Archive

Category Archives for "Network World Security"

IDG Contributor Network: Botnets: Is your network really protected?

The tech world moves at a tremendous pace, unleashing wave after wave of innovation intended to improve our everyday lives. Many new devices, from security cameras to fridges, or TVs to baby monitors, are now internet connected. This affords us remote access and facilitates the collection of data, which is ostensibly used to make our systems “smarter.”However, it also opens new doors into our offices and homes through which hackers can come uninvited.There were around 6.4 billion connected things in use worldwide in 2016, and that’s set to grow to 8.4 billion this year, according to Gartner. There’s no doubt that the Internet of Things (IoT) will bring many benefits, but it also brings greater risk.To read this article in full or to leave a comment, please click here

Zix wins 5-vendor email encryption shootout

Email encryption products have made major strides since we last looked at them nearly two years ago. They have gotten easier to use and deploy, thanks to a combination of user interface and encryption key management improvements, and are at the point where encryption can almost be called effortless on the part of the end user. Our biggest criticism in 2015 was that the products couldn’t cover multiple use cases, such as when a user switches from reading emails on their smartphone to moving to a webmailer to composing messages on their Outlook desktop client. Fortunately, the products are all doing a better job handling multi-modal email.To read this article in full or to leave a comment, please click here(Insider Story)

Zix wins 5-vendor email encryption shootout

Email encryption products have made major strides since we last looked at them nearly two years ago. They have gotten easier to use and deploy, thanks to a combination of user interface and encryption key management improvements, and are at the point where encryption can almost be called effortless on the part of the end user.Our biggest criticism in 2015 was that the products couldn’t cover multiple use cases, such as when a user switches from reading emails on their smartphone to moving to a webmailer to composing messages on their Outlook desktop client. Fortunately, the products are all doing a better job handling multi-modal email.To read this article in full or to leave a comment, please click here(Insider Story)

Zix wins 5-vendor email encryption shootout

Email encryption products have made major strides since we last looked at them nearly two years ago. They have gotten easier to use and deploy, thanks to a combination of user interface and encryption key management improvements, and are at the point where encryption can almost be called effortless on the part of the end user.Our biggest criticism in 2015 was that the products couldn’t cover multiple use cases, such as when a user switches from reading emails on their smartphone to moving to a webmailer to composing messages on their Outlook desktop client. Fortunately, the products are all doing a better job handling multi-modal email.To read this article in full, please click here(Insider Story)

On web’s 28th anniversary, its creator Tim Berners-Lee takes aim at fake news

Today, on the 28th anniversary of the web, its creator warned of three trends that must die for the web to be all that it should be. One of those is the spreading of fake news.On March 12, 1989, Tim Berners-Lee submitted his original proposal for the creation of the World Wide Web. 28 years later, in an open letter, Berners-Lee said that in the last 12 months, “I’ve become increasingly worried about three new trends, which I believe we must tackle in order for the web to fulfill its true potential as a tool which serves all of humanity.” We’ve lost control of our personal data. It’s too easy for misinformation to spread on the web. Political advertising online needs transparency and understanding. As it stands now for most of the web, people get free content in exchange for their personal data. Once companies have our data, we no longer have control over with whom it is shared. We can’t pick and choose what gets shared; it’s generally “all or nothing.”To read this article in full or to leave a comment, please click here

Cisco issues critical warning around Apache Struts2 vulnerability

Cisco's security team today called the weakness in Apache Struts “critical” and is evaluating many its products to assess the impact.The company said it will publish a list of vulnerable products here as it learns of them.Earlier this week Apache revealed a vulnerability in the Jakarta multipart parser used in Apache Struts2 that could let an attacker execute commands remotely on the targeted system using what’s known as acrafted Content-Type header value.-More on Network World: Cisco’s Jasper deal – one year, 18 million new IoT devices later, challenges remain+To read this article in full or to leave a comment, please click here

IDG Contributor Network: Tech crime as a service escalates

Criminals are increasingly offered crime as a service (CaaS) and are using sharing-economy ride-sharing and accommodation services, too, a major law enforcement agency says.Europol, the European Union’s policing office says tech-oriented CaaS is being offered to swathes of the underbelly of Europe. Criminals gain an advantage because they can perform crimes better and more efficiently, and they can work at scales greater than their existing technical proficiency.+ Also on Network World: Anonymous hacker causes dark web to shrink by as much as 85% + An estimated 5,000 internationally operating crime gangs are currently being investigated in the trading bloc, according to Europol.To read this article in full or to leave a comment, please click here

Anonymous hacker causes dark web to shrink by as much as 85%

An attack by Anonymous, the shadowy hacker crew that seems to alternate between good guys and bad guys depending on the issue, help cut the dark web down by as much as 85 percent, according to a new report. Anonymous turned its sights on Freedom Hosting II, a hosting service for Tor-based sites, at the start of February. Freedom Hosting II (FHII) was the host to over 10,000 dark web sites, many of them hosting images of sexually abused children. It was named after another host, Freedom Hosting, that Anonymous took down in 2011. An Anonymous hacker went after the service after they discovered the provider knew what was going on and did nothing to stop it. The hacker who did it told Vice it was his first hack, and he didn't intend to take down the site—just look through it. When he found large amounts of child porn, he deduced the site knew what was going on and he decided to take down the hosts. To read this article in full or to leave a comment, please click here

IBM’s position on Security Analytics and Operations (SOAPA)

Just what is a security operations and analytics platform architecture (SOAPA) anyway? In the past, most enterprises anchored their security analytics and operations with one common tool: Security Information and Event Management (SIEM) systems. Now, SIEM still plays a major role here, but many organizations are supplementing their security operations centers (SOCs) with additional data, analytics tools and operations management systems. We now see SOCs as a nexus for things like endpoint detection and response tools (EDR), network analytics, threat intelligence platforms (TIPs) and incident response platforms (IRPs). In aggregate, security operations is changing, driven by a wave of new types of sensors, diverse data sources, analytics tools and operational requirements. And these changes are driving an evolution from monolithic security technologies to a more comprehensive event-driven software architecture along the lines of SOA 2.0, where disparate security technologies connected with middleware for things like data exchange, message queueing and business-level trigger conditions. To read this article in full or to leave a comment, please click here

IDG Contributor Network: Well-funded doesn’t mean well-secured

Three of my four children are of school-going age. When they arrive home in the afternoon, the youngest usually makes a dash for the games console, the middle one is tired to the point of being miserable, and the eldest announces herself loudly, wanting to share every detail from her day with anyone who will lend an ear. The only thing they all seem to have in common is that they are hungry and want dinner.RELATED: What IT admins love/hate about 8 top network monitoring tools While I'm the type of parent who makes the children fish-finger sandwiches and declares them fed, my wife prefers to serve a lavish five-course meal. In the past, she would often customize meals to meet each child's individual taste and preference. After a while, I had to put a stop to it.To read this article in full or to leave a comment, please click here

Google tries to beat AWS at cloud security

Google knows that if enterprises are going to move their critical services to its cloud, then it has to offer something that AWS doesn’t. At Google Cloud Next, the company’s leadership made the case that Google Cloud was the most secure cloud.At the conference this week, Google unveiled tools that would let IT teams provide granular access to applications, better manage encryption keys, and enforce stronger authentication mechanisms for applications running on Google Cloud. While Google is just playing catch-up to Amazon with the Key Management System for GCP, it is stepping into uncharted territory with Data Leak Prevention API by giving administrators tools that go beyond the infrastructure to protect individual applications. Google is tackling the identity access management challenge differently from Amazon, and it will be up to enterprises to decide which approach they prefer.To read this article in full or to leave a comment, please click here

Newer car tech opens doors to CIA attacks

The revelation through Wikileaks that the CIA has explored hacking vehicle computer control systems should concern consumers, particularly as more and more cars and trucks roll off assembly lines with autonomous features."I think it's a legitimate concern considering all of the computers being added to cars," said Kit Walsh, a staff attorney with the privacy group Electronic Frontier Foundation (EFF). "There's no reason the CIA or other intelligence agencies or bad actors couldn't use those vulnerabilities to hurt people.To read this article in full or to leave a comment, please click here

Danes targeted by malware spread through Dropbox

Earlier this week, Danish-speaking users were hit by malware spread through Dropbox, but the company responded quickly to shut down the attack. According to a research report by AppRiver, the attack hit Denmark, Germany, and several surrounding Scandinavian countries on Wednesday morning. The attack was unusual in that it narrowly targeted a specific audience, said Troy Gill, security analyst at AppRiver. "Somehow, they found this language-based list of email addresses," he said. "I'm not sure where they gathered it."To read this article in full or to leave a comment, please click here

Protecting the enterprise against mobile threats

Mobile devices have transformed the digital enterprise allowing employees to access the information they need to be most productive from virtually anywhere. Has that convenience come at a cost to enterprise security, though?  According to Forrester's The State of Enterprise Mobile Security: 2016 to 2017, by Chris Sherman, "Employees are going to continue to purchase and use whatever devices and apps they need to serve customers and be highly productive, whether or not these devices are company-sanctioned."To read this article in full or to leave a comment, please click here

WikiLeaks will share CIA hacking details with companies, but can they use it?

WikiLeaks plans to share details about what it says are CIA hacking tools with the tech companies so that software fixes can be developed.But will software companies want it?The information WikiLeaks plans to share comes from 8,700-plus documents it says were stolen from an internal CIA server. If the data is classified -- and it almost certainly is -- possessing it would be a crime.That was underlined on Thursday by White House press secretary Sean Spicer, who advised tech vendors to consider the legal consequences of receiving documents from WikiLeaks.To read this article in full or to leave a comment, please click here

The CIA should help vendors patch the flaws it was exploiting

The CIA exploits exposed this week reveal that the agency does hacking just like criminals do, including buying exploits from black-hat researchers who sell their wares on the dark web.It’s also a demonstration of bad security on the part of the CIA, which apparently entrusted the entire portfolio to both agency employees and contractors, one of whom turned out not to be trustworthy and passed them on to Wikileaks.A criminal investigation into who that was is underway so the CIA is rightfully busy with that, but it should try to find time to help out the vendors whose gear was exploited patch the flaws quickly. Before the leak, these attacks were not widely known. But now that they are, they have little value to the CIA anymore, so the CIA should help shore up the vulnerabilities.To read this article in full or to leave a comment, please click here

How to achieve security via whitelisting with Docker containers  

This column is available in a weekly newsletter called IT Best Practices.  Click here to subscribe.  Docker containers have become an important means for organizations to build and run applications in the cloud. There’s a lot of flexibility with containers, as they can be deployed on top of any bare-metal server, virtual machine, or platform-as-as-service (PaaS) environment. Developers have embraced Docker containers on public clouds because they don’t need help from an IT operations team to spin them up.A software container is simply a thin package of an application and the libraries that support the application, making it easy to move a container from one operating system to another. This makes it possible for a developer to build an application and then take all the source code and supporting files and basically create something like a zip file so the container can be deployed just about anywhere. It contains everything the application needs to run, including code, runtime, system tools and system libraries.To read this article in full or to leave a comment, please click here

1 77 78 79 80 81 319