A pair of former defense industry cyber security contractors is launching IDVector, a service that creates encrypted connections through an anonymizing network to shield users’ locations and to protect their machines from internet-borne attacks.IDVector Network passes customer traffic through a multi-node encrypted path before dropping it onto the open internet at locations removed from customers’ actual geographical locations.That tunneling makes it difficult for eavesdroppers to snoop content and identify where customers are located, making it possible for customers to use public Wi-Fi safely, say the company’s founders, CEO Ben Baumgartner and CTO Andrew Boyce.To read this article in full or to leave a comment, please click here
A pair of former defense industry cyber security contractors is launching IDVector, a service that creates encrypted connections through an anonymizing network to shield users’ locations and to protect their machines from internet-borne attacks.IDVector Network passes customer traffic through a multi-node encrypted path before dropping it onto the open internet at locations removed from customers’ actual geographical locations.That tunneling makes it difficult for eavesdroppers to snoop content and identify where customers are located, making it possible for customers to use public Wi-Fi safely, say the company’s founders, CEO Ben Baumgartner and CTO Andrew Boyce.To read this article in full or to leave a comment, please click here
Application layer DDoS attacks are becoming more common, perhaps because they cost less for malicious actors to execute and can more effectively evade defenses than network layer attacks, Imperva says.One such attack generated 8.7Gbps at its peak, “unheard of in relation to application layer assaults,” in an effort to thread its way through the DDoS mitigations that had been set up to defend against such attacks, according to Imperva’s “DDoS Threat Landscape Report 2015-2016” released today.Application layer attacks can be measured in responses per second required from the application targeted, and they generally require less volume than network layer attacks to succeed, the report says. That means they require fewer botnet resources, if botnets are the platform from which the attack is launched.To read this article in full or to leave a comment, please click here
Application layer DDoS attacks are becoming more common, perhaps because they cost less for malicious actors to execute and can more effectively evade defenses than network layer attacks, Imperva says.One such attack generated 8.7Gbps at its peak, “unheard of in relation to application layer assaults,” in an effort to thread its way through the DDoS mitigations that had been set up to defend against such attacks, according to Imperva’s “DDoS Threat Landscape Report 2015-2016” released today.Application layer attacks can be measured in responses per second required from the application targeted, and they generally require less volume than network layer attacks to succeed, the report says. That means they require fewer botnet resources, if botnets are the platform from which the attack is launched.To read this article in full or to leave a comment, please click here
The government has another public balancing act on its hands with the disclosure this week of exploits against commercial security products that were purportedly cooked up by the NSA.These attack tools revealed by a group called Shadow Brokers date from sometime before June 2013 and some of them were still effective this week, which means the NSA never told the vendors about them.That helps flesh out what the Obama administration meant two years ago when it said that under most circumstances the NSA would tell vendors if it exploits vulnerabilities in their security products. The exception: the disclosure policy wouldn’t apply if there were a clear national security or law enforcement need.To read this article in full or to leave a comment, please click here
The government has another public balancing act on its hands with the disclosure this week of exploits against commercial security products that were purportedly cooked up by the NSA.These attack tools revealed by a group called Shadow Brokers date from sometime before June 2013 and some of them were still effective this week, which means the NSA never told the vendors about them.That helps flesh out what the Obama administration meant two years ago when it said that under most circumstances the NSA would tell vendors if it exploits vulnerabilities in their security products. The exception: the disclosure policy wouldn’t apply if there were a clear national security or law enforcement need.To read this article in full or to leave a comment, please click here
Customers of certain Cisco and Fortinet security gear need to patch exploits made public this week after a purported hack of NSA malware.Both companies have issued fixes to address exploits that were posted online and after they found the exploits represent real threats to some of their products, including versions of Cisco’s popular PIX and ASA firewalls and versions of Fortinet’s signature Fortigate firewalls.Other exploits may affect Watchguard and TOPSEC products, but those companies did not immediately respond to inquiries. When they do this story will be updated.To read this article in full or to leave a comment, please click here
Customers of certain Cisco and Fortinet security gear need to patch exploits made public this week after a purported hack of NSA malware.Both companies have issued fixes to address exploits that were posted online and after they found the exploits represent real threats to some of their products, including versions of Cisco’s popular PIX and ASA firewalls and versions of Fortinet’s signature Fortigate firewalls.Other exploits may affect WatchGuard and TOPSEC products, but those companies did not immediately respond to inquiries. When they do this story will be updated.To read this article in full or to leave a comment, please click here
There are plenty of ways to navigate Windows 10, but sometimes using keyboard shortcuts is the most convenient and can save time and effort.You can click on the start button or tap it with your finger on a touchscreen to access the power controls or you can just hit the Windows button on the keyboard without lifting a hand.+More on Network World: 11 hidden tips and tweaks for Windows 10+Once shortcuts make it into your muscle memory they require no thought and can make your time at the computer more efficient. Here’s 10 you’ll want to know.To read this article in full or to leave a comment, please click here
A public auction of stolen NSA malware may be a warning to the U.S. that blaming Russia for the hack of the Democratic National Committee could have dire consequences, says Edward Snowden, who also famously breached NSA security.In a series of tweets, Snowden spelled out his interpretation of what’s behind the auction of hacking tools allegedly stolen from the NSA, and he concludes that Russia is trying to demonstrate it has ammunition to strike back if the U.S. exacts penalties for the DNC breach.To read this article in full or to leave a comment, please click here
A public auction of stolen NSA malware may be a warning to the U.S. that blaming Russia for the hack of the Democratic National Committee could have dire consequences, says Edward Snowden, who also famously breached NSA security.In a series of tweets, Snowden spelled out his interpretation of what’s behind the auction of hacking tools allegedly stolen from the NSA, and he concludes that Russia is trying to demonstrate it has ammunition to strike back if the U.S. exacts penalties for the DNC breach.To read this article in full or to leave a comment, please click here
RiskSense, software-as-a-service that evaluates the security of corporate networks and generates a risk score, has been self-financed since its launch last year, but now has harnessed venture funding to help boost its R&D and hire marketing and sales staff.The $7 million funding round includes Paladin Capital Group, Sun Mountain Capital, EPIC Ventures, and other strategic and private investors. Tim Greene
RiskSense CEO Srinivas MukkamalaTo read this article in full or to leave a comment, please click here
RiskSense, software-as-a-service that evaluates the security of corporate networks and generates a risk score, has been self-financed since its launch last year, but now has harnessed venture funding to help boost its R&D and hire marketing and sales staff.The $7 million funding round includes Paladin Capital Group, Sun Mountain Capital, EPIC Ventures, and other strategic and private investors. Tim Greene
RiskSense CEO Srinivas MukkamalaTo read this article in full or to leave a comment, please click here
In the wake of increased terror incidents Europe is starting to look seriously at ways to read encrypted messages that officials there say are instrumental to carrying out attacks.France and Germany apparently are teaming up to formulate a plan for enabling law enforcement there to read encrypted communications, according to a report in Le Monde. But it’s unclear exactly what the two countries will discuss.France’s interior minister Bernard Cazeneuve says an international effort is needed to deal with the issue and he plans to meet with his German counterpart later this month to discuss it.To read this article in full or to leave a comment, please click here
In the wake of increased terror incidents Europe is starting to look seriously at ways to read encrypted messages that officials there say are instrumental to carrying out attacks.France and Germany apparently are teaming up to formulate a plan for enabling law enforcement there to read encrypted communications, according to a report in Le Monde. But it’s unclear exactly what the two countries will discuss.France’s interior minister Bernard Cazeneuve says an international effort is needed to deal with the issue and he plans to meet with his German counterpart later this month to discuss it.To read this article in full or to leave a comment, please click here
Responding to security incidents that involve deployments within Amazon Web Services is a lot different from responding to incidents that happen on corporate-owned gear, and two researchers have come up with free tools to make that process easier.Obtaining forensic evidence is different, primarily because security pros can’t obtain physical access to the machines on which their AWS instances are running.+More on Network World: Black Hat: 9 free security tools for defense & attacking+To read this article in full or to leave a comment, please click here
Responding to security incidents that involve deployments within Amazon Web Services is a lot different from responding to incidents that happen on corporate-owned gear, and two researchers have come up with free tools to make that process easier.Obtaining forensic evidence is different, primarily because security pros can’t obtain physical access to the machines on which their AWS instances are running.+More on Network World: Black Hat: 9 free security tools for defense & attacking+To read this article in full or to leave a comment, please click here
The Federal Trade Commission made an appeal at DEF CON in Las Vegas this past week in hopes of getting hackers to help them crack down on manufacturers and service providers that leave customers vulnerable.Top of the list: ransomware, malvertising, networked cars and security for the internet of things.Of particular interest in the case of IoT is preventing one device from compromising a consumer’s entire private network, says Lorrie Cranor, the FTC’s chief technologist.To read this article in full or to leave a comment, please click here
The Federal Trade Commission made an appeal at DEF CON in Las Vegas this past week in hopes of getting hackers to help them crack down on manufacturers and service providers that leave customers vulnerable.Top of the list: ransomware, malvertising, networked cars and security for the internet of things.Of particular interest in the case of IoT is preventing one device from compromising a consumer’s entire private network, says Lorrie Cranor, the FTC’s chief technologist.To read this article in full or to leave a comment, please click here
One of the most popular models for analyzing cyberattacks doesn’t focus enough on what to do after adversaries break into networks successfully, which they inevitable will do, Black Hat 2016 attendees were told this week in Las Vegas.“Every attacker will become an insider if they are persistent enough,” says Sean Malone, a security consultant who spoke at the conference. “We need to operate under a presumption of breach.”MORE: 'Mayhem" wins $2M first prize at DARPA Cyber Grand ChallengeTo read this article in full or to leave a comment, please click here