Startup SafeBreach automatically assesses corporate networks to find out whether they offer up enough security loopholes for real-world attacks to succeed.Using software probes called simulators distributed throughout customers’ networks, SafeBreach attempts to establish connections among devices and network segments just as a hacker would do in trying to carry out malicious activity.These automated attempts are driven by the Hacker’s Playbook, a SafeBreach library of known attack methods that the simulators try in order to discover weaknesses and reveal how these vulnerabilities might be exploited to carry out successful breaches.MORE ON NETWORK WORLD: 6 simple tricks for protecting your passwords
So simulators might find individual weaknesses in a desktop Internet connection, a credit card database and a management platform that could be strung together to nab customer credit card data. This would be reported on a single screen.To read this article in full or to leave a comment, please click here
Startup Cybric is working on a cloud-based platform to help businesses find out about breaches quickly and clean them up as fast as possible.It will do that with its platform, Continuous Security Delivery Fabric that creates a clone of network elements in its cloud and runs tests against them looking for vulnerabilities. Because the work is done in the cloud, it doesn’t slow down or interfere with the business’s production network, the company says.Because multiple tests can be run in parallel in the cloud, the time it takes to find vulnerabilities is reduced, the company says. Alternatively, customers can run the Continuous Security Delivery Fabric on premises.To read this article in full or to leave a comment, please click here
Building a high-speed brain-to-computer interface that would offer “unprecedented signal resolution and data-transfer bandwidth between the human brain and the digital world” is the goal of a new program announced by the Defence Advanced Research Projects Agency recently.
The research agency’s Neural Engineering System Design (NESD) want to develop an implantable device that would “serve as a translator, converting between the electrochemical language used by neurons in the brain and the ones and zeros that constitute the language of information technology. You may recall in the sci-fi film The Matrix, protagonists were plugged into a violent virtual future world though a brain interface.To read this article in full or to leave a comment, please click here
As if the steady rise of ransomware isn’t alarming enough, businesses that get hit with ransomware may not be unlucky targets of opportunity, but targets of choice as cyberthugs are setting ransom demands based on how much valuable data a business has.That is just one cybersecurity and online privacy trend found in the 2016 Data Protection and Breach Readiness Guide. With a nod to Data Privacy Day, the Online Trust Alliance (OTA) released its new guide as well as key findings from its analysis.To read this article in full or to leave a comment, please click here
Consumers should have the right to inspect the source code for connected devices they own, to ensure it doesn't contain bugs or backdoors, one U.S. Federal Trade Commissioner believes.As we connect our homes, our vehicles and our clothing to the Internet of Things, "We need to be very mindful of consumer data security and be very careful of anything that undermines that data security," said Commissioner Terrell McSweeny.McSweeny was speaking in a personal capacity at the State of the Net conference in Washington, D.C., on Monday, but her position as one of four Commissioners at the U.S. Federal Trade Commission could allow her to influence policy.To read this article in full or to leave a comment, please click here
Around two dozen U.S. government departments and federal agencies are being questioned by the U.S. Congress on whether they were using backdoored Juniper network security appliances.
In December, Juniper Networks announced that it had discovered unauthorized code added to ScreenOS, the operating system that runs on its NetScreen network firewalls. The rogue code, which remained undetected for 2 years or more, could have allowed remote attackers to gain administrative access to the vulnerable devices or to decrypt VPN connections.
The U.S. House of Representatives' Committee on Oversight and Government Reform wants to determine the impact that this issue had on government organizations and how the affected organizations responded to the incident.To read this article in full or to leave a comment, please click here
Tech support scammers are known for their cheek -- making unfounded claims that PCs are infected to scare consumers into parting with their money -- but a Symantec partner took nerve to a new level, a security company claimed last week.According to San Jose, Calif.-based Malwarebytes, Silurian Tech Support ran a scam in which its employees, who billed themselves as support technicians, used obscure but harmless entries in Windows' Event Viewer and Task Manager to claim that a PC had been overwhelmed by malware, then leveraged those bogus threats to sell overpriced copies of Symantec's Norton security software and an annual contract for follow-up phone support.To read this article in full or to leave a comment, please click here
We've all loved to hate Microsoft's free Windows Defender software—it's been so mediocre that it's been considered the baseline metric in third-party tests. But recent independent tests show it's actually outperforming a number of third-party suites, some of which charge you money to use them.Results released by AV-test.org for the month of December put Microsoft right in the middle of the pack of its list of antivirus software for home users. Microsoft is still near the bottom of the heap in the business market, however, using the version of Microsoft System Center that’s been integrated into Windows 10’s business editions.To read this article in full or to leave a comment, please click here
Good IT talent is hard to find. You know what's even more difficult? Finding good cybersecurity talent. Demand for skilled cybersecurity professionals is growing at an astonishing rate -- four times faster than the IT jobs market and 12 times faster than the overall labor market, according to research from Burning Glass Technologies.Unfortunately, supply isn't keeping up with demand, according to online cybersecurity training and MOOC platform Cybrary's Cyber Security Job Trends Survey for 2016. Of the 435 senior-level technology professionals who completed the survey between October and December 2015, 68 percent affirmed that there is a global shortage of skilled cybersecurity professionals. Only 13 percent of companies said there was an abundance of cybersecurity talent in their local areas.To read this article in full or to leave a comment, please click here
Data theft is a very real and growing threat for companies that increasingly use cloud services, says a security firm.Workers who widely share documents stored in the cloud with clients, independent contractors, or even others within the company are creating a Swiss-cheese of security holes, a study by Blue Coat Systems has found.In some cases, cloud documents were publicly discoverable through Google searches, the researchers say of their analysis.'Broadly shared'
The study found that 26% of documents stored in cloud apps are shared so widely that they pose a security risk. Compounding the issue is that many organizations aren't even aware of it.To read this article in full or to leave a comment, please click here
This week on January 28 we will celebrate Data Privacy Day, which has a theme of "Respecting Privacy, Safeguarding Data and Enabling Trust." We'll get back to that... First Response
Qualcomm reportedly partnered with First Response to develop "the world's first smart pregnancy test, which connects through a mobile device to alert clinicians a patient is pregnant." It's just the first such home test to "capture electronically" and "then transmit that data to the clinicians," Chief Medical Officer Dr. James Mault told CRNtv. He added that for IoT to do well in medical verticals, it will "require connectivity infrastructure that can enable the data capture from a variety of devices and diagnostics and therapeutic instruments and allow that data to flow into the hands of clinicians of any type."To read this article in full or to leave a comment, please click here
Facial and fingerprint recognition technologies are expected to see accelerated growth over the next five years as security applications emerge in the government, enterprise, finance, consumer and other markets.The market value of facial recognition technologies is expected to nearly double from $230 million in 2015 to $450 million in 2019; that represents a compound annual growth rate (CAGR) of about 18%, according to market research firm TrendForce.Led by Apple's iPhone juggernaut, unit shipments of fingerprint sensors have grown from 316 million in 2014 to 499 million last year and will continue to increase each year to peak at 1.6 billion in 2020. Revenue growth for fingerprint sensors will increase from about $1.86 billion in 2015 to $2.6 billion in in 2020, according to the latest research from IHS Technology.To read this article in full or to leave a comment, please click here
The Dutch Consumers' Association (DCA), or Consumentenbond as it is known in its native land, is suing Samsung for not providing timely software updates to older models of its Android smartphones. The move was driven in part because Samsung has such a strong presence in Holland, and because Samsung is pretty bad about supporting old phones, as I've learned through personal experience.According to DCA's own research (PDF file), at least 82% of Samsung smartphones available in the Dutch market examined had not received any software updates to the latest version of Android in two years.To read this article in full or to leave a comment, please click here
In its recently released Analytics Trends 2016 report, consulting firm Deloitte predicts six major trends will significantly shape business in 2016."Business leaders continue to face many varying challenges and opportunities, and staying ahead of these trends will have a lasting impact on how their organizations will operate in the future," says John Lucker, principal, Deloitte Consulting. "By going on the offensive with issues such as cybersecurity, organizations are making a strategic shift in the way they operate. Concurrently, the widening data scientist talent gap could be a business growth barrier. One thing is certain: effectively using analytics is essential in delivering insights that help achieve new levels of innovation and value."To read this article in full or to leave a comment, please click here
Foley & Lardner LLP
Matthew Karlyn, Partner, Technology Transactions & Outsourcing Practice, Foley & Lardner LLP
“I’ve been in meeting after meeting after meeting where companies like all of yours absolutely underestimate the impact of security breaches on the company,” Matthew Karlyn, Partner, Technology Transactions & Outsourcing Practice, Foley & Lardner LLP told attendees at the CIO Perspectives event in Houston in November 2015.To read this article in full or to leave a comment, please click here(Insider Story)
In 2012, I did an extension research project on big data security analytics. My thesis was that big data tools like Hadoop, Mahout, MapReduce, and Pig would greatly enhance in-depth historical cybersecurity investigations beyond anything provided by SIEM tools. In retrospect, I believe my assumptions were correct, but the market remains in an early stage of development even today. While general use of big data security analytics is still in its genesis phase, there appears to be an increasingly popular use case in cybersecurity: User Behavior Analytics (UBA). UBA is roughly defined as the analysis of all activities related to individual users, covering devices, processes, applications, network sessions, and data consumed and utilized. UBA builds a data analytics model where all log files, endpoint and network forensics, authentication requests, and data access actions are aligned with individual users themselves. To read this article in full or to leave a comment, please click here
If you're running an online shop based on the Magento e-commerce platform, it's a good idea to update it as soon as possible. The latest patches fix critical vulnerabilities that could allow attackers to hijack administrative accounts.One issue was discovered by researchers from Web security firm Sucuri and stems from improper validation of email addresses in the customer registration form.The flaw allows a malicious user to include JavaScript code in the email field, leading to a so-called stored cross-site scripting (XSS) attack. The JavaScript code is saved along with the form and is triggered when the user account is listed in the website's back-end panel.To read this article in full or to leave a comment, please click here
In many ways, security awareness training exemplifies the way information security is seen and tackled by senior management.A once-a-year, classroom-based approach may be traditional, with security updates and warnings posted on walls and the Intranet, but it is also a sign of a tick-box, compliance-driven approach to security. It is often done to appease industry regulators, PCI and data protection authorities, and the training can offer relatively basic – arguably condescending- advice.But times are changing. The threat landscape is growing with the arrival of millions of mobiles and wearables, each with their own IP address, while organized crime and nation-state APT groups are looking at new ways of compromising victims. From exploit kits and Trojans to ransomware, phishing and social engineering scams – the criminal game has moved on.To read this article in full or to leave a comment, please click here
The late December telephonic denial-of-service attack against a Ukrainian power company was a smokescreen to cover up a cyber attack, experts say."This is one of the more common reasons why these attacks are done," said Rene Paap, product marketing manager at security vendor A10 Networks.According to Paap, telephonic DoS attacks have been around for a while, but don't get as much attention as the big DDoS attacks.Just like a regular DDoS attack, telephonic DoS works by overwhelming the victim's call center with so many fake phone calls that legitimate calls can't get through.[ ALSO ON CSO: Ukrainian power companies are getting hit with more cyberattacks ]To read this article in full or to leave a comment, please click here
New products of the weekOur roundup of intriguing new products. Read how to submit an entry to Network World's products of the week slideshow.Actifio Global ManagerKey features: AGM is a web-scale data virtualization solution delivering instant access and radically simple management of application data for business resiliency and test data management across private, public, and hybrid cloud. More info.To read this article in full or to leave a comment, please click here