We don't need more InfoSec analysts: We need analysts to train AI infrastructures to detect attacks

This vendor-written tech primer has been edited by Network World to eliminate product promotion, but readers should note it will likely favor the submitter’s approach. Everyone says there is an information security talent gap. In fact, some sources say the demand for security professionals exceeds the supply by a million jobs. Their argument is basically this: attacks are[…]

FacebookTwitterGoogle+Share

Android malware that can infiltrate corporate networks is spreading

An Android malware is spreading across app stores, including Google Play, and has the capability of stealing sensitive files from corporate networks. DressCode, a family of Android malware, has been found circulating in at least 3,000 Trojanized apps, security firm Trend Micro said on Friday. DressCode hides itself inside games, user interface themes, and phone optimization[…]

Firefox blocks websites with vulnerable encryption keys

To protect users from cryptographic attacks that can compromise secure web connections, the popular Firefox browser will block access to HTTPS servers that use weak Diffie-Hellman keys. Diffie-Hellman is a key exchange protocol that is slowly replacing the widely used RSA key agreement for the TLS  (Transport Layer Security) protocol. Unlike RSA, Diffie-Hellman can be[…]

Ransomware spreads through weak remote desktop credentials

Stolen or weak remote desktop credentials are routinely used to infect point-of-sale systems with malware, but recently they’ve also become a common distribution method for file-encrypting ransomware. In March, researchers discovered a ransomware program dubbed Surprise that was being installed through stolen credentials for TeamViewer, a popular remote administration tool. But the trend had started[…]

Microsoft opens up its 'million dollar' bug-finder

Microsoft is previewing a cloud-based bug detector, dubbed Project Springfield, that it calls one of its most sophisticated tools for finding potential security vulnerabilities. Project Springfield uses “whitebox fuzzing,” which uncovered one-third of the “million dollar” security bugs during the development of Windows 7. Microsoft has been using a component of the project called SAGE[…]

IDG Contributor Network: Passwords will be wirelessly transmitted through bodies

Low-frequency transmissions created by off-the-shelf biometric devices, such as fingerprint sensors, can be diverted through the body and can securely transmit password-like authentication. The off-the-shelf biometric sensors, such as touchpads, are “re-purposed to send out information,” says Shyam Gollakota, University of Washington assistant professor of computer science and engineering and senior author on the research[…]

IDG Contributor Network: The future of security: A combination of cyber and physical defense

Our increasingly connected world gives hackers even more ways to exploit technology for malicious purposes. We’re now entering a period when cyber attacks could cause major physical damage. To protect people from these combined cyber and physical threats, information security experts and law enforcement, which traditionally handles physical security, will have to share strategies. +[…]

FBI reports more attempts to hack voter registration system

The U.S. Federal Bureau of Investigation has found more attempts to hack the voter registration systems of states, ahead of national elections. The agency had reportedly found evidence in August that foreign hackers had breached state election databases in Illinois and Arizona, but it appears that there have been other attempts as well, besides frequent[…]

The Yahoo hackers weren't state-sponsored, a security firm says

Common criminals, not state-sponsored hackers, carried out the massive 2014 data breach that exposed information about millions of Yahoo user accounts, a security firm said Wednesday. Yahoo has blamed state actors for the attack, but it was actually elite hackers-for-hire who did it, according to InfoArmor, which claims to have some of the stolen information.[…]

Most dangerous cyber celebrities of 2016

Dangerous celebrities Intel has reeled off the 10th annual McAfee Most Dangerous Celebrities list based on likelihood of getting hit with a virus or malware when searching on the celebs’ names. “Consumers today remain fascinated with celebrity culture and go online to find the latest pop culture news,” said Gary Davis, chief consumer security evangelist[…]