If yet another cybersecurity expert wanted to warn the general public about the risks associated with the Internet of Things (IoT), it is likely the warning would go in one ear and out the other. But when a sixth-grader hacks an audience of security experts and “weaponizes” his smart teddy bear, it might just snag the attention of parents who have disregarded warnings about the dangers and bought internet-connected toys for their kids anyway.At the International One Conference in the Netherlands on Tuesday, 11-year-old Reuben Paul set out to ensure that “the Internet of Things does not end up becoming the Internet of Threats.” Judging by security experts’ awed reactions on Twitter, Paul made a lasting impression.To read this article in full or to leave a comment, please click here
Microsoft’s top lawyer has blamed the government’s stockpiling of hacking tools as part of the reason for the WannaCry attack, the worldwide ransomware that has hit hundreds of thousands of systems in recent days.Brad Smith, president and chief legal officer, pointed out that WannaCrypt is based on an exploit developed by the National Security Agency (NSA) and renewed his call for a new “Digital Geneva Convention,” which would require governments to report vulnerabilities to vendors rather than stockpile, sell, or exploit them.To read this article in full or to leave a comment, please click here
The reports came swiftly on Friday morning, May 12—the first I saw were that dozens of hospitals in England were affected by ransomware, denying physicians access to patient medical records and causing surgery and other treatments to be delayed. Said the BBC:
The malware spread quickly on Friday, with medical staff in the UK reportedly seeing computers go down "one by one".NHS staff shared screenshots of the WannaCry programme, which demanded a payment of $300 (£230) in virtual currency Bitcoin to unlock the files for each computer.Throughout the day other, mainly European countries, reported infections.To read this article in full or to leave a comment, please click here
Virtualization-based security software vendor Bromium surveyed security professionals about their behavior toward ransomware. The results were surprising. For example, 10 percent of them admitted to paying a ransom or hiding a breach. More alarming, 35 percent admitted to ignoring their own security protocols.After last week’s WannaCry event, these numbers may start to go down as pressure mounts to prevent future attacks. However, Bromium’s data underscores an important point: The security professionals at the front line of defenses against ransomware and other threats need to set a strong example for following proper protocols.To read this article in full or to leave a comment, please click here(Insider Story)
The Internet of Things – the connecting of billions of everyday and industrial devices using tiny sensors that transmit data and share information in the cloud – is revolutionizing the way we live and do business.IoT platforms are expected to save organizations money, improve decision-making, increase staff productivity, provide better visibility into the organization and improve the customer experience. Six in ten U.S. companies now have some type of IoT initiative underway – either formal or experimental, according to IT trade association CompTIA.All this potential comes with some big security risks – mainly with the unsecured devices themselves, but also with their ability to join forces to bring down systems. This can leave corporate networks vulnerable.To read this article in full or to leave a comment, please click here(Insider Story)
A group of hackers that previously leaked alleged U.S. National Security Agency exploits claims to have even more attack tools in its possession and plans to release them in a new subscription-based service.The group also has intelligence gathered by the NSA on foreign banks and ballistic missile programs, it said.The Shadow Brokers was responsible for leaking EternalBlue, the Windows SMB exploit that was used by attackers in recent days to infect hundreds of thousands of computers around the world with the WannaCry ransomware program.To read this article in full or to leave a comment, please click here
As I read about the WannaCry ransomware attack, my brain is racing with thoughts about the causes and effects of this global incident. Here’s my two cents:1. Ransomware continues to be a growth business, and a bit of work can provide a serious return. The FBI estimated that Ransomware payments topped $1 billion in 2016, and I wouldn’t be surprised if we saw 100% year-over-year growth. 2. For those of us who’ve been in cybersecurity for a while, WannaCry brings back memories of the Internet worms we saw back in the 2000s (i.e. Code Red, Conficker, MSBlast, Nimda, etc.). Once one person on a network was infected, WannaCry simply went out and infected other vulnerable systems on the network. I knew that worm techniques would come back but I always thought they’d be used as a smokescreen for other attacks. Looks like Ransomware and Internet worms can be as compatible as chocolate and peanut butter.To read this article in full or to leave a comment, please click here
As I read about the WannaCry ransomware attack, my brain is racing with thoughts about the causes and effects of this global incident. Here are my two cents:1. Ransomware continues to be a growth business, and a bit of work can provide a serious return. The FBI estimated that ransomware payments topped $1 billion in 2016, and I wouldn’t be surprised if we saw 100 percent year-over-year growth. 2. For those of us who’ve been in cybersecurity for a while, WannaCry brings back memories of the internet worms we saw back in the 2000s (i.e. Code Red, Conficker, MSBlast, Nimda, etc.). Once one person on a network was infected, WannaCry simply went out and infected other vulnerable systems on the network. I knew that worm techniques would come back, but I always thought they’d be used as a smokescreen for other attacks. Looks like ransomware and internet worms can be as compatible as chocolate and peanut butter.To read this article in full or to leave a comment, please click here
The tally of damage from the WannaCry ransomware attack keeps growing, but it’s still not even close to bad enough to force real changes in cybersecurity. According to The New York Times, more than 200,000 machines in more than 150 countries around the world have been infected, but the responses being discussed still center around patches and passwords, updates and antivirus, backups and contingency plans. To read this article in full or to leave a comment, please click here
The Shadow Brokers are back once again, offering buyers not just exploits, but also “compromised network data from Russian, Chinese, Iranian, or North Korean nukes and missile programs.”Seemingly capitalizing on the success of WannaCry ransomware, which used EternalBlue and DoublePulsar – tools developed by the NSA’s Equation Group – the Shadow Brokers want to sell new exploits every month to people who pay a membership fee.The hacking group dubbed its new monthly subscription model “TheShadowBrokers Data Dump of the Month;” the service kicks off in June. The Shadow Brokers claim not to care what Data Dump of the Month service members do with the exploits. The group teased:To read this article in full or to leave a comment, please click here
Even though larger cloud providers offer security and implementation guidelines, companies still face significant risks and challenges when deploying secure applications to the cloud. A new class of security-focused cloud platforms promises to bridge this gap, bringing best-practices and regulatory compliance with the convenience of platform as a service (PaaS).Notable examples of this type of company include Datica, Healthcare Blocks and Aptible, all founded in 2013 and all container-based. These companies boast elite security and DevOps teams that work to secure their products and write new features.Their services are available at low price points and provide a convenient security framework that allows their customers to focus their development efforts on function rather than security.To read this article in full or to leave a comment, please click here
The WannaCry ransomware has wormed its way into tens of thousands of Windows PCs in China, where Windows XP runs one in five systems, local reports said Monday.More than 23,000 IP addresses in the People's Republic of China (PRC) show signs of infection, the country's National Computer Network Emergency Response Technical Team/Coordination Center (CNCERT) told Xinhua, the state-run news agency, on Monday.[ Further reading: Fighting ransomware: A fresh look at Windows Server approaches ]
"Intranets in many industries and enterprises involving banking, education, electricity, energy, healthcare and transportation have been affected in different extents," CNCERT said.To read this article in full or to leave a comment, please click here
Your voice is yours alone – as unique to you as your fingerprints, eyeballs and DNA.Unfortunately, that doesn’t mean it can’t be spoofed. And that reality could undermine one of the promised security benefits of multi-factor authentication, which requires “something you are,“ along with something you have or you know. In theory, even if attackers can steal passwords, they can’t turn into you.But given the march of technology, that is no longer a sure thing. Fingerprints are no longer an entirely hack-proof method of authentication – they can be spoofed.To read this article in full or to leave a comment, please click here
As more groups get into the denial-of-service attack business they're starting to get in each other's way, according to a report released this morning.That translates into a smaller average attack size, said Martin McKeay, senior security advocate at Cambridge, Mass.-based Akamai Technologies Inc.There are only so many devices around that have the kind of vulnerabilities that make them potential targets for a botnet."And other people can come in and take over the device, and take those resources to feed their own botnet," he said. "I'm seeing that over and over."To read this article in full or to leave a comment, please click here
Digital signature service DocuSign said Monday that an unnamed third-party had got access to email addresses of its users after hacking into its systems.The hackers gained temporary access to a peripheral sub-system for communicating service-related announcements to users through email, the company said. It confirmed after what it described as a complete forensic analysis that only email addresses were accessed, and not other details such as names, physical addresses, passwords, social security numbers, credit card data or other information.“No content or any customer documents sent through DocuSign’s eSignature system was accessed; and DocuSign’s core eSignature service, envelopes and customer documents and data remain secure,” DocuSign said in a post. To read this article in full or to leave a comment, please click here
As security researchers investigate last Friday’s massive attack from the WannaCry ransomware, they’ve noticed clues that may link it with a North Korean hacking group that has been blamed for attacking banks across the world.The evidence is far from a smoking gun, and may prove inconclusive. But security researchers have noticed a similarity between an earlier version of WannaCry and a hacking tool used by the Lazarus Group.To read this article in full or to leave a comment, please click here
Last Friday’s massive WannaCry ransomware attack means victims around the world are facing a tough question: Should they pay the ransom?Those who do shouldn't expect a quick response -- or any response at all. Even after payment, the ransomware doesn’t automatically release your computer and decrypt your files, according to security researchers. Instead, victims have to wait and hope WannaCry’s developers will remotely free the hostage computer over the internet. It's a process that’s entirely manual and contains a serious flaw: The hackers have no way to prove who paid off the ransom."The odds of getting back their files decrypted is very small," said Vikram Thakur, technical director at security firm Symantec. "It's better for [the victims] to save their money and rebuild the affected computers."To read this article in full or to leave a comment, please click here
This contributed piece has been edited and approved by Network World editorsPossession is nine-tenths of the law, right? But thanks to blockchain, this old adage may no longer be a viable way to settle property disputes.Artists and enterprises alike have long struggled to prove ownership of their work after it has been disseminated, especially when it is uploaded online. What if there was a way to use technology to reliably track asset provenance with absolute certainty, from creation to marketplace and beyond? The reality is that this is already possible with the help of blockchain, and the benefits to the enterprise are many.To read this article in full or to leave a comment, please click here
This vendor-written tech primer has been edited by Network World to eliminate product promotion, but readers should note it will likely favor the submitter’s approach.There still really aren’t many enterprise run-time security tools for containers available, which has skewed the conversation toward establishing defensive barriers prior to run-time – during the build, integration, and deployment stage.Of course, with rapidly evolving technology like containers, it can be all too easy to overlook the most basic security concerns, so, really, any focus at all is welcome. Efforts pointing out the security advantages of digitally signing container images at build time, and scanning them before they are pushed to the registry, should indeed be heard. The OS should be hardened and attack surfaces should be trimmed where possible. Solutions like Seccomp and AppArmor that introduce security profiles between containers and the host kernel ought to be implemented.To read this article in full or to leave a comment, please click here
Gray Hall, CEO of Alert Logic, cut his teeth delivering enterprise-class services when he started VeriCenter, one of the earliest managed hosting companies. Hall eventually sold that company to SunGard Data Systems in 2007, and in 2009 joined Alert Logic where he has since driven revenue growth 12x. Network World Editor in Chief John Dix recently caught up with Hall to learn more about Alert Logic and the security-as-a-service movement.Lets start with a brief background on the company.Alert Logic was founded in 2002 -- the founders are still with us today in very key roles – and the original vision was to bring together SaaS and managed security services, starting with Intrusion Detection Systems (IDS). Sourcefire had been around for a long time, they were the gorilla in the space (now owned by Cisco), but Sourcefire is a very advanced product and most of our customers would say it’s expensive, complex, and you need a lot of expertise to make it work. It’s only as good as the content you feed it and once you reconfigure your network, you have to do it all over again … tuning, configuration, etc.To read this article in full Continue reading