Archive

Category Archives for "Network World Security"

Endpoint security in 2017

Just a few years ago, there were about 6 to 10 well regarded AV vendors that dominated the market. Fast forward to 2017, and my colleague Doug Cahill and I are currently tracking around 50 endpoint security vendors. Why has this market changed so much in such a short timeframe? New types of targeted threats regularly circumvented signature-based AV software over the past few years. This weakness led to system compromises, data breaches and panicky CISOs in search of AV alternatives. This in turn persuaded the fat cats on Sand Hill Road to throw VC dollars at anything that hinted at endpoint security innovation.OK, I get the need for more than signature-based AV, but there simply isn’t room in the market for 50 endpoint security vendors. Thus, it’s safe to assume we'll see a lot of M&A activity and outright business failures this year. To read this article in full or to leave a comment, please click here

IDG Contributor Network: Dome9 offers multi-cloud security, adds native support for Azure

Dome9 Security, a cloud infrastructure security and compliance vendor, announced today that it is offering native support for the Microsoft Azure cloud platform.This is interesting because until now, Dome9 had strongly pushed an Amazon Web Services (AWS) story. The reasons for that are clear: AWS is the 1,000-pound elephant when it comes to cloud infrastructure, greatly eclipsing all other vendors in terms of market share. But reliance on a single vendor is risky, and the number of third-party vendors at AWS’ recent re:Invent conference that looked uncomfortable at AWS announcements shows the folly of being completely tied to one platform.To read this article in full or to leave a comment, please click here

IDG Contributor Network: Fighting cybercrime using IoT and AI-based automation

Last November, detectives investigating a murder case in Bentonville, Arkansas, accessed utility data from a smart meter to determine that 140 gallons of water had been used at the victim’s home between 1 a.m. and 3 a.m. It was more water than had been used at the home before, and it was used at a suspicious time—evidence that the patio area had been sprayed down to conceal the murder scene.As technology advances, we have more detailed data and analytics at our fingertips than ever before. It can potentially offer new insights for crime investigators.One area crying out for more insight is cybersecurity.By 2020, 60 percent of digital businesses will suffer a major service failure due to the inability of IT security teams to manage digital risk, according to Gartner. If we pair all this new Internet of Things (IoT) data with artificial intelligence (AI) and machine learning, there’s scope to turn the tide in the fight against cybercriminals.To read this article in full or to leave a comment, please click here

Indian privacy case against WhatsApp gains momentum

A privacy lawsuit against WhatsApp in India over its new data sharing policy has got momentum with the country’s top court seeking responses from Facebook, WhatsApp and the federal government.The privacy policy of WhatsApp at launch in 2010 did not allow sharing of user data with any other party, and after Facebook announced its acquisition of the messaging app in 2014, it was “publicly announced and acknowledged” by WhatsApp that the privacy policy would not change, according to the petition filed by Indian users of WhatsApp.WhatsApp sparked off a furore last year when it said it would be sharing some account information of users with Facebook and its companies, including the mobile phone numbers they verified when they registered with WhatsApp. The sharing of information will enable users to see better friend suggestions and more relevant ads on Facebook, it added.To read this article in full or to leave a comment, please click here

China tightens control over app stores

China is requiring that all app stores operating in the country register with its Cyberspace Administration in an effort to battle malware but also to tighten control over uncensored content.The rules took effect Monday, in a country where domestic third-party app stores -- not from Apple or Google -- are serving billions of downloads to Android smartphones. Chinese internet companies such as Baidu, Tencent and a host of smaller, shadier local app stores have been feeding the demand, at a time when Google has largely pulled out of the market.To read this article in full or to leave a comment, please click here

Critical flaw lets hackers take control of Samsung SmartCam cameras

The popular Samsung SmartCam security cameras contain a critical remote code execution vulnerability that could allow hackers to gain root access and take full control of them. The vulnerability was discovered by researchers from the hacking collective the Exploiteers (formerly GTVHacker), who have found vulnerabilities in the Samsung SmartCam devices in the past. The flaw allows for command injection through a web script, even though the vendor has disabled the local web-based management interface in these devices. The Samsung SmartCam is a series of cloud-enabled network security cameras that were originally developed by Samsung Techwin. Samsung sold this division to South Korean business conglomerate Hanwha Group in 2015 and the company was renamed Hanwha Techwin.To read this article in full or to leave a comment, please click here

Cisco calls on Arista to stop selling products in US after agency reverses patent finding

The U.S. Customs and Border Protection (CBP) agency has revoked its November 2016 finding that Arista’s redesigned products don’t infringe a key Cisco patent -- as a result Cisco called on Arista to stop importing those products and recall others sold with redesigned software.The finding is the latest round in a high-stakes battle between Cisco and Arista over patents and copyrights that has been going on since 2014. In the summer of 2016 the US Trade Representative began an import ban as well as a cease and desist order covering Arista products imposed by the International Trade Commission in June where it ruled that Arista had infringed on a number of Cisco’s technology patents.To read this article in full or to leave a comment, please click here

Pot dispensary IT director asks for help after tracking system software was hacked

Of course, in the digital world, anyone can claim to be anyone. Yet a person claiming to be the IT director of a medical marijuana dispensary took to Slashdot in hopes of receiving legal advice after the point of sale system the MMJ used was hacked.Denver-based MJ Freeway, a medical marijuana “seed-to-sale” tracking software company experienced a “service interruption” – that turned out to be a hack – a week ago on January 8. The hack of the point-of-sale system left more than 1,000 retail cannabis clients in 23 states unable to track sales and inventories. Without a way to keep records in order to comply with state regulations, some dispensaries shut down, while others reverted to tracking sales via pen and paper.To read this article in full or to leave a comment, please click here

Google Cloud Key Management Service could help more enterprises encrypt data

Attackers are increasingly able to penetrate perimeter defenses, compromise accounts and mine data without targets even being aware of the attack, as the Democratic National Committee breach proved. Encrypting data is the best defense.Strong encryption of complex data structures requires a Key Management System (KMS). But implementing a KMS can be challenging, especially for enterprises below the security poverty line that don’t have the budget to hire a multidisciplinary security team. Google may have a solution with its Cloud Key Management Service (CKMS) now in beta in select countries.  To read this article in full or to leave a comment, please click here

IDG Contributor Network: 3 security analytics approaches that don’t work (but could) — Part 1

Digital technologies have changed the face of business and government, and they will continue to do so at an even faster pace. They drive innovation, boost productivity, improve communications and generate competitive advantage, among other benefits.The dark side of this digital revolution has now come clearly into focus as well: McKinsey estimates that cyber attacks will cost the global economy $3 trillion in lost productivity and growth by 2020, while theft, sabotage and other damage inflicted by trusted insider personnel continue to cost organizations in lost revenues, revealed secrets and damaged reputations.To read this article in full or to leave a comment, please click here

WhatsApp vulnerability could expose messages to prying eyes, report claims

When Facebook’s WhatsApp turned on end-end-end encryption in its messaging service last year, it was a big deal. As all eyes were glued on Apple’s fight with the FBI over unlocking the San Bernardino shooter’s iPhone, WhatsApp took a huge step toward protecting its users’ privacy by moving to encrypt all messages and calls being sent between its apps.But a new report suggests it might not be as secure as users think. According to The Guardian, a serious vulnerability in WhatApp’s encryption could allow Facebook to intercept and read messages unbeknownst to the recipient, and only aware of by the sender if they have previously opted in to receive encryption warnings. The security flaw, which was discovered by Tobias Boelter, a cryptography and security researcher at the University of California, Berkeley, can “effectively grant access (to users’ messages)” by changing the security keys and resending messages.To read this article in full or to leave a comment, please click here

Small businesses are prime targets for cyber attacks: SIEM-as-a-service can help

This column is available in a weekly newsletter called IT Best Practices.  Click here to subscribe.  In February 2016, quick service restaurant The Wendy’s Company reported unusual payment card activity affecting some of its franchise restaurants. The breach was confirmed in May when the company revealed it had found evidence of malware on the affected stores’ point-of-sale systems. Additional malicious activity was later reported in June.In a statement from the CEO, the company says it believes the cyberattacks resulted from service providers’ remote access credentials being compromised, allowing access – and the ability to deploy malware – to some franchisees’ point-of-sale systems.To read this article in full or to leave a comment, please click here

After MongoDB, ransomware groups hit exposed Elasticsearch clusters

After deleting data from thousands of publicly accessible MongoDB databases, ransomware groups have started doing the same with Elasticsearch clusters that are accessible from the internet and are not properly secured.Elasticsearch is a Java-based search engine that's popular in enterprise environments. It's typically used in conjunction with log collection and data analytics and visualization platforms.The first report of an Elasticsearch cluster being hit by ransomware appeared on the official support forums on Thursday from a user who was running a test deployment accessible from the internet.To read this article in full or to leave a comment, please click here

Suspected NSA tool hackers dump more cyberweapons in farewell

The hacking group that stole cyberweapons suspected to be from the U.S. National Security Agency is signing off -- but not before releasing another arsenal of tools that appear designed to spy on Windows systems.On Thursday, the Shadow Brokers dumped them online after an attempt to sell these and other supposedly Windows and Unix hacking tools for bitcoin.The Shadow Brokers made news back in August when they dumped hacking tools for routers and firewall products that they claimed came from the Equation Group, a top cyberespionage team that some suspect works for the NSA.To read this article in full or to leave a comment, please click here

Guccifer 2.0, alleged Russian cyberspy, returns to deride US

As if the whodunnit into the hacking of the Democratic National Committee wasn't already confusing and murky enough, the supposed Romanian hacker who first released the emails resurfaced on Thursday to say everyone has it wrong.“I’d like to make it clear enough that these accusations are unfounded,” Guccifer 2.0 said in Thursday blog post. “I have totally no relation to the Russian government.”Make of that what you will.According to U.S. intelligence agencies, Guccifer 2.0 is actually a front for Kremlin-backed cyberspies.“It’s obvious that the intelligence agencies are deliberately falsifying evidence,” said a message on the Guccifer 2.0 blog.To read this article in full or to leave a comment, please click here

Siblings arrested in Italy’s worst cyberespionage operation ever

The Tuesday arrest of Giulio Occhionero and his sister, Francesca Maria, has brought to light what appears to be the biggest, and highest-profile, hacking of institutional and corporate accounts ever reported in Italy.The siblings have been planting the Pyramid Eye remote access Trojan on computers using a spear-phishing technique over the course of years, according to the arrest order.They attacked no fewer than 18,000 high-profile targets including former Prime Ministers Matteo Renzi and Mario Monti, President of European Central Bank Mario Draghi, as well as employees and heads of various ministries including Internal Affairs, Treasury, Finance, and Education.To read this article in full or to leave a comment, please click here

Security Sessions: Will security budgets go up in 2017?

In the latest episode of Security Sessions, CSO Editor-in-Chief Joan Goodchild chats with CSO Publisher Bob Bragdon about recent research around IT budgets, and how much of the budgets are allocated towards security. They also discuss where the money is going, how much is flowing to automation and whether the CSO (or CISO) can get the attention of the board to get more money for security projects.

Thoughts on incident response automation and orchestration

Just this week, I was reviewing several interviews I conducted with cybersecurity professionals on their organizations’ processes and tools for incident response (IR) automation and orchestration.  Here are a few things that jumped out at me: 1.      IR is still often anchored by basic tools, manual processes, and key personnel.  While trouble ticketing and ITSM tools are pervasive and fairly mature, too many enterprise organizations still “ham and egg” it through incident response.  In other words, they rely on paper forms, spreadsheets, email handoffs, and some socially-challenged security analyst who’s really good a finding compromised systems and malicious network traffic. To read this article in full or to leave a comment, please click here

GoDaddy revokes nearly 9,000 SSL certificates issued without proper validation

GoDaddy, one of the world's largest domain registrars and certificate authorities, revoked almost 9,000 SSL certificates this week after it learned that its domain validation system has had a serious bug for the past five months.The bug was the result of a routine code change made on July 29 to the system used to validate domain ownership before a certificate is issued. As a result, the system might have validated some domains when it shouldn't have, opening the possibility of abuse.Industry rules call for certificate authorities to check if the person requesting a certificate for a domain actually has control over that domain. This can be done in a variety of ways, including by asking the applicant to make an agreed-upon change to the website using that domain.To read this article in full or to leave a comment, please click here