Two powerful U.S. lawmakers are pushing President Donald Trump administration's to tell them how many of the country's residents are under surveillance by the National Security Agency.In a letter sent Friday, Representatives Bob Goodlatte and John Conyers Jr. asked the Office of the Director of National Intelligence to provide an estimate of the number of U.S. residents whose communications are swept up in NSA surveillance of foreign targets. Goodlatte, a Republican, is chairman of the House Judiciary Committee, and Conyers is the committee's senior Democrat.Committee members have been seeking an estimate of the surveillance numbers from the ODNI for a year now. Other lawmakers have been asking for the surveillance numbers since 2011, but ODNI has failed to provide them.To read this article in full or to leave a comment, please click here
In this era where disinformation, alternative facts and other falsehoods are the rule of the day, the researchers at DARPA are looking to build a mechanism that can glean some truth from the obfuscation.DARPA says the program, called Active Interpretation of Disparate Alternatives (AIDA), looks to develop a “semantic engine” that generates alternative interpretations or meaning of real-world events, situations, and trends based on data obtained from an extensive range of channels. The program aims to create technology capable of aggregating and mapping pieces of information automatically derived from multiple media sources into a common representation or storyline, and then generating and exploring multiple theories about the true nature and implications of events, situations, and trends of interest, DARPA says. +More on Network World: DARPA plan would reinvent not-so-clever machine learning systems+ To read this article in full or to leave a comment, please click here
This column is available in a weekly newsletter called IT Best Practices. Click here to subscribe. The U.S. Department of Homeland Security (DHS) received reports of 59 cyber incidents at energy facilities in 2016. This is an increase of nearly a third over 2015. Security specialists believe this number is quite conservative, considering that energy companies aren’t required to report cyberattacks to DHS.But the actual number of incidents isn’t the really concerning part of the story. More worrisome, say federal cybersecurity officials and private security specialists, is that the vast majority of energy industry companies lack the technology and personnel to continuously monitor their operational systems for anomalous activity, which leaves them unable to detect intrusions when they happen. Consequently, they don’t even know about incidents to be able to report them.To read this article in full or to leave a comment, please click here
I’ve worked with McAfee for a long time—from its independent days, during the Network Associates timeframe, through financial issues, back to McAfee and the go-go Dave DeWalt era, and finally as Intel Security. To be honest, Intel’s acquisition of McAfee was always a head-scratcher for me. The 20-somethings on Wall Street crowed about Intel cramming McAfee security in its chip set, but this made no sense to me—Intel had long added security (and other) functionality into its processors with lukewarm market reception. The two cultures were a mismatch, as well. Ultimately, it seems Intel came to a similar conclusion and recently spun out McAfee in a private equity stew. To read this article in full or to leave a comment, please click here
A cycle of increasing new malware is well underway and could last the rest of this year if a trend established over the past two years continues.Defenders enjoyed a nine-month dip in malware innovation last year, but that’s over with, according to a cycle identified by McAfee Labs.Its latest McAfee Labs Threats Report says that starting at the beginning of 2015, the volume of new threats has fluctuated in a regular pattern, with two to three quarters of growth followed by three quarters of decline. The last three quarters of 2016 showed decline, so the next uptick should have started last quarter.To read this article in full or to leave a comment, please click here
Robots are supposed to do good things for us, not bad things to us.But there is plenty of evidence that, like the billions of other connected devices that make up the Internet of Things (IoT), the growth of robot technology is coming with loads of features, but not much of a security blanket.More evidence came in a report on home, business and industrial robots released last month by security research firm IOActive, which found that “most” of them lacked what experts generally call “basic security hygiene.”Those included the predictable list: Insecure communication channels, critical information sent in cleartext or with weak encryption, no requirement for user names or passwords for some services, weak authentication in others, and a lack of sufficient authorization to protect critical functions such as software installation or updates.To read this article in full or to leave a comment, please click here
Attackers are exploiting a vulnerability patched last month in the Apache Struts web development framework to install ransomware on servers.The SANS Internet Storm Center issued an alert Thursday, saying an attack campaign is compromising Windows servers through a vulnerability tracked as CVE-2017-5638.The flaw is located in the Jakarta Multipart parser in Apache Struts 2 and allows attackers to execute system commands with the privileges of the user running the web server process.This vulnerability was patched on March 6 in Struts versions 2.3.32 and 2.5.10.1. Attackers started exploiting the flaw almost immediately, leaving very little time for server administrators to deploy the update.To read this article in full or to leave a comment, please click here
A group of what appears to be Chinese hackers infiltrated a U.S. trade-focused lobbying group as the two countries wrestle with how they treat imports of each other's goods and services.The APT10 Chinese hacking group appears to be behind a "strategic web compromise" in late February and early March at the National Foreign Trade Council, according to security vendor Fidelis Cybersecurity.The NFTC lobbies for open and fair trade and has pledged to work with U.S. President Donald Trump to "find ways to address Chinese policies that frustrate access to their market and undermine fair trade, while at the same time encouraging a positive trend in our trade relationship." Trump will meet with China President Xi Jinping in Florida this week.To read this article in full or to leave a comment, please click here
With attacks against Mac users growing in number and sophistication, endpoint security vendor F-Secure has decided to acquire Little Flocker, a macOS application that provides behavior-based protection against ransomware and other malicious programs.Little Flocker can be used to enforce strict access controls to a Mac's files and directories as well as its webcam, microphone and other resources. It's particularly effective against ransomware, spyware, computer Trojans and other malicious programs that attempt to steal, encrypt or destroy files.F-Secure plans to integrate Little Flocker, which it calls "the most advanced security technology available for Macs," into its new Xfence technology. Xfence is designed to add behavioral-based protection to its existing endpoint security products for macOS.To read this article in full or to leave a comment, please click here
Office scanners are now susceptible to attack, according to researchers. The ubiquitous office equipment’s light-sensitivity can allow passing vehicles, or laser-carrying drones to trigger malware in a network, says a research team from two Israeli universities.The computer experts say they have been able to successfully create a test “covert channel” between a server and flatbed scanner. The proof-of-concept hack, in some experimental cases, was performed almost a kilometer away from the scanner. They used a kind of infiltrating illumination to fool the device.Numerous light sources could be used, they say. Hijacked smart bulbs and lasers were both used for the data-grab in experiments, the Ben-Gurion University of the Negev, and Weizmann Institute of Science researchers say in their paper (PDF).To read this article in full or to leave a comment, please click here
Today's CISOs are undoubtedly overwhelmed with trying to make the most informed, efficient, and economical decisions about securing the most valuable assets in the enterprise. In the days of old, those decisions were a little bit easier because investing in prevention provided decent protection.That's not true today, which is why Ira Winkler president of Secure Mentem and author of Advanced Persistent Security said that trying to protect against every threat is not cost efficient.Shifting the mentality of those defenders who came to age in the world of preventative protection has been slow going. As a result, some security programs are failing, "Not because the bad guys got in, but because they got out," Winkler said.To read this article in full or to leave a comment, please click here
Certificate authorities (CAs) have given themselves a black eye lately, making it hard for users to trust them. Google stopped trusting Symantec after discovering the CA had mis-issued thousands of certificates over several years, and researchers found that phishing sites were using PayPal-labeled certificates issued by Linux Foundation’s Let’s Encrypt CA. Even with these missteps, the CAs play a critical role in establishing trust on the internet.To read this article in full or to leave a comment, please click here
The problem: spearphishingImage by John Singleton Copley/National Gallery of ArtSpearphishing is a top attack vector used by cyber adversaries today. Consists of fraudulent emails that appear to be legitimate which target specific organizations, groups, or individuals to gain access to information systems. Targeted spear phishing also leverages social engineering which includes research about specific targets of interest. Organizations rely on email connectivity with the outside to function and thus is an entry into a potential target’s environment that bypasses many of the legacy security stack.To read this article in full or to leave a comment, please click here
The U.S. might add other airports to its ban restricting passengers from bringing laptops and other electronics into the cabin for certain flights from the Middle East.“We may take measures in the not too distant future to expand the number of airports,” said Homeland Security secretary John Kelly on Wednesday during a congressional hearing.Last month, the U.S. announced the ban, which affects ten airports, all of which are in Muslim-majority countries. Passengers flying to the U.S. are barred from bringing any electronic devices larger than a smartphone into a plane’s cabin, and must instead check them in as baggage. To read this article in full or to leave a comment, please click here
Cisco warned of a variety of vulnerabilities – from letting attackers issue DDOS attack to making devices unexpectedly reload -- in some of its wireless access point and LAN gear.The only critical alert came for vulnerability in Cisco Wave 2 Aironet 1830 Series and Cisco Aironet 1850 Series Access Points.In those devices, running Cisco Mobility Express Software, a vulnerability could let an unauthenticated, remote attacker take complete control of an affected device, the company stated.+More on Network World: Cisco expands wireless reach with access points, management software+To read this article in full or to leave a comment, please click here
A critical vulnerability in the widely used Xen hypervisor allows attackers to break out of a guest operating system running inside a virtual machine and access the host system's entire memory.This is a serious violation of the security barrier enforced by the hypervisor and poses a particular threat to multi-tenant data centers where the customers' virtualized servers share the same underlying hardware.The open-source Xen hypervisor is used by cloud computing providers and virtual private server hosting companies, as well as by security-oriented operating systems like Qubes OS.The new vulnerability affects Xen 4.8.x, 4.7.x, 4.6.x, 4.5.x, and 4.4.x and has existed in the Xen code base for over four years. It was unintentionally introduced in December 2012 as part of a fix for a different issue.To read this article in full or to leave a comment, please click here
I admit it: Like most people, I’m terrible at passwords. Too often I use too-simple passwords, and I don’t always come up with a new one for every site and service I log into. Then, when I do come up with a strong, unique password, I often forget it entirely and have to request an email to reset it—typically to something either too easy to guess or something I’ll instantly forget again.+ Also on Network World: Stop using password manager browser extensions +
That’s why password managers exist. They’re designed to let you enter a single, secure password in one place and then generate new, strong passwords for every application where you need one.To read this article in full or to leave a comment, please click here
Data center transformation has delivered better resource utilization, scalability and automation for data center environments. While software-defined networking (SDN) and automation platforms can tie in network security, the options have been largely inflexible and static, limiting the amount of security automation that can be delivered. This has become even more apparent as DevOps environments continue to grow.MORE ON NETWORK WORLD: Understanding Software-Defined Networking
Micro-segmentation as a concept has been around for several years. It has recently become more mainstream with organizations now dedicating budgets and personnel to micro-segmentation projects. Micro-segmentation itself is really an evolution in network security. While many of the concepts (i.e. private VLANs) have been around for years, the implementation and use of these has evolved with micro-segmentation. To read this article in full or to leave a comment, please click here
Opera Software today boasted that the number of new U.S. users of its namesake browser more than doubled days after Congress voted to repeal restrictions on broadband providers eager to sell customers' surfing history.Opera debuted a VPN -- virtual private network -- a year ago, and finalized the feature in September. A VPN disguises the actual IP address of the user, effectively anonymizing the browsing, and encrypts the data transmitted to and from sites, creating a secure "tunnel" to the destination.By using a VPN, U.S. users block their Internet service providers (ISPs) from recording their online activity.To read this article in full or to leave a comment, please click here
Tis’ the season for tax villains. The notion that spam has been increasing lately has been obvious recently and for more evidence of that nasty trends you need look no further than this fact: From Dec 2016 to Feb 2017, IBM X-Force researchers saw a 6,000% increase in tax-related spam emails.And that’s just one of a number of tax season scams and frauds IBM X-Force security researchers have been tracking in a report “Cybercrime Riding Tax Season Tides: Trending Spam and Dark Web Findings” issued today.+More on Network World: IRS Dirty Dozen: Phishing, phone cons and identity theft lead scam list for 2017+To read this article in full or to leave a comment, please click here