Terbium Labs has announced the release of Dark Web data analytics software Matchlight to corporate players that wish to be alerted to the theft of data immediately -- rather than days or months after the damage is done. On Tuesday, the Baltimore, MD.-based company said Matchlight is now available through either a web portal or API at what Terbium calls a "reasonable price point" so both SMBs and larger enterprise players can access the service. Now out of a private beta started in June 2015 with companies including MasterCard, IBM and LifeLock, the fully automated system allows companies to outsource part of their cybersecurity requirements and potentially mitigate the damage caused by data breaches. Terbium Labs calls itself a company which protects the enterprise from "relentless attempts to steal data for personal, monetary or political gain." The Dark Web, a small section of the Deep Web which is not indexed by common search engines including Google and Bing, is the most prolific area to acquire data stolen from businesses.
Britain's intelligence and security agencies are looking to recruit technically-minded apprentices to help combat the increasing threats that Britain faces from terrorists, hackers and cyber fraudsters. But if you do apply, don't post about it on Facebook or Twitter. Intelligence agency GCHQ and the domestic and foreign security services MI5 and MI6 want to recruit young people interested in technology and coding. The'British Intelligence Higher Apprenticeship in IT, Software, Internet and Telecoms' leads to a foundation degree, and offers a year working in Cheltenham with placements at GCHQ or London, and possibly at MI5, MI6, or the National Crime Agency afterwards. The higher apprenticeship will cover areas including programming, information assurance, software engineering, analogue and digital signal processing, GSM fundamentals and mobile telephony protocols, plus fundamentals of data communications and protocols, all of which should be a good grounding for apprentice spies.
With the surge in high profile data breaches recently, are user names and passwords the best way to ensure the people logging into corporate networks are who they say they are? ImageWare Systems is betting that businesses want better authentication -- particularly for remote access from smartphones, tablets and laptops. This week the San Diego company introduced a technology platform that allows users to meld biometrics into the traditional user name/password process for signing into a corporate network. Instead of just logging into your system with a password, the new platform, called GoVerifyID, would prompt users to also take a selfie or speak a predetermined phrase into their smartphone microphone, or both. "The hackers have found a way to impersonate you and me," said Jim Miller, chief executive of ImageWare.
A "global" cyberattack on a New Hampshire company that runs a crucial part of the internet's infrastructure took down many websites on the East Coast this morning, the company said -- and it continued to battle attacks into the afternoon. "This morning, October 21, Dyn received a global DDoS attack on our Managed DNS infrastructure in the east coast of the United States. DNS traffic resolved from east coast name server locations are experiencing a service interruption during this time," said Doug Madory, director of internet analysis for Dyn, in a statement. Dyn, based in Manchester, N.H., provides domain name system services, converting urls like www.google.com to specific I.P. addresses. The attack -- called a distributed denial of service attack -- uses computers around the world to flood and overwhelm one website or system with traffic, making it unusable.
Rather than attempt to thwart hackers by making it costly and difficult for them to launch attacks, which will also increase costs for the defenders, a more effective strategy may be to deflat the value of successful breaches and employ a decentralised security approach. With billions of Internet of Things (IoT) devices expected to be connected to the web by end-2016, a more appropriate tactic would be required to better combat potential attacks, said Dino Dai Zovi, mobile security lead at Square, during his keynote Thursday at Black Hat Asia 2016 held in Singapore. "With IoT, there's need to decentralise trust... Having ultimate trust in all these devices will be increasingly dangerous. If we can decentralise trust, we can ensure overall safety," Zovi said, noting that distributing control and data sharing on these devices would prevent one breached device from being used as ransomware or to infect others on the same network, such as a personal home network. There also should be "an anchor of trust" tasked to provide the main layer of security, where a hardware-based mechanism would most easily facilitate this.