This column is available in a weekly newsletter called IT Best Practices. Click here to subscribe. Every CISO knows it’s not enough to just use prevention tools to try to keep attackers out of the network. CISOs must have the mindset of “they will get in” and plan accordingly with detection tools.According to Gartner, the average time before a breach is detected is more than 200 days, and too often the breach is detected by an outside organization such as a credit card processor or a law enforcement agency. These facts are simply indefensible when a CISO is called before the Board of Directors to discuss preparedness for cyber incidents.To read this article in full or to leave a comment, please click here
It's possible to transmit life-threatening signals to implanted medical devices with no prior knowledge of how the devices work, researchers in Belgium and the U.K. have demonstrated.By intercepting and reverse-engineering the signals exchanged between a heart pacemaker-defibrillator and its programmer, the researchers found they could steal patient information, flatten the device's battery, or send malicious messages to the pacemaker. The attacks they developed can be performed from up to five meters away using standard equipment -- but more sophisticated antennas could increase this distance by tens or hundreds of times, they said."The consequences of these attacks can be fatal for patients as these messages can contain commands to deliver a shock or to disable a therapy," the researchers wrote in a new paper examining the security of implantable cardioverter defibrillators (ICDs), which monitor heart rhythm and can deliver either low-power electrical signals to the heart, like a pacemaker, or stronger ones, like a defibrillator, to shock the heart back to a normal rhythm. They will present their findings at the Annual Computer Security Applications Conference (ACSAC) in Los Angeles next week.To read this article in full or to leave a comment, please click here
In the wake of reports about Russian involvement in fake news and hacks against political targets leading up to the recent presidential election, scholars and security experts are calling for federal action.As of Sunday, 158 scholars have signed an open letter calling for a congressional investigation."Our country needs a thorough, public Congressional investigation into the role that foreign powers played in the months leading up to November," the letter said.Democrats in Congress have also called for an investigation, and were recently joined by Republican Sen. Lindsey Graham.To read this article in full or to leave a comment, please click here
In the latest episode of Security Sessions, CSO Editor-in-Chief Joan Goodchild chats with Stephen Boyer, CTO and co-founder of BitSight, about the recent DNS attacks against Dyn, and how CSOs can prepare their systems against future attacks.
Cyber-attacks using the VoIP protocol Session Initiation Protocol (SIP) have been growing this year accounting for over 51% of the security event activity analyzed in the last 12 months, according to a report from IBM’s Security Intelligence group this week.“SIP is one of the most commonly used application layer protocols in VoIP technology… we found that there has been an upward trend in attacks targeting the SIP protocol, with the most notable uptick occurring in the second half of 2016,” IBM wrote. “In actual attacks on VoIP communications, we note various types of disruption. Spikes in July and September were mostly the result of specially crafted SIP messages that were terminated incorrectly. Persistent, invalid messages are known to cause vulnerable servers and equipment to fail. The spike in October 2016 was largely influenced by SIP messages with invalid characters in the SIP “To” field. These could be reflective of suspicious activity, necessitating further investigation.”To read this article in full or to leave a comment, please click here
Look after your home 24/7 in crisp 1080p HD. With Nest Cam Indoor, you can check in, even when you’re out, and even at night with its built-in high-quality night vision. Nest Cam features a versatile magnetic stand that lets you put it anywhere. See who’s there, listen in and speak up to get their attention. With Nest Aware, you can get a special alert if Nest Cam sees a person, and save 10 or 30 days of continuous video history in the cloud. Then speed through it in seconds and quickly find the moment you’re looking for in Sightline. Nest's indoor camera is a best-seller on Amazon with 4 out of 5 stars from over 4,300 people (read reviews). Its typical list price of $199 has been reduced 12% to $174.60 on Amazon.To read this article in full or to leave a comment, please click here
Look after your home 24/7 in crisp 1080p HD. With Nest Cam Indoor, you can check in, even when you’re out, and even at night with its built-in high-quality night vision. Nest Cam features a versatile magnetic stand that lets you put it anywhere. See who’s there, listen in and speak up to get their attention. With Nest Aware, you can get a special alert if Nest Cam sees a person, and save 10 or 30 days of continuous video history in the cloud. Then speed through it in seconds and quickly find the moment you’re looking for in Sightline. Nest's indoor camera is a best-seller on Amazon with 4 out of 5 stars from over 4,300 people (read reviews). Its typical list price of $199 has been reduced 10% to $179.97 on Amazon.To read this article in full or to leave a comment, please click here
Look after your home 24/7 in crisp 1080p HD. With Nest Cam Indoor, you can check in, even when you’re out, and even at night with its built-in high-quality night vision. Nest Cam features a versatile magnetic stand that lets you put it anywhere. See who’s there, listen in and speak up to get their attention. With Nest Aware, you can get a special alert if Nest Cam sees a person, and save 10 or 30 days of continuous video history in the cloud. Then speed through it in seconds and quickly find the moment you’re looking for in Sightline. Nest's indoor camera is a best-seller on Amazon with 4 out of 5 stars from over 4,300 people (read reviews). Its typical list price of $199 has been reduced 16% to $178 on Amazon.To read this article in full or to leave a comment, please click here
A new Android malware has managed to steal access to more than 1 million Google accounts, and it continues to infect new devices, according to security firm Checkpoint.“We believe that it is the largest Google account breach to date,” the security firm said in Wednesday blog post.The malware, called Gooligan, has been preying on devices running older versions of Android, from 4.1 to 5.1, which are still used widely, especially in Asia.Gooligan masquerades as legitimate-looking Android apps. Checkpoint has found 86 titles, many of which are offered on third-party app stores, that contain the malicious coding.To read this article in full or to leave a comment, please click here
Three senators' efforts to stop a major expansion of U.S. law enforcement agencies' hacking powers has failed for now.Proposed changes to Rule 41, the search-and-seizure provision in the Federal Rules of Criminal Procedure, will go into effect Thursday barring any last-minute action in Congress. The rules change will give U.S. law enforcement agencies the authority to cross jurisdictional lines and hack computers anywhere in the world during criminal investigations. Until now, the rules, in most cases, prohibited federal judges from issuing a search warrant outside their jurisdictions. To read this article in full or to leave a comment, please click here
Top tech predictions for 2017It's the time of year for tech predictions. We've rounded up a slew of ideas from industry watchers who track IT budgets, cybersecurity, hiring, infrastructure management, IoT, virtual reality and more. Here are their predictions, projections and prognostications.IT spending set to rise 2.9%Growth in software and IT services revenue will drive an increase in worldwide IT spending, which Gartner forecasts will climb 2.9% to $3.5 trillion in 2017. Software spending is projected to grow 6% in 2016, and it will grow another 7.2% in 2017 to total $357 billion, according to Gartner. IT services spending, which is on pace to grow 3.9% in 2016, will increase 4.8% in 2017 to reach $943 billion.To read this article in full or to leave a comment, please click here
Why do you spend the big bucks for security products? For protection, right? But many of the top security vendors utilize open-source or third-party components and libraries that are seemingly packed with vulnerabilities.While this is something you already know, a new report found that security products are some of the most vulnerable software. Flexera Software, which acquired Secunia in 2015, noted that between August and October of 2016, 46 products made it to the top 20 most vulnerable products. Eleven of those software products overflowing with vulnerabilities were security-related products.To read this article in full or to leave a comment, please click here
Getting the gang togetherImage by ThinkstockLast month, I presented you a chamber of horrors—the worst people you meet doing IT security, many of them your friends and, sadly, co-workers. But I don't like to dwell on the negative! So I asked a slew of IT pros about the best people, the ones they want on their side when facing down the toughest security challenges. There are a number of important roles to fill, and I'm not just talking about job titles: I mean attitudes, and abilities that verge on superpowers. IT security is a team sport, so who do you want on your team?To read this article in full or to leave a comment, please click here
According to a set of intelligent humans interviewed for this story, artificial intelligence (AI) and machine learning are going to help drive the tech economy in 2017.When CIO.com posted a query on Help a Reporter Out, a site designed to help journalists connect with sources, asking about startup trends to watch in 2017, the overwhelming majority of respondents pointed to AI. This coming year and beyond, AI will help companies "disrupt sectors that haven't been fully disrupted," says Anthony Glomski, principal of AG Asset Advisory, a financial advisory firm. "AI is in its beginning stages with massive potential impact."To read this article in full or to leave a comment, please click here
From W-2 scams to WordPress vulnerabilities, ransomware, business email compromises, DDos attacks and allegations of a hacked presidential election -- 2016's been a hell of a year in cybersecurity, and it's not over yet.There's no reason to believe 2017 will be any better. If anything, it could be even worse as cybercriminals continue to push social engineering, find new ways to deliver malware, crack vulnerable databases and leverage mobile technology to find ways to get inside corporate defenses and target individuals.To read this article in full or to leave a comment, please click here
Most cybercriminals make between $1,000 and $3,000 a month, but 20 percent earn $20,000 a month or more, according to a recent report.The data is based on a survey conducted by a closed underground community, said report author Andrei Barysevich, director of advanced collection at cybersecurity firm Recorded Future."We actually saw criminals who made way more than that, $50,000 to $200,000 a month," he said. "This is what they keep, this is not revenues, but pure profit. This is what they can spend on loose women, fast cars and nice clothes."To read this article in full or to leave a comment, please click here
The city of Lewiston, in north central Idaho, has a population of around 32,000 and an information systems budget of around $800,000 a year.But it wasn't too small for attackers. For example, the city council meetings, streamed online, were being watched by people in Russia."Why are they watching this?" said Danny Santiago, the city's information systems administrator.Then there were the phishing attempts."We are negotiating a $2 million contract for road work, and we had spearphishing attacks," he said. "Luckily it's a small town, and everyone knows everyone, so people called us."To read this article in full or to leave a comment, please click here
Hewlett Packard Enterprise on Wednesday announced several software and hardware products to more securely manage the exploding universe of Internet of Things devices.October's Mirai botnet attack on unsecured IoT devices, which halted widespread access to dozens of popular internet sites, dramatizes the value of more comprehensive management and control of IoT, HPE executives said in interviews.Some of HPE's new products are intended for use by virtual cellular network providers, while others are for small and medium-sized enterprises to use in managing their local area network (LAN) operations.To read this article in full or to leave a comment, please click here
SecureAuth is in the business of adaptive access control. What that means in plain (or at least more plain) English is that the company offers security solutions that balance strength with ease of use and that adapt to different use cases.An example of adaptive access control might be requiring a simple username and password for regular access, but requiring a higher level of authentication when the user (for example) logs in from another geography.+ Also on Network World: 5 trends shaking up multi-factor authentication +
As data breaches have gained massive prominence in recent years, due in part to some celebrities' dual proclivities for poor password control and a penchant for naked selfies, the public has become increasingly aware of multi-factor authentication (MFA) a process that requires a subsequent authentication entry beyond simply username and password.To read this article in full or to leave a comment, please click here
It’s the time of year for holiday cheer. Hot chocolate, cookies, presents and other festivities abound. Shops dress up their windows in exotic displays, and festive lights can be seen everywhere. Yes, it’s the time of year when everything is grander and everyone seems happier.But it’s not always sunshine and roses during the holiday season. Trouble often lurks in the shadows—preying on both retailers and consumers. Criminals take advantage of the spike in spending, and use the opportunity to hide in the crowds and undertake fraud of various kinds.+ Also on Network World: Flash mobs the latest threat this holiday season +
Financial fraud is the one that comes to mind first, but identity theft, impersonation and theft of items, among others, are all common. On top of that, every year cyber attackers improve on their techniques to steal information, money and goods.To read this article in full or to leave a comment, please click here