It took less than a week for criminals to drain virtually all publicly exposed MongoDB servers of their data, and now a second tier of opportunistic thieves is trying to walk off with the ransom.When attackers initially deleted the data, sometimes terabytes at a time, they left ransom notes demanding payments in bitcoin.+ ALSO ON NETWORK WORLD Be careful not to fall for these ransomware situations +To read this article in full or to leave a comment, please click here
It took less than a week for criminals to drain virtually all publicly exposed MongoDB servers of their data, and now a second tier of opportunistic thieves is trying to walk off with the ransom.When attackers initially deleted the data, sometimes terabytes at a time, they left ransom notes demanding payments in bitcoin.+ ALSO ON NETWORK WORLD Be careful not to fall for these ransomware situations +To read this article in full or to leave a comment, please click here
Fortinet is adding Cisco, HPE and Nokia to its stable of partners whose security gear can share information with Fortinet products to improve overall security.The company is announcing at its Accelerate 2017 customer conference this week that equipment made by these new partners will integrate into the Fortinet Security Fabric via an API to tighten security in core networks, remote devices and the cloud.The amount of sharing that goes on depends on the individual third-parties’ APIs.Fortigate Security Fabric is woven from Fortinet products that can communicate among each other to find and analyze threats and let admins see their input in a single window. That’s an upgrade from the initial fabric in which IT teams had to switch among the dashboards for the Fortinet products involved.To read this article in full or to leave a comment, please click here
Fortinet is adding Cisco, HPE and Nokia to its stable of partners whose security gear can share information with Fortinet products to improve overall security.The company is announcing at its Accelerate 2017 customer conference this week that equipment made by these new partners will integrate into the Fortinet Security Fabric via an API to tighten security in core networks, remote devices and the cloud.The amount of sharing that goes on depends on the individual third-parties’ APIs.Fortigate Security Fabric is woven from Fortinet products that can communicate among each other to find and analyze threats and let admins see their input in a single window. That’s an upgrade from the initial fabric in which IT teams had to switch among the dashboards for the Fortinet products involved.To read this article in full or to leave a comment, please click here
Figuring out who’s behind cyberattacks is always difficult, and responsible security analysts are reluctant to point fingers without a smoking gun, which seems to be the case with recent disruptions of the power system in Turkey.News sources here and here say the Turkish Energy Ministry blames storms and sabotage of underground power lines for outages around the country. It also says coordinated cyberattacks originating in the United States have been thwarted but also been keeping security teams busy. It doesn’t like the outages directly to the cyberattacks, the sources say.To read this article in full or to leave a comment, please click here
Figuring out who’s behind cyberattacks is always difficult, and responsible security analysts are reluctant to point fingers without a smoking gun, which seems to be the case with recent disruptions of the power system in Turkey.News sources here and here say the Turkish Energy Ministry blames storms and sabotage of underground power lines for outages around the country. It also says coordinated cyberattacks originating in the United States have been thwarted but also been keeping security teams busy. It doesn’t like the outages directly to the cyberattacks, the sources say.To read this article in full or to leave a comment, please click here
A $1 billion Russia-based criminal gang has been bilking online advertisers by impersonating high-profile Web sites like ESPN, Vogue, CBS Sports, Fox News and the Huffington Post and selling phony ad slots, but that’s about to end.Online fraud-prevention firm White Ops is releasing data today that will enable online advertisers and ad marketplaces to block the efforts of the group, which is cashing in on its intimate knowledge of the automated infrastructure that controls the buying and selling of video ads.The group has been ramping up its activities since October so that it now reaps roughly $3 million to $5 million per day from unsuspecting advertisers and gives them nothing in return, says White Ops, which discovered the first hints of the scam in September.To read this article in full or to leave a comment, please click here
Security pros need to pay attention to malicious activities that don’t rely on actual malware to succeed, according to a study by Carbon Black.Attacks that exploited applications and processes legitimately running on systems – non-malware incidents – have risen from representing about 3% of all attacks in January to about 13% in November, the company’s “Non-malware attacks and ransomware take center stage in 2016” report says.“Non-malware attacks are at the highest levels we have seen and should be a major focus for security defenders during the coming year,” it says.The research included data from more than 1,000 Carbon Black customers that represent 2.5 million-plus endpoints. For measuring the non-malware attacks, the authors considered the malicious use of PowerShell and Windows Management Instrumentation were considered.To read this article in full or to leave a comment, please click here
Security pros need to pay attention to malicious activities that don’t rely on actual malware to succeed, according to a study by Carbon Black.Attacks that exploited applications and processes legitimately running on systems – non-malware incidents – have risen from representing about 3% of all attacks in January to about 13% in November, the company’s “Non-malware attacks and ransomware take center stage in 2016” report says.“Non-malware attacks are at the highest levels we have seen and should be a major focus for security defenders during the coming year,” it says.The research included data from more than 1,000 Carbon Black customers that represent 2.5 million-plus endpoints. For measuring the non-malware attacks, the authors considered the malicious use of PowerShell and Windows Management Instrumentation were considered.To read this article in full or to leave a comment, please click here
A hefty judgement against Ashley Madison, the dating site for adulterers, is just the tip of the iceberg when it comes to penalties the company must pay as a result of the theft and public posting of its customers' data when the company was hacked last year.Ruby Corp., the parent company of Ashley Madison agreed to pay $8.75 million fine to the Federal Trade Commission and another $8.75 million to 13 states that also filed complaints. It will wind up paying just $1.6 million because it is strapped for assets.To read this article in full or to leave a comment, please click here
A hefty judgement against Ashley Madison, the dating site for adulterers, is just the tip of the iceberg when it comes to penalties the company must pay as a result of the theft and public posting of its customers' data when the company was hacked last year.Ruby Corp., the parent company of Ashley Madison agreed to pay $8.75 million fine to the Federal Trade Commission and another $8.75 million to 13 states that also filed complaints. It will wind up paying just $1.6 million because it is strapped for assets.To read this article in full or to leave a comment, please click here
Cyber incidents dominated headlines this year, from Russia’s hacking of Democrat emails to internet cameras and DVRs launching DDoS attacks, leaving the impression among many that nothing should be entrusted to the internet.
These incidents reveal technical flaws that can be addressed and failure to employ best practices that might have prevented some of them from happening.
+More on Network World: Gartner Top 10 technology trends you should know for 2017+To read this article in full or to leave a comment, please click here
Cyber incidents dominated headlines this year, from Russia’s hacking of Democrat emails to internet cameras and DVRs launching DDoS attacks, leaving the impression among many that nothing should be entrusted to the internet.
These incidents reveal technical flaws that can be addressed and failure to employ best practices that might have prevented some of them from happening.
+More on Network World: Gartner Top 10 technology trends you should know for 2017+To read this article in full or to leave a comment, please click here
As some of the tech sector’s heaviest hitters prep for a meeting this week with president-elect Donald Trump, they need to make sure they get answers to critical questions about issues that could affect not only their businesses but the U.S. economy in general.While the meeting has been called by Trump, the Silicon Valley executives should be prepared to set some of it themselves so they aren’t blindsided by policy shifts that can affect their success. Items of interest range from encryption to China policy.Here are some of the issues important to Trump and that are important to the interests of technology vendors and service providers.Where does Trump stand on encryption?To read this article in full or to leave a comment, please click here
As some of the tech sector’s heaviest hitters prep for a meeting this week with president-elect Donald Trump, they need to make sure they get answers to critical questions about issues that could affect not only their businesses but the U.S. economy in general.While the meeting has been called by Trump, the Silicon Valley executives should be prepared to set some of it themselves so they aren’t blindsided by policy shifts that can affect their success. Items of interest range from encryption to China policy.Here are some of the issues important to Trump and that are important to the interests of technology vendors and service providers.Where does Trump stand on encryption?To read this article in full or to leave a comment, please click here
Donald Trump’s effect on cybersecurity after he’s sworn in as president next month will likely be toward military uses of cyber weapons and stronger tools for law enforcement to crack encryption, but the impact is hard to predict due to the vagueness of his proposals so far.The most detailed Trump cyber plan is just 175 words long and includes some initiatives that sound like what’s already in place.On the campaign trail and during debates he occasionally hit the topic, but again with little detail and perhaps little understanding of how the internet works. For example, he called for Microsoft founder Bill Gates to find a way to shut off parts of the internet to ISIS as a way to halt its recruitment efforts.To read this article in full or to leave a comment, please click here
Donald Trump’s effect on cybersecurity after he’s sworn in as president next month will likely be toward military uses of cyber weapons and stronger tools for law enforcement to crack encryption, but the impact is hard to predict due to the vagueness of his proposals so far.The most detailed Trump cyber plan is just 175 words long and includes some initiatives that sound like what’s already in place.On the campaign trail and during debates he occasionally hit the topic, but again with little detail and perhaps little understanding of how the internet works. For example, he called for Microsoft founder Bill Gates to find a way to shut off parts of the internet to ISIS as a way to halt its recruitment efforts.To read this article in full or to leave a comment, please click here
During Black Friday and Cyber Monday 2016, consumers should watch out for scams that come through spam, insecure public networks and apps that might seem legitimate but could be taking over your phones and computers, experts say.+ RELATED: How to dodge Black Friday schemes +Here are a dozen steps you can take to avoid becoming a victim.
Only download or buy apps from legitimate app stores.
Suspect apps that ask for too many permissions.
Check out the reputation of apps and particularly the app publisher.
Only enter credit card info on secure shopping portals.
Avoid using simple passwords, and use two-factor authentication if you can.
Be alert for poisoned search results when using search engines to find products.
Don’t install software that sites require before you can shop.
Don’t use free pubic Wi-Fi to make purchases.
Be suspicious of great deals you learn about via social media or emails and don’t click the links.
Turn off location services while shopping to minimize the potential personal data that could be compromised.
Make sure the connection to e-commerce sites is secured (HTTPS).
Double check the validity of the SSL certificate for the site.
To read this article in full or Continue reading
During Black Friday and Cyber Monday 2016, consumers should watch out for scams that come through spam, insecure public networks and apps that might seem legitimate but could be taking over your phones and computers, experts say.+ RELATED: How to dodge Black Friday schemes +Here are a dozen steps you can take to avoid becoming a victim.
Only download or buy apps from legitimate app stores.
Suspect apps that ask for too many permissions.
Check out the reputation of apps and particularly the app publisher.
Only enter credit card info on secure shopping portals.
Avoid using simple passwords, and use two-factor authentication if you can.
Be alert for poisoned search results when using search engines to find products.
Don’t install software that sites require before you can shop.
Don’t use free pubic Wi-Fi to make purchases.
Be suspicious of great deals you learn about via social media or emails and don’t click the links.
Turn off location services while shopping to minimize the potential personal data that could be compromised.
Make sure the connection to e-commerce sites is secured (HTTPS).
Double check the validity of the SSL certificate for the site.
To read this article in full or Continue reading
Hackers are writing apps, setting up phony Wi-Fi networks and unleashing malware in attempts to turn legitimate Black Friday 2016 and Cyber Monday retailing into profits for themselves, according to security experts.Bad actors are stealing personal information like passwords and credit card numbers, compromising computers and phones, and blackmailing retailers with hopes of lining their pockets, researchers say.For example, researchers at RiskIQ found frequent cases of criminals linking the names of legitimate brands to sketchy applications and Web sites in order to lure unsuspecting shoppers.They looked at five popular e-commerce brands to see how often their names appeared along with the term Black Friday in the titles or descriptions of black-listed applications. The research didn’t reveal the names of the retailers, but found that they lined up with bogus apps from 8.4% to 16% of the time.To read this article in full or to leave a comment, please click here
Tim Greene