TweakTown NewsRefine News by Category:
The Apple Watch will be released on April 24 and should bring immediate attention to the wearables market - but that has some cybersecurity experts concerned. More users will rely on their smartwatches to make payments, conduct business communications, and save sensitive information for easier access.
Even though this will make it easier to incorporate wearables into our daily lives, it opens the door to hackers looking for new cybercriminal opportunities.
"The more ways we make data more convenient, the more risk there is to access the data and access things without your knowledge," said Kevin Mahaffey, chief technology officer of the Lookout cybersecurity firm, in a statement published by CNBC. "Just like adding another door to your house, it's just adding another way for bad guys to get in."
As cybercriminals pick and choose targets to attack, there is a vocal push by the US government for increased cyber threat intelligence sharing between the government and private sector. The retail and oil & gas sectors have already outlined official methods to share intelligence, while other business verticals mull similar efforts.
Collected intelligence of new and ongoing cyberattacks can be difficult to track, which is why financial services (FS) and information-sharing and analysis centers (ISACs) are becoming more prevalent.
"The process isn't automated yet," said William Nelson, president and CEO of FS-ISAC, in a statement published by Dark Reading. "A lot of dialog in information-sharing is going back and forth, did anybody see this, and they raise their hand. We're trying to get more automated..."
Just one-third of small and midsize businesses (SMBs) are aware that cyber insurance exists, despite a rising number of cyberattacks - and successful data breaches. Meanwhile, 52 percent of SMBs are "very" or "moderately" interested in purchasing some type of cyber insurance, according to a recent survey by Software Advice.
Some SMBs may have limited cyber coverage, which focuses on business impact related to network loss - and similar business activities - but don't include other financial ramifications from a data breach.
"I would define [its] state ... as 'infant' or 'forming,'" said Bob Rudis, security data scientists at Verizon Enterprise Solutions. "There have been companies selling versions of cyber insurance for a few years, but there is no same standard of practice for vetting a potential company, [sharing] claims data or historical (actuarial) data or even a consensus on pricing models."
Following its massive 2013 data breach, which led to customer payment data being stolen, Target will pay $10 million in a class-action lawsuit settlement. The attack took place between Nov. 27 and Dec. 15 2013, with up to 40 million credit and debit cards compromised.
If approved by a federal district court judge, individual victims would be paid up to $10,000 - but is just one of 15 lawsuits that were filed against Target within a short period following the data breach.
"We are pleased to see the process moving forward and look forward to its resolution," said Molly Snyder, Target spokesperson, in a statement to CBS News.
Microsoft plans to offer the Windows Hello biometric sign-in feature for its upcoming Windows 10 operating system. Users will have the chance to scan their face, fingerprint or iris, which can be used to unlock PCs, laptops, or smartphones.
Windows Hello can be used to access protected content, authenticate apps, and other "online experiences," Microsoft says.
Meanwhile, Intel said all systems that utilize its RealSense F200 sensor can support Windows Hello. All data will be stored locally on each PC or device, and will remain anonymous in case hackers compromise it.
The Premera Blue Cross health insurer has confirmed it suffered a data breach, putting 11 million customers at risk. Compromised data includes financial information and medical information, including names, bank account data, Social Security numbers, and clinical information.
The FBI is now working with Premera to gauge the seriousness of the data breach, with compromised records dating back as far as 2002. The company is now offering two years of free credit monitoring and identity theft protection services, Premera said on a special website designed to discuss the issue.
"All of us here at Premera have been by affected by this attack and we understand and share your concerns," said Jeff Roe, President and CEO of Premera. "Please know that we're committed to making sure you get the tools and assistance you need to help protect you."
Improving cybersecurity is a major effort by government agencies and the private sector, with security incidents still occurring at a frightening rate. Financial institutions have focused more on keeping attackers out of their networks, while trying to defend against a large number of attacks.
Most bank-related fraud tends to occur because of the use of false or anonymous identities. However, there is more focus on trying to keep malware from being installed, and to prevent distributed denial of service (DDoS) attacks from being so successful.
"It is no longer acceptable to simply apologize for a security breach and send a letter out to affected customers," said Dorean Kass, VP at Neustar. "Customers expect businesses, especially banks, to identify fraud and maintain cybersecurity, all while ensuring a convenient experience for its clients."
The US federal government believes a criminal case could begin against those responsible for breaching JPMorgan Chase, after 83 million customers were impacted. The breach last October led to customer names, addresses, phone numbers and email addresses being stolen - and investigations began immediately after the breach was revealed.
A few of the suspects live in countries which have extradition treaties with the United States, according to the New York Times, which means authorities could open criminal cases. Following a more thorough investigation, it was found that the breach wasn't nearly as sophisticated as originally believed.
"The bad news is that many of these folks are located overseas, and they are using encryption and servers all over the world," said Leslie Caldwell, assistant attorney general for the criminal division of the Justice Department, in a statement published by the New York Times. "But the good news is if we are able to jump on the breach early enough, we have an electronic trail and can get that evidence."
Yahoo plans to offer end to end encryption security protocols for its email service by the end of 2015, in an attempt to win over Internet users trying to prevent government snooping and surveillance. The new security features were demonstrated during the South by Southwest festival over the weekend, with a beta offering for developers expected soon.
Even though encryption has received praise from privacy advocates, it is often too difficult for many Internet users - trying to create encryption keys for the sender and receiver. However, Yahoo wants to provide a streamlined offering for its users, though it still will be designed for sensitive emails.
"Our goal is to have this available by the end of the year," said Alex Stamos, chief information security officer of Yahoo, in a statement to the AFP. "Anybody who has the ability to write an email should have no problem using our email encryption."
The Kaspersky Lab cybersecurity firm has launched Phound!, a new free Google Android anti-theft app, designed to help keep devices and personal information secure. The app can locate a lost or stolen device, ensuring data on the compromised smartphone or tablet is secure.
Users are able to block and prevent unauthorized access using GPS, Wi-Fi networks or GSM - and a message can be displayed on the device's screen, or a photo can be taken using the front camera. Furthermore, Phound! can be used to locate a misplaced device by sounding an alarm until the forgetful user identifies its location.
"For many consumers, mobile devices serve as storage for their most valuable and important data - contacts of friends and colleagues, personal messages, private photos and many other things," said Alexey Chikov, Senior Product Manager of Kaspersky Lab. "This means that today's smartphones and tablets need the same security as a bank vault. However, unlike bank vaults, smartphones are small, portable and easily misplaced. That is why we created a solution for our users to prevent their mobile 'vault' from falling into the wrong hands."