Nail in the Coffin?
Dye told the WSJ that the company doesn’t consider AV as “a moneymaker in any way.” Not only that, Dye bemoaned that they simply can’t keep hackers out. In the interview, Dye estimated that AV only catches 45 percent of cyber attacks. Those are pretty damning numbers, and a pretty grim outlook, but other cybersecurity experts just don’t agree. Or rather, they know that saying […]
Nail in the Coffin?
When Heartbleed struck in April, it shook the Internet to its core in an almost literal sense: the vulnerability, which could allow hackers to trick servers into surrendering sensitive data, took advantage of how communications are made online. Now, there’s a new vulnerability in town claiming to be the next core-shaking Internet threat. But is it really? Let’s take a look.
Covert Redirect: A look inside
The vulnerability in question has been dubbed “Covert Redirect,” due to its stealthy tactics. Discovered by Wang Jing, a mathematics PhD student in Singapore, Covert Redirect enables hackers to trick users into surrendering personal information by posing as an authorization window (a popup window which asks for authorization to connect to a third party website or application). If the faux-authorization is successful, the hacker can redirect the user to a website loaded with malicious software. If successfully executed, it can […]
Verizon’s recent release of the 2014 Data Breach Investigations Report (DBIR) provided its usual valuable insights into the state and scale of cyberattacks. But those of us who spend our waking hours enhancing and fine-tuning cybersecurity defense tend to watch for one measurement in particular in such reports: the breach discovery gap.
The breach discovery gap is the time it takes IT security practitioners to discover a data breach after they have been breached by a cyberattack. As an industry, we strive to constantly improve the detection capabilities of our products to stop attacks before breaches occurs or, when they aren’t stopped, to narrow the breach discovery gap to zero. Ideally, the enterprise’s security infrastructure detects attacks in progress, immediately alerts enterprise security teams, and takes steps to mitigate and deflect the attack.
Unfortunately, Verizon’s research showed that more than 90% of attacks are successful in a day or less, but […]
Consumers now have until June 10 to get off Windows 8.1 and on Windows 8.1 Update to keep receiving patches
May 12, 2014
For the third time in the last four weeks, Microsoft today backed away from a customer cutoff as it postponed enforcement of the Windows 8.1 Update migration deadline until June 10.
On Monday — and just a day before its May Patch Tuesday slate of security fixes — Microsoft said consumers have four more weeks to move from Windows 8.1 to Windows 8.1 Update before their devices would be barred from receiving further patches. The deadline change was the third in the past month, following an earlier Windows 8.1 Update extension for business users and a surprise update on May 1 for Windows XP after Microsoft had officially retired the aged OS.
“We’ve decided to extend the requirement for our […]
Move may end up encouraging some customers to stick with XP even longer
May 7, 2014
Microsoft’s decision to erase its support line in the sand has sowed confusion and will likely encourage bad behavior by some customers, analysts said today.
“If next month someone finds another zero-day like this one, Microsoft could just move the line again,” said John Pescatore, director of emerging security trends at the SANS Institute, a security training organization.
“In a way, this encourages bad behavior. There’s a risk that people will look at it that way,” said Michael Silver, an analyst with Gartner, referring to those who will now question Microsoft’s determination to end XP support, and thus slow or even suspend their migrations to newer editions of Windows.
The experts were talking about Microsoft’s move on May 1 to issue fixes for a critical vulnerability in Internet Explorer […]
Talk to any security researcher or hacker of a certain age, and he will likely tell you that back in his day–say, the late 1990s–hacking wasn’t cool. It was a solitary, often frustrating pursuit, done mainly for the intellectual rewards it provided and the respect of one’s peers. But the culture has turned of late, and hacking and the security culture are having something of a moment.
Privacy and pervasive surveillance are now topics of conversation well outside of the tech community, and the idea of having your every move monitored, tracked and recorded doesn’t seem as ridiculous as it did when George Orwell laid it out more than 60 years ago. Average citizens don’t have much in the way of options when it comes to fighting the spread of surveillance technology–at least in the real world. But the new Ubisoft video game […]
- The NSA sent a mysterious coded tweet to its 10,000 followers this week
- Internet sleuths solved the mystery in minutes
- The tweet was a recruiting tool for the intelligence agency
(CNN) — When the National Security Agency sent a tweet Monday filled with garbled nonwords like “tpfccdlfdtte,” the Internet was confused, and intrigued.
Was the NSA drunk? Had a cat skittered across someone’s keyboard?
Or maybe the spy agency, under fire for eavesdropping on Americans, had accidentally blurted a secret of its own — a coded, classified message not meant for public eyes.
The botnet contained almost 1,500 compromised point-of-sale and other retail systems from 36 countries, researchers from IntelCrawler said
May 23, 2014
(IDG News Service)
Security researchers uncovered a global cybercriminal operation that infected with malware almost 1,500 point-of-sale (POS) terminals, accounting systems and other retail back-office platforms from businesses in 36 countries.
The infected systems were joined together in a botnet that researchers from cybercrime intelligence firm IntelCrawler dubbed Nemanja. The researchers believe the attackers behind the operation might be from Serbia.
The size of the botnet and the worldwide distribution of infected systems brings into perspective the security problems faced by retailers from around the world, problems that were also highlighted by the recent PoS breaches at several large U.S. retailers.
Past incidents suggest an increased attention from cybercriminals toward retailers and small businesses that use PoS terminals, the IntelCrawler researchers said Thursday in a […]
A photo of Saga Prefecture in Kyushu, Japan, from Skybox Imaging’s SkySat-1 satellite.
Is Google ready to plunk down a billion dollars or so to acquire a company specializing in satellite imaging?
One possible target is Skybox Imaging, a Mountain View, Calif.-based firm with its own satellite cluster that specializes in data analytics and highly detailed images and video of Earth, according to a report in TechCrunch. Skybox was valued between $500 million and $700 million at its last fundraising round in 2012, the report said.
Skybox Imaging declined to comment. Google did not respond to a request for comment.
Word of Google’s alleged interest in owning satellite imaging technology comes on the heels of its April purchase of drone maker Titan Aerospace to help further develop high-altitude Internet-broadcasting balloons as part of Google’s Project Loon. That pickup was also seen as […]
No sign that hackers are exploiting the unpatched vulnerability in IE8; XP users will never see the fix
May 22, 2014
An HP bug bounty program yesterday published information about a critical vulnerability in Internet Explorer 8 (IE8) because Microsoft did not meet its patch-or-we-go-public deadline.
HP TippingPoint’s Zero Day Initiative (ZDI) revealed some details about the vulnerability Wednesday in an online advisory after its 180-day grace period had expired without Microsoft providing a patch to customers.
The bug, which was reported to ZDI by Belgium security researcher Peter Van Eeckhoutte, was handed to Microsoft on Oct. 11, 2013. At the time, ZDI had a 180-day patch policy: If the vendor did not patch the vulnerability in that time, or failed to explain why it could not, ZDI would go public with the flaw.