Archive

Category Archives for "Network World Security"

Cisco/Ericsson: Assessing the mega-deal a year later

When it was announced a year ago, the Cisco/Ericsson partnership was hailed as “the right move for us right now,” according to Cisco CEO Chuck Robbins to create the networks of the future.While the partnership has done well – the companies say they have closed 60 deals together -- Ericsson is being battered financially this year and the impact that will have on the partnership could change it in the future.+More on Network World: Cisco CEO Robbins: Wait til you see what’s in our innovation pipeline+To read this article in full or to leave a comment, please click here

Need for ‘smart’ regulation of IoT security is as obvious as is it unlikely

Security expert Bruce Schneier has a new essay out that makes this case: The only way to prevent the exploitation of insecure internet of things devices from causing catastrophic damage is government regulation, noting “our choice is between smarter government involvement and stupider government involvement.”His premise would appear unassailable. The problem is we don’t necessarily get to choose; sometimes the difference between smarter and stupider is foisted upon us.Schneier writes of the growing IoT threat: It's a form of invisible pollution. … And, like pollution, the only solution is to regulate. The government could impose minimum security standards on IoT manufacturers, forcing them to make their devices secure even though their customers don't care. They could impose liabilities on manufacturers, allowing companies like Dyn to sue them if their devices are used in DDoS attacks. The details would need to be carefully scoped, but either of these options would raise the cost of insecurity and give companies incentives to spend money making their devices secure. …To read this article in full or to leave a comment, please click here

17% off Nest Cam Indoor Security Camera – Deal Alert

Look after your home 24/7 in crisp 1080p HD. With Nest Cam Indoor, you can check in, even when you’re out, and even at night with its built-in high-quality night vision. Nest Cam features a versatile magnetic stand that lets you put it anywhere. See who’s there, listen in and speak up to get their attention. With Nest Aware, you can get a special alert if Nest Cam sees a person, and save 10 or 30 days of continuous video history in the cloud. Then speed through it in seconds and quickly find the moment you’re looking for in Sightline. Nest's indoor camera is a best-seller on Amazon with 4 out of 5 stars from over 4,000 people (read reviews). Its typical list price of $199 has been reduced 17% to $166.00 on Amazon. Amazon also features a bundle of three cameras that will deepen the discount even further. Right now it's just $454.97 for the pack of three.To read this article in full or to leave a comment, please click here

IDG Contributor Network: Major cloud is infested with malware, researchers say

Cloud repositories are actively supplying malware, according to computer experts. And problematically, it’s insidious and hard to find.Hundreds of buckets have been undermined, says Xiaojing Liao, a graduate student at Georgia Tech who’s the lead author on a study that’s looking into the problem. Buckets are chunks of storage used in cloud operations.It’s “challenging to find,” Georgia Tech writes in an article on its website. The problem being that the resulting malware is quick to “assemble from stored components that individually may not appear to be malicious.”To read this article in full or to leave a comment, please click here

Down the rabbit hole, part 5: Secure and private instant messaging

Instant messaging is hard.There are untold numbers of instant messaging networks (not even taking SMS into consideration)—with companies like Google having, all by themselves, created a half dozen competing applications and networks. And, if you want those messages to be secure? Well, things get even more difficult—there simply aren’t many options. In my ongoing quest to make my life as secure and private as possible, I’ve found three instant messaging networks that are worth talking about. They’re not perfect, but they are significant improvements over using the many, astoundingly insecure platforms out there (such as Google’s Hangouts or Apple’s iMessage). Let’s go over those here, with their benefits and pitfalls. To read this article in full or to leave a comment, please click here

Yahoo investigating if insiders knew of hack

Yahoo said investigators were looking into the possibility that some people within the company knew at the time about the late 2014 theft of information of at least 500 million user accounts.Law enforcement authorities on Monday also “began sharing certain data that they indicated was provided by a hacker who claimed the information was Yahoo user account data,” the company said in a regulatory filing to the U.S. Securities and Exchange Commission. Yahoo said it would “analyze and investigate the hacker’s claim.” It isn't clear if this data is from the 2014 hack or from another breach.To read this article in full or to leave a comment, please click here

Worries and uncertainty cloud outlook for digital privacy under President Trump

When President-elect Donald Trump officially takes office, he’ll inherit a powerful U.S. surveillance apparatus, including the National Security Agency, that’s already been accused of trampling over privacy rights.This has some legal experts worried, but like almost every other aspect of a Trump presidency, there are more questions than clarity over what exactly he plans to do.Over the course of his presidential campaign, Trump has only offered snapshots on his views about various U.S. privacy matters, but they suggest a pro-government surveillance stance.For instance, Trump showed support for the NSA’s bulk telephone data collection, which ended last year. “I err on the side of security,” he said at the time. And on Apple's refusal to provide the FBI access to an iPhone used by the San Bernardino shooter: the public should boycott the company until it complies, he said.To read this article in full or to leave a comment, please click here

President Trump: An uncertain future for tech industry, digital rights

U.S. President-elect Donald Trump's vision for the country's economy-driving technology industry is largely a blank canvas, and when he's dipped his toe into IT issues, he's made people nervous. Trump's campaign was dominated by debates over illegal immigration, lost manufacturing jobs, and character issues. Silicon Valley firms largely opposed Trump, and one of his signature issues, rewriting free trade deals between the U.S. and other nations, likely will hurt U.S tech companies' ability to sell products overseas. Meanwhile, digital rights groups say they expect Trump to call for expanded government surveillance programs to fight terrorism and fewer protections for privacy. And a Trump administration will likely work to gut net neutrality rules that the Federal Communications Commission passed only last year, although repealing the rules won't be easy.To read this article in full or to leave a comment, please click here

Ransomware hammers Madison County, Indiana

Madison County, Indiana, population of about 130,000, was the victim of a ransomware attack last week. Government workers without working computers were thrown back in the past to pen and paper, confusion abounds, and county commissioners unanimously voted to pay the ransom.Indiana State Police Capt. Dave Bursten told WTHR, “It's like when I came on in the 80s - we're doing everything with pencil and paper.”“We cannot query old information to bring up prior reports or prior court records,” Madison County Sheriff Scott Mellinger told Fox59. “If we want to bring somebody’s record up for something in the future, let’s say for somebody that has been arrested or somebody who is even in jail then we cannot look up information that would help us at a hearing. On the sheriff’s office side, we cannot book people into jail using the computers. We are using pencil and paper like the old days.”To read this article in full or to leave a comment, please click here

IBM package brings Watson smarts to everything IoT

IBM has released an experimental program developers can use to embed Watson cognitive intelligence features in all manner of IoT systems from robots and drones to sensors and avatars.IBM says the platform, called Project Intu lets Project Intu offers developers easily build cognitive or basically machine learning skills into a wide variety of operating systems – from Raspberry PI to MacOS, Windows to Linux devices. Devices using Intu can “interact more naturally with users, triggering different emotions and behaviors and creating more meaningful and immersive experience for users.  Developers can simplify and integrate Watson services, such as Conversation, speech-to-text, Language and Visual Recognition, with the capabilities of the “device” to, in essence, act out the interaction with the user,” IBM stated.To read this article in full or to leave a comment, please click here

The scary state of the cybersecurity profession

Most discussions about cybersecurity tend to go right to technology, and these days they usually start with the words “next generation” as in next-generation firewalls, IPS, endpoint security, etc. I get it, since innovative technology is sexy, but it’s important to realize that skilled cybersecurity professionals anchor cybersecurity best practices.  We depend on actual people to configure controls, sort through data minutiae to detect problems, and remediate issues in a timely manner.+ Also on Network World: Recruiting and retaining cybersecurity talent + Since these folks protect all our digital assets daily, it’s only natural that we’d be curious as to how they are doing. To measure these feelings, ESG teamed up with the Information Systems Security Association (ISSA) and conducted a survey of 437 global cybersecurity professionals. This project resulted in a recently published research report. To read this article in full or to leave a comment, please click here

Los Angeles: Warm weather, movie stars — and 100 million monthly cyber attacks

Los Angeles is famous for its warm weather and movie stars. But what may not be as well known is that it's also one of the largest targets for cyber attacks in the world.The city's infrastructure in highways, water and power -- and all the data behind it -- supports 4 million residents in the nation's second largest city. The city also collects data about Los Angeles International Airport as well as about the largest shipping port in the western hemisphere, where 43% of imported goods enter the U.S. The city government is even responsible for data related to elections, including yesterday's national election.It's not difficult to see the enormity of the city's security challenge, which includes protecting the personal data of city workers and residents.To read this article in full or to leave a comment, please click here

Robots present a cyber risk

The prospect of an army of robots marching in unison to launch an attack on an unsuspecting city belongs in the realm of science fiction—as do most images of menacing autonomous machines wreaking all kinds of havoc on civilization.That’s not to say robotics is free from security and safety threats, however. In fact, experts say the growing use of robots by companies such as manufacturers, retailers, healthcare institutions and other businesses can present a number of cyber risks.There are two primary issues related to security and robotics, says Michael Overly, a partner and information security attorney at law firm Foley & Lardner.First, these machines are generally integral to assembly line operations and other similar activities, Overly says. “An attack could literally bring a manufacturing or assembly plant to its knees,” he says. “We have seen this very outcome in a ransomware attack targeted at robotic assemblers in a plant in Mexico.” In that case, the ransomware locked up the specifications files from which the robots drew their operating parameters, he says.To read this article in full or to leave a comment, please click here

There’s a war on for cybersecurity talent

Filling cybersecurity jobs is getting so hard managers need to think outside the box if they hope to fill critical positions, experts say.That means redefining jobs, training human resources departments to screen resumes differently, seeking latent talent already inside the organization, and hiring bright, motivated people who can grow into critical roles, according to an expert panel speaking at the recent Advanced Cyber Security Center conference in Boston.+More on Network World: Phishing scheme crimps El Paso for $3.2 million+To read this article in full or to leave a comment, please click here

Microsoft patches 68 vulnerabilities, two actively exploited ones

Microsoft has patched 68 vulnerabilities in Windows, Office, Edge, Internet Explorer and SQL Server, two of which have already been exploited by attackers and three that have been publicly disclosed.The patches are covered in 14 security bulletins, one dedicated to Adobe Flash Player which is upgraded through Windows Update in Windows 10 and 8.1. Six of the bulletins are rated critical and eight are rated important.Administrators should prioritize the Windows patches in the MS16-135 bulletin, because they address a zero-day vulnerability that's already being exploited by a group of attackers known in the security industry as Fancy Bear, APT28 or Strontium.To read this article in full or to leave a comment, please click here

Microsoft fixes Windows flaw that Google divulged

Microsoft today patched a Windows vulnerability that was disclosed just over a week ago by researchers from Alphabet Inc.'s Google.In one of several security updates -- 14 to be exact -- Microsoft fixed the bug in the Windows kernel drivers that Google security engineers had revealed on Oct. 31, 10 days after notifying Microsoft of the vulnerability.Microsoft credited Neel Mehta and Billy Leonard of Google's Threat Analysis Group for reporting the flaw. Last week, the two said that because the vulnerability was being actively exploited, a disclose-within-seven-days policy applied.To read this article in full or to leave a comment, please click here

Competing hackers dampen the power of Mirai botnets

The malware behind last month's massive distributed denial-of-service attack in the U.S. appears to be losing its potency. Ironically, hackers are to blame for diluting its power.  The malware known as Mirai -- which is now available on the internet -- has become a bit too popular in the hacking community, according to security firm Flashpoint.Competing hackers have all been trying to take advantage of Mirai to launch new DDoS attacks. To do so, that means infecting the poorly secured internet-connected devices, such as surveillance cameras, baby monitors, and DVRs, that the malware was designed to exploit.To read this article in full or to leave a comment, please click here

Nov 2016 Patch Tuesday: Microsoft released 14 security updates, 6 rated critical

In addition to releasing 14 security updates on Election Day Patch Tuesday, six of which are rated critical, the Microsoft Security Response Center responded to requests for better access to security update information; Microsoft’s solution was to release a preview of its new Security Update Guide, “a single destination for security vulnerability information.”MSRC added, “Instead of publishing bulletins to describe related vulnerabilities, the new portal lets our customers view and search security vulnerability information in a single online database.”To read this article in full or to leave a comment, please click here

Adobe fixes flaws in Flash Player and Adobe Connect

Adobe Systems has released scheduled security patches for its widely used Flash Player software as well as the Adobe Connect web conferencing platform, which is  popular in enterprise environments.The Flash Player security updates fix nine critical vulnerabilities that could be exploited remotely to execute malicious code on computers. All of them were privately reported by researchers through Trend Micro's Zero Day Initiative, an exploit acquisition program.Users should upgrade to Flash Player 23.0.0.207 for Windows and Mac and to Flash Player 11.2.202.644 for Linux. The Flash Player builds bundled with Google Chrome, Microsoft Edge and Internet Explorer 11 will be upgraded automatically through those browsers' update mechanisms.To read this article in full or to leave a comment, please click here

Carnegie Mellon researchers visualize way to fend off DDoS attacks

Following the massive DDoS attack that last month that targeted DNS provider Dyn and temporarily knocked Twitter, Netflix and other big names off the Internet, we were bombarded with pitches from vendors begging to offer their expert opinions on the matter while extolling the virtues of their solutions that naturally would have safeguarded organizations.Now, a couple of weeks later, Carnegie Mellon's CyLab Security and Privacy Institute too is touting research that it says shows that the tools really needed to stymie such attacks are on the way. Somehow, this seems more believable than some of the all-to-eager vendor claims, though it doesn't appear the tools will quite be ready to fly for imminent DDoS attack candidates, such as 2016 U.S. Presidential Election-related sites and Black Friday 2016 websites.To read this article in full or to leave a comment, please click here