FireSale HackBoy

Knowledge Shared By FireSale HackBoy...

Hacking

The Art Of Exploitation...

Ethical Hacking

Security Experts...Same Techniques To Make Hacker's Stuff Useless.

Black Hat Hacking

Dark Side Of Hacking... In Short Destruction Of Cyber Stuff.

Digital Stuff

All The Digital Stuff Is Under The Influence Of Cyber Attacks... Be Safe

Thursday, May 31, 2018

These Chrome extensions & Android apps collect your Facebook data

By Waqas

The data collection is not limited to Facebook data but

This is a post from HackRead.com Read the original post: These Chrome extensions & Android apps collect your Facebook data


May 31, 2018 at 08:11PM

Channel Insider Interview: Driving Partner Profitability with a Gemalto Partnership

Imagine adding a new vendor to your partner line up and increasing your bottom line profitability by 5% within one year?   That is exactly the incredible success “Emerging Partner of the Year” CompuNet has had with Gemalto’s Cipher Partner program.

“Gemalto year over year bookings grew by 5x. Average gross margin in 2017 increased by 5% putting Gemalto in the top tier of our solution offerings in terms of profitability.  Across the board, we view Gemalto as a strategic partner enabling profitability and other pull through opportunities on services and complementary solution sets.” This is what Tina Jennings, Director of Business Development at CompuNet, had to say about the growing relationship with Gemalto.

Mid 2017, Gemalto announced a partner-first sales strategy by significantly increasing the investment and support for partners participating in the Gemalto Cipher Partner Program (CPP).  Key to this partner-first strategy was providing partners with increased partnering opportunities, while also rewarding those partners that were investing in Gemalto solutions with greater deal registration and profitability for channel generated deals.

Protecting customers’ data is a big concern and worldwide spending on security product and services is expected to grow to $96 billion in 2018 according to Gartner.  Increasingly, companies rely on channel partners for their expertise and guidance in navigating the rapidly changing landscape.

Gemalto has put the customer front and center and is working closely with partners to provide a strong breadth and depth of security solutions that best fit how customers want to buy while also providing partners more flexibility in transaction models.  This ultimately makes complex solutions more consumable for customers while increasing partners’ ability to sell more and add incremental products, and services on to drive higher overall profitability.

The investment in a partner-first approach was not just a mind shift as it was also backed by increased investment in field sales alignment, new tools, and partner focused resources for driving stronger partner engagement and enablement.  This investment is paying strong dividends as Gemalto has experienced double digit year on year growth in our partner incremental revenue and in our partner loyalty scores.

There is nothing better than a real world example of a successful partnership, Gemalto sat down with our “Emerging Partner of the Year” award winner, CompuNet. For me, one of the most striking reasons for CompuNet’s success, was the complete buy-in with the Gemalto Cipher Partner Program and fully leveraging all the training and enablement tools to be able to successfully sell and deliver Gemalto solutions to their customers and drive a strong ROI and increased profitability.

Watch our short video to hear first-hand from Darrin Good, global security architect at CompuNet, for his insights into Gemalto’s Cipher Partner Program. Below, Darrin and his colleague Jeffrey Zier, systems engineer at CompuNet, share more personal insights into how other partners can take advantage of the Gemalto program and what made their experience so successful.

 

For a more information, continue reading our Q&A with Darrin and Jeffrey

Why did you decide to become a Gemalto Cipher Partner?

Darrin Good: We chose to use Gemalto’s Cipher Partner Program in order to come up with solutions that align with the security framework used by our organization. CompuNet is an engineering-heavy company, and it uses primarily the Center for Internet Security’s critical security controls. Gemalto’s program brought in training and security products that fit with our clients’ security strategies. As such, it helped us grow our portfolio of products to address clients’ different needs.

 

How did you make your participation in Gemalto’s partner program a successful business opportunity?

DG: At first, we didn’t have a strategy to attain the platinum level of Gemalto’s program. But the engineers were aggressive in their desire to engage the platform. So they dove into the training, which helped them learn about Gemalto’s solutions and what’s working in each market. These training sessions allowed CompuNet to hit gold quickly and platinum a few months later.

The whole process has been great. I cover 18 different products on the line card, and quite a few of them interact with Gemalto’s products. The company’s solutions are easy add-on products.

Jeffrey Zier: I agree. The training sessions from Gemalto makes the solutions easier to sell. I find that I can approach customers and show them how easy it works.

What was exciting about the Gemalto portfolio? How has this increased business?

DG: Customers are most interested in two-factor authentication and hardware security modules. After going through this program, it’s easy for me to go to customers, talk about the products and actually demonstrate how they work.

 

What is your advice for other partners that are looking to expand their security portfolio?

JZ: Other partners should take advantage of the training. They need to get their feet wet and see what the technology can do. That’s really the first step in helping customers meet their needs whether that’s compliance, protecting data, etc.

DG: I also agree that it’s important to take advantage of the training. It’s time well spent, even when it’s necessary to take engineers out of the field. By knowing the products and their technical specifications, CompuNet can deliver the right solutions to its clients and make them do exactly what we said they would do.

How long did the Gemalto Cipher Partner program take? What things did you learn in the process?

DG: Two years ago, we signed on at the silver level. A new partner framework came out in February, which allowed us to reach gold status shortly thereafter. It was then a 10-month process before we reached platinum status with all of our solutions, though it was a lot less time for some of our products.

Over the course of that time, Gemalto made it easy to bring in classroom training, engage multiple people and help our engineers really dive deep into the solutions. It helped grow certain aspects, so we were able to do one product set and then build on that.

JZ: The training was really valuable because it was a good introduction to each of the products and what they could offer to our customers. That’s an important point for us to do right by the customer, to meet their need. I spent about three to six months working with the technology before I felt really comfortable with it, and I’m still on that path right now.

 

The Benefits of Joining Gemalto’s Cipher Partner Program

CompuNet’s story is a good illustration of the value that customers derive from joining Gemalto’s Cipher Partner Program. Want more information on how enterprises can benefit from joining the program? Visit Gemalto’s website to find out.

The post Channel Insider Interview: Driving Partner Profitability with a Gemalto Partnership appeared first on Gemalto blog.

The post Channel Insider Interview: Driving Partner Profitability with a Gemalto Partnership appeared first on Cybersecurity Insiders.


May 31, 2018 at 09:10PM

Cyber Attack on Ticketfly

San Francisco based Ticketfly.com, an online ticket distribution service provider has made it official that its database was targeted by hackers on May 30, 2018 and so has been pulled down as a precautionary measure.

Sources reporting to Cybersecurity Insiders say that the attack was launched by a hackers group known as IsHaKdZ. The group is said to be demanding a ransom to decrypt the database and warned that ‘zero response’ from the authorities of Ticketfly will make them publish the database “backstage”.

Meanwhile, the ‘Indie’ focused ticketing service provider which handles ticket related issues for events like Celebrate Brooklyn, Riot Fest and Music Tastes Good has disclosed that its systems will be shut down till this weekend or until the investigation on whose behind the attack and the repercussions of the cyber attack are determined.

All the website traffic which is visiting the website are being greeted with the following message-

“Following a series of recent issues with Ticketfly properties, we have determined that Ticketfly.com has been a target of the cyber incident. And out of an abundance of action, the systems of the company have been taken offline as we continue to look into the issue”.

And some of those lucky ones who happen to attempt to purchase tickets on the websites for Riot Fest are being greeted with the “404 Not Found” error message. That means, the financial transactions related to the entry passes for various events has also been shut down.

Note- On October 7, 2015, Ticketfly was acquired by Music Streaming service Pandora for $35 million in cash and stock. And on June 9th,2017, Pandora sold Ticketfly to its competitor, Eventbrite for $200 million. As of now, the said online ticketing service provider has 130 employees and is known to process 11.2 million tickets for more than 80,000 events held across the United States and Canada in 2013.

The post Cyber Attack on Ticketfly appeared first on Cybersecurity Insiders.


May 31, 2018 at 08:51PM

Cloud Security Trailing Cloud App Adoption in 2018

This post was originally published here by  Jacob Serpa.

In recent years, the cloud has attracted countless organizations with its promises of increased productivity, improved collaboration, and decreased IT overhead. As more and more companies migrate, more and more cloud-based tools arise.

In its fourth cloud adoption report, Bitglass reveals the state of cloud in 2018. Unsurprisingly, organizations are adopting more cloud-based solutions than ever before. However, their use of key cloud security tools is lacking. Read on to learn more.

The Single Sign-On Problem

Single sign-on (SSO) is a basic, but critical security tool that authenticates users across cloud applications by requiring them to sign in to a single portal. Unfortunately, a mere 25% of organizations are using an SSO solution today. When compared to the 81% of companies that are using the cloud, it becomes readily apparent that there is a disparity between cloud usage and cloud security usage. This is a big problem.

The Threat of Data Leakage

While using the cloud is not inherently more risky than the traditional method of conducting business, it does lead to different threats that must be addressed in appropriate fashions. As adoption of cloud-based tools continues to grow, organizations must deploy cloud-first security solutions in order to defend against modern-day threats. While SSO is one such tool that is currently underutilized, other relevant security capabilities include shadow IT discoverydata loss prevention (DLP), contextual access control, cloud encryptionmalware detection, and more. Failure to use these tools can prove fatal to any enterprise in the cloud.

Microsoft Office 365 vs. Google’s G Suite

Office 365 and G Suite are the leading cloud productivity suites. They each offer a variety of tools that can help organizations improve their operations. Since Bitglass’ 2016 report, Office 365 has been deployed more frequently than G Suite. Interestingly, this year, O365 has extended its lead considerably. While roughly 56% of organizations now use Microsoft’s offering, about 25% are using Google’s. The fact that Office 365 has achieved more than two times as many deployments as G Suite highlights Microsoft’s success in positioning its product as the solution of choice for the enterprise. 

The Rise of AWS

Through infrastructure as a service (IaaS), organizations are able to avoid making massive investments in IT infrastructure. Instead, they can leverage IaaS providers like Microsoft, Amazon, and Google in order to achieve low-cost, scalable infrastructure. In this year’s cloud adoption report, every analyzed industry exhibited adoption of Amazon Web Services (AWS), the leading IaaS solution. While the technology vertical led the way at 21.5% adoption, 13.8% of all organizations were shown to use AWS. 

Photo:Sidmach Technologies Blog

The post Cloud Security Trailing Cloud App Adoption in 2018 appeared first on Cybersecurity Insiders.


May 31, 2018 at 05:49PM

Wednesday, May 30, 2018

From novelty to necessity: the evolution of biometrics

Interest in biometrics has skyrocketed in recent years, since the adoption of mobile technologies for accessing various applications in the digital world.

But if you look beyond the current trend, we must remember that biometrics are not a new identification technology. For thousands of years, people have recognized one another through their faces, voices and expressions – which are all forms of biometric data. For example, in ancient Babylon, fingerprints were used on clay tablets for business transactions and law enforcement have been using them as unique identifiers since 1891.

From Novelty to Necessity

As human interactions increasingly take place in a digital context, we need ways to prove that we are who we claim to be. But how do we prove our identities when there’s no face-to-face interaction to do so?

Biometrics are quickly becoming a proven technology that combines the required security and convenience.

Biometrics refer to the individual’s unique physiological and behavioral characteristics, which can now be used to automatically identify and authenticate individuals. The type of attribute collected and matched is called modality. For example, fingerprint and iris are different biometric modalities.

Biometric technologies capture, process and measure these characteristics electronically and compare them against existing records to create a highly accurate way to identify someone.

 

Consumer perception of biometrics

The introduction of Touch ID in the iPhone 5S became the catalyst for the biometric industry. The technology has become very popular among smartphone manufacturers; in fact, ABI Research predicted that the value of the biometrics market will reach $30 billion by 2021 and Juniper Research estimates that there will be 600 million devices that will require biometric authentication by 2021.

Consumers have been driving the adoption of biometrics in the public and private sector. They are now expecting them to allow them to access many more secure services, and to allow them to replace passwords. In fact, recent research on the Future of Identity found that 67% of consumers are comfortable using biometric authentication. Millennials in particular show why biometrics make the experience both more secure and more convenient – 75% are comfortable using biometrics, while 41% admit to reusing passwords across multiple services and accounts.

Future opportunities

The reason for this increased opportunity is that biometrics are helping to resolve the all-important issue of a “unique identifier”. Biometric technology can replace popular identification methods like username/password. This is important because of the number of passwords each of us has to use, something that has been shown to be unscalable. Passwords may even do more harm than good for the customer experience. According to an Intel Security study, 37% of people forget a password at least once a week, while your fingerprint is something you always ‘carry’ with you.

Biometrics can also help in the IoT, where there is demand for stronger authentication and real-time security. Gartner estimates that biometric sensors, which include work time management and premise security entry consoles, will total at least 26 billion IoT connections by 2020.

The use of biometrics by government entities is also well established today, with different applications being deployed for border control, healthcare, law enforcement, elections, physical access and others. Several sectors are also rolling out biometrics solutions in education, cybersecurity, physical access, payment and other commercial purposes.

Realising the potential

Biometrics enable secure, convenient access and user authentication to different services and applications, and that is why they have quickly become favoured by consumers. Their potential is unlimited and will likely become the most promising technology for identifying and authenticating individuals.

However, a number of questions and concerns about privacy and anonymity have been raised, and the industry is working to finding a solution for these. Biometric technologies are maturing at different rates, and their deployment must be based on specific needs, use cases and regulations. Biometrics need to be combined with other authentication solutions to enable seamless user experience and increased security.

Stay tuned to our upcoming blogs that will explore more facts and use cases with biometric technology.

The post From novelty to necessity: the evolution of biometrics appeared first on Gemalto blog.

The post From novelty to necessity: the evolution of biometrics appeared first on Cybersecurity Insiders.


May 30, 2018 at 09:09PM

More women needed in Cybersecurity field

It’s evident that Cybersecurity field seems to be ever-evolving. But as usual, the shortage of women in the said professional sphere is clearly evident, as only 11% of Cybersecurity jobs have been occupied by the said gender across the globe.

However, the good news is that companies like Palo Alto Networks and Symantec Corp are trying their best to generate interest among young girls to such an extent that they are showing a lot of interest in choosing Cybersecurity as their future career.

In fact, Palo Alto Networks has developed a special curriculum for the Girl Scouts which helps them in gaining cybersecurity badges as rewards in September this year. In the same way, Symantec Corp has given a grant to the American Association of University Women to develop a Cybersecurity class for mid-school girls

Furthermore, Boston University in association with SANS Institute’s non-profit organization called TechGirlz is also seen organizing tech camps from time to time to teach girls about coding and how to solve problems in the field of Cybersecurity.

Moreover, in Feb this year, a program with the name Girls go CyberStart was sponsored by SANS Institute. The idea was to offer high school girls a platform to solve problems related to cryptography, web attacks, forensics, programming, and Linux, and detect websites that use third-party trackers.

Here, the objective of the said tech organizations and educational institutions was to inspire girls to pursue careers as information security analysts- a field which is said to grow by 28% from 2016 to 2026, as per the Bureau of Labor Statistics prediction.

Surely, if more such programs and events are conducted by large companies like Microsoft, Google, Amazon, and Facebook, it will surely encourage the young female talent to such an extent that they will see the field of Cyber Security as a future life and career success.

Agree or disagree with what is being said….?

You can share your views through the comments section below

The post More women needed in Cybersecurity field appeared first on Cybersecurity Insiders.


May 30, 2018 at 08:54PM

Multiple Internet-Connected BMW vehicles vulnerable to getting hacked

By Waqas

In total, researchers have identified 14 vulnerabilities in Multiple Internet-Connected BMW

This is a post from HackRead.com Read the original post: Multiple Internet-Connected BMW vehicles vulnerable to getting hacked


May 30, 2018 at 08:11PM

Webinar: How to overcome challenges when securing modern cloud environments

This post was originally published here by casey pechan.

Our latest webinar, How to overcome challenges in securing modern cloud environments, dives into how you can cope with new security challenges that you may be re-assessing as you examine your security posture and strategy.

And here’s why: As more workloads shift to the cloud, cybersecurity professionals remain concerned about the security of data, systems, and services in the cloud.  Legacy security tools weren’t built for dynamic, virtual and distributed cloud environments. This technology challenge is only intensified by the dramatic shortage of skilled cybersecurity professionals.

Watch this webinar to learn how organizations are responding to the security threats in the cloud, and what tools and best practices IT cybersecurity leaders are using to overcome the many challenges faced when securing modern cloud environments including:

  • Mitigating the biggest threats to cloud security
  • Avoiding cloud security headaches and complications
  • Overcoming the limitations of legacy security tools
  • Navigating paths to stronger security

Photo:eLearning Marketplace

The post Webinar: How to overcome challenges when securing modern cloud environments appeared first on Cybersecurity Insiders.


May 30, 2018 at 03:39PM

Bitglass Security Spotlight: Twitter, PyRoMine, & Stresspaint

This post was originally published here by  Jacob Serpa.

Here are the top cybersecurity stories of recent weeks:

  • Twitter exposes user credentials in plaintext
  • PyRoMine mines Monero and disables security
  • Stresspaint malware hunts Facebook credentials
  • MassMiner malware mines cryptocurrency
  • Access Group Education Lending breached

Twitter exposes user credentials in plaintext

Despite the fact that Twitter doesn’t store or display users’ credentials in plaintext, the social media company recently had a security mishap. Passwords were stored in internal logs before they were successfully obfuscated, exposing them to employees in plaintext. While the information wasn’t made viewable to outside parties, it’s still a cause for concern for Twitter’s users. 

PyRoMine mines Monero and disables security

New malware, PyRoMine, leverages a host of previously disparate capabilities featured in other strains of malware. For example, it uses NSA exploits while mining Monero, a cryptocurrency. Malware is continuing to grow more sophisticated, compelling organizations to adopt advanced anti-malware solutions

Stresspaint malware hunts Facebook credentials

Disguised as a stress-relieving paint program, Stresspaint is a piece of malware that is attacking users in an attempt to gather their Facebook credentials. In particular, the malware is targeting influential users – those who manage Facebook pages or have numerous friends and followers. It is primarily distributed through emails and messages on Facebook.

MassMiner malware mines cryptocurrency

MassMiner is the latest in a slew of malware strains that engage in malicious cryptomining. This threat seeks to take advantage of known vulnerabilities in order to commandeer web servers and mine Monero – which continues to be a common target in malicious cryptomining. 

Access Group Education Lending breached

Unfortunately for those who have used the organization’s services for their student loans, Access Group Education Lending has been breached. Nearly 17,000 borrowers had their information exposed when a loan processing vendor working for the group shared their information with an unauthorized, unknown company. 

Fortunately for the enterprise, cloud access security brokers (CASBs) can defend against zero-day malware and countless other threats. To learn more, download the Zero-Day Solution Brief. 

Photo: Pakistan Today

The post Bitglass Security Spotlight: Twitter, PyRoMine, & Stresspaint appeared first on Cybersecurity Insiders.


May 30, 2018 at 03:21PM

Tuesday, May 29, 2018

Four Gemalto Women Recognized as CRN’s 2018 Women of the Channel

WOTC Award 2018

WOTC-award-2018Each year, Computer Reseller News (CRN) honors hundreds of women for their IT channel expertise and vision. Their Women of the Channel list includes some of the most powerful women in IT who are being recognized by CRN for their outstanding leadership, vision and unique role in driving channel growth and innovation.

I would like to congratulate Gemalto’s own Colleen McMillan, Ariane Seiferth, Tia Garaas and Margaret Chum who have been included in CRN’s 2018 Women of the Channel list! Here is why our four power women were included:

Colleen McmillanColleen McMillan serves as VP of Global Alliance Sales and Channel Programs. In that capacity, she leads Gemalto’s global channel sales strategy and programs. She’s already built up the company’s worldwide Channel team from scratch and created a sales strategy that produced double-digit channel growth in multiple regions by focusing on partner profitability and making Gemalto easier to do business with.

Ariane SeiferthAriane Seiferth: As Gemalto’s Director of Distribution & Strategic Accounts, Ariane focuses on strengthening the efficiencies of distribution partners. This led her to forge strategic relationships with personnel in distribution, VARs, vendors, marketing teams, product teams and sales teams. She then leveraged these connections to bolster market growth and product sales.

Tia GaraasTia Marie Garaas works as Channel Program Communications Manager on the Gemalto Cipher Partner Program since September 2017. In that span of time, she has worked to improve the Voice of the Partner Annual Survey, and the Partner Monthly newsletter focusing on the Top 5 updates in 5 minutes with the goal of making communication between partners and internal teams consistent and as clear as possible to drive greater engagement and awareness of new partner tools and program benefits.

Margaret ChumMargaret Chum, as Channel Program Manager, works to augment the success of the Cipher Channel Program. She led the push in 2017 to turn this program into a worldwide framework and successfully operationalize the new Gemalto Cipher Partner Program. Now she’s working closely with partners to help them increase their business in cybersecurity and overall profitability.

According to Bob Skelley, CEO of The Channel Company, this accomplished group of leaders is steadily guiding the IT channel into a prosperous new era of services-led business models and deep, strategic partnerships. CRN’s 2018 Women of the Channel list honors executives who are driving channel progress through a number of achievements—exemplary partner programs, innovative product development and marketing, effective team-building, visionary leadership and accelerated sales growth—as well as advocacy for the next generation of women channel executives.

For more information about what makes Colleen, Ariane, Tia and Margaret truly exceptional IT channel executives, check out CRN’s Women of the Channel 2018 list.

The post Four Gemalto Women Recognized as CRN’s 2018 Women of the Channel appeared first on Gemalto blog.

The post Four Gemalto Women Recognized as CRN’s 2018 Women of the Channel appeared first on Cybersecurity Insiders.


May 29, 2018 at 09:10PM

#ICANDOCYBER: Denise Murtagh-Dunne

Deniseby Denise Murtagh-Dunne, Information Security Manager, PWC Ireland

From my early childhood, I developed a passion for unravelling the mysteries of how machines worked. My father was a mechanic and, as a child, he would let me help taking car engines apart. This is where I first developed a fascination with getting “under the hood” of machines and understanding their inner mechanics.  

At school, I then took a computer module which triggered my interest in computing and I chose to study Computer Programming in college. I survived the period of the dot-com bubble bursting and landed an IT technical support role with a small company where I undertook several Microsoft computing courses. A course on cybersecurity really caught my attention; I suddenly realised there was a gap in the market, and it was a way that I could bring something unique to my company. I discovered there was no cybersecurity expert in the business and there were some gaps in its defences. I spoke to the Director and he gave me the green light to start introducing new cybersecurity policies across the business, from firewalls to remote access.   

That led me to choose the cybersecurity profession and I later entered a pure infosecurity role at Ulster Bank, before going on to become Information Security Manager at PWC’s Dublin office. My team now looks after all the internal security for PWC in Ireland. It is a wide-ranging and varied role encompassing everything from risk assessments on new apps and infrastructure, to reviewing design documents, to auditing third-party suppliers and internal networks, or reviewing penetration testing reports.

The job and the profession reignited that love of getting deep into complex systems to find out how they work. Security puts me at the heart of the company; my role now encompasses every department, supplier, network or system in the company’s Ireland division. I get to see how everything plugs together into a coherent whole.

I also like to give back to the community. I am a board member of the Dublin chapter of OWASP and we have recently run cybersecurity in healthcare events and hacking tournaments. We also engage the wider community through free outreach to schools and small companies that may not have any in-house cybersecurity resources. Most recently, we ran events for women in technology and even comedy nights for the local community. I manage to cram in all of that along with being a mother of three!

In recognition of my contributions to the community, I was delighted to win the inaugural Woman Information Security Professional award, part of the EMEA Information Security Leadership Awards (ISLA) by (ISC)², the world’s largest association of certified infosecurity professionals, which recognises cyber leaders who ‘go the extra mile’ in enhancing security across Europe, the Middle East and Africa.

If anyone wants to get into a cybersecurity, I would advise taking up a junior role in a large company as they offer great training opportunities. Another great way in is to set up your own mini ‘lab’ at home and get under the hood of computers. Find out how their components work, using things like VirtualBox which lets you play around with virtual machines. This helps improve your technical knowledge and develop that inquisitive nature and passion for understanding how systems work that is central to the cyber professional.

Ultimately, cybersecurity is about understanding how everything in our digital economy comes together to find the weak links in the chain.  

The post #ICANDOCYBER: Denise Murtagh-Dunne appeared first on Cybersecurity Insiders.


May 29, 2018 at 09:08PM

Hackers are turning Webcam users into slaves

All those who thought that Facebook founder Mark Zuckerberg and Ex-FBI Director James Comey were covering their webcams with tape just for fun, here’s a fact to enlighten your minds.

A Symantec based security expert named Candid Wueest says that hackers are nowadays turning webcam users into slaves by recording their secret activity through their computer and blackmailing them in exchange for money in the form of cryptocurrency.

Wueest stated that the cyber crooks may also get hold of all the intimate recordings you shared with your BF/GF and start blackmailing you for money in exchange for those video clips. All those who reject their plea or try to overhear their warnings will find their intimate videos on A-rated websites after a few days i.e from the day of blackmail.

Candid Wueest who works for the California based firm said that large groups of hackers who spy on people via webcams are now seen prowling on the web.

These guys are so sophisticated that they induce malware into the systems which keeps a tab on the activity of the victim for several days and reports to the remote hackers if something interesting is found in the recorded videos as per the pre-specified parameters.

That means, the malware induced on to the PC of the user will record what is happening before the camera as long as the user uses the computing device. And once the victim does something odd before the cam, his/her video gets recorded on his/her same PC and the video clip is passed on to the remote servers owned by hackers as soon as the affected devices get connected to the internet.

After getting hold of the X rated acts such as Mas$^&*&tion, hackers are said to be threatening the victims by asking them to pay a ransom of $135 via the digital currency. Those who fail to do so, are receiving emails that their videos will be circulated on Facebook and LinkedIn to embarrass them both professionally and publicly.

Wueest feels that the malware induced into the PC is having the potential to record all the conversations which take place before the computer device. So, all those who work on secret projects in the Corporate world are said to be at risk of spilling the secret info to the wrong guys.

Thus, to those who are now interested in protecting their webcams from being hacked, here are some tips to follow.

a.) Put a tape on the webcam when not in use
b.) Don’t click on email attachments
c.) Scan your PC for malware
d.) Check whether the webcam light is on when you are not using the app
e.) Turn on your firewall,
f.) Use your webcam with common sense

Have something else to suggest on this issue?

You can share your mind through the comments section below.

The post Hackers are turning Webcam users into slaves appeared first on Cybersecurity Insiders.


May 29, 2018 at 09:04PM

Hackers demand $1m ransom after stealing data from 2 Canadian banks

By Uzair Amir

Hackers have stolen financial data of thousands of customers –

This is a post from HackRead.com Read the original post: Hackers demand $1m ransom after stealing data from 2 Canadian banks


May 29, 2018 at 07:24PM

Watch thieves steal keyless Mercedes within 23 seconds

By Waqas

As recently as May 17th, 2018, a security camera recorded

This is a post from HackRead.com Read the original post: Watch thieves steal keyless Mercedes within 23 seconds


May 29, 2018 at 04:23PM

Monday, May 28, 2018

10 years prison for man who hacked 200 firms & sold data on Dark Web

By Waqas

The hacker also sold drugs on Dark Web and taught

This is a post from HackRead.com Read the original post: 10 years prison for man who hacked 200 firms & sold data on Dark Web


May 28, 2018 at 11:24PM

This Chrome extension reveals if your password has been breached

By Waqas

Okta has introduced new password manager PassProtect in its latest,

This is a post from HackRead.com Read the original post: This Chrome extension reveals if your password has been breached


May 28, 2018 at 07:41PM

Bank of Montreal hit by Cyber Attack

Bank of Montreal(BMO), known to be Canada’s fourth largest financial service corporation said on Monday that it was hit by a cyber attack in which some hackers got hold of personal information of some of the BMO customers and were trying to blackmail the higher authorities of the financial institution to mint money.

An official statement released just a few minutes ago says that the cyber crooks could have got hold of the data from third parties operating outside the country and assured that the exposure could have been related to the accounts closed back in 2015.

However, the bank authorities confirmed that they were working with relevant authorities to investigate the incident.

Canada’s 4th biggest lender said that it was busy contact the affected customers and is requesting all its customers to monitor their accounts and notify BMO about any suspicious transactions taking place in the next 6 to 12 months time.

After the disclosure of the cyber incident, trade analysts observed that the shares of BMO were down by 0.4 percent at 10:50 am EDT.
More details about the attack will be updated shortly.

Meanwhile, readers of Cybersecurity Insiders are requested to make a note of a fact over here that any company, irrespective of its operating business vertical, will witness a dip in its market shares as soon as it reports a cybersecurity incident.

Yahoo, Equifax, Facebook( after Cambridge Analytica political data scandal), All WannaCry and NotPetya Ransomware attack victims are few companies to specify for instance.

Thus, it has been observed that a single cyber attack can break a business within no time.

So, you better keep your business safe from all such attacks by following efficient cybersecurity strategies in your business environments.

The post Bank of Montreal hit by Cyber Attack appeared first on Cybersecurity Insiders.


May 28, 2018 at 08:42PM

Man arrested for possession of 58 terabytes of child sexual abuse material

By Carolina

On May 15th, 2018, a man from Allen city Texas

This is a post from HackRead.com Read the original post: Man arrested for possession of 58 terabytes of child sexual abuse material


May 28, 2018 at 06:15PM

Sunday, May 27, 2018

Cola-Cola breach: ex-employee stole hard drive with 8,000 workers’ data

By Carolina

The world-renowned carbonated soft drink producer Cola-Cola has announced that it has

This is a post from HackRead.com Read the original post: Cola-Cola breach: ex-employee stole hard drive with 8,000 workers’ data


May 27, 2018 at 10:35PM

Check Out the Delta Risk Cyber Security Blog – Page 1

I have spent the most notable years of my career helping organizations improve their cyber security incident response plans. To do this effectively, we dive in, ask questions, consider scenarios, look at contingencies, and identify gaps. It has personally been very rewarding for me because planning is in my core – I rarely fly by the seat of my pants, and usually have multiple back up plans. But on August 25, 2017, I was blindsided by Hurricane Harvey.

The post Check Out the Delta Risk Cyber Security Blog – Page 1 appeared first on Cybersecurity Insiders.


May 27, 2018 at 09:10PM

Saturday, May 26, 2018

New cryptojacking malware hits Mac devices

By Waqas

There is no doubt about the fact that cryptojacking malware

This is a post from HackRead.com Read the original post: New cryptojacking malware hits Mac devices


May 26, 2018 at 10:29PM

Hackers deface Airport screens in Iran with anti-government messages

By Waqas

On Thursday 24th May, the airport screens at Mashhad city in northeast

This is a post from HackRead.com Read the original post: Hackers deface Airport screens in Iran with anti-government messages


May 26, 2018 at 09:25PM

Announcing support for Alpine!

Earlier this year we released CloudPassage Container Secure and we’re pleased to say that since that release, we’ve received some phenomenal feedback from our customers. This customer feedback hasn’t gone unnoticed, and we have spent the last few months using it to continuously improve our Container Secure capabilities.

So thanks to your input we have some new additions the we’re pleased to announce: along with the CoreOS support rollout we released in February, we have released support for Alpine!

Alpine’s lightweight and security-aware platform has become a customer favorite these days, and therefore it was a no-brainer for our team to provide full support for Alpine-based Images. We’re excited for our customers to take advantage of Software Vulnerability Assessment (SVA) on Alpine with this additional support.

Also with Alpine Image support, we’ve gone ahead and included support of SVA on Alpine Host with the CloudPassage Halo agent as the container form factor.

To learn more about CloudPassage Container Secure, visit our webpage!

The post Announcing support for Alpine! appeared first on Cybersecurity Insiders.


May 26, 2018 at 09:10PM

Friday, May 25, 2018

Hundreds of Android devices shipped with pre-installed malware

By Waqas

It is commonly believed that a brand new handset would

This is a post from HackRead.com Read the original post: Hundreds of Android devices shipped with pre-installed malware


May 26, 2018 at 12:04AM

Bitcoin Gold loses over $18 million after hack attack

By Waqas

Hackers are conducting Double Spend attack on cryptocurrency exchanges and the

This is a post from HackRead.com Read the original post: Bitcoin Gold loses over $18 million after hack attack


May 25, 2018 at 09:19PM

Amazon Alexa overhears a couple’s private conversation and sends it to their random contacts as an audio file

Alexa, the virtual assistant operating in the Amazon Smart Speakers named ECHO is said to have overheard a private conversation of a couple in Portland and alleged to have sent that conversation to one of their random contacts, triggering data privacy concerns.

According to a report disclosed by a Seattle based television station KIRO, Alexa, the digital assistant on Amazon Echo devices recorded a private conversation between a woman named Danielle and her husband and sent that conversation as an audio file to the boss of the husband.

The incident which took place in a family house located in Portland, Oregon, is an instance depicting total privacy invasion and has triggered new concerns among users of smart speakers manufactured by Google and Amazon.

What caused the speakers to record the conversation and what made the virtual assistant send the romantic conversation of the couple to the employer still appears to be a mystery.

When the couple complained the same to Amazon, it sent in an engineer to investigate the matter. The engineer discovered the recorded conversation in one of the log files and simply apologized for the error.

Later Amazon clarified to the media that since the couple mentioned the word “ Alexa” in their conversation, it activated the VA in Echo which recorded their conversation. And probably the virtual assistant could have heard the word ‘send message’ in the couple’s romantic conversation which made it send the conversation as an audio file to one of the random contacts which happened to be the employer of Danielle Husband.

Danielle says that she will never plug in the device ever again and will start looking for interested prospects on Ebay to sell the device. 

Note- In order to use Alexa’s Calling and Message app to the core, one needs to sync the contacts of their phone’s address book to the Alexa app. This procedure will help you in easily sending audio responses to those on your address book provided they are using the Alexa services.

The post Amazon Alexa overhears a couple’s private conversation and sends it to their random contacts as an audio file appeared first on Cybersecurity Insiders.


May 25, 2018 at 08:57PM

Pornhub’s VPNhub is a free VPN for everyone

By Carolina

Looking for a free VPN service? Look no further, believe

This is a post from HackRead.com Read the original post: Pornhub’s VPNhub is a free VPN for everyone


May 25, 2018 at 06:49PM

Thursday, May 24, 2018

What’s Your GDPR Readiness Personality? The Results Are In.

GDPR Personality Type
With General Data Protection Regulation enforcement now days away, those involved with compliance could probably use some light relief. As you may have spotted, we’ve been doing our bit on that front over the last few weeks running our “GDPR Animal” Personality Quiz.

So how did you compare to your peers and what, if any, conclusions can we draw from this highly unscientific exercise?

Almost 850 Animals in the “GDPR Jungle”

The response has been terrific with thousands visiting the quiz and almost 850 taking it to date. We designed the questions to explore readiness along a couple of different traits. Some questions we asked were designed to expose how ready you were for the May 25th deadline, others were about your attitude to GDPR and the whole process of becoming compliant.

So what did we discover? Well the good news is that very few of you were “Oblivious Ostriches” (around 1.5%). These were the folks who had no clue what General Data Protection Regulation was all about and had their heads resolutely “stuck in the sand”. Also, it’s great to know that only a little over 1% of you fell into the category “Deer – Oh dear!” – those that felt trapped in the headlights of GDPR and had become frozen into inaction.

By far the greatest number of you, we’re pleased to report, at over 67% were “Wise Owls”. Wise Owls have their GDPR plan down and while, not yet complete, are well on their way to methodically and calmly working toward compliance by May 25th.

Over 16% of you were “Lazy Lions”. Like a lion you’re not really keen to get going until the end game is completely in sight. You have the knowledge and capability to get your GDPR program done by May 25th – you just enjoy that final sprint to the finish. I guess some of us respond better to deadlines when they are upon us than others!

Nearly 13% of you were “Grizzly Bears”. You’re really not happy about having to “waste” time on GDPR. You’re going through the motions, but really you’d be happy someplace else where the regulators would get off your back. I guess we’ve all had those days.

And what about the Fabulous Foxes? These who are already at the end of their GDPR compliance program and are sitting high and proud, watching the rest of the world trying to catch up. Well, if our quiz is even partially right, you are a rare breed indeed, with less than 1 in a hundred of you already in this coveted position.

We hope you have enjoyed playing along with us as we’ve tried to lighten the load a little in your preparations. If you didn’t get to play along yet, the quiz is still open right up to May 25th.

But really – don’t you think it’s about time you knuckled down and just got on with it?

Here are some helpful resources that can get you on your way to General Data Protection Regulation compliance:

eBook – GDPR Overview & Compliance Best Practices
White Paper – Essential Security Technologies for GDPR Compliance
Webinar – GDPR Summary: Why Encryption and Other Measures Are Now a Must

And check out Gemalto’s GDPR compliance solutions.

The post What’s Your GDPR Readiness Personality? The Results Are In. appeared first on Gemalto blog.

The post What’s Your GDPR Readiness Personality? The Results Are In. appeared first on Cybersecurity Insiders.


May 24, 2018 at 09:09PM

Chapter Spotlight: SSDC

ISC2QuanticoChapterOn May 7th and 8th, (ISC)² hosted its annual Secure Summit D.C. (SSDC) cybersecurity conference. (ISC)² Secure Summit DC evolved from (ISC)² CyberSecureGov to assemble the best minds in cybersecurity for two days of insightful discussions, workshops and best-practices sharing.

Three local (ISC)² Chapters were represented at the event: Quantico Chapter, National Capital Region (NCR) Chapter, and the NOVA Chartering Chapter. The chapters each hosted a table at the event, where 850+ attendees were able to ask questions, learn more about the (ISC)² Chapter Program, and even express interest in joining a local chapter.

The (ISC)² National Capital Region (NCR) Chapter’s primary goal in participating in Secure Summit DC 2018 was to increase membership and identify potential speakers for upcoming meetings. The chapter leadership was not disappointed! The chapter collected contact information from over 45 attendees who expressed interest in joining the chapter and another six who tentatively agreed to present at an upcoming Chapter meeting! – Kyle Hendrickson, President of the (ISC)² National Capital Region Chapter

The Quantico Chapter and NOVA Chartering Chapter also had large numbers of interest, with the NOVA chapter having over 100 people registering for more information!

“One of the benefits of attending an (ISC)² event is the chance to connect and reconnect with colleagues and other security professionals,” NCR Chapter PIC1says Kyle Hendrickson. Dan Waddell, the NOVA Chartering Chapter Petitioner, agreed; He mentioned that since the NOVA Chartering Chapter is still in the chartering phase, “the chapter appreciates the advice of other Official chapters and cybersecurity professionals on a variety of topics to include meeting logistics, technology, and more.” All three chapters believe that future collaboration and communication with other chapter leaders is vital to the success of the (ISC)² Chapter Program, and of events like SSDC.  

“The Cyber Security horizon is changing rapidly. The only way to be prepared is to hear about the many threats and best solutions for adapting in this fast-paced environment. Summit Solutions D.C. was a two-day reality check concerning the dangers we will be facing. It was highly worthwhile,” says Quantico Chapter’s Education Chair Joseph Irr, who also mentioned that some of “the most interesting aspects of the event were insights into all the new attack vectors that are emerging and ways to combat them.”

Secure summit _NOVA_pic1Secure Summit and other cybersecurity events, like SSDC, help chapter leaders and members gather important information about the industry to take back to their local communities. These chapter members can then share that information in order to help push forward the mission of inspiring a safe and secure cyber world.

Aside from the networking, information sharing, and educational sessions, all three chapters raved about the venue at the MGM Grand, calling the venue, the event itself, and the entire SSDC event team “first class all the way!” The NCR and Quantico chapters are looking forward to returning in 2019 – and the NOVA Chartering Chapter is looking forward to attending SSDC 2019 as an official chapter!

Click here to learn more about SSDC and upcoming (ISC)² events >>

Connect with the Chapters that attended SSDC 2018 here:
Quantico Chapter | http://www.isc2quanticochapter.org
National Capital Region Chapter | http://www.isc2ncrchapter.org
NOVA Chartering Chapter | http://novaisc2chapter.org

The post Chapter Spotlight: SSDC appeared first on Cybersecurity Insiders.


May 24, 2018 at 09:09PM

Ransomware attacks surge Cyber Insurance claims in Europe

Ransomware attacks have surged cyber insurance claims in Europe says a report compiled by AIG, one of the largest cyber insurers on the globe. The data shows that the financial institution has received as many cyber claims last year as in the previous four years from companies operating in Europe, Middle East, and Africa.

AIG report also disclosed that the rise in claims stats was a result of a surge in ransomware attacks, in which hackers decrypt a database from further access until a ransom is paid to them in Cryptocurrencies such as Bitcoins or Monero.

“Ransomware attacks accounted to just over a quarter of claims last year, up from 13% in 2016”, said Mark Camillo, Head of AIG’s European Cyber Insurance Business.

As hackers were finding it difficult to make money from cybercrime, they chose to go for ransomware attacks says Mr. Camillo. He added that it was easy to siphon data from the magnetic strips of cards earlier. But with the PIN and 2-way authentication, things have turned almost impossible to hackers now.

AIG cyber insurance claims stats say that only 10 percent of affected companies paid the ransom to hackers. But there is no guarantee that all of them were awarded a decryption key in exchange to the ransom.

Analysts from Jefferies bank forecast that the global market for cyber insurance will grow from just under $4 billion in premiums in 2018 to $7 billion in 2020.

Readers of Cybersecurity Insiders are requested to notify a fact over here that ransomware news hit headlines last year during the same time when WannaCry ransomware attack hit Britain’s NHS and other parts of the world. It not only caused financial damage worth billions of pounds but also led to the shut down of many businesses on temporary and on a permanent note.

Greg Case, an insurance broker at AON says that insurers can do more to cover cyber risks to the maximum extent. He divulged his opinion on seeing the figures of the industry which say $3 billion premia is written in cyber at a time when clients in the US have $450 billion in reported loss- which is absolutely not relevant and proves non- responsive.

Another change visible in the stats was a shift in the type of companies which are being targeted. It was discovered that professional service offering companies serving law and accounts field made up to 18% of claims last year, up from just 4% between 2013 and 2016.

The report of AIG asserts that crypto jacking crime-where hackers use CPU of victimized computers to mine cryptocurrency- is also on the rising.

Trade analysts feel that the market for cyber insurance will mature further as the said field is said to rapidly grow in the area of specialized commercial insurance in next couple of years.

The post Ransomware attacks surge Cyber Insurance claims in Europe appeared first on Cybersecurity Insiders.


May 24, 2018 at 08:51PM

Teen monitoring app exposes plaintext Apple ID passwords of its users

By Uzair Amir

A popular teen monitoring app has become a victim of a

This is a post from HackRead.com Read the original post: Teen monitoring app exposes plaintext Apple ID passwords of its users


May 24, 2018 at 07:46PM

Personal Data of 200M Japanese sold on underground hacking forums

By Waqas

A cybercriminal operating from outside China was found to be

This is a post from HackRead.com Read the original post: Personal Data of 200M Japanese sold on underground hacking forums


May 24, 2018 at 03:08PM

Wednesday, May 23, 2018

Gemalto EVOLUTION: Helping Businesses Adapt to Digital Transformation

Gemalto Evolution 2018
Organizations across various industry verticals are undergoing or have transformed their business in order to move into the digital economy. Some have embraced online transactions, while others have brought on mobile apps and countless more are moving to consumption-based IT models such as the cloud.

Digital transformation presents organizations with numerous business advantages but not without its risks.

One of the greatest concerns of the digital age is data security. Customers, citizens and employees share their payment data, personal information and other sensitive PII with organizations. Unfortunately, some organizations might not take customers’ data security seriously…that is, until a data security breach occurs.

The threat of a data security breach begs the following question: are organizations thinking about data security when they are planning to transform their business to meet the digital age? Or does it come to mind only after they’ve joined the ranks of Equifax, Uber and others that have suffered a security incident?

If data security isn’t already a priority for organizations, it’s more likely to become one in 2018. That’s because of the onset of data protection legislation including the Notifiable Data Breaches (NDB) scheme the General Data Protection Regulation (GDPR). Companies aren’t wasting any time under these frameworks, either. To illustrate, the NDB came into effect in February; just eight weeks later, the Office of the Australian Information Commissioner (OAIC) had already received 63 breach notifications reported under the scheme.

It’s not just in Australia. Gemalto’s Breach Level Index (BLI) detected several important trends in 2017 suggesting that breaches are getting worse, for example, accidental loss caused 1.9 billion records to be exposed, a 580% increase in the number of records from 2016. Additionally, identity theft was 69% of all data breach incidents. Over 600 million records were impacted, resulting in a 73% increase from 2016.

These findings spell trouble for organizations and their customer relations. In Gemalto’s 2016 Data Breaches and Customer Loyalty report, 66% of respondents said they were unlikely to do business with a company that suffered a breach exposing their financial and sensitive information.

Data security incidents have real impacts on organizations’ ability to do business. Acknowledging this finding, Gemalto has decided to collaborate with VMware and F5 Networks who are sponsoring Gemalto EVOLUTION 2018. There, attendees can hear me and other cyber security experts speak about data security and how to protect their organizations in the age of digital transformation.

Interested in learning more? Join us at Gemalto EVOLUTION 2018 on 31 May at the Parkroyal Darling Harbour in Sydney, Australia.

The post Gemalto EVOLUTION: Helping Businesses Adapt to Digital Transformation appeared first on Gemalto blog.

The post Gemalto EVOLUTION: Helping Businesses Adapt to Digital Transformation appeared first on Cybersecurity Insiders.


May 23, 2018 at 09:09PM

Biometrics and the next financial sector revolution

In little more than five years, the financial services industry has went through a great transformation. Driving the breakneck pace of change is an ambitious new breed of fintechs, but also well-established tech companies and banks with histories stretching back centuries. Commercial success has gone hand in hand with fundamental changes to consumer behaviour – from paying for something with a wave of our phone to immediately transferring funds to a friend via an app.

But the elephant in the room is security – which in the rush to innovate, has occasionally been overlooked. But with cyber-attacks making the headlines on a daily basis, maintaining customer confidence and trust is critical to long-term success. What’s more, the latest open banking initiatives and new regulations like PSD2 will further increase the pressure to ensure robust protection of customer data and funds. Biometrics can play a central role in the quest to address these challenges, by combining security with usability, but it’s not a magic bullet. Unleashing its full potential demands careful consideration of a range of different factors.

Security vs convenience?

24/7 connectivity has brought with it a step change in customer expectations. Unfortunately, this realignment has also led to increased attention from cyber criminals. As the scale and sophistication of cyber-crime has grown, so has customers’ need for reassurance. A survey we commissioned found that 44% would switch banks in the event of a security breach. But does strengthening protection against threats mean compromising the user experience? It’s a critical question: the same survey also found that 38% would switch to a bank offering a better service. Success depends on marrying convenience and security – by strongly identifying users to facilitate safe access to an array of services.

Biometrics are already here

Biometric technology can provide an answer to this paradox, and is already being used. The use of fingerprint and facial recognition to unlock smartphones led the charge, but it’s not the whole story – biometric identification is increasingly commonplace at ePassport gates, and some forward-thinking banks are enabling customers to authorize transfers via a selfie, or withdraw cash from an ATM with a palm scan. For banks and merchants, biometrics provides a truly unique means of identification as well as authentication. For consumers, it offers the ultimate in convenience – something they always have with them, which can’t be forgotten or lost.

But despite this, a ‘one size fits all’ approach won’t work. Today’s consumer values choice and individuality as highly as security and convenience; therefore, successful adoption is dependent on creating a digital journey that customers are immediately comfortable with.

Integration is the key

To be implemented effectively, biometrics requires integration with strong authentication and fraud detection solutions. Crucially, authentication provides the link between a local biometric check (such as a fingerprint scan on a smartphone) and the bank or merchant’s own system. Fraud detection, meanwhile, based on user’s behaviour and device profiling technologies, should deliver the instant, real-time analysis necessary for the provider to either approve or block a transaction, or seek further authentication. Significantly, this approach also matches one of the key principles of the PSD2 directive.

Applying AI to fraud detection

The good news is that banks are now able to deploy a new generation of platforms to meet these requirements. For example, our Assurance Hub uses Artificial Intelligence to determine the potential for fraud in any transaction by assessing a vast array of signals and behaviour – from the user’s location and device preferences to the way they interact with their mouse or keyboard. Anything out of the ordinary can be identified and assessed to determine whether additional authentication – such as a PIN code or fingerprint scan – is needed, or if the transaction can proceed without further intervention. The system also guarantees privacy since the data analytics is anonymous.

Extending the appeal of contactless payment

Biometric technologies are also having a positive impact on the way we pay. Contactless payments have been another defining characteristic of the past decade, but an innovative new payment card promises to combine the ease of contactless transactions with equally effortless biometric authentication. A fingerprint scanner built into the EMV biometric card enables the holder to authorize payments with nothing more than a finger scan. There’s no need to enter a PIN code, and no need to set a contactless payment limit.

Learning from the public sector

The benefits of biometrics extend well beyond the banking domain, and particularly in the public sector for law enforcement. Since the early 1980s, AFIS (Automated Fingerprint Identification System) has been steadily replacing the laborious task of manually searching for fingerprint matches. Now it is being replaced by the ABIS (Automated Biometric Identification System) which uses a richer array of information to identify suspects. Government bodies are also starting to employ biometric technologies to tackle problems such as voting and benefit fraud, and to help secure national borders and citizens’ identities.

Financial service providers will reap the benefits of government investment

As adoption of biometrics by governments gathers pace, banks will have opportunities to use national identity schemes in the quest to combine convenience and security. With full end-user permission and the proper privacy safeguards in place, providers could facilitate swift and safe access not only to banking services, but also social and welfare benefits, or even in-store payments on a merchant’s phone that do away with the need for the customer to use either a phone or card of their own. As a result, government investment in biometrics can stimulate growth and innovation in the private sector too, and help citizens complete numerous day-to-day tasks with far greater ease and efficiency.

Biometrics has quickly captured the world’s imagination. Given the sheer speed of change in the financial services sector, future growth here is likely to be swift. There can be little doubt that it represents a vital tool for all those providers – banks, fintechs and merchants – that understand that innovation can only flourish if it is underpinned by credibility and confidence among end users.

The real key, though, is to see biometrics as part of a much bigger picture. Realizing its full potential and meeting the expectations of customers and regulators alike demands a genuinely holistic approach. Enterprises need to tailor biometric techniques to the preferences of individual customers, and successful deployment invariably involves integration with equally sophisticated authentication and risk assessment solutions. The good news for providers is that technology which ticks all these boxes – and many more – is now readily available. As a result, the digital banking revolution can finally look forward to a future in which trade-offs between security and convenience are well and truly a thing of the past.

The post Biometrics and the next financial sector revolution appeared first on Gemalto blog.

The post Biometrics and the next financial sector revolution appeared first on Cybersecurity Insiders.


May 23, 2018 at 09:09PM

Russian hackers infect 500,000 routers to launch a massive cyber attack on Ukraine

Cisco Systems Inc on Wednesday issued a warning that says hackers from Russia have infected over 500,000 routers including storage devices in order to launch a massive cyber attack on Ukraine. The Networking giant stressed on the fact that the attack will be of Denial of service attack genre and will be mainly targeting Ukraine’s critical infrastructure in Kiev.

Meanwhile, a news update released by a popular news source from Kiev says that the Russian Federation has already shown cyber aggression by targeting its critical infrastructure during the UEFA Champions League Final and now it was a payback time.

Note 1 –  UEFA Champions League Final is the biggest game in the club football history of this season. It is being held in the capital of Ukraine i.e in Kiev and will witness two teams Real Madrid and 5 times champion Liverpool taking on each other.  The final match of the football champions league will take place on Saturday 26,2018 and Ukraine believes that Russian hackers will try their best to disrupt the final event by knocking down the digital assets used to hold the match in a peaceful and organized manner- such as ticketing infrastructure.

A cyber intelligence unit from Cisco Talos says that it has high confidence that a hacker’s group have devised a malware dubbed VPNFilter which is likely to be used in the possible cyber attack campaign taking place on the eve of the finals. As there is evidence that the hacking software used to infect the routers in Ukraine has traces of that being previously used on US Government which was attributed to Moscow by FBI and CIA on a joint note.

Researchers from Cisco say that the malware could be used for espionage, to disrupt internet communication or launch destructive attacks on Ukraine.

Cisco Researcher Craig Williams confirmed this news to Reuters and said that Kremlin will, as usual, deny all these allegations as it has been doing till date.

The alert was issued based on the inputs provided by Cyber Threat Alliance(CTA), a non-profit group that promotes the fast exchange of data on new threats between contenders in the cybersecurity industry.

Members of CTA include Cisco, Check Point Software Technologies, Fortinet, Palo Alto Networks, Sophos Group Plc, and Symantec Group.

News is out that the technical details about VPNFilter were shared by CTA in a secret video conference with Cisco on Monday.

And as per a CTA source reporting to our Cybersecurity Insiders, a VPNFilter infects routers and internet based storage devices used in home offices and small offices, and the infected army of devices can be used to launch distributed denial of service attacks on websites owned by the government and private entities.

Note 2- Cisco Talos learned about the attack on May 8th this year and discovered that over 500,000 routers in Ukraine were infected with malware. Now after getting a confirmation from CTA, it has released the discovered data to the media and predicts that UEFA Champions League Final might get doomed with various Russian cyber threats.

The post Russian hackers infect 500,000 routers to launch a massive cyber attack on Ukraine appeared first on Cybersecurity Insiders.


May 23, 2018 at 08:45PM

Tuesday, May 22, 2018

US President Trump shows a blind eye towards Mobile Security

US President Donald Trump is said to be rebuffing his staff efforts to strengthen security around his phone use, by failing to follow regular security protocols. According to a report published in Politico, the 45th President is said to be using two mobile phones that lack the necessary security features to conceal his communications.

As per the sources reporting to Cybersecurity Insiders, Trump uses an Apple iPhone and a Samsung Galaxy phone variant for his day to day communication needs with his staff, friends, and family members.

A source quotes that as per the regular security protocol, the US president should surrender his phone or communication device/s to his staff every month for security staffers to see whether it had been hacked.

But Donald Trump refuses to do so because it can cause inconvenience to his day to communication needs and Twitter updates.

Thus, Trump’s sloppiness towards mobile security could land him into severe trouble, if in case, his phone gets hijacked by some state-funded actors from Russia or China. The practice could also play a large role in shaping a negative perception among the public which could be used against him in the upcoming polls.

Note 1- Remember, Trump sarcastically poked fun at Hillary Clinton when she disregarded an instruction from the Foreign Affairs Manual directing her to use state department equipment for email communication. This not only landed her into a political controversy but also cost her the national elections held in 2016.

Note 2- Both the smartphones which are being used by Trump have just a bunch of news apps along with the Twitter application loaded onto them. All the bloatware and other means are scraped out from the phone by the security staff of Mr. Trump.

The post US President Trump shows a blind eye towards Mobile Security appeared first on Cybersecurity Insiders.


May 22, 2018 at 09:15PM