Archive

Category Archives for "Network World Security"

US government wants to sharply increase spending on cybersecurity

President Barack Obama on Tuesday will propose a sharp increase in cybersecurity spending for next year's budget, to improve outdated government software and promote better online security for consumers.The plan calls for a $3.1 billion fund to replace outdated IT infrastructure; a new position of federal chief information security officer; a commission to study cybersecurity problems, and a program to recruit cybersecurity experts into government roles.The U.S has been working since 2009 to improve the nation's cyber defenses, most recently with the Cybersecurity Act of 2015, which promotes better information sharing between private industry and government, said Michael Daniel, special assistant to the President and cybersecurity coordinator, in a phone briefing with reporters Monday.To read this article in full or to leave a comment, please click here

US government wants to sharply increase spending on cybersecurity

President Barack Obama on Tuesday will propose a sharp increase in cybersecurity spending for next year's budget, to improve outdated government software and promote better online security for consumers.The plan calls for a $3.1 billion fund to replace outdated IT infrastructure; a new position of federal chief information security officer; a commission to study cybersecurity problems, and a program to recruit cybersecurity experts into government roles.The U.S has been working since 2009 to improve the nation's cyber defenses, most recently with the Cybersecurity Act of 2015, which promotes better information sharing between private industry and government, said Michael Daniel, special assistant to the President and cybersecurity coordinator, in a phone briefing with reporters Monday.To read this article in full or to leave a comment, please click here

Flaws in Trane thermostats underscore IoT security risks, Cisco says

Cisco warned on Monday of serious flaws it found in an Internet-connected thermostat control, which it said are typical among products of vendors who aren't well-versed in network security.The flaws were found in the ComfortLink II thermostats made by Trane. The thermostats allow users to control room temperature from a mobile device, display the weather and even act as a digital photo frame.Cisco's Talos unit said the issues have now finally been patched since notifying Trane nearly two years ago, which is why it went public."The unfortunate truth is that securing internet-enabled devices is not always a high priority among vendors and manufacturers," wrote Alex Chiu, a Cisco threat researcher, in a blog post Monday.To read this article in full or to leave a comment, please click here

Snowden leaks furor still spilling over into courts

Nearly three years after former NSA contractor Edward Snowden first leaked details about massive domestic spying, his revelations have prompted a broader discourse, especially among legal scholars, over the potentially invasive nature of big data cybersurveillance tools.Even as intelligence officials, the FBI and Congress worry about the rise of terrorists using encryption to communicate, legal experts are concerned that the enormous volume of data still being collected and stored by the National Security Agency and other intelligence agencies will pose legal concerns based on the Fourth Amendment of the U.S. Constitution. The Fourth Amendment prohibits unreasonable searches and seizures without a judge's warrant supported by probable cause.To read this article in full or to leave a comment, please click here

Kingston buys encrypted flash drive maker IronKey

Kingston Technology today announced it has acquired the USB technology and assets of IronKey from Imation Corp.Imation, which purchased the then privately-held IronKey in 2011, did not disclose the financial details of the sale to Kingston.IronKey is perhaps best known for its highly secure USB flash drives, which use 256-bit AES encryption algorithm to secure data and a stainless steel case with no seams so it cannot be pried open.To read this article in full or to leave a comment, please click here

Is it time to give up on WordPress sites?

It’s being reported by Malwarebytes’ CyberheistNews and other sources that a unexpectedly large wave of hacking has been hitting thousands of WordPress sites (described as the “Weird WordPress Hack” just to fit in with the Buzzfeed style of headlines). The attacks are described as: "WordPress sites are injected with huge blurbs of rogue code that perform a silent redirection to domains appearing to be hosting ads," Malwarebytes Senior Security Researcher Jérôme Segura wrote in a blog post published Wednesday. "This is a distraction (and fraud) as the ad is stuffed with more code that sends visitors to the Nuclear Exploit Kit." To read this article in full or to leave a comment, please click here

9 technologies that could cut demand for lawyers, lower legal fees

Lawyers are embracing technology that makes them more efficient and less trapped in 100-hour work weeks but that also reduces the need for them in certain types of cases or turns their counsel into a commodity.These technologies and services include a Web platform that searches patents more quickly than lawyers can, an app to find flaws in contracts, low-cost access to ask legal questions and an arbitration network to keep from having to hire legal representation to go to small-claims court.Attorneys from across the country heard about these at the recent LegalTech conference where some of the attendees indicated that the innovations could save money for law firms and even change their hiring practices by cutting the need for full-timers. One attorney joked that the innovations are disrupting the profession so much that he’ll be retiring early.To read this article in full or to leave a comment, please click here

IDG Contributor Network: Algorithm developed to predict future botnet attacks

Six botnets have been discovered and traced back to their perpetrators by an algorithm produced by researchers at Israel's Ben-Gurion University (BGU) of the Negev. The scientists who built the formula say it will allow law enforcement to trace administrators responsible for future attacks.The key to the work is analyzing data produced by previous attacks, the cybersecurity researchers say.Malicious botnets are groups of Internet-connected computers that have been secretly compromised to forward traffic to other computers. Payloads can include spam and viruses. The PCs can become remote controlled and also proffer private information.To read this article in full or to leave a comment, please click here

Report examines the massive future cybersecurity problem of connected cars

If you are interested in the Internet of insecure Things, then you might like a new report which looks at the cybersecurity of connected vehicles, calling it "one of the biggest issues facing manufacturers today." Cyber Security in the Connected Vehicle attributed that threat to complexity, connectivity, and content. There's a "massive future security problem just around the corner," and it can't be fixed by trying to bolt on security during the implementation phase.Complexity was called "the worst enemy of security," as a connected car could have "approximately 100 million lines of code," compared to 8 million for an F-35 fighter jet. There has been a dramatic increase in Electronic Computing Units, with some high-end vehicles currently having about 100 ECUs. There has also been a rise in the diversity of in-vehicle systems which provide both luxury and critical features.To read this article in full or to leave a comment, please click here

Cybercriminals adopt spies’ techniques to pull off online bank heists

The times when stealthy, persistent and advanced malware was associated only with cyberespionage are gone. Criminals are now using similar threats and techniques to steal millions of dollars from financial institutions.Last year researchers from security vendor Kaspersky Lab were called in to investigate unusual thefts from 29 banks and other organizations located in Russia, leading to the discovery of three new sophisticated attack campaigns. Their findings were presented Monday during the company's annual Security Analyst Summit.One group of attackers is using a modular malware program known as Metel or Corkow to infect computer systems belonging to banks and to reverse ATM transactions. During a single night, the gang stole millions of rubles from a Russian bank using this hard-to-detect transaction rollback trick.To read this article in full or to leave a comment, please click here

In defense of assuming another’s identity

My father, Burke McNamara, passed away back in December at age 89 after a long period of declining health.As I continue to deal with the closing of his financial affairs, I’d like to offer this bit advice to all of you: If you're ever in the unfortunate position of having to close accounts, such as a VISA account, for a family member who has died, do not under any circumstances approach the task in an honest and straightforward manner.Lie to them.Call the help desk and assume the identity of the loved one who has passed. Cancel the account. Simple, done. Otherwise, if you tell them the truth, stupid-ass companies, such as VISA, will tell you that they require you to send them a copy of the (expletive deleted) death certificate.To read this article in full or to leave a comment, please click here

Java installer flaw shows why you should clear your Downloads folder

On most computers, the default download folder quickly becomes a repository of old and unorganized files that were opened once and then forgotten about. A recently fixed flaw in the Java installer highlights why keeping this folder clean is important.On Friday, Oracle published a security advisory recommending that users delete all the Java installers they might have laying around on their computers and use new ones for versions 6u113, 7u97, 8u73 or later.The reason is that older Java installers are designed to look for and automatically load a number of specifically named DLL (Dynamic Link Library) files from the current directory. In the case of Java installers downloaded from the Web, the current directory is typically the computer's default download folder.To read this article in full or to leave a comment, please click here

Report: Hackers steal, post details on 9,000 DHS employees

A hacker posted the names, phone numbers and other details about 9,000 Department of Homeland Security employees and says he will post 20,000 similar records about FBI workers. He claims to have records that include military emails and credit card numbers, according to a published report.Today the hacker posted the details on Twitter along with a screenshot of a warning page allegedly from a Department of Justice computer (shown above).Motherboard writer Joseph Cox writes that Sunday he received the stolen personal data, some of which came from a single Department of Justice computer hacked using a compromised email account and social engineering.To read this article in full or to leave a comment, please click here

New products of the week 2.8.2016

New products of the weekOur roundup of intriguing new products. Read how to submit an entry to Network World's products of the week slideshow. Spark-Redis connectorKey features: The Spark-Redis connector package is open source and provides a library for writing and reading from a Redis cluster with access to Redis' data structures – String, Hash, List, Set, Sorted Set, bitmaps, hyperloglogs – from Spark as RDDs. More info.To read this article in full or to leave a comment, please click here

T9000 Skype backdoor malware steals audio, video, chats, screenshots, documents

Researchers found a complex backdoor malware which targets Skype, capturing video, audio and chat messages, as well as grabs screenshots and steals files, before sending the data back to the attacker.Researchers at Palto Alto Networks analyzed a new variant of backdoor malware that goes to “great lengths to avoid being detected and to evade the scrutiny of the malware analysis community.” T9000, is a newer variant of T5000, or the Plat1 malware family that APT actors used in spear phishing attacks after the disappearance of Malaysian Flight MH370. T9000 is being used in targeted attacks against multiple U.S. organizations, dropped by a RTF file, but its functionality indicates the malware is “intended for use against a broad range of users.”To read this article in full or to leave a comment, please click here

Want to secure a Windows PC? Turn off Administrator rights

A new report from the security firm Avecto said the vast majority of critical flaws affecting Windows, Office, and Internet Explorer could be stopped and prevented from spreading just by removing Administrator's rights from the PC's user.The default setting for Windows users on a single-user system is Administrator, which simplifies things for all involved. But just as Administrator rights make it easy to install new software, it also makes it easy for critical vulnerabilities and malware to spread.The report found: 86% of Critical vulnerabilities affecting Windows could be mitigated by removing admin rights. 99.5% of all vulnerabilities in Internet Explorer could be mitigated by removing admin rights. 82% of vulnerabilities affecting Microsoft Office could be mitigated by removing admin rights. 85% of Remote Code Execution vulnerabilities could be mitigated by removing admin rights. 82% of Critical vulnerabilities affecting Windows 10 could be mitigated by removing admin rights. 63% of all Microsoft vulnerabilities reported in 2015 could be mitigated by removing admin rights. The good news for business users is that your IT department has likely set your machine with a lower level of access that limits what can be done, including the installation of software with or Continue reading

Internet Archive’s malware museum takes you back to the days of cheeky viruses

Before there were botnets, the MyDoom worm, and Stuxnet, malware that hit your DOS personal computer was of a completely different breed. Some were simply annoying, some would corrupt files or mess with your system, but they all did it with style.+ ALSO: All hail: Inside the museum of nonsense +Now you can relive the magic of malware from the 1980s and 1990s courtesy of the Internet Archive’s brand new Malware Museum. Here, through the safety of an in-browser DOS simulator, you can relive some of the highlights of malware from yesteryear. This initial collection was created by Jason Scott, archivist and software curator for the Internet Archive, and Mikko Hypponen, chief research officer of F-Secure.To read this article in full or to leave a comment, please click here

Apple confirms iPhone-killing “Error 53,” says it’s about security

For months, some iPhone users have been running into a mysterious bug called “Error 53,” which can render some newer handsets unusable. Now, Apple has chimed in with an explanation.With Error 53, some iPhone 6 and 6s users have found that their handsets no longer work after an iOS update. Stranger still, Apple’s support site barely documents the problem, lumping it in with other error codes that appear to be more easily resolved. As reported last year by The Daily Dot’s Mike Wehner, the only fix for Error 53 is to send the phone back to Apple and get a replacement.To read this article in full or to leave a comment, please click here