Fully Homomorphic Encryption (FHE) for years has been a promising approach to protecting data while it’s being computed on, but making it fast enough and easy enough to use has been a challenge.The Intelligence Advanced Research Projects Activity, which has been leading the Department of Defense’s examination of this topic, recently awarded research and development firm Galois a $1M contract to explore ways to bring FHE to programmers. The goal, says Galois Principal Investigator Dr. David Archer, is making FHE “practical and usable,” and his outfit is working with researchers at the New Jersey Institute of Technology on this front via the Rapid Machine-learning Processing Applications and Reconfigurable Targeting of Security (RAMPARTS) initiative. To read this article in full or to leave a comment, please click here
Your business is hit with a ransomware attack. Or your ecommerce site crashes. Your legacy system stops working. Or maybe your latest software release has a major bug. These are just some of the problems that ecommerce, technology and other companies experience at one time or another.The issue is not if a problem – or crisis – occurs, but how your company handles it when it does. Manage the problem poorly, you risk losing customers, or worse. Handle a crisis promptly and professionally, you can fend off a public relations disaster and might even gain new customers.So what steps can businesses take to mitigate and effectively manage an IT-related crisis? Here are eight suggestions.To read this article in full or to leave a comment, please click here
Your business is hit with a ransomware attack. Or your ecommerce site crashes. Your legacy system stops working. Or maybe your latest software release has a major bug. These are just some of the problems that ecommerce, technology and other companies experience at one time or another.The issue is not if a problem – or crisis – occurs, but how your company handles it when it does. Manage the problem poorly, you risk losing customers, or worse. Handle a crisis promptly and professionally, you can fend off a public relations disaster and might even gain new customers.So what steps can businesses take to mitigate and effectively manage an IT-related crisis? Here are eight suggestions.To read this article in full or to leave a comment, please click here
Thousands of organizations from around the world were caught off guard by the WannaCry ransomware attack launched Friday. As this rapidly spreading threat evolves, more cybercriminals are likely to attempt to profit from this and similar vulnerabilities.As a ransomware program, WannaCry itself is not that special or sophisticated. In fact, an earlier version of the program was distributed in March and April and, judging by its implementation, its creators are not very skilled.To read this article in full or to leave a comment, please click here
Today is likely to be painful for many organizations all over the world that took the weekend off and are returning to the work-week to find hundreds or thousands of computers on their networks encrypted by WannaCry ransomware, which surfaced Friday and has been propagating ever since.Estimates by law enforcement agency Europol estimated yesterday that more than 200,000 computers in 150 countries were infected, but with the worm continuing to spread to vulnerable Windows machines, that number will surely rise.For those whose machines have not been infected, here’s what you need to do right away:
Apply the Microsoft patch that will thwart the attack. It’s available here.
If you can’t do that because you haven’t tested whether the patch will affect your software build, disable Server Message Block 1 (SMB1) network file sharing. That’s where the flaw is that it attacks.
Consider closing firewall port 139, 445 or both because these are the ports SMB uses.
Longer term, to guard against similar future attacks you should:To read this article in full or to leave a comment, please click here
It is sickening when people prove “no good deed goes unpunished” to be true. I’m looking at you, British tabloids, because it was mean, stupid and very irresponsible to dox the guy who discovered the first WannaCry ransomware kill switch and thereby stopped thousands of old Windows machines from becoming infected.He goes by MalwareTech on Twitter and has an avatar of a cat wearing sunglasses. If he wanted to use his real name and picture, then he would have. Clearly, he values privacy and tries to maintain at least some degree of anonymity.Yet after being hailed as a hero for discovering a kill switch as WannaCry ransomware swept across globe, shady journalists doxed him. They dug into everything they could find online about MalwareTech, including trying to pry information from his friends.To read this article in full or to leave a comment, please click here
What is incident response?Image by ThinkstockIncident response is like investigating a real burglary. You look for evidence of the intruder at the crime scene, find his targets and his getaway car, and repair any holes. Discover any cuts in your chain link fence. Take a few steps back for more perspective. Find the intruder’s targets. What assets are near the compromised fence? Investigate in both directions to find the intruder's target and getaway car. Fix the fence. Resolve any issues and patch vulnerabilities.To read this article in full or to leave a comment, please click here
What is incident response?Image by ThinkstockIncident response is like investigating a real burglary. You look for evidence of the intruder at the crime scene, find his targets and his getaway car, and repair any holes. Discover any cuts in your chain link fence. Take a few steps back for more perspective. Find the intruder’s targets. What assets are near the compromised fence? Investigate in both directions to find the intruder's target and getaway car. Fix the fence. Resolve any issues and patch vulnerabilities.To read this article in full or to leave a comment, please click here
The CEO puts all the trust in the chief security officer to keep the company off the front page and out of danger. But as the number of attacks across the internet skyrockets, that trust has slowly eroded or at the very least is increasingly questioned.CEOs don’t want to be caught off-guard, so they are asking pointed questions to ensure they know what security precautions are being taken. Here is a hypothetical Q&A between a CEO or board member and the CISO. Lucas Moody, vice president and CISO at Palo Alto Networks, and Dottie Schindlinger, Governance Technology Evangelist at Diligent, provided insight with these interactions.CEO: Why are we getting more phishing attacks? And what are we doing about all these phishing attacks?To read this article in full or to leave a comment, please click here
New products of the weekImage by ArrayOur roundup of intriguing new products. Read how to submit an entry to Network World's products of the week slideshow.FastCollect for Archives Commvault EditionImage by archive360To read this article in full or to leave a comment, please click here
Microsoft on Sunday said a software vulnerability stolen from the U.S. National Security Agency has affected customers around the world, and described the spread of the WannaCrypt ransomware on Friday in many countries as yet another example of the problems caused by the stockpiling of vulnerabilities by governments.Referring to the attack as a “wake-up call,” Microsoft’s President and Chief Legal Officer, Brad Smith wrote in a blog post that governments have "to consider the damage to civilians that comes from hoarding these vulnerabilities and the use of these exploits."The ransomware, also called WannaCry or Wana Decryptor, works by exploiting a vulnerability in some older versions of Windows. It has been suspected for some time now that the malware came from a cache of hacking tools reportedly stolen by hacking group Shadow Brokers from the NSA and leaked on the internet. WannaCry is said to take advantage of a NSA hacking tool, called EternalBlue, that can make it easy to hijack unpatched older Windows machines.To read this article in full or to leave a comment, please click here
Monday is going to suck for some folks, those who run old, unsupported Windows systems which are vulnerable to WannaCry ransomware, if they didn’t put in some weekend time applying security updates.In response to the massive global ransomware attack on Friday, Microsoft took the “highly unusual step of providing a security update for all customers to protect Windows platforms that are in custom support only, including Windows XP, Windows 8, and Windows Server 2003.” Europol chief Rob Wainwright told the BBC, “Companies need to make sure they have updated their systems and ‘patched where they should’ before staff arrived for work on Monday morning.”To read this article in full or to leave a comment, please click here
Users of old Windows systems can now download a patch to protect them from this week’s massive ransomware attack.In a rare step, Microsoft published a patch for Windows XP, Windows Server 2003 and Windows 8 -- all of them operating systems for which it no longer provides mainstream support.Users can download and find more information about the patches in Microsoft’s blog post about Friday’s attack from the WannaCry ransomware.The ransomware, which has spread globally, has been infecting computers by exploiting a Windows vulnerability involving the Server Message Block protocol, a file-sharing feature.To read this article in full or to leave a comment, please click here
Friday’s unprecedented ransomware attack may have stopped spreading to new machines -- at least briefly -- thanks to a "kill switch" that a security researcher has activated.The ransomware, called Wana Decryptor or WannaCry, has been found infecting machines across the globe. It works by exploiting a Windows vulnerability that the U.S. National Security Agency may have used for spying.The malware encrypts data on a PC and shows users a note demanding $300 in bitcoin to have their data decrypted. Images of the ransom note have been circulating on Twitter. Security experts have detected tens of thousands of attacks, apparently spreading over LANs and the internet like a computer worm.To read this article in full or to leave a comment, please click here
Consumers with HP laptops that have been accidentally recording their keystrokes can easily address the problem with a patch from the PC maker.More than two dozen HP laptop models, including the EliteBook, ProBook and ZBook, have an bug in the audio driver that will act as a keylogger, a Swiss security firm said Thursday. A list of affected products can be found here. Fortunately, HP began rolling out fixes through its support page, and in a Windows update, starting on Thursday, HP Vice President Mike Nash said.To read this article in full or to leave a comment, please click here
A Microsoft manager this week offered IT administrators a way to replicate -- in a fashion -- the security bulletins the company discarded last month."If you want a report summarizing today's #MSRC security bulletins, here's a script that uses the MSRC Portal API," John Lambert, general manager of the Microsoft Threat Intelligence Center, said in a Tuesday message on Twitter.Lambert's tweet linked to code depository GitHub, where he posted a PowerShell script that polled data using a new API (application programming interface). Microsoft made the API available in November when it first announced that it planned to axe the security bulletins it had issued since at least 1998.To read this article in full or to leave a comment, please click here
In response to recent attacks where hackers abused Google's OAuth services to gain access to Gmail accounts, the company will review new web applications that request Google users' data.To better enforce its policy regarding access to user data through its APIs (application programming interfaces), which states that apps should not mislead users when presenting themselves and their intentions, Google is making changes to the third-party app publishing process, its risk assessment systems and the consent page it displays to users.Google is an identity provider, which means other web apps can use Google as the authentication mechanism for users accessing the app. Apps use the OAuth protocol to do this. These apps can also use Google's APIs to send users requests for information stored in Google's services.To read this article in full or to leave a comment, please click here
A ransomware attack appears to be spreading around the world, leveraging a hacking tool that may have come from the U.S. National Security Agency.The ransomware, called Wanna Decryptor, struck hospitals at the U.K.’s National Health Service on Friday, taking down some of their network.Spain’s computer response team CCN-CERT has also warned of a "massive attack" from the ransomware strain, amid reports that local telecommunications firm Telefonica was hit.To read this article in full or to leave a comment, please click here
Hospitals across England have fallen victim to what appears to be a coordinated ransomware attack that has affected facilities diverting patients to hospitals not hit by the malware.The attackers are asking for $300 in Bitcoin to decrypt affected machines, payable within 24 hours or the ransom doubles. If the victims don’t pay within seven days, they lose the option to have the files decrypted, according to U.K. press reports.While multiple healthcare facilities have been hit, the country’s health service says other types of groups have also fallen victim.According to The Register, a spokesperson for the country’s National Health Service’s digital division said: "The investigation is at an early stage but we believe the malware variant is Wanna Decryptor.” The spokesperson said the attack was not specifically targeted at the NHS, but affects organizations across a range of sectors, but didn’t specify which.To read this article in full or to leave a comment, please click here
Attackers behind the highly successful Locky and Bart ransomware campaigns have returned with a new creation: A malicious file-encrypting program called Jaff that asks victims for payments of around $3,700.Like Locky and Bart, Jaff is distributed via malicious spam emails sent by the Necurs botnet, according to researchers from Malwarebytes. Necurs first appeared in 2012 and is one of the largest and longest-running botnets around today.According to an April analysis by researchers from IBM Security, Necurs is made up of about 6 million infected computers and is capable of sending batches of millions of emails at a time. It is also indirectly responsible for a large percentage of the world's cybercrime because it's the main distribution channel for some of the worst banking Trojan and ransomware programs.To read this article in full or to leave a comment, please click here