Archive

Category Archives for "Network World Security"

Security Requirements Are Driving Identity Management

Anyone familiar with identity management knows that it can be extremely messy – lots of tactical tools, access policies, multiple data repositories, manual processes, etc. Furthermore, user authentication continues to be anchored by user names and passwords making nearly every organization vulnerable to credentials harvesting, identity theft, and cyber attacks.These persistent IAM problems remain, even though identity management is becoming a bigger component of enterprise security. This is true because, as organizations embrace cloud and mobile computing, they lose some control over their IT infrastructure. As one CISO mentioned to me, “when we lose control in some areas we need to get better control over others as compensating controls.” To read this article in full or to leave a comment, please click here

Oracle is planning to kill an attacker’s favorite: the Java browser plug-in

Oracle will retire the Java browser plug-in, frequently the target of Web-based exploits, about a year from now. Remnants, however, will likely linger long after that."Oracle plans to deprecate the Java browser plugin in JDK 9," the Java Platform Group said in a blog post Wednesday. "This technology will be removed from the Oracle JDK and JRE in a future Java SE release."The Java Development Kit (JDK) 9, the reference implementation for the next version of Java SE, is expected to reach general availability in March 2017. By then, however, most modern browsers will no longer accept the Java browser plug-in anyway.To read this article in full or to leave a comment, please click here

Google’s VirusTotal now picks out suspicious firmware

Google's VirusTotal service has added a new tool that analyzes firmware, the low-level code that bridges a computer's hardware and operating system at startup.Advanced attackers, including the U.S. National Security Agency, have targeted firmware as a place to embed malware since it's a great place to hide. Since antivirus programs "are not scanning this layer, the compromise can fly under the radar," wrote Francisco Santos, an IT security engineer with VirusTotal, in a blog post on Wednesday.Also, malware hidden in firmware often can't be easily erased and can survive reboots and fresh installs of an OS, Santos wrote.To read this article in full or to leave a comment, please click here

User behavior analytics is key to identifying nefarious use of insider credentials

This vendor-written tech primer has been edited by Network World to eliminate product promotion, but readers should note it will likely favor the submitter’s approach.Almost all data breaches involve use of legitimate logon credentials. Guarding against these “insider threats” requires the ability to detect when cybercriminals are using stolen credentials. Sadly, traditional network security tools are not effective in identifing or mitigating these threats.  However, a new breed of user behavior analytics solutions has been designed for this specific purpose and is proving effective.The expression “insider threat” usually conjures up images of rogue employees or criminally minded contractors or business partners that are authorized to access company data. But the term is also used in a much broader sense to mean any threat or attack that abuses the logon credentials or privileges of legitimate employees or other insiders.To read this article in full or to leave a comment, please click here

VMware, Cisco SDNs bring home the bacon

In the scramble for SDN supremacy, Cisco and VMware usually bark about users who opt for one of their solutions over the other.In all the noise, it’s rare to hear from one that plans to implement both.But that’s what SugarCreek, a $650 million, privately-held food processing and packing company based in Washington Court House, OH, is doing in its software-defined data centers (SDDC). VMware’s NSX network virtualization software will be used to secure and automate the VMware-virtualized server environment, while Cisco’s Application Centric Infrastructure (ACI) will be deployed to manage the physical network infrastructure.To read this article in full or to leave a comment, please click here

VMware, Cisco SDNs Bring Home the Bacon

In the scramble for SDN supremacy, Cisco and VMware usually bark about users who opt for one of their solutions over the other. In all the noise, it’s rare to hear from one that plans to implement both. But that’s what SugarCreek, a $650 million, privately-held food processing and packing company based in Washington Court House, OH, is doing in its software-defined data centers (SDDC). VMware’s NSX network virtualization software will be used to secure and automate the VMware-virtualized server environment, while Cisco’s Application Centric Infrastructure (ACI) will be deployed to manage the physical network infrastructure.To read this article in full or to leave a comment, please click here

New Android ransomware uses clickjacking to gain admin privileges

File-encrypting ransomware applications that target Android devices are becoming increasingly sophisticated. One new such program is using clickjacking techniques to trick users into granting it administrator privileges.Clickjacking is a method that involves manipulating the user interface in a way that allows attackers to hijack users' clicks and trigger unauthorized actions. It is mostly used in Web-based attacks, where various technologies allow creating invisible buttons and positioning them on top of seemingly harmless page elements.Due to the restrictive application permissions system in Android, ransomware apps targeting the OS have historically been less effective than on Windows. For example, many of the early Android ransomware threats only displayed a persistent window on the screen with an alert intended to scare users into paying fictitious fines. Most of them impersonated law enforcement agencies and claimed that the devices were locked because illegal content was found on them.To read this article in full or to leave a comment, please click here

Less porn-surfing corporate bosses, more execs taking phishing bait to infect networks

ThreatTrack Security wanted to know how the challenges facing malware analysts dealing with cyber threats have evolved in past two years. So the company had Opinion Matters conduct an independent blind survey of 207 security professionals dealing with malware analysis in the U.S. While the findings are not all sunshine and chocolate, only 11% said they investigated a data breach that was not disclosed to customers, compared to 57% who said the same back in 2013. Another piece of good news - fewer security analysts need to purge malware as a result of a company's senior leadership member visiting a porn site. In 2013, 40% of malware infections came from porn-surfing corporate bosses, compared to 26% in 2015.To read this article in full or to leave a comment, please click here

UpGuard offers a rating score of risk preparedness

UpGuard analyzes data about the state of corporate networks to devise a single numerical score that gives a quick sense of security risk, a number that could be used by insurance companies to set premiums for cyber insurance.The UpGuard platform includes a scanner that evaluates exposure of publicly facing Web interfaces and determines the risk of breaches. This is augmented by analysis of data about the internal network from sources including existing security platforms and software services via APIs or from Windows Remote Management.That is rolled up into a number – the Cybersecurity Threat Assessment Report (CSTAR) – that capsulizes how vulnerable a network is to attacks, the company says. In addition to the number, the platform enables drilling down into what weaknesses it has found so customers can take remedial action.To read this article in full or to leave a comment, please click here

PayPal is the latest victim of Java deserialization bugs in Web apps

PayPal has fixed a serious vulnerability in its back-end management system that could have allowed attackers to execute arbitrary commands on the server and potentially install a backdoor.The vulnerability is part of a class of bugs that stem from Java object deserialization and which security researchers have warned about a year ago.In programming languages, serialization is the process of converting data to a binary format for storing it or for sending it over the network. Deserialization is the reverse of that process.Deserialization is not an issue in itself, but like most processes that involve processing potentially untrusted input, measures need to be taken to ensure that it is performed safely. For example, an attacker could craft a serialized object that includes a Java class that the application accepts and which could be abused for something malicious.To read this article in full or to leave a comment, please click here

Online advertising company fixes severe XSS flaw

An online advertising company has fixed a vulnerability in its platform that could have allowed hackers to steal information from a large number of users.The cross-site scripting (XSS) flaw in the platform of PublicityClerks was found by a U.K. security researcher who goes by the handle CEHSecurity on Twitter.Cross-site scripting flaws are one of the most common faults in websites. They allow an attacker to inject malicious code into a website, which then can be used to steal data and for other attacks."As soon as we were aware of the issue, we fixed it ASAP and ensured our advertisers and publishers were not affected," said James Hakim, PublicityClerks' founder and CEO.To read this article in full or to leave a comment, please click here

Online advertising company fixes severe XSS flaw

An online advertising company has fixed a vulnerability in its platform that could have allowed hackers to steal information from a large number of users.The cross-site scripting (XSS) flaw in the platform of PublicityClerks was found by a U.K. security researcher who goes by the handle CEHSecurity on Twitter.Cross-site scripting flaws are one of the most common faults in websites. They allow an attacker to inject malicious code into a website, which then can be used to steal data and for other attacks.INSIDER: Traditional anti-virus is dead: Long live the new and improved AV "As soon as we were aware of the issue, we fixed it ASAP and ensured our advertisers and publishers were not affected," said James Hakim, PublicityClerks' founder and CEO.To read this article in full or to leave a comment, please click here

Lenovo fixes hard-coded password in file-sharing utility

Lenovo has patched several software flaws in a file-sharing utility, which could allow attackers to browse and make copies of files.The flaws were found by Core Security, which described in an advisory a lengthy back and forth dialog with Lenovo starting in late October over the problems.The affected application is SHAREit, which is designed to let people share files from Windows computers or Android devices over a local LAN or through a Wi-Fi hotspot that's created.SHAREit is preloaded on Lenovo devices, including its ThinkPad and IdeaPad notebooks and other mobile devices. The vulnerable SHAREit versions are the Android 3.0.18_ww and Windows 2.5.1.1 packages, Core Security said.To read this article in full or to leave a comment, please click here

Lenovo fixes hard-coded password in file-sharing utility

Lenovo has patched several software flaws in a file-sharing utility, which could allow attackers to browse and make copies of files.The flaws were found by Core Security, which described in an advisory a lengthy back and forth dialog with Lenovo starting in late October over the problems.The affected application is SHAREit, which is designed to let people share files from Windows computers or Android devices over a local LAN or through a Wi-Fi hotspot that's created.INSIDER: Traditional anti-virus is dead: Long live the new and improved AV SHAREit is preloaded on Lenovo devices, including its ThinkPad and IdeaPad notebooks and other mobile devices. The vulnerable SHAREit versions are the Android 3.0.18_ww and Windows 2.5.1.1 packages, Core Security said.To read this article in full or to leave a comment, please click here

IDG Contributor Network: Employee data often isn’t encrypted as well as customer data, report says

Employee bank records are among the sensitive details that companies are failing to protect adequately through encryption, a recent study has uncovered. While enterprises now take customer data protection seriously, in many cases they're ignoring their workers' needs for security, according to encryption product vendor Sophos.Not always doing it Sophos says that it found almost half (47%) of the companies it surveyed had owned-up to not always encrypting employee healthcare information when it stored that data. And close to that number (43%) failed to always encrypt workers' Human Resources employee files.To read this article in full or to leave a comment, please click here

All your old-tech passwords belong to us, for just $17

Today's lesson on how the cloud can work against you, as well as for you, is about your passwords and keys, and how they're becoming useless. I've stolen a link from Mark Gibbs to help.Let's say you've been letting older security encryption methods live out their life in the pastures of your data center. CloudCracker, using massively-induced dictionary attacks, can make mincemeat from a frightening number of password key-exchange seeds.For just $17 per, CloudCracker can conveniently crack the following password seeds: WPA/WPA2, NTLM, SHA-512, MD5s, and/or MS-CHAPv2. No tears, please. And yes, cracked like an egg, a $17 egg. Certainly no one would abuse such a service, would they?To read this article in full or to leave a comment, please click here

Health insurer loses 6 hard-disk drives with records of 95,000 customers

Health insurer Centene Corp. said six hard disk drives with personal health information on 95,000 of its customers have gone missing."While we don't believe this information has been used inappropriately, out of abundance of caution and in transparency, we are disclosing an ongoing search for the hard drives," Centene CEO Michael Neidorff said in a statement.Centene, a Fortune 500 company that reported $16 billion in revenue in 2014, operates health plans for 2.9 million members in 21 states.MORE ON NETWORK WORLD: 6 simple tricks for protecting your passwords The hard drives contained the personal health information of customers who received laboratory services from 2009 to 2015. The personal information on its customers includes their name, address, date of birth, Social Security number, member ID number and health information.To read this article in full or to leave a comment, please click here

IDG Contributor Network: Protecting against the next great heist by encrypting in-transit data

Cast your mind back to the last time you were offline – not just when your connection was down, but a time when you were truly, unequivocally disconnected. That time may have been spent sending letters, physically going into a bank to make a deposit or withdrawal, and actually meeting with people to share information.Nowadays, we're far more efficient thanks to our reliance on connectivity and the network. During the past 20 years or so, information has evolved in line with the network, and become largely a digital commodity that can be sent and received with the click of a mouse. Electronic communications now cross organizations and oceans with relative ease, in volumes that seemed unfathomable during the days when postal mail was king. But all of this need for connectivity comes with a downside: criminal elements seeking to steal that data – and make no mistake, something as seemingly innocent as a personal email can be as valuable to a criminal as a bank transaction.To read this article in full or to leave a comment, please click here

What U.S. cities are most prone to malware infections, and why?

An anti-malware vendor has released a list of the 20 most infected cities around the U.S. in terms of malware, and the trend appears to be that cities not known for being technology centers are getting hit the hardest.Enigma Software, which develops the SpyHunter anti-spyware detection software, analyzed more than 25 million different infections on computers in the 150 largest cities in the U.S. and found 2015 was a big year for malware over prior years.Enigma came about its numbers via customers who have its software installed on their machines. The national average was 8.1%, meaning nationwide, but that comes from the number of infections divided by the city's entire population.To read this article in full or to leave a comment, please click here