Archive

Category Archives for "Network World Security"

DARPA targets tiny, battery-powered atomic clocks that could shield GPS outages

The scientists at DARPA will next month detail a new program the group hopes will develop small, portable, battery-powered atomic clocks with stability, repeatability, and environmental sensitivity 1,000 times better than the current generation of atomic clocks.On Feb. 1 DARPA will detail the Atomic Clocks with Enhanced Stability (ACES) program which will aim to develop clocks that must fit into a package about the size of a billfold and run on a quarter-watt of power. “Success will require record-breaking advances that counter accuracy-eroding processes in current atomic clocks, among them variations in atomic frequencies that result from temperature fluctuations and subtle frequency differences that can occur if the power shuts down and then starts up again,” DARPA stated.To read this article in full or to leave a comment, please click here

IDG Contributor Network: Kaspersky: Ransomware doubled last year, shifted focus to enterprise

A majority of PCs in the workplace were struck by “at least one attempted malware infection” last year, cybersecurity company Kaspersky said in an overview of corporate threats observed throughout 2015 released last month.Well over half, or 58%, of PCs were infected. That’s a gain of 3% over 2014.Meanwhile, CryptoLocker attacks doubled, Kaspersky says in its press release about the report.CryptoLocker attacks are when a trojan-infected PC user receives a ransom demand to decrypt files, stop a denial of service attack, or other onerous result if the ransom isn’t paid.To read this article in full or to leave a comment, please click here

Researcher finds flaw in Comcast XFINITY home security system

Comcast’s XFINITY Home Security System can be readily exploited so it registers that doors and windows in customers’ homes are closed when they are actually open, Rapid7 has discovered.Fixing the problem requires a software or firmware upgrade, Rapid7 says. Comcast hasn’t responded to Rapid7s November notifications about the flaw, the company says.SHOCKER! Cape Cod cops find iPhone stun gunComcast hasn’t responded to an email asking for comment, but this story will be updated when it does.The security system consists of a sensor placed at windows, doors and other locations to detect motion, and a base station. When the sensor is triggered, it notifies the base station, which alarms that there is an intrusion.To read this article in full or to leave a comment, please click here

Flaws in Comcast’s Xfinity Home Security: System fails to warn homeowners of intruders

Rapid7 disclosed serious flaws in Comcast’s Xfinity Home Security system which thieves or thugs could exploit to break into homes while the homeowners continue to receive 'it’s-all-good' messages even as an intruder moves about the house. Even worse, there currently is no fix.Comcast customers might be induced to sign up for one of the Xfinity Home Security packages as the company suggests options like being able to check in on your kids, your pets, and “the things you love most.” With Xfinity Home Security, Comcast said you can “Sit back. Relax. You’re in control.” But today Rapid7 publicly disclosed vulnerabilities in Xfinity Home Security, flaws that can cause the security system to fail to sense motion and instead continue to report “All sensors are intact and all doors are closed. No motion is detected.”To read this article in full or to leave a comment, please click here

Comcast’s Xfinity Home Security vulnerable, fail open flaw leaves homes exposed

Researchers at Rapid7 have disclosed vulnerabilities in Comcast's Xfinity Home Security offerings. The flaws cause the system to falsely report that a home's windows and doors are closed and secured, even if they've been opened.Comcast's Xfinity Home Security system is one of the many next-generation alarm systems that are app controlled and promise to deliver real-time alerts and notifications to homeowners.However, researchers at Rapid7 have discovered flaws that would cause Comcast's system to falsely report that a home's doors and windows are closed and properly secured, even if they've been opened. In addition, the flaws also mean that Comcast's system would fail to sense an intruder's motion in the home.To read this article in full or to leave a comment, please click here

Google fixes dangerous rooting vulnerabilities in Android

Google has fixed a new batch of vulnerabilities in Android that could allow hackers to take over devices remotely or through malicious applications.The company released over-the-air firmware updates for its Nexus devices Monday and will publish the patches to the Android Open Source Project (AOSP) repository by Wednesday. Manufacturers that are Google partners received the fixes in advance on Dec. 7, and will release updates according to their own schedules.The new patches address six critical, two high and five moderate vulnerabilities. The most serious flaw is located in the mediaserver Android component, a core part of the operating system that handles media playback and corresponding file metadata parsing.To read this article in full or to leave a comment, please click here

Lowe’s to add emergency dispatch service for Iris DIY smart-home systems

Smart-home gadgets look cool, but the services connected to them may be more valuable to many owners in the long run. Home-improvement chain Lowe's plans to make more of those services available to do-it-yourselfers.By the middle of this year, owners of Lowe's Iris home gadgets will be able to buy professional monitoring, including dispatching of first responders in case of emergency. It will cost US$19.99 per month and will become available in select markets as licensing allows.Security and life safety are two of the big reasons consumers are buying into the Internet of Things. Broadband providers like AT&T and Comcast install smart-home systems built around things like connected burglar alarms. For example, AT&T's website advertises professionally monitored home security and automation systems starting at $39.99 per month with a two-year contract.To read this article in full or to leave a comment, please click here

Moving target defense vs. moving target attacks: The two faces of deception

The unceasing arms-race between cyber attackers and cyber defenders has gained unprecedented levels of sophistication and complication. As defenders adopt new detection and response tools, attackers develop various techniques and methods to bypass those mechanisms. And deception is one of the most effective weapons on both sides of the game.Deception techniques have traditionally been among the favorite methods in the attackers’ arsenal. Surprise and uncertainty provide the attacker with an inherent advantage over the defender, who cannot predict the attacker’s next move. Rather surprisingly, however, the broken symmetry can also be utilized by the defender.To read this article in full or to leave a comment, please click here

Top 10 breaches of personal data in 2015

It was a bountiful year for hackers who gained unauthorized access to countless corporate and government databases. Here are the online breaches that hauled in the largest amount of personal data -- most of them tallying into the millions.No. 10: U.S. Internal Revenue ServiceNumber of people affected: About 334,000Security experts said it technically wasn’t “hacking” when thieves stole the tax information of 100,000 people through the IRS site. It was a case of weak security: They entered through the IRS’ “Get Transcript” service by answering security questions correctly, using personal information on their victims that had been obtained elsewhere, or simply guessing.To read this article in full or to leave a comment, please click here(Insider Story)

34,000 gamers affected by Christmas attack on Steam

Steam set a new record on Jan. 3 when over 12 million gamers were all gaming at the same time. Gamasutra reported that there were 12,332,504 concurrent users. The Steam stats showed Dota 2 as the most played game which peaked at 940,373 concurrent gamers. Counter-Strike had 643,402 concurrent players and Fallout 4 came in third at the peak with 116,599 gamers. That being said, today is the last day of the Steam winter sale.To read this article in full or to leave a comment, please click here

BlackEnergy cyberespionage group adds disk wiper and SSH backdoor to its arsenal

A cyberespionage group focused on companies and organizations in the energy sector has recently updated its arsenal with a destructive data-wiping component and a backdoored SSH server.The group is known in the security community as Sandworm or BlackEnergy, after its primary malware tool, and has been active for several years. It has primarily targeted companies that operate industrial control systems, especially in the energy sector, but has also gone after high-level government organizations, municipal offices, federal emergency services, national standards bodies, banks, academic research institutions and property companies.Over the past few months, the group has targeted organizations from the media and energy industries in Ukraine, according to security researchers from antivirus vendor ESET. These new operations have brought to light some changes in the group's techniques.To read this article in full or to leave a comment, please click here

HP tackles ‘visual hacking’ with privacy filters in laptop, tablet screens

HP is putting integrated filters in laptop and tablet displays this year so Peeping Toms can't steal confidential information when surreptitiously viewing your screen. HP's privacy filters will make laptop and tablet screens visible to users in direct view of the display. Moving slightly away makes what's displayed on the screen fuzzier and then virtually invisible the further you go. Users won't be able to see a screen from a 35 degree angle on the left or right, said John Groden, director for Elitebook products at HP. This feature could be handy in planes, airports or cafes, where sensitive information on the laptop could be visible to others.To read this article in full or to leave a comment, please click here

Microsoft roundup: The Windows 7 threat, notifying nation-state targets, Bing censorhip

When checking around for what’s been happening with Microsoft, it seems like the company is following its normal pattern of gaining ground and then shooting itself in the foot. Here are a few examples:At the end of 2015, Microsoft announced that it will start notifying users if the company believes “your account has been targeted or compromised by an individual or group working on behalf of a nation state.” Scott Charney, Microsoft’s Corporate VP of Trustworthy Computing, added: We’re taking this additional step of specifically letting you know if we have evidence that the attacker may be “state-sponsored” because it is likely that the attack could be more sophisticated or more sustained than attacks from cybercriminals and others.To read this article in full or to leave a comment, please click here

10 outsourcing trends to watch in 2016

This year, we saw companies embrace increased standardization and cloud computing options of all flavors, use their leverage to renegotiate or rebid their deals, and settle into a best-of-breed approach to offshore outsourcing.So what will 2016 bring? Our experts expect a number of shifts in the industry—including a focus on hyper-speed deal making, the emergence of new multi-sourcing headaches and potential cures, increased man-machine collaboration, and significant expansion of the service provider universe.1. Security takes center stageSecurity is top of mind from the boardroom to the break room, and it will influence outsourcing strategy in 2016. Indeed, security risk is poised to increase as telematics and the Internet of Things (IoT) becomes more prevalent in consumer and commercial products, says Paul Roy, partner in the business and technology sourcing practice of Mayer Brown. “Increasing numbers of threat actors will use increasingly creative ways to exploit weaknesses, often with devastating effect. Regulators will exact increasingly large fines for poor security. Service providers have often been the weakest link in a company’s security and will need to find better ways to address that concern.”To read this article in full or to leave a comment, please click here

Malware peddlers offered Raspberry Pi money to infect your micro-PC

The Raspberry Pi—the popular mini-PC that's about the size of credit card—is attracting attention from malware distributors. But not in the sense that you might think.Last Wednesday, the Raspberry Pi Foundation tweeted a screenshot of an email in which a company effectively asked to install malware onto users Raspberry Pis.+ ALSO ON NETWORK WORLD Ultimate guide to Raspberry Pi operating systems, part 2 +In the email, the company, whose name was redacted, offered the Foundation money in order to distribute an exe file on Raspberry Pi machines (never mind the fact that the Raspberry Pi doesn't run Windows). Installing the exe would place a shortcut icon on the desktop; if you open it, you'd be taken to the company's website. "Then this is our target," the email reads in part.To read this article in full or to leave a comment, please click here

The most innovative and damaging hacks of 2015

Not a week went by in 2015 without a major data breach, significant attack campaign, or serious vulnerability report. Many of the incidents were the result of disabled security controls, implementation errors, or other basic security mistakes, highlighting how far organizations have to go in nailing down IT security basics.But looking beyond the garden-variety attacks and vulnerabilities lends great insight into the future of malicious activity and how to defend against it. And 2015 had its share of intriguing invasions, each of which highlighted the modified techniques that lead to new forms of breaches or pinpoint areas in need of new defenses. The past year saw cyber criminals adopting innovative approaches and state-sponsored actors becoming bolder. Motivations shifted, with financial gain no longer the sole reason for launching an attack. Inflicting physical damage, stealing trade secrets, hacking as a form of protest -- 2015 was a year in which malicious activity served many ends.To read this article in full or to leave a comment, please click here

The next wave of cybercrime will come through your smart TV

Smart TVs are opening a new window of attack for cybercriminals, as the security defenses of the devices often lag far behind those of smartphones and desktop computers. Running mobile operating systems such as Android, smart TVs present a soft target due to how to manufacturers are emphasizing convenience for users over security, a trade-off that could have severe consequences. Smart TVs aren't just consumer items, either, as the devices are often used in  corporate board rooms. Sales of smart TVs are expected to grow more than 20 percent per year through 2019, according to Research and Markets. While attacks against smart TVs are not widespread yet, security experts say it is only a matter of time before cybercriminals take note of the weaknesses.To read this article in full or to leave a comment, please click here

New Chinese law takes aim at encryption

A new law passed by China's Parliament on Sunday requires technology companies to assist the government in decrypting content, a provision that the country maintains is modeled after Western law. ISPs and telecommunication companies must provide technical assistance to the government, including decrypting communications, for terrorism-related investigations, according to Xinhua, China's official news agency. Xinhua quoted Li Shouwei, of the National People's Congress Standing Committee legislative affairs commission, as saying the law doesn't require technology companies to install "backdoors," the term for code that would give security agencies consistent, secret access to data, in software.To read this article in full or to leave a comment, please click here

Hyatt Hotels says payment-processing systems hit by malware

Hyatt Hotels has asked customers to review their payment card account statements closely, after it detected malware on the computers that run its payment-processing systems at locations it manages.The hotel chain did not provide more details on the breach, including the number of customers that might have been affected, but it appears from the alert to customers that hackers may have obtained critical credit card information.Hyatt is the latest in a number of companies in the hospitality industry, including Hilton Worldwide, Mandarin Oriental and Starwood Hotels & Resorts Worldwide that were affected by hacker attacks. A number of retailers like Target also had their point-of-sale systems targeted.To read this article in full or to leave a comment, please click here