source:  securityweek.com

 

The U.S. National Security Agency says the same Russian military hacking group that interfered in the 2016 presidential election and unleashed a devastating malware attack the following year has been exploiting a major email server program since last August or earlier.

The timing of the agency’s advisory Thursday was unusual considering that the critical vulnerability in the Exim Mail Transfer Agent — which mostly runs on Unix-type operating systems — was identified 11 months ago, when a patch was issued.

Exim is so widely used — though far less known than such commercial alternatives as Microsoft’s proprietary Exchange — that some companies and government agencies that run it may still not have patched the vulnerability, said Jake Williams, president of Rendition Infosec and a former U.S. government hacker.image - hacking

It took Williams about a minute of online probing on Thursday to find a potentially vulnerable government server in the U.K.

He speculated that the NSA might have issued to advisory to publicize the IP addresses and a domain name used by the Russian military group, known as Sandworm, in its hacking campaign — in hopes of thwarting their use for other means.

The Exim exploit allows an attacker to gain access using specially crafted email and install programs, modify data and create new accounts — gaining a foothold on a compromised network.

Continue reading “NSA: RUSSIAN AGENTS HAVE BEEN HACKING MAJOR EMAIL PROGRAM”

source: darkreading.com

 

Mobile security experts share their go-to advice for protecting iPhones from hackers, thieves, and fraudsters

 

Now more than ever, we depend on smartphones to keep us connected to each other, to our employers, to our finances and healthcare providers. We use our phones to shop, bank, and access corporate applications and information. But are our iPhones as secure as they could be?

“iPhone owners tend to feel more confident in the security of their phones than Android owners, and for good reason,” says Randy Pargman, former FBI computer scientist and senior director of threat hunting and counterintelligence at Binary Defense.  

But that doesn’t mean iOS is immune to security issues. Back in April, we learned attackers has been exploiting two unpatched iOS vulnerabilities since at least January 2018. Last year, researchers discovered more than 20,000 iOS apps were published without App Transport Security (ATS), a set of rules and app extensions Apple built as part of the Swift development platform. ATS is turned on by default; without it, critical information was being transported without encryption.

“It’s true that iPhones and the whole Apple ecosystem keep customers safer from malicious apps, but that doesn’t mean that all the data stored in the apps is safe from theft,” Pargman continues. “Many apps store sensitive information on servers operated by the app developer or transfer the information unencrypted over the Internet. As soon as your information leaves your iPhone, it is outside of your control to protect it.” 

Continue reading “10 IOS SECURITY TIPS TO LOCK DOWN YOUR IPHONE”

source:  independent.co.uk

 

surveillance illustration

Researchers in China have developed an ultra-powerful camera capable of identifying a single person among stadium crowds of tens of thousands of people.

The 500-megapixel camera was developed by scientists at Fudan University, in conjunction with Changchun Institute of Optics from the Chinese Academy of Sciences.

Its resolution is five-times more detailed than the human eye but it is not the most high-resolution camera ever developed. A 570-megapixel camera was put to work at an observatory in Chile in 2018, however its purpose is to point skywards in the hope of observing distant galaxies.

The camera is instead built for surveillance, with Chinese state media praising the camera’s “military, national defence and public security applications”.

Continue reading “CHINA INVENTS SUPER SURVEILLANCE CAMERA”

source: technewsworld.com

 

Apple may launch an augmented reality line of smart glasses in the spring of 2021, according to Jon Prosser, host of the video blog Front Page Tech.

The new peepers will be called “Apple Glass” and sell for US$499, with prescription lenses costing more, Prosser claimed.

Both lenses are displays that support gesture interaction.

The glasses will work in conjunction with an iPhone.

Early prototypes supported the LiDAR sensor for 3D scanning and wireless charging, said Prosser.

Apple originally planned to unveil the specs at its fall event, but it may postpone the announcement until March 2021, with release planned for late 2021 or early 2022, he added.

“These rumors have been building up for quite some time, but this is the most cohesive information we’ve had on this so far,” said George Jijiashvili, senior analyst at Omdia, a research and consulting firm in London.

“I think Apple has been working on AR glasses behind closed doors, and they will release them because they have all the right pieces to make it work,” he told TechNewsWorld.

Phone Dependency

Incorporating gesture control into the glasses is a good move, observed San Jose, California-based Kevin Krewell, principal analyst at Tirias Research, a high-tech research and advisory firm.

“Gesture control allows the Apple Glass to be controlled without resorting to using a controller that is easily lost,” he told TechNewsWorld.

Continue reading “WILL APPLE’S AR GLASSES BE READY?”

source: cnet.com

 

Ditch the sticky notes and get peace of mind. Our favorite password managers will be your first defense against getting hacked.

 

post-coronavirus has only made it a more difficult task for your brain to keep track of all of your various passwords, so it’s time to consider a password manager, if you don’t already have one to handle your business. A password manager will allow you to oversee and handle the login credentials of all your devices, auto-fill forms in your web browsers, and sync your data across Macs and Windows PCs, iPhones ($699 at Apple), iPads ($419 at eBay), Android phones, and more.

A password manager is essentially an encrypted digital vault that stores the login information you use to access apps on mobile devices, websites and other services. Besides keeping your identity, credentials and sensitive data safe, a password manager can generate strong, unique passwords to ensure you aren’t reusing them across your devices and services. With all the recent news of security breaches and identity theft, using unique passwords can go a long way to ensuring that if one site gets hacked, your stolen password can’t be used on other sites.

How does a password manager work? 

To get started, a password manager will record the username and password you use when you first sign in to a website or service. Then the next time you visit the website, it will autofill forms with your stored user login information. For those websites and services that don’t handle automatic filling, a password manager lets you copy the password to paste into the password field.

If you’re stuck picking a good password, the manager can generate a strong password for you and watch that you aren’t reusing it any across services. And if you use more than one device, you want a manager that is available across all your devices and browsers, so you can access your passwords and login information — including credit-card and shipping information — from anywhere through the manager app or its browser extension. Some provide secure storage so you can store other items too, such as documents or an electronic copy of your passport or will.

Take note: Many password managers keep the master password you use to unlock the manager locally and not on a remote server. Or if it’s on a server, it’s encrypted and not readable by the company. 

This ensures your account stays secure in case of a data breach. It also means that if you forget your master password, there may not be a way to recover your account through the company. Because of that, a few password managers offer DIY kits to help you recover your account on your own. Worse case scenario, you start over with a new account and manually reset your passwords at each specific destination site and account and start again.

What makes for a secure password?  

A good password should be a long string of capital and lowercase letters, numbers, punctuation and other nonalphanumeric characters — something that’s difficult for others to guess, but a snap for a password manager to keep track of. And despite what you may have heard, once you select a good password or passphrase, you don’t really need to change it periodically.

Can I use a web browser to manage my passwords and login information? 

You can certainly use Chrome, Safari or Firefox to manage your passwords, addresses and other login data. You can even set up a master password to unlock your credentials within a browser. And while using an online browser’s password tool is certainly better than not using a password keeper at all, you can’t easily access your passwords and other login info outside of the browser or share login info with others you trust. 

What about iCloud Keychain? 

Through iCloud Keychain, you can access your Safari website usernames and passwords, credit card information and Wi-Fi network information from your Mac and iOS devices. It’s great if you live in Apple’s world. But if you venture outside and have a Windows or Android device or use the Chrome or Firefox browser, iCloud Keychain comes up short.

Continue reading “BEST PASSWORD MANAGER IN 2020”

source: securitymagazine.com

 

A new study from FICO found a large percentage of Americans currently do not take the necessary steps to protect their passwords and logins online.

As consumers reliance on online services grows in response to COVID-19, the study examined the steps Americans are taking to protect their financial information online, as well as attitudes towards increased digital services and alternative security options such as behavioral biometrics.

The study found that a large percentage of Americans are not taking the necessary precautions to secure their information online. For example, only 42 percent are using separate passwords to access multiple accounts; 17 percent of respondents have between two to five passwords they reuse across accounts; and four percent use a single password across all accounts. Additionally, less than a quarter (23 percent) of respondents use an encrypted password manager which many consider best practice; 30 percent are using high-risk strategies such as writing their passwords down in a notebook.

“We’re seeing more cyber criminals targeting consumers with COVID-19 related phishing and social engineering,” said Liz Lasher, vice president of fraud portfolio marketing at FICO. “Because of the current situation, many consumers are only able to access their finances digitally, so it’s vital to remain vigilant against such scams and take the right precautions to protect themselves digitally.”

Continue reading “PROTECTION WHEN BANKING ONLINE”

source: cnet.com

App developers are creating tools to monitor people when they shop and work, despite lacking proof that it works or has safeguards to protect your data.

 

The COVID-19 pandemic has changed the ways we interact and has everyone thinking more about our health and well-being. But that shift in mindset means that daily activities like going grocery shopping or simple things like standing in an elevator will come with even more surveillance strings attached. 

The response by governments and the tech industry to the coronavirus outbreak has already raised many concerns about privacy from contact tracing apps, mobile location data tracking and police surveillance drones. The outbreak has also brought new privacy issues, as companies beef up surveillance with tech like thermal cameras and facial recognition in preparation for when people return to their everyday lives. 

 

Surveillance technology has slowly integrated into our daily lives, with facial recognition getting added as a “convenience” feature for casinos and ordering food. The coronavirus has sped up that process, in the name of public health. Shopping centers have long used Bluetooth trackers to determine crowd sizes and whereabouts, and the pandemic has shifted its use to enable contact tracing

Vantiq, a software company that builds a platform for developers and businesses to roll out their apps, has been repurposing its tools to focus on technology tied to tracing COVID-19. Since March, the company has built tools to enable the tracking of COVID-19 through facial recognition and thermal cameras being used by private companies. Its tools have been used in social distancing programs like an app to reserve a spot at a food market. 

Continue reading “COVID-19 COULD SET A NEW NORM FOR SURVEILLANCE AND PRIVACY”

source: the collaborative fund, courtesy of Bob Wallace

Big takeaways about how, and why, people do what they do.

 

The most important lessons from history are the takeaways that are so broad they can apply to other fields, other eras, and other people. That’s where lessons have leverage and are most likely to apply to your own life.

But those things take some digging to find, often sitting layers below the main story.

***

The Great Depression began with a stock market crash. October 24th, 1929. That’s the story, at least.

It makes for a good story because it’s a specific event on a specific day. But if you were to go back to October 1929, during the crash, the average American might seem unfazed. Only 2.5% of Americans owned stocks in 1929.

The huge majority of Americans watched in amazement as the market collapsed, and perhaps lost a sense of hope that they, too, might someday cash in on Wall Street. But that was all they lost: a dream. They did not lose any money because they had no money invested.

The real pain came nearly two years later, when the banks started to fail.

Just over 500 U.S. banks failed in 1929. Twenty-three hundred failed in 1931.

When banks fail, people lose their savings. When they lose their savings they stop spending. When they stop spending businesses fail. When businesses fail, banks fail. When banks fail people lose their savings. And so on endlessly.

The stock market crash wasn’t a relevant lesson to the vast majority of Americans who didn’t own stocks in 1929 and likely never would for the rest of their lives. But the bank failures upended the day-to-day lives of tens of millions of Americans. That’s the real story of how the Depression began.

As we look back at the Depression 90 years later, you might think the main lesson is “don’t let the banks fail.” And it’s a good lesson.

But it’s also a lesson that’s not useful to many people today.

I don’t know.

And does it even apply to bank regulators in 2019, when things like FDIC insurance now lower the odds of repeating the kind of consumer bank runs we saw in the 1930s?

Only a little, I’d say.

The point is that the more specific a lesson of history is, the less relevant it becomes. That doesn’t mean it’s irrelevant. But the most important lessons from history are things that are so fundamental to the behaviors of so many people that they’re likely to apply to you and situations you’ll face in your own lifetime.

Let me offer one of those lessons from the Great Depression. I think it’s one of the most important lessons of history:

Lesson #1: People suffering from sudden, unexpected hardship are likely to adopt views they previously thought unthinkable.

One of the most fascinating parts of the Great Depressions isn’t just that the economy collapsed, but how quickly and dramatically people’s views changed when it did.

Continue reading “FIVE LESSONS FROM HISTORY”