Archive

Category Archives for "Network World Security"

The Upload: Your tech news briefing for Thursday, July 16

Qualcomm hit with antitrust probe in EuropeQualcomm is under investigation by the European Union’s antitrust authority, which suspects the company of abusing its dominant position in the market for 3G and 4G chipsets used in smartphones and tablets. The company settled similar charges in China earlier this year. In this case, the European Commission is looking into whether the company broke antitrust rules by offering financial incentives to phone manufacturers if they made it their primary chipset supplier, and whether it sold below cost to force competitors out of the market.To read this article in full or to leave a comment, please click here

EU air passenger data retention system ready for take-off, says Parliament

Air passengers entering or leaving the European Union could soon have their personal details stored and shared among EU countries, after lawmakers voted Wednesday to move forward with the proposal.The creation of the passenger name record (PNR) system, recording such details as who flew where, when, and how they booked, is intended to help law enforcers fight terrorism and serious crime, but civil rights groups say it is disproportionate and undermines fundamental privacy rights.The European Parliament’s Civil Liberties, Justice and Home Affairs Committee (LIBE) quickly dealt with almost 900 amendments filed on the proposal, including two calling for its outright rejection, before agreeing to enter negotiations on a final text with the European Commission and the Council of the EU, composed of representatives of national governments.To read this article in full or to leave a comment, please click here

Darkode computer hacking forum shuts after investigation spanning 20 countries

Law enforcement agencies from 20 countries working together have shut down a major computer hacking forum, and U.S. officials have filed criminal charges against a dozen people associated with the website, the U.S. Department of Justice announced.Darkode.com on Wednesday displayed a message saying the site and domain had been seized by the FBI and other law enforcement agencies.Darkode, a password-protected online forum for criminal hackers, represented one of the gravest threats to the integrity of data on computers across the world, according to David Hickton, U.S. attorney for the Western District of Pennsylvania. “Through this operation, we have dismantled a cyber hornets’ nest of criminal hackers which was believed by many, including the hackers themselves, to be impenetrable.”To read this article in full or to leave a comment, please click here

FBI, international law units smash infamous hacker bazaar Darkode

The FBI in concert with Interpol and other worldwide law enforcement teams say they have taken down the international cybercriminal site marketplace Darkode and arrested 70 people involved with the site. Darkode was an online, password-protected forum in which hackers and other cyber-criminals convened to buy, sell, trade and share malware, ransomware, information, ideas, and tools to facilitate unlawful intrusions on others’ computers and electronic devices, the FBI said. +More on Network World: GAO: Early look at fed’s “Einstein 3” security weapon finds challenges+To read this article in full or to leave a comment, please click here

Why you need to care more about DNS

When you say Domain Name System (DNS), you might think, naturally enough, of domain names and the technical details of running your Internet connection. You might be concerned about denial of service attacks on your website, or someone hijacking and defacing it.While those certainly matter, DNS isn't just for looking up Web URLs any more; it's used by software to check licences, by video services to get around firewalls and, all too often, by hackers stealing data out from your business. Plus, your employees may be gaily adding free DNS services to their devices that, at the very least, mean you're not in full control of your network configuration. It’s a fundamental part of your infrastructure that’s key to business productivity, as well as a major avenue of attack, and you probably have very little idea of what’s going on.To read this article in full or to leave a comment, please click here

Oracle fixes zero-day Java flaw and over 190 other vulnerabilities

Go ahead and update Java—or disable it if you don’t remember the last time you actually used it on the Web: Oracle’s latest patch, released Tuesday, fixes 25 vulnerabilities in the aging platform, including one that’s already being exploited in attacks.In addition to Java, Oracle also updated a wide range of other products, fixing a total of 193 vulnerabilities, 44 stemming from third-party components.The patched products include Oracle Database, Oracle Fusion Middleware, Oracle Hyperion, Oracle Enterprise Manager, Oracle E-Business Suite, Oracle Supply Chain Suite, Oracle PeopleSoft Enterprise, Oracle Siebel CRM, Oracle Communications Applications, Oracle Java SE, Oracle Sun Systems Products Suite, Oracle Linux and Virtualization, and Oracle MySQL.To read this article in full or to leave a comment, please click here

Most Google de-listing requests are from everyday folk, leaked data shows

Newly leaked figures reveal that the vast majority of people who exercised their right to be “forgotten” by Google’s services in Europe are everyday members of the public, with just 5 percent of requests coming from criminals, politicians and high-profile public figures.Europe’s highest court affirmed last year that people have the right to ask Google to remove certain results from its search engine, on the grounds that the information might be outdated or otherwise unfairly cast them in a negative light.Google has protested the decision, arguing that removing links requires “difficult value judgments” and can go against the public interest. It has pointed to “former politicians wanting posts removed that criticize their policies in office; serious, violent criminals asking for articles about their crimes to be deleted; bad reviews for professionals like architects and teachers; comments that people have written themselves (and now regret).”To read this article in full or to leave a comment, please click here

Hacking Team CEO insists tools were not compromised

The founder of the Italian surveillance software company that suffered a disastrous data breach last week sought to reassure clients on Tuesday about the gravity of the intrusion, insisting that Hacking Team’s anti-terrorism work has not been jeopardized.“If the client has followed our instructions there are no problems for security. Only a part of the source code has been stolen,” Hacking Team CEO David Vincenzetti told reporters at Milan’s Palace of Justice after a five-hour interrogation by Prosecutor Alessandro Gobbis.“We have provided clients with instructions which will enable them to restore complete security with the next update,” Vincenzetti said. The CEO said the hack, which resulted in the theft of 400GB of data and the publication of around 1 million company emails on the WikiLeaks website, had not compromised its most innovative products, which were “capable of combatting the phenomenon of terrorism and appreciated by all Western governments.”To read this article in full or to leave a comment, please click here

Vietnamese man gets 13 years for massive ID theft scheme

A Vietnamese man linked to a data breach of 200 million personal records at a subsidiary of credit monitoring firm Experian has been sentenced to 13 years in prison, the U.S. Department of Justice said.Hieu Minh Ngo, 25, was sentenced Tuesday on charges including wire fraud and identity fraud in the U.S. District Court for the District of New Hampshire, the DOJ said.Ngo was linked to a data breach at Court Ventures, a data broker Experian purchased in 2012.Ngo apparently tricked Court Ventures into giving him access to a personal records database by posing as a private investigator from Singapore, according to news reports. Much of the information about the breach came out when he pleaded guilty to multiple charges in March 2014 in the New Hampshire court.To read this article in full or to leave a comment, please click here

NASA algorithms keep unmanned aircraft away from commercial aviation

It is one of the major issues of letting large unmanned aircraft share the sky with commercial airliners: preventing a disaster by keeping the two aircraft apart – or “well clear” in flight.Commercial airliners and many larger private planes have onboard technology (and air traffic controllers as well as live pilots) to detect and avoid other aircraft in the sky but unmanned systems do not.  +More on Network World: NASA’s cool, radical and visionary concepts+To read this article in full or to leave a comment, please click here

ACLU asks court to immediately kill NSA phone snooping

A U.S. appeals court should immediately shut down the National Security Agency’s bulk collection of domestic telephone records because the practice is illegal, the American Civil Liberties Union said.The ACLU, in a request for an injunction filed Tuesday, asked the U.S. Court of Appeals for the Second Circuit to act now on its ruling from May that the bulk collection of U.S. phone records is illegal.To read this article in full or to leave a comment, please click here

July 2015 Patch Tuesday: Microsoft closes holes being exploited in the wild

For July 2015, Microsoft released 14 security bulletins, with four patches rated as "critical" remote code execution (RCE) fixes. At least one of the fixes rated "critical" and some rated as "important" are currently being exploited in the wild.Patches rated CriticalMS15-065 resolves 28 flaws in Internet Explorer that could otherwise "modify how IE, VBScript and Jscript handle objects in memory." Qualys CTO Wolfgang Kandek pointed out that three of these were previously known (CVE-2051-2413, CVE-2015-2419 and CVE-2015-2421 ). "CVE-2015-2425 seems to come from the data dump at Hacking Team as well and I am impressed by the fix speed that Microsoft showed here. Of the other vulnerabilities a full 19 are of type RCE and allow the attacker to take over the targeted machine simply by browsing to a malicious, or infected site."To read this article in full or to leave a comment, please click here

Salesforce erects Shield for better enterprise-app security

Security has been an increasingly dominant theme in the enterprise software chorus in recent months, and on Tuesday Salesforce added a new voice to the mix with Shield, a set of platform services designed to help companies build secure apps.Designed as part of the Salesforce1 platform, Shield offers four security-minded components intended to make it easier for companies with regulatory, compliance or governance requirements to build cloud apps with built-in auditing, encryption, archiving and monitoring functions.A platform encryption feature, for instance, means that companies can easily designate sensitive data to be encrypted while preserving key business capabilities and workflow. A health insurance company, say, could manage personally identifiable information (PII) and protected health information (PHI) without compromising its agents’ ability to perform key functions using that data, such as searching claims, determining coverage eligibility and approving payments.To read this article in full or to leave a comment, please click here

Mozilla blocks all Flash in Firefox after third zero-day

Mozilla on Monday began blocking all versions of Adobe Flash Player from running automatically in its Firefox browser, reacting to news of even more zero-day vulnerabilities unearthed in a massive document cache pilfered from the Italian Hacking Team surveillance firm.Computerworld confirmed that the current production versions of Firefox -- dubbed v. 39 -- on both Windows and OS X now block Flash.MORE ON NETWORK WORLD: Free security tools you should try Mozilla engineers swung into action over the weekend after reports surfaced late Friday of another Flash zero-day -- the term that describes a flaw for which there is yet no fix, or patch -- discovered in the gigabytes of data and documents stolen from the Hacking Team. At the time, the bug was the second in Flash spotted in just five days.To read this article in full or to leave a comment, please click here

Hacking Team’s malware uses UEFI rootkit to survive OS reinstalls

Surveillance software maker Hacking Team has provided its government customers with the ability to infect the low-level firmware found in laptops and other computers that they wanted to spy on.The company developed a tool that can be used to modify a computer’s UEFI (Unified Extensible Firmware Interface) so that it silently reinstalls its surveillance tool even if the hard drive is wiped clean or replaced.UEFI is a replacement for the traditional BIOS (Basic Input/Output System) and is meant to standardize modern computer firmware through a reference specification. But there are multiple companies that develop UEFI firmware, and there can be significant differences between the implementations used by PC manufactures.To read this article in full or to leave a comment, please click here

‘Morpho’ group goes after corporate IP

Symantec has identified a group of cybercriminals, whom they've named "Morpho," as targeting corporate intellectual property for financial gains, with Twitter, Facebook, Apple and Microsoft among those hit."Attackers going after intellectual property is not that usual," said Vikram Thakur, senior manager at Symantec.However, those attackers tend to be state-sponsored and target information or military or other strategic importance.MORE ON CSO: How to spot a phishing email "That kind of intellectual property is of high value to nations across the board," he said.To read this article in full or to leave a comment, please click here

The Upload: Your tech news briefing for Tuesday, July 14

As partner conference kicks off, Microsoft details Win10 launch plans and moreWith Windows 10 set to roll out in just two weeks, Microsoft on Monday shed some light on the marketing support it will put behind the launch: a worldwide, year-long “upgrade your world” ad campaign. And at its annual Worldwide Partner Conference that started in Orlando, Microsoft rolled out a new analytics tool that aims to democratize access to big data using the Cortana voice interface, as well as Project Gigjam, which can pull data from multiple applications into a shared workspace.To read this article in full or to leave a comment, please click here

CIA: Julia Child and the shark repellant recipe

CIA Sometimes some of the coolest stories get lost in history. The CIA recently noted one of them – famous French food chef and author Julia Child’s critical involvement in developing a shark repellent recipe for military personnel and explosives during WWII.+More on Network World: The hot art in the CIA’s cool art collection+To read this article in full or to leave a comment, please click here

US to begin talks on drone privacy standards

A U.S. government agency will start its third attempt to develop voluntary privacy standards for an emerging area of technology, this time with a series of meetings on drone privacy scheduled to begin Aug. 3.The U.S. National Telecommunication and Information Administration has already hosted similar discussions on mobile app privacy and facial recognition privacy but with mixed results. Privacy groups pulled out of the facial recognition discussions in June, saying the process wouldn’t lead to enough protections for consumers.To read this article in full or to leave a comment, please click here

UK man arrested for stealing half a penny’s worth of power to charge iPhone

As ridiculous as it was when police in Georgia arrested an electric car owner for stealing five cents of electricity, it may be more ridiculous that a UK man was arrested for stealing about a 'penny's worth' of power after charging his iPhone on a train.The entire episode was "ridiculous," artist Robin Lee told the London Evening Standard. He had plugged his iPhone into the train to charge it during a trip that took about "eight or nine minutes" and was then arrested for "abstracting electricity."To read this article in full or to leave a comment, please click here

1 287 288 289 290 291 319