Just before the holidays, a company was faced with cutting the pay of their contracted janitors. That didn’t sit well with those employees.Threat actors saw an opportunity and pounced, convincing the possibly vengeful employees to turn on their employer. According to Verizon’s recent breach report, the threat actors gave any agreeable janitor a USB drive to quietly stick into any networked computer at the company. It was later found, but the damage was done.What were the responsibilities of any employees who witnessed this act? A thorough insider risk policy would have spelled it out. Here, security experts provide their insights on what makes for a successful insider risk policy.To read this article in full or to leave a comment, please click here(Insider Story)
Remember when Ruslan Stoyanov, a top cybercrime investigator for Kaspersky Lab, was arrested and charged with treason? It is now being reported that the treason charges were for allegedly passing state secrets to Verisign and other US companies.An unnamed source told Reuters that the accusations of treason were first made in 2010 by Russian businessman and founder of the online payment firm ChronoPay, Pavel Vrublevsky. The December 2016 arrests of Stoyanov and two FSB officers, Sergei Mikhailov and Dmitry Dokuchayev, were in response to those 2010 claims that the men had passed secrets on to American companies.To read this article in full or to leave a comment, please click here
In spite of a recent effort to improve the performance and detection rates in Windows Defender, Microsoft's anti-malware tool is still not very good at its job. According to the latest tests, it's downright lousy. The latest round of tests performed by German institute AV-TEST, one of the most respected and regarded malware testing shops, show that Microsoft Security Essentials and Windows Malicious Software Removal Tool fared the poorest in removing an existing infection. AV-TEST conducted a lengthy, comprehensive test over a 12-month period to determine the best malware removal solutions for Windows 10. This involved 897 individual evaluations for each product, evaluating eight security suites. To read this article in full or to leave a comment, please click here
New products of the weekImage by Transition NetworksOur roundup of intriguing new products. Read how to submit an entry to Network World's products of the week slideshow.ONLYOFFICE app for ownCloudImage by ascensioTo read this article in full or to leave a comment, please click here
SAN FRANCISCO -- The sprawling show floor at this year’s RSA Conference featured hundreds of shiny, new companies, from Acalvio to ZingBox. It seemed like every vendor in the hall managed to incorporate into its marketing pitches at least one of the 2017 hot buzzwords – Advanced Threat Protection, machine learning, AI, threat intelligence, IoT.But three of the original anti-virus vendors – Symantec, McAfee and Trend Micro – were out in full force at the show as well, scoffing at the unproven point products of the startups and touting their own reorganizations, renewed focus and broad product portfolios. According to Gartner, the Big 3 lead the way in endpoint security market share, with Symantec, at $3.6 billion in annual revenue, out front, McAfee second, followed by Trend Micro.To read this article in full or to leave a comment, please click here(Insider Story)
SAN FRANCISCO -- The sprawling show floor at this year’s RSA Conference featured hundreds of shiny, new companies, from Acalvio to ZingBox. It seemed like every vendor in the hall managed to incorporate into its marketing pitches at least one of the 2017 hot buzzwords – Advanced Threat Protection, machine learning, AI, threat intelligence, IoT.
But three of the original anti-virus vendors – Symantec, McAfee and Trend Micro – were out in full force at the show as well, scoffing at the unproven point products of the startups and touting their own reorganizations, renewed focus and broad product portfolios. According to Gartner, the Big 3 lead the way in endpoint security market share, with Symantec, at $3.6 billion in annual revenue, out front, McAfee second, followed by Trend Micro.To read this article in full or to leave a comment, please click here(Insider Story)
Hundreds of MySQL databases were hit in ransomware attacks, which were described as “an evolution of the MongoDB ransomware attacks;” in January, there were tens of thousands of MongoDB installs erased and replaced with ransom demands. In the new attacks, targeted MySQL databases are erased and replaced with a ransom demand for 0.2 bitcoin, which is currently equal to about $234.To read this article in full or to leave a comment, please click here
The new BlackBerry KEYone smartphone, unveiled Saturday, is the first smartphone to carry the brand that doesn't come from BlackBerry.It will go on sale globally in April, said Nicolas Zibell, CEO of TCL Communication, the phone's manufacturer and licensee of the brand, at a launch event in Barcelona on the eve of Mobile World Congress.Like the BlackBerries of old, the KEYone has a physical keyboard with raised keys. A neat twist is that it also acts as a touchpad of sorts, and each letter can be used as a shortcut, with a short or long keypress, for 52 shortcuts in all.To read this article in full or to leave a comment, please click here
Most cryptography is theoretical research. When it is no longer theoretical, in practice it can become a harmful exploit.Google and Dutch research institute CWI proved that the SHA1 hash method, first introduced 20 years ago, could produce a duplicate hash from different documents using a technique that consumed significant computational resources: 6,500 years of CPU computation to complete the attack first phase and 110 years of GPU computation to complete the second phase. The exercise was computationally intensive but proved it is within the realm of possibility, especially compared to a brute force attack that would require 12 million GPU compute years.To read this article in full or to leave a comment, please click here
Google's Project Zero team has disclosed a potential arbitrary code execution vulnerability in Internet Explorer because Microsoft has not acted within Google's 90-day disclosure deadline.This is the second flaw in Microsoft products made public by Google Project Zero since the Redmond giant decided to skip this month's Patch Tuesday and postpone its previously planned security fixes until March.Microsoft blamed the unprecedented decision to push back scheduled security updates by a month on a "last minute issue" that could have had an impact on customers, but the company hasn't clarified the nature of the problem.To read this article in full or to leave a comment, please click here
The new chairman of the U.S. Federal Communications Commission will seek a stay on privacy rules for broadband providers that the agency just passed in October.FCC Chairman Ajit Pai will ask for either a full commission vote on the stay before parts of the rules take effect next Thursday or he will instruct FCC staff to delay part of the rules pending a commission vote, a spokesman said Friday.The rules, passed when the FCC had a Democratic majority, require broadband providers to receive opt-in customer permission to share sensitive personal information, including web-browsing history, geolocation, and financial details, with third parties. Without the stay, the opt-in requirements were scheduled to take effect next week.To read this article in full or to leave a comment, please click here
The European edition of Cisco Live took place this week in Berlin, which is a fitting location given the amount of innovation happening in that city right now. If you ever find yourself in Berlin, be sure to check out Cisco’s Open Berlin innovation center where inventive start-ups are building and showcasing solutions that run on Cisco technology.
Innovation and digital transformation are linked together like Kirk and Spock. You can’t have one without the other. At this week’s event, Ruba Borno, Cisco vice president of growth initiatives and chief of staff for the office of the CEO, gave her first-ever keynote to a Cisco Live audience. Not surprisingly, she focused on digital transformation. However, unlike many keynotes I have seen, Borno didn’t just talk about digitization at a high level. Instead she was more prescriptive and gave the audience a guide on how to proceed with making the shift to a digital enterprise. To read this article in full or to leave a comment, please click here
Cybercrime is becoming more automated, organized and networked than ever before, according to the ThreatMetrix Cybercrime Report: Q4 2016.Cybercriminals are increasingly targeting online lenders and emerging financial services, says Vanita Pandey, vice president of strategy and product marketing, ThreatMetrix.[ Related: 8 tips to defend against online financial fraud threats ]To read this article in full or to leave a comment, please click here
Now that SHA-1 has been broken it’s time for enterprises that have ignored its potential weakness for years to finally act, and it’s not that hard.
The most common use of the hash function is in securing SSL and TLS connections, and to get rid of SHA-1 in that use is to utilize browsers and servers that don’t support it. Depending on the size of an organization, this isn’t onerous, says Paul Ducklin, a senior security advisor at Sophos. (See his excellent description of the problem with SHA-1 and other hashing algorithms.)To read this article in full or to leave a comment, please click here
For months, a bug in Cloudflare's content optimization systems exposed sensitive information sent by users to websites that use the company's content delivery network. The data included passwords, session cookies, authentication tokens and even private messages.Cloudflare acts as a reverse proxy for millions of websites, including those of major internet services and Fortune 500 companies, for which it provides security and content optimization services behind the scenes. As part of that process, the company's systems modify HTML pages as they pass through its servers in order to rewrite HTTP links to HTTPS, hide certain content from bots, obfuscate email addresses, enable Accelerated Mobile Pages (AMP) and more.To read this article in full or to leave a comment, please click here
A security analytics approach that exploits the unique strengths of Bayesian networks, machine learning and rules-based systems—while also compensating for or eliminating their individual weaknesses—leads to powerful solutions that are effective across a wide array of security missions.
Despite the drawbacks of security analytics approaches I described in part 1 of this series, it's possible to build such solutions today, giving users a way to rapidly identify their highest-priority security threats at very large scale without being deluged with false-positive alerts or being forced to hire an army of extra analysts.To read this article in full or to leave a comment, please click here
Ransomware criminals chatting up victims, offering to delay deadlines, showing how to obtain Bitcoin, dispensing the kind of customer support that consumers lust for from their cable and mobile plan providers, PC and software makers?What's not to love?Finnish security vendor F-Secure yesterday released 34 pages of transcripts from the group chat used by the crafters of the Spora ransomware family. The back-and-forth not only put a spotlight on the gang's customer support chops, but, said a company security advisor, illustrated the intertwining of Bitcoin and extortion malware.To read this article in full or to leave a comment, please click here
Biometrics in useImage by ThinkstockBiometrics falls into the third category of security modalities: (1) what we have: e.g. key, RFID card or ID card; (2) what we know: e.g. password, PIN, challenge/response answers like mother’s maiden name or first pet; and (3) what we are: e.g. biometrics, such as our fingerprint, face, iris, etc.To read this article in full or to leave a comment, please click here(Insider Story)
Many prognosticators have pronounced privacy a pipe dream. With the mountains of personal information on social networks and the lack of security awareness by many users, cybercriminals have more than a snowball’s chance to grab anyone’s identity.However, there are new ideas for counteracting identity theft that would take into account a person’s physical attributes to add another layer of security. The idea of using a fingerprint reader to log on to a smartphone isn't new, but the latest wrinkle is to incorporate the pressure with which that finger types on the phone.More than 41 million Americans have had their identities stolen, and millions more have had their personally identifiable information (PII) placed at risk through a data breach, according to a Bankrate.com survey of 1,000 adults conducted last month.To read this article in full or to leave a comment, please click here
Security researchers have achieved the first real-world collision attack against the SHA-1 hash function, producing two different PDF files with the same SHA-1 signature. This shows that the algorithm's use for security-sensitive functions should be discontinued as soon as possible.SHA-1 (Secure Hash Algorithm 1) dates back to 1995 and has been known to be vulnerable to theoretical attacks since 2005. The U.S. National Institute of Standards and Technology has banned the use of SHA-1 by U.S. federal agencies since 2010, and digital certificate authorities have not been allowed to issue SHA-1-signed certificates since Jan. 1, 2016, although some exemptions have been made.To read this article in full or to leave a comment, please click here