Archive

Category Archives for "Network World Security"

How fortified is your SAP against security breaches?

FortifiedImage by CrisCan you even tell if a breach has occurred? Have you inventoried its vulnerabilities - and taken steps to prevent, for example, a $22 million per minute loss due to a SAP breach as experienced by one Fortune 100 company? Or have you concluded that the scale of SAP ERP implementations makes it just too big to manage? Ask yourself these 10 questions - compiled by David Binny, vice president of product management at Panaya, and gleaned from its analysis of thousands of SAP landscapes - to find out if your SAP is safe.To read this article in full or to leave a comment, please click here

Microsoft’s standing to sue over secret US data requests in question

Microsoft’s lawsuit objecting to the indiscriminate use by U.S. law enforcement of orders that demand user data without the opportunity to inform the customer may run into questions about the software giant's standing to raise the issue on behalf of its customers.A government motion to dismiss Microsoft’s complaint comes up for oral arguments Monday and significantly the judge said on Thursday that the issue of whether Fourth Amendment rights are personal or can be “vicariously” asserted by third-parties on behalf of their customers would have to be addressed by both sides. The Fourth Amendment to the U.S. Constitution prohibits unreasonable searches and seizure of property.To read this article in full or to leave a comment, please click here

Assange seeks to discuss his US extradition with the feds

WikiLeaks founder Julian Assange said he stands by an earlier pledge to face trial in the U.S., but he is first urging federal investigators to name the exact charges against him."I stand by what I said," Assange stated during a webcast on Thursday. "We look forward to having a conversation with the DOJ (U.S. Department of Justice) about what the correct way forward is."Assange previously made his pledge on the condition that President Barack Obama grant clemency to Chelsea Manning, a former U.S. soldier who was jailed for disclosing sensitive documents to WikiLeaks back in 2010.To read this article in full or to leave a comment, please click here

Air Force goes after cyber deception technology

A little cyber-trickery is a good thing when it comes to battling network adversaries.The Air Force Research Lab (AFRL) tapped into that notion today as it awarded a $750,000 grant to security systems developer Galios to develop a cyber deception system that will “dramatically reduce the capabilities of an attacker that has gained a foothold on a network.”Specifically, Galios will develop its Prattle system for the Air Force. Galios describes Prattle as a system that generates traffic that misleads an attacker that has penetrated a network: making them doubt what they have learned, or to cause them to make mistakes that increase their likelihood of being detected sooner.To read this article in full or to leave a comment, please click here

Encrypted email service ProtonMail is now accessible over Tor

The creators of encrypted email service ProtonMail have set up a server that's only accessible over the Tor anonymity network as a way to fight possible censorship attempts in some countries.ProtonMail was created by computer engineers who met while working at the European Organization for Nuclear Research (CERN). The service provides end-to-end encrypted email through a web-based interface and mobile apps, but the encryption is performed on the client side, and the ProtonMail servers never have access to plaintext messages or encryption keys.On Thursday, Proton Technologies, the Geneva-based company that runs ProtonMail, announced that it has set up a Tor hidden service, or onion site, to allow users to access the service directly inside the Tor anonymity network.To read this article in full or to leave a comment, please click here

Secdo automates alert investigation with preemptive incident response  

This column is available in a weekly newsletter called IT Best Practices.  Click here to subscribe.   “We don’t receive enough alerts in our security operations center,” said no security analyst ever. The fact is, most SOC teams are overwhelmed with security alerts and they must prioritize which ones to investigate. Many alerts are simply ignored for lack of resources, yet quite often after a data breach it turns out there was an alert pointing at the breach early on. In the case of one prominent breach at a major retailer a few years ago, many sources report that a FireEye tool generated an alert confirming that malicious software showed up on a company system. Because so many of those particular alerts were false positives, it was ignored, which subsequently led to one of the largest and most costly retail data breaches in history.To read this article in full or to leave a comment, please click here

IDG Contributor Network: Data protection and security: What’s in store for 2017?

Every second, new updates occur in the world of technology. Information is easier to access, online searches load faster, and mobile and web payments are now simplified and common. Consumers and companies want the ability to do everything online—store documents, make payments, brainstorm ideas for expansion and growth—using remote servers and cloud-storing software.On the flip side, this demand for instant access and connectivity means ample opportunities for hackers to score. In response, technology developers are working at record speeds to keep data secure.+ Also on Network World: 2017 breach predictions: The big one is inevitable + But it isn’t an easy task. Consumers want the feeling of added security, but they don't want to deal with extra steps to protect themselves. Case in point, you have passwords for apps and logins to bank accounts, credit cards, Starbucks, and more on your phone. Now, with Apple's Touch ID, you can set up access with a single login method—your fingerprint. Is that more or less secure? Or is it simply preferred because of its ease of use? All a hacker needs to do is replicate your fingerprint and they have instant access.To read this article in full or to Continue reading

Attackers start wiping data from CouchDB and Hadoop databases

It was only a matter of time until ransomware groups that wiped data from thousands of MongoDB databases and Elasticsearch clusters started targeting other data storage technologies. Researchers are now observing similar destructive attacks hitting openly accessible Hadoop and CouchDB deployments.Security researchers Victor Gevers and Niall Merrigan, who monitored the MongoDB and Elasticsearch attacks so far, have also started keeping track of the new Hadoop and CouchDB victims. The two have put together spreadsheets on Google Docs where they document the different attack signatures and messages left behind after data gets wiped from databases.To read this article in full or to leave a comment, please click here

Is antivirus getting worse?

Is anti-virus software getting worse at detecting both known and new threats?Earlier this week, Stu Sjouwerman, CEO of security awareness training company KnowBe4, looked at the data published by the Virus Bulletin, a site that tracks anti-virus detection rates. And the numbers didn't look good.Average detection rates for known malware went down a couple of percentage points slightly from 2015 to 2016, he said, while detection rates for zero-days dropped in a big way - from an average of 80 percent down to 70 percent or lower.To read this article in full or to leave a comment, please click here

7 (more) security TED Talks you can’t miss

Second editionImage by Thomas XuThe first list 10 security Ted Talks you can’t miss was so popular we decided to serve another. So here is another batch of must see security and privacy videos. In this selection you’ll find speakers taking on some of the most pressing, and persistent, security and privacy challenges of our time, from how society can fight the war on terror while maintaining the social values we cherish to Bruce Schneier’s talk on how challenging it is for us to evaluate and understand risk. It’s a must-see talk. Well, we think they all are, so enjoy.To read this article in full or to leave a comment, please click here(Insider Story)

CIA updates rules for collecting and retaining info on US people

The U.S. Central Intelligence Agency on Wednesday updated rules relating to the collection, retention and dissemination of information of U.S. persons, including putting a limit of five years on holding certain sensitive data and introducing restrictions for querying the data.The announcement by the spy agency comes a couple of days before a new administration under President-elect Donald Trump takes charge, and could address to an extent concerns expressed by civil rights groups about the collection and handling of information of U.S. persons in the course of overseas surveillance. Such information is collected by the CIA under Executive Order 12333.To read this article in full or to leave a comment, please click here

Mac malware is found targeting biomedical research

A Mac malware that’s been spying on biomedical research centers may have been circulating undetected for years, according to new research.Antivirus vendor Malwarebytes uncovered the malicious code, after an IT administrator spotted unusual network traffic coming from an infected Mac.The malware, which Apple calls Fruitfly, is designed to take screen captures, access the Mac’s webcam, and simulate mouse clicks and key presses, allowing for remote control by a hacker,  Malwarebytes said in a blog post on Wednesday.The security firm said that neither it nor Apple have identified how the malware has been spreading. But whoever designed it relied on “ancient” coding functions, dating back before the Mac OS X operating system launch in 2001, said Malwarebytes researcher Thomas Reed in the blog post.To read this article in full or to leave a comment, please click here

10 Cool Security Startups Vying for Glory at RSA Conference

Hot topics at this year's RSA Conference in February will include cloud security, Internet of Things security and encryption -- and all of those issues unsurprisingly are represented among the 10 finalists announced for the event's annual Innovation Sandbox Contest for startups.I ran the company descriptions provided in the RSA Conference press release about the contest through a Wordcloud generator and produced the spectacular graphic above that put "data" protection at the heart of what these newcomers are addressing. The biggest shock for me was that machine learning didn't get mentioned in each description...but it did make the cut in three of the 10.To read this article in full or to leave a comment, please click here

Fraud for online holiday sales spikes by 31%

Fraud attempts on digital retail sales jumped 31% from Thanksgiving to Dec. 31 over the previous year, according to a survey of purchasing data from ACI Worldwide.The fraud increase was based on hundreds of millions of online transactions with major merchants globally. Also, the number of e-commerce transactions grew by 16% for the same period, ACI said.Some of the fraud attempts came from the use of credit card numbers purchased in underground chat channels, ACI said.“Given the consistent and alarming uptick in fraudulent activity on key dates, merchants must be proactive in their efforts to identify weak spots and define short and long-term strategies for improved security and enhanced customer experience,” said Markus Rinderer, senior vice president of platform solutions at ACI.To read this article in full or to leave a comment, please click here

Failure to patch known ImageMagick flaw for months costs Facebook $40k

It's not common for a security-conscious internet company to leave a well-known vulnerability unpatched for months, but it happens. Facebook paid a US$40,000 reward to a researcher after he warned the company that its servers were vulnerable to an exploit called ImageTragick.ImageTragick is the name given by the security community to a critical vulnerability that was found in the ImageMagick image processing tool back in May.ImageMagick is a command-line tool that can resize, convert and optimize images in many formats. Web server libraries like PHP’s imagick, Ruby’s rmagick and paperclip, and Node.js’s imagemagick, used by millions of websites, are based on it.To read this article in full or to leave a comment, please click here

Modern warfare: Death-dealing drones and … illegal parking?

A cloud of 3D-printed drones big enough to bring down the latest U.S. stealth fighter, the F35, was just one of the combat scenarios evoked in a discussion of the future of warfare at the World Economic Forum in Davos on Wednesday.Much of the discussion focused on the changes computers are bringing to the battlefield, including artificial intelligence and autonomous systems -- but also the way the battlefield is coming to computing, with cyberwar, and social media psyops an ever more real prospect.Former U.S. Navy fighter pilot Mary Cummings, now director of the Humans and Autonomy Lab at Duke University, delivered the first strike."The barrier to entry to drone technology is so low that everyone can have one, and if the Chinese go out and print a million copies of a drone, a very small drone, and put those up against an F35 and they go into the engine, you basically obviate what is a very expensive platform," she said.To read this article in full or to leave a comment, please click here

IDG Contributor Network: 3 tips to improve threat detection and incident response

No matter the height or thickness of any wall you might try to build, the unfortunate reality is someone will most likely be able to breach it. It’s really just a matter of when and how.Just as you close your doors and windows when you leave the house, you need  preventative security measures in place to protect your systems. However, these measures themselves are not enough. If you assume the bad guys will find a way to breach your protective walls, it makes more sense to focus on threat detection and incident response as ways to mitigate damage when the inevitable breach occurs.3 security controls to improve threat detection The following three security controls are surefire ways to strengthen the detective capabilities of your system.To read this article in full or to leave a comment, please click here

How to get fired in 2017: Have a security breach

There are many reasons why IT professionals can be fired, but six out of the top nine are related to security, said a survey released this morning.For example, having a tech investment that leads to a security breach was considered a fireable offense by 39 percent of organizations, according to Osterman Research, which conducted the survey.A data breach that becomes public was a fireable offense for 38 percent of companies.Other fireable offenses included failing to modernize a security program, data breaches with unknown causes, data breaches that do not become public, and the failure of a security product or program investment.To read this article in full or to leave a comment, please click here

Snowden allowed to stay in Russia longer

U.S. National Security Agency leaker Edward Snowden will be allowed to stay in Russia for "another couple of years," according to a spokeswoman for the government there. The Russian government has extended the residence permit for Snowden, the former NSA contractor charged with espionage for leaking details of U.S. surveillance operations, said Maria Zakharova, a spokeswoman for Russia's Foreign Ministry. Zakharova announced the extension on her Facebook page late Tuesday. Zakharova's post came in response to a column by Michael Morell, the former deputy director of the U.S. CIA, who said Russia can return Snowden to the U.S. as a "perfect inauguration gift" to President-elect Donald Trump.To read this article in full or to leave a comment, please click here

Cyber scum suckers hit cancer agency with ransomware, threaten to contact families

Some cyber scum suckers sunk to an all-time low, hitting an Indiana Cancer Services agency with ransomware before threatening “to contact family members of living and deceased cancer clients, donors and community partners” if the $43,000 ransom was not paid.Cancer Services of East Central Indiana-Little Red Door, an independent, non-profit agency based in Muncie, Indiana, became a victim of a ransomware attack a week ago. This is an organization whose goals include helping to “reduce the financial and emotional burdens of those dealing with a cancer diagnosis.”The attackers did not leave the traditional ransom demand note, oh no, but chose to personally reach out to the agency’s executive director, president and vice president to make the extortion demands clear. This makes it seem more like a targeted attack and less of one that was a result of opportunity. It is also at least the second time that week that attackers attempted to ransom sensitive patient information.To read this article in full or to leave a comment, please click here