CSO – Page 11 – Maria Korolov

Security experts divided on ethics of Facebook’s password purchases

Last week, Facebook CSO Alex Stamos told conference attendees in Lisbon that the company buys stolen passwords on the black market, and some security experts are questioning the ethics and benefits of this approach.

“Paying for stolen passwords only reinforces the criminal business model and further encourages hackers to steal passwords,” said Amichai Shulman, founder and CTO at Redwood Shores, Calif.-based security vendor Imperva, Inc.

Paying off hackers has other consequences as well.

“You don’t know where that money’s going to go,” said Javvad Malik, security advocate at San Mateo, Calif.-based AlienVault, Inc.. “That money is likely to go towards funding more criminal activity.”

To read this article in full or to leave a comment, please click here

Security experts divided on ethics of Facebook’s password purchases Read More »

Visibility, security top concerns for cloud computing adoption

CSO

Enterprises considering adopting public clouds are concerned about where their data is located and how it’s protected, according to a new survey by IDG.Companies will have about 60 percent of their IT environment in public, private, or hybrid clouds…

Visibility, security top concerns for cloud computing adoption Read More »

AI makes security systems more flexible

CSO, Network World

Advances in machine learning are making security systems easier to train and more flexible in dealing with changing conditions, but not all use cases are benefitting at the same rate.
Machine learning, and artificial intelligence, has been getting …

AI makes security systems more flexible Read More »

Flood of threat intelligence overwhelming for many firms

Computerworld, CSO, Networks Asia

Three years after Target missed alerts warning them about a massive data breach, the amount of threat information coming in from security systems is still overwhelming for many companies, according to new reports, due to a lack of expertise and inte…

Flood of threat intelligence overwhelming for many firms Read More »

Unencrypted pagers a security risk for hospitals, power plants

CSO

For most of us, pagers went out when cell phones came in, but some companies are still using them and when the messages are sent without encryption, attackers can listen in and even interfere with the communications.

According to two new reports by Trend Micro, pagers are still in use in hospital settings and in industrial plants.

Stephen Hilt, Trend Micro’s lead researcher on the project, said they don’t have a concrete percentage on the number of encrypted messages.

To read this article in full or to leave a comment, please click here

Unencrypted pagers a security risk for hospitals, power plants Read More »

Why don’t developers have a ‘spellchecker’ for security’?

Computerworld, CSO

Despite all the news coverage about successful cyberattacks, developers are still writing code full of security vulnerabilities.Of course, nobody is perfect. We all make mistakes, and as software projects get more and more complex, it can be easy to…

Why don’t developers have a ‘spellchecker’ for security’? Read More »

Russian criminals’ bank attacks go global

CSO

Russian cybercriminals have field tested their attack techniques on local banks, and have now begun taking them global, according to a new report — and a new breed of mobile attack apps is coming up next.
Criminals stole nearly $44 million directl…

Russian criminals’ bank attacks go global Read More »

Flash mobs the latest threat this holiday season

CSO

The holiday season rings in more than just higher sales for retailers. There’s also more shoplifting and lower profit margins than the rest of the year, according to a report released today. Plus, this year, there’s an extra surprise — flash mobs….

Flash mobs the latest threat this holiday season Read More »

Cybersecurity ‘ninjas’ value challenges, training and flexible schedules over pay

CSO

Challenging work, skills training and flexible work hours are important for all cybersecurity employees, but especially so for the highest skilled workers, according to a report released today by the Center for Strategic and International Studies.In…

Cybersecurity ‘ninjas’ value challenges, training and flexible schedules over pay Read More »

Researcher unveils second Samsung Pay vulnerability

CSO

Samsung just can’t catch a break these days. Its phones are exploding, and so are its washing machines, and now a security researcher has found a second vulnerability in Samsung Pay.Salvatore Mendoza demonstrated the first vulnerability at Black Hat…

Researcher unveils second Samsung Pay vulnerability Read More »

Yahoo shows that breach impacts can go far beyond remediation expenses

CSO

Companies that focus on the immediate breach remediation costs may be missing the big picture, and could be under-investing in security as a result.Several studies have come out recently trying to get a handle on the total costs of a data breach, wi…

Yahoo shows that breach impacts can go far beyond remediation expenses Read More »

Enterprises outsmarting themselves with security, while attackers easily use common techniques

CSO

Bad guys use common techniques to steal data, while companies focus too much on sophisticated attacks, according to the second annual Hacker’s Playbook, based on an analysis of nearly 4 million breach methods.Security professionals are figuring out …

Enterprises outsmarting themselves with security, while attackers easily use common techniques Read More »

Leaky IoT devices help hackers attack e-commerce sites

CSO

Millions of IoT devices are misconfigured so that they can forward messages — which, combined with default admin settings, allows them to be used to attack e-commerce and other websites, a new report says.The problem is well known and has been arou…

Leaky IoT devices help hackers attack e-commerce sites Read More »

How Shodan helped bring down a ransomware botnet

CSO

Shodan is a search engine that looks for internet-connected devices. Hackers use it to find unsecured ports and companies use it to make sure that their infrastructure is locked down. This summer, it was also used by security researchers and law en…

How Shodan helped bring down a ransomware botnet Read More »

Data leaks evolving into weapons of business destruction

CSO

Most of the recent data breaches involve customer information such as user names and passwords, credit card numbers, and medical histories. The companies hacked are hurt — they have to contact victims, pay for credit monitoring services and fines, …

Data leaks evolving into weapons of business destruction Read More »