Now when ransomware tries to take over your computer, there’s something you can be sides pay up: stop it, buy more time to deal with it or mitigate the damage it might do.These options include both hardware and software approaches IT pros can take to defeat the malware, a group at this weekend’s Security BSides Boston conference was told.By looking at how several variants of ransomware work - CryptoLocker, CryptoWall, Locky, SamSam - researcher Weston Hecker found characteristics of their behavior that could be turned against them.One method goes after the droppers that first infect target machines in preparation for downloading the main malware payloads. Their purpose is to examine the machines for indications that it might be an inhospitable host and to eliminate the roadblocks if possible.To read this article in full or to leave a comment, please click here
Financial transaction network SWIFT called on its customers Friday to help it end a string of high-profile banking frauds perpetrated using its network.The SWIFT network itself is still secure, it insisted in a letter to banks and financial institutions. However, some of its customers have suffered security breaches in their own infrastructure, allowing attackers to fraudulently authorize transactions and send them over the SWIFT network, it said.That's the best explanation so far for how authenticated instructions were sent from Bangladesh Bank to the U.S. Federal Reserve Bank of New York over the SWIFT network, ordering the transfer of almost US$1 billion. The Fed transferred around $101 million of that before identifying an anomaly in one of the instructions. Only $20 million of that has so far been recovered.To read this article in full or to leave a comment, please click here
Companies are under constant threat from cyberattacks and the situation is only getting worse with the rise of ransomware and whaling scams as a variant of phishing, according to recent cybersecurity reports. Yet the shortage of seasoned CISOs, inconsistent policies around compensation and a lack of proper metrics means some companies are under-investing in cybersecurity.To read this article in full or to leave a comment, please click here
This column is available in a weekly newsletter called IT Best Practices. Click here to subscribe. The Ponemon Institute published a report called The Cost of Malware Containment that reveals some interesting statistics—none of which will surprise the people in the trenches who work hard every day to protect their organizations' networks.Ponemon surveyed 630 IT and IT security practitioners who have responsibility for detecting, evaluating and/or containing malware infections within their organization. According to the research, organizations receive an average of nearly 17,000 malware alerts a week. Of these, fewer than 20% (3,218) are considered reliable, meaning the malware poses a genuine threat and should be investigated. And even though more than 3,200 alerts are worthy of investigation, only 4% (705) actually do get investigated.To read this article in full or to leave a comment, please click here
Researchers with the Defense Advanced Research Projects Agency (DARPA) have quickly moved to alter the way the military, public and private enterprises protect their networks from high-and low-speed distributed denial-of-service attacks with a program called Extreme DDoS Defense (XD3).The agency has since September awarded seven XD3 multi-million contracts to Georgia Tech, George Mason University, Invincea Labs, Raytheon BBN, Vencore Labs (two contracts) and this week to the University of Pennsylvania to radically alter DDOS defenses. One more contract is expected under the program.The UPenn project is developing defenses against distributed denial of service attacks that target specific protocols and their logic. These attacks are often difficult to diagnose and stop because the total volume of malicious traffic may be very low. The UPenn project attempts to pinpoint the specific protocol component that is under attack and then massively replicate that component to blunt the effects of the attack, DARPA stated.To read this article in full or to leave a comment, please click here
A secret FBI hacking tool, used to compromise the Tor anonymous browser in one investigation, is facing challenges from criminal defendants, perhaps putting its future in doubt.Defendants have demanded to see details of the FBI network investigative technique (NIT), the agency's name for the relatively recent hacking tool, in a handful of criminal cases, but the agency has refused to disclose the information.A judge in a high-profile child pornography case, in which a website called Playpen was accessible only through Tor, is trying to decide whether the FBI should disclose the NIT"s source code to the defendant.If the FBI shares the source code, its hacking tools may be compromised in future cases, but the U.S. Constitution's Sixth Amendment gives the defendant a right to confront his accusers and challenge their investigation.To read this article in full or to leave a comment, please click here
With first-quarter shipments exceeding Macs in the United States, Chromebooks are very popular. Schools and enterprises choose Chromebooks for their very streamlined use case: low cost, fast boot security, simplicity and ease of administration.Chromebooks just got a little more complicated, but for the better, with Google’s announcement that the Android Play Store will be available on Chromebooks and that Android apps will run on the Chrome operating system. The million Android apps—which include popular apps such as Adobe Photoshop, Microsoft Word and Skype and games such as Clash of Clans and Angry Birds—will remedy the Chromebook’s relative app sparsity.To read this article in full or to leave a comment, please click here
Routers and other wireless devices made by Ubiquiti Networks have recently been infected by a worm that exploits a year-old remote unauthorized access vulnerability.The attack highlights one of the major issues with router security: the fact that the vast majority of them do not have an auto update mechanism and that their owners hardly ever update them manually.The worm creates a backdoor administrator account on vulnerable devices and then uses them to scan for and infect other devices on the same and other networks."This is an HTTP/HTTPS exploit that doesn't require authentication," Ubiquiti said in an advisory. "Simply having a radio on outdated firmware and having its http/https interface exposed to the Internet is enough to get infected."To read this article in full or to leave a comment, please click here
Cisco Systems has fixed four denial-of-service vulnerabilities that attackers could exploit to cause Web Security Appliance devices to stop processing traffic correctly.The Cisco Web Security Appliance (WSA) is a line of security devices that inspect Web traffic going in and out of an organization in order to detect malware, prevent data leaks, and enforce Internet access policies for users and applications. The devices run an operating system called Cisco AsyncOS.One of the four DoS vulnerabilities fixed Wednesday by Cisco stems from how the OS handles a specific HTTP response code. An attacker could send a specifically crafted HTTP request in order to consume the entire memory of an affected device.To read this article in full or to leave a comment, please click here
To use a long-forgotten metaphor, cloud deployment is moving forward at internet speed at many enterprise organizations. According to ESG research, 57 percent of enterprise organizations use public and private cloud infrastructure to support product applications/workloads today, and an overwhelming majority of organizations will move an increasing number of applications/workloads to cloud infrastructure over the next 24 months (note: I am an ESG employee).Now, no one would argue the fact that cloud computing represents a different compute model, but it is really based upon the use of server virtualization for the most part. And since a VM is meant to emulate a physical server, many organizations approach cloud security by pointing traditional security processes and technologies at cloud-based workloads.To read this article in full or to leave a comment, please click here
Keep ‘em aroundImage by MilitaryHealthWith the growing number of threats, it's vital for companies to hire — and retain — the best and brightest IT security employees. But, with IT hiring above the national average of 44 percent and the average employee tenure in the IT industry only being three years, employers need to explore new ways to not only attract talent, but avoid burnout and keep that coveted talent around.To read this article in full or to leave a comment, please click here(Insider Story)
Victims of the widespread TeslaCrypt ransomware are in luck: Security researchers have created a tool that can decrypt files affected by recent versions of the malicious program.Surprisingly, the TeslaCrypt creators themselves helped the researchers.TeslaCrypt first appeared in early 2015 and stood out by targeting game-related user content, such as save files and custom maps, in addition to personal documents and pictures -- 185 different file extensions in total.The program had some moderate success in the beginning, earning its creators $76,522 in less than two months. However, in April 2015, researchers from Cisco Systems discovered a flaw in the ransomware program that allowed them to create a decryption tool for some of its variants.To read this article in full or to leave a comment, please click here
The notion of online privacy has been greatly diminished in recent years, and just this week two new studies confirm what to many minds is already a dismal picture.First, a study reported on Monday by Stanford University found that smartphone metadata -- information about calls and text messages, such as time and length -- can reveal a surprising amount of personal detail.To investigate their topic, the researchers built an Android app and used it to retrieve the metadata about previous calls and text messages -- the numbers, times, and lengths of communications -- from more than 800 volunteers’ smartphone logs. In total, participants provided records of more than 250,000 calls and 1.2 million texts.To read this article in full or to leave a comment, please click here
Geographic location stamps transmitted in tweets can provide enough information for people to deduce where a Twitter user lives and works, say researchers.
The deduction occurs through the clustering of the posting locations. The assemblage provides location patterns that provide a good guess as to where the poster spends most of his or her time.
When that’s coupled with other data, such as the time of day, non-scientists recruited for the study simply picked out the homes and workplaces of the tweeters, said researchers from MIT and Oxford University in a press release.To read this article in full or to leave a comment, please click here
When it comes to living on Mars, the human body is simply not suited to living for long periods in zero-g. Until this issue is solved, we have no hope of landing humans on the surface of Mars, nor can we create permanent residences in space.That was the crux of the testimony given to the House Committee on Science, Space, and Technology today by best-selling author of The Martian, Andy Weir. The hearing, entitled “Next Steps to Mars: Deep Space Habitats,” is exploring what NASA’s plans are for the development of deep space habitation. Weir was among speakers from NASA, Boeing, Lockheed Martin and Orbital.+More on Network World: NASA touts real technologies highlighted in 'The Martian' flick+To read this article in full or to leave a comment, please click here
In the world of cybercrime, everybody from individuals to nation states is a target – some more attractive than others, of course. Health care organizations have gotten the most headlines recently, and the Internet of Things (IoT) offers an almost unlimited attack surface.But law firms are attractive too. They hold sensitive, confidential data ranging from the personal (divorce, personal injury) to the professional (contract negotiations, trade secrets, mergers and acquisitions, financial data and more) that, if compromised, could cause catastrophic damage both to the firm and its clients.To read this article in full or to leave a comment, please click here
Tech support scammers have been inspired by ransomware authors and have come up with lock screen claiming a user’s Windows license has expired. A tech support number is provided, and a fake Microsoft technician is happy to help so long as the victim pays to have their computer unlocked.After installing whatever rogue program has been tainted with the screen locker, Malwarebytes reported that users will see what “truly resembles a genuine Microsoft program.” It installs and waits for the victim to restart their computer. Upon restart, “the program activates to take over the desktop and display what looks like Windows updates.”To read this article in full or to leave a comment, please click here
A hacker is trying to sell a database dump containing account records for 167 million LinkedIn users.The announcement was posted on a dark market website called TheRealDeal by a user who wants 5 bitcoins, or around $2,200, for the data set that supposedly contains user IDs, email addresses and SHA1 password hashes for 167,370,940 users.According to the sale ad, the dump does not cover LinkedIn's complete database. Indeed, LinkedIn claims on its website to have over 433 million registered members.Troy Hunt, the creator of Have I been pwned?, a website that lets users check if they were affected by known data breaches, thinks that it's highly likely for the leak to be legitimate. He had access to around 1 million records from the data set.To read this article in full or to leave a comment, please click here
Cybercriminals can call on an extensive network of specialists for "business" expertise, including people who train and recruit, launder money, and provide escrow services, according to HPE.The cybercriminal underground includes people who provide human resources functions, like recruiting and background checks, but also specialists who help market and sell exploit kits and compromised data and others who serve as middlemen in anonymous transactions, says The Business of Hacking white paper from Hewlett Packard Enterprise.To read this article in full or to leave a comment, please click here
A gray hat replacing the Locky ransomware payload with a PSA, Windows 10 to double the number of ads after the Anniversary Update, and Quaker Oats threatening to sue actual Quakers for trademark infringement are some of the varied bits and bytes which caught my attention today.New Locky ransomware PSAThe command and control servers for Locky ransomware were previously hacked to show a “Stupid Locky” message instead of locking a victim’s machine, but F-Secure researcher Sean Sullivan discovered “a similar grey hat hack” that delivers a PSA to would-be Locky victims.To read this article in full or to leave a comment, please click here