The U.K. is joining the U.S. in its ban restricting passengers from bringing some electronic devices onto flights from the Middle East.Phones, laptops, and tablets that are larger than 16 cm (6.3 inches) in length and wider than 9.3 cm will no longer be allowed in the cabin on select flights coming from several Middle Eastern countries, the U.K.'s department of transportation said on Tuesday. The U.K. said it was in "close contact" with the U.S. since the country announced its own ban on Monday. However, the U.K. made no mention of any specific risk, only that it faces "evolving" terrorism threats. To read this article in full or to leave a comment, please click here
Organizations that use the popular Moodle learning management system should deploy the latest patches as soon as possible because they fix vulnerabilities that could allow attackers to take over web servers.Moodle is an open source platform used by schools, universities, and other organizations to set up websites with interactive online courses. It's used by more than 78,000 e-learning websites from 234 countries that together have more than 100 million users.A week ago the Moodle developers released updates for the still supported branches of the platform: 3.2.2, 3.1.5, 3.0.9 and 2.7.19. The release notes mentioned that "a number of security related issues were resolved," but didn't provide any additional details about their nature or impact.To read this article in full or to leave a comment, please click here
A few years ago, ESG (and other) research indicated that security concerns posed the biggest impediment for more pervasive use of cloud computing. What happened next? Business executives and CIOs found that cloud agility, flexibility and potential cost savings were too good to pass up, creating a “cloud or bust” mentality. Naturally, CISOs had to do their best and go along for the ride whether they were ready or not.+ Also on Network World: The top 12 cloud security threats +
So, how’s cloud security going at this point? ESG research indicates it is still a work in progress. As part of a recent survey, cybersecurity professionals were presented with a series of statements about cloud security and asked whether they agreed or disagreed with each one. Here are some of the results:To read this article in full or to leave a comment, please click here
Technophobic thrillers in popular media are always trying to convince us hackers are just a few malicious keystrokes away from crashing the world economy. And while doing such a thing is more complicated than just “deleting all the money,” one could certainly do a great deal of damage by changing what a computer thinks is true.Wouldn’t it be great if there were software that could guarantee which data was and was not correct, backed up by the most powerful computer processors available? I give you blockchain, which more and more fiscal institutions are using to protect their data, backed up by the undeniable power of mainframes.RELATED: Inside Bank of America's IT transformation
Blockchain first entered the public’s (OK, the techie public’s) awareness in the orbit of Bitcoin, as a means of securing that controversial digital currency’s code against someone who decided to break into the right server and add a couple zeroes to their account. But Bitcoin haters need not close this tab in disgust just yet, as blockchain has come into its own as a reliable security measure for more than just black market storefronts.To read this article in full or to leave a comment, please Continue reading
Mozilla last week patched a Firefox vulnerability just a day after it was revealed during Pwn2Own, the first vendor to fix a flaw disclosed at the hacking contest."Congrats to #Mozilla for being the first vendor to patch vuln[erability] disclosed during #Pwn2Own," tweeted the Zero Day Initiative (ZDI) Monday. ZDI, the bug brokerage run by Trend Micro, sponsored Pwn2Own.[ To comment on this story, visit Computerworld's Facebook page. ]
Mozilla released Firefox 52.0.1 on Friday, March 17, with a patch for the integer overflow bug that Chaitin Security Research Lab leveraged in an exploit at Pwn2Own on Thursday, March 16. The Beijing-based group was awarded $30,000 by ZDI for the exploit, which combined the Firefox bug with one in the Windows kernel.To read this article in full or to leave a comment, please click here
Why Have a BYOD Policy?Image by ThinkstockIn today’s work environment, employees are increasingly expected to be constantly available and communicating. Regardless of whether the company permits it, employees will use their personal devices for work. Instead of ignoring the inevitable, companies should develop and implement a BYOD policy that protects the company and balances productivity with security. Brandon N. Robinson Partner, Balch & Bingham LLP - Privacy and Data Security Practice, provides some tips.To read this article in full or to leave a comment, please click here
The U.S. Department of Homeland Security has ordered that passengers on flights departing for the U.S from 10 airports in the Middle East and Africa will have to carry personal electronics larger than a smartphone as checked baggage, citing increased terror threats.Giving the approximate size of a commonly available smartphone as a guideline for passengers, the DHS said that laptops, tablets, e-readers, cameras, portable DVD players, electronic game units larger than smartphones, and travel printers or scanners were the kind of personal electronics that would not be allowed in the cabin and would have to be carried as checked baggage.Approved medical devices may be brought into the cabin after additional screening. The size of smartphones is well understood by most passengers who fly internationally, according to the DHS, which in any case asked passengers to check with their airline if they are unsure whether their smartphone is impacted.To read this article in full or to leave a comment, please click here
It’s hard to fathom and may be even harder for it to happen but a couple NASA-funded scientists say Mars might have had Saturn-like rings around it in the past and may have them again sometime in the distant future.NASA’s Jet Propulsion Lab said Purdue University scientists David Minton and Andrew Hesselbrock developed a model that suggests debris that was pushed into space from an asteroid or other body slamming into Mars around 4.3 billion years ago alternates between becoming a planetary ring and clumping together to form a moon.More on Network World: Elon Musk’s next great adventure: Colonizing Mars+To read this article in full or to leave a comment, please click here
Future U.S. elections may very well face more Russian attempts to interfere with the outcome, the FBI and the National Security Agency warned on Monday.“They’ll be back,” said FBI director James Comey. “They’ll be back in 2020. They may be back in 2018.”Comey made the comment during a congressional hearing on Russia’s suspected efforts to meddle with last year’s presidential election. Allegedly, cyberspies from the country hacked several high-profile Democratic groups and people, in an effort to tilt the outcome in President Donald Trump’s favor.To read this article in full or to leave a comment, please click here
Two teams of researchers managed to win the biggest bounties at this year's Pwn2Own hacking contest by escaping from the VMware Workstation virtual machine and executing code on the host operating system.Virtual machines are in used in many scenarios to create throw-away environments that pose no threat to the main operating system in case of compromise. For example, many malware researchers execute malicious code or visit compromise websites inside virtual machines to observe their behavior and contain their impact.One of the main goals of hypervisors like VMware Workstation is to create a barrier between the guest operating system that runs inside the virtual machine and the host OS where the hypervisor runs. That's why VM escape exploits are highly prized, more so than browser or OS exploits.To read this article in full or to leave a comment, please click here
A vulnerability in Cisco’s widely deployed IOS software that was disclosed in the recent WikiLeaks dump of CIA exploits has triggered the company to release a critical warning for its Catalyst networking customers.+More on Cisco Security on Network World: Cisco security advisory dump finds 20 warnings, 2 critical+The vulnerability -- which could let an attacker cause a reload of an affected device or remotely execute code and take over a device -- impacts more than 300 models of Cisco Catalyst switches from the model 2350-48TD-S Switch to the Cisco SM-X Layer 2/3 EtherSwitch Service Module.To read this article in full or to leave a comment, please click here
They came from miles around to carry out a hallowed, decade-long mission: To eat your lunch. The security researchers assembled at the Pwn2Own 2017 hacking competition, sponsored by Trend Micro, and occasionally grouped together, then performed essentially zero-day exploits (at least by the rules, heretofore unknown) on your favorite stuff, such as Windows, MacOS and Linux. Smoldering pits in the screen were left, as teams collected cash prizes and creds. RELATED: How San Diego fights off 500,000 cyberattacks a day
For giggles and grins, a Type 2 Hypervisor, VMWare Workstation was also left for shrapnel, one of the first times a hypervisor has been penetrated by a virtual machine in this way. It wasn’t a cascade effect, but rather a shot across the bow. I suspect there are more ways to penetrate a foundational hypervisor, too, but they haven’t been seen in captivity to my knowledge. To read this article in full or to leave a comment, please click here
The FBI is actively investigating Russia's attempts to influence the 2016 U.S. presidential election and possible cooperation from President Donald Trump's campaign, agency director James Comey confirmed.
The existence of an investigation isn't a surprise, but Comey's announcement Monday is the first time the FBI has acknowledged an active case. The FBI typically does not comment on active investigations, but the Russian actions targeting the U.S. election represents an "unusual" case, he told members of the House of Representatives Intelligence Committee.
Comey told lawmakers he couldn't comment more on the investigation, but he said the FBI is looking into possible contacts and cooperation between the Trump campaign and the Russian government. The FBI is looking into "the nature of any links" between the Trump campaign and the Russian government, he said.To read this article in full or to leave a comment, please click here
A man accused of sending an animated GIF of a strobe light to a reporter who has epilepsy was arrested and charged with criminal cyberstalking with the intent to kill or cause bodily harm.Back on Dec. 15, 2016, Twitter user @jew_goldstein tweeted a flashing image to Newsweek reporter Kurt Eichenwald along with the message: “YOU DESERVE A SEIZURE FOR YOUR POSTS.” Eichenwald, who has epilepsy, immediately suffered a seizure.After Eichenwald's wife found him on the floor and called 911, she replied to @jew_goldstein, telling him that the tweet caused a seizure. “I have your information and have called the police to report the assault,” she wrote.To read this article in full or to leave a comment, please click here
In January, a bank in Edina, Minnesota, received a request for a $28,500 wire transfer from someone claiming to be local resident Douglas Junker. Though bolstered with a faked picture of a passport, the request later turned out to be fraudulent, and local cops were reportedly stymied on how to catch the thief. Until, that is, they came up with a novel idea: Hoping to find out how the fraudster got the picture, Edina Police Detective David Lindman applied for a search warrant to obtain the names, email addresses, account information and IP addresses of everyone in the entire town of 50,000 who had searched for any variation of the victim’s name between Dec. 1, 2016, and Jan. 7, 2017. To read this article in full or to leave a comment, please click here
Another sizeable payment card data breach has been discovered at a U.S. restaurant chain.In the latest example, several high-end eateries run by Select Restaurants in Cleveland were the victims of fraudulent cards used by customers at its restaurants, according to a report posted Thursday on KrebsOnSecurity, a reliable site written by reporter Brian Krebs. Krebs said he learned about the case from anti-fraud teams at multiple financial institutions investigating "a great deal of fraud on cards used at a handful of high-end restaurants around the country."To read this article in full or to leave a comment, please click here
1Password recently raised its top bug bounty reward from $25,000 to $100,000. They increased the amount to further incentivize researchers, according to its blog. Separately Google paid out $3 million last year for its vulnerability reward program.But how are these figures determined?David Baker, vice president of operations at Bugcrowd, believes these big bounties demonstrate that organizations are really starting to think about the market and where the market is pricing vulnerabilities.To read this article in full or to leave a comment, please click here
Social engineering is the strongest method of attack against the enterprise’s weakest vulnerability, its people. Criminal hackers recognize this fact. In 2015, social engineering became the No. 1 method of attack, according to Proofpoint’s 2016 Human Factor Report.These successful social engineering methods often use phishing and malware. But deceptive information assailants have more tools and approaches to draw on than these.That’s why CSO covers six of the most effective social engineering techniques that attackers use both on and off the internet, providing insights into how each one works, what it accomplishes, and the technologies, methods, and policies for detecting and responding to social saboteurs and keeping them at bay.To read this article in full or to leave a comment, please click here(Insider Story)
The IT vendor landscape is constantly in flux, with mergers, acquisitions, new technology developments and the growth of the cloud having a huge impact on which companies might be the most strategic partners for organizations looking to enhance their technology infrastructure.
Consider some of the major technology merger and acquisition activities just over the past year: Microsoft acquired LinkedIn, Oracle acquired NetSuite, Broadcom acquired Brocade, HPE is buying Nimble Storage, and Dell acquired EMC.To read this article in full or to leave a comment, please click here(Insider Story)
New products of the weekImage by SolarWindsOur roundup of intriguing new products. Read how to submit an entry to Network World's products of the week slideshow.Asavie Industrial IoT Accelerator KitImage by asavieTo read this article in full or to leave a comment, please click here