Crooks are stealing code from the purveyors of Petya ransomware and using it to extort money from innocent victims, stiffing the creators of the malware out of the cut they are supposed to get.Rather than following the rules of licensing Petya, another criminal group is stealing and modifying the ransomware so they can use it without paying, according to the SecureList blog by researchers at Kaspersky Lab.+More on Network World: DARPA fortifies early warning system for power-grid cyber assault+To read this article in full or to leave a comment, please click here
The U.S. Department of Justice yesterday argued that it should not have to reveal the maker of a tool used last year to crack an alleged terrorist's iPhone or disclose how much it paid for the hacking job, court documents showed.That tool was used last year by the FBI to access a password-protected iPhone 5C previously owned by Syed Rizwan Farook, who along with his wife, Tafsheen Malik, killed 14 in San Bernardino, Calif., in December 2015. The two died in a shootout with police later that day. Authorities quickly labeled them terrorists.In March 2016, after weeks of wrangling with Apple, which balked at a court order compelling it to assist the FBI in unlocking the iPhone, the agency announced it had found a way to access the device without Apple's help. Although the FBI acknowledged it had paid an outside group to crack the iPhone, it refused to identify the firm or how much it paid.To read this article in full or to leave a comment, please click here
Be prepared for restarts and big day of patching after Microsoft skipped Patch Tuesday in February. For March, Microsoft released 18 security bulletins split into nine critical and nine important security updates.Rated criticalMS17-006 patches 12 security issues in Internet Explorer. One of three information disclosure flaws has been publicly disclosed but is not being exploited, one of the three memory corruption bugs has been publicly disclosed but is not being exploited, and one of them has not been publicly disclosed but is being exploited. Both of the browser spoofing vulnerabilities have been publicly disclosed as has the Internet Explorer elevation of privilege flaw. The patch also addresses a scripting engine information disclosure bug and two scripting engine memory corruption flaws.To read this article in full or to leave a comment, please click here
The Defense Advanced Research Projects Agency (DARPA) continues to hone the system it hopes would quickly restore power to the U.S. electric grid in the event of a massive cyberattack. The research agency this week said it awarded defense system stalwart BAE Systems an $8.6 million contract to develop a system under its Rapid Attack Detection, Isolation and Characterization (RADICS) program that has as its central goal to develop technology that will detect and automatically respond to cyber-attacks on US critical infrastructure.+More on Network World: Cisco’s Jasper deal – one year, 18 million new IoT devices later, challenges remain+To read this article in full or to leave a comment, please click here
In a case of no honor among thieves, a group of attackers has found a way to hijack the Petya ransomware and use it in targeted attacks against companies without the program creators' knowledge.A computer Trojan dubbed PetrWrap, being used in attacks against enterprise networks, installs Petya on computers and then patches it on the fly to suit its needs, according to security researchers from antivirus vendor Kaspersky Lab.The Trojan uses programmatic methods to trick Petya to use a different encryption key than the one its original creators have embedded inside its code. This ensures that only the PetrWrap attackers can restore the affected computers to their previous state.To read this article in full or to leave a comment, please click here
A contentious piece of U.S. law giving the National Security Agency broad authority to spy on people overseas expires at the end of the year. Expect heated debate about the scope of U.S. surveillance law leading up to Dec. 31.One major issue to watch involves the way the surveillance treats communications from U.S. residents. Critics say U.S. emails, texts, and chat logs -- potentially millions of them -- are caught up in surveillance authorized by Section 702 of the Foreign Intelligence Surveillance Act (FISA).U.S. residents who communicate with foreign targets of the NSA surveillance have their data swept up in what the NSA calls "incidental" collection. The FBI can then search those communications, but it's unclear how often that happens.To read this article in full or to leave a comment, please click here
Last week, I wrote about my interview with IBM security general manager Marc van Zadelhoff, where we talked about his perspective about the transition from security analytics and operations point tools to an integrated event-based security analytics and operations platform architecture (SOAPA). In part 2 of the interview, we talked about SOAPA requirements, intelligence and the need for SOAPA to scale. You can view the interview here. Some of the highlights include:To read this article in full or to leave a comment, please click here
The connection between the FBI and Best Buy's internal service and repair organization Geek Squad went a lot further than initially thought, according to newly unsealed records in a case involving a doctor charged with child pornography after bringing in a laptop for repair. The Orange County (California) Weekly has been all over a case involving a well-respected physician Dr. Mark A. Rettenmaier. Rettenmaier took his laptop to the Mission Viejo Best Buy in November 2011 after he was unable to start it. + Also on Network World: Why you shouldn't trust Geek Squad ever again +
While performing a recovery scan of his data files, a Geek Squad technician found an image of "a fully nude, white prepubescent female on her hands and knees on a bed, with a brown choker-type collar around her neck." The technician notified his boss, who alerted the FBI. To read this article in full or to leave a comment, please click here
Endpoint detection and response (EDR) products give IT staff visibility into endpoints for detecting malicious activity, analyzing data and providing appropriate response. EDR is part of a burgeoning security market, peppered with well-known vendors such as Carbon Black, Cisco, CrowdStrike and FireEye.Anyone looking at EDR today has come across the term "threat hunting," the process of searching through voluminous amounts of data to find signs of a threat actor or emerging attack rather than relying on known threat signatures. It's a combination of threat intelligence and big data analytics. Threat hunting is a critical component of a comprehensive EDR solution and a key differentiator from endpoint protection platforms (EPPs), with which they are often confused.To read this article in full or to leave a comment, please click here(Insider Story)
User authentication is one of the basic components of any cyber security program. Identifying an individual based on a username, password or other means helps companies ensure that the person is who he or she claims to be when accessing a system, application or network.But in some cases traditional authentication processes are not enough to provide strong security throughout a user work session. That’s where continuous authentication comes in. The concept is still relatively new, and experts say few products yet exist in the market. But it’s gaining more attention as companies look for ways to prevent unauthorized access to their critical business data.To read this article in full or to leave a comment, please click here
Efforts to stop Mirai, a malware found infecting thousands of IoT devices, have become a game of whack-a-mole, with differing opinions over whether hackers or the security community are making any headway.The malicious code became publicly available in late September. Since then, it’s been blamed for enslaving IoT devices such as DVRs and internet cameras to launch massive distributed denial-of-service attacks, one of which disrupted internet access across the U.S. in October.The good news: Last month, police arrested one suspected hacker who may have been behind several Mirai-related DDoS attacks.To read this article in full or to leave a comment, please click here
Has the CIA ever spied on you? That’s a key question swirling around the WikiLeaks document dump that allegedly details the U.S. agency's secret hacking tools.
The documents themselves don't reveal much about who the CIA might have snooped on. But the agency certainly has the power to spy on foreigners outside the U.S., said Paul Pillar, a former deputy counterterrorism chief with the CIA.
That's its job after all: to collect foreign intelligence. But even so, the CIA is pretty selective with its targets. To read this article in full or to leave a comment, please click here
Sen. Ben Sasse (R-Neb.) Saturday claimed that hackers were trying to gain access to his personal and government-issued devices through bogus password-reset notifications.In a short flurry of Twitter messages, Sasse blamed the hacking attempts on his criticism of WikiLeaks and its founder, Julian Assange, earlier in the week."Heads-up...I've been critical of Assange & WikiLeaks this week. So...big surprise: Am having multiple 'password reset' attempts right now," Sasse tweeted Saturday. The probing was hitting "basically every device, every platform, personal and govt," he added in a follow-up tweet.To read this article in full or to leave a comment, please click here
That was fast. Networking veteran Jonathan Davidson is re-joining Cisco a little less than a week after resigning as rival Juniper executive VP and general manager. Cisco/Jonathan Davidson
Davidson is joining Cisco’s Service Provider Business Unit and will report to Yvette Kanouff, the senior vice president and general manager that unit.+More on Network World: Cisco’s Jasper deal – one year, 18 million new IoT devices later, challenges remain+To read this article in full or to leave a comment, please click here
You know the telepresence robots that roll around offices with a camera, microphone and iPad attached in order to give remote users a way to participate “face-to-face” in meetings? It would be trippy if an attacker were able to take control of such a robot, but also entirely possible. Today, Rapid7 revealed three security flaws it discovered in the mobile conferencing device Double Telepresence Robot.
Rapid7 researcher Deral Heiland discovered three vulnerabilities: unauthenticated access to data, static user session management, and weak Bluetooth pairing. Two of three vulnerabilities disclosed to Double Robotics were patched in January, a really quick response considering the fixes were deployed about a week after the flaws were disclosed to the company.To read this article in full or to leave a comment, please click here
Spam is once again raising its ugly head as a chief way for attackers to grab protected data.IBM’s X-Force Threat Intelligence group said today that one of the key findings from its forthcoming Threat Intelligence Index for 2017 is that spam volume grew dramatically throughout 2016, bringing with its host of new malicious attachments harboring banking Trojans and ransomware.+More on Network World: IBM technology moves even closer to human speech recognition parity+“Attackers are not limited to a single set of tools, however. The ongoing expansion of domain name choices has added another instrument to the spammer’s toolbox: enticing recipients to click through to malicious sites, ultimately allowing attackers to infiltrate their networks,” wrote Ralf Iffert, Manager, X-Force Content Security in a blog about the spam findings. “More than 35% of the URLs found in spam sent in 2016 used traditional, generic top-level domains (gTLD) .com and .info. Surprisingly, over 20% of the URLs used the .ru country code top-level domain (ccTLD), helped mainly by the large number of spam emails containing the .ru ccTLD.”To read this article in full or to leave a comment, please click here
Following the recent revelations about the U.S. Central Intelligence Agency's cyberespionage arsenal, software vendors reiterated their commitments to fix vulnerabilities in a timely manner and told users that many of the flaws described in the agency's leaked documents have been fixed.While these assurances are understandable from a public relations perspective, they don't really change anything, especially for companies and users that are the target of state-sponsored hackers. The software they use is not less safe, nor better protected, than it was before WikiLeaks published the 8,700-plus CIA documents last Tuesday.To read this article in full or to leave a comment, please click here
Asynchronous vs synchronous. Dark disaster recovery vs. active architecture. Active/active vs. active/passive. No setup is objectively better or worse than another. The best one for you primarily depends on your level of tolerance for what happens when the server goes down.Security experts say how individual companies choose to save their data in anticipation of an outage depends on how long they can survive before the “lights” are turned back on. What level of availability does your company need? Is the face of your company an ecommerce site where even a few minutes offline can cost an astronomical sum? Will the cost of an active-active system outweigh the potential loss of business from an outage?To read this article in full or to leave a comment, please click here
Ransomware doesn’t sneak into your PC like ordinary malware. It bursts in, points a gun at your data, and screams for cash—or else. And if you don’t learn to defend yourself, it could happen again and again.Armed gangs of digital thieves roaming the information superhighway sounds like an overwrought action movie, but the numbers say it’s true: Ransomware attacks rose from 3.8 million in 2015 to 638 million in 2016, an increase of 167 times year over year, according to Sonicwall—even as the number of malware attacks declined. Why steal data when you can simply demand cash?To read this article in full or to leave a comment, please click here
While this blog is nominally mine, I don’t come up with ideas in a vacuum. This article on W-2 scams sprung from a conversation I had with my colleague Steve Williams, who ended up being my co-author. Check out more about him at the end of this piece.Multiple times each year, LinkedIn feeds and information security forums light up with examples of the latest and greatest versions of phishing attacks. Most recently the hot stories have been about a simple targeted request that avoids links, attachments, and malware, plays friendly with email filters, and appears extremely urgent to the recipient. This form of phishing is known as the W-2 scam.To read this article in full or to leave a comment, please click here