Google And Yahoo Get Blocked
May 24, 2016 by admin
Filed under Around The Net
Comments Off on Google And Yahoo Get Blocked
The IT department of the U.S. House of Representatives is prohibiting access to Yahoo Mail and the Google App Engine platform due to malware threats.
On April 30, the House’s Technology Service Desk informed users about an increase in ransomware-related emails on third-party email services like Yahoo Mail and Gmail.
“The House Information Security Office is taking a number of steps to address this specific attack,” the Technology Service Desk said in an email obtained and published by Gizmodo. “As part of that effort, we will be blocking access to Yahoo Mail on the House Network until further notice.”
The ban on Yahoo Mail access suggests that some House of Representatives workers accessed Yahoo mailboxes from their work computers. This raises questions: Are House workers using Yahoo Mail for official business, and, if they’re not, are they allowed to check their private email accounts on work devices?
If they use the same devices for both personal and work activities, one would hope that there are access controls in place to separate the work and personal data. Otherwise, if they are allowed to take those devices outside of the House’s network, they could just as easily become infected there, where the ban is not in effect.
“The recent attacks have focused on using .js files attached as ZIP files to e-mail that appear to come from known senders,” the House’s Technology Service Desk said. “The primary focus appears to be through Yahoo Mail at this time.”
The increase in ZIP and RAR attachments that contain malicious JavaScript (JS) files has been observed by multiple security companies in recent months. Microsoft offers several recommendations, like using the Windows AppLocker group policy to restrict the execution of .JS files.
The House Information Security Office also banned access to appspot.com, the domain name used by applications hosted on the Google App Engine platform, Reuters reported.
Source- http://www.thegurureview.net/aroundnet-category/u-s-house-of-representatives-block-yahoo-and-google-apps.html
Are Teens Giving The CIA A Headache?
Comments Off on Are Teens Giving The CIA A Headache?
Teenage hackers are making merry with the online world of CIA director of national intelligence James Clapper.
This is the second bout of attacks from the group of technology tearaways, according to Motherboard, which reports on the Clapper problem and its connection to a group known as Crackas With Attitude.
A member of the group, a young chap called Cracka, told Motherboard that access to a range of Clapper accounts had been seized, and that Clapper and the CIA haven’t a clue what’s going on.
“I’m pretty sure they don’t even know they’ve been hacked. You asked why I did it. I just wanted the gov to know people aren’t fucking around, people know what they’re doing and people don’t agree #FreePalestine,” he said.
The claims were supported by the Office of the Director of National Intelligence, which confirmed that something has happened and that the authorities are looking into it.
“We’re aware of the matter and we reported it to the appropriate authorities,” said spokesman Brian Hale, before going mute.
Cracka, representing himself on Twitter as @dickreject, is less quiet. He has tweeted a number of confirmatory and celebratory messages that are not particularly flattering about the CIA and its abilities.
This is the group’s second bite at the CIA cherry. The teenagers walked into the personal email account of CIA director John Brennan last year and had a good look around. Some of the impact of this was washed away when it was discovered that Brennan used an AOL account for his communications.
“A hacker, who describes himself as an American high school student, has breached the CIA boss’s AOL email account and found a host of sensitive government files that one assumes a government official shouldn’t be sending to his personal email address,” said security comment kingpin Graham Cluley at the time.
“I’m not sure what’s more embarrassing. Being hacked or having an AOL email account.”
Courtesy-TheInq
Can Corporations Be Easily Hacked?
Hacking a major corporation is so easy that even an elderly grannie could do it, according to technology industry character John McAfee.
McAfee said that looking at the world’s worst hacks you can see a common pattern – they were not accomplished using the most sophisticated hacking tools.
Writing in IBTImes said that the worst attack was in 2012 attack on Saudi Aramco, one of the world’s largest oil companies. Within hours, nearly 35,000 distinct computer systems had their functionality crippled or destroyed, causing a massive disruption to the world’s oil supply chain. It was made possible by an employee that was fooled into clicking a bogus link sent in an email.
He said 90 per cent of hacking was social engineering, and it is the human elements in your organization that are going to determine how difficult, or how easy, it will be to hack you.
The user is the weakest link in the chain of computing trust, imperfect by nature. And all of the security software and hardware in the world will not keep a door shut if an authorized user can be convinced to open it, he said.
“Experienced hackers don’t concern themselves with firewalls, anti-spyware software, anti-virus software, encryption technology. Instead they want to know whether your management personnel are frequently shuffled; whether your employees are dissatisfied; whether nepotism is tolerated; whether your IT managers have stagnated in their training and self-improvement.”
Muct of this information can be picked up on the dark web and the interernet underground, he added.
“”Are you prepared for a world where grandma or anyone else can quickly obtain, on the wide open web, all of the necessary information for a social engineering hack? Is your organization prepared.
Source- http://www.thegurureview.net/computing-category/can-corporations-be-easily-hacked.html
Was The Hilton Hotel Chain Hacked In April?
Comments Off on Was The Hilton Hotel Chain Hacked In April?
The Hilton organization is reportedly trying to work out whether it has been hacked and, if so, what it should do about it.
We say reportedly as we have not been able to contact Hilton ourselves and can rely only on reports. They are pretty solid reports, however, and they concern a problem at the company that happened between 21 April and 27 July.
Brian Krebs, of KrebsOnSecurity, started this off with a report about a payment card breach. Krebs said that he had heard about the breach from various sources, and that Visa – the card provider – has mailed potentially affected parties with a warning, and the news that it is the fault of a bricks and mortar company.
Visa did not name the company, but affected parties, or banks to be more precise, have uttered it to Krebs. Its name is Hilton.
“Sources at five different banks say they have now determined that the common point-of-purchase for cards included in that alert had only one commonality: they were all were used at Hilton properties, including the company’s flagship Hilton locations as well as Embassy Suites, Doubletree, Hampton Inn and Suites, and the upscale Waldorf Astoria Hotels & Resorts,” he wrote.
“It remains unclear how many Hilton properties may be affected by this apparent breach. Several sources in the financial industry told KrebsOnSecurity that the incident may date back to November 2014, and may still be ongoing.”
Krebs has a statement from the Hilton organisation in which the firm defended its security practices, and revealed that it is aware of the potential problem and is looking into it. This is a common theme among the breached, and should soon become part of mission statements.
“Hilton Worldwide is strongly committed to protecting our customers’ credit card information,” said the company in the statement to Krebs.
“We have many systems in place and work with some of the top experts in the field to address data security. Unfortunately the possibility of fraudulent credit card activity is all too common for every company in today’s marketplace. We take any potential issue very seriously, and we are looking into this matter.”
We have asked Visa and Hilton for their comments.
Source-http://www.thegurureview.net/computing-category/was-the-hilton-hotel-chain-hacked-in-april.html
Hackers Accessed 10M Records At Excellus
September 23, 2015 by admin
Filed under Around The Net
Comments Off on Hackers Accessed 10M Records At Excellus
Hackers have penetrated the IT systems of U.S. health insurer Excellus BlueCross BlueShield and gained access to personal, financial and medical information of more than 10 million people, the company has disclosed.
The initial attack occurred in December 2013, but the company did not learn about it until Aug. 5. Since then it has been working with the FBI and cybersecurity firm Mandiant to investigate the breach.
The hackers may have had access to customer records which include names, addresses, telephone numbers, dates of birth, Social Security numbers, member identification numbers, financial accounts and medical claims information.
Records may contain all or just some of that information, depending on the customer’s relationship with the company. The breach doesn’t affect just Excellus members, but also members of other Blue Cross Blue Shield plans who sought medical treatment in the upstate New York area serviced by the company.
The information was encrypted, but the attackers gained administrative privileges to the IT systems, allowing them to potentially access it, the company said on a website that was set up to provide information about the incident.
No evidence has been found yet that the data was copied or misused by the attackers.
Excellus will send breach notification letters via mail to all affected persons throughout the month and is offering free credit monitoring and identity protection services for two years through a partner.
The company will not contact affected individuals via email or telephone, so any emails or phone calls claiming to be from the company in regard to this attack should be ignored as they are probably scams.
The incident comes after three other Blue Cross Blue Shield health insurers — Anthem, Premera and CareFirst — announced large data breaches this year as a result of cyberattacks.
Excellus said that it doesn’t have sufficient information about the Anthem, Premera and CareFirst investigations in order to comment about possible connections between those attacks and the one against its own systems.
Source-http://www.thegurureview.net/aroundnet-category/hackers-accessed-10m-records-at-excellus.html
Microsoft Unveils ‘Send’ Mobile App
Microsoft unveiled a mobile-minded alternative to email that’s focused primarily on short, quick messages.
Named Send, the new tool aims to deliver a simple experience much like that offered by text messaging or instant messaging software but without the need to know a co-worker’s mobile number or username. Instead, Send lets users quickly fire off a message to any co-worker using just their email address; no subject line, salutations or signatures are required.
“On my way,” might be one example, or “Are you in the office today?”
The app connects to Office 365 business and school email accounts to find frequent and recent contacts; users need only tap on one to start a conversation. A “Quick Reply” option allows for speedy responses.
That Office 365 connection, meanwhile, also means conversations are synced with Outlook, letting users continue them from anywhere. Messages sent using Send are treated internally like any other work email and comply with an organization’s email compliance policies, Microsoft said.
Send is now available free for iPhone through the Microsoft Garage in the U.S. and Canada. Versions for Windows Phone and Android are coming soon, as are additional IT controls. Currently the app works with Office 365 business and school email accounts, but Microsoft plans to make it more broadly available in the coming months, it said.
Office 365 Goes Video Streaming
December 3, 2014 by admin
Filed under Around The Net
Comments Off on Office 365 Goes Video Streaming
Microsoft unveiled Office 365 Video, a YouTube-like streaming service where enterprises and large organizations can post in-house video content for communication and training.
“Office 365 Video provides organizations with a secure, company-wide destination for posting, sharing and discovering video content,” said Mark Kashman, a senior product manager with the Office 365 team, in a blog posting.
Kashman touted Video as a tool for internal communications, citing the examples of new-employee orientation, management messaging and worker training. Employees will also be able to contribute to a “Community” section, though most companies will probably frown on cat antic clips.
The service rolls out over the next few days to companies that have registered for Office 365′s First Release early distribution program, then through early 2015 to others.
Video will be available only to subscribers of Office 365′s plans for enterprises — E1 through E4 — and universities (A2 through A4). It will not be offered to consumer subscribers or firms with small business-oriented plans like Business Essentials, Business and Business Premium.
Kashman also said Office 365 plans for government agencies will get Video at some point, but he did not proffer a timeline.
The other requirement is SharePoint Online, an off-premises component of the enterprise and academic plans, but missing from the increasingly popular Office 365 ProPlus, the rent-not-buy plan used by organizations that have decided to retain their back-end services, like SharePoint and Exchange, on premises.
Although Office 365 Video has elements of consumer streaming services like Google’s YouTube, it’s strictly an in-house affair: It will be available only to employees, and then only those whom IT administrators have assigned access rights.
BlackBerry’s Secure Goes To iOS
July 1, 2013 by admin
Filed under Smartphones
Comments Off on BlackBerry’s Secure Goes To iOS
BlackBerry continues to expand its support for Android and iOS with Secure Work Space, which separates work and personal apps and data, as the device maker tries to hold on to enterprise users by becoming more platform neutral.
Remaining relevant in a world where more than 9 out of 10 smartphones shipped are based on either Google’s Android or Apple’s iOS isn’t easy for BlackBerry. But the company still has fans in enterprise IT departments and hopes to remain an option for users by continuing to embrace the two dominant platforms. The company can already manage devices based on Android and iOS, and support for BlackBerry Messenger is on the way.
BlackBerry announced Secure Work Space in March and has now made good on a promise to ship it before June 30. The software is an add-on to BlackBerry Enterprise Service (BES) 10, and it adds a managed container to protect corporate data and applications running on Android and iOS devices.
Users get integrated email, calendar and contacts, as well as secure browser access to intranets and document editing capabilities. Data is protected both when stored on the device and when transferred to and from enterprise servers, according to BlackBerry.
“The concept is right and very similar to what AT&T offers with Toggle. Creating two different “personas” on mobile devices is becoming a best practice for enterprises. Buying it from BlackBerry is probably most relevant for enterprises that have a major commitment to BlackBerry 10 and BES 10,” said Leif-Olof Wallin, research vice president at Gartner.
On BlackBerry 10 smartphones, BlackBerry has tightly integrated a personal and a work environment with the Balance feature.
BlackBerry is far from the only vendor that has adopted this concept. One competitor is Good Technology, which on Tuesday announced a whole host of new applications compatible with its Dynamics Security Mobility platform, which includes support for both app wrapping and encrypted app containers. The list of newcomers includes Mobility for SAP and remote access app Splashtop.
But for those interested in Secure Work Space, which is based on software from OpenPeak, the BES 10 server software is free to download. Annual client access licenses for Secure Work Space are $99 per year and device. For enterprises that want to get their feet wet, the platform is also available as a 60-day free trial bundle that includes device management for BlackBerry 10, iOS and Android devices, as well as Secure Work Space licenses for 50 users.