If you’re wondering whether your network is vulnerable or not, you haven’t been paying attention – everybody’s is. This free online course shows what it takes to effectively conduct network vulnerability assessments and analysis that will help you keep the hackers at bay.To read this article in full or to leave a comment, please click here(Insider Story)
If you’re wondering whether your network is vulnerable or not, you haven’t been paying attention – everybody’s is. This free online course shows what it takes to effectively conduct network vulnerability assessments and analysis that will help you keep the hackers at bay.To read this article in full or to leave a comment, please click here(Insider Story)
Today is likely to be painful for many organizations all over the world that took the weekend off and are returning to the work-week to find hundreds or thousands of computers on their networks encrypted by WannaCry ransomware, which surfaced Friday and has been propagating ever since.Estimates by law enforcement agency Europol estimated yesterday that more than 200,000 computers in 150 countries were infected, but with the worm continuing to spread to vulnerable Windows machines, that number will surely rise.For those whose machines have not been infected, here’s what you need to do right away:
Apply the Microsoft patch that will thwart the attack. It’s available here.
If you can’t do that because you haven’t tested whether the patch will affect your software build, disable Server Message Block 1 (SMB1) network file sharing. That’s where the flaw is that it attacks.
Consider closing firewall port 139, 445 or both because these are the ports SMB uses.
Longer term, to guard against similar future attacks you should:To read this article in full or to leave a comment, please click here
Today is likely to be painful for many organizations all over the world that took the weekend off and are returning to the work-week to find hundreds or thousands of computers on their networks encrypted by WannaCry ransomware, which surfaced Friday and has been propagating ever since.Estimates by law enforcement agency Europol estimated yesterday that more than 200,000 computers in 150 countries were infected, but with the worm continuing to spread to vulnerable Windows machines, that number will surely rise.For those whose machines have not been infected, here’s what you need to do right away:
Apply the Microsoft patch that will thwart the attack. It’s available here.
If you can’t do that because you haven’t tested whether the patch will affect your software build, disable Server Message Block 1 (SMB1) network file sharing. That’s where the flaw is that it attacks.
Consider closing firewall port 139, 445 or both because these are the ports SMB uses.
Longer term, to guard against similar future attacks you should:To read this article in full or to leave a comment, please click here
Hospitals across England have fallen victim to what appears to be a coordinated ransomware attack that has affected facilities diverting patients to hospitals not hit by the malware.The attackers are asking for $300 in Bitcoin to decrypt affected machines, payable within 24 hours or the ransom doubles. If the victims don’t pay within seven days, they lose the option to have the files decrypted, according to U.K. press reports.While multiple healthcare facilities have been hit, the country’s health service says other types of groups have also fallen victim.According to The Register, a spokesperson for the country’s National Health Service’s digital division said: "The investigation is at an early stage but we believe the malware variant is Wanna Decryptor.” The spokesperson said the attack was not specifically targeted at the NHS, but affects organizations across a range of sectors, but didn’t specify which.To read this article in full or to leave a comment, please click here
Hospitals across England have fallen victim to what appears to be a coordinated ransomware attack that has affected facilities diverting patients to hospitals not hit by the malware.The attackers are asking for $300 in Bitcoin to decrypt affected machines, payable within 24 hours or the ransom doubles. If the victims don’t pay within seven days, they lose the option to have the files decrypted, according to U.K. press reports.While multiple healthcare facilities have been hit, the country’s health service says other types of groups have also fallen victim.According to The Register, a spokesperson for the country’s National Health Service’s digital division said: "The investigation is at an early stage but we believe the malware variant is Wanna Decryptor.” The spokesperson said the attack was not specifically targeted at the NHS, but affects organizations across a range of sectors, but didn’t specify which.To read this article in full or to leave a comment, please click here
Bot-herding software called Persirai, which incorporates pieces of the Mirai botnet code, can commandeer significant chunks of a known 150,000 IP cameras that are vulnerable to Mirai and use them to fire off distributed denial-of-service attacks.The Persirai botnet has attacked at least four targets, starting in a predictable pattern, according to researchers at Trend Micro.Persirai takes advantage of a known vulnerability in the cameras to infect them, has them download malware from a command and control server, and then puts them to work either infecting other vulnerable cameras or launching DDoS attacks. “Based on the researchers’ observation, once the victim’s IP Camera received C&C commands, which occurs every 24 hours at 12:00 p.m. UTC, the DDoS attacks start,” the researchers say.To read this article in full or to leave a comment, please click here
Bot-herding software called Persirai, which incorporates pieces of the Mirai botnet code, can commandeer significant chunks of a known 150,000 IP cameras that are vulnerable to Mirai and use them to fire off distributed denial-of-service attacks.The Persirai botnet has attacked at least four targets, starting in a predictable pattern, according to researchers at Trend Micro.Persirai takes advantage of a known vulnerability in the cameras to infect them, has them download malware from a command and control server, and then puts them to work either infecting other vulnerable cameras or launching DDoS attacks. “Based on the researchers’ observation, once the victim’s IP Camera received C&C commands, which occurs every 24 hours at 12:00 p.m. UTC, the DDoS attacks start,” the researchers say.To read this article in full or to leave a comment, please click here
Check Point is investing heavily in educating IT pros about the cloud, not only to promote their own cloud security products but to give potential customers the skills they’ll need to keep their jobs as their employers move more and more resources to public cloud providers. Check Point
“We try to explain how to be relevant in the cloud,” says Itai Greenberg, head of cloud security for Check Point.A lot of old-school IT security workers need to learn about how cloud infrastructure works, the terminology used, the interconnections between cloud and corporate owned networks and the ins and outs of APIs, among other skills.To read this article in full or to leave a comment, please click here
Check Point is investing heavily in educating IT pros about the cloud, not only to promote their own cloud security products but to give potential customers the skills they’ll need to keep their jobs as their employers move more and more resources to public cloud providers. Check Point
“We try to explain how to be relevant in the cloud,” says Itai Greenberg, head of cloud security for Check Point.A lot of old-school IT security workers need to learn about how cloud infrastructure works, the terminology used, the interconnections between cloud and corporate owned networks and the ins and outs of APIs, among other skills.To read this article in full or to leave a comment, please click here
Cloud security startup RedLock comes out of stealth mode today with a service that helps defend business resources that reside in pubic clouds, gives customers visibility into how these resources are being used and stores records of that activity for auditing and forensics.+More on Network World: FBI/IC3: Vile $5B business e-mail scam continues to breed+ RedLock
Because virtual machines, application instances and workloads change rapidly it’s hard to get a good picture of what’s going on within cloud services such as Amazon Web Services and Microsoft Azure, says RedLock’s CEO Varun Badwhar. “It’s hard to manually monitor and control,” he says.To read this article in full or to leave a comment, please click here
Cloud security startup RedLock comes out of stealth mode today with a service that helps defend business resources that reside in pubic clouds, gives customers visibility into how these resources are being used and stores records of that activity for auditing and forensics.+More on Network World: FBI/IC3: Vile $5B business e-mail scam continues to breed+ RedLock
Because virtual machines, application instances and workloads change rapidly it’s hard to get a good picture of what’s going on within cloud services such as Amazon Web Services and Microsoft Azure, says RedLock’s CEO Varun Badwhar. “It’s hard to manually monitor and control,” he says.To read this article in full or to leave a comment, please click here
A new ransomware-for-hire scheme called Fatboy adjusts the ransom it charges based on international exchange rates so it’s more likely the victims get hit for the largest amount they can reasonably pay.Posted on Exploit, a Russian-language online forum, Fatboy automatically adjusts ransom demands according to where the victim is located, according to the Recorded Future blog.That adjustment is based on the Big Mac Index, which was created by The Economist as a way to show whether official international monetary exchange rates line up with the price charged for a certain product – the Big Mac burger sold by McDonald’s – from country to country. The index tells whether currencies are overvalued or undervalued based on what McDonald’s charges in each country.To read this article in full or to leave a comment, please click here
A new ransomware-for-hire scheme called Fatboy adjusts the ransom it charges based on international exchange rates so it’s more likely the victims get hit for the largest amount they can reasonably pay.Posted on Exploit, a Russian-language online forum, Fatboy automatically adjusts ransom demands according to where the victim is located, according to the Recorded Future blog.That adjustment is based on the Big Mac Index, which was created by The Economist as a way to show whether official international monetary exchange rates line up with the price charged for a certain product – the Big Mac burger sold by McDonald’s – from country to country. The index tells whether currencies are overvalued or undervalued based on what McDonald’s charges in each country.To read this article in full or to leave a comment, please click here
Today is World Password Day but a range of alternative authentication methods is challenging passwords so that within the foreseeable future the day of awareness could become obsolete.Biometrics and cell phones are important to this replacement, with ongoing trials of how effective they might be. There is a flurry of activity in these areas to do away with passwords:
The Samsung Galaxy S8 phone has an upgraded retinal scanner that can be used to unlock the phone, but that could be used as a second factor in authenticating to any number of online services. The phones also feature the more common fingerprint scanner.
Rumors have LG adding facial recognition software to their LG G6 phones that could be used in a similar manner.
Also, Alabama’s revenue department is trialing a face-recognition app from MorphoTrust that uses iPhones to scan taxpayers’ drivers licenses and to scan their face. The backend verifies the identity of the taxpayer by comparing the license image and uses that to authenticate the person filing an electronic return.
Phones are also used to receive texts of one-time passwords, which does involve a password, but not one the user generates or changes at some point or has Continue reading
Today is World Password Day but a range of alternative authentication methods is challenging passwords so that within the foreseeable future the day of awareness could become obsolete.Biometrics and cell phones are important to this replacement, with ongoing trials of how effective they might be. There is a flurry of activity in these areas to do away with passwords:
The Samsung Galaxy S8 phone has an upgraded retinal scanner that can be used to unlock the phone, but that could be used as a second factor in authenticating to any number of online services. The phones also feature the more common fingerprint scanner.
Rumors have LG adding facial recognition software to their LG G6 phones that could be used in a similar manner.
Also, Alabama’s revenue department is trialing a face-recognition app from MorphoTrust that uses iPhones to scan taxpayers’ drivers licenses and to scan their face. The backend verifies the identity of the taxpayer by comparing the license image and uses that to authenticate the person filing an electronic return.
Phones are also used to receive texts of one-time passwords, which does involve a password, but not one the user generates or changes at some point or has Continue reading
The U.S. military, which continues its interest in bug bounty programs as a way to improve cybersecurity, is launching a new contest next month.Called “Hack the Air Force,” the new program will put certain of the branch’s Web sites up as targets for a set of international hackers who have been vetted by HackerOne, which is running the program.+More on Network World: IBM: Financial services industry bombarded by malware, security threats+To read this article in full or to leave a comment, please click here
The U.S. military, which continues its interest in bug bounty programs as a way to improve cybersecurity, is launching a new contest next month.Called “Hack the Air Force,” the new program will put certain of the branch’s Web sites up as targets for a set of international hackers who have been vetted by HackerOne, which is running the program.+More on Network World: IBM: Financial services industry bombarded by malware, security threats+To read this article in full or to leave a comment, please click here
The Hajime botnet is nearly 300,000 strong, making it a latent threat nearly as powerful as the notorious Mirai botnet that devastated high-profile websites last fall, leading some to think the internet had been broken.Researchers at Kaspersky Lab lured devices infected with the Hajime worm to announce themselves to a Kaspersky honeypot, checked out whether they were actually infected and added them up. They came up with the number 297,499, says Igor Soumenkov, principal researcher at Kaspersky Lab.An earlier estimate by Symantec put the size at tens of thousands. Estimates of the number of infected devices in Mirai botnets have put it about 400,000, but the number of devices that might be infected with the Hajime worm is 1.5 million, says Dale Drew, the CSO of Level 3, which has been building a profile of behavioral classifiers to identify it so it can be blocked.To read this article in full or to leave a comment, please click here
The Hajime botnet is nearly 300,000 strong, making it a latent threat nearly as powerful as the notorious Mirai botnet that devastated high-profile websites last fall, leading some to think the internet had been broken.Researchers at Kaspersky Lab lured devices infected with the Hajime worm to announce themselves to a Kaspersky honeypot, checked out whether they were actually infected and added them up. They came up with the number 297,499, says Igor Soumenkov, principal researcher at Kaspersky Lab.An earlier estimate by Symantec put the size at tens of thousands. Estimates of the number of infected devices in Mirai botnets have put it about 400,000, but the number of devices that might be infected with the Hajime worm is 1.5 million, says Dale Drew, the CSO of Level 3, which has been building a profile of behavioral classifiers to identify it so it can be blocked.To read this article in full or to leave a comment, please click here