Archive

Category Archives for "Network World Security"

IDG Contributor Network: The day the 911 network stood still

In the early morning hours of Wednesday, Oct. 26, 2016, an apparent Telephony Denial of Service (TDoS) attack was brought against several cities that brought 911 to a grinding halt.The incident triggered a response from the Department of Homeland Security's National Cybersecurity & Communications Integration Center National Coordinating Center for Communications (NCIC/NCC) and a Watch Advisory for a TDoS attack on public-safety answering points (PSAP) was issued just after lunch.Investigators were led to a web page created by 18-year-old, Phoenix-based Meetkumar Hiteshbhai Desai. Desai said he was merely looking for bugs in Apple's iOS in an attempt to capture a reward from Apple as part of its bug bounty program. Apple launched this long-awaited program in September, and the company is offering five different categories of reward prizes:To read this article in full or to leave a comment, please click here

Black Hat Europe: IoT devices can hack phones

The Internet of things (IoT) has already been used to launch the biggest DDoS attacks ever, but now it represents a potential path for attackers to compromise cell phones.Flaws in Belkin WeMo devices - electrical switches, cameras, light bulbs, coffee makers, air purifiers, etc. – enabled Invincea Labs researchers to not only hack into the devices, but to use that access to attack an Android phone running the app that controls the WeMo devices.“This is the first instance we’ve seen of IoT hacking something else,” says researcher Scott Tenaglia, who pledges to look for other vulnerable devices that might be abused to carry out similar attacks.To read this article in full or to leave a comment, please click here

29% off Litom Solar Outdoor Motion Sensor Security Lights, 2 Pack – Deal Alert

This Amazon #1 best selling solar security light is super bright and easy to install wherever you need it. It features 3 modes: (1) Always on, (2) Dim until motion is detected, and (3) Off until motion is detected. It's designed with a large sensor that will detect motion over a larger distance, and 20 LED lights that the company claims are larger and more powerful than the competition offers. Being weatherproof, this is a light you can mount anywhere you need it outdoors. The Liton outdoor motion sensing light averages 4 out of 5 stars from over 1,100 people (see reviews), and a 2-pack is currently being offered at $35.29, a 29% discount over its typical list price of $50. See it now on Amazon.To read this article in full or to leave a comment, please click here

Microsoft to patch Windows bug that Google revealed

Microsoft on Tuesday said it would patch a Windows vulnerability next week that Google publicly revealed just 10 days after notifying Microsoft.Microsoft also identified the attackers, asserting that they were the same who had been accused by authorities of hacking the Democratic National Committee (DNC)."All versions of Windows are now being tested ... and we plan to release [the patches] publicly on the next Update Tuesday, Nov. 8," wrote Terry Myerson, the head of the Windows and devices group, in a post to a company blog.To read this article in full or to leave a comment, please click here

ExtraHop package captures files before ransomware encrypts them

The best defense against ransomware has been comprehensive backup, but ExtraHop is introducing a way to capture files just before ransomware encrypts them, making it possible to restore them but without relying on the backups.+More on Network World: Cisco: Potent ransomware is targeting the enterprise at a scary rate+A software upgrade to ExtraHop’s Ransomware Detection bundle picks up on precursors to ransomware encrypting files and captures them before the malware has the chance to encrypt.To read this article in full or to leave a comment, please click here

Brace yourselves, commercial drones are coming

Las Vegas Commercial UAV Expo Image by Magdalena Petrova Now in its second year, the Commercial UAV Expo in Las Vegas attracts companies who what to integrate drones into their workflows. Industries range from security, to construction, to surveying and mapping. Let's check out some of the drones that darted across our radar. To read this article in full or to leave a comment, please click here

Cisco seeks faster time to discovery for breaches, compromises

Cisco has announced security upgrades to cut the time compromises go unnoticed on endpoints, giving attackers less time to do damage if they get past preventive security measures.Unveiled at the Cisco Partner Summit this week, the new AMP for Endpoints comes with a lightweight agent to gather data that is analyzed in the Cisco AMP cloud. This lifts the processing burden from customers’ infrastructure.And the platform now includes an agentless feature for devices that can’t take an agent, such as visitors’ laptops.In addition to the cloud version, the analytics part of the platform can also be purchased for deployment on customer premises in their own private clouds. Detection, analysis and recommended response are handled in the cloud and pushed to the endpoints.To read this article in full or to leave a comment, please click here

NASA: Asteroid mission starts with a marriage of rocks, styrofoam and plywood

Robotically grabbing hunks of asteroid in deep space is no trivial task so it would be nice to practice the mission beforehand.That’s the goal with a mock-up asteroid NASA and the University of West Virginia recently built from rock, styrofoam, plywood and an aluminum endoskeleton. The mock-up is in preparation for NASA’s Asteroid Redirect Mission (ARM) which will send a spacecraft to rendezvous with a target asteroid, land a robotic spacecraft on the surface, grab a 4 meter or so sized boulder and begin a six-year journey to redirect the boulder into orbit around the moon for exploration by astronauts.+More on network World: How to protect Earth from asteroid destruction; Quick look: NASA’s ambitious asteroid grabbing mission+To read this article in full or to leave a comment, please click here

Do smartphone trade-ins threaten corporate security?

As the holiday season approaches (OK, it may already be here), workers in your company will likely be acquiring new smartphones. In fact, a recent survey by Blancco Technology Group says a whopping 68 percent of mobile users plan to purchase a new smartphone for the holidays. That number seems high to me, but come January, you can be pretty sure there will be a lot of shiny new iPhones, Galaxies and Pixels connecting to your corporate network. But that’s not what this post is about. No, this post is about what happens to all those no-longer-shiny BYOD smartphones that used to connect to your corporate network and work with your corporate data, but have now been replaced with something new. To read this article in full or to leave a comment, please click here

Trump and Clinton should answer these 10 cybersecurity questions

Cybersecurity getting little attentionImage by REUTERS/Jim YoungThis election has been more about style than substance, more about the candidates’ pasts than their plans, more personal attacks than policy proposals. Even the debates, where the moderators attempt to discuss issues in need of decisions and actions, have been more notable for the ferocity of attacks than the shrewdness of the strategies.To read this article in full or to leave a comment, please click here

Fixing the communications issues between IT security and the board and c-suite

In the months before an unexpected crisis, IT security requests specific tools, training, and additional staff to keep enterprise data safe, but does not substantiate the need in terms the business can understand. The c-suite denies the requests, pointing to the investments they have already made in security technologies. Suddenly, hackers strike with a massive cyber attack.Suffering financial losses and brand damage, the c-suite asks IT security what happened. Security responds that they need specific tools, training, and staff to mitigate these concerns. But again, security does not make a business case in language the c-suite can appreciate. The leadership turns to existing vendors, who sell them their latest security products.To read this article in full or to leave a comment, please click here(Insider Story)

Microsoft: Windows 0-day exposed by Google is being exploited by Russian DNC hackers

Microsoft issued a warning about the APT group most commonly known as “Fancy Bear,” or APT 28, and how it is exploiting the zero-day disclosed by Google on Halloween.Microsoft agreed that the zero-day is being actively exploited and pointed a finger of blame at a hacking group that is believed to be tied to the Russian government; the same group is believed to be responsible for hacks that resulted in data breaches at the Democratic National Committee and the Clinton campaign.Microsoft does not call the APT group “Fancy Bear” as its codename for the threat group is STRONTIUM. Terry Myerson, executive vice president of Microsoft’s Windows and Devices Group, wrote:To read this article in full or to leave a comment, please click here

Cisco says it’ll make IoT safe because it owns the network

Cisco Systems is making a play for the fundamental process of putting IoT devices online, promising greater ease of use and security as enterprises prepare to deploy potentially millions of connected objects.Thanks to a dominant position in Internet Protocol networks, Cisco can do what no other company can: Change networks that were not designed for IoT in order to pave the way for a proliferation of devices, said Rowan Trollope, senior vice president and general manager of the IoT & Applications Group.“The internet as we know it today, and the network that you operate, will not work for the internet of things,” Trollope said in a keynote presentation at the Cisco Partner Summit in San Francisco on Tuesday. “We can solve that problem because we own the network.”To read this article in full or to leave a comment, please click here

Police across the globe crackdown on darknet marketplaces

Law enforcement agencies across the globe staged a crackdown on so-called darknet web sites last week, targeting marchants and thousands of customers who were looking to obtain illegal drugs and goods.From Oct.22 to the 28th, the agencies took action against merchants and customers that used these sites for illicit items, U.S. Immigration and Customs Enforcement said in a statement on Monday.Unlike other websites, these underground marketplaces reside within the darknet -- a sort of parallel internet accessible to visitors via anonymizing software like Tor. While the software has legitimate uses, such as safeguarding communications in authoritarian countries, it has been adopted for more illicit means.To read this article in full or to leave a comment, please click here

20% off Ring Wi-Fi Enabled Video Doorbell – Deal Alert

The Ring Video Doorbell is the world's first battery-operated, Wi-Fi enabled, HD video doorbell. The device enables homeowners to see and speak with visitors from anywhere in the world by streaming live audio and video of a home's front doorstep directly to the free iOS or Android app. The doorbell's built-in motion sensors detect movement up to 30 feet, and HD video recording stores all recorded footage to the cloud which can be accessed via the Ring app. The Ring Doorbell is quick and easy to set up as it mounts and syncs in minutes and has a built in battery, however, it can also be powered through your existing doorbell wires.  Over 11,000 people have reviewed the Ring Video Doorbell on Amazon (read reviews) and have given it an average of 4 out of 5 stars. Right now its list price of $199 has been reduced to $160. See it now on Amazon.To read this article in full or to leave a comment, please click here

11 cool high-tech aerial headquarters photos

High aboveImage by Reuters/Noah BergerApple’s “Spaceship” headquarters building, which is under construction but will soon be completed, gets a lot of attention but there are other high-tech headquarters that look good – especially from above. Here we take a look at just a few of them.To read this article in full or to leave a comment, please click here

Researchers build undetectable rootkit for programmable logic controllers

Researchers have devised a new malware attack against industrial programmable logic controllers (PLCs) that takes advantage of architectural shortcomings in microprocessors and bypasses current detection mechanisms.The attack changes the configuration of the input/output pins that make up the interface used by PLCs to communicate with other devices such as sensors, valves, and motors. PLCs are specialized embedded computers used to control and monitor physical processes in factories, power stations, gas refineries, public utilities, and other industrial installations.The attack, which will be presented at the Black Hat Europe security conference in London on Thursday, was developed by Ali Abbasi, a doctoral candidate in the distributed and embedded system security group at the University of Twente in the Netherlands, and Majid Hashemi, a research and development engineer at Quarkslab, a Paris-based cybersecurity company.To read this article in full or to leave a comment, please click here

Gartner: Despite the DDoS attacks, don’t give up on Dyn or DNS service providers

The DDoS attacks that flooded Dyn last month and knocked some high-profile Web sites offline don’t mean businesses should abandon it or other DNS service providers, Gartner says.In fact, the best way to go is to make sure critical Web sites are backed by more than one DNS provider, says Gartner analyst Bob Gill.+More on Network World: Gartner Top 10 technology trends you should know for 2017+To read this article in full or to leave a comment, please click here

That’s just wrong: Accusing granny of pirating zombie game

Releasing 60 million genetically modified mosquitoes a week sounds just wrong, but in theory the mutant mosquitoes will mate with normal mosquitos so the offspring will have a genetic flaw that causes them to die quickly. There is no mention of whether or not the millions of mutant mosquitoes to be released weekly will feed on the people of Brazil. If that’s not just wrong, then the three examples below surely are.Saddam Hussein…really Apple?Apple refused to issue a male customer a refund for an iPhone 7 unless he could prove he was not Saddam Hussein – you know, the Iraqi dictator executed by hanging in 2006 – basically a decade ago. Apparently, someone working for Apple was unaware of that fact.To read this article in full or to leave a comment, please click here

UK government to spend $2.3 billion to bolster cybersecurity

The U.K. government will spend £1.9 billion (US $2.3 billion) over the next five years to pump up its cybersecurity defenses and pay for new research, Chancellor of the Exchequer Philip Hammond said. The goal of the spending, part of a new national cybersecurity strategy, is to make the U.K. one of the "safest places in the world to do business," with a world-class cybersecurity industry and workforce, Hammond said Tuesday.To read this article in full or to leave a comment, please click here