Security Briefs

By Paula Bernier, Executive Editor, TMC  |  June 01, 2016

Obama States His Apple Case

President Obama was at the South by Southwest festival in Austin, Texas, this spring offering details on his position that Apple should help the government access the data on the San Bernardino shooter’s iPhone. “If, technologically, it is possible to make an impenetrable device or system, where the encryption is so strong that there is no key, there is no door at all, then how do we apprehend the child pornographer?” Obama said. “How do we disrupt a terrorist plot?” (The government has since been able to access the data on that iPhone, and without the help of Apple.)

OTT Providers Continue Adding Security Despite Wiretap Concerns

Popular online entities continue to advance the security they deliver around their services and capabilities despite the challenges that can create for law enforcement officials. For example, Google is investigating whether the encryption it uses for emails today can be applied to other products. And a report by The Guardian says Snapchat is also working to introduce a more secure messaging system. The discussion about the challenges this kind of thing presents to law enforcement officials resurfaced recently when the FBI recently began pushing Apple to unlock its iPhones to help it access information on the San Bernardino shooter’s iPhone. Apple refused. As part of a separate effort, the government has obtained a wiretap order authorizing real time acquisition of the WhatsApp messages (probably text chats rather than voice calls, but that’s unclear at this stage) in an ongoing criminal investigation. However, WhatsApp is unable to provide decrypted text in response to the wiretap order due to the end-to-end security it has put in place for users.

FCC Leader Espouses Personal Privacy

Federal Communications Commission Chairman Tom Wheeler (News - Alert) recently shared his view that consumers should be able to dictate how their internet service providers use their information. “Under my proposal, ISPs would be able to use information about where you want to go on the internet in order to deliver the broadband service you signed up for, just as phone companies can use the phone numbers you dial to connect you to your calls,” he said. “They would also be able to use customer information for other purposes that are consistent with customer expectations; for example, to market higher speed connections and to bill for their services. ISPs would be able to use and share customer information with their affiliates to market other communications-related services unless you opt out and ask them not to. All other uses and sharing of your personal data would require your affirmative opt-in consent.”

Microsoft (News - Alert) Adds Security Features

Last year Microsoft introduced Office 365 Enterprise E5, which included new menu options. Its latest version of the Office productivity suite, which has been developed specifically to tackle challenges facing enterprise customers in the mobile and cloud era, is Office 2016. Features include real-time protection against malware, viruses and malicious URLs with advanced threat protection; built-in data loss prevention that significantly reduces the risk of leaking sensitive data, which is fully supported in Word, PowerPoint, Excel, and Outlook; and when away from the corporate network, content can be securely accessed anywhere through the use of multi-factor authentication.

Study Considers Online Shopping Security

Eighty percent of respondents of a recent study said they would be more likely to use a motion code-enabled card vs. one with a printed, static CVV for online shopping. These research results come courtesy of embedded security software provider Oberthur Technologies.  

ManageEngine Offers Single Sign-On

ManageEngine’s self-service password management solution ADSelfService Plus now enables end users to access SaaS and on-premises applications without having to log in to each application separately. “Managing identities across multiple applications is a hassle for both the IT staff and the end users alike,” said Parthiban Paramasivam, product manager at ManageEngine. “Single sign-on provides end users with a convenient method of accessing all of their accounts with a single set of credentials. And since ADSelfService Plus uses existing Active Directory credentials for authentication, you can secure the various accounts of end users behind the strong and complex domain password policies of your Windows environment.”           

MegaPath Simplifies SMB Security

MegaPath has released its Managed IPsec VPN and Unified Threat Management solution. The new managed network and security service, which is suited for small and medium businesses, is fast and simple to implement, the company says. “Do-it-yourself networking and data security can be complex, time-consuming, and difficult to implement and manage,” said Kurt Hoffman, president and CEO, MegaPath. “MegaPath simplifies networking and security for our customers by taking the burden off of IT managers and business owners to secure their networks. SMB customers and their IT partners can now rely on a single service organization for the licensing, procurement, installation, management, and maintenance of their secure network infrastructure, all for a single flat fee per site.”

Verizon (News - Alert) Looks at the Human Side of Security

The Verizon 2016 Data Breach Investigations Report, considered the gold standard of security reports, is now available. The report this year emphasizes that cybercriminals exploit human nature. “It shines a bright light on the fact that when it comes to cyber safety we tend to be trusting and open things we should not, and that most organizations and individuals need to be much more cautious,” writes Peter Bernstein, senior editor for INTERNET TELEPHONY parent company TMC. “It also highlights the realities that monetization is now a hacking priority and we are doing way too good job of contributing to the cause.”

NTT Looks at the International Threat Landscape

A new report from NTT Group company Solutionary provides a detailed assessment of the international threat landscape. The Global Threat Intelligence Report is a 74-page missive that presents input from the Center for Internet Security, Lockheed Martin, Recorded Future (News - Alert), and Wapack Labs.

Mobile Malware Sees ‘Alarming’ Rise

Check Point Software Technologies says there is an alarming rise of mobile malware. Android (News - Alert) is the most common target, the company pointed out. One of the newest and most prevalent threats in this realm is a mobile malware known as HummingBad, which  appeared on the Check Point report for the first time this February.

Malicious Domain Discovery Service Becomes Available

High-Tech Bridge has added to its portfolio of free web services domain security radar. The new service reveals various unethical, malicious, or illegal activities with domain names, such as identity theft, brand and trademark forgery, domain squatting, typosquatting, and phishing. All you have to do to use it is input a URL.

Edited by Maurice Nagle