Archive

Category Archives for "Network World Security"

VMware spends $4.2B to grab Pivotal, Carbon Black to secure, develop integrated cloud world

All things cloud are major topics of conversation at the VMworld user conference next week, ratcheded up a notch by VMware's $4.2 billion plans to acquire cloud development firm Pivotal and security provider Carbon Black.VMware said during its quarterly financial call this week it would spend about $2.7 billion on Pivotal and its Cloud Foundry hybrid cloud development technology, and about $2.1 billion for the security technology of Carbon Black, which includes its Predictive Security Cloud and other endpoint-security software.[ Check out What is hybrid cloud computing and learn what you need to know about multi-cloud. | Get regularly scheduled insights by signing up for Network World newsletters. ] VMware has deep relationships with both companies. Carbon Black technology is part of VMware’s AppDefense endpoint security. Pivotal has a deeper relationship in that VMware and Dell, VMware’s parent company, spun out Pivotal in 2013.To read this article in full, please click here

Texas ransomware attacks: to pay or not to pay? | TECH(feed)

Nearly two dozen cities in Texas have been hit by a ransomware attack executed by a single threat actor. These attacks beg the question: Is it ever worth it to pay a cyber attacker’s ransom? In this episode of TECH(feed), Juliet discusses the pattern of ransomware attacks on local governments, how municipalities have responded and how to prevent a ransomware attack in the first place.

Don’t worry about shadow IT. Shadow IoT is much worse.

For years, IT departments have been railing about the dangers of shadow IT and bring-your-own-device. The worry is that these unauthorized practices bring risks to corporate systems, introducing new vulnerabilities and increasing the attack surface.That may be true, but it’s not the whole story. As I’ve long argued, shadow IT may increase risks, but it can also cut costs, boost productivity and speed innovation. That’s why users are often so eager to circumvent what they see as slow and conservative IT departments by adopting increasingly powerful and affordable consumer and cloud-based alternatives, with or without the blessing of the powers that be. Just as important, there’s plenty of evidence of that enlightened IT departments should work to leverage those new approaches to serve their internal customers in a more agile manner.To read this article in full, please click here

Cisco: 6 critical security alarms for UCS software, small-biz routers

Cisco today warned its Unified Computing System (UCS) customers about four critical fixes they need to make to stop nefarious agents from taking over or attacking their systems.The problems all have a severity rating of 9.8 out of 10 on the Common Vulnerability Scoring System (CVSS).The critical bugs are found in the Cisco UCS Director and UCS Director Express for Big Data packages.To read this article in full, please click here

Get ready for the convergence of IT and OT networking and security

Most IT networking professionals are so busy with their day-to-day responsibilities that they don’t have time to consider taking on more work. But for companies with an industrial component, there’s an elephant in the room that is clamoring for attention. I’m talking about the increasingly common convergence of IT and operational technology (OT) networking and security.Traditionally, IT and OT have had very separate roles in an organization. IT is typically tasked with moving data between computers and humans, whereas OT is tasked with moving data between “things,” such as sensors, actuators, smart machines, and other devices to enhance manufacturing and industrial processes. Not only were the roles for IT and OT completely separate, but their technologies and networks were, too.To read this article in full, please click here

How SD-Branch addresses today’s network security concerns

Secure software-defined WAN (SD-WAN) has become one of the hottest new technologies, with some reports claiming that 85% of companies are actively considering SD-WAN to improve cloud-based application performance, replace expensive and inflexible fixed WAN connections, and increase security.But now the industry is shifting to software-defined branch (SD-Branch), which is broader than SD-WAN but introduced several new things for organizations to consider, including better security for new digital technologies. To understand what's required in this new solution set, I recently sat down with John Maddison, Fortinet’s executive vice president of products and solutions.To read this article in full, please click here

Microsoft finds Russia-backed attacks that exploit IoT devices

The STRONTIUM hacking group, which has been strongly linked by security researchers to Russia’s GRU military intelligence agency, was responsible for an IoT-based attack on unnamed Microsoft customers, according to the company. a blog post from the company’s security response center issued Monday.Microsoft said in a blog that the attack, which it discovered in April, targeted three specific IoT devices – a VoIP phone, a video decoder and a printer (the company declined to specify the brands) – and used them to gain access to unspecified corporate networks. Two of the devices were compromised because nobody had changed the manufacturer’s default password, and the other one hadn’t had the latest security patch applied.To read this article in full, please click here

Is your enterprise software committing security malpractice?

Back when this blog was dedicated to all things Microsoft I routinely railed against the spying aspects of Windows 10. Well, apparently that’s nothing compared to what enterprise security, analytics, and hardware management tools are doing.An analytics firm called ExtraHop examined the networks of its customers and found that their security and analytic software was quietly uploading information to servers outside of the customer's network. The company issued a report and warning last week.ExtraHop deliberately chose not to name names in its four examples of enterprise security tools that were sending out data without warning the customer or user. A spokesperson for the company told me via email, “ExtraHop wants the focus of the report to be the trend, which we have observed on multiple occasions and find alarming. Focusing on a specific group would detract from the broader point that this important issue requires more attention from enterprises.”To read this article in full, please click here

Cisco pays $8.6M to settle security-software whistleblower lawsuit

Cisco has agreed to pay $8.6 million to settle claims it sold video security software that had a vulnerability that could have opened federal, state and local government agencies to hackers.Under terms of the settlement Cisco will pay $2.6 million to the federal government and up to $6 million to 15 states, certain cities and other entities that purchased the product. The states that settled with Cisco are California, Delaware, Florida, Hawaii, Illinois, Indiana, Minnesota, Nevada, New Jersey, New Mexico, New York, North Carolina, Tennessee, Massachusetts and Virginia.RELATED: A conversation with a white hat hacker According to Cisco, the software, which was sold between 2008 and 2014 was created by Broadware, a company Cisco bought in 2007 for its surveillance video technology and ultimately named it Video Surveillance Manager.To read this article in full, please click here

The latest large-scale data breach: Capital One | TECH(feed)

Just a few days after Equifax settled with the FTC over its 2017 data breach, Capital One announced it was the target of a March attack. Identifying information and bank account numbers are among some of the data breached in the attack that affects 100 million people. A software engineer is behind the attack and is awaiting a hearing. In this episode of TECH(feed), Juliet discusses the consequences of the attack and how to find out if you've been affected.

Remote code execution is possible by exploiting flaws in Vxworks

Eleven zero-day vulnerabilities in WindRiver’s VxWorks, a real-time operating system in use across an advertised 2 billion connected devices have been discovered by network security vendor Armis.Six of the vulnerabilities could enable remote attackers to access unpatched systems without any user interaction, even through a firewall according to Armis. About IoT: What is the IoT? How the internet of things works What is edge computing and how it’s changing the network Most powerful Internet of Things companies 10 Hot IoT startups to watch The 6 ways to make money in IoT What is digital twin technology? [and why it matters] Blockchain, service-centric networking key to IoT success Getting grounded in IoT networking and security Building IoT-ready networks must become a priority What is the Industrial IoT? [And why the stakes are so high] The vulnerabilities affect all devices running VxWorks version 6.5 and later with the exception of VxWorks 7, issued July 19, which patches the flaws. That means the attack windows may have been open for more than 13 years.To read this article in full, please click here

Reports: As the IoT grows, so do its threats to DNS

The internet of things is shaping up to be a more significant threat to the Domain Name System through larger IoT botnets, unintentional adverse effects of IoT-software updates and the continuing development of bot-herding software.The Internet Corporation for Assigned Names and Numbers (ICANN) and IBM’s X-Force security researchers have recently issued reports outlining the interplay between DNS and IoT that includes warnings about the pressure IoT botnets will put on the availability of DNS systems.More about DNS: DNS in the cloud: Why and why not DNS over HTTPS seeks to make internet use more private How to protect your infrastructure from DNS cache poisoning ICANN housecleaning revokes old DNS security key ICANN’s Security and Stability Advisory Committee (SSAC) wrote in a report that “a significant number of IoT devices will likely be IP enabled and will use the DNS to locate the remote services they require to perform their functions. As a result, the DNS will continue to play the same crucial role for the IoT that it has for traditional applications that enable human users to interact with services and content,” ICANN stated. “The  role of  the  DNS  might  become  even  more  crucial  from  a  security  and  stability Continue reading

When it comes to the IoT, Wi-Fi has the best security

When it comes to connecting internet of things (IoT) devices, there is a wide variety of networks to choose from, each with its own set of capabilities, advantages and disadvantages, and ideal use cases. Good ol’ Wi-Fi is often seen as a default networking choice, available in many places, but of limited range and not particularly suited for IoT implementations.According to Aerohive Networks, however, Wi-Fi is “evolving to help IT address security complexities and challenges associated with IoT devices.” Aerohive sells cloud-managed networking solutions and was acquired recently by software-defined networking company Extreme Networks for some $272 million. And Aerohive's director of product marketing, Mathew Edwards, told me via email that Wi-Fi brings a number of security advantages compared to other IoT networking choices.To read this article in full, please click here

1 25 26 27 28 29 319