Archive

Category Archives for "Network World Security"

IRS Scam: 5,000 victims cheated out of $26.5 million since 2013

The Internal Revenue Service says that aggressive and threatening phone calls by criminals impersonating IRS agents continues to plague taxpayers.The Treasury Inspector General for Tax Administration in January said it has received reports of roughly 896,000 contacts since October 2013 and have become aware of over 5,000 victims who have collectively paid over $26.5 million as a result of the scam.+More on Network World: CIA details agency’s new digital and cyber espionage focus+“The phone fraud scam has become an epidemic, robbing taxpayers of millions of dollars of their money,” said J. Russell George, the Treasury Inspector General for Tax Administration in a statement. “We are making progress in our investigation of this scam, resulting in the successful prosecution of some individuals associated with it over the past year.”To read this article in full or to leave a comment, please click here

Netanyahu: “I want Israel to become a cyber power”

EDITOR’S NOTE: Israel has a long tradition of delivering security products for enterprise IT, dating back to Check Point introducing the first firewall 20 years ago. Today, Israel exports $6 billion in cyber technology and accounts for a fifth of the world’s private investment in cyber. Network World’s David Strom attended last week’s CyberTech 2016 conference in Tel Aviv and filed this report.TEL AVIV, ISRAEL -- It isn’t often that a speech from a head of state at a tech conference is relevant to IT security managers, but Prime Minister Benjamin Netanyahu’s address at last week’s third annual CyberTech 2016 focused on where the Israeli government and its IT security industry are heading.To read this article in full or to leave a comment, please click here(Insider Story)

Socat vulnerability shows that crypto backdoors can be hard to spot

Developers of the Socat networking tool have fixed a cryptographic flaw that left communications open to eavesdropping for over a year. The error is so serious that members of the security community believe it could be an intentional backdoor.Socat is a more complex and feature-rich reimplementation of netcat, a cross-platform networking service that can establish outbound and inbound connections on different ports and protocols. It is also a popular tool for network debugging.MORE ON NETWORK WORLD: 6 simple tricks for protecting your passwords Socat can create encrypted connections using the Diffie-Hellman (DH) key exchange mechanism, which fundamentally relies on a prime number to derive the shared secrets for key exchanges. It turns out that the 1024-bit DH parameter used by Socat was not actually a prime number.To read this article in full or to leave a comment, please click here

Startup mimics security analyst’s decision making, learns from humans

Startup PatternEx with roots in MIT’s artificial intelligence lab is launching a security platform it says employs artificial intelligence by learning from input it gets from human security analysts about data exfiltration and bank fraud incidents that it flags.It monitors firewall logs and traffic in and out of the network and alerts customer analysts of suspicious traffic that might represent malware connecting to command and control servers or transferring data out of the network, says PatternEx CEO Uday Veeramachaneni, a co-founder of the company.The AI engine is fed information about how the analyst responds to each notification and the algorithm running it incorporates that input into refining its predictive model of how the analyst will react. That way, over time, it sends fewer false positives, Veeramachaneni says.To read this article in full or to leave a comment, please click here

Custom Web browser from Comodo poses security threat, researcher says

A customized version of Google's Chrome browser developed by security vendor Comodo has a jaw-dropping flaw, according to a researcher.Tavis Ormandy, an information security engineer with Google, analyzed Comodo's "Chromodo," a browser based on the Chromium open-source code.Chromodo is marketed as a browser with enhanced security and privacy controls. But Ormandy found it contains a flaw that violates one of the most basic rules for Web security.To read this article in full or to leave a comment, please click here

Malwarebytes still fixing flaws in antivirus software

Malwarebytes said it could take three of four weeks to fix flaws in its consumer product that were found by a Google security researcher.The company has fixed several server-side vulnerabilities but is still testing a new version of its Anti-Malware product to fix client-side problems, CEO Marcin Kleczynski said in a blog post.In the meantime, customers can implement a workaround: those using the premium version of Anti-Malware "should enable self-protection under settings to mitigate all of the reported vulnerabilities," he wrote.To read this article in full or to leave a comment, please click here

Security flaws found in Fisher-Price smart teddy bear and kid’s GPS tracker watch

The Internet of Things increasingly includes “smart toys,” but no parent knowingly purchases a toy for their child that potentially risks the safety and privacy of their family. Those risks are caused by security flaws found in the Internet-connected toys. Unlike “dumb” toys, hackers could exploit “smart” toy vulnerabilities and potentially harvest a child’s name, birthdate, location and more.This time, Rapid7 revealed security flaws in Fisher-Price’s Smart Toy, an Internet-connected stuffed bear, and in the hereO GPS watch, a wearable location-tracking device.To read this article in full or to leave a comment, please click here

NASA’s big rocket will carry 13 cool tiny satellites

NASA today said the first voyage of its heavy-lift rocket will include 13 tiny satellites or cubesats that will conduct a variety of experiments from taking a closer look at the moon to evaluating space weather.NASA’s rocket – the Space Launch System (SLS) – along with an unmanned Orion spacecraft are expected to launch in 2018. The heart of the mission is to test the rockets but also to evaluate the Orion spacecraft which is the first spacecraft built for astronauts destined for deep space since NASA’s Apollo missions and ultimately is destined for deep space travel.More on Network World: Quick look: NASA Orion’s critical test missionTo read this article in full or to leave a comment, please click here

Fitness trackers are leaking lots of your data, study finds

Some of the more popular sports wearables don't just let you track your fitness, they let other people track you.That's what Canadian researchers found when they studied fitness-tracking devices from eight manufacturers, along with their companion mobile apps.All the devices studied except for the Apple Watch transmitted a persistent, unique Bluetooth identifier, allowing them to be tracked by the beacons increasingly being used by retail stores and shopping malls to recognize and profile their customers.The revealing devices, the Basis Peak, Fitbit Charge HR, Garmin Vivosmart, Jawbone Up 2, Mio Fuse, Withings Pulse O2 and Xiaomi Mi Band, all make it possible for their wearers to be tracked using Bluetooth even when the device is not paired with or connected to a smartphone, the researchers said. Only the Apple device used a feature of the Bluetooth LE standard to generate changing MAC addresses to prevent tracking.To read this article in full or to leave a comment, please click here

Google fixes critical Wi-Fi and media-processing flaws in Android

Google has patched thirteen new vulnerabilities in Android, two of which could allow attackers to take control of Android devices located on the same Wi-Fi network, if they have Broadcom chips.The two critical vulnerabilities are located in the Broadcom Wi-Fi driver and can be exploited by sending specially crafted wireless control packets to the affected devices. These messages could corrupt the kernel's memory and allow for the execution of arbitrary code in the kernel -- the highest privileged area of the operating system.These flaws are critical because the attack doesn't require any user interaction, can be exploited remotely and can lead to a complete device compromise.To read this article in full or to leave a comment, please click here

Decrypt SSL traffic to detect hidden threats

The percentage of encrypted Internet traffic continues to grow creating a space where not only private information but also criminals can travel about undetected. In the last five years, the advent of SSL traffic from major companies like Google, YouTube, and Twitter has spawned an expansive movement toward encrypting Internet traffic for enterprises as well. The risk in taking this security measure, though, is that while the exchange of information via the Internet is secured, bad guys can also linger unnoticed. Criminals, of course, know this and use it to their advantage, cloaking their attacks within Transport Layer Security (TLS) or Secure Sockets Layer (SSL) traffic.To read this article in full or to leave a comment, please click here

Survey: Average successful hack nets less than $15,000

The majority of cyber attackers are motivated by money, but make less than $15,000 per successful attack, according to a survey of hackers in the U.S., U.K. and Germany released yesterday by the Ponemon Institute.The hackers, who were promised anonymity, netted, on average, less than $29,000 a year."In the more established countries, that is not a lot of money," said Scott Simkin, senior threat intelligence manager at Palo Alto Networks, which sponsored the study. "They're making a quarter of what a cybersecurity professional makes."To read this article in full or to leave a comment, please click here

FireEye acquires Invotas for faster incident response

FireEye said Monday it has acquired Invotas, a company that develops a platform that helps administrators respond faster to security incidents.The deal closed on Monday, but terms were not disclosed.FireEye, which started out with an end-point protection product, has been seeking to expand the range of security products and services it offers as cybersecurity has become a growing concern for companies.Invotas, based in Alexandria, Virginia, has a single product, its Security Orchestrator. The platform is designed to take in information from a range of security products from different vendors and automate responses when an incident is detected.To read this article in full or to leave a comment, please click here

This bird could be a drone’s worst enemy

When it comes to the problem of stopping errant drones, there's been a number of high-tech solutions -- from radio jamming to laser beams to nets launched by other drones  --  but a group in The Netherlands is proposing a low-tech solution that's much more elegant.Guard From Above says it is training birds of prey to attack drones, taking advantage of their natural predatory instincts and precision in the sky.A video posted by the company on YouTube shows a bird attacking a DJI Phantom drone as it hovers, grabbing the drone with its feet and flying away with it.To read this article in full or to leave a comment, please click here

This bird could be a drone’s worst enemy

When it comes to the problem of stopping errant drones, there's been a number of high-tech solutions -- from radio jamming to laser beams to nets launched by other drones  --  but a group in The Netherlands is proposing a low-tech solution that's much more elegant. Guard From Above says it is training birds of prey to attack drones, taking advantage of their natural predatory instincts and precision in the sky. A video posted by the company on YouTube shows a bird attacking a DJI Phantom drone as it hovers, grabbing the drone with its feet and flying away with it.To read this article in full or to leave a comment, please click here

Microsoft Edge InPrivate browsing mode is full of fail and not private

Microsoft’s InPrivate browsing is supposed to help you “surf the web without leaving a trail” and InPrivate browsing mode can be used in Edge. Microsoft says, “When you use Microsoft Edge in InPrivate mode, your browsing information, such as cookies, history, or temporary files, aren’t saved on your device after your browsing session has ended. Microsoft Edge clears all temporary data from your device.” Yet InPrivate browsing with Edge is a fail as it is not private and instead keeps browsing history.To read this article in full or to leave a comment, please click here

8 hot technologies the CIA wants

Of interest to the CIAThe CIA has been investing in startups since 1999 through its not-for-profit arm called In-Q-Tel, hoping to accelerate development of technologies the agency might find useful. It currently lists about 100 firms in its portfolio. The agency doesn’t say why it might be interested in the technologies these companies represent, but with a little imagination it’s not that hard to figure out possibilities. Here is a sample of what they’ve been interested in lately.To read this article in full or to leave a comment, please click here

The Endpoint Security Continuum

My colleague Doug Cahill and I are knee deep into a research project on next-generation endpoint security.  As part of this project, we are relying on real-world experience so we’ve interviewed dozens of cybersecurity professionals working at enterprise organizations (i.e. more than 1,000 employees) who have already deployed new types of endpoint security software.Now all of the organizations we interviewed are already running antivirus tools but day-to-day responsibilities are often delegated to an IT operations team rather than the infosec staff.  So organizations are at somewhat of a disadvantage because they delegated it to an IT generalist team.  Still, many of the organizations we’ve interviewed have turned on all of their AV’s advanced features and are still being compromised.To read this article in full or to leave a comment, please click here

Trojanized Android games hide malicious code inside images

Over 60 Android games hosted on Google Play had Trojan-like functionality that allowed them to download and execute malicious code hidden inside images.The rogue apps were discovered by researchers from Russian antivirus vendor Doctor Web and were reported to Google last week. The researchers dubbed the new threat Android.Xiny.19.origin.Malicious Android apps were a common occurrence on Google Play until a few years ago when Google implemented more rigorous checks. This included an automated scanner called Bouncer that used emulation and behavior-based detection.Bypassing Bouncer detection is not impossible, but is hard enough to keep most malware creators away. Most Android Trojans these days are distributed through third-party app stores, targeting users who have enabled the installation of apps from "unknown sources."To read this article in full or to leave a comment, please click here

At least some consumers are paying attention to cybersecurity

When it comes to cybersecurity, it's long been safe to assume that almost nobody is doing much of anything to protect themselves. But a new survey by credit-monitoring company Experian reveals that notion may no longer be completely accurate.While the survey of more than 1,000 U.S. adults, conducted by Edelman Berland in September 2015, reveals plenty of the kind of security holes that give professionals nightmares, it also showed that a significant number of people are now paying at least some attention to online security and privacy issues.To read this article in full or to leave a comment, please click here