The recent growth in the cyber insurance market is already improving cybersecurity in some industry segments, and has the potential to do more -- if the industry is able to address its data problem.One area where cyber insurance has already made an impact is in the retail space, said David White, founder and COO at Axio Global, a cyber risk company.After the 2013 Target breach, it became very difficult for retailers to get a decent price for cyber insurance unless they had completely switched over to end-to-end encryption, or had a definite plan in place for doing that.To read this article in full or to leave a comment, please click here
Managing the health of the corporate network will directly affect the productivity of every user of that network. So network administrators need a robust network monitoring tool that helps them manage the network, identify problems before they cause downtime, and quickly resolve issues when something goes wrong.Five of the top network monitoring products on the market, according to users in the IT Central Station community, are CA Unified Infrastructure Management, SevOne, Microsoft System Center Operations Manager (SCOM), SolarWinds Network Performance Monitor (NPM), and CA Spectrum.To read this article in full or to leave a comment, please click here(Insider Story)
Managing the health of the corporate network will directly affect the productivity of every user of that network. So network administrators need a robust network monitoring tool that helps them manage the network, identify problems before they cause downtime, and quickly resolve issues when something goes wrong.Five of the top network monitoring products on the market, according to users in the IT Central Station community, are CA Unified Infrastructure Management, SevOne, Microsoft System Center Operations Manager (SCOM), SolarWinds Network Performance Monitor (NPM), and CA Spectrum.To read this article in full or to leave a comment, please click here(Insider Story)
Managing the health of the corporate network will directly affect the productivity of every user of that network. So network administrators need a robust network monitoring tool that helps them manage the network, identify problems before they cause downtime, and quickly resolve issues when something goes wrong.Five of the top network monitoring products on the market, according to users in the IT Central Station community, are CA Unified Infrastructure Management, SevOne, Microsoft System Center Operations Manager (SCOM), SolarWinds Network Performance Monitor (NPM), and CA Spectrum.To read this article in full, please click here(Insider Story)
New products of the weekImage by HPEOur roundup of intriguing new products. Read how to submit an entry to Network World's products of the week slideshow.Bluescape visual collaboration softwareImage by bluescapeTo read this article in full or to leave a comment, please click here
On Saturday, the hacking group The Dark Overlord followed through with threats to release 10 of 13 new Orange Is the New Black episodes that it had in its possession after Netflix failed to pay a ransom. The Dark Overlord, or TDO, allegedly has tried to extort money from other big networks as well and used the leak to threaten those networks.TDO tweeted: “Who is next on the list? FOX, IFC, NAT GEO, and ABC. Oh, what fun we’re all going to have. We’re not playing games anymore.”
Who is next on the list? FOX, IFC, NAT GEO, and ABC. Oh, what fun we're all going to have. We're not playing any games anymore.To read this article in full or to leave a comment, please click here
On Saturday, the hacking group The Dark Overlord followed through with threats to release 10 of 13 new Orange Is the New Black episodes that it had in its possession after Netflix failed to pay a ransom. The Dark Overlord, or TDO, allegedly has tried to extort money from other big networks as well and used the leak to threaten those networks.TDO tweeted: “Who is next on the list? FOX, IFC, NAT GEO, and ABC. Oh, what fun we’re all going to have. We’re not playing games anymore.”
Who is next on the list? FOX, IFC, NAT GEO, and ABC. Oh, what fun we're all going to have. We're not playing any games anymore.To read this article in full or to leave a comment, please click here
The U.S. National Security Agency will no longer sift through emails, texts and other internet communications that mention targets of surveillance.The change, which the NSA announced on Friday, stops a controversial tactic that critics said violated U.S. citizens' privacy rights.The practice involved flagging communications where a foreign surveillance target was mentioned, even if that target wasn't involved in the conversation. Friday’s announcement means the NSA will stop collecting this data.“Instead, this surveillance will now be limited to only those communications that are directly ‘to’ or ‘from’ a foreign intelligence target,” the NSA said in a statement.To read this article in full or to leave a comment, please click here
A new malware program that targets macOS users is capable of spying on encrypted browser traffic to steal sensitive information.The new program, dubbed OSX/Dok by researchers from Check Point Software Technologies, was distributed via email phishing campaigns to users in Europe.One of the rogue emails was crafted to look as if it was sent by a Swiss government agency warning recipients about apparent errors in their tax returns. The malware was attached to the email as a file called Dokument.zip.What makes OSX/Dok interesting is that it was digitally signed with a valid Apple developer certificate. These certificates are issued by Apple to members of its developer program and are needed to publish applications in the official Mac App Store.To read this article in full or to leave a comment, please click here
A Google effort to push websites to implement encryption is expanding. Starting in October, the company will roll out new warnings to flag HTTP connections as insecure in its Chrome browser.For users, it means Chrome will display the words “not secure” in the browser’s address bar whenever they type any data into web pages that connect over HTTP.However, for users who like to browse through Chrome’s privacy-enhancing Incognito mode, the warnings will appear by default on all HTTP pages visited, not only when the user enters information onto the page.To read this article in full or to leave a comment, please click here
I have detailed the crazy things that the TSA has found in airline travelers checked bags over the past few years but…every once and awhile, something new and cracked turns up. TSA/22MM tank round LAX
Recently the agency’s agents reported that a live 22 MM anti-tank round was discovered by TSA agents in a checked bag at Los Angeles (LAX) airport.To read this article in full or to leave a comment, please click here
This column is available in a weekly newsletter called IT Best Practices. Click here to subscribe. Companies that provide online transactional services to consumers or other businesses have to be concerned about fraud. Whether it is renting hotel rooms to travelers, selling books to avid readers, arranging shipping services for hard goods, or any of the thousands of other types of sales and services transacted online, the entity behind the online business needs to know if the end user and transaction can be trusted.The credit reporting company Experian says that e-commerce fraud attack rates spiked 33% in 2016 compared to 2015. Experian attributes this increase to the recent switch to EMV (those chip-based credit cards), which drove fraudsters to online card-not-present fraud, and to the vast number of data breaches in which users’ online credentials were stolen. The Federal Trade Commission says the number of consumers who reported their stolen data was used for credit card fraud increased from 16% in 2015 to 32% in 2016.To read this article in full or to leave a comment, please click here
Hundreds of thousands of internet gateway devices around the world, primarily residential cable modems, are vulnerable to hacking because of a serious weakness in their Simple Network Management Protocol implementation.SNMP is used for automated network device identification, monitoring and remote configuration. It is supported and enabled by default in many devices, including servers, printers, networking hubs, switches and routers.Independent researchers Ezequiel Fernandez and Bertin Bervis recently found a way to bypass SNMP authentication on 78 models of cable modems that ISPs from around the world have provided to their customers.Their internet scans revealed hundreds of thousands of devices whose configurations could be changed remotely through the SNMP weakness that they found and dubbed StringBleed.To read this article in full or to leave a comment, please click here
A survey sponsored by Check Point Software Technologies Ltd. found that 64 percent of respondents are doubtful that their organization can prevent a mobile cyberattack, leaving employees' personal information vulnerable to theft.Alvaro Hoyos, chief information security officer at OneLogin, said that number does not surprise him. He said the employees might not know the ins and outs of their company's security controls. IT departments typically don’t go out of the way to communicate all the security controls that they are relying on to secure your IT environment.He said companies should use their security awareness training to help users understand what risks you their employers are addressing with technology.To read this article in full or to leave a comment, please click here
The 3rd edition of this book will have you confidently using Wireshark to solve the kind of problems you're likely to run into. You'll be capturing and analyzing packets, understanding network protocols, and gaining important insights into what's happening on your network.
The overall equation is pretty simple: If you want to understand network traffic, you really should install Wireshark. And, if you really want to use Wireshark effectively, you should consider this book. Already in its third edition, Practical Packet Analysis both explains how Wireshark works and provides expert guidance on how you can use the tool to solve real-world network problems.Yes, there are other packet analyzers, but Wireshark is one of the best, works on Windows, Mac, and Linux, and is free and open source. And, yes, there are other books, but this one focuses both on understanding the tool and using it to address the kind of problems that you're likely to encounter.To read this article in full or to leave a comment, please click here
The overall equation is pretty simple: If you want to understand network traffic, you really should install Wireshark. And, if you really want to use Wireshark effectively, you should consider this book. Already in its third edition, Practical Packet Analysis both explains how Wireshark works and provides expert guidance on how you can use the tool to solve real-world network problems.Yes, there are other packet analyzers, but Wireshark is one of the best, works on Windows, Mac, and Linux, and is free and open source. And, yes, there are other books, but this one focuses both on understanding the tool and using it to address the kind of problems that you're likely to encounter.To read this article in full or to leave a comment, please click here
The overall equation is pretty simple: If you want to understand network traffic, you really should install Wireshark. And, if you really want to use Wireshark effectively, you should consider this book. Already in its third edition, Practical Packet Analysis both explains how Wireshark works and provides expert guidance on how you can use the tool to solve real-world network problems.Yes, there are other packet analyzers, but Wireshark is one of the best, works on Windows, Mac, and Linux, and is free and open source. And, yes, there are other books, but this one focuses both on understanding the tool and using it to address the kind of problems that you're likely to encounter.To read this article in full, please click here
Many people are worried about putting smart internet-connected devices in their homes or offices because of flaws that could allow attackers into their private networks.Web optimization and security firm Cloudflare is trying to alleviate those fears with a new service that could allow internet-of-things manufacturers to protect devices from attacks and deploy patches much quicker.Cloudflare's content delivery network is used by millions of people and companies to increase the performance of their websites and to protect them from malicious traffic. The company's servers work as invisible proxies between websites and visitors, providing on-the-fly encryption and firewall protection.To read this article in full or to leave a comment, please click here
Enterprises authenticate users based on their knowledge, possession, or inherence of some evidence that they are the party with the given right of access. Some experts see the context of the user’s authentication such as the time, their network IP and device, and their location as the fourth factor of authentication.Stephen Cobb, senior security researcher at ESET says you can assure greater security with each additional factor of authentication that you add.MFA is more important than ever as attackers are increasingly breaking into accounts that use single-factor authentication and sometimes even those with two factors. In one example, attackers tried to get the second factor by using phishing texts that asked users to send over their tokens.To read this article in full or to leave a comment, please click here