U.S. efforts to get to the bottom about Russia’s role in hacking this year’s presidential election may very well end up mired in politics, hampering any response.On Monday, Senate Majority Leader Mitch McConnell, a Kentucky Republican, was the latest U.S. lawmaker to call for an investigation into Russia’s possible involvement. “This simply cannot be a partisan issue,” he said during a press conference.A growing number of lawmakers, in addition to U.S. intelligence agencies, also assert that Russia was behind the high-profile hacks that were intended to influence this year’s election. Among the targets were Democratic groups and figures whose emails were stolen and later leaked online.To read this article in full or to leave a comment, please click here
Evolution inevitably involves the creation of new problems, and the big tech stories of the year show that this goes for IT just like anything else. While the internet has brought the world closer together, it also paved the way for fake news and new forms of espionage. The rise of AI has humans worried about being replaced. Chip makers are consolidating and scrambling to retool to meet the demands of virtual reality and the internet of things. And while Apple removed legacy ports on its new devices, a lot of users are grumbling about needing adapters for their favorite headphones and other peripherals. It's been a big year for trade-offs like this. Here are the IDG News Service's picks for the top 10 tech stories of the year.To read this article in full or to leave a comment, please click here
Eighty-five percent of organizations believe they have the right controls in place to protect against such attacks. Yet, 40 percent of them have been victims of cyber attacks within the last six months.That’s the finding of a recent survey sponsored by BAE Systems.Why the disconnect?[Related: 3 ingredients of a successful attack]
It’s one thing to believe you have the right protections in place; it’s another thing to test those beliefs. The survey of 600 business leaders across five countries found that “only 29% of organizations tested their attack response in the last month. On average, organizations last tested their cyber attack response 5 months ago.”To read this article in full or to leave a comment, please click here(Insider Story)
With previous anti-First Amendment statements by President-elect Donald Trump, there has been some worry by journalists that writing something the soon-to-be President doesn’t like may result in unpleasant consequences. Yet that is not the same thing as reporting “fake” news or spreading disinformation.To read this article in full or to leave a comment, please click here
Several models of Netgear routers are affected by a publicly disclosed vulnerability that could allow hackers to take them over.An exploit for the vulnerability was published Friday by a researcher who uses the online handle Acew0rm. He claims that he reported the flaw to Netgear in August, but didn't hear back.The issue stems from improper input sanitization in a form in the router's web-based management interface and allows the injection and execution of arbitrary shell commands on an affected device.The U.S. CERT Coordination Center (CERT/CC) at Carnegie Mellon University rated the flaw as critical, assigning it a score of 9.3 out of 10 in the Common Vulnerability Scoring System (CVSS).To read this article in full or to leave a comment, please click here
In this episode of Security Sessions, CSO Editor-in-Chief Joan Goodchild chats with Stu Sjouwerman, CEO of KnowBe4, about how cybercriminals are using the cloud model for ransomware development.
Yes, it's that time of the year again. Where does the time go? Anyway, it's time for us in the news business to make our annual predictions for the coming year. Unlike some, I own up to my misfires by leading off with the predictions made a year ago and admitting what came true and what didn't. So let's get into that. How good were my 2016 predictions?
1. IBM becomes a major cloud player.Not really. The most recent numbers, which covered Q2 of this year, put IBM at under 10 percent share. It's still an Amazon and Microsoft world. The good news is IBM grew 57 percent year over year, so it is making up for lost ground. To read this article in full or to leave a comment, please click here
Yes, it's that time of the year again. Where does the time go? Anyway, it's time for us in the news business to make our annual predictions for the coming year. Unlike some, I own up to my misfires by leading off with the predictions made a year ago and admitting what came true and what didn't. So let's get into that. How good were my 2016 predictions?
1. IBM becomes a major cloud player.Not really. The most recent numbers, which covered Q2 of this year, put IBM at under 10 percent share. It's still an Amazon and Microsoft world. The good news is IBM grew 57 percent year over year, so it is making up for lost ground. To read this article in full or to leave a comment, please click here
You've read about cities installing smart parking meters and noise- and air-quality sensors, but are you ready to embrace the idea of a city brain?The residents of Singapore are on track to do just that.Creating a centralized dashboard view of sensors deployed across a distributed network is nothing new, but it takes on a bigger -- perhaps ominous -- meaning when deployed across a major city.To read this article in full or to leave a comment, please click here
New products of the weekImage by BrocadeOur roundup of intriguing new products. Read how to submit an entry to Network World's products of the week slideshow.BlueData EPIC on AWSImage by Blue DataTo read this article in full or to leave a comment, please click here
U.S. president-elect Donald Trump is meeting this week in New York with top tech executives, including Oracle CEO Safra Catz, Apple CEO Tim Cook, Microsoft CEO Satya Nadella, Alphabet CEO Larry Page and Facebook COO Sheryl Sandberg, according to news reports.Invitations to the meeting were signed by Trump's son-in-law and adviser Jared Kushner, chief of staff Reince Priebus, and billionaire tech investor Peter Thiel, a Silicon Valley figure who came out openly early on in favor of Trump.The relationship between Trump and Silicon Valley companies has been difficult with some senior tech executives openly backing his Democratic rival Hillary Clinton in the run-up to the presidential elections. The president-elect and tech companies also appear to have differing views on issues such as immigration, outsourcing abroad, clean energy, net neutrality, encryption, surveillance and on restoring lost manufacturing jobs in the U.S.To read this article in full or to leave a comment, please click here
Netgear router owners, I hope you have a spare router – at least those of you with remotely exploitable models, since US-CERT recommended discontinuing use of router models which are vulnerable to arbitrary command injection.Which models? Right now it looks like Netgear R7000, R6400 and R8000 routers, but there may be more models that are vulnerable. Should you really take this seriously and unplug your router? You betcha, since US-CERT said it is “trivial” to exploit this vulnerability. Visit a booby-trapped page and whammo! An attacker would be saying hello to root privileges on your router.An exploit, which was released on Exploit Database, was published on Dec. 7. Netgear has yet to issue new firmware to patch the flaw in its vulnerable routers. There is a way to test if your router is vulnerable and even a non-official temporary fix you can try if tossing out your router is not an option.To read this article in full or to leave a comment, please click here
A US trade judge ruled today that Arista Networks infringed on two Cisco switch patents – the second important victory the networking giant has won against Arista in their ongoing legal confrontation since it began in 2014.U.S. International Trade Commission Judge MaryJoan McNamara issued the so-called “initial determination” on the case which now must be reviewed by the ITC. In the end should the ITC find against Arista its switches could once again be banned from import into the US. The ITC you may recall ruled against Arista in another part of this case and between June and August the company could not import those products. In November Arista announced that US Customs has given it permission to resume importing its networking gear in the United States.To read this article in full or to leave a comment, please click here
Earlier this year, ESG and the Information Systems Security Association (ISSA) published a research report titled, The State of Cyber Security Careers. The report was based on a survey of 437 cybersecurity professionals, the clear majority of which were ISSA members.Two-thirds of these cybersecurity professionals worked at an organization that employed a CSO or CISO. These individuals were then asked to identify the most important qualities that make a successful CISO. Here is a sample of the results:
50% of respondents said strong leadership skills were most important
47% of respondents said strong communication skills were most important
30% of respondents said a strong relationship with business executives was most important
29% of respondents said a strong relationship with the CIO and other members of the IT leadership team was most important
23% of respondents said strong management skills were most important
Based upon this list, it’s clear that successful CISOs need to be strong business people who can work with business and IT executives. This is an important consideration since many security professionals are deeply rooted in the technology rather than the business aspects of infosec.To read this article in full or to leave a comment, please Continue reading
President Barack Obama has ordered U.S. intelligence agencies to conduct a full review of the cyberattacks that allegedly tried to disrupt this year's election, as his successor Donald Trump casts doubt over Russia's possible involvement. Obama's homeland security advisor Lisa Monaco first mentioned the need for the review while speaking to reporters on Friday morning, according to Politico."We may be crossed into a new threshold, and it is incumbent upon us to take stock of that, to review, to conduct some after-action, to understand what this means, and to impart those lessons learned," Monaco reportedly said.To read this article in full or to leave a comment, please click here
The number of ransomware attacks targeting companies increased threefold from January to September, affecting one in every five businesses worldwide.According to a new report from security company Kaspersky Lab, the rate of ransomware attacks against businesses increased from one every two minutes to one every 40 seconds during that period. For consumers it was even worse, with the rate reaching one attack every 10 seconds in September.During the third quarter of the year, there were 32,091 new ransomware variations detected by Kaspersky Lab compared to only 2,900 during the first quarter. Overall, 62 new ransomware families appeared this year, the company said.To read this article in full or to leave a comment, please click here
IoT, rotten home AP firmware, freaking Wi-Fi cameras: They’re all eating your lunch. Here’s an Advanced Persistent Threat notice: EVERYTHING AROUND YOU can give you a miserable day. It’s now entirely myopic, and hence irresponsible, to think there is such a topic as enterprise security because sadly video cams in Macedonia can give your hosting environment a DDoS headache. Poor TLS handshakes crack browsers open like an egg. Your router vendor had all of the hardening of a “fairy tap.” Remember those when you were a kid? A fairy tap was a gentle touch, designed to invade your space but do no damage. Now the damage is pOwn1ng your infrastructure. Or you business partner’s infrastructure. To read this article in full or to leave a comment, please click here
Botnets made up of hacked home routers were used to launch distributed denial-of-service attacks against the five largest financial organizations in Russia.The attacks occurred on Monday, Dec. 5, and were detected and mitigated by Rostelecom, Russia's state-owned telecommunications company. The attacks peaked at 3.2 million packets per second (Mpps) and the longest attack lasted for over two hours, Rostelecom reported Friday.The company did not provide a bandwidth measurement for the attacks, but 3.2Mpps is not that much. DDoS mitigation providers regularly see attacks that exceed 100 Mpps and a very large September attack against the website of cybersecurity blogger Brian Krebs peaked at 665Gbps and 143Mpps.To read this article in full or to leave a comment, please click here
A very merry Christmas could give way to a not-so-happy New Year security hangover for enterprises, once a few million more Internet of Things (IoT) devices are unwrapped and migrate from homes into the workplace.So, a webinar this week hosted by The Security Ledger titled: “Who Let the IoT in?: Finding and securing wireless devices in your environment,” was designed to offer some advance advice on how to cope with it.Paul Roberts, founder and editor in chief of The Security Ledger, who moderated the event, began by framing part of the problem: Although the IoT is now well established, many of the legacy tools enterprises still use to identify and manage vulnerable devices were, “designed for the ‘Internet of Computers’ rather than the IoT.To read this article in full or to leave a comment, please click here
PowerShell is an enormous addition to the Windows toolbox that gives Windows admins the ability to automate all sorts of tasks, such as rotating logs, deploying patches, and managing users. Whether it's specific Windows administration jobs or security-related tasks such as managing certificates and looking for attack activity, there is a way to do it in PowerShell.Speaking of security, there's a good chance someone has already created a PowerShell script or a module to handle the job. Microsoft hosts a gallery of community-contributed scripts that handle a variety of security chores, such as penetration testing, certificate management, and network forensics, to name a few.To read this article in full or to leave a comment, please click here(Insider Story)