Apr.14

Julian Assange Charges, Japan’s Top Cybersecurity Official, and More Security News This Week

The US refused to join a new global cybersecurity agreement this week—maybe because it was created by French president Emmanuel Macron, with whom President Trump isn’t on great terms.

On the same day, internet traffic that was supposed to route through Google’s cloud servers instead went haywire, traveling through unplanned servers based in the likes of Russia and China. Hack? No, as Lily Hay Newman explains, though the cause was still worrisome.

We also brought you the lowdown on how Darpa is preparing a Hail Mary plan to restart an electric grid in the case of a major infrastructure hack. We showed you how to get rid of old electronics without leaving your personal data on them. We explained what a bot really even is. And, with Mozilla’s help, we explained how to shop for cyber-secure toys for the holidays.

Cryptographer Bruce Schneier explained why surveillance kills freedom and experimentation. And Garrett Graff laid out why the Mueller investigation is probably going to be just fine—despite Trump firing Jeff Sessions and replacing him with a person who called the investigation a witch hunt.

And there’s more! As always, we’ve rounded up all the news we didn’t break or cover in depth this week. Click on the headlines to read the full stories. And stay safe out there.

The most cybersecure devices are the ones that aren’t connected to the internet at all. Japan’s minister of cybersecurity Yoshitaka Sakurada appears to have taken that advice a little far, admitting in front of Japanese parliament this week that he has actually never used a computer. At all. The nation of Japan was understandably aghast. When asked whether nuclear power plants in the country allowed USB drives to be used on their computers, Sakurada admitted he didn’t know what a USB drive was. He told parliament if they need to have better answers they should bring in an expert.

Though the story is funny in a “this is fine” meme kind of way, it’s actually terrifying, and exemplifies a growing trend of nonexperts in governing positions—and not just in Japan. American lawmakers are increasingly without expertise in the areas they’re assigned to oversee. After the midterms, it made headlines that a lawmaker with an actual science background would be leading the House science committee. It was news because it was such a rarity. This isn’t really fine, is it?

It happened in 2016. And now it’s happened again. A judge in New Hampshire has said that Amazon’s Alexa may have heard the stabbing murder of two women. The judge ruled this week that Amazon should hand over the records to prosecutors in the case against the man accused. Amazon said it will only deliver the recordings with a binding legal order, which it appeared to deny the ruling constituted.

In an apparent error, a US assistant attorney revealed in an unrelated court filing that Julian Assange has been charged “under seal” in the US. That means no details of the charge, or even the charge itself, are meant to be known by the public. The unrelated filing stated: “Due to the sophistication of the defendant and the publicity surrounding the case, no other procedure is likely to keep confidential the fact that Assange has been charged.” It went on to indicate the US plans to arrest Assange, who is reportedly wearing out his welcome at the Ecuadorian Embassy in London, where he’s been hiding for the past six years. A spokesman for the court told The Washington Post, “The court filing was made in error. That was not the intended name for this filing.” The Post suggests the filing might relate to the Mueller probe, which has been investigating the role Wikileaks played in Russia’s misinformation attack on the US presidential election in 2016.

Facebook says that US government requests for user data have gone up by 30 percent year over year. Most of these were court-ordered search warrants, which the company prevented from alerting users about. The figures were released in its latest transparency report, which came out a day after The New York Times bombshell investigation into the company’s mishandling of Russian misinformation on the platform during the presidential election. Facebook’s transparency report also reveals that between 2014 and 2017, Facebook reports the US government served it with 13 national security letters, the secret subpoenas the FBI issues to companies for data without any judicial oversight, and about which companies are often prevented from discussing publicly. Facebook disclosed the information after the government lifted the gag orders on these specific NSLs earlier this year, according to Facebook’s deputy general counsel Chris Sonderby.

As if its traffic being rerouted erroneously through Russia and China wasn’t bad enough, Google’s official G Suite Twitter account was also hacked this week. In a since-deleted tweet, the account promoted a bitcoin scam to its more than 800,000 followers. The Next Web reports the hack was part of a string Bitcoin related scams going around. Earlier that same day Target’s Twitter account had done the same thing.

In good news, internet security company Cloudflare released a mobile version of its 1.1.1.1 public DNS resolver, which works to protect your browsing privacy while on a public internet connection by hiding your IP address. Available for iOS and Android devices, the app is free and early reviews suggest it’s fast.

More Great WIRED Stories

This content was originally published here.

Management

Apr.14

The NSA Makes Ghidra, a Powerful Cybersecurity Tool, Open Source | WIRED

The National Security Agency develops advanced hacking tools in-house for both offense and defense—which you could probably guess even if some notable examples hadn’t leaked in recent years. But on Tuesday at the RSA security conference in San Francisco, the agency chose for the first time demonstrated Ghidra, a refined internal tool that it has chosen to open source. And while NSA cybersecurity advisor Rob Joyce called the tool a “contribution to the nation’s cybersecurity community” in announcing it at RSA, it will no doubt be used far beyond the United States.

You can’t use Ghidra to hack devices; it’s instead a reverse engineering platform used to take “compiled,” deployed software and “decompile” it. In other words, it transforms the ones and zeros that computers understand back into a human-readable structure, logic, and set of commands that reveals what the software you churn through it does. Reverse engineering is a crucial process for malware analysts and threat intelligence researchers, because it allows them to work backward from software they discover in the wild—like malware being used to carry out attacks—to understand how it works, what its capabilities are, and who wrote it or where it came from. Reverse engineering is also an important way for defenders to check their own code for weaknesses, and confirm that it works as intended.

“If you’ve done software reverse engineering what you’ve found out is it’s both art and science, there’s not a hard path from the beginning to the end,” Joyce said. “Ghidra is a software reverse engineering tool built for our internal use at NSA. We’re not claiming that this is the one that’s going to be replacing everything out there—it’s not. But it helped us address some things in our work flow.”

“There’s really no downside.”

Former NSA Hacker Dave Aitel

Similar reverse engineering products already exist on the market, including a popular disassembler and debugger called IDA. But Joyce emphasized that the NSA has been developing Ghidra for years, with its own real-world priorities and needs in mind, which makes it a powerful and particularly usable tool. Products like IDA also cost money, whereas making Ghidra open source marks the first time that a tool of its caliber will be available for free—a major contribution in training the next generation of cybersecurity defenders. (Like other open source code, though, expect it to have some bugs.) Joyce also noted that the NSA views the release of Ghidra as a sort of recruiting strategy, making it easier for new hires to enter the NSA at a higher level, or for cleared contractors to lend their expertise without needing to first come up to speed on the tool.

The NSA announced Joyce’s RSA talk, and Ghidra’s imminent release, in early January. But knowledge of the tool was already public thanks to WikiLeaks’ March 2017 “Vault 7” release, which discussed a number of hacking tools used by the CIA and repeatedly referenced Ghidra as a reverse engineering tool created by the NSA. The actual code hadn’t seen the light of day, though, until Tuesday—all 1.2 million lines of it. Ghidra runs on Windows, macOS, and Linux, and has all the components security researchers would expect. But Joyce emphasized the tool’s customizability. And it is also designed to facilitate collaborative work among multiple people on the same reversing project—a concept that isn’t as much of a priority in other platforms.

Ghidra also has user interface touches and features meant to make reversing as easy as possible, given how tedious and generally challenging it can be. Joyce’s personal favorite? An undo/redo mechanism. It allows users to try out theories about how the code they are analyzing may work, with an easy way to go back a few steps if the idea doesn’t pan out.

The NSA has made other code open source over the years, like its Security-Enhanced Linux and Security-Enhanced Android initiatives. But Ghidra seems to speak more directly to the discourse and tension at the heart of cybersecurity right now. By being free and readily available, it will likely proliferate, and could inform both defense and offense in unforeseen ways. If it seems like releasing the tool could give malicious hackers an advantage in figuring out how to evade the NSA, though, Dave Aitel, a former NSA researcher who is now chief security technology officer at the secure infrastructure firm Cyxtera, says that that isn’t a concern.

“Malware authors already know how to make it annoying to reverse their code,” says Aitel. “There’s really no downside” to releasing Ghidra.

No matter what comes next for the NSA’s powerful reversing tool, Joyce emphasized on Tuesday that it is an earnest contribution to the community of cybersecurity defenders—and that conspiracy theorists can rest easy. “There’s no backdoor in Ghidra,” he said. “Come on, no backdoor. On the record. Scout’s honor.”

More Great WIRED Stories

This content was originally published here.

Management

Apr.13

Global Software Testing Market Report forecast to 2025 by Applications – Artificial Intelligence Testing, Cybersecurity Testing – Chronicle India

Description

Software testing is an investigation conducted to provide stakeholders with information about the quality of the software product or service under test. Software testing can also provide an objective, independent view of the software to allow the business to appreciate and understand the risks of software implementation.

Overview of Software Testing Market

The fundamental purpose of Software Testing Market report is to provide a correct and strategic analysis of the Software Testing industry. The report scrutinizes each segment and sub-segments presents before you a 360-degree view of the said market.

A primary purpose of testing is to detect software failures so that defects may be discovered and corrected. Testing cannot establish that a product functions properly under all conditions, but only that it does not function properly under specific conditions. In the current culture of software development, a testing organization may be separate from the development team. There are various roles for testing team members.

Get Sample report of Software Testing Market @ https://www.reportsmonitor.com/request_sample/27510

The report offers an entire evaluation of the marketplace. It does so through in-intensity qualitative insights, recorded insights, and future projections. The projections included in the report had been founded employing established research assumptions and methodologies.

Market share of global Software Testing industry is dominate by companies like Capgemini, Wipro, Cognizant, HP, Infosys, TCS, Hexaware, Katalon Studio, IBM, Tricentis Tosca Testsuite, Worksoft Certify, TestPlant eggPlant Functional.

Industry Insight:

This report studies the Software Testing market, Software testing is an investigation conducted to provide stakeholders with information about the quality of the software product or service under test. Software testing can also provide an objective, independent view of the software to allow the business to appreciate and understand the risks of software implementation. Test techniques include the process of executing a program or application with the intent of finding software bugs (errors or other defects), and verifying that the software product is fit for use.

Check discount for this report @ https://www.reportsmonitor.com/check_discount/27510

The Software Testing Market report is a compilation of first-hand information, qualitative and quantitative assessment by industry analysts, inputs from industry experts and industry participants across the value chain. The report provides in-depth analysis of parent market trends, macro-economic indicators and governing factors along with market attractiveness as per segments. The report also maps the qualitative impact of various market factors on market segments and geographies.

Product Type Coverage (Market Size & Forecast, Major Company of Product Type etc.): Test Consulting And Compliance, Quality Assurance Testing, Application And Software Testing, Risk And Compliance Testing Covering, Others.

Application Coverage (Market Size & Forecast, Different Demand Market by Region, Main Consumer Profile etc.): Artificial Intelligence Testing, Cybersecurity Testing, Blockchain Testing, IoT Testing, Others.

Market segment by Regions/Countries, this report covers: North America, Europe, China, Japan, Southeast Asia, India.

Key Stakeholders

Software Testing Manufacturers, Software Testing Distributors/Traders/Wholesalers, Software Testing Subcomponent Manufacturers, Industry Association, Downstream Vendors

Report Highlights:

– Detailed overview of Software Testing market

– Changing market dynamics of the industry

– In-depth market segmentation

– Historical, current and projected market size in terms of volume and value

– Recent industry trends and developments

– Competitive landscape of Software Testing market

– Strategies of key players and product offerings

– Potential and niche segments/regions exhibiting promising growth

– A neutral perspective towards Software Testing market performance

– Must-have information for market players to sustain and enhance their market footprint

In the end Software Testing Market Report delivers conclusion which includes Research Findings, Market Size Estimation, Breakdown and Data Triangulation, Consumer Needs/Customer Preference Change, Data Source. These factors will increase business overall.

This content was originally published here.

Management

Apr.12

5 Ways to Prioritize Cybersecurity for Your Business

Image credit: Michael Traitov/Shutterstock

Cybersecurity isn’t just a small IT function — it’s a key part of the business foundation.

Until now, cybersecurity has mostly been an afterthought for small business. It’s been something that tends to fall within the domain of the IT team—they might set up a firewall, download some antivirus software, and call it a day.

Today, smart business leaders are learning quickly that cybersecurity isn’t just a small function of IT — it’s a key part of the foundation that holds up the entire business. In recent years, we’ve seen significant breaches from large companies like Equifax. But now more than ever, we’re hearing about it at the local level: For example, a school system in Maine being hit with ransomware, or manufacturers being targeted nationwide. In order to protect your proprietary data, your customers, and your reputation, it’s critical to build a strong cybersecurity posture for your company.

So what can you do to make cybersecurity a priority throughout the company?

It’s not simply about deploying the right technology — it’s about creating processes and educating your team to ensure that cybersecurity is thought about in everything you do. As a business owner or manager, you have the freedom to lead the way and set the tone. It all begins with a proactive approach to cybersecurity that runs top down and throughout the organization.

1. Lead by example, make it your culture

Cybersecurity isn’t a project; it’s a posture. Just like your health, it’s something that needs to be continuously monitored and improved. The best way to imbue that mindset is to lead by example. Make cybersecurity a company priority, talk about it throughout the organization at all levels, and practice what you preach so everyone understands its importance and how to participate themselves.

2. Educate your team

It’s not enough to simply be aware of best practices yourself—you need to be sure that everyone adopts and follows your policies. Leverage cybersecurity training content and sessions to help your employees stay up to speed, and give them the opportunity to ask questions.

3. Get the right technology in place

You most likely already have a firewall and antivirus software, but are those up to date and being patched regularly? And what about the other tools such as regularly monitoring and protecting your company website, having a password vault to simplify password management and ensure everyone creates strong passwords or secure email to encrypt sensitive messages? Mobile device management, encryption, etc., the list goes on and on. Look for software and tools that are easy to use, for administrators and employees.

Editor’s note: Need a mobile device management solution? Fill out the below questionnaire to be connected with vendors that can help.

4. Pressure-test your process

It’s critical to ensure that what you have in place is actually working. After all, most data breaches are the result of human error. It’s a problem, even for the large organizations. For example, in the Equifax case, an IT employee neglected to install a security patch for a software vulnerability, even though the company had made it available. In the case of a Yahoo breach, an employee was “spear fished” and unwittingly provided authentication details that led to the exposure of over 500,000 Yahoo accounts.

5. Gauge and engage

To ensure your cybersecurity efforts and guidelines are working to protect your company, you’ll need to regularly test and monitor employee awareness. This might include sending fake phishing emails to employees to see if they are prone to clicking on bad links or opening files they shouldn’t and adopting a monthly routine of short awareness videos to continuously educate everyone in the organization. It can also include “ethical hacking”—in which a third-party is hired to attempt to break-in to company networks and computers then report back on how far they got and if they found their way to the crown jewels.

Getting these insights will help you determine whether additional training is needed, or whether a manager should check in with specific employees to help them remember the policies and improve their own posture. It’s important to find any weak links in your people, processes, or technology now instead of after an attack.

Leading the way to strong cybersecurity

As the business leader, you have the most at stake to lose in the event of an attack. So rather than put off a cybersecurity plan for another day, make it a top priority to build a strategy for proactively defending your company.

Bring together the foundation, culture, and technology that will make your effort a success. Whether you have a cybersecurity background yourself isn’t the point; what matters is that you’re aware of its importance to your organization and can bring together the right approach and solutions to ensure success on this mission. You have the freedom and ability to set the goals for your company to work towards. If you haven’t already, remember to make cybersecurity one of them.

This content was originally published here.

Management

Apr.12

Bitcoin price news: BTC price SLUMP after CipherTrace cybersecurity hacking report

Bitcoin price news: Bitcoin has had another slow 24 hours of trading (Image: GETTY)

Ethereum’s (ETH) price has fallen 1.5 percent to US$203.60 (£156), reducing ETH’s market capitalisation to $20.9billion (£15billion).

Meanwhile, Ripple’s price has tumbled 2.7 percent to 45.44 US cents, which leaves the altcoin with a market capitalisation of just under $18.2billion ($14billion).

And EOS is down 0.5 percent to US$5.37 (£4.12), leaving it with a market capitalisation of just under US$4.9 billion (£3.8billion).

The decline across the board can be partly explained by a Reuters report into crypto theft, which may have spooked traders.

The news story cited a report from US-based cyber security firm CipherTrace released last week.

It stated theft of cryptocurrencies through hacking of exchanges and trading platforms soared to $927million (£712million) in the first nine months of 2018.

A previous report from CipherTrace revealed digital currencies stolen from exchanges in 2017 totalled just $266million (£204million).

The alarming figures were up almost 250 percent from the levels seen in 2017 according to the report, which looked at criminal activity and money laundering in the digital currency space.

The cryptocurrency markets have experienced a downward turn over the last few hours (Image: GETTY)
A Graph shows the price slump over the past 24 hours (Image: Coin Market Cap )

Bitcoin’s surge in popularity and the appearance of more than 1,600 other digital coins or token have attracted an abundance of hackers into the digital currency market, the report stated.

Dave Jevans, chief executive officer of CipherTrace, told Reuters: “The regulators are still a couple of years behind because there are only a few countries that have really applied strong anti-money laundering laws.”

Mr Jevans, who is also the chairman of the Anti-Phishing Working Group, a global organisation aimed at combatting cybercrime, said there were likely 50 percent more criminal transactions than those featured in his report.

The news raises questions over whether stricter regulation needs to be enforced in the cryptocurrency sphere.

Blockbid COO, David Sapper, told Express.co.uk: “Regulation will more than likely be beneficial to cryptocurrency prices because it creates the boundaries in which cryptocurrencies can operate and therefore flourish.

“I believe a big part of the ‘problem’ or major reason for market volatility is because of the cryptocurrency space being like the Wild West.

“Regulation might have a negative impact on cryptocurrency prices in the short-term but are necessary for sustainability and growth in the long-term.”

Bitcoin price latest: a report on hacking may have influenced the slump (Image: GETTY)

Mr Sapper also highlighted the typically precarious nature of crypto investment, due to the digital currencies being highly volatile and unpredictable.

The cryptocurrency expert said: “It is still too early on for Bitcoin to have properly reached the point of having a stable price.

“There will continue to be fluctuations until more widespread commercial adoption occurs – as well as further regulation and implementation by financial institutions.”

This content was originally published here.

Management

Apr.11

Apr.11

Columbus State Ranked as Top Online Cybersecurity Master’s Program

Columbus State University was recently recognized by TheBestSchools.org as offering one of the best online master’s in cyber crime programs. Upon reviewing all accredited online master’s in cybercrime degree programs, TheBestSchools.org ranked CSU as No. 38 in the country.

CSU’s online master’s of applied science with a concentration in cybersecurity is a 30 to 34 credit hour program with coursework in computer network and management, software testing and quality assurance, and applied crytography.

To learn more about CSU’s online master’s of applied science with a concentration in cybersecurity, click here. To read the review from TheBestSchools.org, click here.

This content was originally published here.

Management