The U.S. government needs to pass regulations mandating internet of things security measures before device vulnerabilities start killing people, a security expert told lawmakers.A massive distributed denial-of-service attack aided by IoT devices in October "was benign" because a couple of websites crashed, said Bruce Schneier, a veteran cybersecurity researcher and lecturer at Harvard University. But the next attack may be more dangerous.With cars, airplanes, thermostats, and appliances now connected to the internet, "there's real risk to life and property, real catastrophic risk," Schneier told two House of Representatives subcommittees Wednesday.To read this article in full or to leave a comment, please click here
The shift to digital has introduced several new technologies into businesses. Internet of Things (IoT), mobility, cloud and the like allow companies to become highly agile and move with speed.However, the increased agility businesses are realizing has come with a price, which is that the complexity of IT has never been higher. There are many implications to increased complexity, but the biggest is that securing the business has become more difficult.INSIDER: 5 ways to prepare for Internet of Things security threats
Securing organizations used to be straight forward: Put up a big, expensive firewall at the sole ingress/egress point, and all was good. Today there are dozens or even hundreds of entry points created from an increase in the use of cloud services, mobile workers and consumer devices. Security must now be applied at the perimeter, but also in the data center, campus, cloud, branch offices and anywhere else the business might have assets or people.To read this article in full or to leave a comment, please click here
A former CSO of the World Bank Treasury calls the SWIFT system outdated and open to malware attacks. Those vulnerabilities could lead to manipulation of financial transactions.SWIFT is the interbank financial messaging system for sending international money transfer instructions. The Society for Worldwide Interbank Financial Telecommunications, which the industry refers to as the SWIFT co-op maintains this system.CSO looks at the SWIFT co-op’s denial of the real issue, the cost of attacks, informed expert insights into these security flaws, how hackers are using and abusing these to their profit, and what the co-op should do to seal its messaging system to mitigate further falsifications.To read this article in full or to leave a comment, please click here
The tech industry brims with examples of bright entrepreneurs who have struck it big by selling their startups and then hightailing it out of those larger companies once contractually eligible so that they can pursue their next venture.So what the heck is Matt Cutler still doing at Cisco three years after selling his mobile collaboration startup to the networking giant? Well, among other things, he’s teaching a bunch of his peers who have stayed at Cisco after having their own companies acquired -- as well as any Cisco lifers who will listen -- a thing or two about how to keep cranking out new ideas. Cisco
Matt Cutler, Lead Evangelist for Cisco Cloud Collaboration Technologies, has big ideas on ideation.To read this article in full or to leave a comment, please click here
The massive Distributed Denial of Service (DDoS) attack last month on Dyn, the New Hampshire-based Domain Name System (DNS) provider, was mostly an inconvenience.While it took down a portion of the internet for several hours, disrupted dozens of major websites and made national news, nobody died. Nobody even got hurt, other than financially.But the attack, enabled by a botnet of millions of Internet of Things (IoT) devices, inevitably led to speculation on what damage a DDoS of that scale or worse could do to even a portion of the nation’s critical infrastructure (CI).To read this article in full or to leave a comment, please click here
Back for 11th helpings?Image by Mark Gibbs / psdblast.comWelcome, once again, to the Gibbs Golden Turkey Awards. It’s been a few years since our last effort to point the digit of disdain at those individuals, companies or entities that don't, won't or can't come to grips with reality, maturity, ethical behavior and/or social responsibility because of their blindness, self-imposed ignorance, thinly veiled political agenda, rapaciousness and greed, or their blatant desire to return us to the Dark Ages. Or all of those sins combined. But that lapse aside, with loins girded anew with cheap girders, we undertake again the traditional annual roasting of those who deserve a damn good basting. Without further ado, here in reverse order, are the top 10 Golden Turkeys for 2016 …To read this article in full or to leave a comment, please click here
The annual holiday uptick in denial of service attacks will likely continue this year only this time with a new devastating weapon: Internet of Things (IoT) devices, according to Akamai.In its quarterly State of the Internet/Security Report, the company says certain types of DDoS attacks are on the rise compared to the third quarter last year, both in size and number. That doesn’t bode well for users of the internet starting next week.“Thanksgiving, Christmas, and the holiday season in general have long been characterized by a rise in the threat of DDoS attacks,” the report says. “Malicious actors have new tools — IoT botnets — that will almost certainly be used in the coming quarter.”To read this article in full or to leave a comment, please click here
Planetary scientists got together this week in Berlin express support for the future European/NASA asteroid redirect mission to develop technology that one day might prevent the Earth from being smacked by a destructive asteroid.+More on Network World: How to protect Earth from asteroid destruction+Proponents are trying to garner worldwide support for the mission pointing to the European Space Administration ministerial conference in Luzern next month where the decision will be made whether or not to fund the ESA’s Asteroid Impact Mission (AIM). AIM is part of an over-arching collaborative effort with NASA known as theAsteroid Impact and Deflection Assessment (AIDA) mission.To read this article in full or to leave a comment, please click here
A vulnerability in a multimedia framework present on Version 12.04.5 of Ubuntu can be exploited by sound files meant to be played on the venerable Nintendo Entertainment System, according to security researcher Chris Evans.
The vulnerability is the result of a flaw in an audio decoder called libgstnsf.so, which allows gstreamer Version 0.10 to play the NSF files that the NES uses for music. NSF files, when played, use the host system’s hardware to create a virtualized version of the NES’ old 6502 processor and sound hardware in real time.
+ALSO ON NETWORK WORLD: Cool Yule Tools 2016: Digital disruption at Santa's Workshop + Android deems Instagram worthy of its presenceTo read this article in full or to leave a comment, please click here
In the world of networked cameras used for security situations (in home and at work), most (if not all) of the devices required an external power source as well as access to a Wi-Fi network. Netgear, through its Arlo division/brand, wants to change that with its new line of cameras that run without external power as well as LTE network support.
The Arlo Go Mobile HD Security Camera (model LTE-VML4030) uses 3G and 4G LTE (via the AT&T network) for its connectivity, letting users place the cameras in areas where Wi-Fi doesn’t exist (think rural, vacation cabins, marinas, farms, etc.). The camera features quick-charge rechargeable batteries, meaning you don’t have to put them near a power outlet (although you can keep it charged via power cord if you like). For local storage of video footage, a built-in microSD card slot is available (in case Internet access is disrupted). The camera also supports two-way audio (with its built-in microphone and speaker), motion and audio detection, night vision, live viewing and weatherproofing for outdoor placement.To read this article in full or to leave a comment, please click here
We’ve reached that time of year where everyone in the security industry is pulling together predictions for what we expect to see over the next year, and/or slowly backing away from any imperfect predictions we might have put forth the year before.Last year, I offered up a number of predictions, but the one continuing to make huge waves in 2017 is around data integrity attacks. Quite simply, I expect that we’ll see more intricate, complex and undetected data integrity attacks and for two main reasons: financial gain and/or political manipulation.To read this article in full or to leave a comment, please click here
Those of us who’ve been around security technology for a while will remember the prodigious rise of network access control (NAC) around 2006. Now the ideas around NAC had been around for several years beforehand, but 2006 gave us Cisco’s network admission control (aka Cisco NAC), Microsoft’s network access protection (NAP), and then a whole bunch of venture-backed NAC startups (ConSentry, Lockdown Networks, Mirage Networks, etc.).There were lots of reasons why the industry was gaga over NAC at the time, but it really came down to two major factors:1. Broad adoption of WLANs. In 2006, wireless networking based upon 802.11 was transforming from a novelty to the preferred technology for network access. I also believe that laptop sales first overtook desktop computer sales around this same timeframe so mobility was becoming an IT staple as well. Many organizations wanted a combination of NAC and 802.1X so they could implement access policies and monitor who was accessing the network.To read this article in full or to leave a comment, please click here
Those of us who’ve been around security technology for a while will remember the prodigious rise of network access control (NAC) around 2006. Now, the ideas around NAC had been around for several years beforehand, but 2006 gave us Cisco’s network admission control (aka Cisco NAC), Microsoft’s network access protection (NAP) and then a whole bunch of venture-backed NAC startups (ConSentry, Lockdown Networks, Mirage Networks, etc.).There were lots of reasons why the industry was gaga over NAC at the time, but it really came down to two major factors:
Broad adoption of WLANs. In 2006, wireless networking based upon 802.11 was transforming from a novelty to the preferred technology for network access. I also believe laptop sales first overtook desktop computer sales around this same timeframe, so mobility was becoming an IT staple as well. Many organizations wanted a combination of NAC and 802.1X so they could implement access policies and monitor who was accessing the network.
A wave of internet worms. The early 2000s produced a steady progression of internet worms, including Code Red (2001), Nimda (2001), SQL Slammer (2003), Blaster (2003), Bagel (2004), Sasser (2004), Zotob (2005), etc. These worms could easily spread Continue reading
Financial technology (fintech) products and services are picking up tremendous steam, particularly with younger, tech-savvy and affluent customers, according to the World FinTech Report 2017 (WFTR), recently released by Capgemini, LinkedIn and Efma (a global nonprofit organization composed of banks and insurance companies). But even as fintech firms reshape the financial services landscape, customers are struggling to trust them."We're seeing adoption across the globe," says Bill Sullivan, head of Global Financial Services Market Intelligence at Capgemini Financial Services. "It's not so much replacing incumbents as adding on."[ Related: How 3 fintech startups are shaking up security ]To read this article in full or to leave a comment, please click here
Government departments tend to be seen as “top shelf” IT customers. They tend to use larger providers, use more traditional delivery mechanisms and have a conservative approach towards newer ways of working. So, when Synack, a crowdsourced cybersecurity vendor, told me it secured a contract with the IRS, I was intrigued.+ Also on Network World: How the government can help businesses fight cyber attacks +
First, a little bit about what Synack does: The company is following something of an ongoing trend in the security space in that it wrangles a bunch of “ethical hackers” to essentially try and break a client's IT systems. The idea being that those hackers can ply their trade, but instead of intruding onto organizations' IT systems out of malice, they can do so as a service (and, it must be added, for a payment). Founded in 2013 by former NSA security experts Jay Kaplan, CEO, and Dr. Mark Kuhr, CTO, Synack feels very similar to HackerOne, a company now headed by Marten Mickos of MySQL fame.To read this article in full or to leave a comment, please click here
Finding threats quickerImage by ThinkstockCyber security analysts are overwhelmed with the pressure of keeping their companies safe. Not only do they need to filter through countless alerts, many of which turn out to be false positives, but also the volume of real threats is growing exponentially. They quickly need to triage and move on, stopping the most pressing threats – but not always the most dangerous. Cyber analysts need a new, holistic approach to threat detection that monitors, analyzes and cross-references data across multiple dimensions to help them detect complex threats as early as possible.To read this article in full or to leave a comment, please click here
Have you wondered if your internet-connected devices are infected with Mirai malware and were part of the DDoS attacks?In response to the recent IoT DDoS attacks, researchers at Zscaler analyzed IoT traffic patterns not only on the days of the DDoS attacks on Dyn and Krebs on Security, but going back to July.While Zscaler does not believe any of the devices connected to Zscaler Cloud had been compromised and used in the IoT botnet attacks, ThreatLabz researchers analyzed the security of five security cameras, three smart TV entertainment devices, three smart network printers and scanners, two DVRs and NVRs, two IP phones and a partridge in a pear tree. The last one of course was just to see if you were paying attention: no partridges were harmed in the course of this research.To read this article in full or to leave a comment, please click here
In 2012, the European Commission proposed new regulations on data protection that would supersede the national laws of the 28 EU member states. It was formally approved in April this year, and it will go into effect May 25, 2018.
This General Data Protection Regulation (GDPR) introduces several major changes that will impact many organizations worldwide.
The smart move is to familiarize yourself with the incoming regulation now, and begin preparing to comply with your obligations. The GDPR will apply to any business that operates within the EU, but also any company that processes data from EU citizens. It doesn’t matter where the organization is located.To read this article in full or to leave a comment, please click here
Hotel and restaurant chains, beware. A notorious cybercriminal gang is tricking businesses into installing malware by calling their customer services representatives and convincing them to open malicious email attachments.
The culprits in these hacks, which are designed to steal customers’ credit card numbers, appear to be the Carbanak gang, a group that was blamed last year for stealing as much as $1 billion from various banks.
On Monday, security firm Trustwave said that three of its clients in the past month had encountered malware built with coding found in previous Carbanak attacks.To read this article in full or to leave a comment, please click here
"What company would not like to know exactly what its competitor is doing?"When we talk about corporate espionage, we're talking about companies stealing information that gives them a competitive or economic advantage, writes Chuck Easttom in the new 3rd edition of his book Computer Security Fundamentals. It's not showy, often low-tech and sometimes downright dirty, as exemplified by Oracle CEO Larry Ellison's admission that he "hire[d] private investigators to sift through Microsoft garbage in an attempt to garner information."To read this article in full or to leave a comment, please click here(Insider Story)