Security Port

Security Forums
Security Articles
Security Port Blog
Security Blogs
Security Books
Security Glossary
Security Definitions
Security Directories
Security Wikis
Security Tradeshows
Security Newsletters
Security Alerts
Buyers Guides
Security Newsgroups
Security Organizations
Submit Security Sites
Security Magazines
Security Feeds
Security News
Security Software
Security Products
Search Databases


Security Port
Contains relevant information that pertains to security related issues and solutions.

Security Port

A Security Port Blog
How Blockchain Can Help Increase The Security Of Smart Grids
06/13/2018

Blockchain is the new hot technology that promises to disrupt many industries. It gains traction at a time when smart electrical grid management systems are automatically diagnosing problems and emergencies, and reconfiguring responses to them. It also comes at a time when the U.S. Department of Homeland Security announced that Russians had successfully hacked into at least one power grid in the U.S. and have been attempting to do so since 2016.

Obviously, security of smart grids is critical. And, according to Benjamin Gu, founder and chairman of Daex, blockchain technology may just hold the answer to improved security standards of interconnectivity, data exchanges and permission control. Daex is a cryptocurrency clearing solution based on distributed ledger technology that serves as a bridge connecting exchanges, and a custodian of multiple assets for users.

Cybersecurity Threats: 85 Percent of Security Professionals Predict a Major Attack
06/11/2018

Eighty-five percent of security professionals believe cybersecurity threats will lead to an attack on major critical infrastructure over the next five years, according to a recent survey. The annual Pwnie Express study, The Internet of Evil Things, polled approximately 500 security professionals about a range of cybersecurity threats, including malware and devices connected as part of the Internet of Things (IoT).

The research looked at the variety of industry sectors that might be least prepared for an attack. Health care topped the list at 51 percent — but was followed closely by the waste and wastewater sectors (47 percent) and the energy sector (43 percent).

Security professionals may be predicting major attacks on critical infrastructure because they are already dealing with so many issues in their own organizations. Malware attacks affected 59 percent of those polled, for example. Additionally, 32 percent were impacted by ransomware. More serious cybersecurity threats — specifically distributed denial of service (DDoS) attacks — struck 30 percent.

An Advanced DIY Home Security System: Stay Safe And Avoid Fees
06/08/2018

Home security systems are a bit like cars: the price is never the price. First there’s the cost of the unit, but then installation turns out to be a big expense, and service fees build up month after month. The DIY home security system has always been an attractive solution, but technologically incapable of doing a good enough job for most people’s liking.

VMware, Okta Unveil Pact to Take on Microsoft in Mobile Security
06/06/2018

VMware Inc. and Okta Inc. unveiled a partnership meant to challenge Microsoft Corp. in the market for mobile-device security systems, as corporate employees increasingly work at home or on the road.

The pact between the former competitors promises complete integration of two overlapping product offerings. Joint customers will be able to use VMwares digital workspace platform and Oktas software that enables secure logins to access business smartphones, laptops, tablets, cloud applications and network information.

The companies said that their joint offering integrates with products from Apple Inc., Alphabet Inc. and Windows devices more seamlessly than Microsoft’s mobility suite, which they said does not do as good a job connecting to other companies’ devices.

Bitcoin Could Be a Problem for U.S. Security Clearances
06/04/2018

As the Pentagon struggles to recruit a more tech-savvy workforce, it’s facing the confusion of many an old-timer: What to make of people who invest or trade in Bitcoin.

The question is whether owning Bitcoins or lesser-known cryptocurrencies such as Ripple and Ethereum is an indicator of risky personal behavior -- one that should flag extra scrutiny in security clearances -- or just another investment choice.

Data Security and GDPR: You Can Not Protect What You Don’t Know
06/01/2018

Last month, I spoke to an audience of sales and marketing professionals at the General Data Protection Regulation (GDPR) Summit in London. I thoroughly enjoyed the experience. My presentation and live demo focused on data security and how basic defense measures can help with several of the key GDPR obligations.

When GDPR was first discussed, many feared that it would force businesses to be more insular and defensive about their data. Thankfully, the reality has been very different. Instead of seeing GDPR as a threat, many businesses see it as a welcome opportunity to get their house in order and, for once, tackle the thorny question of data protection head-on.

Application and device security under the spotlight
05/30/2018

The security of internet-connected devices and associated applications has become a significant concern, prompting suggestions legislation may be required, while the UK governments recent Secure by Design review suggests several solutions, including legislative measures

Until recently, device security has been of minimal concern. However, recent events – such as hundreds of thousands of IoT devices being co-opted into a botnet and the American casino that had data leaked through a smart fish tank – have highlighted the necessity for robust device security measures for this digitally-connected...

Bank of America Patents Blockchain Security Tools
05/28/2018

Bank of America has won a patent for a way to control access to certain aspects of a permissioned blockchain network, newly published documents show.

The patent for a somewhat innocuously titled system for managing security and access to resource sub-components explains how security tokens (essentially electronic keys, distinct from blockchain-based assets that mimic physical securities) would be used to grant access to certain users to the information contained in a particular block. According to the text, the system would be automated, effectively meaning that the network itself would grant and track access.

Bank of America was awarded the patent on May 22, according to the US Patent and Trademark Office (USPTO). It represents the latest intellectual property development for the bank, which has filed many blockchain-related applications in recent years.

Uranium makes feds list of minerals critical to national security, setting off a debate in Utah and beyond
05/25/2018

The Interior Department has identified 35 nonfuel mineral commodities that are essential to national security, including uranium and several others found in Utah.

Interiors U.S. Geological Survey helped compile the list under an executive order President Donald Trump issued in December, calling for a national strategy for reducing reliance on critical minerals and promoting access to domestic supplies.

The appearance of uranium on the list, published Friday in the Federal Register, has spurred controversy among those who contend uranium does not qualify as either nonfuel or critical.

Bridging the realms between cyber and physical security
05/23/2018

The recent tragic events in Las Vegas, Lakeland, Manchester – and most recently at the YouTube campus—have put the issue of gun-related violence and the response to these incidents in the headlines. But there are other physical dangers as well. In late March, some 64 people—many of them children—perished in a fire in a Russian mall.

The prevalence of such disasters—and the possibility of dual physical and cyberattacks—has prompted some firms and investors to propose tech-based solutions for physical security. The need for such solutions is widespread. A recent survey from GrandView Research predicted that the global physical security market would grow from about $134 billion today to $290.7 billion by 2025 – an annual compound growth rate of 9.2 percent. The impetus is the perception that there are growing threats across the globe and new tech-based solutions to mitigate them.

National Guard Using Cybersecurity Skills To Protect Integrity Of Midterm Elections
05/21/2018

Cybersecurity has taken center stage in American elections. In the past, the job of an election official meant making sure there are enough ballots and keeping lines of voters moving along at polling places. The job changed after Russian-backed hackers tried to break into election-related systems in 2016. That happened in at least 21 states.

The National Guard is now being called up in some states to help make sure these 2018 elections are more secure. From West Virginia Public Broadcasting, Dave Mistich has more.

The value of 20/20 hindsight in cybersecurity
05/18/2018

US-CERT publicly disclosed widespread cyber-attacks on domestic energy and other infrastructure locations.  These attacks had been occurring since at least March 2016 and had successfully compromised a number of locations including some nuclear facilities, water, and aviation locations.

This was not a typical drive-by attack. It was a systematic, multi-staged effort that advanced up the kill chain and utilized several sophisticated targeting techniques including spear-phishing, watering-hole domains, and ultimately the targeting of industrial control systems infrastructure.

Some details of this attack became known to the targets by at least September 2017, approximately six months before the public disclosure.

Enterprise cloud adoption outstrips cybersecurity capabilities
05/16/2018

Enterprise companies are adopting SaaS at a rapid pace but are failing to budget for security solutions to protect the data they hold, research suggests.

On Tuesday, cloud security firm iboss released a white paper documenting the rising adoption rates of software as a service (SaaS) applications, which while often valuable for companies, may also pose a risk when cybersecurity is an afterthought.

Verizon Cites Ransomware as Top Cybersecurity Threat
05/14/2018

In Verizons latest Data Breach Investigations Report, ransomware was once again cited at the top security threat for businesses and consumers, and also noted that this type of malware is now targeting the critical systems of companies such as databases.

The report is based on an analysis of 53,000 incidents and over 2,200 breaches occurring in 65 countries. Of all of the types of malicious cyber attacks, ransomware was found in 39 percent of all of the malware-related cases studied, which is double the number of attacks from last years report.

4 steps to creating a winning cybersecurity strategy in 2018
05/11/2018

Most organizations are in the phase of rapidly gearing up to contain and manage cybersecurity threats. The question is how and where to begin?

In many ways the US Federal Government went through this same difficult phase in 2015 due to the OPM data breach. There are some worthwhile lessons to be learned­­. One of the key elements of the Federal response was to set cybersecurity at the forefront of a chief executive’s responsibility with clear assignment of accountability. The second element was to provide funding and investments to upgrade the cybersecurity posture.

These upgrades included concerted programs such as the Cybersecurity sprints and the Continuous Diagnostics and Mitigation (CDM) Program amongst others. For mid-sized organizations and enterprises looking to focus on cybersecurity issues in 2018, here is a proven playbook to help creating a winning strategy.

Cybersecurity tips: How companies can prevent mass data breaches
05/09/2018

As data breaches and the loss of personal information become more ubiquitous, the importance of cybersecurity inside the workplace has become increasingly imperative.

According to the 2018 Data Breach Investigation report released by Verizon, there were more than 53,000 incidents and 2,300 breaches in 2017, with almost 75% of those perpetuated by outsiders.

The issue of data privacy came into the light again after reports emerged in March that Facebook had inadvertently allowed the political consulting firm Cambridge Analytica to collect and misuse the data of more than 87 million users.

So what can companies do in order to protect themselves? Verizons global head of cybersecurity, John Loveland, suggests starting with employees and training them to be vigilant of how hackers can breach the system.

Are gamers the answer to the cybersecurity skills gap?
05/07/2018

Gamers may be the logical next step to lessening the cybersecurity skills gap, McAfee said in releasing a new report, Winning the Game.

The report is based on a survey that polled senior security managers and security professionals in public-and private-sector organizations. Nearly all (92%) of respondents said they believe that gaming affords players experience and skills critical to cybersecurity threat hunting: logic, perseverance, an understanding of how to approach adversaries and a fresh outlook compared to traditional cybersecurity hires.

In fact, three-quarters of senior managers said they would consider hiring a gamer even if that person had no specific cybersecurity training or experience.

Cybersecurity and defence for the future of Europe
05/04/2018

This is a time of change for the world and a time of opportunities for Europe. The European system of values is being challenged in its resilience by the global megatrends: globalisation, digitisation, migrations, artificial intelligence and rise of global threats.

This is the time when the European Union needs to make sure it is taking the right direction, with digitisation and security at the core. Our actions will only be decisive when we create a competitive, prosperous, resilient and secure Europe - for every European citizen.

Cybersecurity often pops up when we speak about risks and threats. However, cybersecurity - and security in general - is more than that.

Cyber expert: Future bleak, but fixes are on the way
05/02/2018

Computer science teaches the background knowledge needed to perform research, while upper-level and graduate courses provide the opportunity for research, he explained. Case encouraged the students in attendance to focus on groundbreaking research, rather than incremental improvements.

Motor industry faces growing threat of cybersecurity attacks
04/30/2018

In the summer of 2015, the motor industry was rocked by a series of high-profile car hacks that remotely unlocked car doors, turned on windscreen wipers, interfered with steering and even stopped a Jeep Cherokee in its tracks on the highway.

The industry already knew that any device with an internet connection could be hacked and that as cars became increasingly connected they could easily become a prime target for those with malicious intent. Despite this, many automakers were slow to secure their vehicles and the audacity of the Jeep hackers – who reportedly spent three years developing their technique – caught people on the hop and led to the recall of 1.4 million vehicles in the United States.

This incident, which auto analyst IHS Markit estimates cost Fiat Chrysler $45.5 million (€37 million), exposed a major vulnerability and underlined the extent to which the auto industry was trailing consumer electronics when it came to security.

Less Than Half Of Companies Detected Threats In the First Hour
04/27/2018

A new survey shows that less than half of all organizations are able to detect a major cybersecurity incident within one hour, while less than one-third said that even if they detected a major incident, they would be unable to contain it within an hour.

The data comes from LogRhythms annual benchmark survey, Cybersecurity: Perceptions & Practices, which surveyed 751 IT decision makers in the United States, United Kingdom, and Asia-Pacific regions.

Lawmakers look to boost Energys cybersecurity role
04/25/2018

To protect the energy sector and other critical infrastructure against cyber threats, lawmakers are looking to boost the Department of Energys cybersecurity role and questioned the future role of its new cybersecurity office.

Five cybersecurity trends to watch
04/23/2018

The year 2017 was plagued by cybersecurity disasters, from Verizon accidently leaking the names, phone numbers and PIN codes of as many as 14 million customers to Equifax exposing sensitive personal information of nearly half the U.S. population. The year 2018 is not shaping up to be much better with Dell reporting in January a security flaw potentially impacting almost all of its processors stretching back a decade. As cybersecurity incidents continue to make news headlines throughout the year, here are a list of trends to keep an eye out for.

Cybersecurity skills lacking in the legal sector
04/20/2018

According to a new assessment, while legal services are embracing new technologies the legal profession is lacking the necessary skills to ensure good cybersecurity practices are in place. Greater investment in resources is also required.

According to a new assessment, while legal services are embracing new technologies the legal profession is lacking the necessary skills to ensure good cybersecurity practices are in place. Greater investment in resources is also required.

The assessment comes from Lewis Slaney, writing from the website Threat Management. Slaney notes how legal practices process considerable volumes of sensitive and private information, which makes them a key target for cybercrime. He also notes that the number of attacks appears to be on the rise and that attacks are becoming more sophisticated.

Why Cybersecurity Is About More Than Prevention-Focused Products
04/18/2018

Breaches of Equifax, HBO and Uber made headlines in 2017, and 2018 will have its own share of high-profile breaches. As the threat landscape continues to evolve, cybercriminals are becoming more creative and expanding their attack vectors. The industry spends billions trying to protect against every imaginable threat, but experts tell you that, no matter how much you spend, it's never enough.  

The mistake most companies make is that they focus solely on security products, thinking: "If I have this product, then I am safe." The reality is that a security product focuses on only one attack vector (e.g., email), but you need to think about more than just email to truly be safe. But where to start? There is an endless supply of products and services available for every known vulnerability and attack vector a company could possibly have. In other words, without knowing better, a company could spend everything down to its last dime on cybersecurity.

National Cyber Security Centre warns UK Government and power companies of Russian threat
04/16/2018

UK Government departments have been issued guidance over possible Russian cyber attacks on key British infrastructure.

The National Cyber Security Centre (NCSC), a branch of intelligence agency GCHQ, has issued advice to key organisations on boosting security and improving cyber defences, according to reports.

Officials from the NCSC have warned the National Grid, major power companies, the Sellafield nuclear power plant and NHS hospitals to prepare for possible action from Vladimir Putin's government, including cyber attacks that cause a blackout or theft of data.

It comes after the Kremlin announced tit-for-tat expulsions of British diplomats in response to prime minister Theresa May's decision to kick out 23 Russian embassy staff.

Dispelling The Fantasy That Cybersecurity Is Sexy
04/13/2018

The news is awash with stories of presumed Russian hackers leaking secrets and unleashing bot armies on social media to spread misinformation, manipulate public opinion and swing the outcomes of elections in the U.S., Europe and elsewhere. The collective imagination is captivated by the conception of shadowy criminals conspiring to take down major corporations from hidden parts of the internet.

How to Improve Federal Cybersecurity Efforts
04/11/2018

Last year was another banner year for cyber hackers and bad actors. A recent report found that the number of data breaches reached 1,202 in 2017—a 50 percent increase since 2015. Breaches on both public- and private-sector networks resulted in millions of Americans having their personal and financial data compromised. The private sector was particularly hit hard with the massive Equifax data breach impacting 145.5 million people. But federal agencies also continue to face major challenges. The Transportation Security Administration and the National Security Agency both experienced serious breaches, even as the federal government has taken steps in recent years to help prevent such successful attacks. These ongoing cyber breaches suggest agencies aren’t doing all they can within the established cybersecurity frameworks and initiatives that abound across government today. The public sector can, and should, play a larger role in helping ensure massive breaches like those at Homeland Security Department, Office of Personnel Management and even Equifax don’t happen again.

Cybersecurity in the Cloud Era
04/09/2018

As CFOs assume greater responsibilities for operational risk management, it is critical to understand security, privacy, and compliance controls. Here is the practical guidance needed to minimize cybersecurity risk with cloud vendors.

Cybersecurity is top of mind for CFOs. Nearly two-thirds of CFOs in a recent study said they are now taking on responsibility for operational risk management and mitigation—and elements of cybersecurity are a big part of that.

The 2015 Cost of Data Breach Study by IBM and the Ponemon Institute found that the typical total cost of a breach was around $3.8 million, an increase from $3.5 million the year before. Putting aside damage to brand and reputations—which can be substantial—the impact on customer trust, and in turn acquisition and retention as well as market value, all add up.

You Do Care About Cybersecurity, But That Is Not the Problem
04/06/2018

As Lawfares survey indicates, adoption of voluntary cybersecurity measures is low. The survey shows that use of encryption on personal devices, anonymous browsers and password managers is less than 20 percent. But other data show that this might be a reflection of how difficult or inconvenient it is to set up and use these measures, as opposed to a lack of concern about consequences.

The Global Cyber Alliance conducted a survey in the fall of 2017. In a poll of 1,000 U.S. consumers:

Only half can determine if a website is legitimate and safe;

35 percent have stopped an online purchase because of security fears;

27 percent said the fear of online scams causes excessive worry; and

Only 16 percent fear a burglar more than a hacker stealing personal information.

The results were similar, if a bit less dire, in the Global Cyber Alliance’s survey of 611 U.K. consumers.

Cybersecurity By The Numbers: Market Estimates, Forecasts, And Surveys
04/04/2018

What is the state of the cybersecurity industry and practice today? Recent surveys and analysis provide fresh insights, from senior management and board of directors not taking cyber threats seriously enough, IoT and mobile security deficiencies, the perennial cybersecurity skills shortage, new types of attacks on consumers and businesses, and the increasing threat of a global cyber war.

These old and new cybersecurity challenges make 2018 yet another year of more of everything.

The Evidence Is in the Numbers: We Need More Cyber Security Professionals
04/02/2018

The digital revolution is here. With technology playing an increasingly significant role in everyday life, the world becomes more and more connected through, and dependent upon, computers. Mobile technology, the Internet of Things, machine learning, and the cloud, just to name a few, all mean opportunity and possibility for businesses, professionals, and society but also for criminals looking to capitalize on vulnerabilities. As we focus on innovation and advancement in technology, we must also focus just as intently on the mitigation of cyber crime, which requires an experienced and educated workforce ready to fill the thousands of open cyber security roles across the nation.

Women headed to front lines in cybersecurity
03/30/2018

The frontline of cybersecurity is a male-dominated space, but many organizations and women executives are working to change that.

Women comprise only 11 percent of the information security workforce, according to the 2017 Global Information Security Workforce Study, conducted by the Center for Cyber Safety and Education, (ISC)² and the Executive Women’s Forum. As the list of high-profile cyber attacks grows longer and companies strive harder to protect their customers’ personal information, there is a surging demand for information security professionals, a need that women can help meet.

How Secure Is Mobile Banking?
03/28/2018

Many consumers have turned to their mobile phones for basic banking tasks, such as depositing checks and transferring money between accounts. Cellphones offer people the convenience to perform these tasks whenever and wherever they please.

The general consensus is that while the risk is low when it comes to banking, security does depend to some extent on consumers—many of whom do not do what they should be doing to keep their phones safe from attack.

Modified BlackBerrys sold to drug dealers
03/26/2018

A cocaine bust in Southern California has led to the indictment of five execs at uncrackable phone seller Phantom Secure. The investigation involved a suspect who allegedly used the devices to coordinate shipments of thousands of kilos of cocaine and other drugs.

As of this morning, Phantom Secures site was still up, advertising BlackBerry and other mobile devices with encrypted email and chat that make them impervious to decryption, wiretapping or legal third-party records requests.

But while Phantom Secures site was still up, the secure-phone company has been hollowed out.

Google Highlights Android Security Boosts, Says It Is Just as Safe as iOS
03/23/2018

Androids latest software update, dubbed the 8.0 Oreo, has been updated to be safer than its predecessors, Googles annual review published Thursday shows.

8 questions to ask about your industrial control systems security
03/21/2018

What is an ICS?

An ICS is any device, instrumentation, and associated software and networks used to operate or automate industrial processes. Industrial control systems are commonly used in manufacturing, but they are also vital to critical infrastructure such as energy, communications, and transportation. Many of these systems connect to sensors and other devices over the internet—the industrial Internet of things (IIoT), which increases the potential ICS attack surface.

Here Is How You Can Stay Ahead Of Your Cyber Security ETF
03/19/2018

An ETF provides a single investment vehicle that typically invests in a broad universe of stocks mirroring an index or a thematic style. Investors most often look to ETFs as a passive investment that allows easy access to the underlying securities. Beyond the initial benchmark decision and associated rebalancing rules, the investment manager usually puts little weight on the fundamentals of a given company held in the fund.

Artificial intelligence and cybersecurity: The real deal
03/07/2018

If you want to understand what’s happening with artificial intelligence (AI) and cybersecurity, look no further than this week’s news.

On Monday, Palo Alto Networks introduced Magnifier, a behavioral analytics solution that uses structured and unstructured machine learning to model network behavior and improve threat detection. Additionally, Google’s parent company, Alphabet, announced Chronicle, a cybersecurity intelligence platform that throws massive amounts of storage, processing power, and advanced analytics at cybersecurity data to accelerate the search and discovery of needles in a rapidly growing haystack.

So, cybersecurity suppliers are innovating to bring AI-based cybersecurity products to market in a big way. OK, but is there demand for these types of advanced analytics products and services? Yes. According to ESG research, 12 percent of enterprise organizations have already deployed AI-based security analytics extensively, and 27 percent have deployed AI-based security analytics on a limited basis. These implementation trends will only gain momentum in 2018.

Cybersecurity spending priorities not keeping pace with emerging tech
02/05/2018

Cyberattacks – they never stop. Lately, SamSam ransomware attacks have steadily increased across all industries, including healthcare. Just last week two Indiana hospitals were hit, and Allscripts hosted EHR was hobbled for days. Then there are Spectre and Meltdown, chip vulnerabilities that could wreak havoc on healthcare cybersecurity, potentially affecting personally identifiable information leakage and medical device security problems.

But EHRs and computer chips are basic technologies at the point. Even more transformative emerging tech are shaping the way industries including healthcare do business, according to a new study from cybersecurity vendor Thales, which found that 94 percent of organizations have sensitive data in cloud, big data, internet of things, blockchain and/or mobile environments.

Baby boomers more cybersecurity savvy than Gen-Z, study
03/02/2018

Generation Z are the least ransomware savvy generation while baby boomers were more likely to accurately define ransomware and were the savviest when it comes to not forwarding emails from unknown senders.

A recent Webroot survey found 23.7 percent of Gen-Z were able to accurately define ransomware compared to 47.6 percent of baby boomers. Baby boomers were also the least likely to spread malware and other cyber threats as 94.2 percent said they had not forwarded emails from unknown senders within the past year.

Millennials fared in between the two with only 34.2 percent accurately defining ransomware. The study also found the selfie generation were most concerned about losing personal photos in a cyberattack were millennials as they comprise 28.9 percent of respondents afraid of a photo leak.

7 cybersecurity trends to watch out for in 2018
02/28/2018

1. AI-powered attacks
2. More sandbox-evading malware
3. Ransomware and IoT
4. Many companies will fail to comply with the GDPR
5. Emerging standards for multi-factor authentication
6. The adoption of more sophisticated security technologies
7. A rise of state-sponsored attacks

The Five Laws Of Cybersecurity
02/26/2018

Law No. 1: If There Is A Vulnerability, It Will Be Exploited

Law No. 2: Everything Is Vulnerable In Some Way

Law No. 3: Humans Trust Even When They Should Not

Law No. 4: With Innovation Comes Opportunity For Exploitation

Law No. 5: When In Doubt, See Law No. 1

Car cyber-security still sucks
02/23/2018

In 2015, infosec gurus Charlie Miller and Chris Valasek demonstrated that they could take over and turn off a jeep from afar as it was being driven, a feat that magnified interest in car hacking.

Their wireless attack was conducted on an active vehicle. But it turns out the engine doesn't have to be running. This is separate from hacks that unlock doors wirelessly – we're talking about commandeering the engine control system potentially over the air, here.

Code boffins from the University of Michigan, in the US, have demonstrated that cars with Electronic Control Units (ECUs), common in recent model vehicles, can be compromised when the engine is off.

Why Are So Few Women in Cybersecurity?
02/21/2018

Allison Anne Williams has a Ph.D. in mathematics, vast experience at the den of wizards known as the National Security Agency and entrepreneurial chops. She is accomplished and smart.

So what happened to her at a recent business meeting left her dismayed, although it is far from uncommon for women in cybersecurity.

Males hold 3 out of 4 jobs in the tech world, but it is in cybersecurity where the lack of participation of women is most acute. By one reckoning, only 14 percent of the U.S. workforce in cybersecurity is female. Those women that do break into the industry talk of glass ceilings, insensitivity in the workplace, a lack of mentors and popular culture that reinforces the image of male tech workers.

The gender imbalance has potential consequences for the nations security. The United States already suffers a shortage of cybersecurity workers, even as global hacking threats grow more acute. The labor shortage is forecast to worsen. A study last year by Frost & Sullivan, a consulting firm, found that North America will face a shortage of 265,000 cybersecurity workers by 2022.

How to stop your digital fortune from going up in smoke
02/19/2018

Hackers are targeting cryptocurrencies.
More than 3 million bitcoins have been lost — maybe forever.

In the last few weeks, hundreds of frantic people have called into McCann Investigations in Houston, Texas. Some have lost their cryptocurrencies. Others had them stolen.

Wallet Recovery Services, which helps people find their lost cryptocurrencies, warns web site visitors to expect a slow response time due to its high volume of new requests.

Intel data center sales surge, warns of potential security flaw fallout
02/16/2018

Intel stock rose 3.8 percent to $47.06, boosted by a 10 percent dividend hike and the forecast, which signaled that Intel is succeeding in containing fallout from recently disclosed security flaws that could allow hackers to steal data from computers.

Those flaws, dubbed Spectre and Meltdown, created global concern among technology users, and Intel acknowledged on Thursday, for the first time, that the fallout could hurt future results. But Intel executives consistently indicated that they did not expect that to happen.

Software fixes for the problems would be succeeded by solutions designed into Intel chips themselves later this year, Chief Executive Brian Krzanich said on a conference call.

How Secure Is Your Data When It is Stored in the Cloud?
02/14/2018

As cloud storage becomes more common, data security is an increasing concern. Companies and schools have been increasing their use of services like Google Drive for some time, and lots of individual users also store files on Dropbox, Box, Amazon Drive, Microsoft OneDrive and the like. They’re no doubt concerned about keeping their information private—and millions more users might store data online if they were more certain of its security.
Data stored in the cloud is nearly always stored in an encrypted form that would need to be cracked before an intruder could read the information.

Can homeowners prevent neighbors from installing security cameras?
02/12/2018

This is an excellent question and a very fact specific question.  In a homeowners association, lot owners are generally permitted to install security devices and cameras for security purposes.  The documents may require the association to approve the installation, but it can be accomplished.

That is very different from the relative privacy interests.  As you can imagine, if the cameras catch you walking your dog down a sidewalk in the middle of the day, that is very different from a camera pointed at your bedroom.  In the first example, you have very little expectation of privacy because you voluntarily walked out into a public space, and in the second situation, you have a very high expectation of privacy for obvious reasons.

First Jackpotting Attacks Hit U.S. ATMs
02/09/2018

ATM jackpotting — a sophisticated crime in which thieves install malicious software and/or hardware at ATMs that forces the machines to spit out huge volumes of cash on demand — has long been a threat for banks in Europe and Asia, yet these attacks somehow have eluded U.S. ATM operators. But all that changed this week after the U.S. Secret Service quietly began warning financial institutions that jackpotting attacks have now been spotted targeting cash machines here in the United States.

To carry out a jackpotting attack, thieves first must gain physical access to the cash machine. From there they can use malware or specialized electronics — often a combination of both — to control the operations of the ATM.





Current Blog

2018

February - March Archive
January Archive

2017
Nov/December Archive

October Archive

September Archive
August Archive
April Archive
March Archive

February Archive
January Archive

2016 Security Blog Archive
November /December Archive
October Archive
September Archive
August Archive
July Archive
June Archive
May Archive
April Archive
March Archive
February Archive
January Archive

2015 Security Blog Archive
November / December Archive
October Archive
September Archive
August Archive
July Archive
June Archive
May Archive
April Archive
March Archive
February Archive
January Archive

2014 Security Blog Archive
November / December Archive
October Archive
September Archive
August Archive
July Archive
June Archive
May Archive
April Archive
March Archive
Jan & February Archive

2013 Security Blog Archive
December Archive
November Archive
October Archive
September Archive
August Archive
July Archive
June Archive
May Archive
April Archive
March Archive
February Archive
January Archive

2012 Security Blog Archive
December Archive
November Archive
October Archive
September Archive
August Archive
July Archive
June Archive
May Archive
April Archive
March Archive
February Archive
January Archive

2011 Security Blog Archive

December Archive
November Archive
October Archive
September Archive
August Archive
July Archive
June Archive
May Archive
April Archive
March Archive
February Archive
January Archive

2010 Securty Blog Archive
December Archive
November Archive
October Archive
September Archive
August Archive
July Archive
June Archive
May Archive
April Archive
March Archive
February Archive
January Archive

2009 Securty Blog Archive
December Archive
November Archive
October Archive
September Archive
August Archive
July Archive
June Archive
May Archive
April Archive
March Archive
February Archive
January Archive

2008 Security Blog Archive
December Archive
November Archive
October Archive
September Archive
July-August Archive
May-June Archive
April Archive
March Archive
February Archive
January Archive

2007 Security Blog Archive
December Archive
November Archive
October Archive
September Archive
August Archive
July Archive
June Archive
May Archive
April Archive
March Archive
February Archive
January Archive

2006 Security Blog Archive
December Archive
November Archive
October Archive
September Archive
August Archive
July Archive
June Archive
May Archive
April Archive
March Archive
February Archive
January Archive


Security Alerts
Locate security alerts, and security feeds via a security rss feed directory.