Microsoft on Friday will begin grading its commercial customers’ Office 365 security settings in an effort to fortify its software and services that are frequent targets of hackers. Secure Score only considers a business customer’s use of security features in Office 365. That means it might register lower scores for customers who choose to use rival security products instead of enabling security features included in their Office 365 subscription, the company said. Read More.
Michael Flynn, the national security adviser to President Trump, resigned late Monday over revelations about his potentially illegal contacts with the Russian ambassador to the United States, and his misleading statements about the matter to senior Trump administration officials. Read More.
Russian cyberspies known as APT28 have created a Mac version of their famous XAgent (X-Agent, Sofacy) malware, which already has versions for Windows, iOS, and Android. Bitdefnder and Palo Alto researchers discovered attacks where this Mac variant was used. But regular users shouldn't worry as the hacking group favors politically motivated attacks. Read More.
Yesterday Yahoo issued a "Forged Cookie" warning to users, which is in connection with the third data breach the company quietly disclosed in December 2016. “Yahoo has sent out another round of notifications to users, warning some that their accounts may have been breached as recently as last year. The accounts were affected by a flaw in Yahoo's mail service that allowed an attacker—most likely a "state actor," according to Yahoo—to use a forged "cookie" created by software stolen from within Yahoo's internal systems to gain access to user accounts without a password,” reports ArsTechnica. Read More.
Akamai's State of the Internet that although the rise in DDoS attacks has so far has been blamed on the Chinese manufacturers for churning out cheap devices with shoddy security, it is the Americans who plugged them in. In fact, American consumers plugged in 4x more than the Chinese. Meanwhile, at RSA Bruce Schneier proposes public service technologists will be needed to tame this problem in regards to IoT security. Read More.
At RSA, Alphabet chairman Eric Schmidt proclaimed AI is here to stay — and that security concerns related to it are somewhat misguided. He did explain that we should stop thinking about it in Skynet terms, though. It will still require human intervention and as this point will enhance the human experience and not make it obsolete. He did express concern on whether breaches will encourage governments to limit internet access. Read more in CSO. Read More.