"You can't manage what you can't see" is a popular saying in the network industry. Historically, it's been used for traditional network management, with the thought being that one can't fix a problem on the network without having visibility into the applications, traffic flows, and infrastructure.
Recently, though, the meaning of that phrase has changed as "shadow IT" has become increasingly popular. Shadow IT is when lines of business or individual users purchase their own cloud services without any involvement in IT. The problem today is very real. An interesting data point to support this comes from a ZK Research report that showed that 96% of organizations claim to be running cloud applications that are not sanctioned by IT (disclosure: I am an employee of ZK Research).To read this article in full or to leave a comment, please click here
If you're connecting to servers over the secure shell (SSH) protocol using an OpenSSH client, you should update it immediately. The latest version patches a flaw that could allow rogue or compromised servers to read users' private authentication keys.The vulnerability stems from an experimental feature known as roaming that allows SSH connections to be resumed. This feature has been enabled by default in OpenSSH clients since version 5.4, released in March 2010, but is not present in the OpenSSH server implementation. As a result only clients are affected.The vulnerability allows a server to read information from a connecting client's memory, including its private keys. It has been fixed in OpenSSH 7.1p2, released Thursday.To read this article in full or to leave a comment, please click here
Apple hasn't completely fixed a weakness in Gatekeeper, its security technology that blocks harmful applications from being installed.
Patrick Wardle, director of research with the company Synack, said in an interview he reverse-engineered a patch Apple released in October and found it wasn't quite the fix he expected.
Wardle found he could still bypass Gatekeeper and install malware. He's going public with his latest findings on Sunday at the Shmoocon security conference, which starts Friday in Washington, D.C. To read this article in full or to leave a comment, please click here
Google has released an upgrade to Go 1.5.3 to fix a security issue with the math/big package for implementing multiprecision arithmetic. Go programs must be recompiled with this version to receive the fix."This issue can affect RSA computations in crypto/rsa, which is used by crypto/tls," a golang-dev post in Google Groups says. "TLS servers on 32-bit systems could plausibly leak their RSA private key due to this issue. Other protocol implementations that create many RSA signatures could also be impacted in the same way." Incorrect results in one part of the RSA Chinese Remainder computation can lead to the wrong outcome down the line such that it leaks a prime number.To read this article in full or to leave a comment, please click here
IBM is going to apply machine learning to fraud busting with Iris Analytics.While that makes it sound as though it will be using Watson AI systems to identify fraudsters by gazing deep into their eyes, this is really about its acquisition of a German software firm called Iris Analytics.Iris monitors banking transactions and uses machine learning to spot previously unknown patterns of fraudulent transactions in real time. The system can work alone or in conjunction with human analysts, according to IBM.MORE ON NETWORK WORLD: 6 simple tricks for protecting your passwords
With only one bank in six equipped with real-time fraud detection systems, and even those taking a month or more to learn to stop new attacks once they are identified, IBM sees a big market for integrating systems like that of Iris with its existing antifraud products.To read this article in full or to leave a comment, please click here
Raytheon has given a name to the enterprise security business it has been piecing together for the past few years: Forcepoint.The new entity that it is spinning out rolls up Raytheon Cyber Products, Websense (which the company bought an 80% share in last year), and next generation firewall vendor Stonesoft that Raytheon agreed to buy last fall and now owns.Forcepoint says its plan is to continue integrating products from the three entities so it can offer a range of protections including Web, email and endpoint security, data loss protection, firewalling and analytics all under one cloud-based umbrella.Raytheon’s history supplying products to the Department of Defense demonstrates its broad expertise that could be transferred to mainstream enterprises, says Chris Christiansen, an analyst with IDC. “It remains to be seen what they do with integrating products, how they leverage their government experience, whether they can expand out,” to general enterprises, he says.To read this article in full or to leave a comment, please click here
As we documented this week in our latest Big Data & Analytics Companies to Watch slideshow, venture capital is pouring in to firms looking to help organizations better exploit all the data they're gathering and generating. What's becoming really interesting though is that these companies are starting to target specific areas -- from security to network management -- so that you can actually tell them apart now.Consultancy Deloitte hammers home the increasingly diversified nature of analytics in its new Analytics Trends report in which it cites 6 areas to watch:To read this article in full or to leave a comment, please click here
This column is available in a weekly newsletter called IT Best Practices. Click here to subscribe. One of the weakest links in security systems is end user credentials. They are often abused by their legitimate owners, and stolen by malicious actors. The 2014 Verizon Data Breach Investigations Report revealed that 88% of insider breaches involve abuse of privileges, and 82% of security attacks involve stolen user credentials.An external attacker might use a stolen set of credentials to make the initial infiltration of a network, to make lateral movements inside the network to gain access to sensitive data or information, or to exfiltrate data to complete the breach. This type of activity is hard to detect because the credentials themselves are legitimate—they are just being used the wrong way.To read this article in full or to leave a comment, please click here
Web application attacks are among the leading causes of data breaches, according to Verizon's 2015 Data Breach Investigations Report, which looked at data from 80,000 security incidents and over 2,000 confirmed data breaches in 61 countries. The report also found that weak or stolen credentials account for over 50 percent of breaches involving Web applications, and those in the financial services sector are favored targets for Web application attacks.Statistics like that are enough to make anyone sit up and take note.To read this article in full or to leave a comment, please click here(Insider Story)
An Android Trojan that targets mobile banking users has evolved into a sophisticated, persistent and hard-to-detect threat, suggesting that it is part of a well-organized attack campaign.Researchers from security firm FireEye first documented the Trojan in December and named it SlemBunk. Once installed, it starts monitoring the processes running on the device and when it detects that a mobile banking app is launched, it displays a fake user interface on top of it to trick users into inputting their credentials.The Trojan can spoof the user interfaces of apps from at least 31 banks from across the world and two mobile payment service providers.To read this article in full or to leave a comment, please click here
Cisco Systems released critical security updates for several products, including access points and wireless LAN controllers, in order to fix vulnerabilities that could give remote attackers access to devices.The Cisco Aironet 1830e, 1830i, 1850e and 1850i series access points contain a default account with a static password that attackers can use to gain unauthorized access, the company said in an advisory.Fortunately, the account does not have administrative privileges, so the vulnerability is only rated as high impact instead of critical.To read this article in full or to leave a comment, please click here
The Islamic State is deploying its own encrypted communications app for Android, an eventuality predicted by experts who oppose efforts of governments to require encryption backdoors so they can find out what criminals are saying to teach other.The app, called lrawi.apk, employs what is described as rudimentary encryption and was available for download last month on a Web site where Islamic State supporters could download it and another app for distributing propaganda, according to a story posted by Defense One.The creation of such an encryption app has been considered a likely outcome of laws being proposed internationally requiring backdoors that would allow service providers to fulfill court orders to decrypt private communications of their customers.To read this article in full or to leave a comment, please click here
New research from messaging security provider Cloudmark and technology research company Vanson Bourne provides new insight into IT professionals' views and experiences with spear phishing attacks, as well as the security and financial impact of these attacks on their organizations."With the wealth of information about individuals and organizations now available online, cybercriminals can easily craft targeted attacks to gain access to valuable personal and financial information. Spear phishing has emerged as one of the largest threats facing enterprises today," said George Riedel, CEO of Cloudmark.Vanson Bourne surveyed 300 IT decision makers at organizations with more than 1,000 employees in the U.S. and the U.K. to assess the impact of spear phishing attacks, as well as what measures enterprises were taking to combat them.To read this article in full or to leave a comment, please click here(Insider Story)
In its annual Most Wanted List of Transportation Safety Improvements, safety officials said they want to see more high-tech answers to car-crash prevention and operator monitoring capabilities.+More on Network World: Will your car become a mini-data center? IBM thinks that’s just the beginning+The National Transportation Safety Board’s (NTSB) annual wish list looks at what it considers to be the nation’s top transportation safety concerns. It has for years spoken out about distracted driving and the need to remove any and all items from car driver compartments that might cause crashes. And this years list included yet another call for more action.To read this article in full or to leave a comment, please click here
60% of companies cannot detect compromised credentials, according to Rapid7’s incident detection and response survey results. Rapid7
That is just one of the yikes revealed when 271 security professionals from all size organizations and industries responded to the survey so Rapid7 could learn more about challenges to security teams, strategic initiatives and current security tools being used. It is little wonder why over 90% of respondents admitted to being worried about attacks that use compromised credentials.To read this article in full or to leave a comment, please click here
Sixty percent of companies cannot detect compromised credentials, according to Rapid7’s incident detection and response survey results. Rapid7
That is just one of the "yikes" revealed when 271 security professionals from all size organizations and industries responded to the survey so Rapid7 could learn more about challenges to security teams, strategic initiatives, and current security tools being used. It is little wonder why over 90% of respondents admitted to being worried about attacks that use compromised credentials.To read this article in full or to leave a comment, please click here
Congratulations on getting that new wearable device over the holidays. You're on your way to a new, trackable, data-filled life. Or you’re about to be hacked. "Every digital technology, as its use has expanded, has drawn attention from hackers and criminals," says Stephen Cobb of ESET. "So if wearables get to the point where criminals can see a way to exploit them for gain, they will try to do that." In his role as senior security researcher at ESET, Cobb says he hasn't seen that happen yet, but that doesn't mean it isn't on the horizon. He points to a recent issue with VTech, which makes a wearable for kids. Its customer database, which includes the information of 5 million parents and 200,000 children, was recently compromised. To read this article in full or to leave a comment, please click here
A cybercriminal has built a ransomware program based on proof-of-concept code released online, but messed up the implementation, resulting in victims' files being completely unrecoverable.Researchers from antivirus vendor Trend Micro recently spotted a new file-encrypting ransomware program distributed as a Flash Player update through a compromised website in Paraguay.After they analyzed the program's code, they realized that it was a modification of a proof-of-concept file encryptor application called Hidden Tear that was published on GitHub in August by a Turkish security enthusiast.Hidden Tear comes with a disclaimer that the code may only be used for education purposes and a warning that people using it as ransomware could go to jail.To read this article in full or to leave a comment, please click here
Microsoft has released the first batch of security updates for 2016 and they include critical fixes for remote code execution flaws in Windows, Office, Edge, Internet Explorer, Silverlight and Visual Basic.The company has also fixed remote code execution and elevation of privilege vulnerabilities in Windows and an address spoofing flaw in Exchange Server, that were rated important, not critical, due to various mitigating factors.In total, Microsoft issued 9 security bulletins covering patches for 24 vulnerabilities.According to Wolfgang Kandek, the CTO of security firm Qualys, administrators should prioritize the MS16-005 security bulletin, especially for systems running Windows Vista, 7 and Server 2008.To read this article in full or to leave a comment, please click here
Making sense of dataJust as practically every startup these days claims to be a cloud company or an IoT company, they’re all big data and analytics firms, too. Well, not really, but they at least toss the hot terms into their company descriptions. We’ve tried to pull out the real big data and analytics companies to highlight them here, listed alphabetically. Most focus on helping companies make sense of their oodles of data, sometimes for customer service, sometimes for IT purposes and sometimes for security reasons. And not all of them are brand new firms.To read this article in full or to leave a comment, please click here