Today Kaspersky Lab and HackerOne released the report, “Hacking America: Cybersecurity Perception.” Some of its revelations include that most Americans wouldn’t want to be a customer of their employers since they don’t trust their employers to protect their personal data; also, almost half the people surveyed think America is more vulnerable to cyber-espionage/nation-sponsored cyberattacks with Donald Trump as president.The study, based on answers provided by 5,000 US adults who were surveyed in December 2016, revealed that despite all the cybersecurity news coverage, American consumers and businesses still need a better understanding of cyberthreats and how to protect their personal and sensitive business data online.To read this article in full or to leave a comment, please click here
Keeping the network safeImage by ThinkstockAs long as data is online there will always be concerns over cyber security. There are many steps a business can take to help better protect their physical security systems from cyber threats. From simple things like not using default or simple passwords, to more advanced steps like using PKI certificates and making sure you download the latest firmware - each are important to keeping your data, and your network, secure.To read this article in full or to leave a comment, please click here
Microsoft announced a new service called Windows Defender Advanced Threat Protection (WDATP) last year specifically for enterprises, meant to help detect, investigate and respond to attacks on their networks. It was released with the Windows 10 Anniversary Update and is built on the existing security in Windows 10. WDATP offers a new post-breach layer of protection to the Windows 10 security stack, as well as a cloud service to help detect threats that have made it past other defenses and trace how far they penetrated into the enterprise. To read this article in full or to leave a comment, please click here
New products of the weekImage by ZenossOur roundup of intriguing new products. Read how to submit an entry to Network World's products of the week slideshow.USM AnywhereImage by alienvaultTo read this article in full or to leave a comment, please click here
Nearly 27 years of network and cybersecurity experience with the Department of Defense didn’t prepare Gary Hayslip for the collection of disparate technologies he encountered when he joined the city of San Diego.
“Cities don't get rid of anything. If it works, why get rid of it? So you end up having a lot of diverse technologies connected together. You may have something that's 15 years old connected to stuff that's state of the art,” says Hayslip, whose DoD tenure included 20 years of active-duty military service and seven years working in civil service for the military.
“Police cars, ambulances, libraries, water treatment facilities, golf courses … One of the things you learn real quickly: the city of San Diego is $4 billion business. And cities don’t shut down. They run 24/7,” he says. “My almost 27 years in DoD did not prepare me for how interesting city networks are."To read this article in full or to leave a comment, please click here(Insider Story)
Cybercriminals acting on behalf of national governments and nation-backed espionage agents carrying out cybercrimes for cash on the side is the future of security threats facing corporations and governments, says the former top U.S. attorney in charge of the Department of Justice’s national security division. Morrison & Foerster
John Carlin
“I think this blending of criminal and national security, whether it’s terrorists or state actors moonlighting as crooks or state actors using criminal groups as a way to distance themselves from the action, I think that is a trend that we saw increasing that’s just going to continue to increase over the next three to five years,” says John Carlin, now an attorney with Morrison & Foerster.To read this article in full or to leave a comment, please click here
A dispute between Intel and security expert John McAfee over the use of his name for another company is headed for settlement talks, according to court records.The move comes shortly after the federal court refused John McAfee and MGT Capital Investments, the company to be renamed, a preliminary injunction on Intel’s transfer of marks and related assets containing the word McAfee, as part of a proposed spin-out by the chipmaker of its security business as a separate company that would be called McAfee.The chip company said in September it had signed the agreement with TPG to set up a cybersecurity company in which Intel shareholders would hold 49 percent of the equity with the balance held by the investment firm.To read this article in full or to leave a comment, please click here
Today’s cautionary tale comes from Verizon’s sneak peek (pdf) of the 2017 Data Breach Digest scenario. It involves an unnamed university, seafood searches, and an IoT botnet; hackers were using the university’s own vending machines and other IoT devices to attack the university’s network.Since the university’s help desk had previously blown off student complaints about slow or inaccessible network connectivity, it was a mess by the time a senior member of the IT security team was notified. The incident is given from that team member’s perspective; he or she suspected something fishy after detecting a sudden big interest in seafood-related domains.To read this article in full or to leave a comment, please click here
Privacy advocates are claiming in court that an FBI hacking operation to take down a child pornography site was unconstitutional and violated international law.That’s because the operation involved the FBI hacking 8,700 computers in 120 countries, based on a single warrant, they said.“How will other countries react to the FBI hacking in their jurisdictions without prior consent?” wrote Scarlet Kim, a legal officer with U.K.-based Privacy International.On Friday, that group, along with the Electronic Frontier Foundation (EFF) and the American Civil Liberties Union of Massachusetts, filed briefs in a lawsuit involving the FBI’s hacking operation against Playpen. The child pornography site was accessible through Tor, a browser designed for anonymous web surfing. But in 2014, the FBI managed to take it over.To read this article in full or to leave a comment, please click here
Kuna is a smart home security camera in a stylish outdoor light that detects and allows you to interact with people outside your door. The security device includes HD live and recorded video, two-way intercom, alarm, smart motion detection alerts to your phone, and more. Easy 15 minute installation with no batteries to replace so you have continuous protection around the clock. Be protected at all times - Access HD live video with its 720P wide angle camera, communicate via its two way intercom from your mobile device, or activate its 100 dB alarm siren. Smart light control lets you turn on or off your lights remotely, or program a schedule for when you're away. Access live video or review & download events for 2 hours free or up to 30-days on an optional subscription plan, starting as low as $4.99 per month. This Kuna security light averages 4 out of 5 stars from over 600 people (read reviews), and its typical list price of $199 has been reduced 25% to $149. See the discounted Kuna Smart Home Security Light and Camera on Amazon.To read this article in full or to leave a comment, please click here
This column is available in a weekly newsletter called IT Best Practices. Click here to subscribe. Gartner estimates that global spending on cybersecurity solutions exceeded $81 billion in 2016. The average enterprise with 1,000 or more employees spends about $15 million fighting cybercrime each year, according to the Ponemon Institute. Despite such heavy investments in all types of solutions, many CISOs still find it challenging to answer the questions, “How likely are we to have a breach, and if we do incur a breach, what will be the financial impact?”The main obstacle to answering those fundamental questions is that much of the information needed to reveal an organization’s state of cyber risk is trapped in product silos, and it’s seldom fully mapped to the organization’s compliance policies.To read this article in full or to leave a comment, please click here
Companies concerned about cybersecurity have a fleet of new Microsoft tools coming their way. The company announced a host of new security capabilities Friday morning as part of the run-up to the massive RSA security conference next week in San Francisco.On the Windows front, the company announced that it's adding the ability to use on-premises Active Directory with Windows Hello, its system for allowing biometric-based logins with Windows 10. Microsoft also launched new tools to help organizations get more use out of mobile device management products by giving them tools to migrate group policy settings to cloud-managed devices.What's more, Microsoft has launched a new tool that’s designed to help customers configure the Surface hardware under their administration, doing things like disabling the tablets' cameras. To read this article in full or to leave a comment, please click here
Up to 20 attackers or groups of attackers are defacing WordPress websites that haven't yet applied a recent patch for a critical vulnerability.The vulnerability, located in the platform's REST API, allows unauthenticated attackers to modify the content of any post or page within a WordPress site. The flaw was fixed in WordPress 4.7.2, released on Jan. 26, but the WordPress team did not publicly disclose the vulnerability's existence until a week later, to allow enough time for a large number of users to deploy the update.To read this article in full or to leave a comment, please click here
We continue to hear dire warnings about the inherent security risks of the Internet of Things (IoT), and indeed IoT-related incidents are happening. With many companies beginning to capture IoT data from connected devices, a key question is are they doing enough to ensure that data and networks are secure?If security executives thought they had a lot to handle with the growth of mobile devices and the expanding digital enterprise, the emergence of connected products, corporate assets, vehicles and other “things” is taking security coverage to a whole new level.A December 2016 study by the Institute for Critical Infrastructure Technology (ICIT) — a cyber security think tank that acts as a conduit between private sector companies and U.S. federal agencies, points out how vulnerable enterprises are to attacks such as distributed denial of service (DDoS) via IoT.To read this article in full or to leave a comment, please click here
Apple’s iCloud appears to have been holding on to users’ deleted internet browsing histories, including records over a year old.Moscow-based forensics firm Elcomsoft noticed it was able to pull supposedly deleted Safari browser histories from iCloud accounts, such as the date and time the site was visited and when the record was deleted.“In fact, we were able to access records dated more than one year back,” wrote Elcomsoft’s CEO Vladimir Katalov in a Thursday blog post.Users can set iCloud to store their browsing history so that it's available from all connected devices. The researchers found that when a user deletes that history, iCloud doesn't actually erase it but keeps it in a format invisible to the user.To read this article in full or to leave a comment, please click here
A patient lies in a hospital bed waiting for a medical professional to conduct a blood gas analysis. Little does the patient know that his personal information is also undergoing a procedure.The database that stores patient data was found unencrypted, default passwords were used, and the nature of the exploit was basic, according to TrapX Security, which was called in later to recreate and diagnose the issues at the unnamed hospital. The technology research company recently released its findings in a report called "Anatomy of an Attack – Medical Device Hijack (MEDJACK)". The security company declined to name the three hospitals it examined, except to say they were located in the Western and Northeastern U.S.To read this article in full or to leave a comment, please click here
Fileless malware attacks, which were recently discovered in the networks of at least 140 banks, telecoms and governments, account for about 15% of known attacks today and have been around for years in different forms."Fileless malware attacks are becoming much more common and circumvent most of the endpoint protection and detection tools deployed today," Gartner security analyst Avivah Litan said.A recent discovery of fileless malware was reported on Wednesday by researchers at Moscow-based Kaspersky Labs. The attackers have not been identified and "attribution [is] almost impossible," according to Kaspersky.To read this article in full or to leave a comment, please click here
DARPA is going to have to contend with an Earth-bound problem if it is to get its plan to service satellites in geosynchronous orbit into space.The agency this week said it had picked Space Systems Loral (SSL) as its commercial partner to develop technologies under its Robotic Servicing of Geosynchronous Satellites (RSGS) program that would enable cooperative inspection and servicing of satellites in geosynchronous orbit (GEO), more than 20,000 miles above the Earth, and demonstrate those technologies on orbit.+More on Network World: How to catch a 400lb drone traveling at full speed+To read this article in full or to leave a comment, please click here
Not sure what your phone is collecting about you? A free Android app is promising to simplify the privacy settings on your smartphone, and stop any unwanted data collection.The English language app, called Privacy Assistant, comes from a team at Carnegie Mellon University, who’ve built it after six years of research studying digital privacy. “It’s very clear that a large percentage of people are not willing to give their data to any random app,” said CMU professor Norman Sadeh. “They want to be more selective with their data, so this assistant will help them do that.”To read this article in full or to leave a comment, please click here
A Microsoft lawsuit against the U.S. Department of Justice over indefinite gag orders attached to search warrants can proceed, following a federal judge’s ruling on Thursday.The tech titan sued last year to end the government’s practice of indefinitely blocking it from informing customers of search warrants for their information. Microsoft alleged that such orders violate its First Amendment frees speech rights and the Fourth Amendment privacy rights of its users.The Justice Department argued that Microsoft couldn’t bring either of the claims in a motion argued in front of the judge two weeks ago.To read this article in full or to leave a comment, please click here