Monthly Archives: April 2016

What govies can learn from this year’s Verizon data breach report

The public sector was the runaway leader in security incidents. That doesn’t mean its security personnel are doing a bad job.

Verizon’s Data Breach Investigations Report looked at over 100,000 security incidents. (Christiaan Colen)

Human error and simple phishing attacks are to blame for more public sector data breaches than sophisticated hackers.

Read More

Qatar National Bank Investigating Data Leak

The Qatar National Bank (QNB) has launched an investigation after someone leaked a large number of files allegedly stolen from the financial institution’s systems as a result of a hacker attack.

The leaked data, currently available from Cryptome and other sources, was first distributed via Twitter using several accounts that tweeted a link to news outlets, journalists and others.

The leaked information, totaling roughly 1.5 Gb in size, consists of more than 15,000 files. The data includes banking information, payment card details, email addresses, passwords, physical addresses, phone numbers, and QNB user profiles.

The user profiles, which in some cases contain photographs, are stored in folders whose names suggest that they are linked to government organizations, including intelligence agencies, in Qatar and other countries. One of the folders includes information on people working at Qatar-based media company Al Jazeera.

Folders found in QNB leak

Security experts who analyzed the data said they believe it originates from QNB systems. Some speculated that the files might have been stolen by an insider.

Read More Securityweek

Gmail For Android Adds Microsoft Exchange Support

Google’s Gmail on Android is now adding support for Microsoft Exchange accounts, fixing one of the email app’s biggest shortcomings for mixing work and personal information.

Google is making it possible for anyone using a work email on Microsoft Exchange to add that account to Gmail, following Microsoft’s release of Outlook for Android in January last year.

The Gmail for Android update now allows support for Microsoft Exchange, and users can download the latest version of the application from Google Play, though the rollout may take a few days to reach all users.

Although some Gmail for Android users already had Exchange support, it was limited to owners of Google Nexus devices, while the update app offers support for all Android-based devices.

“Exchange support was previously only available on our Nexus devices, but as of today, Exchange support covers mail, contacts, and calendar data in Android across all devices,” a Google spokesperson confirmed toVentureBeat on April 25.

(Image: Roma_/iStockphoto)
Read More Informatiomweek

US Drops iPhone Encryption Case After Getting Passcode

The United States government has dropped a case in which it attempted to get Apple to extract information from an iPhone after receiving the passcode to the device.

In February, the FBI convinced a judge to order Apple to create a piece of software that would allow the agency to brute-force the passcode on the iPhone belonging to the San Bernardino shooter. Apple refused to comply, arguing that creating a backdoor to the iPhone puts its customers at risk and creates a dangerous precedent.

In late March, the FBI announced that it managed to break into the San Bernardino attacker’s phone without Apple’s help and the case was dropped. Authorities were reportedly helped by grey hat hackers to crack the phone and FBI director James Comey suggested that theagency paid over $1 million.

Read more Securityweek

DOD ‘leading the way in technological innovation’ with bug bounty

DOD’s aggressive and transparent approach to the first federal bug bounty program has the department set up for success, according to Alex Rice, HackerOne CTO and co-founder.

The Defense Department’s revolutionary bug bounty program, just a week into its monthlong run, is already shaping up to be one of the largest and most transparent that partnering company HackerOne has ever worked on, according to one of the startup’s executives.

There has already been a “healthy amount of activity” in the first week of the “Hack the Pentagon” program, Alex Rice, HackerOne CTO and co-founder, told FedScoop. More than 500 vetted hackers are trying to compromise security vulnerabilities in DOD’s infrastructure.

Read More

Europe’s Web Privacy Rules: Bad for Google, Bad for Everyone

CreditJeff Pachoud/Agence France-Presse — Getty Images

IT’S been a rough few months for Google in Europe. Not only has theEuropean Union hit the company with a second antitrust investigation, but — in a move that has received less press, but could have wider consequences — French regulators have pushed it to restrict search results all over the world to comply with their “right to be forgotten” privacy laws.

Read More Thenewyorktimes

93 Million Mexican Voter Records Leaked Online

Authorities in Mexico have launched an investigation after a researcher discovered a publicly accessible database containing the personal details of tens of millions of Mexican registered voters.

MacKeeper researcher Chris Vickery reported on Friday that he discovered an unprotected database on an AWS server containing 93.4 million records associated with Mexican voters. The records include names, addresses, dates of birth, occupations, voter registration IDs, and other information.

Read More Securityweek

Identity Management: Where Cloud Security Falls Short

A report by the Cloud Security Alliance finds that identity management tools and processes are key to ameliorating the threat of breaches. The report reveals which tools are most popular, and which are underutilized.

Although many enterprises have user access security measures in place, both on-premises and in the cloud, they may not have enough, warned the Cloud Security Alliance in a new report.

The report, Identity Solutions: Security Beyond the Perimeter, was released April 21 and is based on 325 online interviews conducted worldwide by the CSA. The findings revealed “no significant differences in security solutions used” between respondents who reported a breach and those who didn’t, according to the report, which was sponsored by Centrify, maker of identity security tools for the enterprise.

Read More Informationweek