Cybersecurity has always been a horizontal technology practice that’s roughly the same across all industry sectors. Yes, some industries have different regulations, use cases or business processes that demand specific security controls, but overall every company needs things like firewalls, IDS/IPS, threat management gateways and antivirus software regardless.Generic security requirements will remain forever, but I see a burgeoning trend transforming cybersecurity from a set of horizontal technologies to a vertical industry application. These drivers include:
Increasing business focus on cybersecurity. While it sounds like industry hype, cybersecurity has actually become a boardroom issue and corporate boards understand industry-specific risks much better than technology gibberish about malware and exploits. To accommodate these corporate executives, CISOs will need communications skills, as well as tools and technologies that help translate cybersecurity data into meaningful industry and corporate risk intelligence that can drive investment and decision making. Security intelligence vendors like BitSight and SecurityScorecard are already exploiting this need, offering industry-centric cybersecurity metrics for business use.
CISO progression. The present generation of CISOs grew up through the ranks of IT and security with career development responsibilities such as network operations and firewall administration. Yes, the next generation of CISOs will still need some Continue reading
This column is available in a weekly newsletter called IT Best Practices. Click here to subscribe.
There's a powerful new generation of security operations (SecOps) tools coming to market designed to help SecOps teams find and react to threats much quicker than before. The best of these tools also enable security analysts to proactively hunt for threats that might be present in their enterprise environment.
These tools bring data together from disparate sources and begin to connect the dots so analysts can dive right into the investigation without having to search for relevant data points. The products tend to eliminate the manual work of sifting through logs, finding all the relevant data, and trying to find correlations among the events.To read this article in full or to leave a comment, please click here
Fraud is a $1 trillion annual problem worldwide. With rapid growth in ecommerce and online banking over the past decade, fraudsters are increasingly shifting to using computers and smartphones to commit fraud. One technology that helps companies and governments spot fraud—and sometimes stop it before it starts —is device fingerprinting.
Device fingerprinting works by uniquely identifying computers, tablets and mobile phones based on various attributes (e.g., browser version, screen dimensions, list of installed fonts, etc.). So, if a fraudster were to commit fraud using a particular mobile phone and was caught and that phone was fingerprinted, it would be difficult for that fraudster to commit another transaction from the same device. However, the fingerprint changes every time a user makes a device update. It’s therefore incredibly easy to fake a new device fingerprint.To read this article in full or to leave a comment, please click here
Earlier this year, Cisco’s Talos division reported significant image-processing bugs to Apple, one of which could allow attackers to inject malware or remotely execute code via “iMessages, malicious webpages, MMS messages, or other malicious file attachments opened by any application.” These flaws were patched in Apple’s current operating systems in its July 18 update. Some media outlets immediately dubbed this Apple’s “Stagefright,” referring to a severe Android flaw discovered a year ago that could access or hijack an Android phone via an MMS message. But the details don’t support this level of concern, despite the seeming severity of the flaws.To read this article in full or to leave a comment, please click here
Mozilla yesterday said it will follow other browser markers by curtailing use of Flash in Firefox next month.
The open-source developer added that in 2017 it will dramatically expand the anti-Flash restrictions: Firefox will require users to explicitly approve the use of Flash for any reason by any website.
As have its rivals, Mozilla cast the limitations (this year) and elimination (next year) as victories for Firefox users, citing improved security, longer battery life on laptops and faster web page rendering.
"Starting in August, Firefox will block certain Flash content that is not essential to the user experience, while continuing to support legacy Flash content," wrote Benjamin Smedberg, the manager of Firefox quality engineering, in a post to a company blog.To read this article in full or to leave a comment, please click here
It turns out that a couple of purchases on iTunes helped to bring down the mastermind behind KickassTorrents, one of the most popular websites for illegal file sharing.
Apple and Facebook were among the companies that handed over data to the U.S. in its investigation of 30-year-old Artem Vaulin, the alleged owner of the torrent directory service. Vaulin was arrested in Poland on Wednesday, and U.S. authorities seized seven of the site’s domains, all of which are now offline.
KickassTorrents was accused of enabling digital piracy for years, and investigators said it was the 69th most visited website on the entire Internet. It offered a list of torrent files for downloading bootleg movies, music, computer games and more, even as governments across the world tried to shut it down.To read this article in full or to leave a comment, please click here
Security researchers have released tools this week that could help users recover files encrypted by two relatively new ransomware threats: Bart and PowerWare.PowerWare, also known as PoshCoder, was first spotted in March, when it was used in attacks against healthcare organizations. It stood out because it was implemented in Windows PowerShell, a scripting environment designed for automating system and application administration tasks.Researchers from security firm Palo Alto Networks have recently found a new version of this threat that imitates a sophisticated and widespread ransomware program called Locky. It uses the extension .locky for encrypted files and also displays the same ransom note used by the real Locky ransomware.To read this article in full or to leave a comment, please click here
A spear phishing tool to automate the creation of phony tweets - complete with malicious URLs – with messages victims are likely to click on will be released at Black Hat by researchers from ZeroFOX.
Called SNAP_R (for social network automated phisher with reconnaissance), the tool runs through a target Twitter account to gather data on what topics seem to interest the subscriber. Then it writes a tweet loaded up with a link to a site containing malware and sends it.
More on Network World: FBI needs to beef-up high-tech cyber threat evaluations says DoJ Inspector General+To read this article in full or to leave a comment, please click here
National Security Agency whistleblower Edward Snowden has come up with a concept iPhone case that could prevent the government from finding your location.Smartphones, while incredibly useful, are also the “perfect tracking device,” Snowden wrote in a co-authored paper that covers his research.Governments can monitor a user’s location through the radio signals from the phone and this can put journalists, activists, and rights workers in danger, he warned.On Thursday, Snowden and hacker Andrew Huang presented a possible solution. It’s called “the introspection engine,” and it’s designed to alert the user if and when the phone’s radio signals are turned on.To read this article in full or to leave a comment, please click here
National Security Agency whistleblower Edward Snowden has come up with a concept iPhone case that could prevent the government from finding your location.
Smartphones, while incredibly useful, are also the “perfect tracking device,” Snowden wrote in a co-authored paper that covers his research.
Governments can monitor a user’s location through the radio signals from the phone and this can put journalists, activists, and rights workers in danger, he warned.
On Thursday, Snowden and hacker Andrew Huang presented a possible solution. It’s called “the introspection engine,” and it’s designed to alert the user if and when the phone’s radio signals are turned on.To read this article in full or to leave a comment, please click here
The FBI needs to identify and categorize cyber threats more quickly than it currently does in an effort to stay out in front of current and emerging cyber threats.+More on Network World: FBI: The top 3 ways Congress could help fight tenacious cyber threats+That was the general observation of a report out this week from the Department of Justice’s Office of the Inspector General which found that while the FBI has an annual process, known as Threat Review andPrioritization (TRP), to identify the most severe and substantial threats and direct resources to them, the process employs subjective terminology that is open to interpretation, and as such does not prioritize cyber threats in an objective, data-driven, reproducible, and auditable manner.To read this article in full or to leave a comment, please click here
Dell has patched several critical flaws in its central management system for SonicWALL enterprise security appliances, such as firewalls and VPN gateways.If left unfixed, the vulnerabilities allow remote, unauthenticated attackers to gain full control of SonicWALL Global Management System (GMS) deployments and the devices managed through those systems.The SonicWALL GMS virtual appliance software has six vulnerabilities, four of which are rated critical, according to researchers from security firm Digital Defense.First, unauthenticated attackers could inject arbitrary commands through the system's web interface that would be executed with root privileges. This is possible through two vulnerable methods: set_time_config and set_dns.To read this article in full or to leave a comment, please click here
Experts say spectrum pilfering is going to become a major industrial problem as software-defined radio becomes more prevalent. Software-defined radio allows frequencies and bands to be simply altered in a device through coding rather than via expensive hardware changes.Locating and detecting thieves who are looting bandwidth on radio spectrum could become easier, however, once a crowdsourcing project gets going.+ Also on Network World: Auto thieves adopting cybercrime-like tactics +To read this article in full or to leave a comment, please click here
Seventeen high-risk vulnerabilities out of the 276 flaws fixed by Oracle Tuesday affect products from third-party software vendors, including Microsoft.The vulnerabilities were found by researchers from Cisco's Talos team and are located in the Oracle Outside In Technology (OIT), a collection of software development kits (SDKs) that can be used to extract, normalize, scrub, convert and view some 600 unstructured file formats.These SDKs, which are part of the Oracle Fusion Middleware, are licensed to other software developers who then use them in their own products. Such products include Microsoft Exchange, Novell Groupwise, IBM WebSphere Portal, Google Search Appliance, Avira AntiVir for Exchange, Raytheon SureView, Guidance Encase and Veritas Enterprise Vault.To read this article in full or to leave a comment, please click here
Over 11,000 people have signed a petition asking Apple not to deploy technology that would allow third parties like the police to use it to disable cameras on user phones under certain circumstances.Apple got a patent for this infrared technology in June and bagging a patent does not necessarily mean that the company is going to use the technology in its new devices.But there is considerable anxiety that the technology that appears designed to prevent people from recording copyrighted and prohibited material could also be used by the police to remotely disable cameras that could be recording misconduct by law enforcement."The release of this technology would have huge implications, including the censoring of political dissidents, activists, and citizens who are recording police brutality," according to the petition.To read this article in full or to leave a comment, please click here
I was talking about security with a good friend of mine who runs a software development company. He’s a really smart, technology-savvy guy but his take on encryption wasn’t positive. While he completely understands the need, he hates encryption (and security in general) because he says it always gets in the way when he’s trying to get work done. In this respect, I don’t think he’s that different from most people in the high tech world or, indeed, in the business world in general. This general dislike of encryption is because encryption doesn’t seem valuable when it’s a virtual speed bump in the road to getting stuff done and its benefits, despite the huge increase in breaches and hacking, are hard to quantify. So, with the exception of the paranoid and security geeks, encryption has traditionally been seen as a belt added to the braces of other simpler and therefore more tolerable security measures.To read this article in full or to leave a comment, please click here
The Olympic Games in Rio de Janeiro will attract more than just athletes and tourists this year. Hackers from across the world will also be on the prowl, trying to exploit the international event. That means visitors to the Olympics and even people watching from home should be careful. Cyberthreats related to the games will probably escalate over the coming weeks and could creep into your inbox or the websites you visit.Don't click if it's too good to be true
The Olympics have become a beacon for cyber criminals, said Samir Kapuria, senior vice president with security firm Symantec. A great deal of money is spent on the international event, so hackers naturally want a slice of the pie, he added.To read this article in full or to leave a comment, please click here
Cisco has patched what it called a critical vulnerability in its Unified Computing System (UCS) Performance Manager software that could let an authenticated, remote attacker execute commands.+More on Network World: Quick look: Cisco Tetration Analytics+Cisco UCS Performance Manager versions 2.0.0 and prior are affected and the problem is resolved in Cisco UCS Performance Manager versions 2.0.1 and later. UCS Performance Manager collects information about UCS servers, network, storage, and virtual machines.According to Cisco the vulnerability is due to insufficient input validation performed on parameters that are passed via an HTTP GET request. An attacker could exploit this vulnerability by sending crafted HTTP GET requests to an affected system. An exploit could allow the attacker to execute arbitrary commands with the privileges of the root user.To read this article in full or to leave a comment, please click here
More than 130 restaurants at the Cicis pizza chain were the recent target of hackers, and customers' credit card data may have been stolen.The company reported the data breach on Tuesday and posted a list of the restaurants affected, most of which are located in Texas.The hackers struck by secretly installing malware into the restaurant’s point-of-sale systems. Other companies, including fast-food chain Wendy’s and retailer Target, have been attacked in the same way in order to steal payment card data.To read this article in full or to leave a comment, please click here
Windows 10 breaches French law by collecting too much personal information from users and failing to secure it adequately, according to the French National Data Protection Commission (CNIL).Some of the privacy failings identified can be remedied by users willing to delve deep into the Windows 10 settings, but one of the commission's gripes is that better privacy should be the default setting, not one users must fight for.CNIL served Microsoft with a formal notice on June 30, giving it three months to comply with the law, but only made it public on Wednesday.To read this article in full or to leave a comment, please click here