Attackers have successfully infected Cisco routers with an attack that persists to provide a means for compromising other machines and data on the networks the routers serve, FireEye says.The SYNful Knock attack successfully implanted altered versions of firmware into 14 Cisco routers in India, Mexico, the Philippines and Ukraine, according to FireEye, that gives full access to the devices, and researchers expect compromised machines to show up in more places and in other brands of routers.SYNful Knock downloads software modules to customize further attacks and have been found in in Cisco 1841, 2811 and 3825 routers. It initially requires either physical access to routers or valid passwords; there is no software vulnerability being exploited, FireEye says in a blog post.To read this article in full or to leave a comment, please click here
CAMBRIDGE, Mass. -- Makers of Internet of things devices need to incorporate security into them during the design phase to make them less of a threat when connected to networks, according to speakers at an IoT security forum.In addition they need to consider early on what regulations the devices will have to comply with so those requirements can be baked in and not added later when they would be less effective, according to advice delivered at the Security of Things Forum 2015. RSA Conference
Josh CormanTo read this article in full or to leave a comment, please click here
As the criminal infrastructure that supports cyber attacks grows more efficient to speed up development of new threats CISOs need to constantly learn new skills to keep their businesses and their jobs safe, according to Cisco’s head of security solutions.They have to have solid knowledge of network security, but also have to be able to communicate well, develop in-house security talent and stay on top of how the threat landscape is changing, says James Mobley, Cisco vice president of security solutions and former CEO of security consulting firm Neohapsis, which Cisco bought last year.+More on Network World: FBI: Major business e-mail scam blasts 270% increase since 2015+To read this article in full or to leave a comment, please click here
Check Point is upgrading its sandboxing technology so it catches attacks earlier in the process and makes it harder for adversaries to evade detection.Called SandBlast, the new software monitors CPU activity looking for anomalies that indicate that attackers are using sophisticated methods that would go unnoticed with traditional sandboxing technology, according to Nathan Shuchami, head of threat prevention sales for Check Point.Traditional sandboxes, including Check Point’s, determine whether files are legitimate by opening them in a virtual environment to see what they do. To get past the sandboxes attackers have devised evasion techniques, such as delaying execution until the sandbox has given up or lying dormant until the machine it’s trying to infect reboots.To read this article in full or to leave a comment, please click here
Attivo Networks, a startup launched last year, has upgraded its deception technology so businesses can deploy it within the portion of their corporate cloud that is hosted by Amazon Web Services.That means customers can lure attackers to what looks like legitimate physical and virtual machines among their production AWS resources. It lets attackers carry out their exploits harmlessly to see what damage they are trying to do. This information can be used to find instances of the attack against real physical and virtual machines that are in use.+More on Network World: FBI: Major business e-mail scam blasts 270% increase since 2015+To read this article in full or to leave a comment, please click here
Attivo Networks, a startup launched last year, has upgraded its deception technology so businesses can deploy it within the portion of their corporate cloud that is hosted by Amazon Web Services.That means customers can lure attackers to what looks like legitimate physical and virtual machines among their production AWS resources. It lets attackers carry out their exploits harmlessly to see what damage they are trying to do. This information can be used to find instances of the attack against real physical and virtual machines that are in use.+More on Network World: FBI: Major business e-mail scam blasts 270% increase since 2015+To read this article in full or to leave a comment, please click here
There’s a continuing shift among the top security appliance vendors that has Cisco remaining at the top of the sales heap but with Check Point Software, Fortinet and Palo Alto Networks making gains and pressuring Juniper Networks, according to new research from Dell’Oro Group.The research - which includes new data from the second quarter of this year as well as projections for next year and historical data going back to 2012 - has Cisco, with 24.9% of the network security appliance market as measured by manufacturer’s revenue, solidly in first place during the latest quarter. It is followed by Check Point (9.3%), Fortinet (8%), Palo Alto (5.2%) and Juniper (4.8%) to round out the top five.To read this article in full or to leave a comment, please click here
Corporate security executives need to meet with their legal teams to find out whether the way they protect customer data will keep them out of trouble with the Federal Trade Commission should that information be compromised in a data breach.Based on a U.S. Circuit Court of Appeals decision yesterday, the best course of action is to learn what kinds of actions the FTC has taken in the past – and why - against companies whose defenses are cracked and whose customer data is stolen.
Lisa SottoTo read this article in full or to leave a comment, please click here
Since cybercrime laws lag behind technology, lawyers are constantly seeking creative ways to stretch old laws to fit new crimes, such as the latest - comparing the movie-sharing app Popcorn Time to a burglar’s tool in order to press criminal charges.Lawyers for an Adam Sandler movie are arguing that Popcorn Time performs the same function as burglars’ tools in order “to commit or facilitate … a theft by physical taking,” language used in an old Oregon law about traditional burglary.The lawyers say Popcorn Time lets users violate the movie’s copyrights by enabling downloads of pirated copies, and so they are suing for the civil crime of copyright infringement.To read this article in full or to leave a comment, please click here
Corporate security executives should have a professional interest in the Ashley Madison breach because publicly posted data about its customers represents a fertile field for spear phishers trying to attack business networks.
Anyone whose name and contact information appears in the 9.7GB stolen names contact information will likely be susceptible to opening emails purportedly from Ashley Madison, divorce lawyers and private investigators, says Tom Kellerman, chief cybersecurity officer for Trend Micro.
+ ALSO ON NETWORK WORLD Hackers release full data dump from Ashley Madison, extramarital dating site +To read this article in full or to leave a comment, please click here
Wikimedia
A dangerous flaw in Internet Explorer has prompted Microsoft to issue a patch outside its regularly scheduled monthly security updates in order to head off a known exploit of the vulnerability.The company has issued a security bulletin that describes how users who are lured to specially crafted webpages could have attackers take over control of their computers with the same rights as the user who logged into the machine.To read this article in full or to leave a comment, please click here
Cisco is reporting that successful exploits of Flash vulnerabilities are soaring, partly because they are rapidly being incorporated in kits that take advantage of the flaws as well as because enterprises aren’t patching fast enough, which leaves them open to attack.For the first five months of 2015, the Common Vulnerabilities and Exposures project has reported 62 Adobe Flash Player vulnerabilities that resulted in code execution on user machines, Cisco says in its 2015 Midyear Security Report.To read this article in full or to leave a comment, please click here
The emergence of cybersecurity startups has continued unabated as entrepreneurs vie for corporate customers seeking new technologies to battle ever increasing and innovative attackers.
The expertise of these new companies range from various improvements to encryption products to analyzing the wealth of security-incident data gathered from networks to gear that detects the potentially malicious wireless activity of Internet of Things devices.MORE ON NETWORK WORLD: 10 young security companies to watch in 2015
Based on the continued interest in these startups from venture capital investors, these companies will continue to proliferate. Here are 10 more security startups we are watching and why.To read this article in full or to leave a comment, please click here
May Black Hat be with youAs if hacked cars and massive Android vulnerabilities weren’t enough to keep the attention of security experts attending Black Hat 2015 in Las Vegas, the vendors at this increasingly vendor-driven show were wheeling out shiny distractions ranging from food and drink to celebrity lookalikes to custom art and free giveaways. Here’s a look at some of what helped keep Black Hat entertained. (See all the stories from Black Hat.)To read this article in full or to leave a comment, please click here
The deputy head of the Department of Homeland Security implored a group of skeptical security pros at Black Hat 2015 to share information about security incidents and to trust the government to keep it safe.“We understand the trust deficit that exists in the [security] community,” says Alejandro Mayorkas, deputy secretary of Homeland Security, encouraging attendees to participate in a government program where private businesses share information about cyber threats they encounter.+ MISS BLACK HAT? Get caught up with our stories from the show +Part of the trust problem is that businesses lack confidence that government can secure information it receives, Mayorkas says, citing the massive breach at the Office of Personnel Management. (It didn’t help his cause that as the meeting broke up news also broke that unclassified emails for the Joint Chiefs of Staff had been hacked and the email system shut down for two weeks.)To read this article in full or to leave a comment, please click here
It’s possible to get a printer and other inexpensive network and Internet of Things devices to transmit radio signals that are detectable far enough away that they could be used to steal data from compromised networks, a researcher tells the Black Hat 2015 conference.By rapidly turning on and off the outputs from I/O pins on chips within the printer, it’s possible to generate a signal strong enough to pass through a concrete wall and beyond to a receiver, says Ang Cui, a researcher who works at Red Balloon Security and did the research at Columbia University.+ Follow all the stories out of Black Hat 2015 +To read this article in full or to leave a comment, please click here
Globalstar satellite transmissions used for tracking truck fleets and wilderness hikers can be hacked to alter messages being sent with possibly dire consequences for pilots, shipping lines, war correspondents and businesses that use the system to keep an eye on their remote assets.The technique, described at Black Hat 2015, can’t affect control of the Globalstar satellites themselves, just the messages they relay, but that could mean altering the apparent location of assets the system tracks. So a cargo container with a satellite location device in it could be made to seemingly disappear, or an airplane could be made to seem to veer off course, according to a briefing by Colby Moore, a security staffer at Synack.To read this article in full or to leave a comment, please click here
Las Vegas -- Security researchers need to fight for the rights to study, modify and reverse engineer Internet hardware and software or the general population risks losing Internet freedom, the Black Hat 2015 conference was told.
Jennifer Granick
“The dream of Internet freedom is dying,” warned Jennifer Granick, the Director of Civil Liberties at the Stanford Center for Internet and Society during the conference keynote. Four things are killing it: centralization, regulation, globalization and loss of “the freedom to tinker,” she says.To read this article in full or to leave a comment, please click here
All ransomware is not created equal and therefore should not be universally feared, a researcher will tell the Black Hat 2015 conference this week.
Engin Kirda
In fact, some ransomware – which locks up infected computers until a demanded sum is paid – makes false claims about the damage it is capable of doing, and some of the data it purports to seize can be recovered, says Engin Kirda, the cofounder and chief architect at Lastline Labs.To read this article in full or to leave a comment, please click here
RSA researchers have discovered a China-based VPN network dubbed Terracotta that is used extensively to launch advanced persistent threat (APT) attacks and that hijacks servers of unsuspecting organizations in order to add new nodes to its network.The Terracotta VPN provides the infrastructure that anchors several anonymizing VPN services that are commercially marketed to the public in China, according to a briefing delivered today at the Black Hat conference.The services are pushed as a means for individuals to hide their Internet activity from prying government eyes, but are used as well by criminals seeking to cloak the origins of their attacks, RSA researchers will tell the conference.To read this article in full or to leave a comment, please click here
Tim Greene