Archive

Category Archives for "Network World Security"

41% off Netgear Arlo Security System Wireless HD Camera, Indoor/Outdoor, Night Vision – Deal Alert

The Arlo camera is a 100 Percent Wire-Free, completely wireless, HD smart home security camera – so you can get exactly the shot you need – inside or out. The Arlo camera is weatherproof and includes motion detection, night vision, and apps. It can capture clips and send you alerts whether you’re at home or away for round-the-clock peace of mind.  These motion activated cameras initiate automatic recording and alert you via email or app notifications. Free apps enable remote monitoring from anywhere and with the built-in night vision you’ll even see in dark.  This security camera currently averages 4 out of 5 stars on Amazon from almost 10,000 customers (read reviews) and its list price of $219.99 is currently discounted 41% to $129.99.To read this article in full or to leave a comment, please click here

Kaspersky Lab employee reportedly arrested in Russia on treason charges

One of the leading cybercrime investigators at antivirus vendor Kaspersky Lab was reportedly arrested in Russia as part of a probe into activities that could represent high treason. According to Russian newspaper Kommersant, Ruslan Stoyanov, the head of the computer incidents investigation team at Kaspersky, was arrested in December as part of an investigation that also targeted Sergei Mikhailov, the deputy head of the Information Security Center at the FSB, Russia's internal security service. Russian authorities are investigating Mikhailov in connection to the receipt of money from a foreign organization, an unnamed source close to the FSB reportedly told the newspaper.To read this article in full or to leave a comment, please click here

Russia’s FSB arrests Kaspersky’s top cybercrime investigator for treason

A top-notch cybercrime investigator, who heads up the Kaspersky Lab team that investigates hacks, has been arrested by Russian law enforcement for possible treason.An unnamed source close to Russia’s Federal Security Service (FSB) told the newspaper Kommersant that Ruslan Stoyanov may be linked to an investigation into Sergei Mikhailov, a deputy chief of the FSB’s Center for Information Security. Both men were arrested in December.Kaspersky Lab confirmed the report of Stoyanov’s arrest in Kommersant, then tweeted the following statement: “The case against this employee does not involve Kaspersky Lab. The employee, who is Head of the Computer Incidents Teams, is under investigation for a period predating his employment at Kaspersky Lab. We do not possess details of the investigation.”To read this article in full or to leave a comment, please click here

Four lesser-known Wi-Fi security threats and how to defend against them

It’s common knowledge that the best way to protect your home Wi-Fi network is by using a strong password. This will keep uninvited guests away and protect your network so eavesdroppers can’t intercept your communications. And we’ve known for more than a decade now that the old Wired Equivalent Privacy (WEP) is so insecure that cracking it is practically child’s play.ALSO ON NETWORK WORLD: 9 tips for speeding up your business Wi-Fi Once you’ve protected your network with Wi-Fi Protected Access 2 (WPA2), here are four other vulnerability scenarios you should guard against.To read this article in full or to leave a comment, please click here

That online job candidate may be carrying a virus

January is the month when employees are most likely to think about changing jobs, according to a survey by Glassdoor. Almost one in five jobseekers cited January as the most popular month to make a move, which means that resumes, cover letters and reference contacts are eagerly shared through social media, email and company websites.Cyber thieves are eager to take advantage of the busy hiring season, too, and they’ve come up with several ways to infiltrate corporate systems. Security pros offer their tips on what to watch out for, and how to stop them.Cyber criminals use LinkedIn and other social media sites to bypass company defenses LinkedIn and other social networks are becoming targets for threat actors since they know it's a great way to bypass company's defenses, according to cybersecurity firm Cylance. LinkedIn is typically a site that is not blocked by network filters to allow HR departments the freedom to communicate with prospective job candidates.To read this article in full or to leave a comment, please click here

Cisco scrambling to fix a remote-code-execution problem in WebEx

Cisco’s Webex Browser Extension contain a critical bug that can open up customers’ entire computers to remote code execution attacks if the browsers visit websites containing specially crafted malicious code.The company says it is in the process of correcting the problem, and has apparently made a few initial steps toward a permanent fix. It says there is no workaround available.+More on Network World: 10 of the latest craziest and scariest things the TSA found on your fellow travelers+To read this article in full or to leave a comment, please click here

Cyber criminals avoid fraud within their own ranks with new site

Sometimes it's not easy being a cyber criminal. In addition to law enforcement and private security companies, cyber thieves have to battle fraudsters out to beat them at their own game, but a web site offers to help.Ripper.cc has been maintaining a database of known “rippers” or scammers since June last year and security firm Digital Shadows, which has been investigating it, says it may help online black markets flourish.Fraud is a nagging problem in the cyber criminal world, according to Digital Shadows. Although some hackers believe in honor amongst thieves, others are peddling bogus goods, such as stolen credit card numbers or user credentials that turn out to be fake.To read this article in full or to leave a comment, please click here

GPG Suite updated for secure email on OSX Sierra

GPG Suite, an application that brings encrypted email to Mac OS, is now available in public beta for Sierra.The software package had been compatible up to El Capitan but wasn't working with Sierra, which was released by Apple in September. The new software can now be downloaded from the GPG Tools website.It adds support for the OpenPGP encryption standard, which is an open-source version of the PGP encryption package first developed in 1991.Four software apps are contained in the package:-- GPG Mail is a plugin for Apple Mail that allows users to encrypt, decrypt, sign, and verify mails sent using OpenPGP.To read this article in full or to leave a comment, please click here

Severe vulnerability in Cisco’s WebEx extension for Chrome leaves PCs open to easy attack

Anyone who uses the popular Cisco WebEx extension for Chrome should update to the latest version pronto. Google security researcher Tavis Ormandy recently discovered a serious vulnerability in the Chrome extension that leaves PCs wide open to attack.In older versions of the extension (before version 1.0.3) malicious actors could add a “magic string” to a web address or file hosted on a website. The magic string was designed to remotely activate the WebEx browser extension. Once the extension was activated the bad guys could execute malicious code on the target machine. To read this article in full or to leave a comment, please click here

Saudi Arabia again hit with disk-wiping malware Shamoon 2

The disk-wiping Shamoon malware, which was used in attacks that destroyed data on 35,000 computers at Saudi Aramco in 2012, is back; the Shamoon variant prompted Saudi Arabia to issue a warning on Monday.An alert from the telecoms authority, seen by Reuters, warned all organizations to be on the lookout for the variant Shamoon 2. CrowdStrike VP Adam Meyers told Reuters, “The Shamoon hackers were likely working on behalf of the Iranian government in the 2012 campaign and the more-recent attacks. It's likely they will continue.”To read this article in full or to leave a comment, please click here

Court denies US government appeal in Microsoft overseas email case

A U.S. appeals court will not reconsider its groundbreaking decision denying Department of Justice efforts to force Microsoft to turn over customer emails stored outside the country.The U.S. Court of Appeals for the Second Circuit, in a 4-4 decision Tuesday, declined to rehear its July decision that denied the DOJ access to the email of a drug trafficking suspect stored on a Microsoft server in Ireland. Microsoft has been fighting DOJ requests for the email since 2013.To read this article in full or to leave a comment, please click here

6 tips to protect your home network

Best practicesImage by ThinkstockThe rise of malware targeting unsecured IoT endpoints, like the Mirai strain used as part of October’s DDoS attack on Dyn, mean it’s more important than ever to make security a priority. Remote workers who use their home office as their primary office are arguably at even more of a risk since they may be exposing corporate assets as well as personal assets. Untangle recommends the following best practices to secure your home network.To read this article in full or to leave a comment, please click here

Why you need a data protection officer

With enforcement of the European Union's General Data Protection Regulation (GDPR) set to begin on May 25, 2018, organizations that handle any personal data relating to EU residents must begin preparing now, if they haven't already.Most organizations will need to designate a data protection officer (DPO), says Steve Durbin, managing director of the Information Security Forum (ISF), a global, independent information security body that focuses on cyber security and information risk management."The GDPR is putting data protection practices at the forefront of business agendas worldwide," Durbin said in a statement earlier this month. "Its scope is unmatched by any other international law, and we estimate that more than 98 percent of ISF members will be affected by its requirements because they process the personal data of EU residents, or are based in the EU. For most organizations, the next 18 months will be a critical time for their data protection regimes as they determine the applicability of the GDPR and the controls and capabilities they will need to manage their compliance and risk obligations."To read this article in full or to leave a comment, please click here

Study: 62% of security pros don’t know where their sensitive data is

Ask organizations today about the value of data and you’re likely to hear it measured in terms of competitive advantage, customer experience and revenue generation. As Dante Disparte and Daniel Wagner put it in a December 2016 HBR article, data is “becoming a centerpiece of corporate value creation.”“Today most organizations are data-driven to one degree or another. Data contributes not only to brand equity, but to what constitutes product and service delivery in globally connected and hyper-competitive markets,” the pair wrote.But the value of data security is still largely defined “in terms of risk, cost, and regulatory compliance,” notes Forrester Research in the executive summary of a new report commissioned by data protection software provider Varonis Systems.To read this article in full or to leave a comment, please click here(Insider Story)

Pompeo sworn in as CIA chief amid opposition from surveillance critics

Mike Pompeo was sworn in late Monday by U.S. Vice President Michael Pence as the new director of the Central Intelligence Agency, amid protests from surveillance critics who worry about his conflicting views on a number of key issues.The oath of office was administered to him after the Senate voted in favor of his confirmation in a 66-32 vote.Critics of Pompeo, a Republican representative from Kansas, are concerned that he may weigh in with the government on a rollback of many privacy reforms, including restrictions on the collection of bulk telephone metadata from Americans by the National Security Agency under the USA Freedom Act. There are also concerns that the new director may try to introduce curbs on the use of encryption and bring in measures to monitor the social media accounts of people.To read this article in full or to leave a comment, please click here

Yahoo pushes back timing of Verizon deal after breaches

Verizon’s planned acquisition of Yahoo will take longer than expected and won’t close until this year’s second quarter, the internet company said on Monday.The $4.8 billion deal was originally slated to close in the first quarter, but that was before Yahoo reported two massive data breaches that analysts say may scrap the entire deal.Although Yahoo continues to work to close the acquisition, there’s still work required to meet closing the deal's closing conditions, the company said in an earnings statement, without elaborating.Verizon has suggested that the data breaches, and the resulting blow to Yahoo’s reputation, might cause it to halt or renegotiate the deal.To read this article in full or to leave a comment, please click here

Open-source oriented RISELab emerges at UC Berkeley to make apps smarter & more secure

UC Berkeley on Monday launched a five-year research collaborative dubbed RISELab that will focus on enabling apps and machines that can interact with the environment around them securely and in real-time.The RISELab (Real-time Intelligence with Secure Execution) is backed by a slew of big name tech and financial firms: Amazon Web Services, Ant Financial, Capital One, Ericsson, GE Digital, Google, Huawei, Intel, IBM, Microsoft and VMWare. MORE: 7 really cool networking & IT research projectsTo read this article in full or to leave a comment, please click here

10 of the latest craziest and scariest things the TSA found on your fellow travelers

When it comes to our annual look at what wacky things the TSA pulls out of travelers’ carryon luggage, every year the crazy seems to get a little crazier and the scary, well you know where we are going with this. Interestingly the TSA finds some amusement or amazement in these finding as it now posts its own Top 10 Most Unusual Finds which outlines the most “dangerous and often times wacky items” it has kept off commercial airliners. To start, we need to look at guns. The number of guns that traverse or try to traverse the skies in the United States continues to grow at an astounding rate. There was a 28% increase in firearm discoveries from 2015’s total of 2,653. The TSA says that in 2016, 3,391 firearms were discovered in carry-ons --averaging more than nine firearms per day.To read this article in full or to leave a comment, please click here

China goes after unauthorized VPN access from local ISPs

China is going after unauthorized internet connections, including tools known as VPNs (virtual private networks) that can bypass China’s efforts to control the web.The crackdown is part of 14-month campaign from China’s Ministry of Industry and Information Technology that's meant to clean up the country’s internet service provider marketUnless authorized, internet service providers are forbidden from operating any “cross-border” channel business, including VPNs, the ministry said in a Sunday notice.  The announcement is a bit of rarity. The country has usually withheld from openly campaigning against VPN use, even as government censors have intermittently tried to squelch access to them in the past.  To read this article in full or to leave a comment, please click here

The latest database attacks: Tips of the icebergs

MongoDB wasn’t the first database hit by ransomware, just a rich target for attacks. Now, ElasticSearch and Hadoop have become ransomware targets. They won’t be the last. Were these three database products insanely simple to secure? Yes. Were they secured by their installers? Statistics and BitCoin sales would indicate otherwise. And no, they won’t be the last. Every hour of every day, websites get pounded with probes. A few are for actual research. When the probe is a fake logon, like the dozens of hourly WordPress admin fails I get on my various websites, you have some idea that the sender isn’t friendly.To read this article in full or to leave a comment, please click here