In IT circles, actor Christian Slater is known for the very popular USA Network show "Mr. Robot", so fans of that show might like watching him in this short film, sponsored/created by HP. The film, titled "The Wolf", showcases the security vulnerabilities found at companies through the connected office printer.It’s certainly a clever way to get people to think about printer security, especially as more of them become connected not only to the office network, but the Internet. Plus, Slater is really good here.Enjoy!
To read this article in full or to leave a comment, please click here
No Microsoft patches today, but have you looked at your Office 365 Secure Score? It is one step Microsoft has taken to help customer mitigate risks. And at RSA, the company called on tech companies to be a “neutral Digital Switzerland” and to be committed to “100 percent defense and zero percent offense.”No patches on February Patch TuesdayMicrosoft opted not to release patches on Valentine’s Day, which should have been Patch Tuesday.The “delay” was announced by MSRC:
Our top priority is to provide the best possible experience for customers in maintaining and protecting their systems. This month, we discovered a last minute issue that could impact some customers and was not resolved in time for our planned updates today.To read this article in full or to leave a comment, please click here
Security researchers have discovered a macOS malware program that's likely part of the arsenal used by the Russian cyberespionage group blamed for hacking into the U.S. Democratic National Committee last year.The group, which is known in the security industry under different names, including Fancy Bear, Pawn Storm, and APT28, has been operating for almost a decade. It is believed to be the sole user and likely developer of a Trojan program called Sofacy or X-Agent.X-Agent variants for Windows, Linux, Android, and iOS have been found in the wild in the past, but researchers from Bitdefender have now come across what appears to be the first macOS version of the Trojan.To read this article in full or to leave a comment, please click here
Microsoft is calling for a Digital Geneva Convention, as global tensions over digital attacks continue to rise. The tech giant wants to see civilian use of the internet protected as part of an international set of accords, Brad Smith, the company’s president and chief legal officer, said in a blog post.
The manifesto, published alongside his keynote address at the RSA conference in San Francisco on Tuesday, argued for codifying recent international norms around cyberwarfare and for establishing an independent agency to respond to and analyze cyberattacks.To read this article in full or to leave a comment, please click here
The Internet of Things (IoT) is hitting a tipping point. While there has been a fair amount of IoT chatter and hype over the past few years, deployments have been limited to the traditional machine to machine (M2M) verticals such as oil and gas, mining and manufacturing. Over the past couple of years, though, more verticals have been looking to connect more non-traditional IoT devices.The reason I think we’re at this tipping point is because businesses aren’t referring to these deployments as “IoT” but rather it’s becoming normal operations to connect more and more devices. + Also on Network World: The Internet of Things security threat +
Healthcare has rapidly been connecting patient devices, retailers are making point-of-sale systems “smart,” hotels are looking to improve the guest experience, and sports and entertainment venues are connecting more devices. While these verticals may seem different, the commonality of IoT initiatives is that when everything is connected, you can change the way the business interacts with customers, students, patients, patrons, employees or other constituents that interact with the organization. To read this article in full or to leave a comment, please click here
San Francisco -- IBM’s Watson supercomputer can now consult with the company’s security information and event management (SIEM) platform to deliver well researched responses to security events and do so much faster than a person.Called IBM Q Radar with Watson, the new offering is the introduction of IBM’s push for a cognitive security operations center (SOC) that will be built around Watson contributing to decisions made in tandem with other security products from the vendor. IBM announced the service at the RSA Conference 2017.In the case of Q Radar, when the SIEM catches a security event, human security analysts can choose to enlist Watson’s help analyzing the event to determine whether it fits into a known pattern of threat and put it a broader context, IBM says.To read this article in full or to leave a comment, please click here
What if all your company’s computers and applications were connected directly to the Internet? That was the assumption behind BeyondCorp, a new model for network security that Google proposed back in 2014, and it’s one that’s starting to get some attention from networking and security vendors.Enterprises have moved beyond the traditional workspace in recent years, allowing employees to work remotely by using their personal devices and accessing apps in private or public clouds. To bring roaming workers back into the fold, under the security blanket of their local networks, companies rely on VPNs and endpoint software to enforce network access controls.To read this article in full or to leave a comment, please click here
It's a sad state of affairs when business apps need security measures, but that's what it has come to these days. Microsoft has added some new features to Office 365 designed to add intelligence to catch suspicious behavior and mitigate risk, which it outlined in a recent blog post. Office 365 also needs these security measures because it is cloud based. That means its users are connecting outside their firewall, which adds all kinds of risk, both from intrusion and accidental data loss. There are three new security features: Office 365 Secure Score, Office 365 Threat Intelligence Private Preview, and Office 365 Advanced Data Governance Preview. To read this article in full or to leave a comment, please click here
As-a-service offerings for things such as DDoS and malware -- including ransomware -- via exploit kits has seriously lowered the bar for entry into the criminal market. Hackers no longer need to have sophisticated skills in order to gain entry into the world of cybercrime.According to Geoff Webb, vice president of strategy at Micro Focus, the industrialization of the processes and the availability of the tools has created this expanded forum that allows non-technical people, anyone really, to enter into the digital crime market. To read this article in full or to leave a comment, please click here
It warms a hacker's heartImage by ThinkstockValentine’s Day is historically about love, flowers and chocolate. Unless you're a hacker, then it’s about worms, vulnerabilities, data theft and more. Preying on our need for love and affection, hackers have historically unleashed some hard-hitting attacks around Valentine’s Day, or in relation to the topic of love. So, before you open that Valentine’s Day email or click through to that online dating site, WatchGuard’s Marc Laliberte runs you through some of the most nefarious love-related cyber-attacks.To read this article in full or to leave a comment, please click here
RSA Conference underwayImage by Web SummitRSA, the world’s largest security conference, is underway this week in San Francisco with attendees from around the world gathering to hear the latest strategies for fighting cyberattacks. They’ll also be able to view the latest hardware and software to protect their most valuable corporate assets. Here is a brief description of some new security products being announced at the conference.To read this article in full or to leave a comment, please click here
Hackers have probably had a harder time slipping past your security software, thanks to an alliance between some of the top vendors in the industry.The Cyber Threat Alliance, a group of security firms that often compete, says its efforts to share intelligence on the latest hacking threats have been paying off. Rivals including Fortinet, Intel Security, Palo Alto Networks and Symantec originally entered into the alliance over two years ago, even as doubts arose over whether it’d last.To read this article in full or to leave a comment, please click here
Infoworld Senior Writer Fahmida Rashid chats with Palo Alto Networks' CSO Rick Howard about the biggest cybersecurity challenges facing businesses working in the cloud in 2017.
Palo Alto Networks' CSO Rick Howard sits down at RSA 2017 with Infoworld's Fahmida Rashid to talk about what the Cybersecurity Canon is, and his top picks for inclusion this year.
Two senators have written to the U.S. Department of Defense about reports that President Donald Trump may still be using an old unsecured Android phone, including to communicate through his Twitter account.“While it is important for the President to have the ability to communicate electronically, it is equally important that he does so in a manner that is secure and that ensures the preservation of presidential records,” Tom Carper, a Democrat from Delaware, and Claire McCaskill, a Democrat from Missouri, wrote in the letter, which was made public Monday.To read this article in full or to leave a comment, please click here
A security researcher is showing that it’s not hard to hold industrial control systems for ransom. He's experimented with a simulated water treatment system based on actual programmable logic controllers (PLCs) and documented how these can be hacked.David Formby, a PhD student at Georgia Institute of Technology, conducted his experiment to warn the industry about the danger of poorly-secured PLCs. These small dedicated computers can be used to control important factory processes or utilities, but are sometimes connected to the internet.For instance, Formby found that 1,500 of these industrial PLCs are accessible online, he said while speaking at the RSA cybersecurity conference on Monday. It's not hard to imagine a hacker trying to exploit these exposed PLCs, he added. Cybercriminals have been infecting businesses across the world with ransomware, a form of malware that can hold data hostage in exchange for bitcoin.To read this article in full or to leave a comment, please click here
Expect ransomware to grow more aggressive in the coming years, including higher ransom payments and attempts to go beyond attacking data -- by shutting down entire computer systems to utilities or factories.“I see no reason for ransomware to stop,” said Neil Jenkins, an official with the U.S. Department of Homeland Security. “It’s shown to be effective.”On Monday at the RSA cybersecurity conference, experts gave a grim outlook on the future of ransomware, which they fear will spread. Through the attacks, cybercriminals have already managed to rake in US$1 billion last year, according to at one estimate.To read this article in full or to leave a comment, please click here
Back when Apple was the plucky young upstart that dared to be different, the Mac was the machine for creative types and there was a perception that it wasn’t a target for hackers because of its cultural cool factor.You would expect the same rules to apply to the legalized marijuana market, but a major hack attack on a pot dispensary last month set that notion up in smoke.MJ Freeway, providers of popular medical marijuana tracking software, suffered a point-of-sale system hack that left over 1,000 marijuana dispensaries across 23 states unable to track their sales and inventories. Because of the state regulations regarding the sale of marijuana, some dispensaries were forced to close early or shut their doors completely. The disruption lasted weeks and caused patients to suffer long delays with obtaining access to their medicine.To read this article in full or to leave a comment, please click here
It is not surprising that Cisco, Mitel and others are targeting Avaya’s customers as the networking company goes through Chapter 11 bankruptcy but sometimes it is a bit startling in its boldness.
For example, Cisco wrote: “Let’s not dance around it. Avaya’s recent announcements have put a lot of people into the decision process. Change and uncertainty usually do. So then, what to do next? I’m not bold enough to say, ‘Hey, come on over and write me a check right now.’ That’s not how this works. It’s not an overnight decision. You have to figure out who you trust with your unified communications and customer care solutions. And to get there means asking a lot of questions – and getting the answers you need.”To read this article in full or to leave a comment, please click here
Malware attacks that recently put the Polish banking sector on alert were part of a larger campaign that targeted financial organizations from more than 30 countries.Researchers from Symantec and BAE Systems linked the malware used in the recently discovered Polish attack to similar attacks that have taken place since October in other countries. There are also similarities to tools previously used by a group of attackers known in the security industry as Lazarus.The hackers compromised websites that were of interest to their ultimate targets, a technique known as watering hole attacks. They then injected code into them that redirected visitors to a custom exploit kit.To read this article in full or to leave a comment, please click here