Archive

Category Archives for "Network World Security"

U.S. indicts Russian for hacking LinkedIn, Dropbox, Formspring

The U.S. has charged a suspected Russian hacker with breaking into computers at LinkedIn, Dropbox and a question-and-answer site formerly known as Formspring.On Thursday, a federal grand jury indicted 29-year-old Yevgeniy Aleksandrovich Nikulin following his arrest by Czech police in Prague on Oct. 5.LinkedIn has said that Nikulin was involved in the 2012 breach of the company that stole details from over 167 million accounts. However, a U.S. court filing unsealed on Friday only gave limited details on Nikulin's alleged crimes.To read this article in full or to leave a comment, please click here

How the Dyn DDoS attack unfolded

Today's attacks that overwhelmed the internet-address lookup service provided by Dyn were well coordinated and carefully plotted to take down data centers all over the globe, preventing customers from reaching more than 1,200 domains Dyn was in charge of.The attacks were still going on at 7 p.m. Eastern time, according to ThousandEye, a network monitoring service.Dyn’s service takes human-language internet addresses such as www.networkworld.com and delivers the IP addresses associated with them so routers can direct the traffic to the right locations.To read this article in full or to leave a comment, please click here

An IoT botnet is partly behind Friday’s massive DDOS attack

Malware that can build botnets out of IoT devices is at least partly responsible for a massive distributed denial-of-service attack that disrupted U.S. internet traffic on Friday, according to network security companies.Since Friday morning, the assault has been disrupting access to popular websites by flooding a DNS service provider called Dyn with an overwhelming amount of internet traffic.Some of that traffic has been observed coming from botnets created with the Mirai malware that is estimated to have infected over 500,000 devices, according to Level 3 Communications, a provider of internet backbone services.To read this article in full or to leave a comment, please click here

Extensive DDoS attack against Dyn restarts, could indicate a new use of old criminal tech

Attacks against DNS service provider Dyn resumed today after a two and a half hour lull, and could indicate a new application of an old criminal technology, experts say.Dyn hasn’t shared details on the type of DDoS attacks used nor the size of those attacks that have affected access to sites including Amazon, Etsy, GitHub, Shopify, Twitter and the New York Times.+More on Network World: Gartner Top 10 strategic technology trends you should know for 2017To read this article in full or to leave a comment, please click here

Easy-to-exploit rooting flaw puts Linux computers at risk

The maintainers of Linux distributions are rushing to patch a privilege escalation vulnerability that's already being exploited in the wild and poses a serious risk to servers, desktops and other devices that run the OS.The vulnerability, tracked as CVE-2016-5195, has existed in the Linux kernel for the past nine years. This means that many kernel versions that are used in a variety of computers, servers, routers, embedded devices and hardware appliances are affected.The Red Hat security team describes the flaw as a "race" condition, "in the way the Linux kernel's memory subsystem handles the copy-on-write (COW) breakage of private read-only memory mappings." This allows an attacker who gains access to a limited user account to obtain root privileges and therefore take complete control over the system.To read this article in full or to leave a comment, please click here

DNS provider Dyn gets DDoSed, takes out Twitter, GitHub and plenty others

Some of the biggest names on the internet – including Twitter, GitHub, Etsy, Shopify, the New York Times and the Boston Globe, among many others – were temporarily knocked offline by a DDoS attack that targeted DNS provider Dyn early Friday morning.DNS is the mechanism by which computers turn human-readable web addresses like www.networkworld.com into a numerical format that can be used to retrieve the actual web page. Dyn is a managed DNS provider – essentially, a phone book that computers use to correlate IP addresses to web page names.+ALSO ON NETWORK WORLD: Apple sues Amazon supplier over fake iPhone chargers + Technology confirms election ballot error is less than .001%To read this article in full or to leave a comment, please click here

IDG Contributor Network: 7 steps to proactive security

Data breaches are increasingly becoming an expensive problem for more and more companies. According to the most recent Ponemon Institute Data Breach report, insecure data cost companies an average of $221 per compromised record in 2016, an increase of 7 percent from the previous year and an all-time high.+ Also on Network World: A breach alone means liability + The key to securing against this threat lies in a common metaphor—if a ship has a hole, it is better to patch the breach than bail the water. Effective cybersecurity means being proactive, getting ahead of the problem and addressing the issue at its core rather than operating in a reactive fashion, constantly fixing the symptoms.To read this article in full or to leave a comment, please click here

Intel asserts its trademark rights against John McAfee

Intel does not object to John McAfee using his personal name in connection with his business, but it objects to the use by the maverick entrepreneur and security expert of the McAfee trade name and trademark in a way that could confuse or deceive consumers or dilute the brand.The issue came up when John McAfee teamed with MGT Capital Investments, which had been until recently mainly into gaming sites, and announced in May that it is in the process of acquiring a diverse portfolio of cybersecurity technologies. MGT also announced that it intended to change its corporate name to “John McAfee Global Technologies, Inc.” with John McAfee at the helm of the new company.To read this article in full or to leave a comment, please click here

Ex-NSA contractor hoarded two decades’ worth of secrets

The former National Security Agency contractor suspected of stealing U.S. hacking tools allegedly was found hoarding two decades' worth of classified materials.In a Thursday court filing, federal investigators provided new details on their case against 51-year-old Harold Martin, who was arrested in late August. Investigators have seized 50 terabytes of information from Martin, in addition to thousands of pages of documents, the filing said. Among them are classified operational plans against a known enemy of the U.S that Martin had no need to know about.On Wednesday, The New York Times also reported that Martin was found in possession of NSA hacking tools that have recently been put up for sale online. An anonymous group of hackers calling themselves the Shadow Brokers have been trying to sell the tools since mid-August, but it's unclear how they obtained them.To read this article in full or to leave a comment, please click here

Indian banks replace millions of debit cards after possible breach

Indian banks have asked customers to change the PINs, and in some cases blocked access, to 3.2 million debit cards after concerns about a security breach.The issue surfaced in September when some banks complained that their customers' cards were used fraudulently mainly in China and the U.S. while the account holders were in India, the National Payments Corporation of India said late Thursday.India's top government-controlled bank, the State Bank of India, said earlier this week that after card network companies like Visa and MasterCard had informed various banks of a potential risk to some cards because of a data breach, it had taken the precautionary measure of blocking the cards identified by the networks.To read this article in full or to leave a comment, please click here

GuardiCore helps security teams see into apps and networks before they segment

The digital business era has brought with it a number of new tools and technologies, such as software-defined networking (SDN), Internet of Things (IoT), mobility and the cloud. These innovations enable businesses to increase their level of dynamism and be more distributed, but they also increase the complexity of securing the business. Old-school security methods and tools do not work in an environment where the perimeter is eroding and resources are becoming more virtual and cloud-centric.+ Also on Network World: Always be prepared: Monitor, analyze and test your security + To combat this, security professionals have embraced the concept of segmentation. The number of segmentation providers has exploded over the past few years, including VMware repositioning its NSX network virtualization product as a micro-segmentation solution. To read this article in full or to leave a comment, please click here

3 ways Windows Server 2016 is tackling security

Every version of Windows — client and server — has promised improved security. But with Windows 10 and Windows Server 2016, Microsoft is going beyond the usual incremental improvements and closing of loopholes and giving you the tools to reduce the dangers of phished credentials, over-privileged admins and untrustworthy binaries.“In the past, security was always something that was part of another technology” says Jeff Woolsey, principal group program manager at Microsoft. “We needed to pull it out.”Security and protecting identity comes up in every conversation Microsoft has with customers, he says. And the scale of attacks means that security isn’t just something for the IT team to worry about any more, adds Jeffrey Snover, lead architect for the enterprise cloud group and the Microsoft Azure stack. “When we asked customers ‘what are your IT concerns?’ there were some messages we heard consistently. There were too many stories about getting hacked and not knowing for months.”To read this article in full or to leave a comment, please click here(Insider Story)

Free tool protects PCs from master boot record attacks

Cisco Systems' Talos team has developed an open-source tool that can protect the master boot record of Windows computers from modification by ransomware and other malicious attacks.The tool, called MBRFilter, functions as a signed system driver and puts the disk's sector 0 into a read-only state. It is available for both 32-bit and 64-bit Windows versions and its source code has been published on GitHub.The master boot record (MBR) consists of executable code that's stored in the first sector (sector 0) of a hard disk drive and launches the operating system's boot loader. The MBR also contains information about the disk's partitions and their file systems.To read this article in full or to leave a comment, please click here

LinkedIn blames Russian hacking suspect for 2012 breach

A suspected Russian hacker arrested recently in the Czech Republic was involved in a massive 2012 data breach at LinkedIn, the professional social networking company says. LinkedIn said Wednesday that it has been working with the FBI to track down the culprits behind the data breach, which exposed hashed passwords from 117 million accounts."We are thankful for the hard work and dedication of the FBI in its efforts to locate and capture the parties believed to be responsible for this criminal activity," LinkedIn said in an email.To read this article in full or to leave a comment, please click here

Yahoo asks US for clarity on email scanning controversy

Yahoo is asking that the U.S. government set the record straight on requests for user data, following reports saying the internet company has secretly scanned customer emails for terrorism-related information.  On Wednesday, Yahoo sent a letter to the Director of National Intelligence James Clapper, saying the company has been "unable to respond" to news articles earlier this month detailing the alleged government-mandated email scanning."Your office, however, is well positioned to clarify this matter of public interest," the letter said.The scanning allegedly involved searching through the email accounts of every Yahoo user and may have gone beyond other U.S. government requests for information, according to a report from Reuters.  To read this article in full or to leave a comment, please click here

Russian hacker group used phony Google login page to hack Clinton campaign

A Russian hacking group used spearphishing to steal the Gmail login credentials of Hillary Clinton campaign staff, and that may be how campaign emails now being released were stolen, according to Secure Works. The attack targeted 108 hillaryclinton.com email addresses, and was carried out by a Russian group called Threat Group-4127 (TG-4127), according to Secure Works’ Counter Threat Unit (CTU) blog. CTU can’t directly link the spearphishing operation against the Clinton campaign with the hack of Democratic National Committee emails revealed June 14, but “CTU researchers suspect that TG-4127 used the spearphishing emails or similar techniques to gain an initial foothold in the DNC network. “To read this article in full or to leave a comment, please click here

Your robot doctor overlords will see you now

Seems the days of the annual trip to your doctor’s office may be fading in favor of a virtual healthcare provider. At least if you follow the research presented by Gartner this week which predicted by 2025, 50% of the population will rely on what it called virtual personal health assistants (VPHAs) for primary care, finding them more responsive and accurate than their human counterparts. +More on Network World: Gartner Top 10 strategic technology trends you should know for 2017To read this article in full or to leave a comment, please click here

Flaw in Intel CPUs could help attackers defeat ASLR exploit defense

A feature in Intel's Haswell CPUs can be abused to reliably defeat an anti-exploitation technology that exists in all major operating systems, researchers have found.The technique, developed by three researchers from State University of New York at Binghamton and the University of California in Riverside, can be used to bypass address space layout randomization (ASLR) and was presented this week at the 49th annual IEEE/ACM International Symposium on Microarchitecture in Taipei.ASLR is a security mechanism used by operating systems to randomize the memory addresses used by key areas of processes, so that attackers don't know where to inject their exploit shellcode.To read this article in full or to leave a comment, please click here

Politics keeps the U.S. from securing private-sector networks, says former CIA chief Robert Gates

ORLANDO, Fla. -- A person who had access to the nation's deepest secrets, Robert Gates, the former CIA chief and U.S. Secretary of Defense from 2006 to 2011, is lot more open in retirement.Gates had the crowd at the Gartner Symposium/ITxpo laughing over his observations about IT and applauding at some of the things he believes in.On stage here, for instance, Gartner analyst Richard Hunter fired off questions, asking at one point whether Edward Snowden, the former security contract employee who in 2010 took thousands of classified documents, was a "traitor or hero?"To read this article in full or to leave a comment, please click here

Czech police arrest Russian hacker suspected of targeting the US

Police in the Czech Republic have arrested a Russian hacker suspected of targeting the U.S. for cyber crime.Czech police, working in collaboration with the FBI, arrested the Russian man at a hotel in central Prague. He is currently in custody and now faces possible extradition to the U.S., depending on what the local courts decide, according to a statement from the Czech police.The arrest comes as the U.S. has blamed Russian government for hacking U.S. officials and political groups in an effort to influence this year's upcoming election. However, it's unclear if the Russian hacker is in any way involved.To read this article in full or to leave a comment, please click here