Security operations is changing, driven by a wave of diverse data types, analytics tools, and new operational requirements. These changes are initiating an evolution from monolithic security technologies to a more comprehensive event-driven software architecture (along the lines of SOA 2.0) where disparate security technologies connect via enterprise-class middleware for things like data exchange, message queueing, and risk-driven trigger conditions. ESG refers to this as a Security Operations and Analytics platform architecture or SOAPA. When speaking, or writing about SOAPA, I often compare this evolution to an analogous IT trend in the 1990s. Way back then, large organizations abandoned stand-alone departmental applications in favor or a more integrated software architecture, ERP. This transition resulted in a new generation of business applications acting as a foundation for greater automation, efficiency, and profitability.To read this article in full or to leave a comment, please click here
Security operations is changing, driven by a wave of diverse data types, analytics tools and new operational requirements. These changes are initiating an evolution from monolithic security technologies to a more comprehensive event-driven software architecture (along the lines of SOA 2.0) where disparate security technologies connect via enterprise-class middleware for things like data exchange, message queueing and risk-driven trigger conditions. ESG refers to this as a Security Operations and Analytics platform architecture or SOAPA. When speaking or writing about SOAPA, I often compare this evolution to an analogous IT trend in the 1990s. Way back then, large organizations abandoned stand-alone departmental applications in favor or a more integrated software architecture, ERP. This transition resulted in a new generation of business applications acting as a foundation for greater automation, efficiency and profitability.To read this article in full or to leave a comment, please click here
The future seems bright for the automobile. A whole host of technologies -- including self-driving systems – is set to reinvent the auto industry, making cars more computerized than ever.But not everyone shares a rosy outlook. “I know what is going to happen in the future and I don’t like it,” said Bruce Perens, a leading open source advocate. “And I would like to guide it in a somewhat different direction.”His fear is that consumers who buy next-generation cars will face obstacles to modifying or repairing them -- like purchasing a smartphone, only far more expensive, with manufacturers in sole control over the tech upgrades.To read this article in full or to leave a comment, please click here
Cisco today issued two “critical” security advisories, one for Cisco IOS and Cisco IOS XE Software, the other for the ongoing discovery of problems with Apache Struts2.The IOS vulnerability is in the Cisco Cluster Management Protocol (CMP) processing code in Cisco IOS and Cisco IOS XE Software which could let an unauthenticated, remote attacker to cause a reload of an affected device or remotely execute code with elevated privileges, Cisco stated.+More on Network World: Cisco targets digital business transformation with new certifications+To read this article in full or to leave a comment, please click here
An unpatched vulnerability in the Magento e-commerce platform could allow hackers to upload and execute malicious code on web servers that host online shops.The flaw was discovered by researchers from security consultancy DefenseCode and is located in a feature that retrieves preview images for videos hosted on Vimeo. Such videos can be added to product listings in Magento.The DefenseCode researchers determined that if the image URL points to a different file, for example a PHP script, Magento will download the file in order to validate it. If the file is not an image, the platform will return a "Disallowed file type" error, but won't actually remove it from the server.To read this article in full or to leave a comment, please click here
Samsung has had enough struggles with Tizen, the open-source operating system it is positioning as an alternative to Android. But now Tizen is being blasted by a security expert for being full of egregious security flaws and sloppy programming.Israeli researcher Amihai Neiderman, who heads the research department for Equus Software, spoke at Kaspersky Lab's Security Analyst Summit and later to Motherboard, the tech site run by Vice.com. Neiderman said Tizen's code "may be the worst code I've ever seen. Everything you can do wrong there, they do it."To read this article in full or to leave a comment, please click here
Be it a lightning strike that destroys a home entertainment center or consistently fluctuating power that degrades the performance and shortens the life of your electronics – surges, lightning, and other power disturbances can have a devastating impact on the valuable electronics you rely on every day. The P11U2 from APC offers guaranteed surge protection. Connect and protect up to 11 electronics, and conveniently charge your mobile devices via 2 additional USB ports. Installation is convenient and easy with a 180-degree rotating power cord and right-angle plug. Lastly, three LED indicators inform you if there is any overload, unit, or wall wiring issues. The P11U2 averages 4.5 out of 5 stars from over 1,500 people on Amazon (read reviews), where its typical list price of $34.99 is discounted 14% to $29.99. See this deal on Amazon.To read this article in full or to leave a comment, please click here
The Travelers insurance company has teamed up with Symantec to give policyholders cyber security assessments and consultation in order to help them manage risks.The self-assessment consists of filling out a 25-question survey and getting a written report of how well their network and data protection stacks up. If they want to, they can talk to a consultant who walks them through the results and recommends steps they could take to remediate risks.+More on Network World: Synack: Hackers wanted after firm gets $21.25M funding from Microsoft, HPE+To read this article in full or to leave a comment, please click here
Today’s global supply chains carry risks that run the gamut from pirates off the coast of East Africa to bad guys tampering with goods in transit. And international supply chains also put companies at risk of violating legislation and policies mandating corporate social responsibility. How can your company make responsible decisions for your supply chain under these conditions?Improving the security of the global supply chain system is a key part of the strategy. With billions of dollars of goods at stake, many companies are working at solving the problem. Blockchain firms like Skuchain have developed ways to secure supply chain information to improve tracking. Other firms like CNL Software and Esri focus on improving the security process at key facilities like ports and warehouses. And firms such as Fleetmatics, Shaw Tracking and Optical Lock are working on securing the “moving supply chain” of trucks, railways, ships and planes. Whether your supply chain includes service providers, software services or goods, there are important risks to be mitigated.To read this article in full or to leave a comment, please click here(Insider Story)
Today I’m going to talk about a topic that has gained a lot of attention since the presidential election: encrypted email.Services such as ProtonMail—a secure email system with end-to-end encryption—have reported record signup numbers in recent months. This parallels the increasing adoption and provision of encrypted instant messaging services such as Signal, Telegram, iMessage and WhatsApp. As someone who works in security, I applaud this; more people communicating via encrypted messaging can only be a good thing.+ Also on Network World: Enterprise encryption adoption up, but the devil's in the details +
However, there is a big problem with encrypted email, which is that it mostly sucks. The problem lies in the open nature of email itself. Unlike proprietary messaging systems like WhatsApp, email is based on open-standards. Anyone can run their own email server, and you can send an email to anyone in the world just by knowing their email address using any software you like.To read this article in full or to leave a comment, please click here
Penetration testing provider Synack is getting an infusion of $21.25 million from the investment arms of Microsoft and HP, among others, and some of it will be used to hire more security analysts to fuel what it calls its hacker-powered intelligence platform.The investment is the Series C round of funding and is led by Microsoft Ventures, but also includes Hewlett Packard Enterprise and Singtel Innov8 to bring total investment in the company to $55 million.+More on Network World: 6 vulnerabilities to watch for on the factory floor+To read this article in full or to leave a comment, please click here
After the Shadow Brokers group opened up its archive of exploits allegedly stolen from the United States National Security Agency, security experts found a nasty surprise waiting for Solaris administrators.The Register reported that the dumped Shadow Broker files reference two programs, EXTREMEPARR and EBBISLAND, that would let attackers obtain root access remotely over the network on Solaris boxes running versions 6 to 10 on x86 and SPARC architectures.To read this article in full or to leave a comment, please click here
McAfee security researchers are warning of a new zero-day vulnerability in Microsoft Word being exploited via attached .rtf files since at least January.The exploit allows a Word document to install malware onto your PC without you ever knowing it, giving the attackers full access to your machine. According to McAfee, the exploit works by connecting to a remote server controlled by the hackers, which will download a file that runs as a .hta file, a dynamic HTML file that is used in Word. Security firm FireEye also noted similar malicious .rtf files in its own alert. Both firms say the flaws are within Microsoft's Object Linking and Embedding (OLE) technology and affects all versions of Office, including Office 2016 for Windows 10.To read this article in full or to leave a comment, please click here
A previously unknown Microsoft Office vulnerability was recently used to deliver spyware to Russian-speaking targets, in a possible case of cyberespionage.Security firm FireEye noticed the intrusion attempt, which taps a critical software flaw that hackers are using to craft malicious Microsoft Word documents.On Wednesday, FireEye said it uncovered one attack that weaponized a Russian military training manual. Once opened, the malicious document will deliver FinSpy, a surveillance software that’s been marketed to governments.To read this article in full or to leave a comment, please click here
Industrial control systems (ICS) that run the valves and switches in factories may suffer from inherent weaknesses that cropped up only after they were installed and the networks they were attached to became more widely connected. FireEye iSIGHT Intelligence
Sean McBride
The problems are as far ranging as hard-coded passwords that are publicly available to vulnerabilities in Windows operating systems that are no longer supported but are necessary to run the aging gear, says Sean McBride, attack-synthesis lead analyst at FireEye iSIGHT Intelligence and author of “What About the Plant Floor? Six subversive concerns for industrial environments.”To read this article in full or to leave a comment, please click here
Oh, now this is peachy. Thanks to a four-year, $1.7 million grant from the U.S. Office of Naval Research, Cornell University researchers plan to develop a robot surveillance system that would involve robots sharing “information as they move around, and if necessary, interpret what they see. This would allow the robots to conduct surveillance as a single entity with many eyes.” This would be done allegedly to “protect you from danger.”According to the robot surveillance project paper "Convolutional-Features Analysis and Control for Mobile Visual Scene Perception,” researchers want to develop a surveillance method that could do more than any surveillance to date, as it would “operate autonomously and robustly under unknown, and possibly disconnected, topologies.”To read this article in full or to leave a comment, please click here
Firewalls have been on the front lines of network security for 25 years. Over time they’ve evolved beyond simple packet filtering to take on a wider and deeper variety of tasks to block modern threats. Today, two of the top enterprise firewalls are Cisco’s Adaptive Security Appliance (ASA) and Fortinet’s Fortigate, according to reviews by users in the IT Central Station community.One reviewer, a manager of engineering at a retailer, says Cisco’s ASA is “a solid, stable and consistent firewall platform,” but there’s room for improvement when the enterprise needs to manage multiple firewalls from a central point. “Cisco’s answer is Cisco Security Manager (CSM). Unfortunately, this is a suite of applications that is in much need of an overhaul. It is riddled with bugs and lacks the intuitive experience found in competing vendor offerings.”To read this article in full or to leave a comment, please click here(Insider Story)
Microsoft released its monthly security-patch bundle Tuesday, fixing 45 unique vulnerabilities, three of which are publicly known and targeted by hackers.The top priority this month should be given to the Microsoft Office security update because one of the fixed flaws has been actively exploited by attackers since January to infect computers with malware. Over the past few days this vulnerability, tracked as CVE-2017-0199, has seen widespread exploitation.To read this article in full or to leave a comment, please click here
Dallas city officials have added extra encryption and other security measures to the outdoor warning sirens hacked early Saturday.The hack also prompted the city to evaluate critical systems for potential vulnerabilities, City Manager T.C. Broadnax said in a statement late Monday. City officials are reviewing security for financial systems, a flood warning system, police-fire dispatch and the 911/311 system.To read this article in full or to leave a comment, please click here
It’s common knowledge that healthcare organizations are prime – and relatively easy – targets for ransomware attacks. So it is no surprise that those attacks have become rampant in the past several years. The term “low-hanging fruit” is frequently invoked.But according to at least one report, and some experts, it doesn’t have to be that way. ICIT – the Institute for Critical Infrastructure Technology – contends in a recent whitepaper that the power of artificial intelligence and machine learning (AI/ML) can “crush the health sector’s ransomware pandemic.”To read this article in full or to leave a comment, please click here