Archive

Category Archives for "Network World Security"

Startup Nubeva pitches Security as a Service in the cloud

A team made up of executives from Aruba Networks and Panzura are out with a new self-funded startup this week that aims to deploy security tools that enterprises use in their campus and extend it to the cloud.The idea of Nubeva is to create a Security as a Service platform that takes existing security tools and controls that organizations use in their data centers and other on premises infrastructure and mirror that same stack of security tools in the public cloud. Nubeva has created a platform that automates the deployment of those security resources in the public cloud.+MORE AT NETWORK WORLD: How the Dyn DDoS attack unfolded +To read this article in full or to leave a comment, please click here

DDoS attacks from webcams, routers hit Singapore’s StarHub

Following Friday's massive internet disruption in the U.S., a Singapore-based broadband provider reports it faced two distributed denial-of-service attacks, forcing users offline.The attacks, which occurred Saturday and then on Monday, targeted Singapore's StarHub, briefly cutting internet access for the company's home broadband subscribers before services were restored."These two recent attacks that we experienced were unprecedented in scale, nature and complexity," StarHub said in a Facebook posting on Wednesday.In addition, the company has reportedly said that malware-infected broadband routers and webcams were involved in the two attacks, producing a spike in internet traffic that overwhelmed the company's services.To read this article in full or to leave a comment, please click here

Do you know where your sensitive documents are?

No organization wants to see sensitive information walk out its doors, yet it happens with alarming frequency.According to a recent study by Accusoft, a provider of document and imaging software, 34 percent of IT managers say their organization "has had sensitive information compromised due to poor file management practices." Yet 90 percent of them report being "confident they have the tools they need to protect their organizations’ documents."The survey of more than 100 U.S. IT managers and 250 full-time employees revealed an alarming disconnect between IT managers and their users. "Seventy-four percent of IT managers report that their firms have a formalized document management solution," according to the report. "At the same time, less than half (49 percent) of end users believed these resources were available." And 20 percent of employees "claim they don’t know what document management tools their employer uses."To read this article in full or to leave a comment, please click here(Insider Story)

Emergency Flash Player patch fixes zero-day critical flaw

Adobe Systems has released an emergency patch for Flash Player in order to fix a critical vulnerability that attackers are already taking advantage of.The vulnerability, tracked as CVE-2016-7855 in the Common Vulnerabilities and Exposures database, is a use-after-free error that could lead to arbitrary code execution."Adobe is aware of a report that an exploit for CVE-2016-7855 exists in the wild, and is being used in limited, targeted attacks against users running Windows versions 7, 8.1 and 10," the company warned in a security advisory Wednesday.Users are advised to upgrade to Flash Player 23.0.0.205 on Windows and Mac and to version 11.2.202.643 on Linux. The Flash Player runtime bundled with Google Chrome and Microsoft Edge or Internet Explorer 11 on Windows 10 and 8.1 will be updated automatically through those browsers' update mechanisms.To read this article in full or to leave a comment, please click here

Attackers are now abusing exposed LDAP servers to amplify DDoS attacks

Attackers are abusing yet another widely used protocol in order to amplify distributed denial-of-service attacks: the Lightweight Directory Access Protocol (LDAP), which is used for directory services on corporate networks.DDoS mitigation provider Corero Network Security has recently observed an attack against its customers that was reflected and amplified through Connectionless LDAP (CLDAP), a variant of LDAP that uses the User Datagram Protocol (UDP) for transport.DDoS reflection is the practice of sending requests using a spoofed source IP address to various servers on the Internet, which will then direct their responses to that address instead of the real sender. The spoofed IP address is that of the intended victim.To read this article in full or to leave a comment, please click here

FBI snags group that allegedly pinched 23,000 or $6.7 million worth of iPhones

The FBI today said it had arrested a group of men in connection with the theft of 23,000 Apple iPhones from a cargo area at the Miami International Airport in April.The stolen iPhones were worth approximately $6.7 million and the arrests of Yoan Perez, 33; Rodolfo Urra, 36; Misael Cabrera, 37; Rasiel Perez, 45; and Eloy Garcia, 42 were all made at the suspect’s residences throughout Miami Dade County, the FBI said. These subjects are in federal custody and are facing federal charges. Their initial appearances are expected to be in federal court in Miami.+More on Network World: US Senator wants to know why IoT security is so anemic+To read this article in full or to leave a comment, please click here

Samy Kamkar hacks IoT security camera to show exploitable dangers to enterprise

ForeScout Technologies released an “IoT Enterprise Risk Report” (pdf) which identified seven IoT devices that can be hacked in as little as three minutes: IP-connected security systems, smart HVACs and energy meters, VoIP phones, connected printers, video conferencing systems, smart light bulbs and smart refrigerators. Although the hack might only take a few minutes to pull off, it might take weeks to find and fix.Other “key findings” of the report include: Should any of these devices become infected, hackers can plant backdoors to create and launch an automated IoT botnet DDoS attack. Cybercriminals can leverage jamming or spoofing techniques to hack smart enterprise security systems, enabling them to control motion sensors, locks and surveillance equipment. With VoIP phones, exploiting configuration settings to evade authentication can open opportunities for snooping and recording of calls. Via connected HVAC systems and energy meters, hackers can force critical rooms (e.g. server rooms) to overheat critical infrastructure and ultimately cause physical damage. Potential scenarios for after an IoT device is hacked include using compromised smart video conferencing systems for spying via camera and microphone, disabling security cameras to allow physical break-ins, snooping on calls via VoIP phones and snagging private company Continue reading

Cybersecurity Isn’t Always a “Boardroom Issue”

We’ve all heard or read the rhetoric that “cybersecurity has become a boardroom issue.”  I certainly agree that we are trending in this direction but is this true today or nothing more than marketing hype?ESG recently published a new research report in collaboration with the Information Systems Security Association (ISSA) titled, The State of Cyber Security Professional Careers, to ask a number of questions and truly capture the voice of cybersecurity professionals. As part of this project, cybersecurity professionals were asked if their CISO’s (or similar role) participation with executive management (i.e. CEO, board of directors, etc.) was at an adequate level.  Just over (56%) half answered “yes,” but 16% thought the level of CISO participation with executive management should increase somewhat while another 12% believe that the CISO’s level of participation with executive management should increase significantly.  The remaining 16% responded, “don’t know” (note: I am an ESG employee).   To read this article in full or to leave a comment, please click here

Flash mobs the latest threat this holiday season

The holiday season rings in more than just higher sales for retailers. There's also more shoplifting and lower profit margins than the rest of the year, according to a report released today. Plus, this year, there's an extra surprise -- flash mobs.Not the dancing, music-playing, watching-a-couple-get-engaged kind of flash mobs. But the kind of flash mobs where a bunch of people all show up at a store at once, pull hats low over their heads, grab everything in sight, and split.Just last week, there was a flash mob at an Apple store in Natick, Mass., that took off with more than $13,000 worth of iPhones in less than a minute.To read this article in full or to leave a comment, please click here

Russian criminals’ bank attacks go global

Russian cybercriminals have field tested their attack techniques on local banks, and have now begun taking them global, according to a new report -- and a new breed of mobile attack apps is coming up next.Criminals stole nearly $44 million directly from Russian banks in the last half of 2015 and the first half of 2016, according to Dmitiry Volkov, co-founder and head of threat intelligence at Moscow-based Group-IB.That was up 292 percent from the same period a year earlier. Direct, targeted attacks against banks now account for 45 percent of all bank-related cybercrime in Russia.To read this article in full or to leave a comment, please click here

Cyber after Snowden

Since Edward Snowden leaked classified information from the National Security Agency (NSA) in 2013, the FBI and Apple had a public battle around privacy, Shadow Brokers leaked some of the NSA's hacking tools, and Hal Martin, an ex-NSA contractor was arrested for stealing classified information.To read this article in full or to leave a comment, please click here

IDG Contributor Network: OwnBackup: Don’t rely on SaaS vendors to do their own backup and recovery

Back when Salesforce and its ilk invented software as a service (SaaS), there was much wailing and gnashing of the teeth about the security around these new, as-yet-unproven approaches to delivering software. Many people suggested that these vendors were fly-by-nighters—that they would fail and customers’ data would be lost forever.A decade or so later, and apart from some high-profile cases (who remembers Magnol.ia?), that doomsday scenario hasn’t occurred. SaaS vendors are safely doing their job and keeping customers’ data safe.+ Also on Network World: Why it takes a cloud service to manage cloud services + Given this fact, you could be forgiven for assuming that there would be no opportunity for a vendor whose core mission is to help users backup their SaaS data. For one thing, SaaS vendors hardly ever fail and for another, even if short-term outages and small-scale losses occur, SaaS vendors can be relied upon to do their own backup and recovery. Right?To read this article in full or to leave a comment, please click here

Was the Dyn DDoS attack actually a script kiddie v. PSN?

The massive DDoS attack that disrupted the internet address-lookup service Dyn last week was perhaps pulled off by a script kiddie targeting PlayStation Network and using Mirai malware to assemble a massive IoT botnet, according to research by Flashpoint.“Flashpoint assesses with moderate confidence that the most recent Mirai attacks are likely connected to the English-language hacking forum community, specifically uses and reads of the forum “hackforums.net,” according to a blog by Allison Nixon, director of security research at Flashpoint.She says the company has discovered the infrastructure used in the Dyn attack also targeted “a well-known video game company” that she doesn’t name. A post on hackforums.net seems to agree with this possibility. It indicates the target was PlayStation Network and that Dyn was hit because it provides DNS services to PSN. Going after the name servers (NS) that provide lookups for PSN would prevent traffic from reaching PSN.To read this article in full or to leave a comment, please click here

Dyn attack: US Senator wants to know why IoT security is so anemic

The security around the development of Internet of Things products is weak and U.S. Sen. Mark R. Warner (D-Va.) today sent a letter to the Federal Communications Commission (FCC), the Federal Trade Commission (FTC) and the Department of Homeland Security (DHS) to ask why and what can be done to fix the problem. Sen. Mark Warner (D-VA) In the letter Warner, who is member of the Senate Select Committee on Intelligence and co-founder of the bipartisan Senate Cybersecurity Caucus, asked questions such as: What types of network management practices are available for internet service providers to respond to DDoS threats? And would it be a reasonable network management practice for ISPs to designate insecure network devices as “insecure” and thereby deny them connections to their networks, including by refraining from assigning devices IP addresses?To read this article in full or to leave a comment, please click here

How to approach keeping your IoT devices safe

Nothing is safeImage by Shardayyy With the recent take down of DYN and Brian Krebs’ web site, cybercriminals have found a way to use your own devices to bring the Internet to its knees. Portnox’s CEO Ofer Amitai provides some ways to keep those devices safe from these attacks.To read this article in full or to leave a comment, please click here

Rise of the IoT machines

Friday’s distributed denial-of-service attack on domain name service provider Dyn may have seemed like the end of the world for millions of Netflix, Twitter and Spotify users, but security professionals say the service disruption was merely a nuisance attack – although an eye opening one – compared to the potential damage that can be unleashed by billions of unsecure IoT devices.“It’s really just the tip of the iceberg,” says Nicholas Evans, vice president and general manager within the Office of the CTO at Unisys, where he leads its worldwide applied innovation program. “You can grade the threat intensity as the IoT devices become more autonomous, like self-driving cars, or more controllable, like some of factory-type devices that actually manipulate the physical environment. That’s where the real threat is.”To read this article in full or to leave a comment, please click here

Workstation software flaw exposes industrial control systems to hacking

The software used to program and deploy code to various Schneider Electric industrial controllers has a weakness that could allow hackers to remotely take over engineering workstations.The software, known as Unity Pro, runs on PCs used by engineers and includes a simulator for testing code before deploying it to programmable logic controllers (PLCs). These are the specialized hardware devices that monitor and control mechanical processes -- spinning motors, opening and closing valves, etc. -- inside factories, power stations, gas refineries, public utilities and other industrial installations.Researchers from industrial cybersecurity firm Indegy found that unauthenticated attackers could execute malicious code on Windows computers where the Unity Pro PLC simulator is installed. That code would run with debug privileges leading to a complete system compromise.To read this article in full or to leave a comment, please click here

Critical account creation flaws patched in popular Joomla CMS

The Joomla developers are warning website administrators to apply an update for the popular content management system that fixes two critical vulnerabilities.The flaws are serious enough that the Joomla project released a prenotification about the planned update on Friday, urging everyone to be prepared to install it as soon as possible. This suggests that attacks targeting these vulnerabilities are expected to follow shortly.Joomla 3.6.4, released Tuesday, fixes a high-priority flaw in the account creation component that could be exploited to create accounts on a Joomla-based website even if user registration has been disabled on it.To read this article in full or to leave a comment, please click here

ARM builds up security in the tiniest IoT chips

IoT is making devices smaller, smarter, and – we hope – safer. It’s not easy to make all those things happen at once, but chips that can help are starting to emerge.On Tuesday at ARM TechCon in Silicon Valley, ARM will introduce processors that are just a fraction of a millimeter across and incorporate the company’s TrustZone technology. TrustZone is hardware-based security built into SoC (system on chip) processors to establish a root of trust.It’s designed to prevent devices from being hacked and taken over by intruders, a danger that’s been in the news since the discovery of the Mirai botnet, which recently took over thousands of IP cameras to mount denial-of-service attacks.To read this article in full or to leave a comment, please click here

Privacy and security problems in TrackR, iTrack Easy and Nut IoT trackers

People who tend to lose or misplace things may turn to “smart” trackers, tiny devices which can be attached to keys, TV remotes, just about anything, and then the Bluetooth-enabled tracker helps you find the “lost” item via a smartphone. Many have a crowdsourcing feature so other people on that tracker’s network can also help locate a missing item. But how secure are these IoT trackers? Two researchers at Rapid7 decided to find out.Deral Heiland, principal security consultant at Rapid7, aka @Percent_X, and Adam Compton, senior security consultant at Rapid7, aka @tatanus, took aim at four different trackers: iTrack Easy, Nut Smart Tracker, TrackR Bravo and Tile. They looked at the devices as well as the companion iOS apps and found issues with each.To read this article in full or to leave a comment, please click here