When Microsoft released Build 15031 of the Windows 10 Insider Preview on February 8, 2017, it added a new OS feature for Bluetooth-equipped devices. It's called Dynamic Lock, and lets you control access to your PCs based on how close they — and your Bluetooth-paired phones — are to them. That is, if the phone you've paired with your PC (it works for laptops, notebooks, tablets and desktops) is not found within radio range of your PC, Windows 10 turns off the screen and locks the PC after 30 seconds have elapsed. Thus, Dynamic Lock makes a dandy new security feature in Creators Update, one that most business users (or their IT departments) will find worth turning on and using.To read this article in full or to leave a comment, please click here
This past February marks the two-year anniversary when Livingston County, Michigan, was hit by ransomware. The wealthiest county in the state had three years’ worth of tax information possibly at the mercy of cybercriminals.As a local government, county CIO Rich C. Malewicz said they have been a target of ransomware, but in this instance they had backups at the ready. He said the most memorable ransomware attack was a result of a watering hole campaign using malvertizing to infect users visiting a local news website. “This attack was very clever in that all you had to do to get infected was visit the website, you didn't even have to click on the page. Once the user went to the local news website, they were immediately redirected to a site hosting exploit code and the infamous page appeared demanding a ransom with instructions,” he said.To read this article in full or to leave a comment, please click here
You may have run into these bots a few times. What looks like an actual human being could have been a bot sending you Twitter spam...or even worse.During the last election cycle and over the past few months in particular, it’s now widely known that Twitter bots -- many with zero followers -- promoted fake news stories. Often, the goal was to stir up dissension among voters, influence political viewpoints, and (more importantly) generate revenue when people viewed banner ads. Some would argue these bots helped elect President Trump or at least influenced people on social media to vote one way or another.To read this article in full or to leave a comment, please click here(Insider Story)
Many of us have experienced that moment of terror when clicking on a potentially risky link: Will it all be fine or will I start a torrent of bad outcomes from my action?But bad stuff sometimes happens and, sad as it sounds, sometimes the links we click on take us to dark places with bad outcomes. Authentic8 wants to limit those impacts by reducing the blast area of bad content.RELATED: Machine learning offers new hope against cyber attacks
Authentic8, the vendor that created the secure, virtual browser Silo, today announced that its browser will enable organizations to selectively redirect particular URLs for safe rendering within an isolated browser. The idea of this approach is that rather than trying to block any suspect content, organizations can let it through, secure in the knowledge that it can do no widespread harm. Authentic8 was founded by the team from Postini (an email security product acquired by Google).To read this article in full or to leave a comment, please click here
I can’t justify the vigilantism, but someone is bricking vulnerable IoT devices. I ponder the morality of it all. It’s called BrickerBot. It finds IoT devices with dubious security and simply bricks/disables them.Insecure dishwashers, teapots, refrigerators, security cameras—all become part of vast botnets. The botnets can do many things, and we’ve seen them become the armies behind the largest internet attacks in history. How to cleanse these devices has become the crux of many cries, including numerous ones in this space.To read this article in full or to leave a comment, please click here
New and innovative security tools seem to be emerging all the time, but the frontline defense for just about every network in operation today remains the trusty firewall. They aren’t perfect, but if configured correctly and working as intended, firewalls can do a solid job of blocking threats from entering a network, while restricting unauthorized traffic from leaving.The problem network administrators face is that as their networks grow, so do the number of firewalls. Large enterprises can find themselves with hundreds or thousands, a mix of old, new and next-gen models, probably from multiple vendors -- sometimes accidentally working against each other. For admins trying to configure firewall rules, the task can quickly become unmanageable.To read this article in full or to leave a comment, please click here(Insider Story)
New and innovative security tools seem to be emerging all the time, but the frontline defense for just about every network in operation today remains the trusty firewall. They aren’t perfect, but if configured correctly and working as intended, firewalls can do a solid job of blocking threats from entering a network, while restricting unauthorized traffic from leaving.The problem network administrators face is that as their networks grow, so do the number of firewalls. Large enterprises can find themselves with hundreds or thousands, a mix of old, new and next-gen models, probably from multiple vendors -- sometimes accidentally working against each other. For admins trying to configure firewall rules, the task can quickly become unmanageable.To read this article in full or to leave a comment, please click here(Insider Story)
New and innovative security tools seem to be emerging all the time, but the frontline defense for just about every network in operation today remains the trusty firewall. They aren’t perfect, but if configured correctly and working as intended, firewalls can do a solid job of blocking threats from entering a network, while restricting unauthorized traffic from leaving.The problem network administrators face is that as their networks grow, so do the number of firewalls. Large enterprises can find themselves with hundreds or thousands, a mix of old, new and next-gen models, probably from multiple vendors -- sometimes accidentally working against each other. For admins trying to configure firewall rules, the task can quickly become unmanageable.To read this article in full, please click here(Insider Story)
New products of the weekImage by Illusive NetworksOur roundup of intriguing new products. Read how to submit an entry to Network World's products of the week slideshow.VM Backup version 7Image by altaroTo read this article in full or to leave a comment, please click here
Annoyed with the U.S. missile strike last week on an airfield in Syria, among other things, hacker group Shadow Brokers resurfaced on Saturday and released what they said was the password to files containing suspected National Security Agency tools they had earlier tried to sell.“Is appearing you are abandoning ‘your base’, ‘the movement’, and the peoples who getting you elected,” the group wrote in broken English in a letter to U.S. President Donald Trump posted online on Saturday.The hacker group, believed by some security experts to have Russian links, released in January an arsenal of tools that appeared designed to spy on Windows systems, after trying to to sell these and other supposedly Windows and Unix hacking tools for bitcoin.To read this article in full or to leave a comment, please click here
In yet another twist to the ongoing patent and copyright infringement case between Cisco and Arista, Arista has landed a significant win that will let it once again import redesigned products to the US that have been under import embargo since January.Specifically, according to a post on Arista’s site, on “April 7, 2017, U.S. Customs and Border Protection (“CBP”) completed its review and once again ruled that Arista’s redesigned products do not infringe the ’592, ’145, or ’537 patents that were the subject of a limited exclusion order and cease and desist order issued by the United States International Trade Commission (ITC) in Investigation No. 337-TA-944 and that Arista may resume importing its redesigned products into the United States.”To read this article in full or to leave a comment, please click here
Imagine it being nearly midnight and the emergency warning sirens start wailing and continue to scream for about an hour and a half. That’s what happened in Dallas on Friday; at 11:42 p.m., the city’s 156 emergency sirens blasted out warnings and continued to wail until 1:17 a.m. on Saturday. Dallas officials claim the siren warning system was hacked and it was one of the largest breaches of an emergency siren system.At first, a city spokesperson blamed the blaring sirens on a “system malfunction.” The 1.6 million people in the city were asked to stop calling 911 because there was no emergency. The normal wait time for a 911 call in Dallas is reportedly 10 seconds, but at one point the 911 system was so clogged with calls that the wait time stretched to six minutes.To read this article in full or to leave a comment, please click here
A former FireEye engineer has kicked off a startup whose machine learning and artificial intelligence technologies will compete against his former employer’s threat-prevention platforms.SlashNext makes Active Cyber Defense System, a service with a cloud-based learning component that can detect data exfiltration, malware, exploits and social engineering attacks, says the company’s founder and CEO Atif Mushtaq. SlashNext
SlashNext CEO Atif Mushtaq: "The system has a low false positive rate."To read this article in full or to leave a comment, please click here
A group of hackers who claimed to hold millions of iCloud accounts for ransom said on Friday they'd been paid. But one bitcoin expert says that's bogus. The Turkish Crime Family grabbed headlines last month by claiming they had the stolen login credentials for more than 700 million icloud.com, me.com and mac.com accounts. They demanded increasing ransoms from Apple while threatening to wipe the data from devices connected to the affected accounts if it did not.On Friday, the hackers tweeted that they had been paid US$480,000 in bitcoin. As proof, the group posted a link showing a transaction on Blockchain.info, a popular bitcoin wallet. To read this article in full or to leave a comment, please click here
This Amazon #1 best selling solar security light is super bright and easy to install wherever you need it. It features 3 modes: (1) Always on, (2) Dim until motion is detected, and (3) Off until motion is detected. It's designed with a large sensor that will detect motion over a larger distance, and 20 LED lights that the company claims are larger and more powerful than the competition offers. Being weatherproof, this is a light you can mount anywhere you need it outdoors. The Liton outdoor motion sensing light averages 4.5 out of 5 stars from over 1,800 people (see reviews), and a 2-pack is currently being offered at $31.99, a 20% discount over its typical list price of $39.99. See it now on Amazon.To read this article in full or to leave a comment, please click here
This Amazon #1 best selling solar security light is super bright and easy to install wherever you need it. It features 3 modes: (1) Always on, (2) Dim until motion is detected, and (3) Off until motion is detected. It's designed with a large sensor that will detect motion over a larger distance, and 20 LED lights that the company claims are larger and more powerful than the competition offers. Being weatherproof, this is a light you can mount anywhere you need it outdoors. The Liton outdoor motion sensing light averages 4.5 out of 5 stars from over 1,800 people (see reviews), and a 2-pack is currently being offered at $31.95, a 20% discount over its typical list price of $49.99. See it now on Amazon.To read this article in full or to leave a comment, please click here
When the source code to a suspected Russian-made malware leaked online in 2013, guess who used it? A new release from WikiLeaks claims the U.S. CIA borrowed some of the code to bolster its own hacking operations.On Friday, WikiLeaks released 27 documents that allegedly detail how the CIA customized its malware for Windows systems.The CIA borrowed a few elements from the Carberp financial malware when developing its own hacking tool known as Grasshopper, according to those documents.Carberp gained infamy as a Trojan program that can steal online banking credentials and other financial information from its victims' computers. The malware, which likely came from the criminal underground, was particularly problematic in Russia and other former Soviet states.To read this article in full or to leave a comment, please click here
Twitter has withdrawn a lawsuit against the U.S. government after the Customs and Border Protection backed down on a demand that the social media outlet reveal details about a user account critical of the agency.The lawsuit, filed Thursday, contended that the customs agency was abusing its investigative power. The customs agency has the ability to get private user data from Twitter when investigating cases in areas such as illegal imports, but this case was far from that.The target of the request was the @alt_uscis account, one of a number of "alt" accounts that have sprung up on Twitter since the inauguration of President Donald Trump. The accounts are critical of the new administration and most claim to be run by current or former staff members of government agencies.To read this article in full or to leave a comment, please click here
Hackers have started adding data-wiping routines to malware that's designed to infect internet-of-things and other embedded devices. Two attacks observed recently displayed this behavior but likely for different purposes.Researchers from Palo Alto Networks found a new malware program dubbed Amnesia that infects digital video recorders through a year-old vulnerability. Amnesia is a variation of an older IoT botnet client called Tsunami, but what makes it interesting is that it attempts to detect whether it's running inside a virtualized environment.To read this article in full or to leave a comment, please click here
After 40 critical vulnerabilities on Samsung's Tizen -- used in smart TVs and smartwatches -- were exposed this week by Israeli researcher Amihai Neiderman, the company is scrambling to patch them.But Samsung still doesn't know many of the bugs that need to be patched. It's also unclear when Tizen devices will get security patches, or if older Tizen devices will even get OS updates to squash the bugs.Beyond Samsung's smart TVs, Tizen is also used in wearables like Gear S3 and handsets like Samsung's Z-series phones, which have sold well in India. Samsung wants to put Tizen in a range of appliances and IoT devices. Tizen also has been forked to be used in Raspberry Pi.To read this article in full or to leave a comment, please click here