source: securityweek.com

Online platforms should take down "terrorist content" within an hour of it being reported, the EU said Thursday in new recommendations to internet companies to stem the flow of harmful content on the web.

Brussels is looking for ways to combat online extremism amid growing alarm about the use of sites like YouTube, Facebook and Twitter as forums to radicalize and recruit, especially by the Islamic State group.

The European Commission, the bloc's executive arm, has already signed up a group of US internet giants to a plan to combat web extremism but warned it would consider legislation if the voluntary approach did not work.

"While several platforms have been removing more illegal content than ever before -- showing that self-regulation can work -- we still need to react faster against terrorist propaganda and other illegal content," the commission's vice-president for the Digital Single Market Andrus Ansip said.

This content remains "a serious threat to our citizens' security, safety and fundamental rights," added Ansip, a former Estonian prime minister.

Voluntary industry efforts have achieved results, the commission said, but there is still "significant scope for more effective action, particularly on the most urgent issue of terrorist content, which presents serious security risks".

The commission said "terrorist content" should be taken down within one hour of being reported by the authorities, such as police, and internet companies should do more to monitor and remove material themselves.

The new recommendations also include steps to crack down on other harmful illegal content such as hate speech and images of child sexual abuse.

Last month the commission said IT firms removed 70 percent of illegal content notified to them in the preceding few months.

This was compared to 59 percent before May 2017, and 28 percent in the months after the code of conduct was launched in 2016.

 source:cnet.com

 

SEE ALL ENIGMA PHOTOS HERE

A black metal mechanical device resembling a typewriter sits in a wooden box. It could be just an oddity in an antique store. It's the black elliptical logo engraved in the wood that sets it apart. 

"Enigma," it reads.

That marks it as a Nazi cipher machine, used in World War II to encrypt messages sent over radio waves by the German military. It was then cutting-edge, creating one of the world's strongest encryption keys. That gave Germany's lethal U-boats the power to communicate with each other about attacks on merchant ships, which devastated the UK throughout the war, taking thousands of lives and cutting off vital supplies and troops en route from North America. 

The power of this machine prompted the Allied forces to launch an effort that used machines, mathematicians sworn to secrecy and some Naval derring-do to crack the code and read Germany's messages.

It isn't even a computer. As Enigma expert Mark Baldwin demonstrated on Wednesday to a crowd of employees at CBS Interactive, CNET's parent company, "it just changes one letter into another."

If you press one key on the stripped-down keyboard, a different letter lights up in the lamp board, an array of light-up letters arranged just above the keyboard. Users would type their messages into the machine and write down each replacement letter as it lit up. Then they would tap out the encrypted message in Morse code over the radio, sure in the knowledge that only someone with their own Enigma machine with the same exact settings could decipher it.

Looking at the machine, it's hard to believe it confounded some of the world's best technical experts, who spent years at places like the UK's secret code-breaking compound at Bletchley Park working on ways to crack it.

 source: thecipherbrief.com

China’s intelligence and security services play a pivotal role in shaping how China’s leadership views the outside world – but we in that outside world don’t know much about how they provide guidance and direction to diplomats and security officials, or how they help form government policy.

When news breaks of the latest Chinese cyberhack or other espionage activities, analysts mostly focus on each incident as either a singular counterintelligence issue, or a reflection of current U.S.-China relations. This misses the point that each of these acts are part of a much larger and little understood strategy carried out by the Chinese Intelligence Services (CIS).

This gap in our knowledge of CIS activities may have mattered relatively little during China’s inward-looking years. But today, CIS leaders are significant players on the world stage, and understanding how and what they learn about the world, and how they formulate their policy choices, is more important than ever.

Much about CIS remains opaque. We know too little about how the intelligence services digest and assess the multi-terabytes of data they collect electronically, both domestically and from overseas. Nor do we know how that intelligence is provided to decision-makers, and how well the various agencies, both civilian and military, coordinate and cooperate.

We do know that both internal and external security and intelligence services have received significant enhancements in resources over the past 10 to 15 years. Publically available figures indicate that expenditure on internal security systems have even outpaced China’s dramatic military modernization.

A decade or so ago, China’s security state appeared to be eroding as modern communications technology swept across the country. Today, however, domestic intelligence agencies have adapted to the internet, social media and mobile communications. They are capable of blocking unwanted messaging originating overseas and domestically, ensuring the Party’s message is delivered appropriately, and following electronic dust left behind as people move through China’s highly informationalized society.

Consequently, their ability to help shape the state’s message is stronger now than it has been in a generation. And Chinese President Xi Jinping’s determination to silence dissenting voices will ensure continued resources for internal services.

 source: darkreading.com

Exploits are getting more sophisticated by the day, and cybersecurity technology just isn't keeping up.

It's almost like something out of Star Trek. Imagine an alien who can see you, but whom you can't see — one who has violence on his/her/its mind. A punch coming from out of nowhere; a vase flung at your head with no one seemingly throwing it; a punch to the gut, then a karate chop to the neck, maybe a blast from an (also invisible) ray gun, and you're down for the count. How would you fight it? How could you fight it?

Those invisible aliens may not have landed on earth just yet, but invisible malware — called fileless malware or in-memory malware — is wreaking havoc and bringing intergalactic war-style destruction to IT systems the world over. Like an invisible alien, fileless malware can strike from multiple directions, without victims even being aware they were targeted, until it's too late. Fileless malware — in which hackers call malware routines remotely and load them into memory in order to compromise or steal data — is not new, but hackers increasingly have turned to that type of attack. According to McAfee, fileless threats with PowerShell malware grew by 119% in the third quarter of 2017 alone, and they have been such a rousing success that hackers plan to greatly expand their use this year, security experts are convinced.

But fileless malware is just one of numerous threats and attacks that are now in vogue; 2018 could see more and more challenging cyberattacks, experts believe. With cryptocurrencies so popular now, hackers have begun using botnets to create the computing power needed to mine coins. AI has helped hackers develop more effective social engineering messages, "weaponizing" big data and AI to convince hapless victims to open spear-phishing messages more frequently by matching the message with the personality of the recipient. And botnets that control infected devices, commanding them to infect even more devices — a "swarm effect" — will allow hackers to grow their networks of compromised devices and systems exponentially.