IANS Blog RSS Feed

http://www.iansresearch.com

Poulin to CSO: We Hacked a Smart Building Using ?Old-School? Techniques

- Thu, 11 Feb 2016 00:00:00 GMT

The ?smarter? buildings get, the easier they are to hack? Maybe. IANS Faculty Chris Poulin, research strategist for IBM?s X-Force ethical hacking team, recently spoke to CSO?s Maria Korolov about a penetration test in which his team was able to gain access to all of the buildings operated by a building management company.

Privacy, Security Concerns Rise as States Mull Encryption Backdoor Requirements

- Wed, 27 Jan 2016 00:00:00 GMT

National Data Privacy Day (January 28th) certainly comes at an interesting time this year, as legislators in two of the most technology-centric U.S. states recently introduced similar bills that would force smartphone manufacturers to include encryption backdoors in their devices.

Fledgling Cyber-Insurance Market Tested by Early Denials, Lawsuits

- Wed, 20 Jan 2016 00:00:00 GMT

Cybersecurity insurance policies may be relatively new, but they have one important thing in common with established, legacy business coverage: They live and die in the fine print.

Hacker-Caused Ukrainian Power Outage Marks First Known Attack With Immediate, Direct Public Impact

- Tue, 05 Jan 2016 00:00:00 GMT

Security researchers have confirmed that a recently updated version of the highly destructive BlackEnergy malware package infected the systems of at least three power authorities in Ukraine, causing a massive outage that left thousands of homes in the Ivano-Frankivsk region of the country without electricity. 

Top 10 IANS Insights from a Tumultuous 2015

- Mon, 28 Dec 2015 00:00:00 GMT

Another year is in the books and what a year it was for infosec pros. From the Ashley Madison hack to the OPM breach, to Jeep commandeering and mysterious backdoors in popular networking gear, every week brought a new security twist that forced us all to keep our heads on swivels.

Herold: Misguided CISA Heightens Security, Privacy Concerns

- Mon, 21 Dec 2015 00:00:00 GMT

The controversial Cybersecurity Information Sharing Act (CISA) is now the law of the land, slipped into an eleventh-hour spending bill designed to keep the federal government running through 2016.

Patch Now: Rogue Code Leaves Gaping Hole in Juniper Gear

- Fri, 18 Dec 2015 00:00:00 GMT

Juniper Networks says unauthorized code could allow attackers to gain administrative access to its NetScreen appliances and decrypt VPN connections without leaving any trace of their actions. Users are urged to apply fixes immediately.

Poulin: Time to Realistically Acknowledge Vehicle Vulnerabilities

- Wed, 16 Dec 2015 00:00:00 GMT

The images and breathless banter were difficult to ignore: celebrity security researchers gaining remote command of an automobile, disrupting on-board systems before forcing the vehicle and its helpless driver into a ditch.

NIST to Infosec Pros: How Is Our Framework Working?

- Mon, 14 Dec 2015 00:00:00 GMT

The National Institute of Standards and Technology is asking infosec practitioners in the public and private sectors to comment on the efficacy of its cybersecurity framework as it prepares to update the popular, two-year-old document.

As Ransomware Attacks Evolve, Security Teams Must Prepare For New ?Drive-By? Tactics

- Thu, 10 Dec 2015 00:00:00 GMT

Another week, another evolution of the popular ransomware attacks. When we last wrote about it, researchers had discovered a new iteration ? ?Linux.Encoder.1? ? that enabled attackers to inject malware into Linux-powered websites and encrypt all files in the home and backup directories. Now, it appears the popular exploit kit Angler is being used to spread the latest version of CryptoWall and other ransomware on websites as part of ?drive-by? campaigns that begin with the deployment of password-stealing malware. 

Threats RSS Feed - Symantec Corp.

http://www.symantec.com/business/security_response/landing/threats.jsp

Trojan.Snifula!gm

- Sat, 27 Aug 2016 00:00:00 +0000

Risk Level: Very Low. Type: Trojan.

Ransom.Fantom

- Sat, 27 Aug 2016 00:00:00 +0000

Risk Level: Very Low. Type: Trojan.

Ransom.Tearhide

- Fri, 26 Aug 2016 00:00:00 +0000

Risk Level: Very Low. Type: Trojan.

Downloader.Pirpi!g1

- Thu, 25 Aug 2016 00:00:00 +0000

Risk Level: Very Low. Type: Trojan.

Ransom.Purge

- Thu, 25 Aug 2016 00:00:00 +0000

Risk Level: Very Low. Type: Trojan.

Trojan.Chrofprox

- Wed, 24 Aug 2016 00:00:00 +0000

Risk Level: Very Low. Type: Trojan.

Trojan.Egguard

- Wed, 24 Aug 2016 00:00:00 +0000

Risk Level: Very Low. Type: Trojan.

Ransom.AlmaLocker

- Tue, 23 Aug 2016 00:00:00 +0000

Risk Level: Very Low. Type: Trojan.

Ransom.AlmaLocker!gm

- Tue, 23 Aug 2016 00:00:00 +0000

Risk Level: Very Low. Type: Trojan.

Trojan.Shakstiler

- Tue, 23 Aug 2016 00:00:00 +0000

Risk Level: Very Low. Type: Trojan.

Hacktool.Mimikatz!g2

- Tue, 23 Aug 2016 00:00:00 +0000

Risk Level: Very Low.

W32.Rexdrup

- Tue, 23 Aug 2016 00:00:00 +0000

Risk Level: Very Low. Type: Worm.

Backdoor.Equation

- Tue, 23 Aug 2016 00:00:00 +0000

Risk Level: Very Low.

Hacktool.Equation

-

Risk Level: Very Low.

Trojan.Kwampirs

- Sat, 20 Aug 2016 00:00:00 +0000

Risk Level: Very Low. Type: Trojan.

SONAR.MSWord!g8

- Wed, 17 Aug 2016 00:00:00 +0000

Risk Level: Very Low. Type: Trojan, Virus, Worm.

Hacktool.Mimikatz!g1

- Tue, 16 Aug 2016 00:00:00 +0000

Risk Level: Very Low.

Trojan.Ransomcrypt.BH

- Tue, 16 Aug 2016 00:00:00 +0000

Risk Level: Very Low. Type: Trojan.

Trojan.Zombrari

- Mon, 15 Aug 2016 00:00:00 +0000

Risk Level: Very Low. Type: Trojan.

Trojan.Ransomcrypt.BF

- Mon, 15 Aug 2016 00:00:00 +0000

Risk Level: Very Low. Type: Trojan.

Trojan.Ransomcrypt.BG

- Mon, 15 Aug 2016 00:00:00 +0000

Risk Level: Very Low. Type: Trojan.

Exp.CVE-2016-3304

- Thu, 11 Aug 2016 00:00:00 +0000

Risk Level: Very Low. Type: Trojan.

Linux.Leydiwon

- Thu, 11 Aug 2016 00:00:00 +0000

Risk Level: Very Low. Type: Trojan.

SONAR.JSDownloader!g3

- Thu, 11 Aug 2016 00:00:00 +0000

Risk Level: Very Low. Type: Trojan, Virus, Worm.

SONAR.BC.CryptDrop!g3

- Thu, 11 Aug 2016 00:00:00 +0000

Risk Level: Very Low. Type: Trojan, Virus, Worm.

SONAR.Cryptlocker!g60

- Thu, 11 Aug 2016 00:00:00 +0000

Risk Level: Very Low. Type: Trojan, Virus, Worm.

SONAR.Cryptlk.AF!g1

- Thu, 11 Aug 2016 00:00:00 +0000

Risk Level: Very Low. Type: Trojan, Virus, Worm.

SONAR.Heur.RGC!g231

- Thu, 11 Aug 2016 00:00:00 +0000

Risk Level: Very Low. Type: Trojan, Virus, Worm.

SONAR.Heur.RGC!g332

- Thu, 11 Aug 2016 00:00:00 +0000

Risk Level: Very Low. Type: Trojan, Virus, Worm.

SONAR.Heur.RGC!g275

- Thu, 11 Aug 2016 00:00:00 +0000

Risk Level: Very Low. Type: Trojan, Virus, Worm.

SONAR.Heur.RGC!g294

- Thu, 11 Aug 2016 00:00:00 +0000

Risk Level: Very Low. Type: Trojan, Virus, Worm.

SONAR.Heur.RGC!g271

- Thu, 11 Aug 2016 00:00:00 +0000

Risk Level: Very Low. Type: Trojan, Virus, Worm.

Backdoor.Misogow!g1

- Thu, 4 Aug 2016 00:00:00 +0000

Risk Level: Very Low. Type: Trojan.

Boot.Cryptolocker.AU

- Mon, 8 Aug 2016 00:00:00 +0000

Risk Level: Very Low. Type: Trojan.

Backdoor.Cartcapa

- Mon, 8 Aug 2016 00:00:00 +0000

Risk Level: Very Low. Type: Trojan.

Backdoor.Bandock.A!gm

- Mon, 8 Aug 2016 00:00:00 +0000

Risk Level: Very Low. Type: Trojan.

Trojan.Ransomlock.AT

- Fri, 5 Aug 2016 00:00:00 +0000

Risk Level: Very Low. Type: Trojan.

Ransom.CryptXXX!g14

- Fri, 5 Aug 2016 00:00:00 +0000

Risk Level: Very Low. Type: Trojan.

Backdoor.Misogow

- Thu, 4 Aug 2016 00:00:00 +0000

Risk Level: Very Low. Type: Trojan.

SONAR.BC.CryptDrop!g4

- Thu, 4 Aug 2016 00:00:00 +0000

Risk Level: Very Low. Type: Trojan, Virus, Worm.

SONAR.BC.CryptDrop!g1

-

Risk Level: Very Low. Type: Trojan, Virus, Worm.

SONAR.BC.CryptDrop!g2

-

Risk Level: Very Low. Type: Trojan, Virus, Worm.

SONAR.Bayrob!gen2

- Thu, 4 Aug 2016 00:00:00 +0000

Risk Level: Very Low. Type: Trojan.

SONAR.BC.Cryptlk!g2

- Thu, 4 Aug 2016 00:00:00 +0000

Risk Level: Very Low. Type: Trojan, Virus, Worm.

SONAR.BC.Cryptlk!g1

- Thu, 4 Aug 2016 00:00:00 +0000

Risk Level: Very Low. Type: Trojan, Virus, Worm.

SONAR.Cryptlk.AH!g2

- Thu, 4 Aug 2016 00:00:00 +0000

Risk Level: Very Low. Type: Trojan, Virus, Worm.

SONAR.Heur.RGC!g331

- Thu, 4 Aug 2016 00:00:00 +0000

Risk Level: Very Low. Type: Trojan, Virus, Worm.

SONAR.Ransom!gen3

- Thu, 4 Aug 2016 00:00:00 +0000

Risk Level: Very Low. Type: Trojan.

SONAR.Cryptlocker!g80

- Thu, 4 Aug 2016 00:00:00 +0000

Risk Level: Very Low. Type: Trojan, Virus, Worm.

Trojan.Sorcurat!gen1

- Thu, 4 Aug 2016 00:00:00 +0000

Risk Level: Very Low. Type: Trojan.

Backdoor.Remsec

- Tue, 2 Aug 2016 00:00:00 +0000

Risk Level: Very Low. Type: Trojan.

Exp.CVE-2016-4226

- Tue, 2 Aug 2016 00:00:00 +0000

Risk Level: Very Low. Type: Trojan.

Backdoor.Remvio

- Wed, 3 Aug 2016 00:00:00 +0000

Risk Level: Very Low. Type: Trojan.

Trojan.Trawlmernib

- Wed, 3 Aug 2016 00:00:00 +0000

Risk Level: Very Low. Type: Trojan.

Trojan.Maltrec!eg1

- Mon, 1 Aug 2016 00:00:00 +0000

Risk Level: Very Low. Type: Trojan.

Security News Headlines - Yahoo! News

http://news.yahoo.com/security/

How to not get scammed on Amazon

- Sat, 27 Aug 2016 09:00:39 -0400

Amazon is the biggest online retailer in the US, but it's also not without problems. One of the ways Amazon became so big was by opening up its distribution network to third-party retailers, who use Amazon's warehouses and website to sell their own products. Buying from these retailers means you're not buying from Amazon proper, and that means you can be burned. DON'T MISS: How-To Geek  has the story of how one author got scammed by a mini PC with a cracked version of Windows. When you're paying good money for a computer off a giant website, it shouldn't arrive with pirated software. And yet: The particular PC I purchased was sold by ? MarsKing ?. Sure, that?s a Chinese manufacturer I?ve never heard of, but it?s solid Intel hardware inside. It was also marked by Amazon as the ?#1 New Release? in this category and had solid 4-to-5-star reviews at the time. It even had a ?Prime? logo, which meant that it would be shipped to me from an Amazon warehouse. Looks legit, right? Nope! The PC came with a KMS Loader activation crack installed and was using a KMS key?a common way to activate pirated Windows licenses. Windows Defender found the KMS activation crack and complained about malware as soon as Windows Update ran automatically. After I left a bad review and returned the product to Amazon, MarsKing contacted me through Amazon with an offer: ?We would like to sell you a new pc box with legitimate [Windows license] at 50% money off as apologize.? I didn?t take them up on it. As the author points out, the reason he was burned was because he was buying from a third-party seller. Since Amazon never really verifies or tests products that it sells on behalf of third parties, there's very little quality control in the system. In fairness, Amazon is still better than buying from a scammer on eBay or Craigslist. Amazon's customer service is designed to keep the customers happy, so you can always return products, and I've personally been offered small discount vouchers when my Amazon purchases have gone wrong. But still, you don't want to go through the time and hassle of buying and returning something that's fake. To that end,  How-To Geek  has some good, simple tips to use when buying off Amazon. Avoid products that are sold and shipped by third-party sellers, and instead look for things sold by Amazon.com, or at least shipped by Amazon. Reading reviews is also important, but that's its own minefield. Amazon reviews have become tainted as of late. There's an entire cottage industry dedicated to writing fake Amazon reviews, and many companies have started trading discounted (or free) products in return for favourable reviews. Reviews aren't worthless (yet!), but you should pay attention when reading them to try and avoid reviews that have been incentivized.

Kuwaiti government employee arrested over IS online postings

- Fri, 26 Aug 2016 02:39:50 -0400

KUWAIT CITY (AP) ? Kuwait's Interior Ministry says a government employee has been arrested for spreading Islamic State ideology and hacking social media pages of "some friendly and sister countries."

Activist discovers iPhone spyware, sparking security update

- Fri, 26 Aug 2016 01:37:56 -0400

Human rights activist Ahmed Mansoor speaks to Associated Press journalists in Ajman, United Arab Emirates, on Thursday, Aug. 25, 2016. Mansoor was recently targeted by spyware that can hack into Apple's iPhone handset. The company said Thursday it has updated its security. (AP Photo/Jon Gambrell)AJMAN, United Arab Emirates (AP) ? The suspicious text message that appeared on Ahmed Mansoor's iPhone promised to reveal details about torture in the United Arab Emirates' prisons. All Mansoor had to do was click the link.


U.S. Homeland Security probes hacking of actress Leslie Jones' website

- Thu, 25 Aug 2016 22:01:13 -0400

Cast member Leslie Jones poses at the premiere of the film "Ghostbusters" in Hollywood, CaliforniaThe U.S. Department of Homeland Security is investigating a new incident involving actress Leslie Jones, who has been targeted by online abusers, after hackers posted nude photos and personal information on the "Ghostbusters" star's website. In order to protect the integrity of the case, no further details are available at this time," Rachel Yong You, a spokeswoman for the U.S. Immigration and Customs Enforcement, said on Thursday in an email to Reuters. ICE, as the agency is known, is a branch of the Department of Homeland Security.


Apple fixes security flaw after UAE dissident's iPhone targeted

- Thu, 25 Aug 2016 19:28:18 -0400

A salesman checks a customer's iPhone at a mobile phone store in New DelhiApple Inc issued a patch on Thursday to fix a dangerous security flaw in iPhones and iPads after researchers discovered that a prominent United Arab Emirates dissident's phone had been targeted with a previously unknown method of hacking. The thwarted attack on the human rights activist, Ahmed Mansoor, used a text message that invited him to click on a web link. Instead of clicking, he forwarded the message to researchers at the University of Toronto's Citizen Lab.


Russian lawmaker's son convicted in U.S. for hacking scheme

- Thu, 25 Aug 2016 19:21:41 -0400

View shows various credit cardsRoman Seleznev, also known as "Track2," was found guilty by a federal jury in Seattle on 38 of 40 counts including wire fraud and intentional damage to a protected computer following an eight day trial, prosecutors said. The conviction of Seleznev, of Vladivostok, followed a 10-year-long investigation by the U.S. Secret Service, the agency said. Seleznev, the son of Valery Seleznev, a member of the Russian Parliament, is scheduled to be sentenced on Dec. 2.


Is Android malware more popular than Google?s own app?

- Thu, 25 Aug 2016 16:50:16 -0400

How can I compare the popularity of Google?s recently launched Duo video chat app to Android malware apps that many consider not to be a thing? That?s preposterous, heresy even. But I?m just going to show how much our perception is altered when talking about market share in the mobile business using Google?s CEO Sundar Pichai as a benchmark. DON?T MISS: iPhone 7: New leak may have just solved the only mystery left ?Google Duo now over 5 million Android downloads in a week,? Pichai tweeted. That?s certainly impressive for an app that?s meant to bring a FaceTime-like experience to Android, but is also cross-platform, as the app is also available on iPhone. https://twitter.com/sundarpichai/status/768657715962839041 Let?s now look at a statement that Pichai made two years ago about malware. Addressing Tim Cook?s comments about Android malware the Apple CEO made at WWDC 2014, Pichai said during the I/O keynote the same year that ?based on every data we see, well, well less than half a percent of users ever run into any malware issues.? That seemed to settle it. To many Android users who know how to avoid malware and will probably not have any issues with malicious apps in the future, it looked like Google cleared the air once and for all. But according to late June 2014 numbers, Google registered up to 1 billion active Android users each month. Translating percentages to a palpable number, I concluded at the time that, according to Pichai, up to 5 million users were affected by malware. That?s hardly something to be ignored. Let?s get back to Pichai?s Duo numbers. Imagine him tweeting something like: ?Google Duo now on more than 0.37% of active Android devices in a week.? That?s hardly something one would care about. According to Google?s latest Android numbers, there are over 1.4 billion active users each month. These are September 2015 stats, and that?s the number I used to calculate the percentage above. As for malware, 0.5% of 1.4 billion amounts to 7 million people who might be affected by Android malware, assuming Pichai?s 2014 statement still holds true. But Google has taken several other measures since 2014 to combat malicious apps, so I?d hope that percentage is even lower. Furthermore, even if millions of people contracted malware at one point in their lives, there have been many different strains out there, from a variety of players. Very few of them managed to affect a large number of users, at least according to what's known to date, and many of them have been eradicated. Ben Evans calculated in late July that there might be an additional 450 million Android phones and 200 million Android tablets in China on top of what Google reports. These are the kind of devices that don?t connect to the Google Play store, therefore aren?t counted in statistics. And these are the kind of devices that are the most susceptible to malware. Again, comparing malware to an app isn?t something that can really be done. But the point I?m trying to make here is that we often fall for the numbers companies feed us, without looking at what they really mean in many cases. As for Duo, getting 5 million app installs in one month alone is very impressive, and that number is only going up, I would assume. It?s interesting though that Pichai did not say anything about iPhone downloads, which might mean they?re not relevant yet. But is it a hit already?

Government caught using sophisticated one-click hacking tool in the wild

- Thu, 25 Aug 2016 13:53:02 -0400

Researchers have discovered a scarily effective piece of malware, authored by an Israeli "cyber arms dealer," that can completely hack an iPhone if the user clicks on one link. First found by a UAE human rights defender who was sent a malicious link, the spyware uses a series of zero-day exploits to thoroughly take control of a users' iPhone. Ahmed Mansoor, the human rights defender in question, was sent the link earlier in August. It was in a text message which promised him information if he followed the link. Instead, he sent the link to researchers at Citizen Lab, who analyzed the malware installed after the link. DON'T MISS:  New video goes behind the scenes of an iPhone 7 leak for the first time ever The spyware uses three zero-day exploits to jailbreak any stock iPhone, allowing secret access to data on the device and monitoring of the microphone and camera. In a blog post, the researchers discovered links to a private Israeli firm: "We recognized the links as belonging to an exploit infrastructure connected to NSO Group, an Israel-based ?cyber war? company that sells Pegasus , a government-exclusive ?lawful intercept? spyware product.  NSO Group is reportedly owned by an American venture capital firm, Francisco Partners Management." Apple has been informed of the zero-day exploits, and has already fixed them. iOS 9.3.5, out today, is basically just a security update that patches those holes. It's not just about those three exploits, though: the more worrying fact is that for enough money, anyone seems to be able to buy a hacking tool that can easily penetrate the most common smartphone in the world. For now, the basic principles of staying safe on the internet remain the same: never click on a link unless it's sent from a specifically trusted source.

Apple releases iOS 9.3.5 to fix a major iPhone and iPad security flaw

- Thu, 25 Aug 2016 13:23:43 -0400

With less than two weeks to go until the iPhone 7 unveiling, Apple has released another update for iOS 9, and this is one you're going to want to download as soon as you possibly can. According to The New York Times , Apple discovered that NSO Group, an intelligence gathering firm out of Israel, was taking advantage of multiple vulnerabilities that allowed them to read texts and emails, track calls, record audio, collect passwords and even track a user's location. DON'T MISS:  New video goes behind the scenes of an iPhone 7 leak for the first time ever If you want to keep your private information secure, it's probably best to update immediately. In order to download and install iOS 9.3.5, either head to Settings > General > Software Update on your iOS device, or plug the device into your computer, at which point iTunes will alert you that an update is available. If you want to know more about the vulnerabilities, Vice has an incredible (and incredibly detailed) account of how it was discovered : "On the morning of August 10, Ahmed Mansoor, a 46-year-old human rights activist from the United Arab Emirates, received a strange text message from a number he did not recognize on his iPhone. ?New secrets about torture of Emiratis in state prisons," read the tantalizing message, which came accompanied by a link. Mansoor, who had already been the victim of government hackers using commercial spyware products from FinFisher and Hacking Team , was suspicious and didn?t click on the link. Instead, he sent the message to Bill Marczak, a researcher at Citizen Lab, a digital rights watchdog at the University of Toronto's Munk School of Global Affairs. As it turned out, the message wasn?t what it purported to be." You should absolutely read the full piece, but before you do, make sure that all of your iOS devices are updated to iOS 9.3.5.

Apple issues security update following discovery of iPhone spyware circulating in Middle East

- Thu, 25 Aug 2016 13:06:16 -0400

PARIS (AP) ? Apple issues security update following discovery of iPhone spyware circulating in Middle East.

Android 7.0 Nougat has already been ported to a phone that doesn?t support it

- Thu, 25 Aug 2016 12:20:11 -0400

A few days ago I told you that the Nexus 5 had just died . It became obsolete, officially, since Google isn?t supporting the handset anymore. Owners of one of the best and most popular Nexus devices ever made, the Nexus 5, will never get the Android 7.0 Nougat release, but that doesn?t mean you?ll be stuck with Marshmallow forever. Hardcore users not afraid to tinker with their devices will get Nougat running on the Nexus 5 in the near future thanks to a custom ROM from Android hackers. In fact, the first Nougat-based build has already been released. DON?T MISS: iPhone 7: New leak may have just solved the only mystery left Unofficial ports are best avoided, at least early ones, but if you know how to flash unofficial ROMs on a Nexus device and how to get back to a stable Android release ? in this case, the latest Marshmallow build that Google made available for the handset ? then you should feel free to give it a go. BGR never recommends installing unofficial software on any device, so proceed at your own risk. The first Nougat port for the Nexus 5 comes  from xda Recognized Developer Santhosh M . His Nexus 5 is indeed running Android 7.0, but there are some caveats. For starters, Bluetooth and the camera do not work at this time, which is probably a deal-breaker for most people. Updating the Nexus 5 to Nougat should be pretty simple for most savvy Android users. All you have to do is install the ROM by flashing the appropriate zip file using a custom recovery of your choosing. Remember to back up your data before doing anything else, and you should wipe your device. Read more details about this first unofficial Nougat port for the Nexus 5 at this link .

Tech firms' encryption foe struggles for U.S. Senate re-election

- Thu, 25 Aug 2016 06:24:12 -0400

Senators hold a news conference to talk about new legislation to restrict prisoner transfers from the detention center at Guantanamo Bay, at the U.S. Capitol in WashingtonBy Dustin Volz WASHINGTON (Reuters) - A U.S. senator seen by Silicon Valley as one of the technology industry's main foes in Congress is fighting for his political life as Donald Trump's slumping poll numbers threaten to damage Republican candidates across the board. Senator Richard Burr from North Carolina, the chairman of the Senate Intelligence Committee, is facing a strong and unexpected challenge from Democrat Deborah Ross. Ross, a former head of the state's chapter of the American Civil Liberties Union, is fighting an uphill battle.


Welcome to the Trump-Clinton conspiracy election

- Thu, 25 Aug 2016 03:45:02 -0400

Democratic presidential nominee Hillary Clinton talks with Jimmy Kimmel during a break in the taping of "Jimmy Kimmel Live!" in Los Angeles, Monday, Aug. 22, 2016. (AP Photo/Carolyn Kaster)LOS ANGELES (AP) ? It's a conspiracy: The 2016 campaign features one candidate who warned against the "vast right-wing conspiracy" and another who was a leader of the so-called "birther" movement.


CrowdStrike, other cybersecurity firms integrating industry cooperative

- Thu, 25 Aug 2016 02:44:11 -0400

A padlock is displayed at the Alert Logic booth during the 2016 Black Hat cyber-security conference in Las VegasBy Joseph Menn SAN FRANCISCO (Reuters) - Some information security companies that were shut out of the leading system for sharing data on malicious software are revealing more about how their own systems work in hopes of rejoining the cooperative effort, a shift that should improve protections for customers throughout the industry. CrowdStrike, one of the most prominent young security companies threatened with exclusion from some shared services, said it has integrated part of its system for detecting malicious software with VirusTotal, the main industry repository for disclosing and rating risks of malware and suspect files. Alphabet Inc's Google runs the VirusTotal database so security professionals can share new examples of suspected malicious software and opinions on the danger they pose.


'SNL' star Leslie Jones' personal site offline after hacking

- Wed, 24 Aug 2016 21:12:03 -0400

FILE - In this July 9, 2016 file photo, actress Leslie Jones arrives at the Los Angeles premiere of "Ghostbusters." (Photo by Jordan Strauss/Invision/AP, File)LOS ANGELES (AP) ? Leslie Jones, the black "Saturday Night Live" and "Ghostbusters" actress-comedian, is again the target of racist and sexist online attacks.


Google just made public Wi-Fi suck a little bit less

- Wed, 24 Aug 2016 20:00:56 -0400

Wi-Fi Assistant is a feature that Google has been offering to Project Fi users for a year. The optional setting will connect your device to over a million public Wi-Fi hotspots that Google has verified as being fast and reliable, giving you more seamless connections in places where the cell service is lacking. Starting today, the option is rolling out to anyone using a Nexus device in the United States, Canada, Mexico, UK and Nordic countries. For anyone eligible, this is an upgrade well worth taking. DON'T MISS:  How I get a new iPhone for $125 a year There's obvious privacy concerns about auto-connecting to public Wi-Fi, however. Previous studies by researchers have shown that people will connect to basically any Wi-Fi network, and if Google is programmed to trust a network with a specific name, hackers could build a similar-looking network that your device would connect to automatically. But Google does have one trick up its sleeve: when you connect to a public Wi-Fi hotspot, Google will establish a VPN connection with its own servers, which should protect your data. It's likely not foolproof, as there's other attacks that can be done on public Wi-Fi other than sniffing packets, but it's far more secure that most public Wi-Fi, which mostly involves praying no-one can be bothered to hack you. So, if you regularly do online banking or send nuclear launch codes from your mobile device, you'll want to use a VPN, or disable Wi-Fi Assistant outright. But for anyone who struggles for cell signal, Wi-Fi Assistant is a decent way to save a little time every day.

Jury deliberates case of Russian man charged with hacking

- Wed, 24 Aug 2016 19:40:07 -0400

SEATTLE (AP) ? The son of a Russian lawmaker made millions by hacking into U.S. businesses to steal credit card information and selling that data to other criminals, a federal prosecutor told the jury during his closing argument on Wednesday.

France and Germany latest countries to want magical backdoors in encryption

- Wed, 24 Aug 2016 17:20:05 -0400

The recent NSA hack just proved to the world that no system is hack-proof if attackers have what it takes to break the access door. Regardless of whatever protections guarded that NSA server, hackers found a security hole to get in and steal critical documents. The same thing could happen to encrypted services that would feature a backdoor for law enforcement. But governments around the world still think they?d be able to handle such terrifying scenarios, with France and Germany being the latest nations looking to gain access to private encrypted messages exchanged over the internet by terror plot suspects. DON?T MISS: Steve Wozniak has free advice for Apple on how to fix the iPhone 7?s major issue It?s understandable why France and German are interested in heightened digital security, considering the many terrorist attacks that have hit the European region. ?Messages exchanged through certain apps such as Telegram must be decrypted and used as evidence by magistrates and investigators as part of legal proceedings,? French Interior Minister Bernard Cazeneuve said during a joint press conference with his German counterpart German Interior Minister Thomas de Maizičre. As The Wall Street Journal reports , the two countries are seeking new legislation that would allow spy agencies to demand access to a suspect?s communications, and impose ?obligations? on operators unwilling to help. The proposed laws would force companies including Apple, WhatsApp, Telegram, and many others, to build backdoors into their messaging systems, something that?s highly unlikely to happen. ?Some terrorists and criminals are ahead of us on the technology front. That?s not right,? de Maizičre said. But breaking encryption isn?t right either. The Computer & Communications Industry Association, representing Amazon, Facebook, Google, eBay, and others already took notice of the matter. ?It is certainly understandable that some would respond to recent tragedies with back doors and more government access,? the director for Europe of the association, Christian Borggreen, said. ?But weakened security ultimately leaves online systems more vulnerable to all types of attacks from terrorists to hackers.? This fall, the European Commission is expected to come up with new rules on privacy and security for telecom operators to include third-party services such as WhatsApp or Telegram.

Lottery scandal prosecutor seeks to subpoena Texas attorneys

- Wed, 24 Aug 2016 16:31:16 -0400

DES MOINES, Iowa (AP) ? An Iowa prosecutor wants a judge to issue subpoenas for telephone and bank records of two Texas attorneys who he believes are connected to a former lottery computer security administrator who fixed lottery games in several states.

The Latest: Jury gets case of Russian accused of hacking

- Wed, 24 Aug 2016 16:09:52 -0400

SEATTLE (AP) ? The Latest on the trial of a Russian man accused of hacking into U.S. businesses (all times local):

Netflix phishing scam looks to steal credit card details from iPhone users

- Wed, 24 Aug 2016 14:26:07 -0400

Whether or not you have active Netflix or Apple accounts makes no difference to hackers looking to steal precious personal data. But you should be aware of a new Netflix email scam that?s using a fake iTunes bill to fool you into giving your credit card details to scammers, so here?s what you need to know about it so you can avoid it. DON?T MISS:  iPhone 7: New leak may have just solved the only mystery left Like any phishing scheme, these fraudulent emails contain fake bills for products you may not remember having purchased, according to This Is Money . The emails seem to originate from Apple, and they appear to contain receipts for purchases that you?d normally get in your email ? if you have an Apple ID account and buy stuff from Apple?s digital stores. This particular receipt concerns Netflix, and it tries convince you that someone impersonating you has gained access to your Apple account to subscribe to Netflix. Naturally, you?ll want to put a stop to it by clicking the available ?refund? or ?manage subscriptions? links in that email. You?ll then get to a website that looks like Apple?s where you have to enter your account and credit card details for the refund. But what really happens is that those details are delivered straight to the scammers. And they?ll then put it to good use, meaning that you can expect real warnings from your bank in the near future. So what should you do? First of all, if you don't have an Apple account, then you're safe. Secondly, never click the links inside an email like this. Instead, check with your bank to see if the fraudulent charges are real. You can also go to Apple.com directly and check your account ? but, again, don?t use the links in that email. Just type the site's address into your browser. It might be Netflix and Apple today, but scammers could pair other hot products in the future to send similar emails. Consider the tips above best practices that you should always keep in mind.

Goldcorp struggles with leak at Mexican mine

- Wed, 24 Aug 2016 11:16:19 -0400

GOLDCORP-LEAKBy Allison Martell, Frank Jack Daniel and Noe Torres TORONTO/MEXICO CITY (Reuters) - Mexican regulators said they are examining whether mining company Goldcorp Inc broke any regulations in its handling of a long-running leak of contaminated water at Mexico's biggest gold mine. Levels of the mineral selenium rose in one groundwater monitoring well near Goldcorp?s Penasquito mine as early as October 2013, Goldcorp data reviewed by Reuters shows. The Canadian company reported a rise in selenium levels in groundwater to the Mexican government in October 2014, after which the contamination near its mine waste facility intensified, according to internal company documents seen by Reuters, and interviews with government officials.


Source of submarine document leak 'from overseas': Indian defense ministry

- Wed, 24 Aug 2016 07:18:12 -0400

India's defense ministry said on Wednesday that the source of secret documents detailing the capabilities of the French-designed Scorpene submarine being built for the Indian navy appeared to be "from overseas and not from India". Defence Minister Manohar Parrikar said earlier the security breach appeared to have been the work of hackers. The leak, first reported in The Australian newspaper, contains more than 22,000 pages outlining the secret combat capability of six submarines that DCNS of France has designed for the Indian Navy.

Mind the air-gap: Singapore's web cut-off balances security, inconvenience

- Tue, 23 Aug 2016 23:14:20 -0400

Public servants and contractors sit at their desks at a public housing administration center in SingaporeBy Jeremy Wagstaff and Aradhana Aravindan SINGAPORE (Reuters) - Singapore is working on how to implement a policy to cut off web access for public servants as a defense against potential cyber attack - a move closely watched by critics who say it marks a retreat for a technologically advanced city-state that has trademarked the term "smart nation". Some security experts say the policy, due to be in place by May, risks damaging productivity among civil servants and those working at more than four dozen statutory boards, and cutting them off from the people they serve. It may only raise slightly the defensive walls against cyber attack, they say.


New York Times says suspected Russian hackers targeted Moscow bureau

- Tue, 23 Aug 2016 20:50:46 -0400

The sun peaks over the New York Times Building in New YorkThe New York Times said on Tuesday its Moscow bureau was targeted by a cyber attack this month but that there was no evidence the hackers, believed to be Russian, were successful. "We are constantly monitoring our systems with the latest available intelligence and tools," Times spokeswoman Eileen Murphy told the newspaper. "We have seen no evidence that any of our internal systems, including our systems in the Moscow bureau, have been breached or compromised." Earlier on Tuesday, CNN, citing unnamed U.S. officials, reported that the Federal Bureau of Investigation and other U.S. security agencies were investigating cyber breaches targeting reporters at the Times and other U.S. news organizations that were thought to have been carried out by hackers working for Russian intelligence.


Cheating site had inadequate security, privacy officials say

- Tue, 23 Aug 2016 17:36:01 -0400

TORONTO (AP) ? Privacy officials in Canada and Australia have found that cheating website Ashley Madison had inadequate security safeguards and policies despite marketing itself as a discreet and secure service

Russians suspected in hack of New York Times, other U.S. media: CNN

- Tue, 23 Aug 2016 14:52:44 -0400

The sun peaks over the New York Times Building in New YorkThe FBI and other U.S. security agencies are investigating cyber breaches targeting reporters at the New York Times and other U.S. news organizations that are thought to have been carried out by hackers working for Russian intelligence, CNN reported on Tuesday, citing unnamed U.S. officials. "Investigators so far believe that Russian intelligence is likely behind the attacks and that Russian hackers are targeting news organizations as part of a broader series of hacks that also have focused on Democratic Party organizations, the officials said," CNN said. The FBI declined to comment, and representatives for the U.S. Secret Service, which has a role in protecting the country from cyber crime, did not immediately reply to a request for comment.


Ashley Madison parent broke Canada, Australia privacy laws

- Tue, 23 Aug 2016 14:48:48 -0400

A photo illustration shows the privacy policy of the Ashley Madison website seen behind a smartphone running the Ashley Madison app in TorontoThe parent company of infidelity dating website Ashley Madison was responsible for numerous violations of privacy laws at the time of a massive release of customer data in a cyber attack last year, privacy watchdogs in Canada and Australia said on Tuesday. The two countries launched an investigation after the 2015 breach of Avid Life Media Inc's computer network, when hackers exposed the personal details of millions who signed up for the site with the slogan "Life is short. Have an affair." The probe found the Toronto-based company had inadequate safeguards in place, including poor password management and a fabricated security trustmark on the website's home page.


France, Germany press for access to encrypted messages after attacks

- Tue, 23 Aug 2016 12:03:46 -0400

French Interior Minister Bernard Cazeneuve greets his German counterpart Thomas de Maiziere in ParisFrance and Germany want to compel operators of mobile messaging services to provide access to encrypted content to terrorism investigations, after a series of deadly attacks in both countries. French intelligence services, on high alert since attackers killed hundreds of civilians in Paris in November and in Nice in July, are struggling to intercept messages from Islamist militants. Many of the groups now use encrypted messaging services rather than mainstream social media, with Islamic State a big user of such apps, investigators in several countries have said.


Two Model S cars were stolen despite Tesla?s advanced tech

- Mon, 22 Aug 2016 20:00:14 -0400

You?d have thought that nobody can steal your Tesla thanks to its advanced tracking system. Thieves foolish enough to try to get away with it could be easily caught with the help of the on-board GPS. However, that?s not really the case. Tesla cars are incredibly valuable, which means thieves will do whatever it takes to grab one and leave no traces behind. In fact, at least two such thefts have already been reported in Europe. DON?T MISS: This is our first look at one of the two brand new PS4 consoles launching next month Two Tesla owners in Germany discovered that their Tesla Model S cars were stolen, Electrek reports . One of them is a brand new Tesla Model S P90D that was picked up on August 2nd, and another model disappeared on June 11th. Neither car has turned up yet, and it?s not clear how it happened or whether their owners will ever get them back. It?s believed that hackers were able to breach the owners' Tesla accounts and then use iPhone or Android apps to access and drive the cars away. One of the drivers said he still has the keys to the car. They also had to jam the GPS signal on the cars, although it?s not clear how they did it. Last year, a Model S was briefly stolen in Vancouver, but the owner was able to direct the police to the location of the car by using tracking data from his account. It would certainly be interesting to hear how the thieves plan to use these stolen Teslas. Simply painting the cars over and changing their plates won?t suffice. To take advantage of Tesla?s features, you also have to use the car?s software. And we all know Tesla keeps track of what happens with each car, so it might be able to find these stolen vehicles if they ever reconnect to the system. Tesla has yet to comment on the matter, but it?s likely that the company is looking at ways to retrieve the stolen cars, and prevent similar thefts in the future.

Stolen NSA hacking tools reportedly on sale for $8,000

- Mon, 22 Aug 2016 15:04:12 -0400

It's been a rough week for the NSA, to say the least. Last week, a group of hackers collectively known as The Shadow Brokers allegedly stole and released  a treasure trove of NSA hacking tools and exploits. What's more, the group promised to release even more weapons from the NSA's cyber arsenal for the right price. While the initial leak was met with skepticism, researchers and security experts who examined the leak subsequently confirmed that the leaked exploits were very much real. "It definitely looks like a toolkit used by the NSA," French computer researcher Matt Suiche said after taking a look at the code. As if that weren't bad enough, now comes word that The Shadow Brokers may not be the only hackers who hold the keys to the NSA's cache of advanced hacking tools and exploits. DON'T MISS:  Samsung?s best phone yet might have some quality issues that can?t be fixed Late on Sunday night, a hacker with the Twitter handle 1x0123   indicated that he was willing to sell the aforementioned hacking tools for $8,000. https://twitter.com/1x0123/status/767564288160571392 Speaking to Gizmodo , the hacker also said that he'd be willing to provide screenshots to verify his claims for $1,000. Interestingly, 1x0123 didn't come to possess these files by hacking the NSA, but allegedly by stealing them from the Shadow Brokers. It?s unclear how the hacker supposedly stole the hacks and he refused to explain beyond saying ?traded some exploits for access to a private escrow and stole the tar file.? This could mean a variety of things, but it seems like he?s indicating that he tricked the Shadow Brokers, the group that originally claimed to have accessed the NSA tools, and stole the .tar file containing the exploits. Again, we don?t have a way to confirm this is true but this hacker has hacked and sold his exploits in the past. Notably, 1x0123 is not some fly by night Twitter account with no track record to speak of. On the contrary, 1x0123 is a self-identified "underground researcher" who has been behind a number of big name exploits in the past, including a hack of  Fidelity National Information Services. It's also worth noting that famed NSA whistleblower Edward Snowden gave 1x0123 some praise on Twitter just a few months ago. https://twitter.com/Snowden/status/719263028345192449?ref_src=twsrc%5Etfw

Germany to tell people to stockpile food and water in case of attacks: FAS

- Sun, 21 Aug 2016 11:43:18 -0400

Germany is currently on high alert after two Islamist attacks and a shooting rampage by a mentally unstable teenager last month. "The population will be obliged to hold an individual supply of food for ten days," the newspaper quoted the government's "Concept for Civil Defence" - which has been prepared by the Interior Ministry - as saying. A spokesman for the Interior Ministry said the plan would be discussed by the cabinet on Wednesday and presented by the minister that afternoon.

Democrats fear hackers targeted tight Florida races for latest data leaks

- Fri, 19 Aug 2016 18:31:26 -0400

The headquarters of the Democratic National Committee is seen in WashingtonBy Mark Hosenball and Ginger Gibson WASHINGTON (Reuters) - Leading Democrats are growing increasingly worried that the hackers who made public leaked documents this week were trying to sabotage the Democratic candidates in several central Florida congressional races, the first time such leaks have been targeted so directly. Two sources familiar with Democratic Party investigations of recent cyber attacks said documents made public this week by the hacker known as Guccifer2 contained information that could damage Democratic candidates in competitive Florida contests for the U.S. House of Representatives. The documents, hacked from the Democratic Congressional Campaign Committee (DCCC), which raises funds for the party's House candidates, are detailed dossiers describing the Florida candidates' backgrounds, including personal details, as well as political, economic and demographic profiles of the strategic congressional districts.


Ukrainian MP offers more details on alleged payments to Trump campaign chief

- Fri, 19 Aug 2016 07:25:58 -0400

Ukrainian lawmaker Serhiy Leshchenko displays papers from secret ledgers belonging to Party of Regions of former Ukraine's President Viktor Yanukovich during a news conference in KievBy Pavel Polityuk KIEV (Reuters) - A Ukrainian lawmaker on Friday divulged more details of what he said were payments made to Donald Trump's campaign chief in the U.S. presidential race by the political party of the Kremlin-backed former Ukrainian leader Viktor Yanukovich. MP Serhiy Leshchenko said money was allocated for Trump aide Paul Manafort to finance services such as carrying out exit polls at elections, buying computers and conducting research. Manafort has denied allegations - first made in the New York Times on Monday - that he received cash payments worth more than $12 million over five years that were itemized on secret ledgers belonging to Yanukovich's Party of Regions.


Hackers targeted Trump campaign, Republican Party groups: sources

- Thu, 18 Aug 2016 19:05:21 -0400

Republican U.S. presidential nominee Donald Trump holds a campaign rally at the ?Ziegler Building at the Washington County Fair Park & Conference Center in West Bend, WisconsinHackers targeted the computer systems of presidential candidate Donald Trump and Republican Party organizations as well as Democratic Party networks, sources familiar with investigations into the attacks said. At least one Trump staff member?s email account was infected with malware in 2015 and sent malicious emails to colleagues, according to one insider for the Republican candidate's campaign and an outside security expert. In the past month, U.S. security officials have said that starting last year, hackers infiltrated computers of the Democratic National Committee (DNC), the presidential campaign of Hillary Clinton and her party's congressional fundraising committee.


Eddie Bauer says retail store registers hit by malware

- Thu, 18 Aug 2016 18:01:10 -0400

Eddie Bauer says its retail stores' point-of-sale systems were infected with malware earlier this year, possibly giving hackers access to customers' payment card information.

iOS and Android inch closer to owning 100% of the entire smartphone market

- Thu, 18 Aug 2016 18:00:02 -0400

The latest research numbers from Gartner reveal that iOS and Android are inching ever closer towards completely owning 100% of the entire global smartphone market. According to the latest figures, sales of Android and iOS handsets during the recent June quarter accounted for 99.1% of all smartphone sales worldwide. Broken down by platform, Android devices accounted for 86.2% of sales while iPhone sales accounted for 12.9% of sales. DON'T MISS:  The Galaxy Note 7 has a big problem, and it might also affect the iPhone 7 As evidenced by the chart below, sales of Windows and Blackberry devices have effectively been reduced down to mere footnotes. The share of Windows devices, for example, dropped down from an already unimpressive 2.5% during the June 2015 quarter to just 0.6% during the most recent quarter. If we look more closely and divide up marketshare across individual handset manufacturers, it's no surprise that Samsung is still the big name to beat. Indeed, three out of the top five handset manufacturers enjoyed year over year growth during the last quarter, with Apple being a notable exception. That, of course, shouldn't come as too much of a surprise given that Apple over the past two quarters has posted two year-over-year declines in iPhone sales. For some historical context, it's interesting to note that both Samsung and Apple's share of the smartphone market have fallen off over the last few years, primarily due to the emergence of brands like Huawei and Xiaomi. For example, Samsung and Apple's share of the smartphone market in 2013 checked in at 31% and 15.6% respectively.

iOS and Android inch closer to owning 100% of the smartphone market

- Thu, 18 Aug 2016 18:00:02 -0400

The latest research numbers from Gartner reveal that iOS and Android are inching ever closer towards completely owning 100% of the entire global smartphone market. According to the latest figures, sales of Android and iOS handsets during the recent June quarter accounted for 99.1% of all smartphone sales worldwide. Broken down by platform, Android devices accounted for 86.2% of sales while iPhone sales accounted for 12.9% of sales. DON'T MISS:  The Galaxy Note 7 has a big problem, and it might also affect the iPhone 7 As evidenced by the chart below, sales of Windows and Blackberry devices have effectively been reduced down to mere footnotes. The share of Windows devices, for example, dropped down from an already unimpressive 2.5% during the June 2015 quarter to just 0.6% during the most recent quarter. If we look more closely and divide up marketshare across individual handset manufacturers, it's no surprise that Samsung is still the big name to beat. Indeed, three out of the top five handset manufacturers enjoyed year over year growth during the last quarter, with Apple being a notable exception. That, of course, shouldn't come as too much of a surprise given that Apple over the past two quarters has posted two year-over-year declines in iPhone sales. For some historical context, it's interesting to note that both Samsung and Apple's share of the smartphone market have fallen off over the last few years, primarily due to the emergence of brands like Huawei and Xiaomi. For example, Samsung and Apple's share of the smartphone market in 2013 checked in at 31% and 15.6% respectively.

Eddie Bauer says malware used to access payment card data

- Thu, 18 Aug 2016 17:47:16 -0400

Eddie Bauer store is seen in Broomfield(Reuters) - Retailer Eddie Bauer LLC said on Thursday customers' payment card information used at its stores may have been accessed by unauthorized parties. A malware was used to access the data at its retail stores on various dates between Jan. 2 and July 17, the company said. Payment card information used for online purchases on the company's website was not affected.


Olympics-Russian whistleblower Stepanova treated 'very poorly' -IOC's Pound

- Thu, 18 Aug 2016 17:27:11 -0400

By Jonathan Crane RIO DE JANEIRO, Aug 18 (Reuters) - Russian whistleblower Yulia Stepanova and her husband, who fled their country after uncovering a state-backed doping scandal, were treated poorly by all sports bodies, said International Olympic Committee member Dick Pound. Pound, the former head of the World Anti-Doping Agency who helped draft the first of several reports into Russian doping last year, said her treatment and exclusion from the Olympics was scaring off other people who may be ready to talk. "I think collectively we have treated Stepanova very poorly and I think that would have a tendency to put a wet blanket over any other whistleblowers, who'll say, 'look what happened to them.