News from 'Help Net Security'

Syndicate content
Daily information security news with a focus on enterprise security.
Updated: 14 hours 1 min ago

Microsoft extends the Microsoft Edge Bounty Program

Fri, 23/Jun/2017 - 00:31
Initially time-bound, the Microsoft Edge Bounty Program has now been turned into one that will run indefinitely, Microsoft has announced. The past and present of the Microsoft Edge Bounty Program “Since 2013, we have launched three browser bounties to uncover specific vulnerabilities. As security is a continuous effort and not a destination, we prioritize identifying different types of vulnerabilities in different points of time,” says Akila Srinivasan, a program manager with the Microsoft Security Response … More →
Categories: Cyber India

Businesses finally realize that cyber defenses must evolve

Fri, 23/Jun/2017 - 00:00
Cybersecurity is finally getting the attention it deserves – it is only regrettable that this good news is the result of bad news: more numerous, complex, and damaging cyber attacks than ever before. Cybersecurity takes a step forward “The WannaCry ransomware attacks have recently made the headlines around the world. This attack was a wake-up call for many organizations and, in particular, for those that believed they could never be a target (e.g. manufacturing companies),” … More →
Categories: Cyber India

Trusted identities bridge gap between connected workers and smart buildings

Thu, 22/Jun/2017 - 22:58
Trusted identities can serve as the backbone for smart buildings and today’s connected workforce, according to a new study conducted by IFSEC Global. The study focused on how the access control infrastructure combined with trusted identities can connect disparate systems for enhanced monitoring and a better user experience as people enter and move around buildings, access various systems and consume building services. According to the report, 85 percent of respondents are aware that identities can … More →
Categories: Cyber India

Forget about the malware, go after the attacker’s tactics, techniques and procedures

Thu, 22/Jun/2017 - 20:02
The cybercriminal’s options for monetizing attacks has never been broader, less complex, or less risky, and attempts to detect intrusions by detecting the malware they use has never been more pointless, a study commissioned by Arbor Networks has revealed. “Nearly everything used by the attacker is now disposable, making most threat data and traditional anti-virus techniques almost useless. Industry sources have found that the vast majority of malware (over 95%) is automatically generated to produce … More →
Categories: Cyber India

Fostering a safe place for businesses to work in

Thu, 22/Jun/2017 - 19:30
It’s no secret that in the past few years, business leaders have begun to realise the potential of digital transformation to give their organisation a competitive edge. Through driving productivity, empowering staff and creating engaging experiences for customers; investing in digital technology has become a number one priority for businesses looking to secure their place in our digital tomorrow. However, as seen from the recent ransomware attacks that have shaken organisations across Europe – including … More →
Categories: Cyber India

When it comes to cybersecurity, businesses remain overconfident and vulnerable

Thu, 22/Jun/2017 - 19:00
Consumer products companies, retailers and restaurant businesses may be operating with a false sense of security, according to a new Deloitte study. The study captures input from more than 400 CIOs, CISOs, CTOs and other senior executives about cyber risks and response plans affecting customer trust, payments, executive level engagement, human capital and intellectual property. Confidence is high According to the study, more than three-quarters (76 percent) of consumer business executives report they are highly … More →
Categories: Cyber India

Email scammers swindle US State Supreme Court judge out of $1 milion

Thu, 22/Jun/2017 - 01:43
If often happens to less prominent individuals, but this time it happened to a US State Supreme Court judge: scammers have managed trick her into wiring the money meant for buying an apartment to a bank account under their control. According to the NY Daily News, State Supreme Court Justice Lori Sattler was in the process of selling her apartment and buying another, when she received an email that seemed like it was coming from … More →
Categories: Cyber India

Largest US voter data leak shines light on many problems

Thu, 22/Jun/2017 - 00:14
If US citizens weren’t convinced by now that they have long lost control of their data, the fact is more than obvious after a misconfigured database containing 198 million US voters was found leaking the information online. What’s more, successfully suing Deep Root Analytics, the company that inadvertently leaked the data, will likely be difficult, if not impossible. The root of the problem Different US states have different data security regulations, and some of those … More →
Categories: Cyber India

Mozilla ports simplified private browsing app to Android

Wed, 21/Jun/2017 - 21:58
Less than a year since the release of Firefox Focus for iOS, Mozilla has ported the privacy-focused browser to Android. What is Firefox Focus? Firefox Focus is a simplified browser app that makes it easy to block online trackers – ad, analytics, and social – as well as other content trackers like embedded videos, news article embeds, and so on. It also allows users to delete browsing information (cookies, website history, etc.) after each use … More →
Categories: Cyber India

Average data breach cost declines 10% globally

Wed, 21/Jun/2017 - 21:10
The average cost of a data breach is $3.62 million globally, a 10 percent decline from 2016 results. This is the first time since the global study was created that there has been an overall decrease in the cost. According to the study conducted by Ponemon Institute, these data breaches cost companies $141 per lost or stolen record on average. The average number of breached records by country or region Significant decrease in Europe Analyzing … More →
Categories: Cyber India

When it comes to trustworthy websites, banks drop the ball

Wed, 21/Jun/2017 - 19:44
OTA’s ninth annual Online Trust Audit & Honor Roll analyzed more than 1,000 consumer-facing websites for their website and email security and privacy practices. The Audit revealed that 52 percent of analyzed websites qualified for the Honor Roll, a five percent improvement over 2016. OTA also observed the emergence of an alarming three-year trend: sites either qualify for the Honor Roll or fail the Audit. In other words, sites increasingly either take privacy and security … More →
Categories: Cyber India

AI can increase corporate profitability by average of 38% by 2035

Wed, 21/Jun/2017 - 19:42
Businesses that successfully apply artificial intelligence (AI) could increase profitability by an average of 38 percent by 2035, according to Accenture. The introduction of AI could lead to an economic boost of US$14 trillion in additional gross value added (GVA) across 16 industries in 12 economies. To capitalize on the opportunity, the report identifies eight key strategies for successfully implementing AI that focus on adopting a human-centric approach and taking bold and responsible steps to … More →
Categories: Cyber India

Cybersecurity trends: Fight against cybercrime shows both improvements and downsides

Wed, 21/Jun/2017 - 18:00
Trustwave released the 2017 Trustwave Global Security Report which reveals the top cybercrime, data breach and security threat trends from 2016. The report demonstrates both good and bad news in the world of cybersecurity as intrusion detection and breach containment times were relatively better, but other threats like malvertisements became cheaper and malicious spam saw increases. Intrusion detection gets better, especially when breaches are self-detected: The median number of days from an intrusion to detection … More →
Categories: Cyber India

Stack Clash bug could give root privileges to attackers on Unix, Linux systems

Wed, 21/Jun/2017 - 03:07
Qualys researchers have unearthed a serious privilege escalation bug affecting a wide variety of Unix and Unix-based operating systems, and has been working with vendors to develop patches since May. As the patches have been pushed out, Qualys went public with the information, and urged users to implement them as soon as possible. The vulnerability (CVE-2017-1000364) The vulnerability has been dubbed Stack Clash, because it is triggered when the attackers forces an application’s stack to … More →
Categories: Cyber India

Hackers extorted a cool $1 million from South Korean web hosting provider

Wed, 21/Jun/2017 - 00:56
Whether through ransomware, or simply by breaking into computer systems and exfiltrating and deleting the data found on them with other means, cyber extortionists are going for the big fish: businesses. Depending on how big and thriving the target is, the pay-off can be considerable, as evidenced by the latest successful attack on South Korean web host Nayana. Recovering ransomware-infected servers The attackers managed to infect 153 Linux servers, which were hosting the websites of … More →
Categories: Cyber India

As UK govt calls for encryption backdoors, EU lawmakers propose a ban on them

Tue, 20/Jun/2017 - 22:56
As the UK gets hit by terror attacks one after the other, the government’s cry for making sure terrorists and criminals can’t find “safe spaces” online has become a constant. Some European legislators, on the other hand, are asking for European citizens’ right to end-to-end encryption in all forms of digital communications – current and future – to be enshrined in law. Respect for private life The proposal comes from the European Parliament’s Committee on … More →
Categories: Cyber India

Security startup confessions: Attending industry events

Tue, 20/Jun/2017 - 21:03
My name is Kai Roer and I am a co-founder of European security startup CLTRe, and these are my confessions. I hope you will learn from my struggles, and appreciate the choices startups make when security matters. I will share experiences from my own startups (my first was in 1994), and things I have learned by watching and advising numerous other startups around the world. Attending conferences and similar events typically involves a lot of … More →
Categories: Cyber India

Evaluating artificial intelligence and machine learning-based systems for cyber security

Tue, 20/Jun/2017 - 19:30
All indicators suggest that 2017 is shaping up to be the year of artificial intelligence and machine learning technology for cyber security. As with most trends in our industry, the available protection solutions range from elegantly-designed platforms to clumsily-arranged offerings. The big problem is that many enterprise security teams cannot always tell the difference. I’ve spent the past few months digging in with a variety of vendors providing products and services in this important area. … More →
Categories: Cyber India

InfoArmor: Operatively-sourced threat intelligence

Tue, 20/Jun/2017 - 18:00
In this podcast, Mike Kirschner, Senior Vice President of Advanced Threat Intelligence at InfoArmor, talks about this dark web operatively sourced intelligence firm that is really focused on dark web surveillance and sourcing of compromise and breach data through operative engagement. Here’s a transcript of the podcast for your convenience. Hi, I’m Mike Kirschner, I’m the Senior Vice President of InfoArmor Advanced Threat Intelligence Division. We are a dark web operatively sourced intelligence firm that … More →
Categories: Cyber India

Sensitive data on 198 million US voters exposed online

Tue, 20/Jun/2017 - 03:40
For at least two whole weeks, a database containing information on 198 million potential US voters – more than half of the American population – lay exposed on the internet, accessible to anyone who stumbled upon it while looking for unsecured assets. Who’s data is it, and who left this data exposed? All in all, between June 1 and June 14, some 25 terabytes of data was exposed, and of these 1.1 terabytes were available … More →
Categories: Cyber India