Third arrest made in TalkTalk breach

English police take 20-year-old man into custody in connection with alleged hack










from Latest topics for ZDNet in Security http://ift.tt/1HjMbjo

There's no room in authentication for amateurs

000Webhost hack shows sloppy practices by identity providers rob end-users of any defenses










from Latest topics for ZDNet in Security http://ift.tt/1GRFlql

Hacking Team Offering Encryption Cracking Tools to Law Enforcement Agencies

Hacking Team, the infamous Italy-based spyware company that had more than 400 GB of its confidential information stolen earlier this year, has resumed its operations and started pitching new hacking tools to help US law enforcement gets around their encryption issues. Yes, Hacking Team is back with a new set of Encryption Cracking Tools for government agencies as well as other customers to

from The Hacker News http://ift.tt/1HishoT

Free Ransomware Decryption Tool — CoinVault and Bitcryptor

Have you been infected with the insidious CoinVault or Bitcryptor ransomware? If so, there is some potentially good news for you. You may now recover your encrypted files for FREE! – Thanks to the efforts of Dutch police and antivirus maker Kaspersky Lab. Security researchers from Kaspersky Lab and the Dutch Public Prosecution Service have obtained and published the last set of

from The Hacker News http://ift.tt/1MyKAOf

Three New DDoS Reflection Techniques Appear in the Wild

Akamai said that the sheer volume of UDP services open to the Internet for reflection DDoS attacks is staggering.

from http://ift.tt/1LHLRil

IEEE's Shannon Appointed White House Cybersecurity AD

He will serve the White House as assistant director for cybersecurity strategy in the National Security and International Affairs Division.

from http://ift.tt/1PVxoDF

Adobe Flash Zero-Day Jumps to Angler, Nuclear EKs

Because Flash has been such a hot target this year, it is recommended to either disable it or remove it entirely.

from http://ift.tt/1PVxoDC

Five Tips for Not Becoming an Insider Threat

By Andrew Wild, Chief Information Security Officer, Lancope Most employees are honest, trustworthy people that would not steal from their employer or intentionally take sensitive, private information from their job and sell it. But many well-meaning employees are taken advantage of by attackers to steal data, and it can cost their employer (and customers) millions. Unintentional […]

The post Five Tips for Not Becoming an Insider Threat appeared first on Cloud Security Alliance Blog.

from Cloud Security Alliance Blog http://ift.tt/1kgWrDD

CryptoWall Ransomware raised $325 Million in Revenue for Its Developer

The Creators of the notorious CryptoWall ransomware virus have managed to raise more than $325 million (£212 million) in this past year alone. Ransomware has emerged as one of the biggest cyber threats to web users in recent times. Typically, hackers primarily gain access to a user's computer system using a ransomware malware, which encrypts all files with a strong cryptographic

from The Hacker News http://ift.tt/1NFTM0p

Hackback: Understanding the Option and Ramifications Better

When we’re faced with an attacker, is there something more we can or should do, other than stop the attack, clean up our affected systems, take stock of the damage and clean up afterwards?

It’s in this context that the question of “hackback” comes up. Hackback is the idea that defenders can do more than just that. Hackback at its simplest is the idea that defenders can take the fight to the attackers.

It’s an idea that comes up in the security community every few years. It’s come up again most recently this summer with the claims that a US-drone strike killed Junaid Hussain, a British national alleged to have been a hacker for ISIS who was behind the release of personal information of US military personnel. Some have looked at this incident as the ultimate “hackback,” with the defenders making the attacker pay with his life.

Regardless of whether this case was an actual, lethal “hackback” or not, the question of whether hackback is a good strategy or not continues to brew.

In looking at that question, it’s good to have a better understanding of what “hackback” can and does entail and what the ramifications and potential consequences can be. Recently at the Virus Bulletin 2015 conference, Trend Micro Forward-Looking Threat Research team member Dr. Morton Swimmer presented a paper along with Andrew Lee and Nick FitzGerald on this topic:  “The Kobayashi Maru Dilemma.” In this paper, the authors outline some of the history, questions and concerns around the topic of “hackback.”

In this paper, the authors discuss not just “hackback” as it’s popularly understood (disruptive or destructive actions by defenders against attackers) but also some tactics that have become more generally accepted such as sinkholing and probing.

In the paper, the authors set out different “hackback” tactics and the potential pros and cons from an ethical and legal point of view.

The paper doesn’t give an answer to the question of whether “hackback” is a good idea: that’s ultimately left up to the reader. But they do give a reasoned analysis of the problem that can help people make better informed decisions on the question.

While law enforcement actions to protect people on the Internet have improved over the years, the fact is there remains a “wild west” quality to the Internet. There likely always will be. And so, the option to pursue “frontier justice” on one’s own, will likely always be on the table for evaluation. Like any situation involving the potential use of force, there is no easy answer. Every situation is different and only those in the situation in the moment can truly know what goes into making the call. But with some of the information outlined in this paper, people can be armed with better information to make better decisions should they find themselves in that situation.

For the full presentation slides, click here.

Please add your thoughts in the comments below or follow me on Twitter; @ChristopherBudd.

from Trend Micro Simply Security http://ift.tt/1PUNHQY
via IFTTT

Death in the Internet age: How to prepare for a digital afterlife

Whether for reasons of fear, faith or intrigue, humans have long pondered the possibilities of an afterlife. However, it's only recently that the concept of a post-death existence expanded to the Internet.










from Latest topics for ZDNet in Security http://ift.tt/1PZNURZ

Video: Collaboration and security can coexist in the cloud, says CISO Danny Miller

ZDNet spoke with Texas A&M University System CISO Danny Miller about how using a hybrid cloud solution helps them protect highly-sensitive, geo-restricted data, and enable collaboration.










from Latest topics for ZDNet in Security http://ift.tt/1MmLgjz

TalkTalk Hack: Police Arrest Second Teenager in London

British Police have arrested a second teenage boy in relation to the major hack on the servers of UK-based telco 'TalkTalk' last week. On Monday, a 15-year-old boy (first arrest) from County Antrim, Northern Ireland, was arrested in connection with the TalkTalk Data Breach. <!-- adsense --> On Thursday, The Metropolitan Police Cyber Crime Unit (MPCCU) arrested this second unnamed

from The Hacker News http://ift.tt/1MmIUkH

Porn Surges in 2015 to Become Number One Mobile Threat Vector

Blue Coat warns personal surfing is a corporate issue thanks to BYOD

from http://ift.tt/1HgIv1U

Bugtraq: [slackware-security] jasper (SSA:2015-302-02)

[slackware-security] jasper (SSA:2015-302-02)

from SecurityFocus Vulnerabilities http://ift.tt/1PZf0J8

This Week in Security News

Welcome to our weekly roundup, where we share what you need to know about the cybersecurity news and events that happened over the past few days.

Below you’ll find a quick recap of topics followed by links to news articles and/or our blog posts providing additional insight. Be sure to check back each Friday for highlights of the goings-on each week!

 

Trend Micro Released 2016 Predictions

In 2016, cyber extortionists will devise new ways to target its victim’s psyche to make each attack “personal.” Threats will evolve to rely more on mastering the psychology behind each scheme than mastering the technical aspects of the operation. Security vendors will need to work together with law enforcement and would-be victims to help combat these evolving threats.

Retail Data Breaches Account for 47.8% of Payment Card Breaches

Our two new Follow the Data reports have been compiled from 10 years’ worth of information collated by non-profit the Privacy Rights Clearinghouse. You might be surprised to hear that only 12.5% of breaches over the period 2005-15 happened to retailers. It’s also notable that hacking and malware incidents have shown a major increase since 2005, thanks to the success of POS RAM scrapers.

Android Has Had Big Vulnerabilities, Too

Google’s Android platform is the most popular operating system in the world, but it’s not without its vulnerabilities. Stagefright was a vulnerability discovered by Zimperium that was publicized in July and disclosed at a BlackHat conference this past August. Our researchers discovered the AudioEffect vulnerability that works to take advantage of an Android feature that fails to check buffer sizes in some client-supplied media player apps.

Pornographic-themed Malware Hits Android Users in China, Taiwan, Japan

Sex sells, and nowhere is that more true than the Chinese mobile landscape. Porn-themed malware has been hitting Android users in China, Japan, and Taiwan in recent weeks. These malicious apps are distributed via SEO-optimized fake websites, with keywords targeting hot scandals and affairs used.

New Survey Shows 52% of Women Feel No Cybersecurity Programs Are Available to Them

The gap between young men and women who would consider a career in the field of cybersecurity is widening, according to a survey of almost 4,000 people aged 18-26 from 12 countries. Key findings from the study are quite alarming when one considers the importance of cybersecurity in our increasingly digital world, and that gender equality is a major contributor towards the success of modern societies.

Nearly Half of U.S. Employees Have No Cybersecurity Training

A new study from CompTIA found that even IT employees with the know-how to protect themselves against cyberattacks still exhibit the sloppy behaviors that often compromise sensitive corporate data. American employees exhibit poor habits when it comes to protecting both their personal information and their employer’s information, due in part to lack of training, awareness or understanding of the implications.

Cybersecurity 2015 Year in Review: Sneak Peek at Hot Markets in Israel, Brazil, Australia and India

Organizations in the Asia-Pacific region were forecast to spend $230 billion to deal with cybersecurity breaches in 2014 — the highest amount for any region in the world. Analyst firm Frost & Sullivan forecasted the cybersecurity market in Australia and New Zealand to reach revenues of more than $1.6 billion (USD) by 2019. India, however, has the world’s second largest population, and a very small cybersecurity economy.

Major Cybersecurity Bill is Set to Clear the Senate

Senators on Tuesday are scheduled to consider multiple proposed changes to the measure before a final vote, which Senator Mitch McConnell of Kentucky could try to force as early as Tuesday evening. Backers of the legislation say it could help secure the nation’s digital infrastructure by allowing private companies to share information about threats and attacks with the federal government, to help companies better protect themselves.

Please add your thoughts in the comments below or follow me on Twitter; @ChristopherBudd.

from Trend Micro Simply Security http://ift.tt/1WnVntQ
via IFTTT

Zero Day Weekly: Talk Talk faceplant, Google smacks Symantec, Joomla flaw, LifeLock deception settlement

Notable security news items for the week ending October 30, 2015. Covers enterprise, application and mobile security, reports and more.










from Latest topics for ZDNet in Security http://ift.tt/1jWBpdW

Tor Project launches encrypted anonymous chat app to the public

The app gives users the chance to chat anonymously across Windows, Mac and Linux systems.










from Latest topics for ZDNet in Security http://ift.tt/1OcFabR

Google Demands Changes After More Rogue Symantec SSL Certs Found

CA’s investigation did not reveal full extent of the problem

from http://ift.tt/1OcEzXS

CryptoWall 3.0 Cost Victims $325 Million – Report

One highly efficient group likely to be behind notorious ransomware

from http://ift.tt/1WnozRM

Mission '1 Billion' — Microsoft will Automatically Offer Windows 10 Upgrade

Microsoft wholeheartedly wants you to upgrade your PCs to Windows 10, so much so that the company plans to automatically download its new operating system to Windows 7/8 computers next year. Just two weeks ago, Microsoft accidentally pushed Windows 10 installation to Windows 7 and Windows 8/8.1 users through the Windows Update process, but next year the company will do it on purpose.

from The Hacker News http://ift.tt/1kXYhtK

Alibaba points to Singapore in response to cloud security concerns

Security fears often pop up when dealing with China tech vendors, but Alibaba assures customers with its international headquarters in Singapore, where it says it abides by local laws governing data privacy.










from Latest topics for ZDNet in Security http://ift.tt/1XDwvks