During the past two years, U.S. Customs and Border Patrol has targeted ever larger numbers of travelers' smartphones and laptops for searches as they cross the border into the country.U.S. courts have generally upheld a so-called border search exception to the Constitution's Fourth Amendment, allowing CBP to search electronic devices without a court-ordered warrant. In April, a group of lawmakers introduced legislation to require warrants to search devices owned by U.S. citizens and other legal residents, but for now, the law allows for warrantless device searches.To read this article in full or to leave a comment, please click here
Hackers compromised a download server for HandBrake, a popular open-source program for converting video files, and used it to distribute a macOS version of the application that contained malware.The HandBrake development team posted a security warning on the project's website and support forum on Saturday, alerting Mac users who downloaded and installed the program from May 2 to May 6 to check their computers for malware.The attackers compromised only a download mirror hosted under download.handbrake.fr, with the primary download server remaining unaffected. Because of this, users who downloaded HandBrake-1.0.7.dmg during the period in question have a 50/50 chance of having received a malicious version of the file, the HandBreak team said.To read this article in full or to leave a comment, please click here
A remote code execution (RCE) vulnerability is about as bad as it gets. And if it is in Windows, then a multitude of people are at risk until it is patched.The question is, though, if the existence of a critical flaw is disclosed shortly before Patch Tuesday, will Microsoft scramble to immediately close that hole or will the company sit on it and wait out the 90-day disclosure deadline? We will find out tomorrow on Patch Tuesday if Microsoft took immediate action to close a “crazy bad” RCE flaw in Windows that was discovered by Google’s zero-day finders.On the cusp of the weekend, Google Project Zero researcher Tavis Ormandy sent out an alarming tweet. He and fellow Project Zero researcher Natalie Silvanovich had discovered not just an RCE in Windows, but the “worst Windows remote code exec in recent memory.” He went so far as to call it “crazy bad.”To read this article in full or to leave a comment, please click here
The FBI’s Internet Crime Complaint Center (IC3) this week said the plague it calls the Business Email Compromise continues to rack-up victims and money – over 40,000 worldwide victims and $5 billion in the latest count.+More on Network World: FBI/FTC: Watch those e-mails from your “CEO”+The BEC scam is typically carried out by compromising legitimate business e-mail accounts through social engineering or computer intrusion to conduct unauthorized transfers of funds, the IC3 stated. Most victims report using wire transfers as a common method of transferring funds for business purposes; however, some victims report using checks as a common method of payment. The fraudsters will use the method most commonly associated with their victim’s normal business practices. The scam has evolved to include the compromising of legitimate business e-mail accounts and requesting Personally Identifiable Information (PII) or Wage and Tax Statement (W-2) forms for employees, and may not always be associated with a request for transfer of funds, the IC3 stated.To read this article in full or to leave a comment, please click here
The boss gets tipped off that an employee might be leaving the company and in so doing is trying to grab as many clients as possible to take with him to his new job. The company brings in computer forensic specialists to look through the employee’s actions online to find the evidence before confronting the employee.Alfred Demirjian, president and CEO of computer forensic company TechFusion, has seen that and many other scenarios in the 30 years he has been in the business--anything from an employee sabotaging a former company through hijacking an email account to misusing the internet on company time. Commercial software allows his company to dig deep into an employee’s social media postings and texts, or to track them by GPS if they have a company-owned smartphone.To read this article in full or to leave a comment, please click here
New products of the weekImage by Aspect SoftwareOur roundup of intriguing new products. Read how to submit an entry to Network World's products of the week slideshow.Browser Stored Password Discovery ToolImage by thycoticTo read this article in full or to leave a comment, please click here
Top jobsImage by ThinkstockTech jobs of the future will include programmers, analysts, application and system developers, database and network administrators, engineers, designers, architects, scientists, researchers, statisticians, specialists, project and system managers, system and data integrators, technicians and tech support, quality controllers, trainers, and consultants in each of the following 12 areas. (Read the full story: Hot jobs of the future.)To read this article in full or to leave a comment, please click here
If you recently downloaded the HandBrake app for Mac, then there’s a good chance your system is infected with a nasty Remote Access Trojan (RAT).On Saturday, the HandBrake team posted a security alert after learning one of the mirror download servers was hacked. The attacker replaced the Mac version of the HandBrake client with a malicious version.In case you don’t know, HandBrake is an open source video transcoder app which allows users to convert video to other formats.The HandBrake team said an attacker compromised the download mirror server at download.handbrake.fr and replaced the HandBrake-1.0.7.dmg installer file with a version infected with a new variant of the Proton RAT.To read this article in full or to leave a comment, please click here
Another political campaign has been hit by an email dump. This time, the target is French presidential candidate Emmanuel Macron.On Friday, his campaign said a massive and coordinated hack had breached the email inboxes of several staffers. This came after a mysterious user named “EMLEAKS” apparently dumped the stolen data through torrent files on text storage site Pastebin.It’s unclear if the information in the dump is genuine. Allegedly, the dump contains a 9GB trove of emails and photos. The torrent files, which were hosted on Archive.org, are no longer available there.But Macron’s campaign said the leaked files have been spreading over social media as the country prepares to vote for a new president on Sunday.To read this article in full or to leave a comment, please click here
Next week, PC vendors will start rolling out patches that fix a severe vulnerability found in certain Intel-based business systems, including laptops, making them easier to hack. Intel on Friday released a new notice urging clients to take steps to secure their systems.The chipmaker has also released a downloadable tool that can help IT administrators and users discover whether a machine they own has the vulnerability.In addition, vendors including Fujitsu, HP, and Lenovo have released lists showing which products are affected and when the patches will roll out. To read this article in full or to leave a comment, please click here
A few years ago, next-generation firewalls (NGFWs) came out of nowhere to become a network security staple. These devices combined traditional L3/L4 packet filtering with deep packet inspection, IPS, and other network security services along with knowledge about users and applications. This broad functionality packaging changed the network security paradigm—everyone needed, or at least wanted a NGFW at the perimeter or within the internal network.Fast forward to 2017, and the bloom is coming off the NGFW rose for several reasons:
Requirements have changed. NGFWs followed in the footsteps of earlier firewalls—physical appliances installed inline to protect private networks from the public Internet. Back then, mobile and remote office workers VPNed into the corporate network and traffic was backhauled for Internet ingress/egress. This model is changing rapidly, however. As cloud computing, SaaS, mobility and broadband networks evolved, mobile and remote worker connection are often dual homed, offering direct connections to the public internet. Once this happens, NGFWs lose their usefulness, offering no visibility or control of network traffic.
Software is eating the world. Remember Marc Andreessen’s famous essay about the rise of software? Ironically, his publication doesn’t dedicate a single word to cybersecurity, but make no mistake, software is eating Continue reading
A new ransomware-for-hire scheme called Fatboy adjusts the ransom it charges based on international exchange rates so it’s more likely the victims get hit for the largest amount they can reasonably pay.Posted on Exploit, a Russian-language online forum, Fatboy automatically adjusts ransom demands according to where the victim is located, according to the Recorded Future blog.That adjustment is based on the Big Mac Index, which was created by The Economist as a way to show whether official international monetary exchange rates line up with the price charged for a certain product – the Big Mac burger sold by McDonald’s – from country to country. The index tells whether currencies are overvalued or undervalued based on what McDonald’s charges in each country.To read this article in full or to leave a comment, please click here
Over the past year, a group of attackers has managed to infect hundreds of computers belonging to government agencies with a malware framework stitched together from JavaScript code and publicly available tools.The attack, analyzed by researchers from antivirus firm Bitdefender, shows that cyberespionage groups don't necessarily need to invest a lot of money in developing unique and powerful malware programs to achieve their goals. In fact, the use of publicly available tools designed for system administration can increase an attack's efficiency and makes it harder for security vendors to detect it and link it to a particular threat actor.To read this article in full or to leave a comment, please click here
Most businesses hire third-party providers to fill in when they lack in-house resources. It is often necessary to allow third-party vendors access to their network. But after Target’s network was breached a few years ago because of an HVAC vendor’s lack of security, the focus continues to be on how to allow third parties access to the network without creating a security hole.The use of third-party providers is widespread, as are breaches associated with them. Identity risk and lifestyle solution provider SecZetta claims that on average, 40 percent of the workforce make up third parties. A recent survey done by Soha Systems notes that 63 percent of all data breaches can be attributed to a third party. “The increased reliance on third-party employees, coupled with the growing sophistication of hackers, has led to the current identity and access management crisis that most businesses are faced with today — whether they realize it or not,” a SecZetta blog post stated. To read this article in full or to leave a comment, please click here
TrackingImage by ThinkstockIt is easy to overlook identity access management as static infrastructure in the background, and that's the chief problem: Too few organizations treat IAM as the crucial, secure connective tissue between businesses' multiplying employees, contractors, apps, business partners and service providers. Aaron Perry, president at Focal Point Data Risk, runs through some of IAM’s pitfalls.To read this article in full or to leave a comment, please click here
TrackingImage by ThinkstockIt is easy to overlook identity access management as static infrastructure in the background, and that's the chief problem: Too few organizations treat IAM as the crucial, secure connective tissue between businesses' multiplying employees, contractors, apps, business partners and service providers. Aaron Perry, president at Focal Point Data Risk, runs through some of IAM’s pitfalls.To read this article in full or to leave a comment, please click here
There's a growing threat on the cybersecurity scene that could drain millions from unsuspecting businesses and leave them vulnerable to hacking threats.It isn’t a new strain of ransomware. It’s the cybersecurity industry itself.It's ironic, but the products vendors sell, and the marketing they use, sometimes leave buyers misinformed and less secure, according to several business directors who actually buy the tech. “There’s definitely a lot of vaporware,” said Damian Finol, an IT security manager at a major internet company. “There are definitely products that have really exaggerated claims about what they actually do.”For some vendors, it's more about the sale than about security, IT executives say. To close a deal, bad vendors tend to overpromise features that they claim will be added down the line but never materialize. That makes a buyer's job harder.To read this article in full or to leave a comment, please click here
Having trouble finding the right security products for your business? You’re not the only one.Today’s market is filled with hundreds of vendors and plenty of marketing hype. But figuring out which solutions are worthwhile can be a challenge, especially for businesses with little experience in cybersecurity. So we asked actual buyers of enterprise security products for tips, and here’s what they said. Damian Finol, security technical program manager at a major internet firm
Businesses have to do their research. That means looking at customer recommendations instead of relying on what vendors say. Testing the security products in house is also highly advised.To read this article in full or to leave a comment, please click here
Google has stopped Wednesday’s clever email phishing scheme, but the attack may very well make a comeback.One security researcher has already managed to replicate it, even as Google is trying to protect users from such attacks.“It looks exactly like the original spoof,” said Matt Austin, director of security research at Contrast Security.The phishing scheme -- which may have circulated to 1 million Gmail users -- is particularly effective because it fooled users with a dummy app that looked like Google Docs.To read this article in full or to leave a comment, please click here
A sophisticated Russian cyberespionage group is readying attacks against Mac users and has recently ported its Windows backdoor program to macOS.The group, known in the security industry as Snake, Turla or Uroburos, has been active since at least 2007 and has been responsible for some of the most complex cyberespionage attacks. It targets government entities, intelligence agencies, embassies, military organizations, research and academic institutions and large corporations."Compared to other prolific attackers with alleged ties to Russia, such as APT28 (Fancy Bear) and APT29 (Cozy Bear), Snake’s code is significantly more sophisticated, it’s infrastructure more complex and targets more carefully selected," researchers from Dutch cybsersecurity firm Fox-IT said in a blog post Wednesday.To read this article in full or to leave a comment, please click here