When it came to the physical plant, it used to be easy with surveillance cameras and access badges to tell if an insider was up to no good. Now with a more virtual network, you can’t always know if the person sitting in the next cubicle is gaining access to confidential documents.
While the insider threat still connotes an employee of the company, the intruder is no longer someone located within the confines of the building. Accessing the network can happen from such public places as the local coffee shop.
“For companies today, where old corporate lines are disappearing more frequently, the challenges only increase. Enterprises need to adapt their policies and procedures to prevent threats by securing corporate end-point equipment and the right tools that protect and allow users to do their work,” said Matias Brutti, a hacker at Okta. “Work environments are constantly changing, so monitoring is difficult on a corporate level.”To read this article in full or to leave a comment, please click here
CSO's Joan Goodchild and Steve Ragan discuss some of the latest security news, including how the FBI director inadvertently (or on purpose?) revealed his Twitter ID and what the new regulations regarding ISPs being able to sell your private data without your consent really entails.
Fortinet has rolled out a new version of its FortiOS operating system that gives customers the ability to manage security capabilities across their cloud assets and software-defined wide area networking (SD-WAN) environments.With FortiOS 5.6, the company’s Fortinet Security Fabric gives a view of customers’ public and private clouds – including Amazon Web Services and Azure – as well as assets on and their software-defined WANs, says John Maddison, Fortinet’s senior vice president of products.+More on Network World: DARPA to eliminate “patch & pray” by baking chips with cybersecurity fortification+To read this article in full or to leave a comment, please click here
Forget about security bulletins; Microsoft is so done with them. Now, it’s all about the Security Update Guide – something Microsoft claimed customers wanted back in November 2016. Bulletins were supposed to bite the dust starting in January 2017, but it appears as if they did starting in April 2017. This new era for patching Microsoft is great, if you really like clicking again and again. If not, I suppose that is too bad, so sad.The release notes are slightly more informative than the Microsoft Security Response Center post about the April patches. The latter simply stated, “Today we released security updates to provide additional protections against malicious attackers.” Microsoft recommends turning on automatic updates, but probably not to stop the upcoming migraine for the click-fest you will have to endure to find out about the security updates.To read this article in full or to leave a comment, please click here
download
Career Tracker: What it takes to be a chief information security officer
CSO
Jeff Foltz did not set out to be an information security professional. He arrived at his current role as CISO at Fidelity National Financial by making the most of a series of opportunities and constantly building his skillset. His degree in psychology and philosophy would also prove more useful in his CISO job than one might think.To read this article in full or to leave a comment, please click here(Insider Story)
In a few months, publicly trusted certificate authorities will have to start honoring a special Domain Name System (DNS) record that allows domain owners to specify who is allowed to issue SSL certificates for their domains.The Certification Authority Authorization (CAA) DNS record became a standard in 2013 but didn't have much of a real-world impact because certificate authorities (CAs) were under no obligation to conform to them.The record allows a domain owner to list the CAs that are allowed to issue SSL/TLS certificates for that domain. The reason for this is to limit cases of unauthorized certificate issuance, which can be accidental or intentional, if a CA is compromised or has a rogue employee.To read this article in full or to leave a comment, please click here
High-profile hacking attacks might dominate the headlines, but one of the biggest risks to your security isn’t software vulnerabilities or malware—it’s phishing attacks. There were more than 1.2 million phishing attacks last year alone, up 65 percent over 2015, according to the Anti-Phishing Working Group (APWG).+ Also on Network World: 25% to 30% of users struggle with identifying phishing threats, study says +
Phishing attacks usually come in the form of a fake email that appears to be from a legitimate source, such as your bank, employer or a website you use frequently. The idea is to get you to hand over the keys to your accounts by prompting you to type your login details and password into a fake website front. Victims click the link in an email and get taken to a website that looks just like the real thing, but in reality, it has been created to steal information.To read this article in full or to leave a comment, please click here
These days, it’s tough for any organization to keep up with cybersecurity operations. Why? Well, the bad guys are pretty persistent for starters, launching a blitzkrieg of attacks and new types of exploits all the time. OK, hackers are relentless, but we’ve always know this, and their behavior isn’t likely to change anytime soon. What’s really disturbing, however, is that a lot of problems associated with cybersecurity are based upon our own intransigence. And organizations aren’t struggling with one issue, rather cybersecurity operations challenges tend to be spread across people, processes and technology. When it comes to security operations, it’s kind of a "death by a thousand cuts" situation. To read this article in full or to leave a comment, please click here
The gang behind the Dridex computer trojan has adopted an unpatched Microsoft Word exploit and used it to target millions of users.The exploit's existence was revealed Friday by security researchers from antivirus vendor McAfee, but targeted attacks using it have been happening since January. After McAfee's limited public disclosure, researchers from FireEye confirmed having tracked the attacks for several weeks as well.The exploit takes advantage of a logic bug in the Windows Object Linking and Embedding (OLE) feature of Microsoft Office. It allows attackers to embed malicious code inside of Microsoft Word documents, with the code automatically executed when those files are opened.To read this article in full or to leave a comment, please click here
A telephony denial of service (TDoS) attack is a specific type of DDoS attack that originates from or is directed towards a telephone system with the intent of bringing down the targeted system. These attacks commonly focus on commercial businesses and may often include ransomware requests. In reality, these attacks can affect anyone, including our nation’s 911 infrastructure, because even it is not isolated from or immune from these types of attacks. And based on its mission, in many ways, it is more fragile.Unintentional TDoS attack
Just last year, 911 centers across the country, including a site in Phoenix, Arizona, were the targets of allegedly unintentional 911 TDoS attacks when some malicious JavaScript code was published on a web page. The code, once loaded on a smartphone browser, would cause some devices to automatically dial 911 repeatedly without user intervention and without the user’s knowledge. To read this article in full or to leave a comment, please click here
The arrest last week of a Russian man in Spain was apparently for his role in a massive spam botnet and not related to an ongoing investigation into foreign tampering with last year's U.S. election.The botnet, called Kelihos, has enslaved hundreds of thousands of computers, and distributed spam and malware to users across the globe. However, the U.S. has taken action to dismantle the illegal operation, the Department of Justice said on Monday.The arrest of 36-year-old Peter Yuryevich Levashov, the botnet's alleged operator, was at first thought to be related to the ongoing U.S. investigation of presidential election-related hacking, but the DOJ said on Monday that wasn't the case.To read this article in full or to leave a comment, please click here
A group of hackers that has been trying to sell exploits and malware allegedly used by the U.S. National Security Agency decided to make the data available for free over the weekend.The security community was expecting the password-encrypted archive that the Shadow Brokers group unlocked Saturday to contain previously unknown and unpatched exploits -- known in the industry as zero-days. That was not the case.As researchers started to analyze the exploits inside, it became clear that while some of them were technically interesting, the large majority were for old and publicly known vulnerabilities. Some appeared to have actually been sourced from public information and affect software versions that are several years old.To read this article in full or to leave a comment, please click here
In an IT world where security software patches seem to be a dime a dozen, the researchers at the Defense Advanced Research Projects Agency want to take a different approach – bake cybersecurity right into the circuitry.The research outfit will this month detail a new program called System Security Integrated Through Hardware and Firmware (SSITH) that has as one of its major goals to develop new integrated circuit architectures that lack the current software-accessible points of criminal entry, yet retain the computational functions and high-performance the integrated circuits were designed to deliver. Another goal of the program is the development of design tools that would become widely available so that hardware-anchored security would eventually become a standard feature of integrated circuit in both Defense Department and commercial electronic systems, DARPA stated.To read this article in full or to leave a comment, please click here
The suspected CIA spying tools exposed by WikiLeaks have been linked to hacking attempts on at least 40 targets in 16 countries, according to security firm Symantec.The tools share “close similarities” with the tactics from an espionage team called Longhorn, Symantec said in a Monday post. Longhorn has been active since at least 2011, using Trojan programs and previously unknown software vulnerabilities to hack targets.To read this article in full or to leave a comment, please click here
Insurance giant Anthem has effectively scared off possible victims of a 2015 data breach by asking to examine their personal computers for evidence that their own shoddy security was to blame for their information falling into the hands of criminals.Some of the affected Anthem customers sued for damages they say resulted from the breach but then withdrew their suits after Anthem got a court order allowing the exams.The examiners would be looking only for evidence that their credentials or other personal data had been stolen even before the Anthem hack ever took place, according to a blog by Chad Mandell, an attorney at LeClairRyan.To read this article in full or to leave a comment, please click here
Cisco initially scheduled its inaugural DevNet Create developers’ conference in San Francisco for what turned out to be the same week in May as Google's wildly popular I/O event in Mountain View (that coy old Google didn't reveal its show dates until late January). So Cisco wound up bumping its new event to the following week “to make sure we don’t take audience away from Google I/O. Okay okay — maybe it’s the other way around…” quipped Susie Wee, VP & CTO of Cisco DevNet Innovations in a recent blogpost.To read this article in full or to leave a comment, please click here
Attackers have been exploiting an unpatched vulnerability in Microsoft Word for the past few months to compromise computers and infect them with malware.The first report about the attacks came Friday from antivirus vendor McAfee after the company's researchers analyzed some suspicious Word files spotted a day earlier. It turned out that the files were exploiting a vulnerability that affects "all Microsoft Office versions, including the latest Office 2016 running on Windows 10."The flaw is related to the Windows Object Linking and Embedding (OLE) feature in Microsoft Office that allows documents to embed references and links to other documents or objects, the McAfee researchers said in a blog post.To read this article in full or to leave a comment, please click here
A Russian man reported to be a computer scientist has been arrested and is being held in Spain, with a law enforcement source contracting news reports saying he was involved with a computer virus linked to U.S. President Donald Trump's recent election victory.The arrest of Piotr Levashov at the Barcelona airport on Friday was not tied to Russian interference in the 2016 U.S. election, said the source, who is close to the investigation. That contradicts news reports from Agence France-Presse and other news outlets, which said Levashov's wife, Maria Levachova, was told his arrest was connected to Trump's election.To read this article in full or to leave a comment, please click here
A Russian man long connected with sending spam emails has been arrested and is being held in Spain, with a law enforcement source contracting news reports saying he was involved with a computer virus linked to U.S. President Donald Trump's recent election victory.The arrest of Piotr Levashov at the Barcelona airport on Friday was not tied to Russian interference in the 2016 U.S. election, said the source, who is close to the investigation. That contradicts news reports from Agence France-Presse and other news outlets, which said Levashov's wife, Maria Levachova, was told his arrest was connected to Trump's election.To read this article in full or to leave a comment, please click here
Ticked at President Trump, the Shadow Brokers hacking group released the password for the NSA hacking tools they previously tried to sell.In an open letter to President Donald Trump, the group asked, “Respectfully, what the f**k are you doing?” In broken English, they accused the president of “abandoning ‘your base,’ ‘the movement,’ and the peoples who getting you elected.”After a “quick review” of the tools unlocked with the password, Edward Snowden noted that “it’s nowhere near the full library, but there’s still so much here that NSA should be able to instantly identify where this set came from and how they lost it. If they can’t, it's a scandal.”To read this article in full or to leave a comment, please click here