Attackers have installed malicious firmware on nearly 200 Cisco routers used by businesses from over 30 countries, according to Internet scans performed by cybercrime fighters at the Shadowserver Foundation.
Last Tuesday, FireEye subsidiary Mandiant warned about new attacks that replace the firmware on integrated services routers from Cisco Systems. The rogue firmware provides attackers with persistent backdoor access and the ability to install custom malware modules.
At the time Mandiant said that it had found 14 routers infected with the backdoor, dubbed SYNful Knock, in four countries: Mexico, Ukraine, India and the Philippines. The affected models were Cisco 1841, 2811 and 3825, which are no longer being sold by the networking vendor.To read this article in full or to leave a comment, please click here
Apple's iOS 9 has several features meant to increase its strong enterprise-grade security. But it also breaks a key security method: VPN connections to some corporate servers. As a result, users won't be able to access some servers over some VPN connections -- but they'll be able to access other servers with no problem.
The bug appeared in iOS 9's beta. It was not fixed in the final version of iOS 9, and it is not fixed in the current beta of iOS 9.1.[ InfoWorld's Mobile Security Deep Dive. Download it today in your choice of PDF or ePub editions! | Keep up on key mobile developments and insights with the Mobile Tech Report newsletter. ]
Here's what Cisco has reported about the bug:To read this article in full or to leave a comment, please click here
New products of the weekOur roundup of intriguing new products. Read how to submit an entry to Network World's products of the week slideshow.Live Segments Key features: improves the process for both segmenting large promotional email lists and implementing behavioral data to create personalized communications, while automating the labor intensive processes around segmentation, data analysis and product recommendations. More info.To read this article in full or to leave a comment, please click here
India's government is trying to ensure that its law enforcement agencies have easy access to encrypted information, but it could be compromising security and privacy in the process.
A draft policy on encryption issued by the Indian government aims to keep a check on the use of the technology by specifying the algorithms and the length of the encryption keys used by different categories of people.
Consumers will also be required to store the plain texts of encrypted information for 90 days from the date of a transaction and provide the text to agencies when required under the laws of the country.To read this article in full or to leave a comment, please click here
Apple has brought down a large number of apps from its store after it was found that around 40 iOS apps had been infected by a modified version of the company's software for developers.Christine Monaghan, an Apple spokeswoman, told news outlets that the company removed apps from the App Store that it knows have been created with the counterfeit software, to protect its customers.Palo Alto Networks reported last week that a new malware, called XcodeGhost, modified the Xcode integrated development environment for building apps for the Mac, iPhone and iPad.To read this article in full or to leave a comment, please click here
Numerous federal agencies rely on legacy systems that have security bolted on as an afterthought instead of security “being deeply embedded” in the systems. It is unsurprising that such older hardware, software and operating systems are vulnerable to intrusions. But sometimes security problems have more to do with human vulnerabilities – stupid PEBKAC and ID10T errors committed by the person behind the keyboard – than legacy systems. If the same people who handle sensitive government information also keep falling for phishing scams, should they have their security clearance revoked? Indeed they should, according to DHS chief security officer Paul Beckman.To read this article in full or to leave a comment, please click here
As the old cybersecurity adage states, ‘the cybersecurity chain is only as strong as its weakest link.’ Smart CISOs also understand that the proverbial weak link may actually be out of their control. U.S. retailer Target certainly experienced this lack of cybersecurity control in 2013. The now infamous Target data breach that exposed the personal information of 110 million people began with a spear phishing attack on one of the company’s HVAC contractors, Fazio Mechanical of Sharpsburg, PA. Cyber-criminals compromised a Fazio Mechanical system, gained credentialed access to Target, and proceeded to wreak havoc on Target’s data, customers, and reputation.To read this article in full or to leave a comment, please click here
Security expert Brian Krebs, who has made a specialty of exposing ATM scams over the years, has a doozy of a three-part series this week uncovering a widespread scheme in Mexico based on sophisticated Bluetooth technology and old-fashioned cash bribes.In part one, Krebs describes being tipped off by an employee of a Mexican ATM company, explains how the scam works – bribe-enabled physical access to the machines is key -- and embarks on a trip to Cancun to attempt to gauge the scope of the illegal operation first-hand.Part two reads like a detective novel as Krebs moves about Mexican tourist establishments checking for a telltale Bluetooth signal emanating from ATMs. He has no trouble finding them.To read this article in full or to leave a comment, please click here
Speakers at the DARPA Wait What? Future Technology Forum discuss their concerns with artificial intelligence - software bugs and other security issues top the list, rather than AI robots becoming sentient and taking over the world.
Microsoft added two game-changing security features for enterprise users in Windows 10, but until recently, the company has been relatively quiet about them.So far the buzz has mainly been about Windows Hello, which supports face and fingerprint recognition. But Device Guard and Credential Guard are the two standout security features of Windows 10 -- they protect the core kernel from malware and prevent attackers from remotely taking control of the machine. Device Guard and Credential Guard are intended for business systems and are available only in Windows 10 Enterprise and Windows 10 Education.To read this article in full or to leave a comment, please click here
When businesses are hit by noticeable distributed denial-of-service attacks, three-quarters of the time those attacks are accompanied by another security incident, according to Kaspersky Lab.Those other attacks may or may not originate from the same party, but they can go undetected if IT staff is totally focused on defending against the DDoS, says Evgeny Vigovsky, head of Kaspersky DDoS Protection.“In many cases, it may be a coordinated effort, but even if these attacks originate from different sources, IT staff have to allocate resources to solve two problems at the same time, under a lot of stress,” Vigovsky says. Kaspersky polled top managers and IT pros at 5,500 companies in 26 countries about their experiences with DDoS attacks.To read this article in full or to leave a comment, please click here
25 years oldEach year since 1991, Improbable Research has highlighted a handful of real researchers whose work might seem goofy on the surface, but often has serious implications. The Ig Nobel prizes are awarded annually at a ceremony at Harvard University shortly before the Nobel prizes are announced. Here’s a look at a winner from each of the past 24 years, with the 2015 prize winners being announced tonight.To read this article in full or to leave a comment, please click here
Online poker malware lets players cheat by getting a peek at cards held by opponents whose machines have been infected.The Trojan, called Win32/Spy.Odlanor, is typically downloaded by victims because it is disguised as installers or resources such as poker databases and poker calculators, according to the ESET WeLiveSecurity blog.“In other cases, it was loaded onto the victim’s system through various poker-related programs … such as Tournament Shark, Poker Calculator Pro, Smart Buddy, Poker Office, and others,” the blog says.Once installed it grabs screenshots of the PokerStars and Full Tilt Poker clients, letting the attackers see what cards the victim holds. In order to carry out the scam, the cheaters have to find and join the table at which the infected machine is playing.To read this article in full or to leave a comment, please click here
Making encryption backdoors available to law enforcement would be bad for cybersecurity in general and hurt vendors that make encryption gear, a presidential advisory group says.While the FBI argues that it needs legislation to require access points into encryption platforms, the National Security Council is preparing to tell President Obama that the downsides include weakening the privacy of Internet communications, according to a draft NSC report obtained by the Washington Post.“[B]ecause any access point to encrypted data increases risk, if government efforts to secure access are successful, this approach would reduce cybersecurity,” the document says.To read this article in full or to leave a comment, please click here
Presidential raceImage by ReutersA recent poll by Wakefield Research delved into the psyche of the American voter asking them many questions about who will lead them through cyberspace the next four years. According to the survey, which was sponsored by PKWARE, the majority (64 percent) of registered U.S. voters believe it is likely that a 2016 presidential campaign will be hacked.To read this article in full or to leave a comment, please click here
Spyware, malware, phishing and, more recently, ransomware -- the list of online threats can be confusing and daunting. Knowing what you’re up against is half the battle. Each of these types of attacks have specific characteristics:Spyware – software that collects information about you or your computer without your knowledge.Malware – a broad category of software (including viruses, worms, Trojan horses, etc.) that damages your computer, in either a minor or major way.Phishing – an attempt to get your personal information (usernames, passwords, credit card numbers and), usually for nefarious reasons. Usually accomplished by electronic communication (e.g., email), but also by "social engineering" (tricking people into abandoning standard security protocol).To read this article in full or to leave a comment, please click here
Federal consumer-protection authorities have called on the entrepreneurs building tech startups to prioritize cybersecurity from the earliest stages of the development process.[ Related: Tech startups need to get serious about security ]But a variety of factors -- cost, lack of technical expertise, rush to market, etc. -- can make security seem like more of a burden or an impediment to the startup's growth than anything else.To read this article in full or to leave a comment, please click here
There's a new botnet malware on the loose, called Corebot, that researchers believe has the potential to develop into a significant threat.The malware was first spotted by IBM Security X-Force, and Damballa followed up with a deep dive into how the malware works, and what else the malware's author is working on.The malware itself is particularly clever, said Loucif Kharouni, senior threat researcher at Damballa, in that it is written from scratch to be modular, making it easy for the author to add plugins to do specific tasks.MORE ON CSO: How to spot a phishing email
"Most malware is based on older malware, on Zeus code for example," he said. "This one looks like it was built new, from scratch."To read this article in full or to leave a comment, please click here
The SYNful Knock compromise of routers can implant software that creates backdoors to let attackers return over and over, a sophisticated endeavor that demonstrates the ingenuity of its creators, according to a member of the team that discovered the attack in the wild.The software has features that enable it to stay hidden within networks so it can be updated and new attack modules can be downloaded for long periods of time, according to FireEye researchers.“The impressive portion of the attack is the implant and not the delivery,” says Tony Lee, technical director at FireEye. “This sort of implant would take significant skills to produce and go undetected for so long.”To read this article in full or to leave a comment, please click here
Curious if the NSA has ever spied on you? Privacy International launched a site so you can find out if Britain’s GCHQ spied on you; put another way, GCHQ can access NSA data so if the NSA gobbled up your communications, then this is how you can find out and get that digital dirt destroyed.Privacy International wrote:
Have you ever made a phone call, sent an email, or, you know, used the internet? Of course you have!Chances are, at some point over the past decade, your communications were swept up by the U.S. National Security Agency's mass surveillance program and passed onto Britain's intelligence agency GCHQ. A recent court ruling found that this sharing was unlawful but no one could find out if their records were collected and then illegally shared between these two agencies… until now!To read this article in full or to leave a comment, please click here