15.8 C
Friday, August 18, 2017

Facebook Adds Physical Key Security For Member Accounts

Social media site now supports security keys to boost multifactor authentication.

Data Breach Costs Drop Globally But Increase in US

The average total cost of a data breach declined 10% year-over-year around the world, but in the US edged upward by 5%.

Getting the Most From Your Threat Intelligence

Anomali's Director of Security Strategy Travis Farral discusses how security pros can better use the threat intel feeds and tools they already have.

Mobile App Back-End Servers, Databases at Risk

Mobile app developers'casual use of back-end technology like Elasticsearch without security-hardening puts unsuspecting enterprises at grave risk of exposure.

Slack, Telegram, Other Chat Apps Being Used as Malware Control Channels

Cybercriminal are abusing third-party chat apps as command-and-control infrastructures to spread their malware.

6 New Security Startups Named to Mach37 Spring Cohort

The companies selected this year include technical talent that draws from Silicon Valley to Hungary and Western Europe.

Black Hat to Host Discussion on Diversity

Panel of diversity pioneers will share their views and firsthand experience on how to make inclusion a priority in security.

Man Who Hacked his Former Employer Gets 18-Month Prison Sentence

A Tennessee man also must pay restitution of nearly $172,400 to his former employer after hacking into its systems to gain an edge for his new company.

5 Frightening Cyberthreats You Shouldn’t Ignore

The scariest threat aren't scary because of their technical sophistication.

They're scary because of the failures of security organizations and institutions.

JPMorgan Breach: New Witness Delays Trial Of Bitcoin Exchange Suspects

Trial proceedings of pastor Trevon Gross and Yuri Lebedev has been delayed; jury selection will take place Feb. 14.

Blogger Turns Tables On Cyber-Scammer

A French security researcher says he managed to turn the tables on a cyber-scammer by sending him malware.Technical support scams try to convince people to buy expensive software to fix imaginary problems.But Ivan Kwiatkowski played along with the scheme until he was asked to send credit card details. He instead sent an attachment containing ransomware.He told the BBC he wanted to waste the man's time to make the scheme unprofitable.ScarewareTechnical support scams are designed to scare people into buying useless and sometimes harmful software.Scammers send out emails, create fake websites or place advertisements online, falsely warning people that their computers have been infected with viruses.They encourage victims to contact "technical support" via a supplied telephone number or email address."In most cases, the scammer's objective is to convince you that your machine is infected and sell you a snake-oil security product," Mr Kwiatkowski told the BBC. Not fooledWhen Mr Kwiatkowski's parents stumbled across one such website, he decided to telephone the company and pretend he had been fooled.The "assistant" on the telephone tried to bamboozle him with technical jargon and encouraged him to buy a "tech protection subscription" costing 300 euros (£260).Mr Kwiatkowski told the assistant that he could not see his credit card details clearly and offered to send a photograph of the information.But he instead sent a copy of Locky ransomware disguised as a compressed photograph, which the assistant said he had opened."He says nothing for a short while, and then... 'I tried opening your photo, nothing happens.' I do my best not to burst out laughing," Mr Kwiatkowski wrote in his blog.Tips for avoiding scarewareBe suspicious of messages on web pages that tell you your device has been infected by viruses or has other problems Be suspicious of advertisements that masquerade as system messages Avoid clicking on links and attachments in emails from unknown senders Contact your device or operating system manufacturer directly for advice Timewaster"I respond to email scam attempts most of the time, but this was the first time I responded to one over the telephone," Mr Kwiatkowski told the BBC."I'm curious about how criminals operate and what they're trying to accomplish."More often than not it ends up being fun and there's social utility in wasting their time.
I believe that if more people respond and waste their time, their activities might not be profitable enough to continue."Mr Kwiatkowski said he could not be absolutely certain whether the ransomware had infected the scammer's computer, but there was a fair chance it had."He did not let on that something had happened to his computer, so my attempt is best represented as an unconfirmed kill," said Mr Kwiatkowski."But encrypting a whole file system does take some time."He acknowledged that some people may have found his retaliation unethical, but said responses had been "mostly positive". "People respond well to the story because this is such a David versus the Goliath setting," he said.However, Professor Alan Woodward from the University of Surrey warned that "hacking back" could have consequences,"There's a lot of talk around hacking back - and while it may be very tempting, I think it should be avoided to stay on the right side of the law."But wasting their time on the phone I have no problem with.
I even do that myself!"

Symantec Sells Digital Certificate Business to DigiCert

$950 million deal comes in the wake of Google sanctions on Symantec certs earlier this year.