Over the past few months, we’ve reviewed a variety of cutting-edge security tools that combat advanced persistent threats (APTs); everything from threat intelligence to virtual sandboxing to privileged identity management. And while all of these programs have been powerful, they all had varying degrees of complexity when it came to usability and customization.To read this article in full or to leave a comment, please click here(Insider Story)
A years-long campaign of seemingly disparate cyberattacks against Tibetan and Uyghur activists likely comes from a single group of hackers, according to a seven-month study by Palo Alto Networks.The computer security company also concluded that the information stolen by the group, nicknamed Scarlet Mimic, would be of little interest to entities other than a nation-state."The majority of attacks we identified were targeting Uyghurs or Tibetans or advocates thereof," Olson said.Several other security companies, including Kaspersky Lab and Trend Micro, and Citizen Lab, part of the University of Toronto, have studied attacks against the activist groups, which have long been at odds with the Chinese government. Palo Alto's report noted, however, that it did not have direct evidence linking the attacks to China.To read this article in full or to leave a comment, please click here
Don’t you hate it when people want to kill the messenger instead of address the problems highlighted in the message?This time the messenger is Shodan as the IoT search engine added a new section featuring vulnerable webcams. Ars Technica reported, “The feed includes images of marijuana plantations, back rooms of banks, children, kitchens, living rooms, garages, front gardens, back gardens, ski slopes, swimming pools, colleges and schools, laboratories, and cash register cameras in retail stores.”To read this article in full or to leave a comment, please click here
Don't you hate it when people want to kill the messenger instead of address the problems highlighted in the message?This time the messenger is Shodan, as the IoT search engine added a new section featuring vulnerable webcams. Ars Technica reported, "The feed includes images of marijuana plantations, back rooms of banks, children, kitchens, living rooms, garages, front gardens, back gardens, ski slopes, swimming pools, colleges and schools, laboratories, and cash register cameras in retail stores."To read this article in full or to leave a comment, please click here
This column is available in a weekly newsletter called IT Best Practices. Click here to subscribe. The nature of how cyber attacks start is changing. Today's malicious actors are not merely opportunistic, they know what information they want and who to target to get at it. For example, the 2014 breach at JP Morgan reportedly began when an IT employee opened a specially-crafted email and was tricked into providing credentials to a vulnerable internal machine. Attackers used the privileges of that person's credentials to move around the network until they were able to find and exfiltrate 83 million records in one of the largest data breaches of the year.To read this article in full or to leave a comment, please click here
Most people don’t typically associate the Central Intelligence Agency with historical UFO investigations but the agency did have a big role in such investigations many years ago.That’s why I thought it was unusual and kind of interesting that the agency this week issued a release called “How to investigate a flying saucer.” [The release is also a nod to the fact that the science fiction TV series X-Files returns to the screen this weekend]In the article the CIA talks about the Air Force’s Project Blue Book which investigated public reports of UFOs and operated between 1952-1969. Project Blue Book was based at Wright-Patterson Air Force Base near Dayton, Ohio. Between 1947 and 1969, the Air Force recorded 12,618 sightings of strange phenomena — 701 of which remain "unidentified.”To read this article in full or to leave a comment, please click here
Skype is adding a new default security feature primarily to protect gamers from their overheated rivals. The Microsoft-owned service recently announced it would start hiding users’ IP addresses by default in the latest update to Skype. Previously, a Skype user’s IP address was not hidden, meaning hackers who knew what to look for could easily obtain your IP address and thus target your computer.
Why this matters: Online gaming is serious business. So serious that people who lose major online battles or matches can sometimes seek revenge. One easy way to do that is to launch a distributed denial of service attack knocking their victorious rival offline. Before launching a DDoS, however, you need your target’s IP address. That was actually pretty easy if you knew your target’s Skype name. You don’t even need to be a capable programmer as many websites called ‘resolvers’ promised to reveal a Skype user’s IP address.To read this article in full or to leave a comment, please click here
When it comes to security, insider threats are an unfortunate fact of life. But if you're thinking only about combatting malicious insiders, you may be miscalculating the risk."The insider threat is much broader," says Steve Durbin, managing director of the Information Security Forum (ISF), a nonprofit association that assesses security and risk management issues on behalf of its members. "It isn't just about bad apples — people that are deliberately out to steal information or harm organizations."MORE ON NETWORK WORLD: Free security tools you should try
The other two types of insider threats, Durbin says, are negligent insiders, who are aware of security policies but find a workaround, probably with the best of intentions, to get work done, and accidental insiders. A negligent insider, faced with the need to get a large file to a colleague, might turn to a non-approved Web-based file hosting service. An accidental insider might be a manager who is emailing employee performance reviews and miskeys an email address. Due to the magic of autocomplete, that email winds up in the wrong hands.To read this article in full or to leave a comment, please click here
Network security vendor Fortinet has identified an authentication issue that could give remote attackers administrative control over some of its products.The issue, which was described as a FortiGuard SSH (Secure Shell) backdoor, was originally disclosed earlier this month by an anonymous researcher, who also published exploit code for it.Last week, Fortinet said that the problem was not an intentional backdoor, but the result of a management feature which relied on an undocumented account with a hard-coded password. Additionally the company noted that the issue was fixed in FortiOS back in July 2014, after being identified as a security risk by the company's own product security team.To read this article in full or to leave a comment, please click here
An Austrian airplane component maker for Boeing and Airbus said earlier this week a cybercrime-related fraud has caused €50 million (US$54 million) in damages.FACC AG said in its third quarter results report that the accounting department of its FACC Operations unit was targeted.While many businesses have had brushes with cybercrime in the last few years, FACC's large damages figure stands out."The management board has taken immediate structural measures and is evaluating damages and insurance claims," the document said.It characterized the incident as an "outflow" of €50 million of "liquid funds." The loss does not pose an economic threat to the company, it said.To read this article in full or to leave a comment, please click here
A company that makes video conferencing products replaced one serious security vulnerability with another, despite being warned of the dangers.
AMX Harman, which makes a variety of audio-visual and building control equipment, has patched the problem. But on Thursday SEC Consult, an information security firm in Vienna, revealed what it says is the back story.
Last March, SEC Consult warned AMX that it had found a secret account in certain versions of the NX-1200, an appliance for controlling audio-visual systems.To read this article in full or to leave a comment, please click here
When Google tells us it blocked 780 million bad ads last year, is that a sign that things are getting better?In one way it is, as the 49 percent increase in bad ads blocked outpaced Google's overall advertising growth, indicating that the company has been blocking a greater number of bad ads as a percentage of the whole. Clicks on its ads grew at a slightly more leisurely pace, rising 23 percent from a year earlier in the third quarter last year, the most recent for which figures are available.But we don't know how many bad ads slipped past the 1,000+ Google employees charged with detecting them, nor how many bad advertisers simply moved to other advertising networks with less sophisticated detection systems or fewer qualms.To read this article in full or to leave a comment, please click here
Cisco Systems has released software updates to fix critical issues that could allow attackers to compromise digital encoders, unified computing system management servers and Firepower 9000 series security appliances.The Cisco Modular Encoding Platform D9036, a hardware appliance that provides multi-resolution, multi-format encoding for applications that require high video quality, has a hard-coded static password for the root account.This is the highest privileged account on the operating system and is created at installation time. The account and password cannot be changed or deleted without impacting the functionality of the system, Cisco said in an advisory.To read this article in full or to leave a comment, please click here
I am sure it’s not a statistic that makes anyone feel ecstatic about flying: There was a 20% increase in firearm discoveries at TSA airport checkins from 2014’s total of 2,212.
+More on Network World: 26 of the craziest and scariest things the TSA has found on travelers+
It’s an astounding number really, but the details get worse. The TSA goes onto say 2,653 firearms were discovered in carry-on bags at checkpoints across the country, averaging more than seven firearms per day. Of those, 2,198 (83%) were loaded. Firearms were intercepted at a total of 236 airports; 12 more airports than last year.To read this article in full or to leave a comment, please click here
There is universal agreement that modern warfare or crime fighting is not just about bullets, bombs and missiles in physical space. It’s also about hacking in cyber space.But over the past decade there has been much less agreement over how much of a threat hackers are.On one side are those – some of them top government officials – who have warned that a cyber attack on the nation’s critical infrastructure could be catastrophic, amounting to a “cyber Pearl Harbor.”Those warnings prompted the recent book by retired ABC TV “Nightline” anchor Ted Koppel titled, “Lights Out: A Cyberattack, A Nation Unprepared, Surviving the Aftermath.”To read this article in full or to leave a comment, please click here
New year, new leakImage by Eli ChristmanThe number of U.S. data breaches tracked in 2014 hit a record high of 783 in 2014, according to a recent report released by the Identity Theft Resource Center. 2015 fell just two breaches short of tying that record. Here is a list of those breaches that compromised more than 1 million records (see the full report).To read this article in full or to leave a comment, please click here
Even as an overwhelming majority of large global enterprises feel vulnerable to data breaches and other security threats, too many organizations continue to approach cybersecurity as a compliance exercise, according to a new survey from the security vendor Vormetric.In a poll of more than 1,100 security executives around the world, 91 percent of respondents consider their organization to be vulnerable to internal or external data threats.And yet, 64 percent of respondents express the view that compliance is a "very" or "extremely" effective strategy in staving off data breaches, up six percentage points from last year's survey.To read this article in full or to leave a comment, please click here
The billions of dollars invested in cloud, wireless, big data, security and other networking startups in 2015 means that enterprise IT shops will have plenty of new products and services from which to choose.On the heels of that year of the megadeal ($100M or more) and Unicorn (private companies valued at $1B or more), it will be interesting to see how funding for network and IT startups shakes out in 2016. We'll keep track of 2016 funding announcements of possible interest to enterprise IT pros here, so bookmark this page and check back for updates. As we spot trends, we'll roll up collections of like companies and highlight them as well, as we did here for big data and analytics firms.To read this article in full or to leave a comment, please click here
Brian Krebs, author of the Krebs on Security blog, has made a name for himself by exposing some of the most dangerous characters in the cybercrime underworld. And he has paid a price for doing so, including being the target of a SWAT attack.Several years ago, Krebs also incurred the wrath of a Ukrainian hacker, Sergey Vovnenko, who responded to the unwanted publicity Krebs provided him by trying to frame the journalist for heroin possession.
Krebs writes on his blog:To read this article in full or to leave a comment, please click here