The discovery of malware on computers and servers of several Polish banks has put the country's financial sector on alert over potential compromises.Polish media reported last week that the IT security teams at many Polish banks have been busy recently searching their systems for a particular strain of malware after several unnamed banks found it on their computers.It's not clear what the malware's end goal is, but in at least one case it was used to exfiltrate data from a bank's computer to an external server. The nature of the stolen information could not be immediately determined because it was encrypted, Polish IT news blog Zaufana Trzecia Strona reported Friday.To read this article in full or to leave a comment, please click here
Whether or not Vizio is “sorry” for spying on more than 11 million people while they watch TV in the privacy of their homes is debatable – the company was proud of its ability to capture “highly specific viewing behavior data on a massive scale with great accuracy” in its Oct. 2015 IPO – but Vizio has agreed to pay $2.2 million to settle charges by the FTC. The data collection about what people were watching was occurring without users’ consent and Vizio was then sharing the data with advertisers and other companies.In the FTC’s words, “The data generated when you watch television can reveal a lot about you and your household. So, before a company pulls up a chair next to you and starts taking careful notes on everything you watch (and then shares it with its partners), it should ask if that’s O.K. with you. VIZIO wasn’t doing that, and the FTC stepped in.”To read this article in full or to leave a comment, please click here
A mobile workforceImage by PexelsToday, employee mobility and office BYOD programs are critical for enterprise productivity. Mobile devices add new security challenges, bypassing many of the security controls you have in place. Mobile devices, mobile apps and the networks they use are now essential to satisfy customers, collaborate more effectively with suppliers, and keep employees productive anytime and anywhere.To read this article in full or to leave a comment, please click here
Using a VPN on Android can help you access content that’s blocked in your region and help maintain your anonymity around the web. There are plenty of apps that offer VPN services for free and as a paid service, but which of them are worth your time?I tested six of the most popular VPN all-in-one apps (with Speedtest and the speedof.me HTML5 test) on Android to see how they stack up. You can also go your own way and use Android’s built-in VPN tool. With a few tweaks, you can make it a little easier to use, too.Why use a VPN?
A VPN (Virtual Private Network) is basically a way to funnel all your web traffic through a remote server. This makes it look like you’re in a different location and obscures your real IP address. VPNs encrypt the traffic passing through them, making it harder for anyone else to listen in on your connection, even if you connect to an unsecured Wi-Fi network.To read this article in full or to leave a comment, please click here
Cybercriminals have been producing fewer new kinds of malware last year -- but that's because they're so busy raking in the money from their ransomware attacks.The number of unique malware samples discovered last year was 60 million, down 6.25 percent from last year's 64 million, according to a report released this morning by SonicWall."This is the first time I've seen that the number of unique malware samples actually decreased," said Dmitriy Ayrapetov, director of product management at SonicWall, which produced the report, based on data collections from more than a million sensors.To read this article in full or to leave a comment, please click here
If this year is anything like last we are in the midst of phishers’ attempts to trick taxpayers, employers and tax preparers into giving up information that will allow attackers to file bogus tax returns and collect IRS refunds, according to PhishLabs’ annual phishing report.The latest Phishing Trends and Intelligence Report, which has data about January 2016, says that the IRS phishing sites spotted in that one month totaled more than the IRS phishing attempts seen during all of the previous year. While the numbers for this January aren’t in yet, PhishLabs researchers expect yet another spike.That’s because last year, 40 businesses that phishers asked for their employees’ W2 forms actually sent them to the scammers, says Crane Hassold, a senior security threat researcher at PhishLabs.To read this article in full or to leave a comment, please click here
ForeScout is a security company that specializes in giving organizations agentless visibility and control of both traditional and IoT devices connected to the network. That's probably super-interesting if you're a IT security practitioner, but if you're not, you're probably stifling a yawn about now.
But remember, if you will, that the first planned IPO of 2017 -- that of AppDynamics -- got canceled very much at the last minute when the company was acquired by Cisco. So given we're yet to see a 2017 IPO, and that ForeScout is rumored to have confidentially filed its documentation for an IPO recently, anything newsy from ForeScout's HQ gets a little more interesting.To read this article in full or to leave a comment, please click here
Dozens of iOS apps that are supposed to be encrypting their users' data don't do it properly, according to a security researcher.Will Strafach, CEO of Sudo Security Group, said he found 76 iOS apps that are vulnerable to an attack that can intercept protected data.The developers of the apps have accidentally misconfigured the networking-related code so it will accept an invalid Transport Layer Security (TLS) certificate, Strafach claimed in a Monday blog post. TLS is used to secure an app’s communication over an internet connection. Without it, a hacker can essentially eavesdrop over a network to spy on whatever data the app sends, such as login information. To read this article in full or to leave a comment, please click here
The U.S. House of Representatives approved on Monday the Email Privacy Act, which would require law enforcement agencies to get court-ordered warrants to search email and other data stored with third parties for longer than six months. The House approved the bill by voice vote, and it now goes the Senate for consideration.The Email Privacy Act would update a 31-year-old law called the Electronic Communications Privacy Act (ECPA). Some privacy advocates and tech companies have pushed Congress to update ECPA since 2011. Lax protections for stored data raise doubts about U.S. cloud services among consumers and enterprises, supporters of the bill say.To read this article in full or to leave a comment, please click here
This vendor-written tech primer has been edited by Network World to eliminate product promotion, but readers should note it will likely favor the submitter’s approach.
“Life is really simple, but we insist on making it complicated.” The immortal words of Confucius resonate with anyone who has ever tried to glean useful information from log data.
There are consensus-driven definitions of what exactly log analysis is, but a simplified, accessible explanation might be: to organize log entries into a human-friendly display and make business decisions based on what you learn.To read this article in full or to leave a comment, please click here
Digital disruption has demolished more than 50% of the Fortune 500 since 2000
Technology is creating new online-only companies—i.e., Kickstarter for funding, Sofi for lending and Venmo for payments. The digital disruption and, more important, its pace continues to disrupt long-established business models. Incumbents, not wanting to become another cautionary tale of digital disruption, are making radical changes to their businesses to focus on online and mobile channels.To read this article in full or to leave a comment, please click here
So far, I’ve written two blogs about my expectations for the upcoming RSA Security Conference next week. The first blog was about my outlook for endpoint security, while the second focused on network security. I am also in the middle of a big research project on security analytics and operations right now and believe that many independent technologies will be integrated into a comprehensive architecture that ESG calls SOAPA (i.e. security operations and analytics platform architecture).To read this article in full or to leave a comment, please click here
A hacker is proving that sites on the dark web, shrouded in anonymity, can easily be compromised.
On Friday, the unnamed hacker began dumping a sizable database stolen from Freedom Hosting II onto the internet, potentially exposing its users.
The hosting service, Freedom Hosting II, was known for operating thousands of sites that were accessible through the Tor browser; the "dark web" is essentially the encrypted network comprising Tor servers and browsers. But on Friday, the service appeared to be down. Its main landing page was replaced with a message saying that it had been hacked.
Allegedly, Freedom Hosting II had been hosting child pornography sites, though its anonymous operator claimed to have a zero-tolerance policy toward such content, according to the hacker behind the breach.To read this article in full or to leave a comment, please click here
Popular smart TV maker Vizio will pay US $2.2 million to settle complaints that it violated customers' privacy by continuously monitoring their viewing habits without their knowledge.Beginning in February 2014, the California TV maker tracked what TV shows customers were watching on 11 million TV sets sold in the U.S., the U.S. Federal Trade Commission and the Office of the New Jersey Attorney General said in a complaint, released Monday.Vizio smart TVs captured "second-by-second" information about video displayed, including video from consumer cable service, broadband, set-top boxes, DVDs, over-the-air broadcasts, and streaming devices, according to the complaint.To read this article in full or to leave a comment, please click here
Catching a full-sized military drone traveling at full speed without destroying it midflight is no easy task. But DARPA this week said a research project it has been working – known as SideArm -- is doing just that and more. DARPA said that SideArm developer Aurora Flight Sciences has successfully tested a full-scale system that repeatedly captured a 400-pound Lockheed Martin Fury unmanned aircraft accelerated to flight speed via an external catapult. A Fury can hit over 130MPH.+More on Network World: Hot stuff: The coolest drones+To read this article in full or to leave a comment, please click here
After aggressively using JavaScript email attachments to distribute malware for the past year, attackers are now switching to less suspicious file types to trick users.Last week, researchers from the Microsoft Malware Protection Center warned about a new wave of spam emails that carried malicious .LNK files inside ZIP archives. Those files had malicious PowerShell scripts attached to them.PowerShell is a scripting language for automating Windows system administration tasks. It has been abused to download malware in the past and there are even malware programs written entirely in PowerShell.To read this article in full or to leave a comment, please click here
Carbon Black is introducing at RSA Conference 2017 next week a new way for its gear to detect attacks that don’t make their way into networks via viruses or malicious files that other endpoint security software can detect.Called Streaming Prevention, the technology can find both malware and non-malware attacks by analyzing endpoint activities in the context of the sequences in which they unfold.It does this by having endpoint agents tag events as they occur and streaming them to Carbon Black’s analysis engine in the cloud. There the engine determines whether it falls in a sequence of events that add up to an attack and tells the endpoint to block activity that is deemed malicious.To read this article in full or to leave a comment, please click here
Following recent research that showed many printer models are vulnerable to attacks, a hacker decided to prove the point and forced thousands of publicly exposed printers to spew out rogue messages.
The messages included ASCII art depicting robots and warned that the printers had been compromised and they were part of a botnet. The hacker, who uses the online alias Stackoverflowin, later said that the botnet claim was not true and that his efforts served only to raise awareness about the risks of leaving printers exposed to the internet.
Stackoverflowin claims to be a high-school student from the U.K. who is interested in security research. He said that for the most part he simply sent print jobs using the Line Printer Daemon (LPD), the Internet Printing Protocol (IPP) and the RAW protocol on communications port 9100 to printers that didn't require authentication.To read this article in full or to leave a comment, please click here
History has yet to judge the 2016 presidential election, but from where we sit in the early days of 2017, it’s hard to imagine that it will ever be relegated to a footnote.
From how spectacularly polling failed to predict the election’s outcome to how the election was effectively decided by just “77,759 votes in three states,” not to mention that the loser walked away with 2.8 million more votes than the winner, the 2016 election season produced one big story after another.
But what may prove to be the biggest story of the 2016 election is the series of hacks that undermined both the democratic process and the Democratic candidate — and the the role of the Russian government in those hacks.To read this article in full or to leave a comment, please click here(Insider Story)
There are hundreds of security vendors across the security stack. You have providers for cloud, email, network and endpoint security, as well as threat, malware and DDoS protection, among phishing and whaling protection, insider threat detection and a whole lot more.The trouble is, a huge number of these solutions don’t ‘play’ well with one another, with this often making life difficult for security teams adopting these technologies. At the same time, these same teams are expected to keep up with an ever-changing landscape and criminals who innovate faster than most Fortune 500 companies.Magnum Consulting analyst Frank J. Ohlhorst captured this collaboration issue perfectly in an opinion piece last year.To read this article in full or to leave a comment, please click here