrypting data.

The stolen information did not include unprotected passwords, payment card data or bank account information, according to Yahoo.

7 Ways Cloud Alters The Security Equation
10/28/2016

By now, the pitch for cloud-based services is familiar to anyone in IT: They are cheaper, more efficient, and will free up in-house infosec professionals for more value-added tasks (yes, everyone's really going to miss reviewing log management data).

The promises of highly automated functionality and trouble-free operations may be slightly overstated, at least where cloud-based security is concerned. But most infosec professionals are already masters of due diligence, and cloud is like any other external service provider: seasoned security pros know to ask a lot of questions, perform their own testing and audits, and get customer references for the real skinny on how cloud-based security goes.

iPhone Hackers Say Apple Weakened Backup Security With iOS 10
10/26/2016

Professional iPhone hackers say that Apple AAPL -1.72% has dropped the ball on password security with its latest iPhone operating system, making the task of cracking the logins for backups stored on a Mac or PC considerably easier.

7 Days Before Obama Gives Away Internet & National Security
10/24/2016

In one week, President Obama will allow what remains of the United States control over the Internet to pass to a California non-profit organization, the Internet Corporation for Assigned Names and Numbers (ICANN).  This is a reckless and dangerous decision that has serious national security consequences that have not been fully considered.

Currently, ICANN has a contract with the Department of Commerces National Telecommunications and Information Administration (NTIA) to manage the naming and numbering functions associated with the Internet. The most important of these is the assignment of Internet Protocol Addresses (IP Addresses) to domain names.

Cyber Security Controls That Actually Make You More Efficient
10/22/2016

1.        Install Firewalls on your computer systems

You must install firewalls and routers on your systems. This will prevent your system from external attacks. Firewalls are programmed to trigger off alarms whenever there is a potential breach of a computer system.

2.        Don’t Just Install Antivirus Software programs on your Systems; Scan them Regularly

The installation of antivirus software programs is one of the effective methods that will guarantee the security of your computer systems. Contrary to the general belief, antivirus programs are not designed exclusively for the prevention of virus attacks. They are also effective means of preventing attacks by Trojans, Keyloggers, and some other harmful programs.

3.        Use Anti-spy Software programs

There are some computer software programs that perform the functions of human spies. These programs steal information from computer systems without the consciousness and consent of the users. The pieces of information that they steal are used by others to harm the organizations or individuals that are using these systems.

4.        Use complex passwords on your systems

Homeland Security Secretary Warns of New Terror Environment Post 9/11
10/20/2016

Fifteen years after the 9-11 attacks, U.S. Secretary of Homeland Security Jeh Johnson said the U.S. is in a new environment, with the nations greatest risk from lone-wolf attacks and self-radicalized terrorists.

Johnson said on ABCs This Week that there is no credible evidence of an imminent terrorist threat to the United States -- but there are still risks.

Cyber Security Unicorn
10/18/2016

The first cybersecurity unicorn kernel popped in late 2013 with the announcement of CloudFlares $50 million Series C investment. Today, 10 privately held companies hold membership in the ultra-exclusive cybersecurity unicorn club.

With the addition of each new member, eyebrows are raised and questions are asked. What underlying data supports such valuations? Would there ever be sufficient revenue in the cybersecurity market to sustain unicorn valuations? Are cybersecurity unicorns outliers or are we at the start of a sustainable trend?

Google fixes two serious Android security flaws
10/16/2016

Google's mobile security team has definitely been busy cleaning house this week. The company has released an Android update that closes two security holes that could pose a major threat if intruders found a way to exploit them. The first was only designed for research purposes and would only have been malicious if modified, Google tells Ars Technica, but it wouldn't have been hard to detect or weaponize.

Government Surveillance
10/14/2016

Ninety-one percent of ISPs in the UK are concerned that government surveillance efforts will compromise or weaken the security of their networks.

While most internet and managed service providers see cyber-attacks on a weekly basis, the most common concern among the companies is that government surveillance will weaken network security and make providers a target of attackers, according to a report released by the UK Internet Services Providers Association (ISPA).

The report, released Sept. 6, found that 54 percent of respondents were attacked at least every week. Currently, denial-of-service attacks and SQL injection attacks are the main types of cyber-threats Internet and managed service providers face, with 91 percent of respondents suffering a denial-of-service attack, 64 percent an SQL injection attack and 36 percent a phishing attack, the study found.

Security of Self Driving Cars
10/12/2016

The U.S. Justice Department has formed a threat analysis team to study potential national security challenges posed by self-driving cars, medical devices and other Internet-connected tools, a senior official said.





Current Blog

2017
January Archive

2016 Security Blog Archive
November /December Archive
October Archive
September Archive
August Archive
July Archive
June Archive
May Archive
April Archive
March Archive
February Archive
January Archive

2015 Security Blog Archive
November / December Archive
October Archive
September Archive
August Archive
July Archive
June Archive
May Archive
April Archive
March Archive
February Archive
January Archive

2014 Security Blog Archive
November / December Archive
October Archive
September Archive
August Archive
July Archive
June Archive
May Archive
April Archive
March Archive
Jan & February Archive

2013 Security Blog Archive
December Archive
November Archive
October Archive
September Archive
August Archive
July Archive
June Archive
May Archive
April Archive
March Archive
February Archive
January Archive

2012 Security Blog Archive
December Archive
November Archive
October Archive
September Archive
August Archive
July Archive
June Archive
May Archive
April Archive
March Archive
February Archive
January Archive

2011 Security Blog Archive

December Archive
November Archive
October Archive
September Archive
August Archive
July Archive
June Archive
May Archive
April Archive
March Archive
February Archive
January Archive

2010 Securty Blog Archive
December Archive
November Archive
October Archive
September Archive
August Archive
July Archive
June Archive
May Archive
April Archive
March Archive
February Archive
January Archive

2009 Securty Blog Archive
December Archive
November Archive
October Archive
September Archive
August Archive
July Archive
June Archive
May Archive
April Archive
March Archive
February Archive
January Archive

2008 Security Blog Archive
December Archive
November Archive
October Archive
September Archive
July-August Archive
May-June Archive
April Archive
March Archive
February Archive
January Archive

2007 Security Blog Archive
December Archive
November Archive
October Archive
September Archive
August Archive
July Archive
June Archive
May Archive
April Archive
March Archive
February Archive
January Archive

2006 Security Blog Archive
December Archive
November Archive
October Archive
September Archive
August Archive
July Archive
June Archive
May Archive
April Archive
March Archive
February Archive
January Archive


Security Alerts
Locate security alerts, and security feeds via a security rss feed directory.