Archive

Category Archives for "Network World Security"

Arista infringes on Cisco networking patents, trade agency says

In a move that could lead to a ban on selling its products in the United States, the US International Trade Commission has ruled that Arista does in fact infringe on a number of Cisco’s technology patents.Arista now must decide if it wants to ask the US government to overturn a so-called “import ban” or ask that an appeals court toss the decision, observers say. It could also decide to build products in the US – a move that Cisco says would “not only would violate the ITC orders, but the federal court has the authority to enjoin local manufacturing of infringing products.”To read this article in full or to leave a comment, please click here

Let’s Encrypt accuses Comodo of trying to swipe its brand

Let’s Encrypt, a free certificate authority launched by the Internet Security Research Group in November 2014 and backed by some of the biggest names in the industry, today revealed that rival CA Comodo is attempting to “improperly” trademark the Let’s Encrypt brand.And it’s difficult to see how that isn’t the case.From a blog post by ISRG executive director Josh Aas: Some months ago, it came to our attention that Comodo Group, Inc., is attempting to register at least three trademarks for the term “Let’s Encrypt,” for a variety of CA-related services. These trademark applications were filed long after the Internet Security Research Group (ISRG) started using the name Let’s Encrypt publicly in November of 2014, and despite the fact Comodo’s “intent to use” trademark filings acknowledge that it has never used “Let’s Encrypt” as a brand.To read this article in full or to leave a comment, please click here

Why Russian hackers, not a lone wolf, were likely behind the DNC breach

Proving who pulled off a cyber attack is never easy and sometimes impossible. That’s the reality investigators face as they try to figure out who breached the network of the Democratic National Committee, which revealed last week that hackers had made off with confidential documents including research on Republican presidential opponent Donald Trump.Russia was fingered as the likely suspect, until a hacker calling himself Guccifer 2.0 stepped up and claimed that he acted alone. But despite what appear to be DNC documents posted by Guccifer online, some security experts remain convinced that a group of skilled Russian hackers was behind the attack - likely acting on behalf of the Russian government. Here's why they think that:To read this article in full or to leave a comment, please click here

Microsoft: Government’s data gag order practices worse than first thought

Microsoft has significantly upped the tally of U.S. government gag orders slapped on demands for customer information, according to court documents filed last week.In a revised complaint submitted to a Seattle federal court last Friday, Microsoft said that more than half of all government data demands were bound by a secrecy order that prevented the company from telling customers of its cloud-based services that authorities had asked it to hand over their information.The original complaint -- the first round in a lawsuit Microsoft filed in April against the U.S. Department of Justice (DOJ) and Attorney General Loretta Lynch -- had pegged the number of data demands during the past 18 months at 5,624. Of those, 2,576, or 46%, were tagged with secrecy orders that prevented Microsoft from telling customers it had been compelled to give up their information.To read this article in full or to leave a comment, please click here

GozNym Trojan turns its sight on business accounts at major US banks

A hybrid Trojan program created for financial fraud has started redirecting users of four large U.S. banks to rogue websites in order to hijack their accounts.GozNym is a relatively new threat, first discovered in April, and is based on the Nymaim malware dropper and the Gozi banking Trojan. Like most banking Trojans, GozNym can inject rogue code into banking websites displayed in local browsers in order to steal credentials and other sensitive information.However, in addition to this old technique, the cybercrime gang behind it has also built the necessary infrastructure to host rogue copies of banking websites, and they've started to redirect victims there.To read this article in full or to leave a comment, please click here

154 million American voters’ records exposed thanks to unsecured database

154 million U.S. voters’ records were exposed due to a misconfigured CouchDB instance, according to MacKeeper security researcher Chris Vickery. “It was configured for public access with no username, password, or other authentication required.”Vickery determined the leaky database was on Google’s Cloud services and traced it back to a client of L2, a company which claims to be the country’s “most trusted source for enhanced voter” data.The database included fields for addresses, age, congressional as well as state senate districts, education, estimated income, ethnic, name, gender, languages, marital status, phone, voting frequency, presence of children, and if the voter was a gun owner.To read this article in full or to leave a comment, please click here

AWS, Microsoft cloud win US government security approval

Three vendors, including Microsoft and Amazon Web Services, have won a key U.S. government authorization that allows federal agencies to put highly sensitive data on their cloud-computing services.The AWS GovCloud, Microsoft's Azure GovCloud, and CSRA's ARC-P IaaS have received provisional authority to offer services under the high baseline of the government's Federal Risk and Authorization Management Program (FedRAMP), a set of security standards for cloud services.The FedRAMP high baseline, including more than 400 security controls, allows federal agencies to use AWS for highly sensitive workloads, including personal information, AWS said Thursday.To read this article in full or to leave a comment, please click here

The number of corporate users hit by crypto ransomware is skyrocketing

The prevalence of ransomware programs, both those that encrypt data and those that don't, has exploded over the past two years, with companies being increasingly targeted.Based on an analysis by security vendor Kaspersky Lab, more than 2.3 million users encountered ransomware between April 2015 and March, a jump of almost 18 percent over the previous 12 months.This includes programs that only lock the computer's screen to prevent its use as well as those that hold the data itself hostage by encrypting it -- the so-called cryptors. The rise of cryptors in particular has been significant, accounting for 32 percent of all ransomware attacks last year compared to only 7 percent the year before, according to Kaspersky Lab.To read this article in full or to leave a comment, please click here

Gartner’s top 10 security predictions

Forward looking IT security pros need to better address known risks, monitor closely the value of shadow IT devices and solve the inherent weaknesses introduced by the internet of things, Gartner says.The consulting firm has taken a look at five key areas of security concern that businesses face this year and issued predictions on and recommendations about protecting networks and data from threats that will likely arise in each.The areas are threat and vulnerability management, application and data security, network and mobile security, identity and access management, and Internet of Things security. Gartner’s findings were revealed at its recent Security and Risk Management Summit by analyst Earl Perkins.To read this article in full or to leave a comment, please click here

BlackBerry goes into the red as revenue drops by a third

It looks as though BlackBerry CEO John Chen will still be in charge long enough to launch another couple of phones -- although don't expect any new flagship models.Chen was re-elected chairman of the board for another year on Wednesday.He still plans to launch two new mid-range phones in the next nine months, one of them as early as July. They'll be cheaper than the Priv, BlackBerry's first Android phone, but with the same level of security, he said Thursday.Shareholders might not have given him such strong support if they'd seen the numbers the company reported Thursday for the first quarter of its 2017 financial year.Revenue dropped to US$400 million in the three months to May 31, down 39 percent from $658 million a year earlier.To read this article in full or to leave a comment, please click here

How to prepare for (and prevent) ransomware attacks

You've likely heard all about "crypto ransomware," or simply "ransomware," a specific type of malware that attempts to hold your digital existence hostage by encrypting personal files and then offering decryption keys in exchange for payment. When the malware first takes root, it shows no outward signs that anything is wrong. Only after the malware does its nefarious work in the background are you presented with the ransom, typically via demands for Bitcoin or other forms of digital currency.Some early ransomware was riddled with software bugs that made it possible to recover encrypted files that had been held hostage, but newer variants that use robust symmetric and asymmetric encryption are much more troublesome. (Symmetric encryption is typically used to rapidly scramble files, and the asymmetric encryption can then be applied to the original symmetric keys so data can only be recovered by cybercriminals with the appropriate private keys.)To read this article in full or to leave a comment, please click here

BYOD can pose privacy risks to employees

Companies that use remote device management software to oversee employee devices used for business have the ability to collect a lot more information than employees may be comfortable with, according to a report released today."The intent of these MDM solutions is not to spy on employees, but to monitor for things like malware and general security," said Salim Hafid, product manager at Bitglass, which produced the report.But if the company wants to, these tools provide the ability to do a lot more, he said. That includes seeing where the phone is located, what apps are on the phone, and even what websites the user was accessing.To read this article in full or to leave a comment, please click here

A look inside the Microsoft Local Administrator Password Solution

Windows administrators have a problem -- passwords. Specifically, administrator passwords that lurk out there, identical across machines, just ready to be compromised. But there is finally a solution at the right price that mitigates this problem almost completely. Interested? Let's dive in.The scenario The issue at hand is simple: Every Windows NT-based box, as far back as Windows 2000 and up to Windows 10, including all of the server releases, has a local administrator account. This account, sometimes called the "500" account after the group ID number it has within the bowels of the Windows operating system, has full control over the machine on which it is located. It does not by default have any domain privileges. (Domain administrator accounts, of course, also have by default full control over local machines that are members of the domain -- but this can generally be scoped to a more limited set of permissions if necessary.)To read this article in full or to leave a comment, please click here(Insider Story)

More code deploys means fewer security headaches

Organizations with high rates of code deployments spend half as much time fixing security issues as organizations without such frequent code updates, according to a newly released study.In its latest annual state-of-the-developer report, Devops software provider Puppet found that by better integrating security objectives into daily work, teams in "high-performing organizations" build more secure systems. The report, which surveyed 4,600 technical professionals worldwide, defines high IT performers as offering on-demand, multiple code deploys per day, with lead times for changes of less than one hour. Puppet has been publishing its annual report for five years.To read this article in full or to leave a comment, please click here

Startup Preempt detects, blocks bad users, devices

Preempt is a startup whose virtual appliance acts as a behavioral firewall that ranks the risk a user or device represents and responds automatically based on policies set by corporate security pros.The platform can spot and block certain attacks without intervention by the security team, which frees up time for them, says Ajit Sancheti, co-founder and CEO of the company.The platform picks up on odd behaviors such as individuals logging in from machines they don’t normally use, which could indicate someone has stolen their credentials. Or it could detect a user who generally uses a certain set of servers suddenly accessing a new set. It can pick up on brute force attacks on passwords and block them.To read this article in full or to leave a comment, please click here

Mobile advertiser tracked users’ locations, without their consent, FTC alleges

The privacy settings on your phone don’t mean much if tech companies choose to ignore them. One major mobile advertiser allegedly did just that.The company InMobi was secretly tracking user locations, regardless of consent, the U.S. Federal Trade Commission alleged on Wednesday. The motive: to serve location-based ads over mobile apps.InMobi is headquartered in India and partners with thousands of apps to offer advertising. This gives the company access to 1.5 billion devices.Collecting user information to serve tailored ads is all too common, but InMobi did so through deception, the FTC alleged. The company stated it would only collect the location-based data if given permission, however, InMobi secretly collected it anyway, the agency said.To read this article in full or to leave a comment, please click here

10 steps the IRS needs to take now to secure tax returns, fight fraud, identity theft

The digital, online world has left the Internal Revenue Service struggling to move forward.  The key IRS advisory group, The Electronic Tax Administration Advisory Committee issued its annual state of the agency report this week that concluded: The erosion of the IRS tax system’s integrity from the proliferation of tax identity theft and inadequate levels of taxpayer service at the IRS caused by an antiquated customer service model that does not adequately apply digital service tools.ETAAC’s wide-ranging report looked at all aspects of the IRS but for our purposes we’ll focus on what the group is recommending the revenue agency do to combat its worst threat – fraud and identity theft.To read this article in full or to leave a comment, please click here

Say hello to BadUSB 2.0: USB man-in-the-middle attack proof-of-concept

Oh peachy, say hello to BadUSB 2.0, a tool “capable of compromising USB fixed-line communications through an active man-in-the-middle attack. It is able to achieve the same results as hardware keyloggers, keyboard emulation, and BadUSB hardware implants. Furthermore, BadUSB2 introduces new techniques to defeat keyboard-based one-time-password systems, automatically replay user credentials, as well as acquiring an interactive command shell over USB.”The full research paper, BadUSB 2.0: USB man-in-the-middle attacks” (pdf), by security researcher David Kierznowski, is available on Royal Holloway. The paper describes BadUSB2 as an “in-line hardware solution” which is “capable of performing passive or active man-in-the-middle attacks against low-speed, USB-HID devices, such as keyboards and mice.” Yes, BadUSB2 can “intercept messages going to the host, as well as messages destined for the peripheral.” Its attack capabilities are impressive.To read this article in full or to leave a comment, please click here

Say hello to BadUSB 2.0: A USB man-in-the-middle attack proof of concept

Oh, peachy. Say hello to BadUSB 2.0, a tool “capable of compromising USB fixed-line communications through an active man-in-the-middle attack. It is able to achieve the same results as hardware keyloggers, keyboard emulation and BadUSB hardware implants. Furthermore, BadUSB2 introduces new techniques to defeat keyboard-based one-time-password systems, automatically replay user credentials, as well as acquiring an interactive command shell over USB.”The full research paper, BadUSB 2.0: USB man-in-the-middle attacks (pdf), by security researcher David Kierznowski is available on Royal Holloway. The paper describes BadUSB 2.0 as an “in-line hardware solution” that is “capable of performing passive or active man-in-the-middle attacks against low-speed, USB-HID devices, such as keyboards and mice.” Yes, BadUSB 2.0 can “intercept messages going to the host, as well as messages destined for the peripheral.” Its attack capabilities are impressive.To read this article in full or to leave a comment, please click here

Think tanks mull Geneva Convention for cybercrime

A Geneva Convention on cyberwar: That's how a panel of experts proposes to deal with the growing threat to critical infrastructure posed by the possibility of cyberattack.With control systems in dams, hospitals, power grids and industrial systems increasingly exposed online, it's possible that nation states could seek to damage or disable them electronically.But building electronic defenses to prevent such attacks is expensive -- and often ineffectual, given the myriad ways in which they can fail or be breached.That's why the Global Commission on Internet Governance recommends that in any future cyberwar, governments should pledge to restrict the list of legitimate targets for cyberattacks, to not target critical infrastructure predominantly used by civilians, and to not to use cyberweapons against core Internet infrastructure.To read this article in full or to leave a comment, please click here