Archive

Category Archives for "Network World Security"

AttackIQ tests networks for known weaknesses attackers exploit

Startup AttackIQ can run attack scenarios against live networks to see whether the defenses customers think are in place are actually doing their job.The platform, called FireDrill, consists of an agent that is deployed on representative endpoints, and a server that stores attack scenarios and gathers data.The platform’s function is similar to that of another startup SafeBreach. Both companies differ from penetration testing in that they continuously test networks whereas a pen test gives a snapshot in time with large gaps between each snapshot.To read this article in full or to leave a comment, please click here

IBM launches new mainframe with focus on security

A new IBM mainframe includes security hardware to encrypt data without slowing down transactions and can integrate with IBM security software to support secure hybrid-cloud services. Ravi Srinivasan, vice president of strategy and offering management for IBM Security Thanks to an encryption co-processor, the new IBM z13s mainframe offloads encryption and doubles the speed at which previous mainframes could perform transactions, making for faster completion times and lower per-transaction costs, says Ravi Srinivasan, vice president of strategy and offering management for IBM Security.To read this article in full or to leave a comment, please click here

Tim Cook says Apple will oppose court order rather than hack customers

Apple's CEO Tim Cook has reacted sharply to a federal court order in the U.S. that would require the company to help the FBI search the contents of an iPhone 5c seized from Syed Rizwan Farook, one of the terrorists in the San Bernardino, California, attack on Dec. 2.The U.S. government "has demanded that Apple take an unprecedented step which threatens the security of our customers," Cook wrote in an open letter to customers posted on Apple's website on Wednesday. He added that the moment called for a public discussion and he wanted customers and people around the country "to understand what is at stake."To read this article in full or to leave a comment, please click here

Tim Cook says Apple will oppose court order rather than hack customers

Apple's CEO Tim Cook has reacted sharply to a federal court order in the U.S. that would require the company to help the FBI search the contents of an iPhone 5c seized from Syed Rizwan Farook, one of the terrorists in the San Bernardino, California, attack on Dec. 2.The U.S. government "has demanded that Apple take an unprecedented step which threatens the security of our customers," Cook wrote in an open letter to customers posted on Apple's website on Wednesday. He added that the moment called for a public discussion and he wanted customers and people around the country "to understand what is at stake."To read this article in full or to leave a comment, please click here

‘Locky’ ransomware, which infects like Dridex, hits the unlucky

A new flavor of ransomware, similar in its mode of attack to the notorious banking software Dridex, is causing havoc with some users.Victims are usually sent via email a Microsoft Word document purporting to be an invoice that requires a macro, or a small application that does some function.Macros are disabled by default by Microsoft due to the security dangers. Users who encounter a macro see a warning if a document contains one.If macros are enabled, the document will run the macro and download Locky to a computer, wrote Palo Alto Networks in a blog post on Tuesday. The same technique is used by Dridex, a banking trojan that steals online account credentials.To read this article in full or to leave a comment, please click here

Apple ordered to assist in unlocking iPhone used by San Bernardino attacker

Apple was ordered Tuesday by a federal judge in California to provide assistance to the FBI to search a locked iPhone 5c that was used by Syed Rizwan Farook, one of the terrorists said to have been involved in an  attack in San Bernardino, California, on Dec. 2.The government's request under a statute called the All Writs Act will likely give a boost to attempts by law enforcement to curb the use of encryption by smartphone vendors.Apple is fighting in a New York federal court a similar move by the Department of Justice to get the company's help in unlocking the iPhone 5s smartphone of an alleged methamphetamine dealer. On Friday, it asked the New York court to give a final order as it has received additional similar requests from law enforcement agencies, and was advised that more such requests could come under the same statute.To read this article in full or to leave a comment, please click here

Craigslist fails to flag most scam rental ads, study finds

Craigslist, the popular online listings service, has waged a long fight against scammers, but a new academic study suggests it's been losing the battle.The study focussed on listings for housing rentals, and found that Craigslist failed to remove a majority of those that were fraudulent.The researchers analyzed two million ads over a five-month period in 2014 and determined that Craigslist had flagged and removed fewer than half the listings that likely weren't genuine.Looking for housing can be stressful, and people are vulnerable to schemes that advertise below-market pricing or ways to get ahead of the rental game.To read this article in full or to leave a comment, please click here

Use Linux? Stop what you’re doing and apply this patch

A buffer-overflow vulnerability uncovered Tuesday in the GNU C Library poses a serious threat to countless Linux users.Dating back to the release of glibc 2.9 in 2008, CVE-2015-7547 is a stack-based buffer overflow bug in the glibc DNS client-side resolver that opens the door to remote code execution when a particular library function is used. Software using the function can be exploited with attacker-controlled domain names, attacker-controlled DNS servers or man-in-the-middle attacks.Glibc, which was also at the core of the "Ghost" vulnerability found last year, is a C library that defines system calls and other basic functions on Linux systems. Its maintainers had apparently been alerted of the new problem last July, but it's not clear if any remediation effort was launched at that time.To read this article in full or to leave a comment, please click here

IBM goes all in on blockchain, offers cloud-based service

IBM is betting big on blockchain secure-records technology taking off beyond its traditional use in bitcoin and other financial transactions. The company is now offering a cloud-based service to allow developers to set up blockchain networks and test and deploy related apps.IBM announced a flurry of blockchain-related initiatives Tuesday, including developer services hosted on its Bluemix cloud. Developers can access DevOps tools to create, deploy and monitor blockchain applications on the IBM cloud, the company said.To read this article in full or to leave a comment, please click here

Naked judge’s photos used on website to promote nudist resort without his knowledge

Like it or not, you are lawfully free game to be surveilled and photographed when you leave the privacy of your house.If you commit a crime, then you should expect the police to release a surveillance video – although why the police found it important enough to release a video of Victoria Secret underwear thieves is unknown; the fact that the male and female team allegedly stole 80, then 120 sexy pairs of undies valued at $2,500 might have something to do with it.Then there’s photos, which can be taken with or without your consent, that could end up online.To read this article in full or to leave a comment, please click here

Xen’s latest hypervisor updates are missing some security patches

The Xen Project released new versions of its virtual machine hypervisor, but forgot to fully include two security patches that had been previously made available.The Xen hypervisor is widely used by cloud computing providers and virtual private server hosting companies.Xen 4.6.1, released Monday, is flagged as a maintenance release, the kind that are put out roughly every four months and are supposed to include all bug and security patches released in the meantime."Due to two oversights the fixes for both XSA-155 and XSA-162 have only been partially applied to this release," the Xen Project noted in a blog post. The same is true for Xen 4.4.4, the maintenance release for the 4.4 branch that was released on Jan. 28, the Project said.To read this article in full or to leave a comment, please click here

Should you worry about the Internet of Hackable Things?

If 2015 was the year of the Internet of Things, 2016 could be the year of the hacked Internet of Things. That could mean a lot of headaches for CIOs, whether they're fans of these new devices themselves or will be dealing with employees connecting them at work and managing the potential security exposure that brings. "The issue to date is that devices are vulnerable just by the fact that they exist and can connect to the Internet," says Jerry Irvine, member of the U.S. Chamber of Commerce’s Cybersecurity Leadership Council and CIO of Prescient Solutions. "Anybody can get to a device if you don't secure them properly." To read this article in full or to leave a comment, please click here

How to prevent shadow IT

Stopping the armchair IT folksImage by Mette1977 What do complex IT policies, outdated software and lack of IT-supported services have in common? They all contribute to shadow IT, which occurs when employees circumvent procedures to use unapproved services and software. The last thing employees want to do when working on a project is check in with the IT department, so how can IT provide employees with necessary resources so shadow IT is no longer an issue? These InfoSec professionals share their suggestions for preventing shadow IT before it becomes the new normal. To read this article in full or to leave a comment, please click here

IBM unveils z13s mainframe focused on security and hybrid clouds

IBM has unveiled its new z13s mainframe, which it claims offers encryption at twice the speed as previous mid-range systems, without compromising performanceThe company, which sold its x86 server business to Lenovo, continues to invest in new designs of its mainframe to handle new compute challenges. It launched in January last year, the z13, its first new mainframe in almost three years, with a new processor design, faster I/O and the ability to address up to 10TB of memory. The design of the z13 was focused on real-time encryption and embedded analytics.To read this article in full or to leave a comment, please click here

VoIP phone with default password can be used for covert surveillance

If you’d like an attacker to eavesdrop on your calls made on VoIP phones, then leave the default password in place. If not, then change it.Using default or weak passwords will continue to bite companies, but this time instead of spying via IP cameras, it was enterprise-grade VoIP phones being pwned. When a client asked information security consultant Paul Moore how to improve security without disrupting ease of VoIP phone deployment, Moore discovered the company was using the default password.To read this article in full or to leave a comment, please click here

IDG Contributor Network: Why companies are becoming more likely to pay when struck by ransomware

A quarter of companies have made their mind up when it comes to a ransomware attack. They're paying the ransom, according to a new study.Twenty-four percent of companies say they would pay. And not only would they cough-up the money, but 14% of the polled would pay $1 million or more to prevent the attack, according to findings by the Cloud Security Alliance (CSA) and Skyhigh, who have compiled the study. The CSA is a non-profit promoting best-practices in cloud use; Skyhigh is a cloud security company.The CSA surveyed 200 IT and security professionals across sectors worldwide. The researchers have been examining cloud take-up along with risk. They think that cyberattacks overall are a concern for enterprises "when it comes to moving their systems of record to the cloud," CSA and Skyhigh say in their report.To read this article in full or to leave a comment, please click here

Russian cyberspy group uses simple yet effective Linux Trojan

A cyberespionage group of Russian origin known as Pawn Storm is infecting Linux systems with a simple but effective Trojan program that doesn't require highly privileged access.Pawn Storm, also known as APT28, Sofacy or Sednit, is a group of attackers that has been active since at least 2007. Over the years, the group has targeted governmental, security and military organizations from NATO member countries, as well as defense contractors and media organizations, Ukrainian political activists and Kremlin critics.The group is known for using zero-day exploits -- exploits for previously unknown vulnerabilities -- as well as other infection techniques like spear-phishing emails with malicious attachments. Its primary tool is a Windows backdoor program called Sednit, but the group also uses malware programs for Mac OS X, Linux and even mobile operating systems.To read this article in full or to leave a comment, please click here

New products of the week 2.15.2016

New products of the weekOur roundup of intriguing new products. Read how to submit an entry to Network World's products of the week slideshow.VMware Workspace ONEKey features: Workspace ONE delivers a digital workspace that integrates device management, application delivery and identity management technologies to offer combined benefits on a single secure mobile platform to enable management and delivery of business critical resources.To read this article in full or to leave a comment, please click here

Malware targets all Android phones — except those in Russia

A malware program for Android seen advertised on Russian underground forums in the last few months appears to have made its first big debut.MazarBOT can take full control of a phone and appears to be targeting online banking customers, wrote Peter Kruse, an IT security expert and founder of CSIS Security Group, based in Copenhagen, which does deep investigations into online crime for financial services companies."Until now, MazarBOT has been advertised for sale on several websites on the Dark Web, but this is the first time we’ve seen this code to be deployed in active attacks," Kruse wrote.To read this article in full or to leave a comment, please click here

Attackers try to compromise Magento with a fake patch

Attackers are still trying to find Magento installations that haven't patched a particularly bad vulnerability, this time trying to trick people into downloading a fake patch.The bogus patch purports to fix a flaw known as the Shoplift Bug, or SUPEE-5344, wrote Denis Sinegubko, a senior malware researcher with Sucuri."While the patch was released February 2015, many sites unfortunately did not update," he wrote. "This gave hackers an opportunity to compromise thousands of Magento powered online stores."To read this article in full or to leave a comment, please click here