Archive

Category Archives for "Network World Security"

Walks like a Black Duck: Docker’s security teaseware tool unmasked

I read of Docker’s announcement June 6, about a new security vetting online tool for its containers. Yes, it’s a step forward. But it’s not Docker’s.Last week, I received a briefing and did a proof-of-concept test on another SaaS container-checking tool, Black Duck’s Security Checker.  Hmmmm. Docker’s tool quacks like a Black Duck.After some quick queries, I confirmed that these tools are indeed the same.The short of it is this: there are two SaaS front ends pointing to the same tool—Black Duck’s Hub product, which vets, among other things, Docker containers. You get three free tests at Black Duck. However, at Docker, it’s FREE-AS-IN-BEER until Aug. 1, 2016. You pick. It’s subscription-only afterwards, unless the model changes. To read this article in full or to leave a comment, please click here

IDG Contributor Network: LinkedIn data breach still causing problems

Do you remember back in 2012 when LinkedIn was hacked? Around 6.5 million user passwords were posted on a Russian blog. There was a mandatory password reset for affected users, and LinkedIn released a statement advising people to enable two-step verification and use stronger passwords.Four years later, and the passwords of 117 million accounts were compromised.Worryingly, this came to light only when a hacker put them up for sale, offering data from 167 million accounts in total. If you haven’t changed your LinkedIn password since 2012, you could be at risk. Tech savvy is no protection, as evidenced by the fact that a hacker group used the LinkedIn password dump to hack Facebook CEO Mark Zuckerberg’s Twitter and Pinterest accounts.To read this article in full or to leave a comment, please click here

Millions of sensitive services exposed on internet reveal most hackable countries

There are millions upon millions of systems on the internet which offer services that should not be exposed to the public network and Rapid7 has determined which countries are the most exposed and therefore the most hackable.Using Project Sonar, Rapid7 set out to understand the overall internet threat exposure in general and at a country level. In the new research paper, exposure is defined “as offering services that either expose potentially sensitive data over cleartext channels or are widely recognized to be unwise to make available on the internet.”The report noted that “while there are 65,535 possible listening ports for every IP-addressable endpoint on the internet, we are concerned primarily with a sampling of the ‘most popular’ TCP ports on the internet.”To read this article in full or to leave a comment, please click here

Millions of sensitive services exposed on the internet reveal most hackable countries

There are millions upon millions of systems on the internet that offer services that should not be exposed to the public network, and Rapid7 has determined which countries are the most exposed and therefore the most hackable.Using Project Sonar, Rapid7 set out to understand the overall internet threat exposure in general and at a country level. In the new research paper, exposure is defined “as offering services that either expose potentially sensitive data over cleartext channels or are widely recognized to be unwise to make available on the internet.”The report noted: “While there are 65,535 possible listening ports for every IP-addressable endpoint on the internet, we are concerned primarily with a sampling of the ‘most popular’ TCP ports on the internet.”To read this article in full or to leave a comment, please click here

Hot security startups to watch

While there’s talk that investment dollars for security startups are getting harder to find, entrepreneurs still manage to deliver a range of hardware, software and services that protect data, networks and corporate reputations.This roundup of 13 such companies that we’re keeping an eye on runs the gamut from cloud security services to fraud prevention to protecting supervisory control and data acquisition (SCADA) and Internet of Things devices.+ SEE LAST YEAR'S LIST of Security startups to watch +To read this article in full or to leave a comment, please click here

Cisco: IP traffic will surpass the zettabyte level in 2016

IP traffic will grow in a massive way as 10 billion new devices come online over the next five years.Those are just a couple of the amazing facts found in Cisco’s 11th annual Visual Networking Index look at all things in the communications world.+More on Network World: The most momentous tech events of the past 30 years+To read this article in full or to leave a comment, please click here

Check your BITS, because deleting malware might not be enough

Attackers are abusing the Windows Background Intelligent Transfer Service (BITS) to re-infect computers with malware after they've been already cleaned by antivirus products.The technique was observed in the wild last month by researchers from SecureWorks while responding to a malware incident for a customer. The antivirus software installed on a compromised computer detected and removed a malware program, but the computer was still showing signs of malicious activity at the network level.Upon further investigation, the researchers found two rogue jobs registered in BITS, a Windows service that's used by the OS and other apps to download updates or transfer files. The two malicious jobs periodically downloaded and attempted to reinstall the deleted malware.To read this article in full or to leave a comment, please click here

U.S. Cyber Command struggles to retain top cybersecurity talent

At U.S. Cyber Command, the top brass has made recruiting top talent a leading priority, but those efforts have been slowed by challenges in attracting and retaining the next generation of cyber warriors.Maj. Gen. Paul Nakasone, commander of Cyber Command's Cyber National Mission Force, spoke to those struggles in a recent online event hosted by Federal News Radio.[ Related: 'HACKERS WANTED' Report: NSA Not Having Trouble Filing Cybersecurity Jobs ]To read this article in full or to leave a comment, please click here

Many smartphones still left unpatched

Shaming carriers and smartphone manufacturers into applying patches faster is a step forward, but a lot more needs to be done to improve security of the Android platform, security experts say.Last month, Bloomberg, citing unnamed sources, is considering releasing a list of vendors ranked by how up-to-date their headsets are.This has long been a problem for Android. Unlike Apple, which can unilaterally push out updates to its customers as they come out, the situation with Android is a lot more complicated.When a patch comes out, only Nexus phones get them automatically, said Kyle Lady, research and development engineer at Duo Security.To read this article in full or to leave a comment, please click here

Massive DDoS attacks reach record levels as botnets make them cheaper to launch

There were 19 distributed denial-of-service (DDoS) attacks that exceeded 100 Gbps during the first three months of the year, almost four times more than in the previous quarter. Even more concerning is that these mega attacks, which few companies can withstand on their own, were launched using so-called booter or stresser botnets that are common and cheap to rent. This means that more criminals can now afford to launch such crippling attacks. "In the past, very few attacks generated with booter/stresser tools exceeded the 100 Gbps mark," researchers from Akamai said in the company's State of the Internet security report for the first quarter of 2016 that was released Tuesday.To read this article in full or to leave a comment, please click here

Google, Facebook, Yahoo, rights groups oppose FBI expansion of surveillance powers

Google, Facebook, Yahoo and industry and civil rights groups have opposed legislation that would extend the categories of Internet records that the U.S. government can collect without court approval through administrative orders known as National Security Letters.The companies and groups have pointed out in a letter to senators that the new provisions would expand the types of records, known as Electronic Communication Transactional Records (ECTRs), which the Federal Bureau of Investigation can obtain using the NSLs.The ECTRs would include a variety of online information, such as IP addresses, routing and transmission information, session data, a person's browsing history, email metadata, location information, and the exact date and time a person signs in or out of a particular online account.To read this article in full or to leave a comment, please click here

How to ensure new graduates aren’t compromising enterprise networks

With college graduations now behind students, many young people might already have secured jobs even before they crossed the stage with their degrees in hand. With these fresh-faced employees on the payroll, now businesses must make sure their security habits are in line with today’s policies.New graduates aren’t just bringing their skills and experience to the workplace – they’re also bringing poor cybersecurity habits. Recent studies have shown Millennials are generally indifferent about data security, says David Meyer of OneLogin, an identity access management company.With many new grads choosing to use applications and devices that have not been approved by corporate IT, there is no easy way to monitor usage to ensure data remains secure. Considering the average cost of a cyber breach is approximately $3.8 million, it’s in a company’s best interest to exercise precaution as they welcome entry-level employees into the ranks, he says.To read this article in full or to leave a comment, please click here(Insider Story)

Android gets patches for serious flaws in hardware drivers and media server

The June batch of Android security patches addresses nearly two dozen vulnerabilities in system drivers for various hardware components from several chipset makers. The largest number of critical and high severity flaws were patched in the Qualcomm video driver, sound driver, GPU driver, Wi-Fi driver, and camera driver. Some of these privilege escalation vulnerabilities could allow malicious applications to execute malicious code in the kernel leading to a permanent device compromise. Similar high-risk flaws were fixed in the Broadcom Wi-Fi driver, NVIDIA camera driver, and MediaTek power management driver. These vulnerabilities can give regular applications access to privileges or system settings that they shouldn't have. In some cases, the flaws allow kernel code execution, but only if the attacker compromises a different service first to communicate with the vulnerable driver.To read this article in full or to leave a comment, please click here

IDG Contributor Network: Ping Identity invests in blockchain vendor to create new identity standard

Now, this is interesting.Ping Identity is a well-known identity vendor. Basically, Ping handles authentication, single sign-on (SSO) and other identity-related functions that large organizations have. The company competes with vendors such as OneLogin and Okta. So, what is it doing investing in a formerly stealthy blockchain vendor?It seems Ping sees blockchain as a potential disruptor for identity session management. It's so excited about it that it is spending some of its hard-earned cash to invest in Swirlds, a new platform that is creating the "hashgraph," a distributed consensus platform. Swirlds sees itself as solving some of the limitations that are inherent in blockchain. Swirlds contends that it delivers the three legs of the consensus stool: fairness, distributed trust and resilience to Denial of Service attacks.To read this article in full or to leave a comment, please click here

Researchers wirelessly hack Mitsubishi Outlander Hybrid SUV, turn off anti-theft alarm

Security researcher Ken Munro of Pen Test Partners hacked the Mitsubishi Outlander plug-in hybrid electric vehicle (PHEV). He discovered several vulnerabilities, including being able to disable the anti-theft alarm from a laptop.U.S. drivers may be unfamiliar with the vehicle. Had Mitsubishi Outlander Plug-In Hybrid sales started in 2013 as originally proposed, it would have been the first plug-in hybrid SUV available in the U.S. But it didn't. The 2017 model is expected to hit showrooms late this fall, with an estimated $42,000 as a base price. In the U.K., it is the “bestselling hybrid.”To read this article in full or to leave a comment, please click here

Widespread exploits evade protections enforced by Microsoft EMET

It's bad news for businesses. Hackers have launched large-scale attacks that are capable of bypassing the security protections added by Microsoft's Enhanced Mitigation Experience Toolkit (EMET), a tool whose goal is to stop software exploits.Security researchers from FireEye have observed Silverlight and Flash Player exploits designed to evade EMET mitigations such as Data Execution Prevention (DEP), Export Address Table Access Filtering (EAF) and Export Address Table Access Filtering Plus (EAF+). The exploits have been recently added to the Angler exploit kit.Angler is one of the most widely used attack tools used by cybercriminals to launch Web-based, "drive-by" download attacks. It is capable of installing malware by exploiting vulnerabilities in users' browsers or browser plug-ins when they visit compromised websites or view maliciously crafted ads.To read this article in full or to leave a comment, please click here

Hackers breach social media accounts of Mark Zuckerberg and other celebrities

Over the weekend hackers managed to access Facebook founder Mark Zuckerberg's Twitter and Pinterest accounts, as well as the social media accounts of other celebrities. Someone posted to Zuckerberg’s Twitter feed on Sunday, claiming to have found his password in account information leaked from LinkedIn. A group calling itself the OurMine Team took credit for breaking into Zuckerberg's Twitter, Pinterest and Instagram accounts, but there's no evidence that the Instagram account has been breached. "You were in LinkedIn Database with password 'dadada'," read a message supposedly posted by hackers from Zuckerberg's @finkd Twitter account. To read this article in full or to leave a comment, please click here

New products of the week 6.6.16

New products of the weekOur roundup of intriguing new products. Read how to submit an entry to Network World's products of the week slideshow.IntellaFlex HyperEngine Packet ProcessorKey features – APCON’s HyperEngine monitoring solution supports up to 200Gbps throughput and provides a set of monitoring services including ultra-fast deduplication and NetFlow at hyperspeed, with additional features coming later in 2016. More info.To read this article in full or to leave a comment, please click here

5 trends shaking up multi-factor authentication

Perhaps the biggest surprise in our review of nine multi-factor authentication products is that physical tokens are making a comeback. Many IT managers were hoping that software-based tokens, which are easier to deploy and manage, would make hardware tokens extinct.In our review three years ago of two-factor authentication products, the hot new approach was using smartphones as an authentication method via soft tokens, which could be a smartphone app, SMS message or telephony.To read this article in full or to leave a comment, please click here(Insider Story)

9-vendor authentication roundup: The good, the bad and the ugly

Due to numerous exploits that have defeated two-factor authentication, either by social engineering, remote access Trojans or various HTML injection techniques, many IT departments now want more than a second factor to protect their most sensitive logins and assets.In the three years since we last reviewed two-factor authentication products, the market has responded, evolving toward what is now being called multi-factor authentication or MFA, featuring new types of tokens.For this review, we looked at nine products, five that were included in our 2013 review, and four newcomers. Our returning vendors are RSA’s Authentication manager, SafeNet’s Authentication Service (which has been acquired by Gemalto), Symantec VIP, Vasco Identikey Authorization Server, and TextPower’s SnapID app. Our first-timers are NokNok Labs S3 Authentication Suite, PistolStar PortalGuard, Yubico’s Yubikey and Voice Biometrics Group Verification Services Platform.To read this article in full or to leave a comment, please click here