Don't jumpImage by ThinkStockRansomware is obviously analogous to kidnapping, and dealing with the perpetrators can feel much like negotiating with a jumper standing on the edge of high-rise roof. The Institute for Critical Infrastructure Technology recently released a report that in part describes how to deal with criminals when they are holding your data hostage. The report talks of what to do once a breach has been found.To read this article in full or to leave a comment, please click here
Symantec wants to see the encrypted Web grow and will offer free basic SSL/TLS certificates to domain owners through Web hosting companies that join its new Encryption Everywhere program.The company has already signed partnerships with more than ten hosting providers, including InterNetX, CertCenter, Hostpoint and Zoned in Europe, and is close to finalizing deals with ten others. The customers of those companies will receive a basic website encryption package that includes a standard TLS certificate valid for one year.Depending on their needs, customers will also be able to opt for paid premium packages that include extended validation (EV) certificates or wildcard certificates that are valid for multiple websites hosted on different subdomains.To read this article in full or to leave a comment, please click here
Tens of thousands of Web browsers may have been exposed to ransomware and other malware over the last few days after malicious advertisements appeared on high-profile websites, security vendors said Monday.The malicious advertisements are connected to servers hosting the Angler exploit kit, a software package that probes a computer for software vulnerabilities in order to deliver malware, Trend Micro said.Security vendor Trustwave wrote on Monday that it also detected a large Angler-related malvertising campaign.To read this article in full or to leave a comment, please click here
Google doubled the bounty it will pay for a successful exploit of its Chromebook laptop to US$100,000, sweetening the pot in hopes of drawing more attention from security researchers.The larger reward is intended for someone who finds a persistent compromise of a Chromebook in guest mode, according to Google's security blog on Monday."Since we introduced the $50,000 reward, we haven’t had a successful submission," Google wrote. "That said, great research deserves great awards, so we’re putting up a standing six-figure sum, available all year round with no quotas and no maximum reward pool."To read this article in full or to leave a comment, please click here
Spammed Word documents with malicious macros have become a popular method of infecting computers over the past few months. Attackers are now taking it one step further by using such documents to deliver fileless malware that gets loaded directly in the computer's memory.Security researchers from Palo Alto Networks analyzed a recent attack campaign that pushed spam emails with malicious Word documents to business email addresses from the U.S., Canada and Europe.The emails contained the recipients' names as well as specific information about the companies they worked for, which is not typical of widespread spam campaigns. This attention to detail lent more credibility to spam messages and made it more likely that victims would open the attached documents, the researchers said.To read this article in full or to leave a comment, please click here
Manual processes represent a major incident response bottleneck at enterprise organizations. Here are a few alarming data points from some recent ESG research (note: I am an ESG employee):1. 27% of enterprise organizations (i.e. those with more than 1,000 employees) spend at least 50% of their incident response time on manual processes like filling out paper work, finding a particular person, physically viewing multiple security management tools, etc.2. 93% of organizations believe that their incident response efficiency and effectiveness is limited by the time and effort required for manual processes.As if this wasn’t bad enough, IR process issues are exacerbated by a few other challenges:To read this article in full or to leave a comment, please click here
Google, Apple and Facebook were targeted by double the number of phishing sites as financial institutions, like banks and PayPal were in 2015, Webroot says in its latest annual briefing published in February.The reason for the dot-com thrust is so that the hackers can accumulate larger numbers of user IDs and passwords—many people on those sites use the same credentials across the Internet, Webroot explains. Attacking the Facebooks et al, garners “multiple compromised accounts with each phishing victim,” the security outfit says.To read this article in full or to leave a comment, please click here
When a demand for your money or your data pops up on a critical system, you have only a short period of time to decide whether to respond to a ransomware attack.Online extortion is on the increase, as criminals use a variety of attack vectors, including exploit kits, malicious files, and links in spam messages, to infect systems with ransomware. Once all the files have been encrypted, victims can either try to recover the files on their own or pay the ransom. While there have been some exceptions, victims are seldom able to break the encryption and restore access. More often, successful circumvention of a ransomware attack involves wiping the affected systems and promptly restoring everything from clean backups.To read this article in full or to leave a comment, please click here
When it comes to layered defense and security tools, less is often more just as more can sometimes be less. The average enterprise uses 75 security products to secure their network. That's a lot of noise and a lot of monitoring and testing for security practitioners. To make sure that the security tools not only work but work in harmony with each other, some security professionals recommend taking a closer look at the layers of the security ecosystem to eliminate redundancies that contribute to alert overload. There is a lot of threat intelligence information out there, and Stephan Chenette, CEO, AttackIQ said all of that threat information can be overwhelming. "They need to use the threat information to determine what is applicable to their organization and tailor it to their industry. Risk has a number of factors, not only the impact to organization but also the real probability of the threat," Chenette said.To read this article in full or to leave a comment, please click here
As you discovered in the first installment of this five-part series, tabletop exercises can be an important practical tool for reviewing and updating incident response plans. You should schedule them to correspond with yearly Incident Response (IR) plan reviews.When you use existing incident response measures as you play out tabletop data breaches, you uncover holes in IR that can amplify disaster when real data compromise hits the proverbial fan. Unexpected results in tabletop scenarios can foster positive change in IR planning to prepare the enterprise.To read this article in full or to leave a comment, please click here(Insider Story)
Say you don't feel like plowing through my recent investigative report on "WiFi Hotspot Blocking Persists Despite FCC Crackdown." Maybe I can at least entice you to check out the infographic my colleague Steve Sauer assembled for that story, as well as the consumer complaints to the FCC themselves, which you can scroll through via the Scribd widget embedded below. Those complaints were gathered via a Freedom of Information Act (FOIA) request to the FCC in the wake of the agency fining Marriott and others big bucks for purposely blocking people's Wi-Fi hotspot devices.To read this article in full or to leave a comment, please click here
New products of the weekOur roundup of intriguing new products. Read how to submit an entry to Network World's products of the week slideshow.Thunder CFWKey features: Thunder CFW is the first converged security solution for service providers, cloud providers and large enterprises that includes a high-performance Gi / SGi firewall with integrated DDoS protection and carrier grade NAT and data center firewall with server load balancing and DDoS protection. Thunder CFW also includes a high-performance secure web gateway with integrated explicit proxy, URL filtering and SSL insight, IPSec site-to-site VPN and aGalaxy centralized management support. More info.To read this article in full or to leave a comment, please click here
Virtual private networks have many uses. Typically, businesses deploy VPNs so employees can securely access the corporate network from outside the office. However, we’ve seen a rise in third-party VPN services that use the same underlying technology, the encrypted tunnel, to simply provide a secure Internet connection.
Why would you ever need to do this?
When connected to a VPN service, the websites you access think you’re at the location where the VPN server is located. This can help anonymize your Internet traffic so it’s much harder for websites to track your personal browsing history.
This also allows you to access websites, services, and content that’s restricted where you are currently located, such as Netflix or Hulu when traveling overseas.To read this article in full or to leave a comment, please click here(Insider Story)
VPNsVirtual private networks (VPNs) have many uses. When connected to a VPN service, the websites you access think you’re at the location where the VPN server is located. This can help anonymize your Internet traffic so it’s much harder for websites to track your personal browsing history. This also allows you to access content that’s restricted where you are currently located, such as Netflix or Hulu when traveling overseas. We evaluated seven third-party VPN services. Here are the individual reviews: On our Android device, we installed the Avast SecureLine app, version 1.0.7704. By default, you only see a status icon for the app on the status bar of Android and on the notification drawer when you’re connected to the service. However, you can optionally enable the icon and notification to be present when disconnected as well. The Android app is also very simple. There’s no shortcut to any help or documentation within the Android app or Windows application, but it really isn’t needed given how simple the apps and service are. Additionally, your Internet traffic would be encrypted when you’re on unsecured Wi-Fi networks, such as public hotspots. This prevents local eavesdroppers from capturing your browsing history and logins. Continue reading
Patrick Kramer pulled back his sleeves and reached out an empty hand to offer his business card.
His contact details appeared on the smartphone screen as if by magic, but it was a sufficiently advanced technology that made it happen.
For an encore, he opened a locked door without a key. When anyone else touched the handle, it remained locked.
Unlike other magicians, Kramer willingly explained the secret to the trick, which is so simple a dog could perform it: In the flesh between his left thumb and forefinger, he has inserted a tiny glass bead containing an NFC chip.To read this article in full or to leave a comment, please click here
If you feel comforted by your antivirus vendor’s boast of having a certification from Verizon, then maybe you need to rethink that. Google Project Zero security researcher Tavis Ormandy says the methodology behind Verizon’s certification is “about as ridiculous as you would expect,” but vendors follow the gimpy guideline criteria (pdf), pay the fee to be certified and users tend to view the certification as some sign of excellence to be trusted.To read this article in full or to leave a comment, please click here
From our "Your Tax Dollars At Work" department: You, my friend, are being spied on ... but you probably already knew that. But what you might not know is that besides the usual suspects, the NSA (thanks to Edward Snowden) and probably every other TLA (Three Letter Agency) with any kind of signals intelligence mission, it turns out that the Department of Justice (DoJ) has also been secretly snagging your cell phone data by overflying urban areas with light aircraft equipped with a device called a “Dirtbox,” a successor or maybe more accurately, a sibling, to an earlier device called the StingRay.To read this article in full or to leave a comment, please click here
The Defense Advanced Research Projects Agency was created years ago because the US didn’t want to be surprised again by any major new technological developments (specifically in response to the surprise launch of Sputnik in 1958) and ensure that the US should do any surprising.+More on Network World: The weirdest, wackiest and coolest sci/tech stories of 2015+With that in mind the agency is launching a potentially scary program called “Improv” that looks at what DARPA calls today’s “bustling tech marketplace with an inventor’s eye and imagine how easily purchased, relatively benign technologies might be converted into serious security threats.”To read this article in full or to leave a comment, please click here
Microsoft is adding a new weapon to its aggressive Windows 10 push—or at least it appears that it is.Earlier in the week, Microsoft added what sounds a lot like an advertisement for Windows 10 to its Patch Tuesday release for Internet Explorer, bundling it in with a critical security patch. The new update affects only Windows 7 and 8.1 PCs and brings an upgrade prompt to Internet Explorer 11.In its description of update KB3146449, Microsoft says it “adds functionality to Internet Explorer 11 on some computers that lets users learn about Windows 10 or start an upgrade to Windows 10.” Or as we common folk call it, an ad.To read this article in full or to leave a comment, please click here
This column is available in a weekly newsletter called IT Best Practices. Click here to subscribe. The number of new malware variations that pop up each day runs somewhere between 390,000 (according to AV-TEST Institute) and one million (according to Symantec Corporation). These are new strains of malware that have not been seen in the wild before.Even if we consider just the low end figure, the situation is still dire. Especially when it comes to advanced persistent threats (APTs), which are the most sophisticated mutations of viruses and malware, which are very effective at going completely undetected by many of the cybersecurity technologies in use today. Even security experts tell organizations to be prepared for "when" and not "if" an attack is successful.To read this article in full or to leave a comment, please click here