During my conversations with security executives, a topic that consistently comes up is what, exactly, constitutes a modern hacking operation. Security professionals understand they’re no longer facing script kiddies who lack a comprehensive plan. However, they’re also not fully aware of how detail-oriented adversaries are when developing an attack campaign.Today’s hacking operations are well-organized and developed by well-funded teams of highly trained adversaries who have diverse experiences and backgrounds. In fact, attack planning is handled like a business operation and includes hiring plans, budgets and timelines.To help security professionals better understand the attacks they’re facing, I thought I’d share some of my observations on the work that goes into planning a hack.To read this article in full or to leave a comment, please click here
From niche router vendor to all things networkingCisco’s new campaign “There’s Never Been A Better Time” urges everyone to consider how the network can solve the world’s biggest problems. The company is on a mission to change the world, but it didn’t start out that way. As Cisco evolved from a niche router vendor to the de facto standard for all things networking, so too has its message to the world. To read this article in full or to leave a comment, please click here
Intel's new 10-core Broadwell-E gaming chip is only a few hours old, but already overclockers have pushed a 3GHz version of the chip to 5.7GHz and they say they're only just getting started.Overclocking is the process by which software commands and extreme cooling are used to push processors to run faster than they are typically designed to run -- the chip equivalent of putting your foot on the gas and flooring it while keeping your car under control.At an overclocking event at the Computex trade show in Taipei on Tuesday, large tanks of liquid nitrogen stood on the ready to help overclockers keep the processors cool.To read this article in full or to leave a comment, please click here
In the 1979 film When a Stranger Calls, the horror is provided when police tell a young babysitter that the harassing phone calls she has been receiving are coming from inside the house. It was terrifying for viewers because the intruder had already gotten inside, and was presumably free to wreak whatever havoc he wanted, unimpeded by locked doors or other perimeter defenses. In 2016, that same level of fear is being rightfully felt towards a similar danger in cybersecurity: the insider threat.To read this article in full or to leave a comment, please click here(Insider Story)
Lurking insideImage by Flickr/Dennis SkleyWe tested three products, each concentrating on a different aspect of the insider threat problem. Fortscale did an amazing job protecting a traditional network. Its machine learning capabilities and concentration on access and authentication logs gives it an extremely high accuracy rate. Cloud-based insider threats can be even harder to detect, yet Avanan uniquely protects against threats related to trusted insiders within the cloud. PFU Systems applies insider threat security to mobile devices with their iNetSec system. (Read the full review.) Here are the individual reviews:To read this article in full or to leave a comment, please click here
Intel considers virtual reality a key growth vector as it reshapes to survive in a post-PC world, and new Core i7 Extreme Edition chips will play a big role in that transition.The new chips, code-named Broadwell-E, are speed demons with up to 10 cores, a new high for Intel PC chips. Primarily for gaming PCs, the new chips will also go in desktops certified to work with headsets like Oculus Rift and HTC Vive.The Core i7-6900 series and 6800 series chips are targeted at enthusiasts looking for the latest and greatest technologies in PCs. These chips can be overclocked and unlocked, which could instantly upgrade PC performance by cranking up CPU frequency.To read this article in full or to leave a comment, please click here
Meet Stealth Falcon, a sophisticated and likely state-sponsored cyberespionage group, which is hell bent on conducting targeted spyware attacks “against Emriati journalists, activists and dissidents.” The digital attacks started in 2012 and are still being carried out against United Arab Emirates (UAE) dissidents. It’s not “just” spying with custom spyware that leads to dissidents being “arbitrarily detained;” once identified as criticizing the authorities, UAE dissidents can be forcibly disappeared.“The UAE has gotten much more sophisticated since we first caught them using Hacking Team software in 2012,” Bill Marczak, a senior researcher at Citizen Lab told the New York Times. “They've clearly upped their game. They're not on the level of the United States or the Russians, but they're clearly moving up the chain.”To read this article in full or to leave a comment, please click here
New products of the weekOur roundup of intriguing new products. Read how to submit an entry to Network World's products of the week slideshow.Actiance Platform for the healthcare and pharmaceutical industriesKey features: The Actiance Platform addresses communications challenges for healthcare and pharmaceutical organizations in the midst of changing regulations by ensuring companies meet industry-specific data retention and security requirements. With the Actiance Platform for the healthcare and pharmaceutical industries, organizations can embrace new communications channels while protecting data and ensuring compliance. More info.To read this article in full or to leave a comment, please click here
Iran has ordered foreign messaging apps to transfer data and activity records of Iranian users to local servers within a year, a move that will give the country a greater ability to monitor and censor the online activity of its people.The country’s Supreme Council of Cyberspace has issued instructions to foreign messaging companies active in the country, requiring them “to transfer all data and activity linked to Iranian citizens into the country in order to ensure their continued activity," news reports said quoting state-run media.Social media platforms such as Twitter and Facebook are already blocked in the country whose government holds a tight control over Internet access by its people.To read this article in full or to leave a comment, please click here
Microsoft’s CEO Satya Nadella is visiting India, reflecting the growing importance of the country as a market for multinational technology companies.
Nadella’s visit follows the first trip to India by Apple CEO Tim Cook, who visited the country this month to drum up support for the company’s plans to offer refurbished iPhones in the price-sensitive market as well as to get permission to set up its wholly-owned stores in the country. Both deals appear to have been blocked by regulators, according to reports.
While Apple was largely seen as lacking focus on India until recently, when its China revenue fell 11 percent, while iPhone sales in India grew 56 percent year-on-year in the last quarter, Microsoft has been a long-time player in the Indian market.To read this article in full or to leave a comment, please click here
What does a security researcher get for responsibly disclosing a dental database vulnerability exposing the sensitive information of tens of thousands of patients? Not a bug bounty monetary reward. Not even a “thank you” from the company. He gets raided by a least a dozen armed FBI agents and may be charged under CFAA (Computer Fraud and Abuse Act).Justin Shafer, who is described as a 36-year-old security researcher and dental computer technician, reported a vulnerability in Eaglesoft practice management software to the manufacturer Patterson Dental back in February.To read this article in full or to leave a comment, please click here
What does a security researcher get for responsibly disclosing a dental database vulnerability that is exposing the sensitive information of tens of thousands of patients? Not a bug bounty monetary reward. Not even a “thank you” from the company. He gets raided by a least a dozen armed FBI agents and may be charged under Computer Fraud and Abuse Act (CFAA).Justin Shafer, who is described as a 36-year-old security researcher and dental computer technician, reported a vulnerability in Eaglesoft practice management software to the manufacturer Patterson Dental back in February.To read this article in full or to leave a comment, please click here
One of the many things that Raspberry Pi-based systems are excellent for is for building Internet of Things platforms. The price is right ($35), the performance is great for the price, the input/output options are great, there’s an enormous ecosystem of add-on and compatible sensors and other hardware, and an equally enormous supporting community. As a result of this vibrant market, a slew of operating system choices for the Raspberry Pi have appeared (see my Ultimate Guide to Raspberry Pi Operating Systems parts 1, 2, and 3) along with some really creative software development tools such as Node-RED, a free, open source, visual wiring tool built by IBM Emerging Technologies. To read this article in full or to leave a comment, please click here
Some 40,000 striking Verizon workers are poised to resume their regular job duties next week after their unions and the company reached a tentative contract agreement today.The strike has caused widespread service and installation delays, concerns among corporate customers that their needs would be neglected, as well as violent confrontations and allegations of vandalism and sabotage.Though the details of the pact have yet to be made public, it reportedly will run for four years and for the first time cover Verizon Wireless workers.To read this article in full or to leave a comment, please click here
According to ESG research, 75% of organizations are currently using a public cloud service while another 19% have plans or interest in doing so (note: I am an ESG employee). Furthermore, 56% of all public cloud-based workloads are considered IT production workloads while the remaining 44% are classified as non-production workloads (i.e. test, development, staging, etc.).This trend has lots of traditional IT vendors somewhat worried, as well they should be. Nevertheless, some IT veterans believe that there are limitations to this movement. Yes, pedestrian workloads may move to the public cloud over the next few years but business-critical applications, key network-based business processes, and sensitive data should (and will) remain firmly planted in enterprise data centers now and forever.To read this article in full or to leave a comment, please click here
Microsoft issued a number of driver updates for both the Surface Pro 4 and Surface Book that ought to make owners very happy because they should improve performance of the two devices.The updates are all centered around driver support to improve stability and usability, along with improved battery support. So, these are all features that Surface users will definitely want. It's interesting to note that the Surface Pro 4 updates were not back ported to the Surface Pro 3.+ Also on Network World: Surface Book vs. Surface Pro 4: Picking the best came down to just one thing + To read this article in full or to leave a comment, please click here
Microsoft stepped on the gas in its quest to drive Windows 7 and 8 users to Windows 10 over the past couple of weeks, rolling the upgrade out as a Recommended update. Watch out! The only behavior that could deny the Windows 10 upgrade before—closing the pop-up by pressing the X in the upper-right corner—now counts as consent for the upgrade, and worse, the upgrade installation can automatically begin even if you take no action whatsoever.It’s nasty business, and it’s tricking legions of happy Windows 7 and 8 users into Windows 10. Over the past week, I’ve received more contact from readers about this issue than I have about everything else I’ve written over the rest of my career combined. But beyond merely burning bridges with consumers, these forced, non-consensual upgrades could have more insidious consequences.To read this article in full or to leave a comment, please click here
“We were an organization of ‘no’ and we had to transform to an organization of ‘how,’” said Robert Fecteau, CIO of government contractor SAIC, describing his effort to turn the IT department into a partner trusted by other parts of the business.To read this article in full or to leave a comment, please click here(Insider Story)
Malware links suggest that North Korean hackers might be behind recent attacks against several Asian banks, including the theft of US$81 million from the Bangladesh central bank earlier this year.Security researchers from Symantec have found evidence that the malware used in the Bangladesh Bank cyberheist was used in targeted attacks against an unnamed bank in the Philippines. The same malware was also previously linked to an attempted theft of $1 million from Tien Phong Bank in Vietnam.Symantec confirmed the earlier findings of researchers from BAE Systems who found code similarities between the Bangladesh Bank malware, which was used to modify SWIFT transfers, and the malicious program used in attacks against Sony Pictures Entertainment in December 2014.To read this article in full or to leave a comment, please click here
Windows 10 PC prices have been slowly creeping up, but some new back-to-school Switch tablet/laptop hybrid devices from Acer may be attractive to those on a shoestring budget.
The US$199 Switch One 10 is one of a few touchscreen hybrids priced under $200. Acer also announced the Switch V 10, which starts at $249 with additional features including a USB-Type C port, a fingerprint reader, 802.11ac Wi-Fi and a Gorilla Glass screen.
The hybrids, also known as 2-in-1 devices, are 10-inch tablets that can be latched on to a keyboard dock to become a laptop.
The new Switch devices are inexpensive Windows alternatives to Chromebooks, which are laptops with Google's Chrome OS. Acer sells Chromebooks starting at $179.99.To read this article in full or to leave a comment, please click here