Archive

Category Archives for "Network World Security"

Networks need automation — just ask the U.S. military

IT professionals are looking to software-defined networking to automate what are still complex and vulnerable systems controlled by human engineers. Major General Sarah Zabel knows where they’re coming from.Zabel is the vice director of the Defense Information Systems Agency (DISA), which provides IT support for all U.S. combat operations. Soldiers, officers, drones, and the president all rely on DISA to stay connected. Its network is the epitome of a system that’s both a headache to manage and a prime hacking target.Zabel was a featured speaker on Tuesday at the Open Networking User Group conference, a Silicon Valley gathering of enterprise IT leaders who want to steer vendors toward technologies that meet their real needs. Members include large retailers, financial institutions, and manufacturers.To read this article in full or to leave a comment, please click here

Hackers exploit unpatched Flash Player vulnerability, Adobe warns

Adobe Systems is working on a patch for a critical vulnerability in Flash Player that hackers are already exploiting in attacks. In the meantime, the company has released other security patches for Reader, Acrobat, and ColdFusion.The Flash Player vulnerability is being tracked as CVE-2016-4117 and affects Flash Player versions 21.0.0.226 and earlier for Windows, OS X, Linux, and Chrome OS. Successful exploitation can allow attackers to take control of affected systems."Adobe is aware of a report that an exploit for CVE-2016-4117 exists in the wild," the company said in an advisory published Tuesday. "Adobe will address this vulnerability in our monthly security update, which will be available as early as May 12."To read this article in full or to leave a comment, please click here

Microsoft fixes actively attacked IE flaw and 50 other vulnerabilities

Microsoft released patches for 51 vulnerabilities Tuesday, including one affecting Internet Explorer that hackers have exploited in targeted attacks against organizations in South Korea.The Microsoft patches were covered in 16 security bulletins, eight rated critical and eight important. The affected products include Windows, Internet Explorer, Microsoft Edge, Office and Microsoft .NET Framework.The patches included in the IE and Edge security bulletins, MS16-051 and MS16-052, are among the most important ones and should be prioritized because they can be exploited to compromise computers when users visit specially crafted Web pages.To read this article in full or to leave a comment, please click here

Alleged Syrian hacker is extradited to the US on extortion charges

A hacker with alleged connections to members of the  Syrian Electronic Army appeared in a Virginia court Tuesday to face charges of participating in an extortion scheme that threatened victims to delete or sell data from compromised computers.  Peter Romar, who was detained by German authorities on a provisional arrest warrant on behalf of the U.S., had been earlier charged by a criminal complaint unsealed on March 22. The Syrian national, also known as Pierre Romar, was residing in Waltershausen in Germany.He is alleged to have worked with Firas Dardar from Homs, Syria, on the extortion scheme.To read this article in full or to leave a comment, please click here

Sabotage? Rash of fiber cuts dog Verizon

Verizon and local police departments along the east coast have been tracking a series of seemingly deliberate fiber cuts that have been robbing consumers of cable, phone and Internet services.+More on Network World: Ethernet: Are there worlds left to conquer?+The number and the precision of some the cuts leads police and others to believe they are related to the now weeks long strike between some 40,000 Verizon workers represented by the Communications Workers of America and management. The workers went on strike April 13 primarily impacting Verizon’s wireline business, in nine Northeast and Mid-Atlantic States plus Washington, D.C.To read this article in full or to leave a comment, please click here

Slack is letting its users take their chat credentials to other apps

Slack is offering its users a new way to sign into other applications. The company announced Tuesday that it has launched a new "Sign in with Slack" feature that lets people use their login for the chat app to sign in to participating applications. Developers of applications like Quip can now enable their users to sign in with Slack credentials, which can make it easier for people to get started with applications -- and therefore more likely to try them out. The new feature makes it possible for independent developers and startups focused on workplace productivity to get an easier foothold with new users.To read this article in full or to leave a comment, please click here

NASA’s planet hunter spots record 1,284 new planets, 9 in a habitable zone

NASA’s planet hunting space telescope Kepler added a record 1,284 confirmed planets to its already impressive discoveries of extraterrestrial worlds. This batch of planets is the largest single account of new planets since Kepler launched in 2009 and more than doubles the number of confirmed planets realized by the space telescope so far to more than 2,300. NASA: Kepler's most excellent space discoveries "Before the Kepler space telescope launched, we did not know whether exoplanets were rare or common in the galaxy. Thanks to Kepler and the research community, we now know there could be more planets than stars,” said Paul Hertz, Astrophysics Division director at NASA. "This knowledge informs the future missions that are needed to take us ever-closer to finding out whether we are alone in the universe."To read this article in full or to leave a comment, please click here

Twitter #PassesNoteToFlightAttendant, geeky laughter ensues

Perhaps you noticed the story last week about an economics professor whose math scribblings prior to takeoff from Philadelphia so alarmed a paranoid ninny sitting next to him that she reported the “suspicious behavior” in a note passed to an American Airlines flight attendant. You know, as in math means terrorist so flight delayed two hours. Twitter noticed and this morning the hashtag #PassesNoteToFlightAttendant produced much merriment. Here’s a sampling, the first of which would have blown that ninny’s mind: There’s plenty more if this kind of thing amuses you.To read this article in full or to leave a comment, please click here

5 security experts share their best tips for ‘fringe’ devices

What is a ‘fringe’ device in IT? For some, it’s a gadget everyone has forgotten about — a printer in a corner office, an Android tablet in a public area used to schedule conference rooms. A fringe device can also be one that’s common enough to be used in the office yet not so common that everyone is carrying one around or has one hooked up to the Wi-Fi every day. As with any security concern, many of these devices are overlooked. There might be security policies and software used to track and monitor iPads and Dell laptops, but what about the old HP printer used at the receptionist’s desk? In a hospital, it might be a patient monitoring device. In a more technical shop, it could be a new smartphone running an alternate operating system.To read this article in full or to leave a comment, please click here

UK court declines to force alleged British hacker to decrypt his data

The U.K.'s National Crime Agency (NCA) failed in its attempt to use what critics described as a legal backdoor to force a suspected hacker to provide the decryption key for data on multiple devices.Lauri Love, 31, was arrested by U.K. authorities in 2013 under suspicion of hacking into computers belonging to multiple U.S. government agencies including NASA, the FBI, the Federal Reserve, and the Army.Love is the subject of separate indictments in courts in New Jersey, New York, and Virginia and faces extradition to the U.S. An extradition hearing is scheduled for the end of June.To read this article in full or to leave a comment, please click here

Privacy advocates want protections for US residents in foreign surveillance law

Congress should limit the ability of the FBI and other agencies to search for information about U.S. residents in a database of foreign terrorism communications collected by the National Security Agency, privacy advocates say.The Foreign Intelligence Surveillance Act (FISA) Amendments Act, which allows the NSA to collect foreign Internet communications, expires in late 2017, and Congress should require that the communications of U.S. residents swept up in the controversial Prism and Upstream programs be protected with court-ordered warrants, privacy advocates told a Senate committee Tuesday.To read this article in full or to leave a comment, please click here

IDG Contributor Network: 3 ways to protect data and control access to it

Earlier we delved into disaster recovery and network security. Now it’s time to take a look at Critical Security Controls 13, 14 and 15, which cover data protection and access control. The Critical Security Controls are best practices devised by the Center for Internet Security (CIS), a nonprofit dedicated to improving cybersecurity in the public and private sectors.A company’s data is its crown jewels, and because it’s valuable, there will always be people looking to get their hands on it. Threats include corporate espionage, cybercriminals, disgruntled employees and plain old human error. Fortunately it’s relatively easy to reduce your potential exposure. It calls for protecting your data, using encryption and authentication, and carefully restricting access.To read this article in full or to leave a comment, please click here

IDG Contributor Network: Skull-produced sounds could replace existing biometric authentication

Are you happy with your on-device biometric fingerprint scanner? I’m not. The scanner on my most recent tablet has failed to unlock the device. The cause then was probably dirty hands coming in from the garage. I disabled that biometric experiment—likely never to be used again.I'm not the only one who sometimes disregards security in favor of ease of use. Half of passwords are more than 5 years old, a report found last year. And three-fourths of those surveyed then said they use duplicate passwords. Clearly not secure. The more complicated and consequently secure one makes the password, though, the harder it is to remember.To read this article in full or to leave a comment, please click here

Where to cut corners when the security budget gets tight

Whenever creating a budget, there is always the rainy day fund or the contingency account in case of unexpected circumstances. But what if those circumstances are a data breach that is bigger than you could have ever imagined? And you don’t have cyberinsurance? Sure you might be up the proverbial creek without a paddle but fear not as some security pros are willing to throw out a lifeline to help you at least get your head above the water with some sage advice. The common theme when asked about where to cut corners was to make sure your policies and procedures are sewn up tight. There are really no corners to cut but more about having solid policies in place.To read this article in full or to leave a comment, please click here(Insider Story)

Attackers are probing and exploiting the ImageTragick flaws

Over the past week security researchers have seen increasing attempts by hackers to find servers vulnerable to remote code execution vulnerabilities recently found in the ImageMagick Web server library.The flaws were publicly disclosed last Tuesday by researchers who had reason to believe that malicious attackers already had knowledge about them after an initial fix from the ImageMagick developers proved to be incomplete. The flaws were collectively dubbed ImageTragick and a website with more information was set up to attract attention to them.To read this article in full or to leave a comment, please click here

Bangladesh central bank hack may be an insider job, says FBI

The U.S. Federal Bureau of Investigation has found evidence that at least one employee of Bangladesh’s central bank was involved in the theft of US$81 million from the bank through a complex hack, according to a newspaper report.The number of employees involved could be higher, with people familiar with the matter suggesting that a handful of others may also have assisted hackers to negotiate Bangladesh Bank’s computer system, The Wall Street Journal reported on Tuesday.Bangladesh Bank officials could not be reached for comment.To read this article in full or to leave a comment, please click here

IBM’s Watson is going to cybersecurity school

It's no secret that much of the wisdom of the world lies in unstructured data, or the kind that's not necessarily quantifiable and tidy. So it is in cybersecurity, and now IBM is putting Watson to work to make that knowledge more accessible.Towards that end, IBM Security on Tuesday announced a new year-long research project through which it will collaborate with eight universities to help train its Watson artificial-intelligence system to tackle cybercrime.To read this article in full or to leave a comment, please click here

FCC, FTC launch inquiry into smartphone security updates

The U.S. Federal Communications Commission and Federal Trade Commission have opened parallel inquiries into the way smartphone security updates are issued and handled by major mobile carriers and device makers.The two agencies say they are responding to the growing amount of personal information held in smartphones and a recent rise in the attacks on the security of that information.The FCC has sent letters to AT&T, Verizon, T-Mobile, Sprint, and U.S. Cellular asking for information on their processes for reviewing and releasing security updates for mobile devices. The  FTC has asked for similar information from Apple, Blackberry, Google, HTC, LG, Microsoft, Motorola, and Samsung.To read this article in full or to leave a comment, please click here

SIEM review: Splunk, ArcSight, LogRhythm and QRadar

IT and security managers in the IT Central Station online community say that the most important characteristics of security information and event management (SIEM) products is the ability to combine information from several sources and the ability to do intelligent queries on that information. Four of the top SIEM solutions are Splunk, HPE ArcSight, LogRhythm, and IBM Security QRadar SIEM, according to online reviews by enterprise users in the IT Central Station community. But what do enterprise users really think about these tools? Here, users give a shout out for some of their favorite features, but also give the vendors a little tough love.To read this article in full or to leave a comment, please click here(Insider Story)