Toggle light / dark theme

Cyberconflicts are, right now, at this very moment, like the first military aeroplanes of 1909. Within decades, planes destroyed entire cities. So when we talk about cyber weapons, we’re still basically in 1909.


Despite the devastation cyberweapons have caused around the world over the last decade, they are still in their infancy. David E. Sanger, a New York Times national security correspondent, explains why the threat is growing.

Subscribe: http://bit.ly/U8Ys7n
More from The New York Times Video: http://nytimes.com/video

Whether it’s reporting on conflicts abroad and political divisions at home, or covering the latest style trends and scientific developments, New York Times video journalists provide a revealing and unforgettable view of the world. It’s all the news that’s fit to watch.

Read more

An international team of researchers has, for the first time, demonstrated that by fixing a common glitch in photosynthesis, a crop’s yield could be improved by around 40 percent. The landmark study suggests optimizing a plant’s photosynthetic efficiency could significantly increase worldwide food productivity.

Read more

Just like last year, this year’s 60 predictions reveal the state-of-mind of key participants in the cybersecurity industry (on the defense team, of course) and cover all that’s hot today. Topics include the use and misuse of data; artificial intelligence (AI) and machine learning as a double-edge sword helping both attackers and defenders; whether we are going to finally “get over privacy” or see our data finally being treated as a private and protected asset; how the cloud changes everything and how connected and moving devices add numerous security risks; the emerging global cyber war conducted by terrorists, criminals, and countries; and the changing skills and landscape of cybersecurity.

Read more

https://paper.li/e-1437691924#/


A team of researchers from Austria, Italy and Sweden has successfully demonstrated teleportation using on-demand photons from quantum dots. In their paper published in the journal Science Advances, the group explains how they accomplished this feat and how it applies to future quantum communications networks.

Scientists and many others are very interested in developing truly —it is believed that such networks will be safe from hacking or eavesdropping due to their very nature. But, as the researchers with this new effort point out, there are still some problems standing in the way. One of these is the difficulty in amplifying signals. One way to get around this problem, they note, is to generate photons on-demand as part of a quantum repeater—this helps to effectively handle the high clock rates. In this new effort, they have done just that, using semiconductor .

Prior work surrounding the possibility of using has shown that it is a feasible way to demonstrate teleportation, but only under certain conditions, none of which allowed for on-demand applications. Because of that, they have not been considered a push-button technology. In this new effort, the researchers overcame this problem by creating quantum dots that were highly symmetrical using an etching method to create the hole pairs in which the quantum dots develop. The process they used was called a XX (biexciton)–X (exciton) cascade. They then employed a dual-pulsed excitation scheme to populate the desired XX state (after two pairs shed photons, they retained their entanglement). Doing so allowed for the production of on-demand single photons suitable for use in teleportation. The dual pulsed excitation scheme was critical to the process, the team notes, because it minimized re-excitation.

Read more

“We’re sorry this happened,” Facebook said in a statement after disclosing yet another privacy failing.


Facebook said on Friday in a developer-focused blog post that it had discovered a nasty bug in its photo software.

The bug allowed authorized app programmers to access photos that people had uploaded to Facebook but not publicly shared, as well as those posted on Facebook’s Marketplace software or Facebook Stories, the post said.

There are several cases in which someone might have uploaded a photo but didn’t share it, Facebook explained.

Read more

Recent studies show that 1 out of every 100 emails sent globally has malicious intent.

This is one of the many statistics that illustrate the rise in hacking and phishing. The subject of phishing, in particular, has played big roles and some of the largest data breaches recently.

An example of this would be the 2014 Sony Pictures breach perpetrated is to be believed by North Korea per the US Department of Justice. in this instance, it only took one email being opened by an employee to provide malicious actors a way to take control of Sony’s network.

A common thing we see among phishing attacks is impersonating an actual employee inside of the business. Some Phishing messages have even been reported as coming from the CEO of the company and play off of existing relationships to convince the victim to part with confidential information.

Phishing attacks don’t just happen on traditional computers but also mobile devices as well.

Even more modern security measures such as two-factor authentication can also be targeted by phishing. The hackers of today are able to create fake login pages to get the information of a target and then use that information to access the actual website.

So why isn’t 2-step verification good? Why doesn’t it work? When the victim is prompted for 2-step Verification they also enter the verification number on the fake login page, thus giving the attacker complete access.

A Rise In Hacking & Phishing Attempts

A series of industry reports demonstrates the growing trend of hacking and phishing attempts in recent years.

According to PhishMe’s Enterprise Phishing Resiliency and Defense Report, phishing attempts have increased 65% from the previous year.

Additionally, a statement from Wombat Security State of the Phish report that 76% of businesses reported being a victim of a phishing attack in the last year.

Per the Verizon Data Breach Investigations Report, 30% of phishing communications are opened by their target and 12% of those victims visit or open a malicious attachment or link.

A report from The SANS Institute revealed that 95% of all hacks on enterprise networks are the result of phishing.

According to cybersecurity leader Symantec, phishing and thus hacking has increased across most business types all with varying sizes — no business or industry is immune it seems.

Per the Webroot Threat Report, nearly 1.5 million new phishing sites are built monthly.

Common Phishing Techniques

The most common phishing attack you will come across is one where you will be directed to a fake login page. This usually happens because of a “Forgot Password” or “Reset Password” email has been received by the victim and they act on it.

Another common way that a phishing attack will present itself is through malicious browser extensions and ads.

er a recent report, Google removed over 3 billion ads from its platform last year a 100% increase in malicious ad removal over the previous year. The same report also revealed that cybercriminals compromise over 100,000 devices with browser extensions. The browser extensions in question did everything from steal login credentials to mine cryptocurrencies.

Another method that is less common than two listed above is a tech support scam. This is where a fake tech support agent will call someone directly to “assist” them with an issue that their computer is having (caused by the caller in the first place). This is most often because of a”virus” the user got on their device.

How To Avoid Phishing Attempts

The biggest thing you could possibly do as a business to prevent phishing is to use a password management tool. This means the employees would never login directly to a website or service but would rather click a saved hyperlink in the password manager. This means the change that you or your employees will visit a fake login page would be almost zero.

Another huge measured that will help you prevent phishing attacks as educating yourself or your employees. This one clued both education on what phishing attacks are and also how to spot when they’re happening.

The most common way to spot a phishing email is to verify the email address it was sent from. While hackers can spoof email addresses this is a very quick way to recognize at least 50% of phishing emails.

Another great method is that before you or any of your employees click on any link in an email, first the user should right click on the link and copy the URL into a notepad to verify that it is a trusted website that they are about to visit.

Yet another great rule of thumb is to not open any email attachments you are unsure about especially zip files.

How can you spot a phishing attack? Always be on the lookout for:

  • Grammar or spelling mistakes.
  • An undue appeal for urgency.
  • A request for information the requestor should already have that could be personal.
  • An unfamiliar e-mail address.
  • A link in an email to a website you don’t recognize.

Conclusion

Because of the rise of phishing and hacking both regular employees business owners and IT Security Professionals need to put extra effort into avoiding these threats. The landscape is changing almost monthly and new types of attacks are created weekly.

On top of email, there are many other possible ways that a hacker may target someone with a phishing attack. This extends beyond email to other communication methods such as LinkedIn messenger, WhatsApp or text messaging.

This also applies to any other third-party internal messaging system that you may be using such as Skype or Slack. If you were serious about preventing a costly data breach you need to put time, energy, and attention into making sure you are diligent in avoiding phishing and hacking attacks.

The promise of quantum computing brings with it some mind-blowing potential, but it also carries a new set of risks, scientists are warning.

Specifically, the enormous power of the tech could be used to crack the best cyber security we currently have in place.

A new report on the “progress and prospects” of quantum computing put together by the National Academies of Sciences, Engineering, and Medicine (NASEM) in the US says that work should start now on putting together algorithms to beat the bad guys.

Read more

Not cool, China.


(Reuters) — Hackers behind a massive breach at hotel group Marriott International left clues suggesting they were working for a Chinese government intelligence gathering operation, according to sources familiar with the matter.

Marriott said last week that a hack that began four years ago had exposed the records of up to 500 million customers in its Starwood hotels reservation system.

Private investigators looking into the breach have found hacking tools, techniques and procedures previously used in attacks attributed to Chinese hackers, said three sources who were not authorized to discuss the company’s private probe into the attack.

Read more

If you’re paranoid about your cyber security, you may not be so crazy after all.

The cybersecurity industry is experiencing a growth that is almost unparalleled across any other industry even taking into account historical figures. Some people say that the growth in the need of cybersecurity is going to create the biggest wealth transfer we have seen in our lifetime.

With every aspect of our life being fine-tuned with the use of data, making sure that data is secure is becoming a top priority around the globe. This is being reflected in the massive growth of the cybersecurity industry and the massive demand for individuals who have been trained to keep data safe.

The Growth of Cybersecurity

Cybersecurity is the fastest growing technology sector out there. And with cybercrime at an all-time high, the cybersecurity niche is set for massive growth over the next 5 years.

The amount of money that individuals and businesses spend on cybersecurity is growing and is expected to be over $1 trillion cumulatively over the next five years, from 2017 to 2021.

Cybercrime and security breaches are continuing to cost businesses and individuals more and more money. The amount of damage done is expected to be $6 trillion annually by 2021, up from $3 trillion in 2015 according to Robert Herjavec, the founder and CEO of Herjavec Group, a Managed Security Services Provider.

There is an expectation that there will be 1.5 million cybersecurity job openings by 2019, a huge increase from just 1 million in 2016. By 2019, the demand is expected to increase to somewhere around 6 million globally according to Cybersecurity Ventures.

If you’re looking for a great career, recent studies suggest that cybersecurity unemployment rate will remain at 0% over the next 5 years, from 2017 to 2021.

What Has Spurred The Growth of Cybersecurity?

The major reason cybersecurity is growing at such a rapid pace is the growth of cybercrime and the number of digital devices we use in our day to day life.

The rise of the Internet Of Things (or IoT for short) has provided hackers and malicious actors more opportunities to cause havoc than ever. And that havoc comes with real work $-signs attached to it. In fact, the number of IoT devices jumped by 31% to 8.4 billion in 2017 according to a Gartner study.

That means that there are more IoT connected devices than people on the plant, and with a great deal of those IoT devices being used for commercial applications in fields like Healthcare, security is truly becoming more and more important all the time.

According to IBM, the average loss experience by businesses who are victims of cybercrime is almost 4 million dollars. As businesses rely more and more on technical tools and software to complete day-to-day operations, they become more and more susceptible to cybercrime. What’s more is that the technology and tools are constantly changing at a pace that is faster than most businesses or individuals or able to keep up with.

In many cases, organizations are reluctant to uncover hacks and cyberattacks that they’ve been victims of, basically this behavior is inspired by a paranoid fear of reputation harm. All things considered, Cybersecurity Ventures is foreseeing somewhat higher development rates, at around 12 to 15 percent year-over-year through 2021.

To be put more simply, that estimate is higher than the 8–10% being anticipated by other industry analysts. Accordingly, the real spending on cybersecurity might be significantly more than what’s uncovered through studies & surveys, as organizations might downplay their cybersecurity spending plans with the end goal to secure shield whatever reputation harm it may cause.

What Has Made Cybersecurity So Profitable?

Some organizations such as Bank of America have literally an unlimited cybersecurity budget. While this may seem weird, it’s also the fast approaching “new-norm” for large enterprise organizations. Where does that money go? The firms and companies that specialize in cybersecurity operations, management, and audits.

Other research from Morgan Stanley (overview from Chief Information Officers of real companies) reveals that the greater part of the officials they asked intended to purchase in excess of 15 diverse security products in the next year, demonstrating the tremendous layers of security that are attempted in numerous enterprise environments and further featuring the huge increase in spending on cybersecurity services & audits.

This tells us that, as cybercrime costs keep on going up for companies, by and large so will spending for cybersecurity measures, thus creating a boon for the cybersecurity business.

And if you’re not a business, the possible downsides to a hack can be harder to get over. With the actual possibility of having your life ruined, individuals are starting to explore more options to maintain online anonymity and privacy.

Beside the developing number of direct & focused assaults that is driving the profitability in cybersecurity, the quantity of cybersecurity venture capital deals likewise are developing in this space. There has been a huge increase in the amount of funding firms have received, about $13.6 billion has been invested into cybersecurity organizations since 2013.

Compliance Regulations

Not only is hacking and malicious behavior driving industry growth, but compliance regulations also. With regional changes like GDPR compliance, businesses are under even more pressure to contract or retain cybersecurity services.

This pressure doesn’t only extend to hiring trained professionals to implement the compliance requirements, but businesses also have to worry about fines and charges associated with not keep up with and following current regulations.

“If GDPR were an asteroid hurtling towards the United States, those directly in the strike zone would be large, multinational companies,” said Heather Engel, the CSO at Sera-Brynn, a global cybersecurity firm.

Conclusion

Hackers and malicious actors spend the entirety of their day finding new exploits in holes in currently used security tools methods and standards.

If you are a consumer who doesn’t take security seriously or are a business not employing a cybersecurity professional to keep you safe, you may find yourself contributing to the tremendous growth the cybersecurity industry & cybersecurity professionals are experiencing. It’s obvious that “biggest growing market” may be the understatement of the century.