The CIA exploits exposed this week reveal that the agency does hacking just like criminals do, including buying exploits from black-hat researchers who sell their wares on the dark web.It’s also a demonstration of bad security on the part of the CIA, which apparently entrusted the entire portfolio to both agency employees and contractors, one of whom turned out not to be trustworthy and passed them on to Wikileaks.A criminal investigation into who that was is underway so the CIA is rightfully busy with that, but it should try to find time to help out the vendors whose gear was exploited patch the flaws quickly. Before the leak, these attacks were not widely known. But now that they are, they have little value to the CIA anymore, so the CIA should help shore up the vulnerabilities.To read this article in full or to leave a comment, please click here
Blackhawk Network, a $1.9 billion multinational in the prepaid-card industry, was undergoing a consolidation of its security architecture in an effort to give better visibility into threats as they unfolded and that would also adapt to the threat environment as attackers changed their strategies.
That included hiring a new head of cyber defense, Vari Bindra, in December of 2015, who wanted to create a central security operations center and consolidate the company’s varied data centers down to just two.
As he set out on that mission, he came across the Enterprise Immune System made by Darktrace that uses machine learning to detect threats, including those it has never seen before.To read this article in full or to leave a comment, please click here
Blackhawk Network, a $1.9 billion multinational in the prepaid-card industry, was undergoing a consolidation of its security architecture in an effort to give better visibility into threats as they unfolded and that would also adapt to the threat environment as attackers changed their strategies.
That included hiring a new head of cyber defense, Vari Bindra, in December of 2015, who wanted to create a central security operations center and consolidate the company’s varied data centers down to just two.
As he set out on that mission, he came across the Enterprise Immune System made by Darktrace that uses machine learning to detect threats, including those it has never seen before.To read this article in full or to leave a comment, please click here
Corporations concerned about the release of thousands of CIA documents detailing hacks against Apple iOS and Mac OSX, Google’s Android, Microsoft’s Windows, Linux and Solaris need to conduct a fresh round of risk assessment that takes the new revelations into account.While the trove of leaked data – known as Vault 7 – doesn’t include code for actual exploits, it does describe the types of vulnerabilities they take advantage of, which can still be of value to both defenders and potential attackers, says John Pironti, president of IP Architects, a security risk consulting firm.To read this article in full or to leave a comment, please click here
Corporations concerned about the release of thousands of CIA documents detailing hacks against Apple iOS and Mac OSX, Google’s Android, Microsoft’s Windows, Linux and Solaris need to conduct a fresh round of risk assessment that takes the new revelations into account.While the trove of leaked data – known as Vault 7 – doesn’t include code for actual exploits, it does describe the types of vulnerabilities they take advantage of, which can still be of value to both defenders and potential attackers, says John Pironti, president of IP Architects, a security risk consulting firm.To read this article in full or to leave a comment, please click here
Palo Alto Networks has bought LightCyber for its behavioral analytics platform that can speed the time to detect intrusions that have already breached networks and are looking around for ways to carry out exploits.The $105 million cash deal brings LightCyber’s ability to analyze behavior of devices to discover reconnaissance by malware inside networks and lateral movements as it seeks to compromise vulnerable systems.Based on machine learning, LightCyber absorbs the behaviors of individuals and devices, sets a normal level for them and finds anomalies that could indicate attacks underway.To read this article in full or to leave a comment, please click here
Palo Alto Networks has bought LightCyber for its behavioral analytics platform that can speed the time to detect intrusions that have already breached networks and are looking around for ways to carry out exploits.The $105 million cash deal brings LightCyber’s ability to analyze behavior of devices to discover reconnaissance by malware inside networks and lateral movements as it seeks to compromise vulnerable systems.Based on machine learning, LightCyber absorbs the behaviors of individuals and devices, sets a normal level for them and finds anomalies that could indicate attacks underway.To read this article in full or to leave a comment, please click here
The profitability of ransomware made it the top cyber threat last year in two categories: the number of attacks and the amount of money generated for crooks, according to a Trend Micro lookback on data collected from customers.Not only is the ransomware business booming, it’s innovating, with Trend Micro researchers identifying 752 new families last year, up from 29 in 2015.Add to this the rise of ransomware as a service (RaaS) and payments made to anonymous bitcoin accounts, and the result is a booming criminal enterprise worth $1 billion last year, according to TrendLabs 2016 Security Roundup. Neophyte crooks are being drawn in because it’s so easy to set up a ransomware operation, the report says. “Since RaaS is available in the underground, the service provides fledgling cybercriminals the necessary tools to run their own extortion campaigns,” it says.To read this article in full or to leave a comment, please click here
The profitability of ransomware made it the top cyber threat last year in two categories: the number of attacks and the amount of money generated for crooks, according to a Trend Micro lookback on data collected from customers.Not only is the ransomware business booming, it’s innovating, with Trend Micro researchers identifying 752 new families last year, up from 29 in 2015.Add to this the rise of ransomware as a service (RaaS) and payments made to anonymous bitcoin accounts, and the result is a booming criminal enterprise worth $1 billion last year, according to TrendLabs 2016 Security Roundup. Neophyte crooks are being drawn in because it’s so easy to set up a ransomware operation, the report says. “Since RaaS is available in the underground, the service provides fledgling cybercriminals the necessary tools to run their own extortion campaigns,” it says.To read this article in full or to leave a comment, please click here
Now that SHA-1 has been broken it’s time for enterprises that have ignored its potential weakness for years to finally act, and it’s not that hard.
The most common use of the hash function is in securing SSL and TLS connections, and to get rid of SHA-1 in that use is to utilize browsers and servers that don’t support it. Depending on the size of an organization, this isn’t onerous, says Paul Ducklin, a senior security advisor at Sophos. (See his excellent description of the problem with SHA-1 and other hashing algorithms.)To read this article in full or to leave a comment, please click here
Now that SHA-1 has been broken it’s time for enterprises that have ignored its potential weakness for years to finally act, and it’s not that hard.
The most common use of the hash function is in securing SSL and TLS connections, and to get rid of SHA-1 in that use is to utilize browsers and servers that don’t support it. Depending on the size of an organization, this isn’t onerous, says Paul Ducklin, a senior security advisor at Sophos. (See his excellent description of the problem with SHA-1 and other hashing algorithms.)To read this article in full or to leave a comment, please click here
Cisco is coming out with four next-generation firewall boxes aimed at giving smaller organizations protection that is better sized to their needs and engineered to minimize performance hits as additional security services are turned on.The devices make up a family called the Cisco Firepower 2100 series and are built around dual, multi-core processors. That architecture enables custom processing of traffic requiring threat inspection, and also supports tagging traffic that doesn’t need threat inspection so it flows through only the separate network processing unit.These features combine to provide ample processing power for services such as IPS and also lighten the total load on that processor by diverting traffic that doesn’t require those services, Cisco says.To read this article in full or to leave a comment, please click here
Cisco is coming out with four next-generation firewall boxes aimed at giving smaller organizations protection that is better sized to their needs and engineered to minimize performance hits as additional security services are turned on.The devices make up a family called the Cisco Firepower 2100 series and are built around dual, multi-core processors. That architecture enables custom processing of traffic requiring threat inspection, and also supports tagging traffic that doesn’t need threat inspection so it flows through only the separate network processing unit.These features combine to provide ample processing power for services such as IPS and also lighten the total load on that processor by diverting traffic that doesn’t require those services, Cisco says.To read this article in full or to leave a comment, please click here
The internet of things needs to be regulated and soon before it becomes even more of a tool to facilitate cyberattacks, and that means coming up with civic-minded technologists to help formulate government policies, security expert Bruce Schneier told an RSA Conference 2017 audience.+More on Network World: RSA: Watch out for a new weapon - your own data | Hot products at RSA 2017 +The problem is governments lack the technological expertise to understand the mindset of the makers of IoT devices and the markets in which they are sold.To read this article in full or to leave a comment, please click here
The internet of things needs to be regulated and soon before it becomes even more of a tool to facilitate cyberattacks, and that means coming up with civic-minded technologists to help formulate government policies, security expert Bruce Schneier told an RSA Conference 2017 audience.+More on Network World: RSA: Watch out for a new weapon - your own data | Hot products at RSA 2017 +The problem is governments lack the technological expertise to understand the mindset of the makers of IoT devices and the markets in which they are sold.To read this article in full or to leave a comment, please click here
U.S. Attorney General Jeff Sessions’ call for a way to “overcome” cryptography met with scorn from a panel of elite cryptographers speaking at this week’s RSA Conference 2017 in San Francisco.“Any one of my students will be capable of writing good crypto code,” says Adi Shamir, the ‘S’ in RSA and a professor at the Weizmann Institute in Israel.Sessions’ use of the term “overcome” during his confirmation hearings actually means installing backdoors, says Ronald Rivest, the ‘R’ in RSA and a professor at MIT. He cited a joint Congressional study that concluded that weakening encryption works against the national interest, and that encryption is global anyway -- so the U.S. can’t call all the shots.To read this article in full or to leave a comment, please click here
U.S. Attorney General Jeff Sessions’ call for a way to “overcome” cryptography met with scorn from a panel of elite cryptographers speaking at this week’s RSA Conference 2017 in San Francisco.“Any one of my students will be capable of writing good crypto code,” says Adi Shamir, the ‘S’ in RSA and a professor at the Weizmann Institute in Israel.Sessions’ use of the term “overcome” during his confirmation hearings actually means installing backdoors, says Ronald Rivest, the ‘R’ in RSA and a professor at MIT. He cited a joint Congressional study that concluded that weakening encryption works against the national interest, and that encryption is global anyway -- so the U.S. can’t call all the shots.To read this article in full or to leave a comment, please click here
As tens of thousands of the world’s top security pros gather at RSA Conference 2017 they are being called upon to watch out for a new threat: their own data.By corrupting data that is used for making decisions, attackers can cause all kinds of problems, says Chris Young, general manager of Intel Security. “Now data is manipulated and used against us to affect the decisions we make,” he says.He calls this corruption “data landmines,” which when factored into decision making, can result in bad choices, missed opportunities and economic losses.He says stolen and manipulated data combined to disrupt the 2016 presidential election, for example, and the consequences of similar manipulations could be high for businesses whose big-data analysis is undermined by altered small data that makes it up. With inaccurate input to draw on, the outcomes will be faulty, he says.To read this article in full or to leave a comment, please click here
As tens of thousands of the world’s top security pros gather at RSA Conference 2017 they are being called upon to watch out for a new threat: their own data.By corrupting data that is used for making decisions, attackers can cause all kinds of problems, says Chris Young, general manager of Intel Security. “Now data is manipulated and used against us to affect the decisions we make,” he says.He calls this corruption “data landmines,” which when factored into decision making, can result in bad choices, missed opportunities and economic losses.He says stolen and manipulated data combined to disrupt the 2016 presidential election, for example, and the consequences of similar manipulations could be high for businesses whose big-data analysis is undermined by altered small data that makes it up. With inaccurate input to draw on, the outcomes will be faulty, he says.To read this article in full or to leave a comment, please click here
San Francisco -- IBM’s Watson supercomputer can now consult with the company’s security information and event management (SIEM) platform to deliver well researched responses to security events and do so much faster than a person.Called IBM Q Radar with Watson, the new offering is the introduction of IBM’s push for a cognitive security operations center (SOC) that will be built around Watson contributing to decisions made in tandem with other security products from the vendor. IBM announced the service at the RSA Conference 2017.In the case of Q Radar, when the SIEM catches a security event, human security analysts can choose to enlist Watson’s help analyzing the event to determine whether it fits into a known pattern of threat and put it a broader context, IBM says.To read this article in full or to leave a comment, please click here
Tim Greene