Members of Congress received a dire warning this week about security vulnerabilities in the so-called internet of things (IoT), as cyber experts cautioned that with billions of new devices coming online, coordinated hacking attacks could become -- literally -- a matter of life and death.House lawmakers convened the hearing on IoT security in response to last month's distributed denial-of-service attack on the internet addressing provider Dyn, which resulted in temporary outages at popular sites like Twitter and Spotify.[ Related: How the Dyn DDoS attack unfolded ]To read this article in full or to leave a comment, please click here
In his nomination of Representative Mike Pompeo to head the CIA, President-elect Donald Trump has picked someone who has supported NSA surveillance programs and has criticized Silicon Valley's stance on encryption.Pompeo, a Republican from Kansas, is a former cavalry officer in the U.S. Army and a graduate of West Point military academy. He currently serves on the House Intelligence Committee and is perhaps best known for his role on the Benghazi committee that investigated Hillary Clinton.But his committee assignment has also put him in the middle of several recent issues that have pitched the U.S. intelligence community against major tech companies.To read this article in full or to leave a comment, please click here
Attackers who were trying to turn the Ask.com Toolbar into a malware dispensary got caught early on when their scheme was picked up by security services that were looking for anomalies.The malicious actors are unknown but they managed to get the legitimate Ask.com toolbar update feature to place a dropper/uploader into the browsers of several customers of security firm Red Canary.Once installed, the dropper would bring in secondary malware including banking Trojans and other online-fraud code, says Keith McCammon, CSO of Red Canary. The secondary payloads varied, and some of the dozen or so compromised machines his team found had downloaded more than one kind, he says.To read this article in full or to leave a comment, please click here
Supersonic travel may indeed become a reality (again) if Sir Richard Branson’s Virgin group and start-up Boom Supersonic have their way.Boom this week showed off its XB-1 Supersonic Demonstrator, or Baby Boom, a subscale prototype of what is to be the Boom supersonic passenger airliner which Boom says will be “the world’s first independently developed supersonic jet and the fastest civil aircraft ever made.” The two-seat prototype aircraft is expected to make its first flight in late 2017 with a commercial passenger plane perhaps coming in few years, the company said.+More on Network World: TSA: Keep grandma’s gravy at home but the turducken can fly+To read this article in full or to leave a comment, please click here
In a twist, thieves in the U.K. hacked personal data to steal high-end smartphones, rather than hacking phones to steal personal data.The thefts came to light after mobile network operator Three noticed a recent increase in levels of handset fraud, the company said Friday.By accessing the system Three uses to manage handset upgrades, the perpetrators were able to intercept new high-end handsets on the way to the operator's customers.Three, however, said only eight devices have been illegally obtained through the upgrade activity -- compared to 400 stolen from its retail stores over the past four weeks.The company sought to reassure customers concerned that their personal information may have been accessed in the attempt to steal the upgrade phones.To read this article in full or to leave a comment, please click here
IBM Security has launched a network-emulation environment where corporate teams can play out attack scenarios so they are better prepared for incidents they might face in the real world.
The person who submitted the above photo to Reddit’s section devoted to IT rants presumably does not believe it depicts wireless security at its finest. In fact, the sarcasm oozes.However, not everyone in the forum held such a dim view.“There is nothing wrong with this,” writes another user. “It is public wi-fi. It has a slight security advantage over an open network in that it makes it more difficult to eavesdrop. The (would-be) attacker also has to capture the handshake when a client associates.”There were supportive variations on that theme.To read this article in full or to leave a comment, please click here
U.S. lawmakers have introduced legislation to delay the coming into force on Dec. 1 of a rule change that aims to expand the government's ability to search computers and other digital devices across many jurisdictions with a single warrant.The new Review the Rule Act aims to delay for discussion proposed amendments to rule 41 of the Federal Rules of Criminal Procedure until July 1 next year. The changes to the rule have already been approved by the Supreme Court in April, and if Congress doesn’t act to the contrary, they will go into effect on Dec. 1.To read this article in full or to leave a comment, please click here
Apple may have refused to help the FBI unlock an iPhone used by the San Bernardino shooter, but the tech industry is still better off working with the U.S. government on encryption issues than turning away, according to a former official with the Obama administration.
“The government can get very creative,” said Daniel Rosenthal, who served as the counterterrorism director in the White House until January this year. He fears that the U.S. government will choose to “go it alone” and take extreme approaches to circumventing encryption, especially if another terrorist attack occurs.To read this article in full or to leave a comment, please click here
I am not sure how many problems the TSA has had with this but I was surprised to learn that Thanksgiving gravy is not allowed on carry-on bags.From the TSA: “Gravy is sadly prohibited from carry-on bags unless you pack it in accordance with our liquid polices mentioned above. You can also pack it in your checked baggage.”+More on Network World: 26 of the craziest and scariest things the TSA has found on travelers+Gravy as well as cranberry sauce for that matter fall under the sometimes mysterious “Liquid Rules” which basically states that you’re “allowed to take as many 3.4 ounce or smaller sized containers that will fit in one sealed, clear, quart-sized zip-top bag – and one bag per person. Make sure you take the zip-top bag out of your carry-on prior to sending it through the X-ray.”To read this article in full or to leave a comment, please click here
Tighter security will soon be mandatory for IoT devices that use the popular Z-Wave wireless protocol.Starting next April, the Z-Wave Alliance will require all products to include its S2 (Security 2) framework before they can be certified as Z-Wave compliant. S2 is designed to prevent hackers from breaking into IoT devices that are on Z-Wave networks.Home IoT has recently proved to be a dangerous vector for internet-based attacks, such as the one that corralled thousands of IP cameras and other devices into the so-called Mirai botnet that disrupted internet service last month.To read this article in full or to leave a comment, please click here
As we move into 2017, cybersecurity concerns continue to escalate. This past few months, we’ve seen some scary incidents, such as the Oct. 21 distributed denial of service (DDoS) attack on the DNS services at Dyn that used IoT devices like home routers and cameras as a botnet. Oh, and the last few months of the U.S. presidential election featured data breaches of the DNC and Clinton campaign manager John Podesta’s email and the subsequent posting of this information on WikiLeaks.It's pretty alarming, and it doesn’t appear things will get better anytime soon. This begs the question: What type of cybersecurity response can we expect from President Donald Trump’s administration? To read this article in full or to leave a comment, please click here
Cisco announced Wednesday that it eked out 1% revenue growth in its fiscal first quarter, compared to the same quarter last year, in what CEO Chuck Robbins described as a “challenging global business environment.”
Total revenue for the quarter, which ended October 29, was $12.4 billion. Net income was $2.3 billion, off 4% year over year.
Switching, which represents about 30% of the company’s sales, was down 7% in the quarter compared to last year. In an earnings call with financial analysts, CFO Kelly Kramer said the softness was in campus switching, which is two-thirds of the total switching business.CISCO NEWS: Cisco CEO Robbins: Wait til you see what’s in our innovation pipeline | Cisco CEO: Spin-in technologies aren’t dead at Cisco | Cisco/Ericsson: Assessing the mega-deal a year later
Asked by analysts if this was a byproduct of macroeconomic trends or a product portfolio issue, Kramer chalked it up to the former, saying the company is confident of its portfolio and expects sales to pick up when spending increases.To read this article in full or to leave a comment, please click here
Knowing the regsImage by ThinkstockWhether you work for an organization controlled by compliance standards or you are an independent IT firm looking to build your enterprise business, understanding industry regulations is crucial as it pertains to cybersecurity. Michael Hall, CISO, DriveSavers, provides a few best practices for businesses operating in or with regulated industries.To read this article in full or to leave a comment, please click here
Networked security cameras are the most likely to have vulnerabilities when it comes to securing Internet of Things devices in the enterprise, according to a new report by Zscaler."I would consider the entire video camera category as particularly dangerous," said Deepen Desai, director of security research at Zscaler.Take, for example, the Flir FX wireless HD monitoring camera.Researchers found that the camera communicated with the parent company in plain text and without authentication tokens.To read this article in full or to leave a comment, please click here
LinkedIn's network just got a little smaller: Russia's communications regulator ordered ISPs to block access to the business networking company on Thursday.Roskomnadzor made the order after a Moscow appeal court last week upheld an earlier ruling that LinkedIn breached Russian privacy laws.Tagansky district court ruled against LinkedIn on Aug. 4, following a complaint from the Russian federal service for the supervision of communications, information technology and mass media that its activities breached a law requiring businesses handling Russians' personal data to process that data in Russia.MORE ON NETWORK WORLD: 6 simple tricks for protecting your passwords
Roskomnadzor said it filed suit after LinkedIn failed to respond to two requests for information about its plans for relocating the data to Russia.To read this article in full or to leave a comment, please click here
A group of laid-off IT workers at the University of California, San Francisco may resort to filing a lawsuit against the school, accusing it of discrimination by outsourcing their jobs to an all Indian staff.
It's a legal tactic that U.S. IT workers are increasingly considering to try and block employers from allegedly replacing their jobs with foreign workers.
In the case of UCSF, the school is dismissing 49 permanent employees from its IT department and contracting the work to outside firms. But in doing so, the school is also getting rid of a diverse staff comprised of Americans from various ethnicities, and replacing them with Indian workers from one of the contractors, the laid-off workers said.To read this article in full or to leave a comment, please click here
IBM Security has launched a network-emulation environment where corporate teams can play out attack scenarios so they are better prepared for incidents they might face in the real world.The facility, called a cyber range (as in shooting range), provides a place for enterprises to practice incident-response, not only for their IT and IS staffs but also for company directors, C-level executives, corporate counsel, human resources pros, public relations staff – anyone who might be drawn into an actual cyber emergency.+More on Network World: IBM: Many companies still ill-prepared for cyber attacks+To read this article in full or to leave a comment, please click here
Today I watched an interesting Energy and Commerce subcommittee hearing about “Understanding the Role of Connected Devices in Recent Cyber Attacks.” The attacks refer to when insecure IoT devices infected with Mirai malware hammered DNS provider Dyn in October.The hearing included testimony, as well as submitted prepared remarks, from Dale Drew (pdf), CSO and senior vice president of Level 3 Communications; crypto and privacy guru Bruce Schneier (pdf); and Dr. Kevin Fu (pdf), who helped shock the world years ago by saying pacemakers and implantable cardiac defibrillators were vulnerable to hackers. You can read the experts’ testimonies for specific concerns and suggestions, but this is primarily based on paraphrased commentary during the hearing.To read this article in full or to leave a comment, please click here
When it comes to responding to cyber-attacks it seems many companies are severely lacking.A study out this week conducted by the Ponemon Institute and sponsored by Resilient an IBM company said that 66% of the 2,400 security and IT professionals they interviewed said their organization is not prepared to recover from cyberattacks.+More on Network World: Cisco: Potent ransomware is targeting the enterprise at a scary rate+According to Ponemon, for the second straight year the Cyber Resilient Organization study showed that incident response challenges are hindering what the researchers called cyber resilience or what they define as the as “the alignment of prevention, detection, and response capabilities to manage, mitigate, and move on from cyberattacks.”To read this article in full or to leave a comment, please click here