A Trojan program is being distributed through USB drives and seems to be designed for stealing information from so-called air-gapped computers that are not connected to the Internet.The new Trojan has been dubbed USB Thief by security researchers from antivirus firm ESET and has several characteristics that set it apart from the traditional malware programs that spread using USB storage devices and the Windows Autorun feature.First of all, USB Thief infects USB drives that contain portable installations of popular applications like Firefox, NotePad++ or TrueCrypt. It's copied to such installations as a plug-in or DLL (dynamic link library) and is then executed along with those applications.To read this article in full or to leave a comment, please click here
The spectacular and the burn-outThe tech industry mirrors what goes on in regular society – people and companies rise in power one year only to fade away the next. That kind of change is the one constant in the high-tech industry. We have seen some spectacular successes and some incredible flame-outs. In 30 years the tech industry has seen many such transformations from companies such as IBM and Cisco to Nortel (remember them?) to technologies like SNA and Token Ring to Ethernet. Here we try to focus on the most important happenings since our own inception in 1986. Enjoy the ride.To read this article in full or to leave a comment, please click here
Where it all began, 30 years agoNetwork world is turning 30. Don’t be fooled by the “Volume 3, Number 3” printed under the masthead, this was indeed the front page of the very first edition of Network World, dated March 24, 1986. Pre-Internet, of course, it was print-only. The featured front-page story – “Users force LU 6.2 issue” – was written by John Dix, then a senior editor, today our editor-in-chief. We’ve plucked a few other highlights from that issue, including ads, so enjoy the walk down Memory Lane.To read this article in full or to leave a comment, please click here
What would happen if you switched the enterprise to Airplane Mode?The simple answer: Nothing. Literally. Virtually every corporate process would grind to a halt, which is a simple testament to how reliant the modern organization is on the complex, interwoven, interdependent systems that pervade every fiber of business and society today.From the key enabler of business agility and transformation to tactical new answers in cloud, mobile computing and analytics, intelligent connectivity has never been a more essential part of business, government and the consumer experience.“All of these new trends we talk about -- Internet of things, mobility, cloud computing, mesh computing -- are network-centric compute paradigms," says Zeus Kerravala, founder and principal analyst with ZK Research.To read this article in full or to leave a comment, please click here
Ten years ago, there were no smartphones. It was the coffeeshop era of Wi-Fi, which meant that the Internet was just beginning to follow us out the door and into the world. Amazon first released EC2, to some confusion.
Nowadays, of course, Wi-Fi and mobile data are almost ubiquitous, smartphones have hit market saturation in the most developed nations, and EC2 is a cornerstone of modern business IT. The pace of technological progress continues to accelerate, it seems, as entire new product categories change the way we live and do business, and there’s no end in sight.
Here’s our look ahead to 10 years in the future, and how the tech world may change.To read this article in full or to leave a comment, please click here
A researcher with RSA says faulty firmware found in security cameras sold by at least 70 vendors may be a contributor to many of the credit card breaches that have proved costly to retailers.Rotem Kerner based his research on a paper RSA published in December 2014 into a malware nicknamed Backoff, which steals payment card details processed by point-of-sale systems.The U.S. Secret Service and Department of Homeland Security warned in August 2014 that upwards of 1,000 U.S. businesses may have been infected with Backoff.To read this article in full or to leave a comment, please click here
Weeks before the FBI sought a court order forcing Apple to help it break into an iPhone used by one of the the San Bernardino gunmen, a sister agency in the Department of Justice was already using an Israeli security firm's technology to attempt to crack a similar device.The FBI and the DOJ have repeatedly insisted that they had no other option but to force Apple to help them crack an iPhone used by the gunman Syed Rizwan Farook, at least until an outside party offered assistance earlier this week.“We have engaged all parts of the U.S. government” to find a way to access the device without Apple’s help, FBI Director James Comey told lawmakers in early March. “If we could have done this quietly and privately, we would have done it.”To read this article in full or to leave a comment, please click here
Web users face an even greater threat to their privacy as large ISPs align themselves more closely with data brokers to track their customers, an advocacy group said.Several large ISPs have either formed partnerships with, or acquired, data tracking and analytics firms in recent years, giving them a "vast storehouse of consumer data," according to a report Wednesday from the Center for Digital Democracy."ISPs have been on a shopping spree to help build their data-targeting system across devices and platforms," the report says. "Superfast computers analyze our information ... to decide in milliseconds whether to target us for marketing and more."To read this article in full or to leave a comment, please click here
Apple's saga with the FBI isn't over just yet, but it appears that the two entities are no longer on a collision course, legally speaking of course. Earlier this week, the DOJ filed a motion with the court overseeing the matter to postpone an upcoming hearing which was scheduled to take place on Tuesday. The reason? The DOJ relayed that the FBI may have found a way to access the locked iPhone of one of the San Bernardino terrorists with out Apple's assistance..As has been recounted before, the iPhone in question was equipped with a passcode and may have been set up to erase itself after 10 failed passcode entries. As a result, the FBI wanted Apple to create an entirely new and modified version of iOS that would have bypassed this security mechanism. In turn, the FBI would have been able to implement a brute force attack to access the device.To read this article in full or to leave a comment, please click here
What will the cause of your next security breach?
Will it be your firewall?
Will it be your VPN?
Will it be your website?
Nope.
Chances are, your next security breach will be caused by hackers exploiting someone within your organization.
In just the last two months, a single, simple phishing scam targeted seven organizations, gaining access to W2 information. And business email compromise attacks, in particular, are growing fast and hard to defend against.To read this article in full or to leave a comment, please click here(Insider Story)
On-demand car service Uber is offering from $3,000 to $10,000 to hackers who can find flaws in its computer and communications systems.HackerOne, a company that connects white-hat hackers to companies who want to use them to test the security of systems, is running Uber's "bounty program."The amount of the reward is based on the severity of the flaw discovered by a hackers, i.e., security researchers.HackerOne has established three categories of rewards; $10,000 for a "critical flaw," $5,000 for a "significant flaw" and $3,000 for "medium issues."INSIDER: Traditional anti-virus is dead: Long live the new and improved AV
"Chaining of bugs is not frowned upon in any way, we love to see clever exploit chains!" Uber stated in its online challenge. "If you get access to an Uber server, please report it us and we will reward you with an appropriate bounty taking into full consideration the severity of what could be done. Chaining a CSRF vulnerability with a self-XSS? Nice! Using AWS access key to dump user info? Not cool."To read this article in full or to leave a comment, please click here
An outside contractor with established ties to the FBI has most likely shown investigators how to circumvent the iPhone's security measures by copying the contents of the device's flash storage, a forensics expert said today.Called "NAND mirroring," the technique relies on using numerous copies of the iPhone storage to input possible passcodes until the correct one is found."The other ideas, I've kind of ruled out," said Jonathan Zdziarski in an interview. Zdziarski is a noted iPhone forensics and security expert. "None of them seemed to fit."+ MORE Let's hope the FBI can really crack the iPhone +To read this article in full or to leave a comment, please click here
Enterprise system administrators can now block attackers from using a favorite malware infection method: Microsoft Office documents with malicious macros.
Microsoft this week added a new option in Office 2016 that allows administrators to block macros -- embedded automation scripts -- from running in Word, Excel and PowerPoint documents that originate from the Internet.
Microsoft Office programs support macros written in Visual Basic for Applications (VBA), and they can be used for malicious activities like installing malware. Macro viruses were popular more than a decade ago but became almost extinct after Microsoft disabled macros by default in its Office programs.To read this article in full or to leave a comment, please click here
Wham, bam, bam – three more hospitals have been hit with ransomware.Kentucky hospital hit with ransomwareDavid Park, COO of Methodist Hospital in Henderson, Kentucky, told WFIE 14 News that after attackers copied patients’ files, locked those copies and deleted the originals, the hospital notified the FBI. The attack happened on Friday after the ransomware made it past the hospital’s email filter; by Monday, Methodist officials said their system was “up and running.”To read this article in full or to leave a comment, please click here
Systems administrators should get ready to fix a critical vulnerability on April 12 that affects the Windows and Samba implementations of the Server Message Block (SMB) protocol.
The vulnerability was discovered by Stefan Metzmacher, a core developer of the Samba software, which is a popular open-source implementation of the SMB/CIFS (Server Message Block/Common Internet File System) networking protocol.
SMB/CIFS is implemented by default in Windows, where it's used for network file and printer sharing. Linux and other Unix-like systems can interoperate and share resources with Windows systems over the same protocol using the Samba software.To read this article in full or to leave a comment, please click here
Should companies have a cybersecurity expert on their board of directors? The federal government seems to think so, and increasingly so do security and risk professionals, although companies would prefer to make that decision without government involvement, according to a sampling of industry pros.
A disclosure bill introduced by the U.S. Senate in December would ask companies to disclose whether they have a “cyber security expert” or equivalent measure on its board of directors. While no action is required if no expert currently has a seat on the board, the company would need to provide an explanation for how it is approaching cybersecurity.To read this article in full or to leave a comment, please click here(Insider Story)
The federal government's warning last week about cybersecurity vulnerabilities in vehicles is a well-intentioned public service announcement that has little value for consumers.The warning noted the highly publicized wireless vehicle hack of a Chrysler Jeep Cherokee last July, where two security experts demonstrated they could control critical functions of the vehicle. The revelation lead to Chrysler recalling 1.4 million vehicles to update software.To read this article in full or to leave a comment, please click here
Get rid of that stuff collecting dustImage by ThinkstockAs new security threats continue to emerge and security teams find themselves stuck in the cycle of piling on new products and policies each time they receive an alert notification, true functions of security programs get lost in the clutter. As melting snow and longer days promise that spring is right around the corner, take this time to start fresh and “spring clean” your security ecosystems. To help get you started, these infosec professionals provide guidelines for what to check off on a security spring-cleaning list.To read this article in full or to leave a comment, please click here
Glassdoor Economic Research
A deep dive into crowdsourced salary data from more than half a million employees shows that the gender pay gap is very real, and that male computer programmers make far more than their female counterparts.The Economic Research arm of online jobs marketplace Glassdoor has issued a report titled Demystifying the Gender Pay Gap that attempts to explain why males are making so much more than females across industries and countries. While the researchers have come up with explanations for much of the pay gap in the United States, about a third of the gap is unexplained and presumed to be due to factors such as intentional or unintentional bias as well differences in pay negotiations.To read this article in full or to leave a comment, please click here
A malware researcher has found a few tricks to stop one of the latest types of ransomware, called Locky, from infecting a computer without using any security programs.Ransomware is malware that encrypts a computer's files. Users are shown instructions for how to pay a fee to get the decryption key. The costs can range from a few hundreds dollars to thousands, payable to cybercriminals in bitcoin.Locky is a relative newcomer to the ransomware scene, which computer security researchers first saw over the last few months. It is primarily distributed through spam messages that try to trick people into opening attachments, such as fake invoices.To read this article in full or to leave a comment, please click here