The FBI and CIA are working together on a joint investigation into the Vault 7 document cache published by WikiLeaks that supposedly reveals the CIA's hacking tools. Many of the companies mentioned in the documents for having exploitable vulnerabilities -- including Apple, the Linux Foundation, and Microsoft -- have spoken out about the leaks, but it has taken some time for the CIA itself to respond.

Speaking to the BBC, a CIA spokesperson said: "The American public should be deeply troubled by any Wikileaks disclosure designed to damage the intelligence community's ability to protect America against terrorists and other adversaries." FBI director James Comey has also spoken about the lack of privacy that now exists in the US.

Continue reading →

If you’re not a data security professional, you may have missed the fact that January 28th was Data Privacy Day (also known as Data Protection Day, in Europe). Since 2007, Data Privacy Day has been designated as a day to raise awareness and promote privacy and data protection best practices.

As VP CSO for Zuora, I’m all for anything that raises awareness and promotes dialogue about data security -- but obviously I don’t just focus on data privacy once a year. For me, and my security colleagues, data privacy is an everyday concern. But the fact is that these days we’re seeing data privacy becoming an everyday concern for everyone. Whether it’s potentially hacked elections or IoT devices listening in on your family conversations, questions about data privacy -- and the implications of hacked data -- are becoming more pervasive and more concerning.

Continue reading →

The IoT (Internet of Things), is a network of devices connected to the Internet that gathers and transmits data. The ubiquitous adoption of smartphones, and the ability to connect to anyone, anywhere at any time, will have quite the impact on the data center industry in 2017. It is anticipated that more than 24 billion IoT devices will exist worldwide by 2020. These devices include everything from smartphones, to cars, to refrigerators. This increasing amount of data that is being produced by both consumers and providers will not only change our applications and devices, but also how data centers operate.

Below are three ways in which the IoT revolution will impact the data center industry in 2017:

Continue reading →

In the wake of WikiLeaks' Vault 7 CIA leaks, Apple has been quick to point out that vulnerabilities mentioned in the documents have already been addressed. Microsoft and Samsung have said they are "looking into" things, and now the Linux Foundation has spoken out.

Nicko van Someren, Chief Technology Officer at The Linux Foundation says that while it is "not surprising" that Linux would find itself a target, the open source project has a very fast release cycle, meaning that kernel updates are released every few days to address issues that are found.

Continue reading →

There is much to consider when buying a piece of technology, but price and suitability tend to be at the top of most people's lists. In recent years, however, there has been an increased interest in privacy and security, and this is something that renown reviewer Consumer Reports is going to start taking into consideration.

Consumer Reports most recently hit the headlines for deciding not to recommend the new MacBook Pro (although it later changed its mind), and now the non-profit has teamed up with a number of privacy, security, and consumer rights organizations with a view to creating a new digital standard for products to live up to. The aim is to put data security and privacy first, just as many consumers are starting to do.

Continue reading →

Businesses often have security concerns surrounding moving their data to the cloud. For users of the popular Google Cloud Platform, Check Point is offering additional security with the launch of a new product.

The release of vSEC for Google Cloud Platform delivers advanced security that is built for agile and scalable cloud environments.

Continue reading →

Ransomware continues to be a major problem, a new report reveals that more than 60 percent of organizations suffered some form of ransomware attack in 2016.

The good news is that 54 percent successfully retrieved their data without resorting to paying the ransom. These are among the findings of the fourth-annual Cyberthreat Defense Report from security research firm CyberEdge Group.

Continue reading →

The Vault 7 document and code cache released yesterday by WikiLeaks revealed that many big software companies were being actively exploited by the CIA. Apple, Microsoft, Google, Samsung, and even Linux were all named as having vulnerabilities that could be used for surveillance.

Apple was one of the first of the companies mentioned in the documents to speak out and address concerns and security. But while the iPhone manufacturer has quickly indicated that it has fixed "many" of the vulnerabilities, Microsoft and Samsung have merely said they are looking into the issues raised. Other companies and groups mentioned have made no comment at all.

Continue reading →

Security researchers from Kaspersky Lab have found a very powerful malware, one which is capable of completely wiping the contents of a disk. Announcing the finding, the security company says the malware, which it dubbed StoneDrill, was found on just two machines so far, one in the Middle East, and one in Europe.

The researchers claim StoneDrill is both similar and "very different and more sophisticated" than another wiper malware -- Shamoon 2.0. They actually stumbled upon StoneDrill while investigating Shamoon 2.0.

Continue reading →

Yesterday WikiLeaks unleashed Vault 7 online, revealing a wealth of information about the CIA's hacking tools and techniques. Included in the data dump was the suggestion that the CIA was actively exploiting vulnerabilities in iOS and other software to listen in on people. Apple has responded by saying that "many" of these security holes have been fixed.

Importantly, the company is unable to say that all of the vulnerabilities being used -- or that have been historically used -- by the CIA have been addressed, but it does insist that it "will continue work to rapidly address" problems that are found. A number of iOS security flaws have been exploited by the CIA to surveil individuals, or even take remote control of devices.

Continue reading →

It's no secret that Facebook can be a real hog, both in terms of data and battery usage. To combat the problem, Facebook released a cut-down version of its mobile app in certain markets called Facebook Lite; it also followed that up more recently with Facebook Messenger Lite.

The problem with Facebook Lite is that it's not available everywhere through Google Play. For people keen to get their hands on the app, there are plenty of app repositories online offering it for download. But not all repositories are equal, and some are serving up a tainted version of Facebook Lite that's laden down with spyware -- specifically Android/Trojan.Spy.FakePlay.

Continue reading →

WikiLeaks has unleashed a treasure trove of data to the internet, exposing information about the CIA's arsenal of hacking tools. Code-named Vault 7, the first data is due to be released in serialized form, starting off with "Year Zero" as part one. A cache of over 8,500 documents and files has been made available via BitTorrent in an encrypted archive.

The plan had been to release the password at 9:00am ET today, but when a scheduled online press conference and stream came "under attack" prior to this, the password was released early. Included in the "extraordinary" release are details of the zero day weapons used by the CIA to exploit iPhones, Android phones, Windows, and even Samsung TVs to listen in on people. Routers, Linux, macOS -- nothing is safe.

Continue reading →

Keen as ever to squash any security issues and bugs that might arise in their software, both Microsoft and Google have announced increases in their bug bounty program payouts. Microsoft has doubled some awards, while Google has used others to make knowing jokes.

Two increased rewards from Google include "leet" references. Find a Remote Code Execution bug and you could bag yourself $31,337 (up from $20,000); execute "Unrestricted file system or database access" and you could earn $13,337 (up from $10,000). While Google's increases are permanent, however, Microsoft's are just temporary.

Continue reading →

To everyone who continues to own a legacy email archive -- beware! You are sitting on a ticking time bomb.

By legacy email archives, I am referring to an email archive that was designed in the early 2000’s and is likely deployed on premises; but in some cases is a hosted email archive solution. A legacy email archive presents three major risks to your IT infrastructure and organization as a whole.

Continue reading →

A faulty backup has inadvertently exposed the entire working database of notorious spam operator River City Media (RCM). In all, the database contains more than 1.37 billion email addresses, and for some records there are additional details such as names, real-world addresses, and IP addresses. It's a situation that's described as "a tangible threat to online privacy and security."

Details about the leak come courtesy of Chris Vickery from macOS security firm MacKeeper who -- with a team of helpers -- has been investigating since January. River City Media's database ended up online thanks to incorrectly-configured Rsync backups. In the words of Vickery: "Chances are you, or at least someone you know, is affected."

Continue reading →