Security Port

Security Forums
Security Articles
Security Port Blog
Security Blogs
Security Books
Security Glossary
Security Definitions
Security Directories
Security Wikis
Security Tradeshows
Security Newsletters
Security Alerts
Buyers Guides
Security Newsgroups
Security Organizations
Submit Security Sites
Security Magazines
Security Feeds
Security News
Security Software
Security Products
Search Databases


Security Port
Contains relevant information that pertains to security related issues and solutions.

Security Port

A Security Port Blog
Chinese iPhone Users Targeted in latest App Store Security Breach
10/30/2015

Following a major attack on the iTunes App Store last month, security researchers have warned that iPhone and iPad users in China and Taiwan are still at risk from malicious software.

According to Palo Alto Networks Unit 42 research team, a new malware family, dubbed YiSpecter, can affect both jailbroken and non-jailbroken Apple devices, meaning that all iOS users are potentially vulnerable.

Scottrade Security Breach
10/29/2015

Hot on the heels of T-Mobiles  announcement that a security breach compromised sensitive information about 15 million customers, online trading platform Scottrade has revealed hackers have exposed 4.6 million of its clients.

In a statement,  Scottrade said it became aware of the breach in August when it was informed by the FBI. It said the agency asked the company not to reveal the breach while the investigation was at a sensitive stage.

Although Social Security numbers, email addresses and other sensitive data were contained in the system accessed, Scottrade says it appears the thieves were only interested in clients contact information.

Company officials says they have discovered and secured the point in the system where they believe the hackers were able to get in. They say a leading cyber security firm has assisted with steps to further strengthen the system.

Virus helps improve device security, says Symantec
10/28/2015

A virus which appears to strengthen security of devices, rather than compromise them, has infected tens of thousands of IoT devices and home routers, according to Symantec.

The security firm said that the virus, named Linux.Wifatch, appears to be infecting devices and then automatically improving their security. Linux.Wifatch primarily has created an infected network of ARM architecture devices, such as connected devices and home routers, and is distributing threat updates and even issuing warnings to device owners to update their passwords.

Symantec said that the virus first came to light 2014, but after further analysis of samples captured by its honeypots, the company found a number of unusual behaviours.

Cyber Security No Longer a Governmental Responsibility
10/27/2015

In the last few years, cyber security has assumed tremendous significance.  The number of cyber security breaches is constantly growing with each passing day. As a result, the annual cost of cybercrime is constantly increasing. As per a recent survey, it has been estimated that the total global cost of cybercrimes is $445 billion. Hence, the protection and preservation of cyber security becomes an important priority for all stakeholders.

In the Indian context, it is perceived that cyber security is primarily a governmental responsibility. However, nothing can be farther than the truth. Cyber security as a phenomenon refers to security of computer networks and computer systems which are used for accessing the electronic ecosystem.  While it is absolutely clear that the Government is responsible for protection of cyber security of governmental networks, it also needs to be appreciated in the peculiar context of Indian conditions that a large number of computer systems constituting Critical Information Infrastructure of the country are located in private hands. Examples include telecommunication networks, insurance networks and private banking networking apart from private medical health network.  In such a scenario, therefore, it becomes imperative that the private sector also needs to appreciate its responsibility of protecting and preserving cyber security.  

Worldwide, the private sector is now increasingly being exposed to legal consequences for their failure to put in place security mechanisms to prevent hacking and other unauthorized access or cyber security breaches.  

Cyber Security Month
10/26/2015

It’s October and for the last 12 years, the month has been designated as the National Cyber Security Awareness Month. This year, the core message of Cyber Security Awareness month is the fifth anniversary of the STOP, THINK, CONNECT initiative.

STOP: Make sure adequate and appropriate security measures are in place to protect your digital assets and online activity.
THINK: Consider the consequences of your actions and behavior online. If you would not want to see it on the front page of Seacoast Sunday, you should not post it online either.
CONNECT: Connect and enjoy all that is available online. Our lives are forever interconnected electronically and we should have confidence that we are safe online.

How your Company Should Respond to a Security Crisis
10/23/2015

Ideally, security breaches are prevented rather than responded to, but no companys defences are completely impenetrable.

Therefore, it is up to businesses to ensure that they have a strategy for responding to security crises that prevents repeat attacks.


First of all, companies should identify which of their systems and data sets have been compromised. Businesses will need to be aware of any potential regulatory or legal ramifications stemming from the breach and should notify any affected individuals, such as customers, as soon as possible to limit further damage.

Businesses should then locate the source of the vulnerability that allowed the breach to occur. It could be human error, a coding flaw or a targeted theft, and each will require a different response to bolster future defences.

With these initial responses complete, businesses should conduct a thorough review of the security crisis immediately. Businesses may want to consult with legal advisors before carrying out a full assessment of company policies and procedures to see if any have been broken or if they must be amended going forward.

Cyber Security Awareness Month observed in October
10/22/2015

Gov. Scott Walker in declaring October Cyber Security Awareness Month to inform people how to keep their information safe while online.

According to statistics, nearly a quarter-million people in the U.S. each year fall victim to cyberscams, resulting in more than $800 million in losses. Wisconsin ranks 22nd in the nation for the number of internet crime complaints filed with law enforcement and officials say last year, more than $9.2 million in cyber theft occurred in the state impacting more than 3,200 Wisconsin consumers.

New Credit Cards
10/21/2015

American banking customers are getting new chip-based credit and debit cards, a step taken by the bank after many incidents of data hacking and card skimming by data stealers. During the past few months, Banks across the country have seriously taken up the task to change all the debit and credit cards to implement new security features.

U.S. banks have finally decided to ditch the magnetic strip based cards with chip that can store encrypted data. The chip-based cards are more secure and in many cases, they banks will offer PIN (personal identification number) to customers for additional safety. The implementation of chip-based cards has taken many years, mainly due to reluctance of banks and retail outlets.

DHS working on Self-destructing Security Chip for Smartphones
10/20/2015

The Department for Homeland Security (DHS) in the US has revealed that it is working with the Boeing Company to develop a so-called brain chip that would allow any smartphone to self-destruct.
In theory, this technology will provide users with additional, intelligent security, so that if their smartphone is stolen or lost, the device will intuitively implement self-protective measures.
THE DEVICE WILL INTUITIVELY IMPLEMENT SELF-PROTECTIVE MEASURES.
The chip would be able to detect unusual activity because it will have been gathering data on its users behaviour, including the way they walk and talk, Nextgov reported.

Are Your Biggest Security Threats on the Inside?
10/19/2015

Ask most computer pros to talk about IT security, and you’ll likely hear about all sorts of external threats, like malware, hackers, spyware, DOS attacks and the like. But what if the bigger – and more costly – threat comes from within?

The now infamous Ashley Madison website has had a pretty successful run at helping its clientele be disloyal. So perhaps some would view it as poetic justice if the website became one of the most scandalous breaches in history at the hands of one of its own.

IRS Improves Fraud Security
10/16/2015

The IRS has crafted a better system for picking out fraudulent tax returns but needs to improve security for that program, a federal watchdog said in a report released Tuesday.

The Department of Treasury's inspector general for tax administration found that the new system, the Return Review Program (RRP), was able to detect returns potentially linked to identity theft not found by the previous Electronic Fraud Detection System.

The inspector general found that, over 32 days worth of testing, the RRP found about 25 percent more identity theft cases, totaling around $43 million in refunds.

But the problem, according to the audit, is that the IRS classifies the new system as a resource and not a major system, which has left some security vulnerabilities. The IRS kicked off the RRP in 2009 and began evaluating its performance last year.

Security Experts: Cyber Sharing Is Not Enough
10/14/2015

The benefits of federal legislation to govern private and public sector sharing of cyber threat information are being oversold -- and the risks are being too easily dismissed.

That was the consensus of a dozen speakers and panelists at the second annual Senior Executive Cyber Security Conference in Baltimore earlier this month. And it runs counter to the view held by government leaders from President Obama on down, and some leaders in the private sector as well, who've been saying for years that without a legal framework for such sharing, there is little hope for either sector to fend off cyber attacks.

Cyber security investing grows, resilient to market turmoil
10/13/2015

Following hacks of Sony Pictures and OPM, cybersecurity firms are securing big investments.

Despite stock-market turmoil and unease in the venture-capital community, cyber security companies are raising large rounds of financing from investors, whose tremendous appetite for high-tech defenses against cyber attacks is not expected to subside even in a market correction.

In the latest example, Bit9 + Carbon Black, a company that detects and protects servers from threats, is raising a fresh round of funding, investors told Reuters and the company confirmed. One investor estimates the company will raise approximately $50 million, on top of the roughly $120 million it has already raised.

Credit Card Security Deadline
10/12/2015

EMV chip technology improves the security of processing credit card transactions, but does not remove your requirements to comply with the Payment Card Industry Data Security Standards.

The majority of those surveyed (62%) said they prefer chip-and-PIN cards over cards that just use chip and signature, and 63% said chip-and-PIN cards provide more data security than those that don't. The new chip adds a unique, one-time code that changes every time you use your card to make an in-store payment.

But the switch comes with tradeoffs, and it will not stop all credit-card fraud.

Cookie handling in browsers can break HTTPS security
10/09/2015

The lack of cookie integrity verification in browsers can allow hackers to extract information from encrypted Web connections.

Cookies, the files that websites create in browsers to remember logged-in users and track other information about them, could be abused by attackers to extract sensitive information from encrypted HTTPS connections.

The issue stems from the fact that the HTTP State Management standard, or RFC 6265, which defines how cookies should be created and handled, does not specify any mechanism for isolating them or checking their integrity.

The Security Risks of the Internet of Things
10/08/2015

I was the stuff of headlines. A smart Jeep careens down the road, and suddenly the driver no longer has control. As analysts watch, hackers, miles away, take control of the Jeep and make it do their bidding. Suddenly, mass hysteria erupts, as consumers picture themselves driving out of control vehicles in a style that matches the movie Speed.

This demonstration did what it was intended to do – it drew attention to the vast security risks raised when we connect everything, including our cars, to the Internet of Things. But is the real risk the risk of having a hacker take over you car? I say that it’s not. Yes, we do need to make sure that several tons of metal are not sent careening down the road under someone else’s control, but the real risk is far more personal.

If a hacker can take control of a Jeep, what’s to stop them from taking control of your oven?

Iraq confirms cooperation with Russia, Iran, Syria over security
10/07/2015

Iraq said on Sunday that it is cooperating with Russia, Iran and Syria in security and intelligence to confront the increasing threat from the Islamic State (IS) militant group.

According to Iraqi Joint Operations Command, a new agreement between Iraq and the three countries aims at assisting and participating in collecting information about Daesh (IS group) and its associates.

Canada Border Wall: Americans Want More Security To Block Immigrants
10/06/2015

If a brick-and-mortar wall is good for the United States’ southern border with Mexico, then it’s also good for the border with Canada -- at least this is what four in 10 Americans claim, according to a new Bloomberg Politics poll. The poll, released Thursday, found that 41 percent of U.S. adults support building a wall along both the southern and northern U.S. borders. A majority of people surveyed, however, said there should not be a wall built on either frontier. Roughly 55 percent opposed a wall along the Mexican border and 56 percent were against one on the border with Canada.

Cyber-security professionals say employees are biggest threat to network security
10/05/2015

Network security has more to do with smoke and mirrors than actual security at many companies today, according to Corey Steele, network security engineer for local voice and data network solutions provider High Point Networks.

The self-taught cybersecurity expert gets paid to test companies networks and says the days when firewalls, data backup and antivirus programs provided sufficient protection are over.

Steele says the No. 1 threat to a companys network security today is its employees.

Russia Biggest Threat
10/02/2015

The then-incoming Chairman of the Joint Chiefs of Staff, Gen. Joseph Dunford, made news at his confirmation hearing in July by saying that, in his view, Russia was now the greatest national security threat facing the United States.

Bounty Hunting Security Hackers
09/30/2015

Cars are being hacked by independent researchers who have uncovered security flaws that the automakers themselves didn’t know existed. Fortunately, none of the known security breeches have been malicious, but the potential clearly exists.

While many automobile manufacturers have taken reactive measures or apparently just ducked for cover, tech-savvy Tesla has gone a step beyond – offering a bounty, which it recently increased from $5,000 to $10,000, to hackers who help it identify and prevent future issues.



Current Blog

2015 Security Blog Archive
October Archive
September Archive
August Archive
July Archive
June Archive
May Archive
April Archive
March Archive
February Archive
January Archive

2014 Security Blog Archive
November / December Archive
October Archive
September Archive
August Archive
July Archive
June Archive
May Archive
April Archive
March Archive
Jan & February Archive

2013 Security Blog Archive
December Archive
November Archive
October Archive
September Archive
August Archive
July Archive
June Archive
May Archive
April Archive
March Archive
February Archive
January Archive

2012 Security Blog Archive
December Archive
November Archive
October Archive
September Archive
August Archive
July Archive
June Archive
May Archive
April Archive
March Archive
February Archive
January Archive

2011 Security Blog Archive

December Archive
November Archive
October Archive
September Archive
August Archive
July Archive
June Archive
May Archive
April Archive
March Archive
February Archive
January Archive

2010 Securty Blog Archive
December Archive
November Archive
October Archive
September Archive
August Archive
July Archive
June Archive
May Archive
April Archive
March Archive
February Archive
January Archive

2009 Securty Blog Archive
December Archive
November Archive
October Archive
September Archive
August Archive
July Archive
June Archive
May Archive
April Archive
March Archive
February Archive
January Archive

2008 Security Blog Archive
December Archive
November Archive
October Archive
September Archive
July-August Archive
May-June Archive
April Archive
March Archive
February Archive
January Archive

2007 Security Blog Archive
December Archive
November Archive
October Archive
September Archive
August Archive
July Archive
June Archive
May Archive
April Archive
March Archive
February Archive
January Archive

2006 Security Blog Archive
December Archive
November Archive
October Archive
September Archive
August Archive
July Archive
June Archive
May Archive
April Archive
March Archive
February Archive
January Archive


Security Alerts
Locate security alerts, and security feeds via a security rss feed directory.