The technology issues involved in supporting about 27 distinct DHS information systems and databases hinder the effort by U.S. Immigration and Customs Enforcement (ICE) to track people who overstay their visas.That was the chief conclusion of a scathing Department of Homeland Security (DHS) Office of Inspector General (OIG) report on the status of ICE’s ability to track visa overstays.+More on Network World: DHS warns on immigration spoofing scam+To read this article in full or to leave a comment, please click here
When Microsoft made it possible for enterprises to quickly resolve incompatibilities between their applications and new Windows versions, it didn't intend to help malware authors as well. Yet, this feature is now abused by cybercriminals for stealthy and persistent malware infections.The Windows Application Compatibility Infrastructure allows companies and application developers to create patches, known as shims. These consist of libraries that sit between applications and the OS and rewrite API calls and other attributes so that those programs can run well on newer versions of Windows.Shims are temporary fixes that can make older programs work even if Microsoft changes how Windows does certain things under the hood. They can be deployed to computers through Group Policy and are loaded when the target applications start.To read this article in full or to leave a comment, please click here
Here's a surprise: BlackBerry is back with a new handset and it's pretty good.I know, I know, you've heard this before. Several times over the last few years BlackBerry has attempted to make a comeback and each time it's come to nothing, so what's different now?For the first time the iconic BlackBerry hardware keyboard has been married with Android in the BlackBerry KeyOne. Combine those with several software apps from BlackBerry and the KeyOne is worth a look if you're shopping for a new smartphone, particularly if you spend a lot of time on email, social media or messaging.The handset is produced by TCL, a Chinese phone maker that recently acquired rights to the BlackBerry brand for smartphones. BlackBerry, based in Canada, is still responsible for the software.To read this article in full or to leave a comment, please click here
The BlackBerry KeyOne packs in productivity features and is worth a look if you're in the market for a new phone. It's the first time BlackBerry's iconic keyboard has been paired with Android.
Swing and a missImage by Victor GrigasMost businesses are ill prepared to handle a ransomware attack. In fact, according to a new study released by Carbonite, 68 percent of survey respondents believe their company is “very vulnerable” or “vulnerable” to a ransomware attack. Respondents stated that if their company didn’t pay ransom, it was because they had a full and accurate backup. Without backup, they have no other way to get their most valuable asset back.To read this article in full or to leave a comment, please click here
Swing and a missImage by Victor GrigasMost businesses are ill prepared to handle a ransomware attack. In fact, according to a new study released by Carbonite, 68 percent of survey respondents believe their company is “very vulnerable” or “vulnerable” to a ransomware attack. Respondents stated that if their company didn’t pay ransom, it was because they had a full and accurate backup. Without backup, they have no other way to get their most valuable asset back.To read this article in full or to leave a comment, please click here
Today is World Password Day but a range of alternative authentication methods is challenging passwords so that within the foreseeable future the day of awareness could become obsolete.Biometrics and cell phones are important to this replacement, with ongoing trials of how effective they might be. There is a flurry of activity in these areas to do away with passwords:
The Samsung Galaxy S8 phone has an upgraded retinal scanner that can be used to unlock the phone, but that could be used as a second factor in authenticating to any number of online services. The phones also feature the more common fingerprint scanner.
Rumors have LG adding facial recognition software to their LG G6 phones that could be used in a similar manner.
Also, Alabama’s revenue department is trialing a face-recognition app from MorphoTrust that uses iPhones to scan taxpayers’ drivers licenses and to scan their face. The backend verifies the identity of the taxpayer by comparing the license image and uses that to authenticate the person filing an electronic return.
Phones are also used to receive texts of one-time passwords, which does involve a password, but not one the user generates or changes at some point or has Continue reading
Two lawsuits being heard this week before India’s Supreme Court question a requirement imposed by the government that individuals should quote a biometrics-based authentication number when filing their tax returns.Civil rights groups have opposed the Aadhaar biometric system, which is based on centralized records of all ten fingerprints and iris scans, as their extensive use allegedly encroach on the privacy rights of Indians. “Aadhaar is surveillance technology masquerading as secure authentication technology,” said Sunil Abraham, executive director of Bangalore-based research organization, the Centre for Internet and Society.The Indian government has in the meantime extended the use of Aadhaar, originally meant to identify beneficiaries of state schemes for the poor, to other areas such as filing of taxes, distribution of meals to school children and payment systems.To read this article in full or to leave a comment, please click here
Get ready to be bombarded with “May the Fourth be with you” puns regarding your passwords and identity, as this year May 4 is not only Star Wars Day but also World Password Day.Leading up to World Password Day, I received dozens of emails about how bad our password hygiene still is, studies about poor password management, reminders to change passwords, pitches about password managers and biometric options to replace passwords, reminders to use multi-factor authentication (MFA) as well as the standard advise for choosing a stronger password. Some of that advice contradicts NIST-proposed changes for password management.Although NIST closed comments on for its Digital Identity Guidelines draft on May 1, VentureBeat highlighted three big changes. Since this is NIST and changes to password management rules will eventually affect even nongovernment organizations and trickle down to affect pretty much everyone online, it’s important to look at them. Those changes, according to VentureBeat, boil down to:To read this article in full or to leave a comment, please click here
Google Docs was pulled into a sneaky email phishing attack on Tuesday that was designed to trick users into giving up access to their Gmail accounts.The phishing emails, which circulated for about three hours before Google stopped them, invited the recipient to open what appeared to be a Google Doc. The teaser was a blue box that said, “Open in Docs.”In reality, the link led to a dummy app that asked users for permission to access their Gmail account. Reddit
An example of the phishing email that circulated on Tuesday.To read this article in full or to leave a comment, please click here
This vendor-written tech primer has been edited by Network World to eliminate product promotion, but readers should note it will likely favor the submitter’s approach.Organizations are used to appliances being the workhorse of their protection needs. There are appliances for everything from firewalls, to Intrusion Detection Systems, Web Security Gateways, Email Security Gateways, Web Application Firewalls, and Advanced Threat Protection.But as crucial as security appliances are today, they are eventually going to die out as they get increasingly less effective, requiring detection to be pushed to the machines that need protection. Here are the nine reasons why:To read this article in full or to leave a comment, please click here
There are now so many cyberattacks that many enterprises simply accept that hackers and bad actors will find ways to break into their systems.A strategy some large businesses have developed over the past two years has been to quickly identify and isolate these attacks, possibly by shutting down part of a system or network so the hackers won't get days or weeks to root around and grab sensitive corporate data.This enterprise focus on rapid detection and response to various attacks on networks and computers doesn't replace conventional security tools to prevent attacks. Instead, businesses are relying on both prevention software and detection software.To read this article in full or to leave a comment, please click here
China will start carrying out security checks of IT suppliers in the country, with the intent of keeping out internet products vulnerable to spying and hacking.The new rules, which take effect in June, mean that foreign vendors will face more scrutiny -- including government-mandated background checks, and supply chain vetting -- when selling IT products to China’s major business sectors.On Tuesday, the country’s Cyberspace Administration of China released the new rules, which call for the review of any important internet products and services that relate to the country’s security.To read this article in full or to leave a comment, please click here
Cisco today warned user of a critical vulnerability in its CVR100W Wireless-N VPN router execute that could let an attacker issues arbitrary code or cause a denial of service situation.The company also issues three “High” level impact warnings advisories on its IOS XR Software, Teleprescence and Aironet wireless access point products.On the Critical warning, Cisco said a vulnerability in the Universal Plug-and-Play (UPnP) implementation in the Cisco CVR100W Wireless-N VPN Router could let an unauthenticated, Layer 2–adjacent attacker to execute arbitrary code or cause a denial of service (DoS).To read this article in full or to leave a comment, please click here
Many industrial IoT systems have open doors that create unintended vulnerabilities. What information could be exposed by open communications protocols? How do hackers identify vulnerable systems? What security resources are available? How do IoT firewalls protect against such threats?TCP Port 502 vulnerabilities
Many industrial systems use TCP Port 502, which allows two hosts to establish a connection and exchange streams of data. TCP guarantees delivery of data and that packets will be delivered on port 502 in the same order in which they were sent. This creates the risk of remote attackers to install arbitrary firmware updates via a MODBUS 125 function code to TCP port 502. Scans from services such as Shodan identify systems that have an open TCP port 502 that could be vulnerable.To read this article in full or to leave a comment, please click here
Many companies have automated systems in place for preventing, detecting, and investigating security incidents, but automating the incident response and mitigation process for networks and endpoint devices has been a tougher nut to crack.That includes actions such as automatically re-imaging endpoint devices, isolating devices from corporate networks, or shutting down particular network processes in order to quickly and efficiently respond to attacks."I think there's a lot of potential," said Joseph Blankenship, analyst at Forrester Research. "We're definitely in a period of discovery, though, and that has to take place before we're going to see widespread, mainstream adoption."To read this article in full or to leave a comment, please click here
At a time where state actors have working exploits that target smart TVs and undisclosed zero-day exploits of fully patched PC and smartphone platforms, there is no question that practicing safe computing is more important than ever. While there is no silver bullet for you to protect yourself against constantly evolving security threats, there are some steps you can take to reduce your likelihood of being a victim in this age of insecurity.Good online habits
For all the sophistication of modern exploits, the traditional warning about how files haring is a hotbed for malware is as valid today as ever. It is a good practice not to download and run software from untrusted online sources or via peer-to-peer networks. Hackers have been known to take legitimate software and infect it with malware before distributing it to the unsuspecting. Some even take the extra step of removing copy protection on licensed software to sweeten the bait.To read this article in full or to leave a comment, please click here(Insider Story)
Many people are not aware of this, but Wi-Fi hotspots at Starbucks, Barnes & Noble or your local hotel that offers it as a complimentary service are not safe for confidential browsing, performing financial transactions or for viewing your emails.Public Wi-Fi does not offer encryption for individuals using the same password and hotspot. Also, your signals are broadcast across the immediate area. It is easy for someone else within your vicinity to eavesdrop on your communication. An unskilled hacker can intercept your signal using a phony hotspot or a tampering software that can be found on a search engine.+ Also on Network World: 4 lesser-known Wi-Fi security threats and how to defend against them +
The first task of a hacker is to get on the same network as the potential victim, then they can carry out that task with a public Wi-Fi network because they have the password. It does not matter if a network password is given out by the cashier or printed in your hotel room's welcome packet, once public, your security is compromised.To read this article in full or to leave a comment, please click here
The Xen Project has fixed three vulnerabilities in its widely used hypervisor that could allow operating systems running inside virtual machines to access the memory of the host systems, breaking the critical security layer among them.Two of the patched vulnerabilities can only be exploited under certain conditions, which limits their use in potential attacks, but one is a highly reliable flaw that poses a serious threat to multitenant data centers where the customers' virtualized servers share the same underlying hardware.The flaws don't yet have CVE tracking numbers, but are covered in three Xen security advisories called XSA-213, XSA-214 and XSA-215.To read this article in full or to leave a comment, please click here
In the latest episode of Security Sessions, CSO Editor-in-Chief Joan Goodchild speaks via Skype with Michael A. Davis, the CTO of behavioral analytics company CounterTack. The two discuss why machine learning is so important to CSOs and CISOs, even if they themselves are not particularly investing in such technology for their own security systems.