Two high-profile airline technology meltdowns stranding thousands of travelers in the recent weeks have prompted two US senators to push carriers to bolster their technology.
Senators Richard Blumenthal (D-Conn.) and Edward J. Markey (D-Mass.)this week sent a letter to the most recent offenders -- Delta and Southwest -- as well as 11 other airlines to get a better handle on whether or not their information technology systems are reliable and resilient.
+More on Network World: Not dead yet: 7 of the oldest federal IT systems still wheezing away+To read this article in full or to leave a comment, please click here
A public auction of stolen NSA malware may be a warning to the U.S. that blaming Russia for the hack of the Democratic National Committee could have dire consequences, says Edward Snowden, who also famously breached NSA security.In a series of tweets, Snowden spelled out his interpretation of what’s behind the auction of hacking tools allegedly stolen from the NSA, and he concludes that Russia is trying to demonstrate it has ammunition to strike back if the U.S. exacts penalties for the DNC breach.To read this article in full or to leave a comment, please click here
Prize competitions backed by the government continue to grow with great success, according to a report by the White House Office of Science and Technology.+More on Network World: DARPA $2M contest looks to bring AI to wireless spectrum provisioning+It has been over six years that the government set the America Competes Act which in combination with Challenge.gov has prompted more than 700 public-sector prize competitions that have doled out more than $80 million in prizes.To read this article in full or to leave a comment, please click here
Aussie cops hacked US TOR users as part of a child porn investigation, according to a report by Motherboard. The IP addresses of at least 30 Americans were turned over to the FBI.The cops knew the owner of the dark web child porn site called “The Love Zone” started all of his messages with “hiyas.” Search engine results turned up over 450,000 hits for hiyas, but police whittled away at it until they had identified the owner; the former childcare worker is currently serving 35 years for ‘evil, depraved’ sex offenses.To read this article in full or to leave a comment, please click here
Aussie cops hacked U.S. TOR users as part of a child porn investigation, according to a report by Motherboard. The IP addresses of at least 30 Americans were turned over to the FBI.The police knew the owner of the dark web child porn site called “The Love Zone” started all of his messages with “hiyas.” Search engine results turned up over 450,000 hits for hiyas, but police whittled away at it until they had identified the owner; the former childcare worker is currently serving 35 years for "evil, depraved" sex offenses.To read this article in full or to leave a comment, please click here
The fast-growing Cerber ransomware earned nearly $200,000 in July despite a payment rate of just 0.3 percent as a result of its affiliate distribution model, according to a new report by Check Point and IntSights Cyber Intelligence.That puts it on track to make $2.3 million this year, said Maya Horowitz, group manager of threat intelligence at Israel-based Check Point Software Technologies Ltd..In the affiliate model, non-technical customers can run their own campaigns using the platform and get to keep 60 percent of the profits. Affiliates get access to easy-to-use management tools, Cerber's Bitcoin laundering system, as well as the ransomware itself. Each day, eight new Cerber ransomware campaigns are launched, she said, with over 150 affiliates at current count.To read this article in full or to leave a comment, please click here
A ransomware strain has been making a pretty penny by opening its doors to unskilled hackers.
Security firm Check Point gained a rare look at the inner workings of the Cerber ransomware and found that its developers are building a network of partners to attack more targets -- and rake in more cash.
Check Point also warned that because of Cerber, more unskilled cybercriminals might choose to participate in ransomware schemes.
"Even the most novice hacker can easily reach out in closed forums to obtain an undetected ransomware variant," it said in a new report.To read this article in full or to leave a comment, please click here
Microsoft in October is introducing .Net Framework Monthly Rollup to provide security and quality updates to its programming model for Windows. The move aligns with the Windows Monthly Rollup, which does the same thing for the Windows OS.Both rollups were unveiled on Monday and will be available on Patch Tuesday each month, according to Microsoft.[ Solve your Win10 installation headaches with our Windows 10 Installation Superguide. Download it today! | Stay up on key Microsoft technologies with the Windows newsletter. ]
"The .Net Framework Monthly Rollup is a single install that updates each supported .Net Framework version on a machine to its latest respective update level," said Microsoft's Stacey Haffner. "Each monthly rollup supersedes the last one, so you if you've missed the last few months of updates, you only need to install the latest rollup to update to the latest update level." The rollup installs only security and reliability updates, not a new version of .Net Framework.To read this article in full or to leave a comment, please click here
Today’s financial technology startups (“fintech” for short) are taking on some of today’s greatest security challenges. Armed with drive and a need for innovation, these companies have created new services and security approaches that are changing the financial industry. Here’s how three such companies are competing based on security.Know your client
Proving personal identity is a key component of security for the financial industry. Most major financial institutions require customers to open accounts in person, present government-issued identity documents and wait hours or days to open an account. But customers today expect faster services — including the account opening process.To read this article in full or to leave a comment, please click here(Insider Story)
RiskSense, software-as-a-service that evaluates the security of corporate networks and generates a risk score, has been self-financed since its launch last year, but now has harnessed venture funding to help boost its R&D and hire marketing and sales staff.The $7 million funding round includes Paladin Capital Group, Sun Mountain Capital, EPIC Ventures, and other strategic and private investors. Tim Greene
RiskSense CEO Srinivas MukkamalaTo read this article in full or to leave a comment, please click here
An anonymous group claims to have stolen hacking tools that might belong to the National Security Agency and is auctioning them off to the highest bidder.It’s a pretty bold claim, but the hackers have offered sample files, and some security researchers say they appear to contain legitimate exploits.The files were allegedly stolen from the Equation Group, a top cyberespionage team that may have links to the NSA.The Equation Group is known to use some of the most advanced malware and probably helped develop the infamous Stuxnet computer worm, according to security firm Kaspersky Lab.To read this article in full or to leave a comment, please click here
The rise of mobile in the enterprise has led many CIOs to become concerned about the potential for data loss due to a lost or stolen device — phones, laptops and the like lost in taxis, restaurants and hotel rooms. But a new study has found that CIOs also need to spend more time focusing on the office itself.In July of this year, Kensington, a supplier of desktop and mobile device accessories (including laptop locks), surveyed 300 U.S. IT professionals from a range of industries for its IT Security & Laptop Theft report.To read this article in full or to leave a comment, please click here
The Federal Trade Commission said it will hold a public workshop about all things ransomware on Sept. 7.“With alarming frequency, ransomware hackers are sneaking into consumer and business computers, encrypting files containing photos, documents and other important data, and then demanding a ransom in exchange for the key needed to decrypt the files. Consumers, businesses, and government agencies are falling prey to these schemes, including hospitals whose servers may contain sensitive patient data. New forms of ransomware encrypt files of website operators, threatening not only their files containing stored data, but the very files needed to operate their websites. Other variants of ransomware are now targeting files on mobile devices,” the FTC wrote.To read this article in full or to leave a comment, please click here
Cisco’s security intelligence and research group Talos, said that it had reported a serious vulnerability in Rockwell Automation’s industrial control system – the MicroLogix 1400 programmable logic controller (PLC).The Simple Network Management Protocol exploit could let an attacker take complete remote control of the MicroLogix system and modify the device firmware, letting an invader run his own malicious code on the device. Rockwell Automation
Rockwell Automation’s MicroLogix systemTo read this article in full or to leave a comment, please click here
If you build it and it’s popular, they will come; it being an app, and they being cyber criminals. This time it’s Pokémon Go ransomware, which goes the extra mile by adding a hidden backdoor Windows admin account, spreading to other drives and creating network shares.Michael Gillespie discovered Hidden Tear ransomware disguised as a Pokémon Go app on a Windows Phone. But it’s not the standard ransomware. Bleeping Computer explained, “This developer has put in extra time to include features that are not found in many, if any, other ransomware variants.”To read this article in full or to leave a comment, please click here
The vast majority of the world’s electronics -- its servers, PCs, mobile phones -- are now manufactured in China. This means any inadvertent escalation over the on-going South China Sea territorial dispute could do more than raise geopolitical tensions.It could easily disrupt electronics manufacturing for the world.About 84% of the world’s electronics are made in Asia, and about 85% of those goods are made in China, said Michael Palma, an analyst at IDC. “All that product flows through the South China Sea,” said Palma.China is claiming much of the South China Sea as its own territory after building artificial islands in the Spratly archipelago -- and it's ignoring a recent international tribunal ruling against its territorial claims, further stirring regional tensions.To read this article in full or to leave a comment, please click here
The U.S. National Counterintelligence and Security Center will soon provide classified supply chain threat reports to critical U.S. telecommunications, energy and financial businesses.The effort is designed to reduce threats against a vast private supply chain of equipment and services that could result in the theft of vital data or disrupt operations in critical systems. Supply chain threats are not well understood by security professionals, yet the supply chain is relatively easy to manipulate by foreign governments like Russia and China, as well as criminal gangs, hackers and even disgruntled workers, according to NCSC officials.The Office of the Director of National Intelligence described the threats to private sector supply chains in a press release on Thursday and released a video on supply chain risk management.To read this article in full or to leave a comment, please click here
New products of the weekOur roundup of intriguing new products. Read how to submit an entry to Network World's products of the week slideshow.24-Port Dual GigE Console ServerKey features: A 24-port, out-of-band console access solution. Includes dual 10/100/1000Base-T Ethernet ports to allow connection to both a primary production network and a secondary maintenance network. Also features dual power inlets. More info.To read this article in full or to leave a comment, please click here
HEI Hotels & Resorts has reported a possible compromise of payment card information at its point-of-sale terminals, the latest in a string of attacks on such systems at hotels, hospitals and retailers.The company, which manages close to 60 Starwood, Hilton, Marriott, Hyatt and InterContinental properties, said it appears that malicious software was installed on the payment processing systems at certain properties, with the aim of harvesting the card data as it was routed through the systems.The compromise may have possibly affected the personal information of some hotel customers who made payment card purchases at point-of-sale terminals, such as food and beverage outlets, at certain HEI managed properties.To read this article in full or to leave a comment, please click here
If you were considering potential vacation locations, then the Android app Live Camera Viewer for IP Cams is purportedly “for travelers to have a spy sneak peek at travel destinations.” Yet children’s bedrooms would never occur to me as a travel destination. A heartsick mom in Texas found out her kids’ bedrooms were being live-streamed via the app.ABC News recounted a story that started with a mom and son duo from Oregon; they had been surfing satellite images of Earth. The Oregon mom found the Live Camera Viewer app while looking for more satellite feeds. That’s when she saw a broadcast from Houston, Texas, of a little girl’s bedroom.To read this article in full or to leave a comment, please click here