Archive

Category Archives for "Network World Security"

Verizon signals Yahoo data breach may affect acqusition

Verizon has signaled that Yahoo's massive data breach may be enough reason to halt its US$4.8 billion deal to buy the internet company.On Thursday, Verizon's general counsel Craig Silliman said the company has a "reasonable basis" to believe that the breach involving 500 million Yahoo accounts has had a material impact on the acquisition. This could give the company room to back out or get a large discount."We're looking to Yahoo to demonstrate to us the full impact," he added. "If they believe that it's not, then they'll need to show us that."In response, Yahoo said, "We are confident in Yahoo’s value and we continue to work towards integration with Verizon."To read this article in full or to leave a comment, please click here

Thousands of online shops compromised for credit card theft

Almost 6,000 online shops have been compromised by hackers who added specially crafted code that intercepts and steals payment card details.These online skimming attacks were first discovered by Dutch researcher Willem de Groot a year ago. At that time, he found 3,501 stores containing the malicious JavaScript code. However, instead of getting better, the situation is increasingly worse.By March the number of infected shops grew by almost 30 percent to 4,476, and by September, it reached 5,925. More than 750 online stores who were unwillingly skimming payment card details for attackers in 2015 are still doing so today, showing that this type of activity can go undetected for months, the researcher said in a blog post.To read this article in full or to leave a comment, please click here

What is MANRS and does your network have it?

While the internet itself was first envisioned as a way of enabling robust, fault-tolerant communication, the global routing infrastructure that underlies it is relatively fragile. A simple error like the misconfiguration of routing information in one of the 7,000 to 10,000 networks central to global routing can lead to a widespread outage, and deliberate actions, like preventing traffic with spoofed source IP addresses, can lead to distributed denial of service (DDoS) attacks.The Internet Society (ISOC), a cause-driven nonprofit organization that seeks to promote the open development, evolution and use of the Internet and the parent organization of the Internet Engineering Task Force (IETF) standards body, is moving to change that. In 2014, ISOC introduced its Mutually Agreed Norms for Routing Security (MANRS) initiative. Today ISOC announced that the initiative membership has more than quadrupled in its first two years, growing from its initial nine network operators to 42 network operators today.To read this article in full or to leave a comment, please click here

The OPM breach report: A long time coming

If you want to have even a chance of defeating cyber attacks, you have to be quick.So, in hindsight, there is no mystery why the federal government’s Office of Personnel Management (OPM) was a loser to attackers who exfiltrated personal data – including in many cases detailed security clearance information and fingerprint data – of more than 22 million current and former federal employees.Hackers, said to be from China, were inside the OPM system starting in 2012, but were not detected until March 20, 2014. A second hacker, or group, gained access to OPM through a third-party contractor in May 2014, but was not discovered until nearly a year later.To read this article in full or to leave a comment, please click here

Cisco patches critical authentication flaw in conferencing servers

Cisco Systems has patched a critical vulnerability that could allow hackers to gain access to Cisco Meeting and Acano servers that are used in enterprise environments for video and audio conferencing.The flaw allows an unauthenticated attacker to masquerade as a legitimate user because the Extensible Messaging and Presence Protocol (XMPP) service incorrectly processes a deprecated authentication scheme, Cisco said in an advisory.The flaw affects Cisco Meeting Server versions prior to 2.0.6 with XMPP enabled, as well as versions of the Acano Server prior to 1.8.18 and prior to 1.9.6. If upgrading to the latest releases is not immediately possible, administrators are advised to disable XMPP on their servers and keep using the other available protocols.To read this article in full or to leave a comment, please click here

Yahoo shows that breach impacts can go far beyond remediation expenses

Companies that focus on the immediate breach remediation costs may be missing the big picture, and could be under-investing in security as a result.Several studies have come out recently trying to get a handle on the total costs of a data breach, with a large variation in costs - from less than $1 million on average, to $6 million - based on the data sets and types of included costs.But the actual numbers could be several times higher.Take the Yahoo breach, for example, which could lead to a $1 billion drop in the company's value.To read this article in full or to leave a comment, please click here

Putin denies any Russian interest in alleged US election hacking

Russian President Vladimir Putin is rejecting claims that his country is behind any U.S. election-related hacking, saying "hysteria" is fueling the allegations."This has nothing to do with Russia's interests," he said on Wednesday at an investors conference in Moscow.Putin made the comments after the U.S. publicly blamed the Russian government last Friday for hacking U.S. officials and political groups in an effort to influence the upcoming presidential election.Stolen documents from those hacks, including sensitive emails, have been leaking online over the past months, potentially hurting the election chances of Democratic presidential candidate Hillary Clinton.To read this article in full or to leave a comment, please click here

The Truth About Cybersecurity Certifications

It’s a common trait amongst cybersecurity professionals.  When they meet each other, discuss their qualifications with prospective employers, or print their business cards, there is often an alphabet soup of initials by their names, specifying the many certifications they’ve achieved.Now some of these certifications are certainly worthwhile but over the last few years, the entire industry has gone gaga with dozens of new cybersecurity certifications offered by for-profit organizations.  This has led to a marketing push with a consistent message that more certifications equate to more money, knowledge, and opportunities for cybersecurity professionals.To read this article in full or to leave a comment, please click here

IDG Contributor Network: A night to remember: Engineering lessons from the Titanic

Some 31 years ago, the RMS Titanic was discovered resting on the ocean floor. The legend of its sinking has been retold many times in books and movies. One compelling aspect of the story is the safety claims made by its creators. Even as reports of the disaster began to filter into New York, the vice president of the White Star Line stated, without qualification, “We place absolute confidence in the Titanic. We believe that the boat is unsinkable.” Obviously reality betrayed those maritime engineers’ confidence.What lessons might this famous disaster teach engineers in modern data centers? In particular, how do we prevent hostile attacks—the “icebergs” that lurk on the seas we sail—from causing catastrophic breaches?To read this article in full or to leave a comment, please click here

Foreign spies used RAT to hack Australian weather bureau with weak security controls

Foreign spies made off with an “unknown quantity of documents” after infecting Australia’s meteorology bureau with a RAT, but the fact that security controls at the bureau were “insufficient” even for common cybercrime threats only helped the “state-sponsored cyber adversaries.”After Australia’s Bureau of Meteorology systems was hacked, unnamed government officials immediately blamed China and China immediately denied the “groundless accusations.” When the hack hit the news in December 2015, the Bureau of Meteorology (BOM) would not confirm if its systems had been compromised. In April, Australian’s Prime Minister did confirm there had been a “significant cyber intrusion” at the Bureau.To read this article in full or to leave a comment, please click here

10 highest-paying IT security jobs

Highest-paying IT security jobsImage by ThinkstockData breaches, DDOS attacks, hacks and threats continue to dominate the headlines, so it's no surprise that some of the most in-demand IT jobs are in the security area. And with a massive skills gap, companies are willing to pay handsomely for skilled security talent at all levels. "One area we're still seeing huge demand for is in cybersecurity, and hiring companies are willing to pay whatever it takes for talent that can help secure data and mitigate threats while simultaneously ensuring consistent and simplified accessibility from desktop to mobile devices. Companies are sending the message with their budgets: you can't put a price on that," says Jack Cullen, CEO of IT staffing firm Modis. Here are the top 10 highest-paying security roles, culled from career site Dice.com clients' job postings and median salary range data from cloud compensation solutions firm PayScale.com. 1. Lead Software Security EngineerImage by ThinkstockTo read this article in full or to leave a comment, please click here

12 hardware and software vulnerabilities you should address now

It's not a stretch to say that most organizations have at least some old hardware and software still in use. An old computer that's still chugging along, running an old operating system and perhaps an application that is hard to replace, doesn't necessarily raise a red flag with IT staff. Why spend money on new equipment or software if what's already in-house is adequate and functioning?Walker White, president of BDNA, a company that tracks and analyzes end-of-life (EOL) data for hardware, software and medical devices, says that the main problem with out-of-date software and legacy hardware is that once they pass their EOL cycle, the vendor no longer maintains or supports the products, resulting in security vulnerabilities and risk to organizations. As BDNA's State of the Enterprise Report (Q2 2016) indicates, many organizations are unaware of the potential liabilities, which can cost millions of dollars in the case of a successful attack after a vulnerability is exploited.To read this article in full or to leave a comment, please click here(Insider Story)

Leaky IoT devices help hackers attack e-commerce sites

Millions of IoT devices are misconfigured so that they can forward messages -- which, combined with default admin settings, allows them to be used to attack e-commerce and other websites, a new report says.The problem is well known and has been around for a more than a decade, said Ryan Barnett, principal security researcher at Akamai Technologies, which produced the report.The problem first came to Akamai's attention when the content delivery network noticed attacks against its customers where the attackers were checking to see whether particular user name and password combinations were valid on the site.To read this article in full or to leave a comment, please click here

Record IoT DDoS attacks raise bar for defenders

Now that its source code has been released you can expect more attacks from Mirai, the malware behind the largest DDoS attack on record, which was powered by hijacked IoT devices.Since release of that code last week it has been responsible for smaller attacks that look like newcomers experimenting with the malware in preparation for bigger things, say security researchers at Incapsula. “Likely, these are signs of things to come and we expect to deal with Mirai-powered attacks in the near future,” they say in their blog post.That concern is echoed by researchers at F5, who say, “we can definitely expect the IoT DDoSing trend to rise massively in the global threat landscape.”To read this article in full or to leave a comment, please click here

Facebook, Twitter cut access to monitoring tool used by police

Facebook, Instagram, and Twitter were handing over data to a monitoring tool that law enforcement agencies were using to track protesters, according to the American Civil Liberties Union.The social media analysis tool, called Geofeedia, had been harvesting posts from the social media networks for surveillance purposes, and more than 500 law enforcement and public safety agencies have been using it, the ACLU said in a Tuesday report.Through a public records request, the ACLU found that Geofeedia had entered into agreements with Facebook, Twitter, and Instagram for their users' data.To read this article in full or to leave a comment, please click here

Microsoft released 10 patches: 5 rated critical, 5 fixed zero-day flaws

It is the first month for Microsoft’s new patching model. Older Windows OSes will be treated like Windows 10, with the patches all rolled into a big bundle meant to fix security and non-security issues. However, there will also be a monthly security update that is supposed to resolve that month’s issues without the previous month's fixes as well. On the third Tuesday of the month, the week after Patch Tuesday, Microsoft will release a preview of the upcoming patches so the non-security fixes can be tested to make sure the big rolled-up patch doesn’t blow anything up on some systems.To read this article in full or to leave a comment, please click here

Second group of hackers found also targeting SWIFT users

A second hacking group is also trying to rob banks by exploiting the SWIFT money transfer system, following a US$81 million heist in February that used a similar approach.The cyberattacks have been going on since January and have been targeting companies in the U.S., Hong Kong, Australia, and other countries, according to a Tuesday report from security firm Symantec.A "rough guess" is that about 100 organizations have been hit so far, based on the 74 individual computer infections detected, the security firm added.As part of their attacks, the hackers used malware to cover up records of fraudulent transactions made over SWIFT, preventing their victims from learning about the money theft.To read this article in full or to leave a comment, please click here

Encrypted communications could have an undetectable backdoor

Researchers warn that many 1024-bit keys used to secure communications on the internet today might be based on prime numbers that have been intentionally backdoored in an undetectable way.Many public-key cryptography algorithms that are used to secure web, email, VPN, SSH and other types of connections on the internet derive their strength from the mathematical complexity of discrete logarithms -- computing discrete logarithms for groups of large prime numbers cannot be efficiently done using classical methods. This is what makes cracking strong encryption computationally impractical.Most key-generation algorithms rely on prime parameters whose generation is supposed to be verifiably random. However, many parameters have been standardized and are being used in popular crypto algorithms like Diffie-Hellman and DSA without the seeds that were used to generate them ever being published. That makes it impossible to tell whether, for example, the primes were intentionally "backdoored" -- selected to simplify the computation that would normally be required to crack the encryption.To read this article in full or to leave a comment, please click here