News & Information       http://info.owt.com

Security

05/26/2017   Security Focus Vulnerabilities
[security bulletin] HPESBHF03750 rev.1 - HPE Network Products including Comware 5, Comware 7 and VCX running NTP, Remote Denial of Service (DoS), Unauthorized Modification, Local Denial of Service (DoS)
05/26/2017   Security Focus Vulnerabilities
[SECURITY] [DSA 3863-1] imagemagick security update
05/26/2017   Security Focus Vulnerabilities
[security bulletin] HPESBHF03746 rev.1 - HPE Intelligent Management Center (iMC) PLAT, Remote Code Execution
05/26/2017   Security Focus Vulnerabilities
WebKitGTK+ Security Advisory WSA-2017-0004
05/26/2017   SecurityFocus News
Enterprise Intrusion Analysis, Part One
05/26/2017   SecurityFocus News
Responding to a Brute Force SSH Attack
05/26/2017   SecurityFocus News
Data Recovery on Linux and <i>ext3</i>

>> Advertisement <<
Can you answer the ERP quiz?
These 10 questions determine if your Enterprise RP rollout gets an A+.
http://www.findtechinfo.com/as/acs?pl=781&ca=909
05/26/2017   SecurityFocus News
WiMax: Just Another Security Challenge?
05/26/2017   SecurityFocus News
Time to Squish SQL Injection
05/26/2017   SecurityFocus News
Lazy Workers May Be Deemed Hackers

>> Advertisement <<
Can you answer the ERP quiz?
These 10 questions determine if your Enterprise RP rollout gets an A+.
http://www.findtechinfo.com/as/acs?pl=781&ca=909
05/26/2017   SecurityFocus News
The Scale of Security
05/26/2017   SecurityFocus News
Hacker-Tool Law Still Does Little
05/26/2017   Forbes Security
As many as 36 million downloaded apps containing a hidden feature that forced their Android phones to click on ads.
05/26/2017   Forbes Security
The same hackers who breached the DNC planted fake data in leaks on a prominent Kremlin critic, security analysts say.
05/26/2017   Trend Micro Security
Welcome to our weekly roundup, where we share what you need to know about the cybersecurity news and events that happened over the past few days. Below you’ll find a quick recap of topics followed by links to news articles and/or our blog posts providing additional insight. Be sure to check back each Friday for...
05/26/2017   Forbes Security
All physical security relies on understanding. There’s no physical security discipline where you would try to protect a space that you didn’t understand. Yet in cybersecurity many say the data center is too complicated, changes too fast, is too heterogeneous, and we focus on detection instead.
05/26/2017   Sophos Security
SMB is the Windows networking protocol, so SMB security holes like the one that led to WannaCry can't happen on Linux/Unix, right? Wrong!
05/26/2017   Sophos Security
Despite use of facial recognition being banned under state law, Vermont's DMV is 'overstepping' the legislation, say campaigners
05/26/2017   Security Focus Vulnerabilities
Samba CVE-2017-7494 Remote Code Execution Vulnerability
05/26/2017   Security Focus Vulnerabilities
ZoneMinder CVE-2016-10203 Cross Site Scripting Vulnerability
05/26/2017   Security Focus Vulnerabilities
Rpcbind CVE-2017-8779 Remote Denial of Service Vulnerability
05/26/2017   Security Focus Vulnerabilities
Ansible CVE-2017-7481 Security Bypass Vulnerability
05/25/2017   Sophos Security
Many pointed the finger at Windows XP, but the worst hit computers were unpatched Windows 7 machines
05/25/2017   Forbes Security
Hundreds of thousands of computers were hit by the WannaCry ransomware. Several major hospitals were among its more notable victims.
05/25/2017   Sophos Security
Your daily round-up of some of the other stories in the news
05/25/2017   Sophos Security
A vulnerability in caption files has been patched in some media players, but it's not clear how widespread the flaw still is
05/25/2017   Wired Security
Russian Hackers Are Using ‘Tainted’ Leaks to Sow Disinformation
A group of security researchers present the most systematic analysis yet showing Russian hackers mix fakes in with their hacked revelations. The post Russian Hackers Are Using 'Tainted' Leaks to Sow Disinformation appeared first on WIRED.
05/25/2017   Forbes Security
Hackers are hiding viruses in video subtitle files for media players, allowing them to take over users' devices.
05/25/2017   Sophos Security
New machine-learning tool aims to deliver even more information to Google's advertisers about your 'consumer journey'
05/25/2017   Trend Micro Security
For all the panic it caused, WannaCry looks finally to have been contained by organisations round the globe. But this isn’t the time to forget about it and move on. There are valuable lessons to be learned about this attack, why it was so successful and what can be done to prevent it happening again....
05/25/2017   Sophos Security
Europe moves a step closer to limiting the spread of extremism and toxic content via social platforms
05/25/2017   Forbes Security
Attackers will get in. Their approach, once in your network, is predictable if you know what to look for.
05/24/2017   Department of Homeland Security
05/24/2017   Department of Homeland Security
Release Date: 
May 25, 2017

138 Dirksen Senate Office Building

Chairman Boozman, Ranking Member Tester, and distinguished Members of the Subcommittee:

It is a great honor and privilege to appear before you today to discuss the Department of Homeland Security’s (DHS) crucial missions of protecting the homeland and securing our borders.

The men and women of DHS are exceptional and dedicated professionals who work tirelessly in support of our mission to safeguard the American people, our homeland, and our values with honor and integrity. I am pleased to appear before you to present the President’s Fiscal Year (FY) 2018 Budget request for the Department of Homeland Security.

The President’s Budget puts America first, and builds on DHS’s accomplishments over the past 14 years. It makes critical investments in people, technology, and infrastructure for border security and the enforcement of our immigration laws. It advances cybersecurity programs, strengthens our biometric identification programs, promotes the expansion of E-Verify, and supports our new Victims of Immigration Crime Engagement (VOICE) Office. The Budget also sustains the U.S. Coast Guard (USCG), our nation’s fifth service, to continue its important mission of ensuring maritime safety, security, and stewardship.

DHS is committed to the rule of law. Our men and women take an oath to defend the Constitution of the United States and uphold the laws of this great country against all enemies— foreign and domestic—and we get it done. We face diverse challenges and adversaries that do not respect the rule of law, or our borders. Our government must remain vigilant in detecting and preventing terrorist threats, including threats we face from “lone offenders,” who may be living in our communities and who are inspired by radical, violent ideology to do harm to Americans. I remain committed to tirelessly protect our country from threats, secure our borders, and enforce our laws—all while facilitating lawful trade and travel, and balancing the security of our nation with the protection of privacy, civil rights, and civil liberties.

The President’s FY 2018 Budget requests $44.1 billion in net discretionary funding for the Department of Homeland Security. The President’s Budget also requests $7.4 billion to finance the cost of emergencies and major disasters in the Federal Emergency Management Agency’s (FEMA’s) Disaster Relief Fund.

In order to ensure we are stretching every one of these dollars, we are striving to further improve information sharing, collaboration, and transparency, all of which are essential to leveraging the full value of every dollar DHS receives. We are expanding our cooperation with State, local, tribal, territorial, and regional partner nations, particularly Canada and Mexico. These partnerships are critical to identifying, monitoring, and countering threats to U.S. national security and regional stability.

I am also working to improve transparency and information sharing across the DHS enterprise to build efficiencies into our intelligence processes. An example of this is my ongoing support of DHS’s Joint Task Forces, which link the authorities and capabilities of multiple DHS components in a unified approach that addresses emerging and priority threats to our nation. The magnitude, scope, and complexity of the challenges we face— including illegal immigration, transnational crime, human smuggling and trafficking, and terrorism—demand an integrated counter-network approach.

Border security is a high priority, and involves protecting 7,000 miles of land border, approximately 95,000 miles of shoreline, and 328 ports of entry along with staffing numerous locations abroad. We appreciate the support Congress has provided to improve security at our borders and ports of entry. With that support, we have made great progress, but more work must be done.

The President’s Budget requests $1.6 billion for 32 miles of new border wall construction, 28 miles of levee wall along the Rio Grande, where apprehensions are the highest along the Southwest Border, and 14 miles of new border wall system that will replace existing secondary fence in the San Diego Sector, where a border wall system will deny access to drug trafficking organizations. The Budget also requests $976 million for high-priority tactical infrastructure and border security technology improvements for U.S. Customs and Border Protection (CBP). Under the President’s Executive Order No. 13767, Border Security and Immigration Enforcement Improvements, CBP is conducting risk assessments to the needs of frontline officers and agents that will be used to tailor an acquisition strategy going forward.

While technology, equipment, and physical barriers certainly help secure our borders, we also must have more boots on the ground. I remain committed to hiring and training new Border Patrol agents and commensurate support personnel as supported by the President’s Budget and Executive Order No. 13767. Let me be clear, we will maintain our standards, yet we will streamline hiring processes. This includes initiatives like waiving polygraph testing requirements for qualified Federal, State, and local law enforcement officers, as well as members of the Armed Forces, veterans, and members of the Reserves or the National Guard, as contemplated by legislation now pending before the Congress. On a broader scale, my Deputy Secretary, Elaine Duke, and I are working hard across DHS to attract, retain, and enhance career opportunities for our workforce.

Effective border security must be augmented by vigorous interior enforcement and the administration of our immigration laws in a manner that serves the national interest. As with any sovereign nation, we have a fundamental right and obligation to enforce our immigration laws in the interior of the United States—particularly against criminal aliens. We must have additional U.S. Immigration and Customs Enforcement (ICE) Enforcement and Removal Operations (ERO) officers to expand our enforcement efforts. The FY 2018 Budget requests over $7.5 billion in discretionary funding for ICE to support both the expansion of transnational criminal investigatory capacity within Homeland Security Investigations (HSI) as well as ERO’s expanded targeted enforcement activities, including increases for more than 51,000 detention beds to accommodate expected increases in interior arrests of criminal and fugitive aliens, associated transportation and removal costs, and an estimated 79,000 participants in ICE’s Alternatives to Detention Program contract. Included in the request is $185.9 million to hire more than 1,600 additional ICE ERO officers, HSI agents, and support personnel.

Detaining illegal aliens, and deporting them to their countries of origin, does not address the needs of members of our public who have been the targets of their crimes. For this reason, the Budget also requests an additional $1 million to enhance the current operations of DHS’s new VOICE Office, which supports victims of crimes committed by criminal aliens. As I have noted before, all crime is terrible, but these victims are unique because they are casualties of crimes that should never have taken place. The people who victimized them should not have been in this country in the first place.

To protect the American people, we must continue to improve our identification verification and vetting processes.

E-Verify is currently a voluntary program administered by U.S. Citizenship and Immigration Services that deserves more of our attention. Through E-Verify, our nation’s employers verify the employment eligibility of their employees after they are hired, which in turn helps protect American workers from unfair competition. The President’s Budget requests $131.5 million for E-Verify operations, which includes an additional $15.2 million for expansion of the program to support the mandatory use of E-Verify nationwide within three years—should Congress provide the authority to do so. We appreciate the continued support of Congress for this program.

Biometrics is another critical DHS identification and verification initiative, and I am committed to the pursuit of robust capabilities in this area. The Budget requests $354 million to support biometric initiatives. We continue to make progress on the Biometric Entry-Exit System, with the goal of making air travel more secure, convenient, and easier.

The threat to aviation security remains high, and criminals and terrorists continue to target airlines and airports. We must continue to improve how we screen the belongings of travelers and cargo. We are in the business of protecting lives, and improved screening technologies coupled with additional Transportation Security Administration (TSA) Officers working security functions at the checkpoints, will help us deter, detect, disrupt, and prevent threats to aviation security. DHS continues to prioritize explosives screening, threat assessments, and detection capabilities, and the President’s Budget includes $77.0 million for research and development in this area. The Budget also includes $277.2 million for checked baggage screening and explosives detection equipment.

Currently, TSA Officers screen more than two million passengers and their belongings each day, and this number is growing. Additional TSA Officers must be deployed to airport checkpoints to meet the increasing volume of travelers. The President’s Budget offers a sound, two-part approach to meeting this challenge. First, the Budget proposes a much-needed increase in TSA passenger fees—only one dollar, changing the fee from $5.60 to $6.60, for each one-way trip. While Congress previously denied this increase, Congress must act now in order for TSA to continue to meet its mission to protect our nation from ever evolving security threats.

Second, the Budget proposes that TSA cease staffing airport exit lanes, which will enable placement of an additional 629 TSA Officers at the checkpoints. This solution reflects risk-based analysis; TSA Officers are specially trained to ensure no metallic or non-metallic threat items make it onboard planes. Their security screening skills and expertise are not being put to good use while staffing airport exit lanes, and this is a waste of taxpayer dollars.

The President also requests $8.4 billion in operating expenses and recapitalization costs for USCG to promote maritime safety and security. Increases to Coast Guard’s operating budget will ensure the agency keeps parity with the pay and benefits increases provided to the other armed services. Additionally, the Budget funds the crewing and maintenance requirements for all new ships and aircraft scheduled for delivery in 2018. Within the $1.2 billion request for Coast Guard’s acquisition programs, $500 million is provided to contract for the Coast Guard’s first Offshore Patrol Cutter and long lead time material for the second OPC.

In addition to our physical security and protection activities, we must continue efforts to address the growing cyber threat, illustrated by the real, pervasive, and ongoing series of attacks on public and private infrastructure and networks. The FY 2018 Budget includes approximately $971.3 million for the National Protection and Programs Directorate’s cybersecurity activities, including $397 million for continued deployment and enhancements for EINSTEIN, which enables DHS to detect and prevent malicious traffic from harming Federal civilian government networks. It also provides $279 million for our Continuous Diagnostics and Mitigation Program to provide hardware, software, and services to strengthen the security of Federal civilian “.gov” networks.

DHS also must be vigilant in preparing for and responding to disasters, including floods, wildfires, tornadoes, hurricanes, and other disasters. The FY 2018 President’s Budget reflects FEMA’s efficient use of taxpayer dollars to improve the nation’s resilience from disasters. FEMA will prioritize programs that contribute most significantly to its emergency management mission, streamline business processes, harness innovative technologies, and better utilize public and private sector partnerships. The President’s Budget requests $7.4 billion to support disaster resilience, response, and recovery, primarily through the Disaster Relief Fund.

The Budget provides $1.9 billion for FEMA’s grant programs that support State, local, territorial, and tribal governments to improve their security and resilience posture against risks associated with man-made and natural disasters. It represents a continued investment in State and local preparedness while spending taxpayer dollars on programs that make the most difference. The Budget also proposes a 25 percent non-Federal cost-share for those preparedness grants that do not currently have a cost-share requirement. By using a cost-sharing approach, Federal dollars are spent on activities that our non-Federal partners themselves would invest in, providing clear results in priority areas.

In addition to protecting our nation’s financial infrastructure, under the leadership of our new Director Tex Alles, the men and women of the U.S. Secret Service (USSS) protect our nation’s highest elected leaders, visiting foreign dignitaries, facilities, and major events. Using advanced countermeasures, USSS conducts operations to deter, minimize, and decisively respond to identified threats and vulnerabilities. The President’s Budget includes $1.9 billion to support USSS’s missions, including investment in of advanced technologies and task force partnerships to enforce counterfeiting laws, and safeguard the payment and financial systems of the United States from financial and computer-based crimes. The funding also supports 7,150 positions – the highest staffing levels since 2011, and includes Presidential protection in New York and much-needed enhancement of technology used to protect the White House.

In closing, the challenges facing DHS and our nation are considerable. We have outstanding men and women working at DHS who are committed to protecting our homeland and the American people. The President’s FY 2018 Budget request recognizes our current fiscal realities, as well as the serious and evolving threats and dangers our nation faces each day. You have my commitment to work tirelessly to ensure that the men and women of DHS are empowered to do their jobs.

Thank you again for the opportunity to appear before you today and for your continued support of DHS. I remain committed to working with Congress, and look forward to forging a strong and productive relationship to prevent and combat threats to our nation.

I am pleased to answer any questions.

Topics: 
05/24/2017   Forbes Security
The attack in Manchester this week was an atrocity, plain and simple. Fear has naturally followed suit, but the stats show that there's never been a safer time to live in the West - and this should give us all reason to hope for a better future.
05/24/2017   Forbes Security
For the past two years, the Cron gang has been tricking unsuspecting Android users into installing its malware. This week, Russian authorities finally caught up with them.
05/24/2017   Sophos Security
Your daily round-up of some of the other stories in the news
05/24/2017   Sophos Security
The Cron gang's malware was infecting some 3,500 Android devices every day - and siphoning money out of 60 accounts every day
05/24/2017   Department of Homeland Security
Release Date: 
May 24, 2017

For Immediate Release
TSA Public Affairs
Contact: 571-227-2829

WASHINGTON – The Transportation Security Administration is preparing for the start of the summer travel period, typically marked by the Memorial Day holiday weekend and continuing through Labor Day. Record numbers of passengers are expected at airports this summer, with peak travel periods occurring in June and July, including the July 4th weekend. During the busiest days of the summer, TSA will screen more than 2.5 million passengers per day.

Through the TSA Airport Operations Center and in coordination with airport and airline partners, TSA aims to maintain effective and efficient security operations at checkpoints nationwide during the busy travel season. The center tracks daily screening operations, rapidly addresses any issues that arise, and deploys personnel, canine teams and technology where needed. This summer, 50 more passenger canine teams will be in use compared to last summer, and 2,000 more TSA officers will be working this year compared to last year.

“As we approach the summer break, securing the travel of millions of passengers daily remains our top priority,” said TSA Acting Administrator Huban A. Gowadia. “It is well known that terrorists continue to focus on aviation, which is why TSA continues to focus on providing robust security screening. TSA takes many security measures, seen and unseen, while working closely with industry partners such as airlines and airports to enhance the traveling experience and ensure every passenger arrives to their destination safely.”

“TSA is tasked with a complex, critical security mission that can only be accomplished through close collaboration with stakeholders and partners. We will not compromise our security mission of protecting air travelers as we face an evolving threat by a determined enemy,” she said.

Additionally, TSA continues to team up with vendors and airlines, for instance, to develop and deploy innovative technologies at airports. Automated screening lanes offer several features designed to improve the screening of travelers this summer by allowing travelers to move more swiftly and efficiently through checkpoints. Fifty automated screening lanes are currently in operation at Newark Liberty International Airport, Chicago O’Hare International Airport, John F. Kennedy International Airport, Los Angeles International Airport and Hartsfield–Jackson Atlanta International Airport, and more are expected to become operational in the coming months. These lanes are state-of-the-art in advancing security effectiveness, increasing efficiency, and improving the passenger experience.

With the increased volume during summer travel, delays at the airport may occur. Travelers can enhance their travel experience through the airport by arriving early. Passengers should expect that there may be delays for traffic, parking, rental car returns and airline check-in. Preparedness can have a significant impact on efficiency at security checkpoints nationwide, so travelers should arrive up to two hours in advance of their flight departure time for domestic travel and three hours for international flights when flying out of the nation’s busiest airports.

Some helpful tools and travel tips for the airport security checkpoint include:

  • Apply for TSA Pre® or other trusted travel programs like Global Entry, NEXUS, or SENTRI. These programs help improve security and provide a more convenient travel experience by affording travelers access to TSA Pre®expedited screening lanes. Travelers using the TSA Pre® lane do not need to remove shoes, laptops, liquids, belts and light jackets at more than 180 U.S. airports. To find the program that best suits your travel needs, use the DHS trusted traveler comparison tool.
  • Tweet or Message AskTSA. Issues receiving TSA Pre® on your boarding pass? Unsure if an item is allowed through security? Get live assistance by tweeting your questions and comments to @AskTSA or via Facebook Messenger on weekdays from 8 a.m. to 10 p.m. and on weekends/holidays from 9 a.m. to 7 p.m. You can also reach the Contact Center at 866-289-9673.
  • Prepare for security. Avoid over packing your carry-on bag and consider checking bags when feasible. Remember to have a valid ID and boarding pass readily available. If you are traveling abroad, be aware of the recent changes to international travel carry-on items. Also read the FAQ or fact sheet about upcoming REAL ID requirements.
  • Follow the liquids rule. Liquids, gels, aerosols, creams and pastes must be 3.4 ounces or less and all containers must fit inside a single quart-size plastic bag and be placed in a bin for carry-on baggage screening. This includes sun block and tanning lotions.
  • Call TSA Cares. Travelers or families of passengers with disabilities and/or medical conditions may call the TSA Cares helpline toll free at 855-787-2227 at least 72 hours prior to flying with any questions about screening policies, procedures and to find out what to expect at the security checkpoint as well as arrange for assistance at the checkpoint. 

As a reminder, public awareness is key for supporting TSA’s security efforts. Travelers are encouraged to report suspicious activities, and remember, If You See Something, Say Something™. For individuals traveling abroad, please check the U.S. Customs and Border Protection Know Before You Go page to learn about required documentation. 

For further information about TSA procedures and other trusted traveler programs, read the frequently asked questions, watch TSA’s travel tips videos and visit DHS's new Trusted Traveler Comparison Tool.

###
05/24/2017   Sophos Security
Cloud backup for the password manager's Authenticator certainly reduces the hassle for users - but it's a security compromise
05/24/2017   Trend Micro Security
Email isn't as safe as you think it is.Ransomware has gained global attention over the course of the last two weeks due to the huge spread of WannaCry. Following the initial attacks, we’ve seen UIWIX, Adylkuzz and now EternalRocks come onto the scene leveraging the same core set of vulnerabilities. The common thread between the three threats is MS17-010 along with other tools...
05/24/2017   Sophos Latest Virus Alerts
05/24/2017   Sophos Latest Virus Alerts
05/24/2017   Sophos Latest Virus Alerts
05/24/2017   Sophos Latest Virus Alerts
05/24/2017   Sophos Latest Virus Alerts
News, Infocus, Columns, Vulnerabilities, Bugtraq ...
05/24/2017   Sophos Latest Virus Alerts
05/24/2017   Sophos Latest Virus Alerts
05/24/2017   Sophos Latest Virus Alerts
05/24/2017   Sophos Latest Virus Alerts
05/24/2017   Sophos Latest Virus Alerts
05/23/2017   Department of Homeland Security
Release Date: 
May 24, 2017

2358-A Rayburn House Office Building

Chairman Carter, Ranking Member Roybal-Allard, and distinguished Members of the Subcommittee:

It is a great honor and privilege to appear before you today to discuss the Department of Homeland Security’s (DHS) crucial missions of protecting the homeland and securing our borders.

The men and women of DHS are exceptional and dedicated professionals who work tirelessly in support of our mission to safeguard the American people, our homeland, and our values with honor and integrity. I am pleased to appear before you to present the President’s Fiscal Year (FY) 2018 Budget request for the Department of Homeland Security.

The President’s Budget puts America first, and builds on DHS’s accomplishments over the past 14 years. It makes critical investments in people, technology, and infrastructure for border security and the enforcement of our immigration laws. It advances cybersecurity programs, strengthens our biometric identification programs, promotes the expansion of E-Verify, and supports our new Victims of Immigration Crime Engagement (VOICE) Office. The Budget also sustains the U.S. Coast Guard (USCG), our nation’s fifth service, to continue its important mission of ensuring maritime safety, security, and stewardship.

DHS is committed to the rule of law. Our men and women take an oath to defend the Constitution of the United States and uphold the laws of this great country against all enemies— foreign and domestic—and we get it done. We face diverse challenges and adversaries that do not respect the rule of law, or our borders. Our government must remain vigilant in detecting and preventing terrorist threats, including threats we face from “lone offenders,” who may be living in our communities and who are inspired by radical, violent ideology to do harm to Americans. I remain committed to tirelessly protect our country from threats, secure our borders, and enforce our laws—all while facilitating lawful trade and travel, and balancing the security of our nation with the protection of privacy, civil rights, and civil liberties.

The President’s FY 2018 Budget requests $44.1 billion in net discretionary funding for the Department of Homeland Security. The President’s Budget also requests $7.4 billion to finance the cost of emergencies and major disasters in the Federal Emergency Management Agency’s (FEMA’s) Disaster Relief Fund.

In order to ensure we are stretching every one of these dollars, we are striving to further improve information sharing, collaboration, and transparency, all of which are essential to leveraging the full value of every dollar DHS receives. We are expanding our cooperation with State, local, tribal, territorial, and regional partner nations, particularly Canada and Mexico. These partnerships are critical to identifying, monitoring, and countering threats to U.S. national security and regional stability.

I am also working to improve transparency and information sharing across the DHS enterprise to build efficiencies into our intelligence processes. An example of this is my ongoing support of DHS’s Joint Task Forces, which link the authorities and capabilities of multiple DHS components in a unified approach that addresses emerging and priority threats to our nation. The magnitude, scope, and complexity of the challenges we face— including illegal immigration, transnational crime, human smuggling and trafficking, and terrorism—demand an integrated counter-network approach.

Border security is a high priority, and involves protecting 7,000 miles of land border, approximately 95,000 miles of shoreline, and 328 ports of entry along with staffing numerous locations abroad. We appreciate the support Congress has provided to improve security at our borders and ports of entry. With that support, we have made great progress, but more work must be done.

The President’s Budget requests $1.6 billion for 32 miles of new border wall construction, 28 miles of levee wall along the Rio Grande, where apprehensions are the highest along the Southwest Border, and 14 miles of new border wall system that will replace existing secondary fence in the San Diego Sector, where a border wall system will deny access to drug trafficking organizations. The Budget also requests $976 million for high-priority tactical infrastructure and border security technology improvements for U.S. Customs and Border Protection (CBP). Under the President’s Executive Order No. 13767, Border Security and Immigration Enforcement Improvements, CBP is conducting risk assessments to the needs of frontline officers and agents that will be used to tailor an acquisition strategy going forward.

While technology, equipment, and physical barriers certainly help secure our borders, we also must have more boots on the ground. I remain committed to hiring and training new Border Patrol agents and commensurate support personnel as supported by the President’s Budget and Executive Order No. 13767. Let me be clear, we will maintain our standards, yet we will streamline hiring processes. This includes initiatives like waiving polygraph testing requirements for qualified Federal, State, and local law enforcement officers, as well as members of the Armed Forces, veterans, and members of the Reserves or the National Guard, as contemplated by legislation now pending before the Congress. On a broader scale, my Deputy Secretary, Elaine Duke, and I are working hard across DHS to attract, retain, and enhance career opportunities for our workforce.

Effective border security must be augmented by vigorous interior enforcement and the administration of our immigration laws in a manner that serves the national interest. As with any sovereign nation, we have a fundamental right and obligation to enforce our immigration laws in the interior of the United States—particularly against criminal aliens. We must have additional U.S. Immigration and Customs Enforcement (ICE) Enforcement and Removal Operations (ERO) officers to expand our enforcement efforts. The FY 2018 Budget requests over $7.5 billion in discretionary funding for ICE to support both the expansion of transnational criminal investigatory capacity within Homeland Security Investigations (HSI) as well as ERO’s expanded targeted enforcement activities, including increases for more than 51,000 detention beds to accommodate expected increases in interior arrests of criminal and fugitive aliens, associated transportation and removal costs, and an estimated 79,000 participants in ICE’s Alternatives to Detention Program contract. Included in the request is $185.9 million to hire more than 1,600 additional ICE ERO officers, HSI agents, and support personnel.

Detaining illegal aliens, and deporting them to their countries of origin, does not address the needs of members of our public who have been the targets of their crimes. For this reason, the Budget also requests an additional $1 million to enhance the current operations of DHS’s new VOICE Office, which supports victims of crimes committed by criminal aliens. As I have noted before, all crime is terrible, but these victims are unique because they are casualties of crimes that should never have taken place. The people who victimized them should not have been in this country in the first place.

To protect the American people, we must continue to improve our identification verification and vetting processes.

E-Verify is currently a voluntary program administered by U.S. Citizenship and Immigration Services that deserves more of our attention. Through E-Verify, our nation’s employers verify the employment eligibility of their employees after they are hired, which in turn helps protect American workers from unfair competition. The President’s Budget requests $131.5 million for E-Verify operations, which includes an additional $15.2 million for expansion of the program to support the mandatory use of E-Verify nationwide within three years—should Congress provide the authority to do so. We appreciate the continued support of Congress for this program.

Biometrics is another critical DHS identification and verification initiative, and I am committed to the pursuit of robust capabilities in this area. The Budget requests $354 million to support biometric initiatives. We continue to make progress on the Biometric Entry-Exit System, with the goal of making air travel more secure, convenient, and easier.

The threat to aviation security remains high, and criminals and terrorists continue to target airlines and airports. We must continue to improve how we screen the belongings of travelers and cargo. We are in the business of protecting lives, and improved screening technologies coupled with additional Transportation Security Administration (TSA) Officers working security functions at the checkpoints, will help us deter, detect, disrupt, and prevent threats to aviation security. DHS continues to prioritize explosives screening, threat assessments, and detection capabilities, and the President’s Budget includes $77.0 million for research and development in this area. The Budget also includes $277.2 million for checked baggage screening and explosives detection equipment.

Currently, TSA Officers screen more than two million passengers and their belongings each day, and this number is growing. Additional TSA Officers must be deployed to airport checkpoints to meet the increasing volume of travelers. The President’s Budget offers a sound, two-part approach to meeting this challenge. First, the Budget proposes a much-needed increase in TSA passenger fees—only one dollar, changing the fee from $5.60 to $6.60, for each one-way trip. While Congress previously denied this increase, Congress must act now in order for TSA to continue to meet its mission to protect our nation from ever evolving security threats.

Second, the Budget proposes that TSA cease staffing airport exit lanes, which will enable placement of an additional 629 TSA Officers at the checkpoints. This solution reflects risk-based analysis; TSA Officers are specially trained to ensure no metallic or non-metallic threat items make it onboard planes. Their security screening skills and expertise are not being put to good use while staffing airport exit lanes, and this is a waste of taxpayer dollars.

The President also requests $8.4 billion in operating expenses and recapitalization costs for USCG to promote maritime safety and security. Increases to Coast Guard’s operating budget will ensure the agency keeps parity with the pay and benefits increases provided to the other armed services. Additionally, the Budget funds the crewing and maintenance requirements for all new ships and aircraft scheduled for delivery in 2018. Within the $1.2 billion request for Coast Guard’s acquisition programs, $500 million is provided to contract for the Coast Guard’s first Offshore Patrol Cutter and long lead time material for the second OPC.

In addition to our physical security and protection activities, we must continue efforts to address the growing cyber threat, illustrated by the real, pervasive, and ongoing series of attacks on public and private infrastructure and networks. The FY 2018 Budget includes approximately $971.3 million for the National Protection and Programs Directorate’s cybersecurity activities, including $397 million for continued deployment and enhancements for EINSTEIN, which enables DHS to detect and prevent malicious traffic from harming Federal civilian government networks. It also provides $279 million for our Continuous Diagnostics and Mitigation Program to provide hardware, software, and services to strengthen the security of Federal civilian “.gov” networks.

DHS also must be vigilant in preparing for and responding to disasters, including floods, wildfires, tornadoes, hurricanes, and other disasters. The FY 2018 President’s Budget reflects FEMA’s efficient use of taxpayer dollars to improve the nation’s resilience from disasters. FEMA will prioritize programs that contribute most significantly to its emergency management mission, streamline business processes, harness innovative technologies, and better utilize public and private sector partnerships. The President’s Budget requests $7.4 billion to support disaster resilience, response, and recovery, primarily through the Disaster Relief Fund.

The Budget provides $1.9 billion for FEMA’s grant programs that support State, local, territorial, and tribal governments to improve their security and resilience posture against risks associated with man-made and natural disasters. It represents a continued investment in State and local preparedness while spending taxpayer dollars on programs that make the most difference. The Budget also proposes a 25 percent non-Federal cost-share for those preparedness grants that do not currently have a cost-share requirement. By using a cost-sharing approach, Federal dollars are spent on activities that our non-Federal partners themselves would invest in, providing clear results in priority areas.

In addition to protecting our nation’s financial infrastructure, under the leadership of our new Director Tex Alles, the men and women of the U.S. Secret Service (USSS) protect our nation’s highest elected leaders, visiting foreign dignitaries, facilities, and major events. Using advanced countermeasures, USSS conducts operations to deter, minimize, and decisively respond to identified threats and vulnerabilities. The President’s Budget includes $1.9 billion to support USSS’s missions, including investment in of advanced technologies and task force partnerships to enforce counterfeiting laws, and safeguard the payment and financial systems of the United States from financial and computer-based crimes. The funding also supports 7,150 positions – the highest staffing levels since 2011, and includes Presidential protection in New York and much-needed enhancement of technology used to protect the White House.

In closing, the challenges facing DHS and our nation are considerable. We have outstanding men and women working at DHS who are committed to protecting our homeland and the American people. The President’s FY 2018 Budget request recognizes our current fiscal realities, as well as the serious and evolving threats and dangers our nation faces each day. You have my commitment to work tirelessly to ensure that the men and women of DHS are empowered to do their jobs.

Thank you again for the opportunity to appear before you today and for your continued support of DHS. I remain committed to working with Congress, and look forward to forging a strong and productive relationship to prevent and combat threats to our nation.

I am pleased to answer any questions.

Topics: 
05/23/2017   Forbes Security
China has revised its endgame from pressuring Japan to cede control of the Senkaku Islands. Now it wants to keep up pressure on Japan for a patriotic home audience and someday win a minor concession.
05/23/2017   Forbes Security
Facebook's recent issues around moderation begs an important question - how long can a platform that reaches over two billion people continue without some form of collaboration, oversight or regulation?
05/23/2017   Department of Homeland Security
Release Date: 
May 23, 2017

For Immediate Release
Office of the Press Secretary
Contact: 202-282-8010

WASHINGTON—The president’s fiscal year (FY) 2018 budget proposal was delivered to Congress today, requesting $44.1 billion in discretionary budget authority for the Department of Homeland Security (DHS), a $2.8 billion, or 6.7 percent, increase over the FY 2017 annualized Continuing Resolution.

The budget funds the administration’s priorities and includes $4.5 billion for DHS to implement Executive Orders that strengthen border security, enhance enforcement of immigration laws, and ensure public safety in communities across the United States.

“The president’s budget prioritizes funding for programs that address our nation’s immediate security needs, and it supports the dedicated men and women of this Department as they execute DHS’s wide-ranging and critical missions,” said Secretary of Homeland Security John Kelly.

The budget supports increased staffing for surging apprehension, enforcement, and deportation activities in the full enforcement of our immigration laws. It provides $2.7 billion for multi-layered border security, including targeted construction of a wall along the highest-risk areas of the southern border as well as increased staffing and the technology and equipment needed by our workforce on the frontlines. In support of increased enforcement initiatives, the budget provides approximately $1.7 billion for additional law enforcement and support staff, detention beds, transportation and removal costs, and the Alternatives to Detention program. The budget also provides $354 million to support biometric initiatives to help accurately identify those individuals entering and leaving the United States and supports expansion of the E-Verify program. To secure our maritime borders and approaches, the budget sustains current funding levels for the U.S. Coast Guard, including $500 million in funding for the Coast Guard’s first Offshore Patrol Cutter.

As exemplified by the world-wide ransomware attack earlier this month, cybersecurity remains a critical mission for DHS and the budget provides $971 million in funding for both ongoing and new cybersecurity initiatives. The budget also makes key investments in explosives detection research and developments to enhance aviation security.

For more information, see the DHS FY 2018 Budget in Brief.

 

###

05/23/2017   Forbes Security
Samsung's S8 iris scanner has been compromised with three very simple and inexpensive steps according to a group that has also circumvented Apple's TouchID
05/23/2017   Wired Security
The Silk Road Creator’s Life Sentence Actually Boosted Dark Web Drug Sales
A new study raises questions about the deterrence value of harsh sentencing for dark web crimes. The post The Silk Road Creator’s Life Sentence Actually Boosted Dark Web Drug Sales appeared first on WIRED.
05/23/2017   Forbes Security
Record number of national security orders made to Apple in the second half of 2016.
05/23/2017   Forbes Security
With the ever-growing influx of data and cybercriminals constantly updating their nefarious tactics, cybersecurity is an area where AI can truly shine.
05/23/2017   Forbes Security
National Geographic’s “Breakthrough” series exposes how little we people in the developed world know about the technologies we use every day and how those technologies can compromise us.
05/23/2017   Forbes Security
Windows PCs and smart TVs are open to attacks via subtitles, warns Check Point.
05/23/2017   Forbes Security
ExtraTorrent, the second largest torrent site, went down a couple days ago. Now it's revived as ExtraTorrent.cd. Is it for real?
05/23/2017   Forbes Security
George Kurtz co-founded security product and security company CrowdStrike five years ago. The company, which leverages a cloud based solution powered by artificial intelligence.
05/23/2017   Forbes Security
The evidence North Korea was behind the biggest ransomware attack ever can't be ignored, say experts.
05/22/2017   Department of Homeland Security
05/22/2017   Department of Homeland Security
05/22/2017   Department of Homeland Security
Release Date: 
May 22, 2017

For Immediate Release
Office of the Press Secretary
Contact: 202-282-8010

The Department of Homeland Security is closely monitoring the situation at Manchester Arena in the United Kingdom.  We are working with our foreign counterparts to obtain additional information about the cause of the reported explosion as well as the extent of injuries and fatalities.

U.S. citizens in the area should heed direction from local authorities and maintain security awareness.  We encourage any affected U.S. citizens who need assistance to contact the U.S. Embassy in London and follow Department of State guidance.

At this time, we have no information to indicate a specific credible threat involving music venues in the United States. However, the public may experience increased security in and around public places and events as officials take additional precautions.

We stand ready to assist our friends and allies in the U.K. in all ways necessary as they investigate and recover from this incident.

Our thoughts and prayers are with those affected by this incident.

Topics: 
Keywords: 
05/22/2017   Trend Micro Security
Smart systems are under attack, and the organizations that run and support this technology must take the proper steps for protection.Smart systems are under attack, and the organizations that run and support this technology must take the proper steps for protection.
05/22/2017   Department of Homeland Security
Release Date: 
May 22, 2017

For Immediate Release
Office of the Press Secretary
Contact: 202-282-8010

WASHINGTON—Secretary of Homeland Security John F. Kelly today announced his decision to extend—for an additional six months—the Temporary Protected Status (TPS) designation for Haiti.  This extension is effective July 23, 2017 through January 22, 2018.

“After careful review of the current conditions in Haiti and conversations with the Haitian government, I have decided to extend the designation of Haiti for Temporary Protected Status for a limited period of six-months,” said Secretary Kelly. “Haiti has made progress across several fronts since the devastating earthquake in 2010, and I’m proud of the role the United States has played during this time in helping our Haitian friends. The Haitian economy continues to recover and grow, and 96 percent of people displaced by the earthquake and living in internally displaced person camps have left those camps. Even more encouraging is that over 98 percent of these camps have closed. Also indicative of Haiti’s success in recovering from the earthquake seven years ago is the Haitian government’s stated plans to rebuild the Haitian President’s residence at the National Palace in Port-au-Prince, and the withdrawal of the United Nations Stabilization Mission in Haiti.”

Secretary Kelly was particularly encouraged by representations made to him directly by the Haitian government regarding their desire to welcome the safe repatriation of Haitian TPS recipients in the near future. “This six-month extension should allow Haitian TPS recipients living in the United States time to attain travel documents and make other necessary arrangements for their ultimate departure from the United States, and should also provide the Haitian government with the time it needs to prepare for the future repatriation of all current TPS recipients. We plan to continue to work closely with the Haitian government, including assisting the government in proactively providing travel documents for its citizens.”

Prior to the expiration of this limited six-month period, Secretary Kelly will re-evaluate the designation for Haiti and decide anew whether extension, re-designation, or termination is warranted. The Department of Homeland Security urges Haitian TPS recipients who do not have another immigration status to use the time before Jan. 22, 2018 to prepare for and arrange their departure from the United States—including proactively seeking travel documentation—or to apply for other immigration benefits for which they may be eligible. “I believe there are indications that Haiti – if its recovery from the 2010 earthquake continues at pace - may not warrant further TPS extension past January 2018. TPS as enacted in law is inherently temporary in nature, and beneficiaries should plan accordingly that this status may finally end after the extension announced today.”

Further details about this extension of TPS for Haiti, including the application requirements and procedures, will appear in a Federal Register notice later this week.

# # #

Keywords: 
05/22/2017   InfoWorld Security

We’re hearing more and more about chatbots in the enterprise starting to gain adoption as customer service agents these days. There are two major approaches to chatbots prevalently discussed in AI circles:

  • Generative models, or “open context” frameworks, which try to learn responses and assemble them together based on their learnings;
  • Retrieval-based models, or closed “template-based” systems, which work based on templates of conversations, or confined responses. Most customer server chatbots today work this way, as do most early personal assistants bots like Siri.

As both types of bots grow in sophistication, here are four predictions:

To read this article in full or to leave a comment, please click here

05/22/2017   Forbes Security
Companies that consider themselves as potential disruptors see blockchain as a way to carry out that disruption.
05/22/2017   Department of Homeland Security
Release Date: 
May 22, 2017

For Immediate Release
Office of the Press Secretary
Contact: 202-282-8010

WASHINGTON—U.S. Department of Homeland Security (DHS) released today the Fiscal Year (FY) 2016 Entry/Exit Overstay Report. The report provides data on departures and overstays, by country, for foreign visitors to the United States who entered as nonimmigrant visitors through an air or sea Port of Entry (POE) and were expected to depart in FY16.

The in-scope population for this report includes temporary workers and families (temporary workers and trainees, intracompany transferees, treaty traders and investors, representatives of foreign information media), students, exchange visitors, temporary visitors for pleasure, temporary visitors for business, and other nonimmigrant classes of admission. This population accounts for 96.02 percent of all nonimmigrant admissions at U.S. air and sea POEs in FY16.

Importantly, the report does not cover all foreign visitors to the United States—such as those who enter the United States through a vehicular or land POE. Nor does the report provide the total estimated in-country overstay population currently in the United States. Rather, it provides data on overstays in a snapshot of time—those foreign visitors who were expected to depart in FY16, and those who did not do so.

The report specifies that U.S. Customs and Border Protection (CBP) processed 50,437,278 in-scope nonimmigrant admissions at U.S. air and sea POEs who were expected to depart in FY16—of which 739,478 overstayed their admission, resulting in a total overstay rate of 1.47 percent. Of the more than 739,000 overstays, DHS determined 628,799 were suspected “in-country” overstays, resulting in a suspected in-country overstay rate of 1.25 percent. An individual who is a suspected in-country overstay has no recorded departure, while an out-of-country overstay has a recorded departure that occurred after their lawful admission period expired.

To protect the American people from those who seek to do us harm, and to ensure the integrity of the immigration system, ICE has recently increased overstay enforcement operations. Each year, ICE’s Homeland Security Investigations special agents systematically review approximately one million records of individuals who violate the terms of their visas or the visa waiver program, prioritizing leads that pose national security or public safety threats.

Out of the total population, of the more than 21.6 million Visa Waiver Program (VWP) visitors expected to depart the United States in FY16, 147,282 overstayed the terms of their admission, with 128,806 suspected in-country overstays (a .60 percent suspected in-country overstay rate for VWP travelers). Of the more than 13.8 million non-VWP visitors—excluding Canada and Mexico—expected to depart the United States in FY16, 287,107 overstayed the terms of their admission, with 263,470 suspected in-country overstays. This resulted in a 1.90 percent suspected in-country overstay rate.

For Mexico, the FY16 suspected in-country overstay rate is 1.52 percent of 3,079,524 expected departures. Consistent with the methodology for other countries, this represents only travel through air and sea POEs and does not include data on land border crossings. For Canada, the FY16 suspected in-country overstay rate is 1.33 percent of 9,008,496 expected departures.

This year’s report also includes visitors who entered on a student or exchange visitor visa (F, M, or J visa). Of the 1,457,556 students and exchange visitors scheduled to complete their program in the United States in FY16, 79,818 stayed beyond their authorized window for departure, resulting in a 5.48 percent overstay rate. Of the 79,818, 40,949 are suspected in-country overstays (2.81 percent).

DHS conducts the overstay identification process by examining arrival, departure and immigration status information, which is consolidated to generate a complete picture of an individual’s travel to the United States. Due to continuing departures and adjustments in status, by January 10, 2017, the number of suspected in-country overstays for FY16 decreased to 544,676, resulting in a suspected in-country overstay rate of 1.07 percent.

DHS anticipates that these numbers will shift over time as additional information is reported. Specifically, the overall suspected in-country overstay rate will continue to decline as the number of individuals who have departed or transitioned to another immigration status after their initial period of authorized admission ended grows.

DHS continues to improve its data collection, both biographic and biometric, on travelers departing the United States. CBP has identified a feasible biometric exit solution based upon the successful pilot deployed in June 2016, at Hartsfield-Jackson International Airport in Atlanta. As part of the pilot, CBP partnered with an airline to biometrically confirm the identity of departing travelers using facial recognition. To continue biometric exit implementation, CBP will expand the deployment of this technology to seven additional airports in the coming months. DHS is committed to the development and deployment of a comprehensive biometric exit system—as directed by President Trump in Executive Order 13780, Protecting the Nation from Foreign Terrorist Entry in the United States, and as required by law.

Read the full FY16 Entry/Exit Overstay Report here.

 

# # #

05/22/2017   Forbes Security
Christian Slater stars in The Wolf, a web short that takes a look at the vulnerabilty of hacking through a printer in corporate America.
05/19/2017   Wired Security
Hackers Are Trying to Reignite WannaCry With Nonstop Botnet Attacks
The "sinkhole" domain that's held the ransomware in check is coming under repeated denial-of-service attacks. The post Hackers Are Trying to Reignite WannaCry With Nonstop Botnet Attacks appeared first on WIRED.
05/19/2017   Wired Security
Sweden Drops Assange’s Rape Case—But He’s Not Walking Free
The Swedish decision only brings into focus Assange's core conflict with the US government. The post Sweden Drops Assange's Rape Case---But He's Not Walking Free appeared first on WIRED.
05/19/2017   Trend Micro Security
Welcome to our weekly roundup, where we share what you need to know about the cybersecurity news and events that happened over the past few days. Below you’ll find a quick recap of topics followed by links to news articles and/or our blog posts providing additional insight. Be sure to check back each Friday for...
05/19/2017   Trend Micro Security
“Are you crying? ARE YOU CRYING? There’s no crying! THERE’S NO CRYING IN BASEBALL!” Those famous words from Jimmy Dugan (portrayed by Tom Hanks) in the 1992 movie A League of their Own, ring true in the world of baseball. Unfortunately, in the cyber security world, there has been some crying this week with the...
05/18/2017   Wired Security
A WannaCry Flaw Could Help Some Victims Get Files Back
A French researcher says he's found a tool that could help some fraction of victims running that older Windows version. Just don't reboot! The post A WannaCry Flaw Could Help Some Victims Get Files Back appeared first on WIRED.
05/18/2017   InfoWorld Security

NordVPN gives you a private and fast path through the public Internet. All of your data is protected every step of the way using revolutionary 2048-bit SSL encryption even a supercomputer can’t crack. Access Hulu, Netflix, BBC, ITV, Sky, RaiTV and much more from anywhere in the world. Unmetered access for 6 simultaneous devices. You're sure to find dozens of good uses for a VPN. Take advantage of the current 72% off deal that makes all of this available to you for just $3.29/month (access deal here). This is a special deal available for a limited time.

To read this article in full or to leave a comment, please click here

05/18/2017   InfoWorld Security

Panda security solutions will fully protect you against the newly released malware and ransomware attacks, and Panda is offering 55% off all security products for home users using the coupon code ANTIRANSOMWARE at checkout. See Panda's Internet Security product here, or their Antivirus Pro product here, and enter the code at checkout to activate the 55% savings. This code will work for all Panda Security products for home users. 

To read this article in full or to leave a comment, please click here

05/18/2017   Trend Micro Security
May 12, 2017 saw the world’s first ever worm-based ransomware attack, WannaCry. Typically ransomware spreads via email as spam and phishing attacks, and relies on human intervention to initiate the infection. However, WannaCry is different in that it combines ransomware with a recently published vulnerability that was stolen from the NSA by The Shadow Brokers...
05/17/2017   Trend Micro Security
Recently, brand new open source ransomware samples were discovered that demonstrate specific characteristics showing that the enterprise community is more of a target than ever.If the past few days of WannaCry ransomware activity have taught us anything it’s that cybercriminals pose a clear and present danger to organizations and their customers all over the world. But have you ever wondered exactly what the bad guys are after when they launch their online attacks at your own PC or mobile...
05/17/2017   InfoWorld Security

Will Linux protect you from ransomware attacks?

Ransomware attacks are all the rage these days among hackers, and many people are worried about becoming victims. Are Linux users secure against such attacks?

This topic came up recently in a thread on the Linux subreddit, and the folks there had some interesting thoughts to share about Linux and ransomware attacks.

Rytuklis started the thread with this post:

I am sure you guys heard the news about that huge hacker attack that locks peoples personal fines and demands ransom. Is Linux secure enough to protect against such attacks?

I thought I was safe on Windows in Lithuania where such attacks are very rare but saw this hack also hit Lithuania pretty hard too, so it makes me contemplate Linux again.

To read this article in full or to leave a comment, please click here

05/16/2017   InfoWorld Security

Late last night, someone claiming to represent Shadow Brokers—the people responsible for releasing stolen NSA hacking tools—posted a new message on the Steemit website. In a hard-to-fathom rant, the group makes several claims and also threatens to release even more damaging material.

I've loosely quoted Shadow Brokers' post below, editing their statement heavily for clarity. Any translation errors are mine. Note that The Equation Group is a well-established “persistent threat” organization, widely thought to be tied to the NSA. 

To read this article in full or to leave a comment, please click here

05/16/2017   InfoWorld Security

Digital signature service DocuSign said Monday that an unnamed third-party had got access to email addresses of its users after hacking into its systems.

The hackers gained temporary access to a peripheral sub-system for communicating service-related announcements to users through email, the company said. It confirmed after what it described as a complete forensic analysis that only email addresses were accessed, and not other details such as names, physical addresses, passwords, social security numbers, credit card data, or other information.

“No content or any customer documents sent through DocuSign’s eSignature system was accessed; and DocuSign’s core eSignature service, envelopes, and customer documents and data remain secure,” DocuSign said in a post.

To read this article in full or to leave a comment, please click here

05/16/2017   InfoWorld Security

As more groups get into the denial-of-service attack business they're starting to get in each other's way, according to a report released this morning.

That translates into a smaller average attack size, said Martin McKeay, senior security advocate at Cambridge, Mass.-based Akamai Technologies.

There are only so many devices around that have the kind of vulnerabilities that make them potential targets for a botnet. "And other people can come in and take over the device, and take those resources to feed their own botnet," he said. "I'm seeing that over and over."

To read this article in full or to leave a comment, please click here

05/16/2017   InfoWorld Security

More and more, information security seems to be about finding someone to blame for the latest crisis. The blame game was in full gear within hours of the WannaCry ransomware outbreak, and even after a few days there’s still a lot of anger to go around. People want heads to roll, but that won’t help contain the current damage or spur improvements to minimize the impact of future attacks.

The WannaCry ransomware successfully infected so many machines because it crafted the malware to use multiple infection vectors, including traditional phishing, remote desktop protocol (RDP), and a vulnerability in the SMB protocol. It took advantage of the fact that people don’t always recognize phishing links, and that many systems aren’t running the latest versions of applications or the operating system.

To read this article in full or to leave a comment, please click here

05/16/2017   InfoWorld Security

At last count, more than 200,000 victims in 150 countries have been hit with the weaponized WannaCry ransomware worm. In the United Kingdom, the National Health Service was hit hard by the worm, potentially threatening patients’ lives.

Haven’t we had enough? It’s time to stop pretending that lukewarm, poorly executed security measures are really doing something about the problem. Good computer security solutions exist that will absolutely diminish cybercrime. We just have to recognize and apply them.

We should already have been doing this for decades, but the criticality of the internet and the coming IoT era make the need for stronger solutions more urgent than ever. As Bruce Schneier says in my recently released book, “Hacking the Hacker,, IoT represents a tectonic shift in security:

To read this article in full or to leave a comment, please click here

05/15/2017   Wired Security
The WannaCry Ransomware Has a Link to Suspected North Korean Hackers
A Google researcher has identified a telltale chunk of code shared between the ransomware and malware used by suspected DPRK hackers. The post The WannaCry Ransomware Has a Link to Suspected North Korean Hackers appeared first on WIRED.
05/15/2017   Wired Security
The WannaCry Ransomware Hackers Made Some Real Amateur Mistakes
Researchers say the worst ransomware epidemic ever is also poorly run, shoddily coded, and barely profitable. The post The WannaCry Ransomware Hackers Made Some Real Amateur Mistakes appeared first on WIRED.
05/15/2017   Trend Micro Security
At the Zero Day Initiative (ZDI), we see patches in a way few do. We get the initial report from a researcher, we verify the issue internally, we notify the vendor, and finally we publish some details once a patch is released. Those patches represent the best method for preventing cyber attacks. Recently, an issue...
05/15/2017   InfoWorld Security

The worm called WannaCry (aka WannaCrypt, WannaCry0r, WanaCry, and WCry) dominated tech headlines through the weekend. According to Europol, quoted in the New York Times, WannaCry infected  200,000 computers in more than 150 countries, tied the UK health service in knots, knocked out the Spanish phone company, troubled train travelers in Germany, and took big swipes out of FedEx, Renault, a reported 29,000 Chinese institutions, and networks all over Russia—including the Russian Interior Ministry.

To read this article in full or to leave a comment, please click here

05/15/2017   Trend Micro Security
Last week, The White House released its long awaited Executive Order (EO), Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure, ironically enough during the same week we experienced the largest single ransomware attack that, by some estimates, has affected more than 200,000 victims across 150 countries. My intentions were to highlight the EO in...
05/15/2017   InfoWorld Security

Microsoft on Sunday said a software vulnerability stolen from the U.S. National Security Agency has affected customers around the world, and described the spread of the WannaCrypt ransomware on Friday in many countries as yet another example of the problems caused by the stockpiling of vulnerabilities by governments.

Referring to the attack as a “wake-up call,” Microsoft’s President and Chief Legal Officer, Brad Smith wrote in a blog post that governments have "to consider the damage to civilians that comes from hoarding these vulnerabilities and the use of these exploits."

To read this article in full or to leave a comment, please click here

05/15/2017   InfoWorld Security

The plain truth about security updates is that enterprises will always have a lag time between when patches are released and when they're deployed. Even so, too many organizations are taking too long to test and schedule, and they're paying the price.

As reported earlier, a new ransomware attack called Wanna Decryptor (WannaCry) struck tens of thousands of systems in more than a dozen countries around the world, including hospitals at the United Kingdom's National Health Service, KPMG, Spain's telecommunications company Telefonica, and banks BBVA and Santander. The ransomware has wormlike properties, as it spreads through network file shares, possibly using the vulnerability in the Windows SMB (Server Message Block) protocol (MS17-010) that Microsoft patched in March. The flaw is used by the EternalBlue exploit, which was part of the cache of hacking tools allegedly developed by the NSA and dumped by the Shadow Brokers group.

To read this article in full or to leave a comment, please click here

05/15/2017   InfoWorld Security

As Woody Leonhard explained last week, HP laptops have come with a little added extra ever since Christmas 2015: a keylogger. HP has confirmed to me that the report from Thorsten Schroeder of ModZero is correct and the company has been urgently working on fixes.

The keylogger is built into a device driver supplied to HP by Conexant Systems. It places every single keystroke you make in a log file on the computer. The file is deleted and a new one is started every time you log on to Windows, but if you use an incremental backup system or rarely reboot, there's a good chance that every password, credit card number, personal detail, and regretted communication you ever typed is stored safely waiting for a hacker or subpoena to make it public.

To read this article in full or to leave a comment, please click here

05/14/2017   Wired Security
What Is Ransomware? A Guide to the Global Cyberattack’s Scary Method
Ransomware is malware that locks your keyboard or computer to prevent you from accessing your data until you pay a ransom. The post What Is Ransomware? A Guide to the Global Cyberattack's Scary Method appeared first on WIRED.
05/13/2017   InfoWorld Security
Security, trust, and data integrity
IoT security

Image by Thinkstock

The emergence of the internet of things is altering our personal technology security paradigm and is a game-changer in customer/business interaction, in part due to the wide scope of available data and sheer number of devices collecting this data. McKinsey & Company estimates the IoT ecosystem will generate $6 trillion in value by 2025. Successful IoT offerings rely on the perception of benefit they can deliver to businesses and consumers while creating a proportionate foundation of security, trust, and data integrity. There are important ways that IoT technology can reduce data security risk while improving customer experience in a connected world.

To read this article in full or to leave a comment, please click here

05/13/2017   Trend Micro Malware Top 10
Low
05/13/2017   Trend Micro Malware Top 10
RANSOM_WANA.A