Archive

Category Archives for "Network World Security"

Encryption project issues first free SSL/TLS certificate

A project that aims to increase the use of encryption by giving away free SSL/TLS certificates has issued its first one, marking the start of its beta program. The project, called Let's Encrypt, is run by the Internet Security Research Group (ISRG) and backed by Mozilla, the Electronic Frontier Foundation (EFF), Cisco and Akamai, among others. Let's Encrypt plans to distribute free SSL/TLS (Secure Socket Layer/Transport Layer Security) certificates, which encrypt data passed between a website and users. The use of SSL/TLS is signified in most browsers by "https" and a padlock appearing in the URL bar.To read this article in full or to leave a comment, please click here

Secunia acquired by Flexera Software

Secunia, the company specializing in software vulnerability management, has been acquired by software asset management company Flexera Software.The pairing of Flexera's asset discovery and management tools with Secunia's software vulnerability platform will give organizations the ability to thoroughly assess the security of applications discovered on the network, said Mark Bishof, Flexera Software's CEO.[ Deep Dive: How to rethink security for the new world of IT. | Discover how to secure your systems with InfoWorld's Security newsletter. ] Flexera's tools, which includes FlexNet Manager Suite and AdminStudio Suite, currently help discover all the hardware and software assets within the organization, how the licenses are used, and how to optimize software use. With the Secunia addition, organizations will be able to scrutinize the discovered applications to uncover unpatched vulnerabilities. This will give IT teams the information they need to update to the latest patch or to create a workaround to temporarily mitigate the issue until a patch is available.To read this article in full or to leave a comment, please click here

Attackers can take over Cisco routers; other routers at risk, too

Attackers have successfully infected Cisco routers with an attack that persists to provide a means for compromising other machines and data on the networks the routers serve, FireEye says.The SYNful Knock attack successfully implanted altered versions of firmware into 14 Cisco routers in India, Mexico, the Philippines and Ukraine, according to FireEye, that gives full access to the devices, and researchers expect compromised machines to show up in more places and in other brands of routers.SYNful Knock downloads software modules to customize further attacks and have been found in in Cisco 1841, 2811 and 3825 routers. It initially requires either physical access to routers or valid passwords; there is no software vulnerability being exploited, FireEye says in a blog post.To read this article in full or to leave a comment, please click here

DomainTools’ Iris interface speeds up cybercrime investigations

Cybercriminals often leave a lot of digital crumbs, and when organizations get attacked, finding those clues can help reveal who is attacking and why.For 15 years, a small company called DomainTools, based in Seattle, has collected vast amounts of information about the Web: historical domain name registrations and network information, all of which are extremely valuable in investigating cyberattacks.Using its tools makes it possible, for example, to see what other websites are using a particular IP address, what email address was used to register them, DNS servers and other information.But DomainTools' Web-based interface wasn't designed in a way that reflected the workflows that investigators follow when probing cyberattacks and the speed at which they need to collate large amounts of information.To read this article in full or to leave a comment, please click here

Attackers install highly persistent malware implants on Cisco routers

Replacing router firmware with poisoned versions is no longer just a theoretical risk. Researchers from Mandiant have detected a real-world attack that has installed rogue firmware on business routers in four countries.The router implant, dubbed SYNful Knock, provides attackers with highly privileged backdoor access to the affected devices and persists even across reboots. This is different than the typical malware found on consumer routers, which gets wiped from memory when the device is restarted.SYNful Knock is a modification of the IOS operating system that runs on professional routers and switches made by Cisco Systems. So far it was found by Mandiant researchers on Cisco 1841, 8211 and 3825 "integrated services routers," which are typically used by businesses in their branch offices or by providers of managed network services.To read this article in full or to leave a comment, please click here

Technology that predicts your next security fail

In 2013, the IRS paid out $5.8 billion in refunds for tax filings it later realized were fraudulent, according to a 2015 report by the Government Accountability Office. This news comes as no surprise to the Kentucky Department of Revenue, which is stepping up its own war against rising fraud cases with predictive analytics.Predictive analytics uses publicly available and privately sourced data to try to determine future actions. By analyzing what has already happened, organizations can detect what is likely to happen before anything affects the security of the organization's physical infrastructure, human capital or intellectual property.To read this article in full or to leave a comment, please click here

White House won’t say if it’s hoping for a cybersecurity deal with China

With the visit of Chinese premier Xi Jinping just a week away, the White House won't say whether one of its goals is to reach an agreement with China over cybersecurity.Hacking has been one of the issues at the forefront of U.S.-China relations over the last couple of years, particularly after the U.S. accused China of hacking into sensitive federal government systems, something that China denies."We've been pretty blunt in describing the concerns that we have with China's behavior in cyberspace," White House press secretary Josh Earnest told reporters on board Air Force One on Monday, according to a pool report.But Earnest wouldn't comment on any measures that might be taken ahead of the visit.To read this article in full or to leave a comment, please click here

Study names the five most hackable vehicles

A study released by a forensic consultancy has singled out the top five vehicles most susceptible to hacking.The results of the study, by PT&C|LWG Forensic Consulting Services, were based on published research by hackers, vehicle recall information and media reports.The most hackable list includes the 2014 Jeep Cherokee, the 2014 Infiniti Q50, the 2015 Cadillac Escalade, the 2010 and 2014 Toyota Prius and the 2014 Ford Fusion.To read this article in full or to leave a comment, please click here

Intel sets up talking shop to improve automotive security

The dramatic hack of a Jeep Cherokee, which resulted in Fiat Chrysler Automobile recalling over one million vehicles, has also prompted Intel to take action.Security researchers Charlie Miller and Chris Valasek remotely hacked their way into the Jeep's Uconnect navigation and entertainment system via its connection to Sprint's wireless network, taking control of it while a reporter for Wired magazine was at the wheel.The hack prompted Fiat Chrysler to issue a recall notice for 1.4 million vehicles in order to patch the software bug exploited by the researchers.To read this article in full or to leave a comment, please click here

Attackers go on malware-free diet

To avoid detection, some hackers are ditching malware and living "off the land" -- using whatever tools are already available in the compromised systems, according to a new report from Dell SecureWorks.In fact, this has been the case for nearly all the intrusions analyzed by the Dell SecureWorks’ Incident Response Team last year.The cyber criminals typically start out with compromised credentials, said Phil Burdette, senior security researcher at Atlanta-based Dell SecureWorks, Inc."For example, they might use phishing attacks," he said. "They'll send an email purporting to be from the IT staff, asking users to log in and test their credentials because the IT staff has just created a new email server. Once a user logs in, those same credentials would then be used to access the company's virtual private network solutions."To read this article in full or to leave a comment, please click here

FDA accepts application for micro-chipped pill that tells doc if you took meds

Some people with schizophrenia might be inclined to believe “they” are watching them, that “they” are tracking them, and ironically now “they” really might be via a “digital” pill that contains an ingestible sensor which gives doctors and caregivers the ability to track if and when a patient takes his medicine.According to an announcement by Otsuka Pharmaceutical and Proteus Digital Health: This is the first time an FDA-approved medication (ABILIFY) has been combined and submitted for approval with a sensor within the medication tablet (the Proteus ingestible sensor) to measure actual medication-taking patterns and physiologic response. This objective information is communicated to the patient – and with the consent of the patient – to the patient’s physician and/or caregiver.To read this article in full or to leave a comment, please click here

Expert mocks ‘expert’ who warns Earthlings to avoid infecting alien computers

I don’t know how I missed this story last week, but I did, and through that inattentiveness I may have inadvertently subjected some innocent alien being’s computer to a virus.How, you ask. I don’t know. And neither does genuine human security expert Graham Cluley, who read about the concerns of an Oxford University researcher and addresses them in this video (which is amusing though longer than it needs to be).To read this article in full or to leave a comment, please click here

Experts to IoT makers: Bake in security

CAMBRIDGE, Mass. -- Makers of Internet of things devices need to incorporate security into them during the design phase to make them less of a threat when connected to networks, according to speakers at an IoT security forum.In addition they need to consider early on what regulations the devices will have to comply with so those requirements can be baked in and not added later when they would be less effective, according to advice delivered at the Security of Things Forum 2015. RSA Conference Josh CormanTo read this article in full or to leave a comment, please click here

REVIEW: Threat Intelligence could turn the tide against cybercriminals

In recent reviews, we looked at the advancements in endpoint security, including new ways companies are employing technology like virtual machines to get a leg up on potential attackers. But despite impressive new defensive technologies, the bad guys still seem to be getting through. According to security engineers we’ve talked with, the problem with network defense these days is two-fold. First, no matter how innovative the defensive technology deployed, it will eventually be breached or circumvented. And because most of the top attackers and groups collaborate, the tools and techniques used to successfully break down defenses are quickly shared.To read this article in full or to leave a comment, please click here(Insider Story)

New products of the week 09.14.15

New products of the weekOur roundup of intriguing new products. Read how to submit an entry to Network World's products of the week slideshow.HiveManager NG Virtual AppliancePricing: HiveManager NG Virtual Appliance requires the purchase of a 1-, 3-, or 5-year support contract, the price of a 1-year support contract is $1,000. Additionally, each managed access point requires a perpetual license at $80 per access point and a 1-, 3-, or 5-year support contract per access point.To read this article in full or to leave a comment, please click here

Researcher reveals remotely exploitable flaw in world’s most widely-used real-time OS

A security researcher discovered a serious yet simple flaw in VxWorks, a real-time operating system for the Internet of Things, which an attacker could remotely exploit without needing any interaction with a user. The OS is used in everyday things like network routers to critical infrastructure as well in NASA’s Curiosity Rover on Mars and Boeing 787 Dreamliners.Searching for VxWorks via Shodan reveals about 100,000 internet-connected devices running the OS, but VxWorks supposedly powers “billions of intelligent devices.” The researcher warned that the vulnerability “allows remote code execution on most VxWorks-based devices.”To read this article in full or to leave a comment, please click here

Grab your new credit card and get ready to dip your chip

This column is available in a weekly newsletter called IT Best Practices.  Click here to subscribe.  If you live in the United States and you have a credit card, chances are high your bank recently sent you a new card with an embedded smart chip. Banks and other card issuers are scurrying to put chip-enabled credit cards in their customers' hands. Debits cards, too. These cards are critical for a new security system for card-based payments that will go into effect in the U.S. soon.In the lingo of the payments industry, the new cards are called EMV cards. EMV is an open set of specifications for smart cards and other acceptance devices such as smart phones and fobs. EMV stands for Europay, MasterCard and Visa, which are the three companies that developed the standard in 1994. Today the EMV standard is managed by EMVCo LLC, which has six member organizations – American Express, Discover, JCB, MasterCard, UnionPay and Visa – and dozens of EMVCo associates. EMVCo makes decisions on a consensus basis to assure card infrastructure uniformity throughout the world.To read this article in full or to leave a comment, please click here

Even the FBI is worried about Internet of Things security

Dave Newman Amidst all the excitement about the possible benefits of the Internet of Things, a slew of warnings have been sounded by IT pros, vendors and analysts about looming security threats. Now you can add the FBI to that list of those cautioning enthusiasts.The Bureau this week issued a public service announcement regarding cybercrime opportunities posed by the connecting of all sorts of data-enabled devices, from medical gear to entertainment gadgets, to the Internet.To read this article in full or to leave a comment, please click here

Website hackers hijack Google webmaster tools to prolong infections

Hackers who compromise websites are also increasingly verifying themselves as the owners of those properties in Google's Search Console. Under certain circumstances this could allow them to remain undetected longer than they otherwise would be, researchers warn.The Google Search Console, formerly known as the Google Webmaster Tools, is a very useful service for administrators to understand how their websites perform in search results.In addition to providing analytics about search queries and traffic, it also allows webmasters to submit new content for crawling and to receive alerts when Google detects malware or spam issues on their websites.To read this article in full or to leave a comment, please click here

Challenges around Operationalizing Threat Intelligence

When it comes to threat intelligence, there seem to be two primary focus areas in play:  The threat intelligence data itself and the legislative rhetoric around threat intelligence sharing (i.e. CISA, CISPA, etc.).  What’s missing?  The answer to a basic question:  How do organizations get actual value out of threat intelligence data and threat intelligence sharing in a meaningful way?As it turns out, the answer to this question isn’t obvious and many enterprises continue to struggle as they seek to “operationalize” threat intelligence.  In a recently published ESG research report titled, Threat Intelligence and Its Role Within Enterprise Cybersecurity Practices, ESG surveyed 304 cybersecurity professionals working at enterprise organizations (i.e. more than 1,000 employees), and asked them to rate themselves in terms of their ability to operationalize threat intelligence (note: I am an ESG employee).  The data indicates that:To read this article in full or to leave a comment, please click here