On June 1, China will begin to implement its new Cybersecurity Law, and foreign companies are worried. China already restricts technology, and the new law will boost tighter control over data and enforce a broader definition of the services and products impacted. Firms are particularly concerned about one regulation that would require them to store information on mainland China, forcing them to rely on cloud providers such as Alibaba and Tencent, which have more local services, as opposed to offerings from Amazon or Microsoft. Continue reading Foreign Firms Concerned by China’s New Cybersecurity Law

The threat of ransomware and malware are growing. The “WannaCry” attack impacted at least 200,000 computers in 150 countries before peaking last week. Adylkuzz is another piece of malware currently threatening computers around the world. As computers become increasingly connected, so opportunities for cybercrime expand, say the experts. Part of the problem is that the Internet wasn’t designed with cybersecurity protections, and criminals are attracted to cybercrimes for the relatively easy profits they can make. Continue reading Advice on Keeping Smaller Businesses Safe From Cybercrime

Digital security provider CrowdStrike, which recently helped the Democratic National Committee respond to its hacking, has raised $100 million in new capital, bringing its total fundraising to $256 million and value close to $1 billion. The Irvine, California-based tech company, founded by two former McAfee execs in 2011, provides SaaS endpoint protection, threat intelligence and incident response through its cloud-based Falcon platform. CrowdStrike now has more than 650 employees worldwide. The company’s subscriptions have grown 476 percent in the last year as cybersecurity becomes a growing concern. Continue reading Enterprise Security Provider CrowdStrike Raises $100 Million

A cyberattack impacted computer systems in more than 150 countries over the weekend. The weapon used to initiate the attack is believed to be based on recently published vulnerabilities stolen from the National Security Agency. The attack, one of the largest ever, took over computers, encrypted their files and demanded payment in Bitcoin of $300 or more. Among the major institutions and government agencies impacted were FedEx in the U.S., the Russian Interior Ministry and Britain’s National Health Service. The attack also hit smaller venues, such as a car manufacturing factory in Romania owned by Renault. Continue reading Major Cyberattack Hits 150 Countries, Could Keep Spreading

Security is a top concern for the Internet of Things, in particular when large numbers of IoT devices are deployed in an organization. There’s been a rise in attacks on such devices, via botnets, and a search engine, Shodan, is dedicated to finding unsecured IoT hardware endpoints. In that context, Microsoft, which is updating its Azure IoT toolset, is also testing a new approach to securing and managing such devices. Dubbed Project Sopris, Microsoft Research hopes to mix secure hardware and a secure communications channel. Continue reading Microsoft Encourages Testing of New IoT Security Paradigm

A major phishing attack mimicking cloud-based Google Docs software spread across news organizations and other companies yesterday. Gmail users have been reporting massive numbers of fraudulent emails that masquerade as a message from Google Docs. The emails appear as an invitation to join a Google Doc and often claim to be sent by an individual in the user’s address book. However, clicking on the embedded link directs recipients to grant access to a Google Docs app that is actually a program that sends spam to addresses in the recipient’s email. Continue reading Google Docs Users Targeted in Widespread Phishing Attack

A hacker group that goes by the name “TheDarkOverlord” has reportedly stolen episodes from a number of television shows. Over the weekend, 10 episodes from the upcoming fifth season of “Orange Is the New Black” was shared after Netflix did not meet ransom requests. The hackers may have access to up to three dozen series from networks including ABC, CBS, Fox, FX, IFC, NatGeo and NBC. It provided a list of TV series and a few movies to cybersecurity blog DataBreaches.net, claiming that the content was stolen from audio post-production facility Larson Studios. Continue reading Hacker Releases Original Netflix Content, Threatens Networks

At a SMPTE symposium on the Future of Digital Cinema, speakers addressed the “unknown” cyber threats to movie security. SMPTE vice president of education Richard Welsh, cofounder/vice president of Sundog Media Toolkit, identified threats beyond “the kid with a camcorder.” The audience also heard from Emile Monette, a government cybersecurity senior advisor and Ted Harrington of ISE (Independent Security Evaluators). The general consensus is that many companies fail to understand the way hackers work, leaving their content vulnerable. Continue reading NAB 2017: SMPTE Future of Digital Cinema Looks at Security

More than 30 videos from the 3rd annual Entertainment Technology Center@USC vNAB Conference are going live for viewing on the ETCenterVideos YouTube channel. This year’s vNAB featured thought leaders and catalysts from the entertainment, consumer electronics, technology, and service industries presenting their insider’s perspective on emerging and disruptive technologies. The talks were recorded March 20-21 at Google’s offices in Venice, California. The vNAB Conference is a prelude to the Next Generation Media Technologies sessions scheduled for the upcoming NAB Show in Las Vegas, April 25-26. Continue reading ETC@USC Posts New vNAB Conference Videos on YouTube

Hackers are reportedly targeting third-party sellers on Amazon by using stolen email and password credentials (available for purchase from previous hacks via the “Dark Web”) in a scam to post fake product deals online and pocket cash. Thieves have changed the bank info of active sellers on Amazon to steal amounts up to tens of thousands from each and have hacked less active sellers to post merchandise that does not exist, offering products at steep discounts. While PayPal and eBay have been targeted by hackers in the past, cybersecurity experts indicate that Amazon is becoming a new target. Continue reading Third-Party Sellers on Amazon Become Latest Hacking Target

The Department of Justice officially charged four people yesterday in connection with Yahoo’s 2014 data breach that reportedly resulted in the theft of data from 500 million Yahoo accounts. According to the indictment, the Russian government used the data obtained by two intelligence officers (Dmitry Dokuchaev, Igor Sushchin) and two hackers (Alexsey Belan, Karim Baratov) to spy on White House and military officials, bank executives, cloud computing companies, a senior level airline official, a Nevada gaming regulator, as well as Russian journalists, business execs and government officials. Continue reading U.S. Claims That Russian Hackers Were Behind Yahoo Attack

WikiLeaks released thousands of documents yesterday that it claims detail methods used by the CIA “to break into smartphones, computers and even Internet-connected televisions,” reports The New York Times. According to WikiLeaks, the CIA and allied intelligence services bypassed encryption on messaging services including Signal, Telegram and WhatsApp. WikiLeaks also suggests that agencies can collect audio and messaging data from Android phones “before encryption is applied.” The Wall Street Journal notes that such activities, if actually taking place with consumer electronics, could fuel tensions between intelligence agencies and the tech industry, which has been concerned about customer privacy. Mobile devices are a major concern; NYT published an article detailing potential smartphone vulnerabilities. Continue reading WikiLeaks Claims of CIA Hacking Could Impact Tech Industry

Yahoo has issued another warning that users’ personal data may have been compromised. In addition to the malicious activity reported in December that involved more than 1 billion user accounts in 2013-2014, following the September report regarding a separate theft of 500 million records, the Internet company is now notifying users that additional accounts were compromised between 2015 and 2016. “The stolen data included email addresses, birth dates and answers to security questions,” reports CNBC. The hacks involved “the use of ‘forged cookies’ — strings of data which are used across the Web and can sometimes allow people to access online accounts without re-entering their passwords.” Continue reading Yahoo Warns Users: Hackers Forged Cookies to Access Data

The Securities and Exchange Commission has opened an investigation into Yahoo’s highly-publicized data breaches and whether the company should have disclosed the massive hacks earlier. “The SEC requires companies to disclose cybersecurity risks as soon as they are determined to have an effect on investors,” reports The Wall Street Journal. Yahoo’s 2014 breach, disclosed in September 2016, involved data from at least 500 million users. In December 2016, the company revealed that more than 1 billion Yahoo user accounts had been breached in 2013. “The SEC has investigated multiple companies over whether they properly disclosed hacks,” notes WSJ, especially after the 2013 Target breach “that compromised up to 70 million credit and debit-card accounts.” Continue reading SEC Opens Investigation into Massive Yahoo Data Breaches

In a recently published Infrastructure Security Design Overview, Google explains its six layers of security for the cloud it uses for its own operations and its public cloud services. The company also revealed that it designs custom chips, “including a hardware security chip that is currently being deployed on both servers and peripherals,” that allow it to “securely identify and authenticate legitimate Google devices at the hardware level.” The chip works with cryptographic signatures validated during each boot or update. Continue reading Newly Published Google Overview Spells Out Security Details