Archive

Category Archives for "Network World Security"

The Upload: Your tech news briefing for Friday, April 10

Thin crowds greet Apple Watch in stores in AsiaThe arrival of the Apple Watch in stores across Asia on Friday failed to draw the same crowds that greeted the launch of the iPhone 6—a sign, perhaps, that Apple fans are prepared to queue overnight to buy, but not just to try. The watch is now on show at Apple Stores across the U.S. too, but you’ll have to wait until April 24 to buy one. The company is accepting preorders online only.Reviewers like the new MacBook’s looks, but find a lot to criticizeTo read this article in full or to leave a comment, please click here

Hacked French broadcaster’s passwords revealed in TV broadcast

The hacked French-language TV network TV5Monde might have made it easier for hackers to compromise its systems and social media accounts. One of its employees was interviewed about the hack on TV—in front of a wall of posters that appeared to contain usernames and passwords for the channel’s social media accounts.TV5Monde was hit by a crippling cyberattack on Wednesday when Islamist hackers managed to disrupt broadcasting across its channels and hijacked the station’s website and social media accounts.In the wake of the attack the offices of TV5Monde were visited by reporters of another French TV station, which broadcast an interview with one of TV5Monde’s reporters, David Delos. Behind Delos in the shot however, several printouts stuck to a wall appear to reveal the usernames and passwords for social media accounts including Instagram, Twitter and YouTube.To read this article in full or to leave a comment, please click here

UK government’s spying practices challenged at European human rights court

The U.K. government’s mass surveillance practices will be challenged at the European Court of Human Rights.Human rights and civil liberties organizations Amnesty International, Liberty and Privacy International have filed a joint application with the court, they announced on Friday.The groups assert that U.K domestic law governing the U.K. intelligence agencies’ interception of communications and its intelligence sharing with the U.S., are in breach of fundamental human rights to privacy, freedom of expression and non-discrimination guaranteed under the European Convention on Human Rights. The challenge is based on documents disclosed by NSA leaker Edward Snowden revealing mass surveillance practices by intelligence agencies.To read this article in full or to leave a comment, please click here

White Lodging Services confirms second payment card breach

A large hotel management company has confirmed a second payment card breach in less than 14 months, underscoring the difficulties businesses are having with data thieves.White Lodging Services said the second breach was detected on Jan. 27 after unusual payment card activity was discovered on credit cards used at four Marriott-branded hotels. The compromised data includes customer names, card numbers, security codes and expiration dates, it said in a statement.The Merrillville, Indiana-based company manages hotels under agreements with hotels owners and is a separate entity from the specific hotel brands it operates.To read this article in full or to leave a comment, please click here

Amazon offers network file storage in the cloud

Amazon Web Services continues to chip away at the enterprise storage market, with plans for a new service designed to be a nimbler alternative to network attached storage (NAS) appliances.The Amazon Elastic File System (EFS) will provide a shared, low-latency file system for organizations or project teams that need to share large files and access them quickly, such as a video production company.“The file system is the missing element in the cloud today,” Amazon Web Services head Andy Jassy said Wednesday at the AWS Summit in San Francisco. The service is not yet available for full commercial use, though a preview will be available shortly.To read this article in full or to leave a comment, please click here

Use of Windows XP makes European ATMs vulnerable to malware attacks

For the first time, a country in Western Europe has reported that malware attacks were used by hackers to steal €1.23 million (US$1.32 million) from ATMs. One major problem is the continued use of Windows XP in ATMs, making them more vulnerable to attacks, a report on ATM fraud said.The report does not specify which country reported the malware attacks, said Lachlan Gunn, executive director the European ATM Security Team (EAST), an organization that aims to provide an oversight of trends in ATM fraud.However, it is the first time these attacks were reported in Western Europe. Malware attacks on ATMs have been used for some time in other parts of the world, including Eastern Europe, the Asia Pacific region and Latin America, Gunn said.To read this article in full or to leave a comment, please click here

Police operation disrupts Beebone botnet used for malware distribution

Europol, in collaboration with Dutch authorities, the U.S. FBI and private security companies, have seized the domain names used to control a botnet called Beebone.The police action Wednesday included a so-called botnet sinkholing operation that involved redirecting domains used by the botnet’s command-and-control servers to a server controlled by security companies.Such an action prevents attackers from controlling the botnet and also gives authorities a chance to identify victims whose computers are now connecting to the sinkhole server.Information about the botnet will be distributed to ISPs and CERTs [computer emergency response teams] from around the world so they can notify victims and help them clean their systems, Europol said Thursday in a press release.To read this article in full or to leave a comment, please click here

The Upload: Your tech news briefing for Thursday, April 9

Facebook’s cred is still intact with teens, survey saysA Pew Research survey has found that Facebook is the most popular social network among teens, debunking the notion that it was losing ground among the younger generation. While 71 percent of all teens surveyed use Facebook, 41 percent said they use it the most often compared to other sites. Snapchat and Instagram aren’t far behind, though.Oz launches subscription video platform Thursday, aims at creatorsIcelandic startup Oz is launching a new video platform and mobile app on Thursday that aims to give artists, small businesses and even journalists a platform to publish videos online and get subscription revenue from viewers. Oz videos will be accessible on the Web as well as on iOS and Android. The company suggests that most content creators charge around $5 per month; the platform supports payments in 120 different currencies, with Oz taking a 30 percent cut of producers’ revenue.To read this article in full or to leave a comment, please click here

Islamist hackers take French broadcaster TV5Monde off air

French-language TV network TV5Monde was hit by a crippling cyberattack Wednesday that disrupted broadcasting across its channels and also involved the hijacking of its website and social media accounts.The attack happened at around 10 p.m. Central European Time and given its scale, probably took serious planning by the attackers—a group that calls itself the Cyber Caliphate. The same group, which claims affiliation to extremist organization ISIS, also hijacked the Twitter accounts of Newsweek, the International Business Times and the U.S. Central Command earlier this year.To read this article in full or to leave a comment, please click here

Cloud computing brings changes for IT security workers

Watch out, computer security professionals: Cloud computing vendors are coming for your jobs.It may be inevitable, or you may be able to take back control by rigorously studying how your organization uses technology. But either way, life is changing for IT security experts.Companies like Google and Amazon have figured out configuration management while enterprises avoid the process, said Marcus Ranum, chief security officer of Tenable.“That’s the reason why Amazon is going to have your jobs in 10 years. We are failing as an industry,” said Ranum, who spoke Wednesday at a meeting of the Information Systems Security Association, New England chapter.To read this article in full or to leave a comment, please click here

In a mock cyberattack, Deloitte teaches the whole business how to respond

A security breach or big data loss can trigger an emergency for the entire business, not just for the IT or security teams, so staffers from multiple departments must know how to react quickly and effectively in such situations.This was one of the main lessons taught in a cyber incident war-gaming exercise held for the media on Tuesday in New York by consulting firm Deloitte.Deloitte typically conducts such exercises on behalf of large organizations that want to prepare for when they are hit by a major computer breach. In Tuesday’s event, the participants were executives from various companies, many of whom had participated in such an exercise before.To read this article in full or to leave a comment, please click here

Flaw in WordPress caching plug-in could affect over 1 million sites

A vulnerability in the popular WP Super Cache plug-in for WordPress could allow attackers to inject malicious scripts into websites. The scripts, when loaded by administrators, could trigger unauthorized actions.WordPress websites are a popular target for hackers and many of them are compromised due to plug-in vulnerabilities. Just on Tuesday, the FBI warned that attackers sympathetic to the extremist group ISIS -- also known as ISIL -- have defaced many websites by exploiting known vulnerabilities in WordPress plug-ins.The persistent cross-site scripting (XSS) flaw in WP Super Cache can be exploited by sending a specifically crafted query to a WordPress website with the plug-in installed, according to Marc-Alexandre Montpas, a senior vulnerability researcher at Web security firm Sucuri.To read this article in full or to leave a comment, please click here

Google ordered by German authority to change privacy practices

A German data protection authority has ordered Google to change how it handles users’ private data in the country by the end of the year.The administrative order was issued on Wednesday by the Hamburg Commissioner for Data Protection and Freedom of Information, Johannes Caspar, in order to force Google to comply with German data protection law and give users more control over their data.Google started combining existing policies for various services when it changed its privacy policy in 2012, despite the concerns of European Union data protection authorities. At least six authorities then started formal investigations into the new policy; Hamburg was one of those six.To read this article in full or to leave a comment, please click here

Encryption startup Vera locks down transferred documents

In Silicon Valley, the recruiting game is extremely competitive, according to Ron Harrison, founder of Jivaro Professional Headhunters, a specialist in placing technology candidates.In some cases, Harrison said the difference between getting nothing and a US$30,000 fee has come down to the few slim minutes between when one recruiter sent a resume to a company and a competing recruiter did.“It’s a dirty business,” Harrison said in a phone interview.Recruiting is complicated by the fact that companies may share resumes, even if the receiving company isn’t a client of the recruiter. Essentially, it means a recruiter loses its intellectual property through a gaping hole: an unencrypted document can be sent to anyone.To read this article in full or to leave a comment, please click here

Large-scale Google malvertising campaign hits users with exploits

A large number of ads distributed by a Google advertising partner redirected users to Web-based exploits that attempted to install malware on users’ computers.Security researchers from Dutch security firm Fox-IT observed the malvertising campaign Tuesday, when ads coming through a Google partner in Bulgaria called Engage Lab started redirecting users to the Nuclear Exploit Kit.Exploit kits are Web-based attack platforms that try to exploit vulnerabilities in browsers and browser plug-ins in order to infect users’ computers with malware. The Nuclear Exploit Kit specifically targets vulnerabilities in Adobe Flash Player, Oracle Java and Microsoft Silverlight.To read this article in full or to leave a comment, please click here

The Upload: Your tech news briefing for Wednesday, April 8

Microsoft will offer a peek at new Office apps next weekA Microsoft event on April 16 promises an advance look at how the next version of Office will work with Windows 10, PC World reports. Demonstrations are expected to include applications that run across all platforms from mobile to desktop, and some new features in Office 2016, optimized for a touch interface.Intel shrinking RealSense 3D cameraIntel has shrunk its RealSense 3D camera and is in China pitching it to smartphone makers. In Shenzhen on Wednesday, CEO Brian Krzanich showed off a 6-inch prototype phone built with the new camera, which will be available in devices later this year.To read this article in full or to leave a comment, please click here

US drug enforcement amassed bulk phone records for decades

The U.S. started keeping from 1992 records of international phone calls made by Americans, under a joint program of the Department of Justice and the Drug Enforcement Administration, according to a newspaper report.The secret program, which aimed to counter drug trafficking, collected logs of ”virtually all telephone calls” from the U.S. to as many as 116 countries linked to drug trafficking, according to USA Today, which quoted current and former officials associated with the operation. But the content of the calls was not recorded as part of the collection.To read this article in full or to leave a comment, please click here

FBI says supposed ISIS sympathizers exploiting WordPress plugins

The Federal Bureau of Investigation warned Tuesday that attackers claiming to be sympathetic to the extremist group ISIS are targeting websites that have vulnerable WordPress plugins.The content management system has a thriving community of third-party developers who have created some 37,000 plugins, but occasionally security vulnerabilities in one can put a large number of websites at risk.The vulnerabilities can allow the hackers to gain unauthorized access, inject scripts or install malware on the affected sites, according to an advisory published by the FBI’s Internet Crime Complaint Center. The attackers have hit news organizations, religious institutions, commercial and government websites.To read this article in full or to leave a comment, please click here

SingTel acquires TrustWave for managed security services

SingTel will acquire TrustWave Holdings, the largest U.S. independent provider of managed security services, for $810 million, the companies said on Tuesday.SingTel, a large operator based in Singapore, owns stakes in mobile companies in Indonesia, the Philippines, Thailand, Bangladesh, India, Sri Lanka and countries in Africa. In Australia, SingTel runs Optus, one of the country’s major operators.Chicago-based TrustWave specializes in managed security services, an increasingly popular option for businesses. They allow customers turn over to a third party their network security, vulnerability management and data breach responsibilities, so they don’t have to develop those capabilities in house. As computer security has become increasingly complicated, managed security services are often are cheaper, and can allow companies to respond to security breaches faster.To read this article in full or to leave a comment, please click here

Russian hackers accessed White House email, report says

Hackers working for the Russian government were able to access President Obama’s email system inside the White House, CNN reported Tuesday, indicating that an earlier breach may have been more serious than previously thought.The State Department and the White House said late last year they had seen suspicious activity in their networks, though the White House said at the time only unclassified systems were affected. That may have been true, but it understated the sensitivity of the information accessed, CNN reported Tuesday, citing unnamed U.S. officials briefed on the investigation.To read this article in full or to leave a comment, please click here