IBM is launching a program where customers can share apps they write to augment IBM’s QRadar platform that analyzes security data, detects behavior anomalies and sorts out high-priority risks from the mass of incidents it examines.To accomplish this, the company is opening APIs into QRadar, issuing software developer kits and creating a Security App Exchange where these custom apps can be distributed.The exchange has already been seeded with 14 apps written by IBM itself and some of its partners including Bit9 + Carbon Black, BrightPoint Security, Exabeam and Resilient Systems.Four of these apps are:
User Behavior Analytics – Integrates Exabeam’s analysis of user behaviors and risk profiling into QRadar’s dashboard.
Threat Intelligence – Pulls data from threat feeds and create rules about how to handle the data, such as raising the threat score for incidents involving IP addresses from a particular watch list.
Carbon Black App for QRadar – Analyzes data from Carbon Black’s endpoint sensors within the QRadar interface, enabling faster responses to endpoint attacks.
Incident Overview – A visualization app that uses bubbles, colors and correlation lines to help analysts quickly identify links among incidents.
IBM says it will vet applications before they are made Continue reading
Since 2008, a group of attackers has used off-the-shelf remote access Trojans (RATs) to target political figures, journalists and public figures in several South American countries. The group, whose attack campaigns have been investigated by researchers working with Citizen Lab at the University of Toronto's Munk School of Global Affairs, has been dubbed Packrat. It appears mainly interested in political opposition groups and influential people from countries like Argentina, Ecuador and Venezuela.While there is insufficient evidence to link the group to a particular government or intelligence agency, the researchers believe "that the ultimate recipient of the information collected by Packrat is likely one or more governments in the region."To read this article in full or to leave a comment, please click here
When shopping for a smart device, are you most influenced by the device’s capabilities, by its coolness factor, or by holiday sales that dropped the price? Do you first review the company’s policies, terms and conditions, the potentially excessive permissions a mobile app will require to control the connected device, or with whom the manufacturer will share or sell your collected data? If you receive a smart gadget as a gift, do you think the giver was wise enough to consider the small print before purchasing, to think of security and privacy before buying the smart device?To read this article in full or to leave a comment, please click here
A major UK newspaper is cleaning up its website after a criminals tried to deliver ransomware to thousands of its readers.The attack affected the blogs section of The Independent newspaper's website, Joseph C. Chen, a fraud researcher with Trend Micro, said in a blog post Tuesday."We have already informed The Independent about this security incident and are working with them to contain the situation," Chen wrote. "For their part, the news website staff was quick to respond and take action to mitigate the risk this event posed to the website itself and its user base."To read this article in full or to leave a comment, please click here
Consumers will see an increase in successful cyberattacks against their online health records next year; supercomputers like IBM's Watson will reduce patient deaths and treatment costs by 10% in 2018; and virtual healthcare will soon become routine.Those are some of the predictions made by IDC's Health Insights group in a new report.The report claims that because of a legacy of lackluster electronic security in healthcare and an increase in the amount of online patient data, one in three consumers will have their healthcare records compromised by cyberattacks in 2016.To read this article in full or to leave a comment, please click here
On Tuesday, Microsoft updated their Certificate Trust List (CTL) after the private key for xboxlive.com was leaked to the Web. The company didn't explain how the leak happened, but the exposed certificates were immediately revoked and replaced."Microsoft is aware of an SSL/TLS digital certificate for *.xboxlive.com for which the private keys were inadvertently disclosed. The certificate could be used in attempts to perform man-in-the-middle attacks," the software giant explained in their advisory."To help protect customers from potentially fraudulent use of the SSL/TLS digital certificate, the certificate has been deemed no longer valid and Microsoft is updating the Certificate Trust list (CTL) for all supported releases of Microsoft Windows to remove the trust of the certificate."To read this article in full or to leave a comment, please click here
Way to go! Congratulations on suffering through another year of deploying security patches. Microsoft released 12 security bulletins for the last Patch Tuesday of 2015, eight of which are rated as critical for remote code execution vulnerabilities. Hopefully none will result in exceedingly uncool changes like Microsoft snuck into Windows 10 last month to reset privacy settings and default programs.Although Microsoft regards MS15-135 only as “important,” it would be wise to jump on this one as it is the fix for a zero-day vulnerability in the Windows kernel that attackers are exploiting to escalate privilege, according to Qualys CTO Wolfgang Kandek. You wouldn’t know it by its Microsoft-rated “important” status, as Redmond’s security team mentioned that it resolves flaws in Windows kernel-mode drivers. Nils Sommer of bytegeist, working with Google Project Zero, is credited with reporting three CVE’s associated with this patch.To read this article in full or to leave a comment, please click here
If you've ever seen the scary red pages in Google Chrome that prevent you from visiting a dangerous website, and wished you had them on your phone, then you're in luck: Google has extended Safe Browsing, the technology behind those security alerts, to Android.Safe Browsing is now integrated into Google Play Services, starting with version 8.1, and apps are able to use it. Chrome for Android is the first to do so.As in the desktop version of Chrome, Safe Browsing protects against websites that are known to host malware, potentially unwanted programs as well as phishing and other scams.If you've surfed from an Android phone extensively you've probably been bombarded with persistent ads claiming that your phone is not running properly, that your battery drains too fast or that the device is insecure. All of them try to push some application that allegedly solves the made-up problems.To read this article in full or to leave a comment, please click here
Last summer, law enforcement agencies from 20 countries joined forces to shut down the notorious Darkode hacking forum. Organizers said they would be back, stronger than ever.Security researchers have been keeping an eye out for its resurgence ever since and finally found it last week, but instead of being stronger than ever, it's actually insecure and badly configured.According to Loucif Kharouni, senior threat researcher at Damballa, it feels like a "bad Darkode imitation" that is "just not worth anyone's time."At its peak, Darkode had hundreds of users who were heavy-weights in the cybercriminal world.To read this article in full or to leave a comment, please click here
IBM today got a multi-year grant from the Intelligence Advanced Research Projects Activity (IARPA) to build key components of what it calls a universal quantum computer.
+More on Network World: Intelligence agency wants a superconducting, super cool, supercomputer+
You may recall that IARPA operates as part of the Office of the Director of National Intelligence and the Big Blue award was granted under the auspices of the group’s Logical Qubits (LogiQ) program which is looking to develop technologies that overcome the limitations of current quantum systems by building a logical qubit from a number of imperfect physical qubits.To read this article in full or to leave a comment, please click here
While the power of distributed denial-of-service (DDoS) attacks has decreased in recent months, their number has spiked, a trend that could signal trouble for smaller companies and websites.The number of DDoS attacks recorded in the third quarter of this year has grown by 180 percent compared to Q3 2014, exceeding 1,500, Akamai said in the latest edition of its State of the Internet report published Tuesday.Despite their large number, the attacks were shorter in duration, had lower bandwidth and smaller volumes compared to both the same period last year and the previous quarter.Smaller companies' websites are increasingly at risk due to the rising popularity of DDoS-for-hire services and are also a prime target for attackers that use DDoS as an extortion tool.To read this article in full or to leave a comment, please click here
The National Security Agency has significantly enhanced its capabilities for detecting cyber-threats in the two-plus years since former NSA contractor Edward Snowden pilfered and disclosed classified information. The multi-layered capabilities, which include user behavior analytics, now protect a private cloud that provides storage, computing and operational analytics to the intelligence community, CIO Greg Smithberger tells CIO.com.
Greg Smithberger, CIO of the National Security Agency.To read this article in full or to leave a comment, please click here
According to McAfee Labs, attackers are linking stolen personally identifiable information (PII) sets together in Big Data warehouses, making the combined records more valuable to cyber-attackers. The coming year will see the development of an even more robust dark market for stolen PII and usernames and passwords, according to McAfee Labs.A new type of criminal is combining warehousing and selling stolen data including access credentials and PII that are targeted to specific markets, industries, companies, and purposes, according to the McAfee Labs 2016 Threat Predictions and McAfee Labs’ Director of Threat Intelligence, Christian Beek. McAfee has seen the hacker underground and dark markets moving in this direction over the past seven months, Beek asserts.To read this article in full or to leave a comment, please click here
More data breachesImage by Flickr: Chris MarquardtHacking Team, Comcast, Ashley Madison… the list goes on of companies who became just another notch in the belt of cybercriminals. Like in years past, data breaches were top of the list for our year in review story. Here are some stories that made headlines in 2015.To read this article in full or to leave a comment, please click here
Criminals are tapping Web-based services that are advertised as tools to stress test customers’ networks but in actuality they are using them to launch DDoS attacks against victims, according to Akamai.The paid sites can make DDoS attacks a viable option for actors looking to shut down targeted servers, the company says in its “State of the Internet/Security Q3 2015” report. “Many of the sites are simply DDoS-for-hire tools in disguise, relying on the use of reflection attacks to generate their traffic,” the report says.+More on Network World: DARPA scheme would let high-tech systems “see” as never before+To read this article in full or to leave a comment, please click here
Legislation requiring tech companies to report on terrorist activity on their platforms is likely to be revived in the U.S., following concerns about the widespread use of Internet communications by terrorists.A proposed rule that would require companies to report vaguely defined "terrorist activity" on their platforms had been included as section 603 in the Intelligence Authorization Act for Fiscal Year 2016.But Senator Ron Wyden, a Democrat from Oregon, removed a hold on the bill only after the controversial provision was deleted from it.To read this article in full or to leave a comment, please click here
A former Secret Service agent was sentenced Monday to 71 months in prison for stealing bitcoins from vendors on the Silk Road, the now-shuttered underground marketplace he was investigating. Shaun W. Bridges, 33, of Laurel, Maryland, must also forfeit US$650,000, the U.S. Justice Department said.Bridges pleaded guilty on Oct. 31 in the U.S. District Court for the Northern District of California to money laundering and obstruction of justice.He was one of two federal investigators charged with crimes committed during the probe of the Silk Road, which was shut down in October 2013.To read this article in full or to leave a comment, please click here
Hackers based in Iran have been using malware to spy on individuals, including potentially dissidents and activists in the country, according to new research from Symantec.The attacks aren't particularly sophisticated, but the hackers have had access to their targets' computers for more than a year, Symantec said, which means they may have gained access to "an enormous amount of sensitive information."Two groups of hackers, named Cadelle and Chafer, distributed malware that steals information from PCs and servers, including from airlines and telcos in the region, Symantec said.To read this article in full or to leave a comment, please click here
Unintentional interference from radios and space can cause problems for the GPS system, as can intentional jamming and spoofing of signals. But communications companies aren't prepared to protect the GPS system from these threats, according to a 2012 Homeland Security report that was recently released under the Freedom of Information Act, as reported by EE Publishing.The communications sector is "vulnerable to potential long-term GPS disruptions" of a few days or more "that could cause sector-wide service degradations," the report says.Jamming
That Global Positioning Systems are vulnerable to interference and disruptions isn't news. However, the apparent lack of preparedness in civilian systems noted by DHS should be an eye-opener.To read this article in full or to leave a comment, please click here