Archive

Category Archives for "Network World Security"

EFF says Cisco shouldn’t get off the hook for torture in China

Cisco Systems built a security system for the Chinese government knowing it would be used to track and persecute members of the Falun Gong religious minority, according to the Electronic Frontier Foundation technology rights group.Falun Gong practitioners alleged the same thing in a lawsuit that a federal judge in Northern California dismissed in 2014. That case is being appealed, and on Monday the EFF, Privacy International and free-speech group Article 19 filed a brief that supports the appeal.The case highlights the risks technology companies take by selling software and hardware to customers around the world. Some of those customers may use the technology in ways that raise objections in other countries, creating legal problems or just tarnishing a vendor's reputation.To read this article in full or to leave a comment, please click here

Android malware steals one-time passcodes

One-time passcodes, a crucial defense for online banking applications, are being intercepted by a malware program for Android, according to new research from Symantec.The malware, called Android.Bankosy, has been updated to intercept the codes, which are part of so-called two-factor authentication systems.Many online banking applications require a login and password plus a time-sensitive code in order to gain access. The one-time passcode is sent over SMS but also can be delivered via an automated phone call.Some banks have moved to call-based delivery of passcodes. In theory, that provides better security since SMS messages can be intercepted by some malware, wrote Dinesh Venkatesan of Symantec in a blog post on Tuesday.To read this article in full or to leave a comment, please click here

Robotic falconry to foil unwanted drones

Described as “Robotic Falconry”, a new way to deal with drones that need to be removed from the air has been demonstrated by Michigan Tech. What’s so neat about this solution to controlling unwanted drones in your airspace is that the system, which uses a net that is fired at the target drone from another drone, snags the intruder and then hauls it away to a secure area so that any payload (for example, drugs or explosives)  can be dealt with. Here's the system in testing:To read this article in full or to leave a comment, please click here

Patch Tuesday: Microsoft released 9 security updates, 6 rated critical, 7 for RCE

To start off 2016 Patch Tuesdays, Microsoft released nine security bulletins, six of which are rated as critical and seven resolve remote code execution vulnerabilities.While that many RCEs don’t set any records, Bobby Kuzma, CISSP, systems engineer at Core Security, said, “It still distresses me. Web browsers are not safe, and everyone should be using some kind of content filtering on their networks. It's like wearing a seat belt. Just do it.”Rated criticalFirst up is MS16-001, the cumulative fix for flaws in Internet Explorer which an attacker could exploit to gain remote code execution and have the same rights as the user. The patch is meant to modify how VBScript handles objects in memory and to help ensure that cross-domain policies are properly enforced in Internet Explorer.To read this article in full or to leave a comment, please click here

Will your car become a mini-data center? IBM thinks that’s just the beginning

In the not too distant future many consumers expect autonomous, self-driving cars that repair problems without human intervention, implement cognitive computing to adapt the car to a particular driver’s behaviors and react to the vehicle’s environment.Those are at least some of the conclusions gleaned from IBM’s “Auto 2025: A New Relationship – People and Cars” research involving 16,000 global consumers who were asked how they expect to use vehicles in the next ten years.+More on Network World: 20 years ago: Hot sci/tech images from 1995+To read this article in full or to leave a comment, please click here

New remote access Trojan Trochilus used in cyberespionage operations

A cyberespionage group has been discovered using a new remote access Trojan, dubbed Trochilus, whose detection rate was very low among antivirus products.The malware was discovered by researchers from Arbor Networks while investigating attacks in Myanmar that were launched from compromised government websites.The researchers linked the compromises to a sophisticated group of attackers known as Group 27, who are known to use different malware programs in their operations, some with overlapping capabilities.Arbor Networks has uncovered seven malware programs used by the group so far, including three remote access Trojans: PlugX, 9002, and the new Trochilus.To read this article in full or to leave a comment, please click here

Europol tracks DD4BC cyber-extortion gang to Bosnia

Police believe they have nabbed a key figure behind a series of online extortion attacks that have taken place around the world over the last 18 months. Operation Pleiades, a joint operation by police forces from around the world, led to the arrest of a "main target" and the detention of another suspect, Europol said Tuesday. The denial-of-service attacks on webservers and the like made by group going by the name DD4BC (Distributed DoS for Bitcoin), are followed by an email threatening that the attack will be stepped up unless a payment is made in bitcoin. Attackers using the name DD4BC have targeted businesses large and small -- and also email addresses leaked from the Ashley Madison website.To read this article in full or to leave a comment, please click here

Windows 8, older Internet Explorer versions face end-of-life deadline this week

This week's Patch Tuesday will be the final time the Windows 8 OS and Internet Explorer versions 8, 9, and 10 see any more fixes. Microsoft is again making the necessary decision to cut the cord and let the aging browsers go, and it has begun urging users to upgrade.As always, the products will continue to work, they just won't be patched if a flaw or exploit is found. With this end-of-life patch, IE users will be given an upgrade notification informing them that the browser will no longer be supported and encouraging them to use the latest version. It's a similar ritual Microsoft had to go through with Windows XP two years ago.And, as it turns out, there are still a fair number of users of the old IE versions – around 19.8%, according to NetMarketShare analytics. So why are the old browser versions hanging on? Two reasons, I suspect.To read this article in full or to leave a comment, please click here

Have you broken your security resolutions yet?

Keeping your resolutionsImage by UsodesitaWe are almost halfway through the first month of 2016 and I am sure many people have already let their personal resolutions fall apart. But what about your professional resolutions? How have they held up? Is it easier to shore up your network’s security than exercise every day? These security professionals offer up their resolutions for the new year.To read this article in full or to leave a comment, please click here

Feds say only Chryslers were vulnerable to hacks via radio, not Audi or Volkswagen

U.S. auto safety regulators have determined that only infotainment centers from Fiat-Chrysler Automobiles (FCA) had a security flaw that could allow hackers to take control of Jeeps and several other model cars and trucks.Last summer, Fiat-Chrysler recalled 1.4 million Jeep, Chrysler, Dodge and Ram vehicles that had the security flaw.After a five-month investigation into cyberhacking vulnerabilities, the National Highway Traffic Safety Administration (NHTSA) said only FCA vehicles, and no others, were vulnerable to the hack.Affected were certain vehicles equipped with 8.4-in. Uconnect touchscreens: 2013-2015 Dodge Viper specialty vehicles 2013-2015 Ram 1500, 2500 and 3500 pickups 2013-2015 Ram 3500, 4500, 5500 Chassis Cabs 2014-2015 Jeep Grand Cherokee and Cherokee SUVs 2014-2015 Dodge Durango SUVs 2015 Chrysler 200, Chrysler 300 and Dodge Charger sedans 2015 Dodge Challenger sports coupes Audi Volkswagen and Bentley were also part of the NHTSA's investigation because they use the same infotainment center as Chrysler vehicles, which are made by Harman and used a similar Uconnect operating system.To read this article in full or to leave a comment, please click here

Microsemi builds better security into network time appliance

Keeping accurate time has never been more important. Inaccurate time can cause servers and applications to go awry, causing service disruptions.For example: As fighter Manny Pacquiao was ready to square off against Floyd Mayweather in May 2015, the fight was delayed due to a technical problem with pay-per-view orders. More than 4.4 million U.S. customers shelled out $100 to watch the fight but had trouble accessing it. The fight was delayed 45 minutes. It turns out the trouble was a problem with time. A time server was so far out of sync that people were disqualified from watching the fight because of a discrepancy with the time stamps.To read this article in full or to leave a comment, please click here

Rovnix malware shifts focus to Japan, says IBM

After a stint focusing on the Netherlands, a group using the Rovnix Trojan has updated it and repackaged it to steal from the bank accounts of victims in Japan, according to IBM X-Force.The malware in this exploit, which has persisted in various forms for about five years, has been augmented to avoid being detected, dodge bank security and convincingly mimic bank websites, says Etay Maor, a senior cybersecurity strategist for IBM.It’s pretty clear from the malware samples IBM X-Force has examined that the Rovnix group in question studied Japanese banks closely and came up with a user interface that closely mimics those of specific banking sites. It’s not just a generic key-logger that steals information and hopes for the best, Maor says.To read this article in full or to leave a comment, please click here

Mozilla Persona login system to shut down end November

Mozilla's login system Persona will be shut down on Nov. 30 as its usage is low and has not grown over the last two years.The foundation's decision to take persona.org and related domains offline follows a move in March 2014 to transition the running of the project from full-time developers to a community of long-time volunteers and former paid contributors.Mozilla said at the time that it had no plans to decommission the little-known service, which allowed users to sign in to websites that support Persona using their verified email ids.  The key attraction of the service, according to Mozilla, was that users didn't have to trust a website with their password, preventing its theft if one of the websites got hacked.To read this article in full or to leave a comment, please click here

Trend Micro flaw could have allowed attacker to steal all passwords

A discovery by a well-known Google security researcher provides further proof how antivirus programs designed to shield computers from attacks can sometimes provide a doorway for hackers. Tavis Ormandy, an information security engineer with Google, wrote he found bugs in Trend Micro's antivirus product that could allow remote code execution by any website and steal all of a users' passwords. The security firm has confirmed it has released an automatic update that fixes the problems. "As part of our standard vulnerability response process we worked with him to identify and address the vulnerability," wrote Christopher Budd, global threat communications manager at Trend Micro, in an email on Monday. "Customers are now getting protections through automatic updates."To read this article in full or to leave a comment, please click here

Should the US change metal coins?

It may be time for the United States to rethink how the smallest parts of its monetary system -- the penny, nickel and dime – are made.According to a report this week from watchdogs at the Government Accountability Office, since 2006 the prices of metals used in coins have risen so much that the total production unit costs of the penny and nickel exceed their face value resulting in financial losses to the U.S. Mint. In fact such a change could potentially save between $8 million and $39 million per year by changing the metal composition of the nickel, dime, and quarter.+More on Network World: 20 years ago: Hot sci/tech images from 1995+To read this article in full or to leave a comment, please click here

CES 2016 takeaways: IoT could be the death of your security

For the most part, the CES 2016 show was largely a yawner—maturation rather than innovation. Yes, there was a lot of interesting stuff outside of IT gear—and the IT gear could be as fun as a 200-node Raspberry Pi cluster running hadoop or wicked-fast IEEE 802.11ac wireless hubs that do endless if secure tricks.The damage, the damnation, the truculent total churl of the event was this: all of the new Interent of Thingies/IoT/KewlGear has no cohesive security strategy. It's a mosh pit of certificates, easy-auth, Oh! Let's Connect Our Gear Together! (add breathy sigh!) meaninglessness.Let's now take this in the curmudgeonly risk-averse cloud space, bit by bit:To read this article in full or to leave a comment, please click here

How Forbes inadvertently proved the anti-malware value of ad blockers

A few months back I postulated that Adblock Plus and other ad blocking software could act as protection against malware because they kept embedded malware in web pages from ever loading in your browser. Now, Forbes has proven me right.Forbes has taken an aggressive line against ad blockers. When it detects one running on your system, it denies you access to the content until you turn off the ad blocker. Needless to say, this hasn't gone over very well with some people.Forbes included a prominent security research in an article called "The Forbes 30 Under 30," which drew a number of other security researchers to check out the article. After disabling Adblock Plus, they were immediately served with pop-under malware. Security researcher Brian Baskin was the first to tweet about it and included a screen grab of the pop-under.To read this article in full or to leave a comment, please click here

Beware: Surveillance software police are using to score citizens’ threat level

High-tech is increasingly used by police departments, but some have gone so far as surveilling citizens via software that calculates a citizen’s threat score.Intrado, the company behind the threat-scoring software, says Beware “sorts and scores billions of publicly-available commercial records in a matter of seconds - alerting responders to potentially dangerous situations while en route to, or at the location of, a 9-1-1 request for assistance.”In much the same way as the Harris Corporation keeps the lid tightly sealed on the details of its Stingray cell-site simulators and trackers, Intrado considers the how’s of Beware calculating threat scores to be a “trade secret.” However the Washington Post said the program scours “billions of data points, including arrest reports, property records, commercial databases, deep Web searches” as well as a citizen’s “social- media postings.” The calculated threat level is color-coded with green, yellow or red as the highest warning.To read this article in full or to leave a comment, please click here

Drupal to secure its update process with HTTPS

Developers of the popular Drupal content management system are working to secure the software's update mechanism after a researcher recently found weaknesses in it.Last week, researcher Fernando Arnaboldi from security firm IOActive disclosed several issues with the update mechanism in Drupal: the failure of the back-end administration panel to report update errors, a cross-site request forgery (CSRF) flaw that could allow attackers to force admins to repeatedly trigger update checks, and the lack of encryption for update downloads.The last issue was the most significant one, because it could have allowed attackers who could intercept the traffic between a Drupal-based site and the official Drupal servers, to inject back-doored updates. Such an attack could lead to the compromise of the site and its database.To read this article in full or to leave a comment, please click here

The Incident Response “Fab Five”

I’ve been focused on security analytics for several years and spent a good part of 2015 investigating technologies and methodologies used for incident response.  Based upon lots of discussions with cybersecurity professionals and a review of industry research, I’ve come up with a concept I call the incident response “fab five.”  Enterprise organizations with the most efficient and effective incident detection and response, tend to establish best practice and synchronization in 5 distinct areas: Host monitoring.  This centers on understanding the state and activities of host computers.  Host monitoring tends to concentrate on Windows PCs, but may also include oversight of Macs, Linux, servers, and even cloud-based workloads.  Historically, host monitoring was based upon log collection and analysis but SOC managers are also embracing open source EDR tools (i.e. GRR, MIG, etc.) as well as commercial forensic offerings (i.e. Carbon Black, Countertack, Hexis Cyber Solutions, Guidance Software EnCase, RSA Ecat, Tanium, etc.).  The trend is toward collecting, processing, and analyzing more host forensic data in real-time. Network monitoring.  Beyond network logs, I see leading-edge organizations collecting and analyzing a combination of flow and PCAP data.  Think of technologies Continue reading

1 232 233 234 235 236 319