Sophos this week rolled out a firewall/end point security package with an eye toward more quickly helping IT detect threats and autonomously isolate infected devices.The key to the company’s security protection package is Sophos Security Heartbeat endpoint software and the firm’s new XG Firewall family.+More on Network World: Review: Stop insider attacks with these 6 powerful tools+According to Dan Schiappa, senior vice president of the end user security group at Sophos, Security Heartbeat sends continuous, real-time health information about the end point. If suspicious traffic is identified by the firewall, or malware is detected on the endpoint, security and threat information -- such as the MAC address, computer name, username and process information associated with the threat -- is instantly shared securely via between endpoints and the XG firewall.To read this article in full or to leave a comment, please click here
In a single year, a cyberespionage group with possible ties to the Iranian government has targeted over 1,600 defense officials, diplomats, researchers, human rights activists, journalists and other high-profile individuals around the world.The group, known as Rocket Kitten, has been active since early 2014 and its attacks have been analyzed by various security vendors. However, a major breakthrough in the investigation came recently when researchers from Check Point Software Technologies obtained access to the command-and-control servers used by the attackers.Compared to other cyberespionage groups, Rocket Kitten is not very sophisticated, but it is persistent. It makes extensive use of social engineering through spear-phishing attacks that infect victims with custom-written malware, the Check Point researchers said in a report published Monday.To read this article in full or to leave a comment, please click here
As if you need more reasons to hate Adobe Flash, it’s unsurprisingly a favorite among cyber criminals to roll into exploit kits. The most popular exploit kit right now is Angler, which has been around since 2013, but it is still “regularly tied to malware including Cryptolocker.”According to a new report by Recorded Future, eight of the top 10 vulnerabilities used by exploit kits target Adobe Flash Player. The remaining two non-Flash flaws favored in the crimeware as a service (CaaS) ecosystem were in Microsoft Internet Explorer versions 10 and 11 and other “Microsoft products including Silverlight.”To read this article in full or to leave a comment, please click here
Ransomware authors continue their hunt for new sources of income. After targeting consumer and then business computers, they've now expanded their attacks to Web servers.Malware researchers from Russian antivirus vendor Doctor Web have recently discovered a new malware program for Linux-based systems that they've dubbed Linux.Encoder.1.Once run on a system with administrator privileges it starts traversing the whole file system and encrypting files in specific directories, including the user's home directory, the MySQL server directory, the logs directory and the Web directories of the Apache and Nginx Web servers.To read this article in full or to leave a comment, please click here
Phishing emails have been the scourge of the computer world for decades, defeating even our best efforts to combat them. Most of us can easily spot them by their subject lines and delete without even opening. If we’re not entirely sure and end up opening them, we can immediately identify a phishing attempt by its overly formal greetings, foreign origins, misspellings, and overly solicitous efforts to send us millions of unearned dollars or to sell us dubious products. Most of the time, phishing attempts are a minor menace we solve with a Delete key.Enter spearphishing: a targeted approach to phishing that is proving nefariously effective, even against the most seasoned security pros. Why? Because they are crafted by thoughtful professionals who seem to know your business, your current projects, your interests. They don’t tip their hand by trying to sell you anything or claiming to have money to give away. In fact, today’s spearphishing attempts have far more sinister goals than simple financial theft.To read this article in full or to leave a comment, please click here
Over the weekend, a reader (@flanvel) directed Salted Hash to a post on a Dark Web marketplace selling a number of questionable, if not outright illegal goods. The post in question offered a list of 590,000 Comcast email addresses and corresponding passwords.As proof, the seller offered a brief list of 112 accounts with a going rate of $300 USD for 100,000 accounts. However, one wished to purchase the entire list of 590,000 accounts, the final price was $1,000 USD.Saturday evening, Salted Hash contacted Comcast about the account list being sold online. By the time our message reached them, Comcast had already obtained a copy of the list and their security team was checking each record against the ISP's current customer base.To read this article in full or to leave a comment, please click here
From Target to TalkTalk to whoever gets breached next week, the litany of companies that have lost customer data should be making businesses rethink not just how they protect customer information and accounts, but whether they want to be running customer and consumer identity services themselves.Despite the fact that attacks are routine, user identity details are often poorly protected. A quick glance at Stack Exchange reveals a worrying number of developers who don’t know how to handle encryption or store usernames and passwords securely. Many companies have support practices that put customer data at risk, from technical mistakes like cross-site scripting vulnerabilities or serving login pages insecurely, to poor architectural decisions like blocking password managers or handling password resets badly, including emailing plain text passwords. The Plain Text Offenders site and security expert Troy Hunt both collect examples, many of them from household names.To read this article in full or to leave a comment, please click here
Adobe Systems' Flash plugin gets no love from anyone in the security field these days. A new study released Monday shows just how much it is favored by cybercriminals to sneak their malware onto computers.
It looked at more than 100 exploit kits, which are frameworks planted in Web pages that automatically probe for software vulnerabilities when a user browses to a page.
Those who develop exploit kits are often hired by others to help distribute specific kinds of malware.
Of the top 10 vulnerabilities found in the exploit kits, eight of them were targeted at Adobe's Flash plugin, used on millions of computers to play multimedia content, according to Recorded Future, a cybersecurity intelligence firm based in Somerville, Massachusetts.To read this article in full or to leave a comment, please click here
New products of the weekOur roundup of intriguing new products. Read how to submit an entry to Network World's products of the week slideshow.Okta Mobility ManagementKey features: Updates include support for Android for Work, PCs, OS X, as well as private app store capabilities and a Safari iOS extension. More info.To read this article in full or to leave a comment, please click here
Privileged Identity Management is based on the idea that a common element of most advanced threats involves obtaining the credentials of an administrator, super-user or even a program with local admin rights. Armed with those credentials, the attacker can turn internal systems against themselves, rewrite security policies and remain undetected.Privileged Identity Management tools lock down those special user credentials so that even successful breaches are only done against low-level endpoints that can’t do much harm. Should attackers on a compromised system attempt to elevate those privileges, not only will they be quickly detected, but any process that attempts to run will be blocked.To read this article in full or to leave a comment, please click here(Insider Story)
ID managementPrivileged Identity Management is based on a common link in the chain of almost every advanced threat: obtaining the credentials of an administrator, super-user or even a program with local admin rights. PIM tools lock down those special user credentials. Some PIM systems concentrate on auditing or anomaly detection so that even trusted insiders who have gone turncoat can be caught. Others look at the password aspect of identity management, cycling impossibly long randomized passwords. Some concentrate on Linux environments, while others are Windows-based. Almost all PIM tools embrace the concept of least-privilege, giving users only the level of access and privilege that they need to run a specific command. Read the full review.To read this article in full or to leave a comment, please click here
The most serious software flaws ever have been found in SAP's HANA platform, the in-memory database platform that underpins many of the German company's products used by large companies.Eight of the flaws are ranked critical, the highest severity rating, since attackers could use them to delete data, steal customer information and financial statements or change product pricing data."We found lot of stuff under the carpet," said Mariano Nunez, CEO of Onapsis, a Boston-based security company that focuses on protecting SAP systems.What is remarkable is that several of the 21 vulnerabilities found by Onapsis were remotely exploitable, meaning an attacker could gain access to HANA from afar over the Internet. To read this article in full or to leave a comment, please click here
EMC and Hartford Hospital have agreed to pay US$90,000 to Connecticut in connection with the loss in 2012 of an unencrypted laptop containing patient information of 8,883 residents of the state, according to the state's attorney general.The laptop was stolen from the home of an employee of EMC and was never later recovered, according to an "Assurance of Voluntary Compliance" signed by EMC and the hospital with Attorney General George Jepsen.EMC had been hired as a contractor to the hospital to assist it on a quality improvement project relating to analyzing patient data. The employee had been employed by a company that was acquired by EMC and received the laptop that was stolen from that company.To read this article in full or to leave a comment, please click here
A group of teenage hackers going by the name of “Crackas With Attitude” (CWA) are on a rampage, breaking into federal systems to embarrass the U.S. government.After gaining access to the personal AOL email account of CIA Director John Brennan last month, the teenagers reportedly broke into the Comcast email account of FBI Deputy Director Mark Giuliana’s wife, dumped personal details of thousands of government employees and then claimed to have gained access to the national Joint Automated Booking System, JABS, a database of arrest records, the FBI’s Internet Crime Complaint Center and the FBI’s Virtual Command Center.To read this article in full or to leave a comment, please click here
A group of teenage hackers going by the name of “Crackas With Attitude” (CWA) are on a rampage, breaking into federal systems to embarrass the U.S. government.After gaining access to the personal AOL email account of CIA Director John Brennan last month, the teenagers reportedly broke into the Comcast email account of FBI Deputy Director Mark Giuliana’s wife, dumped personal details of thousands of government employees and then claimed to have gained access to the national Joint Automated Booking System, JABS, a database of arrest records, the FBI’s Internet Crime Complaint Center and the FBI’s Virtual Command Center.To read this article in full or to leave a comment, please click here
Of all of the things that you might think of upgrading as you move into home or premises automation your doorbell may not immediately spring to mind. When it comes to entryway monitoring and security, the solution is usually to use a camera and sometimes a wireless doorbell. A company called, appropriately, Ring, has come out with a solution called, also appropriately, Ring. The Ring is a wireless device with a built in wide angle 720p HD camera, microphone, speaker, and pushbutton. The device communicates over your WI-Fi network (2.4 gHz 802.11 b/g/n with WPA2, WPA or 64-bit WEP) to Ring’s cloud services which allows you, on your iOS, Android, or Windows 10 device, to see and talk to whoever is outside your door from wherever you are as well as make a video record of activity. To read this article in full or to leave a comment, please click here
Google has updated Google Play Services. Users will notice changes from these updates in their apps quickly. For most Android users, Play Services remains out of sight and under the hood, serving apps with application programming interfaces (API), OAuth 2.0 identity services, security, malware scanning, and other mobile services.With the release of Google Play 8.3, Google has changed the sign-in button to make it work more like Chrome's web sign-in. When a new app that uses this updated Play Services release is downloaded, the developer can present the new branded sign-in button: Google
This is a big interaction fix for users who previously had to select from multiple accounts, create new profiles, and grant user permissions just to sign into an app. It wouldn't be noticeable except for all the streamlined web sign-ins available, such as Google, Facebook, and Twitter, that reduce sign-in to a click. Now Android sign in to apps is reduced to a tap.To read this article in full or to leave a comment, please click here
If you're trying to bar the door to malware infections, automated application whitelisting is a tactic that the U.S. National Institute of Standards and Technology thinks you should try -- and the agency wants to help you implement it in an effective way.The Department of Commerce agency, which is tasked with developing standards and recommendations including in the area of IT security, has published a guide to application whitelisting that explains the technology in detail and offers practical advice for how it should be used.For one, before looking at third-party products, organizations should consider using the application whitelisting mechanisms included in the operating systems they use on their desktops, laptops and servers. The reason is that they're easier to use, can be centrally managed and their use keeps additional costs minimal.To read this article in full or to leave a comment, please click here
This column is available in a weekly newsletter called IT Best Practices. Click here to subscribe. As a security technology that obfuscates clear text data, tokenization is the red-headed stepchild compared to encryption. That's changing, however, as tokenization has a key role in enabling mobile payment systems such as Apple Pay, Samsung Pay and Android Pay. If you use any of these smartphone-based payment applications, tokenization is already at work for you.Unless you're in the payments industry, you might not even know what tokenization is, or how it can protect sensitive data. Yes, there are uses for the technology beyond securing payment data. I'll talk use cases in a minute, but first let me explain what tokenization is.To read this article in full or to leave a comment, please click here
In light of Android's mediaserver issues, Google’s latest Android security update focused on flaws related to the operating system's treatment of media files. Android’s current flaws are similar to problems that cropped up with Windows more than a decade ago.Google addressed seven vulnerabilities as part of this month’s Android security update, released this week. Of the critical vulnerabilities, one was in the libutils component (CVE-2015-6609) near where Stagefright flaws were found over the summer, and the other was in the Android mediaserver component (CVE-2015-6609). They were rated as critical, as they could allow remote code execution when handling malformed media files.To read this article in full or to leave a comment, please click here