Apple, Facebook, GitHub, Google, Microsoft, Mozilla, Netflix, PayPal and the Wikimedia Foundation were among 97 companies that filed an amicus brief late Sunday opposing President Donald Trump’s executive order on immigration on the grounds that it harms competitiveness and is discriminatory.The brief was filed in the Ninth Circuit Court of Appeals late last night, a bump up in the timetable, as Bloomberg reported the companies had originally planned to file later this week.To read this article in full or to leave a comment, please click here
In the latest episode of Security Sessions, CSO Editor-in-chief Joan Goodchild speaks with Imad Mouline, CTO at Everbridge, about how involved CSOs need to be with planning for an active shooter or other emergency at their company. While many leave physical security to others in the company, the CSO can be key to determining communications plans for alerting employees.
With the annual RSA security conference just around the corner, we decided to touch base with the 10 companies selected as finalists in last year’s Innovation Sandbox competition and see how they’re making out.The RSA Conference had 88 submissions for Innovation Sandbox slots last year and the field was whittled down to Bastille Networks, Illusive Networks, Menlo Security, Phantom Cyber, Prevoty, ProtectWise, SafeBreach, Skyport, Vera and Versa Networks. In last year’s competition, each vendor pitched their product to a panel of judges, as well as a packed house of attendees at the Moscone Center in San Francisco. Phantom Networks was selected as the overall winner.To read this article in full or to leave a comment, please click here(Insider Story)
With the annual RSA security conference just around the corner, we decided to touch base with the 10 companies selected as finalists in last year’s Innovation Sandbox competition and see how they’re making out.
The RSA Conference had 88 submissions for Innovation Sandbox slots last year and the field was whittled down to Bastille Networks, Illusive Networks, Menlo Security, Phantom Cyber, Prevoty, ProtectWise, SafeBreach, Skyport, Vera and Versa Networks. In last year’s competition, each vendor pitched their product to a panel of judges, as well as a packed house of attendees at the Moscone Center in San Francisco. Phantom Networks was selected as the overall winner.To read this article in full or to leave a comment, please click here(Insider Story)
Google has been ordered by a federal court in Pennsylvania to comply with search warrants and produce customer emails stored abroad, in a decision that is in sharp contrast to that of an appeals court in a similar case involving Microsoft.Magistrate Judge Thomas J. Rueter of the U.S. District Court for the Eastern District of Pennsylvania ruled Friday that the two warrants under the Stored Communications Act (SCA) for emails required by the government in two criminal investigations constituted neither a seizure nor a search of the targets' data in a foreign country.Transferring data electronically from a server in a foreign country to Google's data center in California does not amount to a seizure because “there is no meaningful interference with the account holder's possessory interest in the user data,” and Google’s algorithm in any case regularly transfers user data from one data center to another without the customer's knowledge, Judge Rueter wrote.To read this article in full or to leave a comment, please click here
New products of the weekImage by FortinetOur roundup of intriguing new products. Read how to submit an entry to Network World's products of the week slideshow.Red Armor NSE7000Image by corsaTo read this article in full or to leave a comment, please click here
If your printer printed a “YOUR PRINTER HAS BEEN PWND’D” message from “stackoverflowin,” then it’s just one of more than 150,000 printers that have been pwned. Although the message likely referenced your printer being part of a botnet or “flaming botnet,” the hacker responsible says it’s not and that he is trying to raise awareness about the pitiful state of printer security.One of the messages the hacker caused to print was:
stackoverflowin the hacker god has returned, your printer is part of a flaming botnet, operating on putin’s forehead utilising BTI’s (break the internet) complete infrastructure.
Another stated:To read this article in full or to leave a comment, please click here
The U.K.’s defense secretary is accusing Russia of using cyber attacks to “disable” democratic processes across the West, and he's demanding that NATO fight back.“NATO must defend itself as effectively in the cyber sphere as it does in the air, on land, and at sea,” Defense Secretary Michael Fallon said. “So adversaries know there is a price to pay if they use cyber weapons.”Fallon made the comments in a Thursday speech about the threat of “Russia’s military resurgence.”He pointed to the Kremlin’s suspected role in influencing last year’s presidential election in the U.S., as part of growing number of alleged cyber attacks that have targeted Western governments. To read this article in full or to leave a comment, please click here
Like clockwork, the week leading up to the Super Bowl has seen the federal government tear into the counterfeit sports gear element – this time seizing some $20 million worth of fake jerseys, hats, cell-phone accessories and thousands of other bogus items prepared to be sold to unsuspecting consumers.+More on Network World: 10 of the latest craziest and scariest things the TSA found on your fellow travelers+ ICE/DHS
U.S. Immigration and Customs Enforcement (ICE) and Homeland Security Investigations (HSI) teams nabbed 260,000 counterfeit sports-related items during its annual, year-long Operation Team Player sting. Last year ICE seized nearly 450,000 phony items worth an estimated $39 million. In 2014 it grabbed 326,147 phony items worth more than $19.5 million.To read this article in full or to leave a comment, please click here
Microsoft will likely wait until February 14 to fix a publicly disclosed vulnerability in the SMB network file sharing protocol that can be exploited to crash Windows computers.
The vulnerability was disclosed Thursday when the security researcher who found it posted a proof-of-concept exploit for it on GitHub. There was concern initially that the flaw might also allow for arbitrary code execution and not just denial-of-service, which would have made it critical.
The CERT Coordination Center (CERT/CC) at Carnegie Mellon University at first mentioned arbitrary code execution as a possibility in an advisory released Thursday. However, the organization has since removed that wording from the document and downgraded the flaw's severity score from 10 (critical) to 7.8 (high).To read this article in full or to leave a comment, please click here
The implementation of the SMB network file sharing protocol in Windows has a serious vulnerability that could allow hackers to, at the very least, remotely crash systems.
The unpatched vulnerability was publicly disclosed Thursday by an independent security researcher named Laurent Gaffié, who claims that Microsoft has delayed releasing a patch for the flaw for the past three months.
Gaffié, who is known on Twitter as PythonResponder, published a proof-of-concept exploit for the vulnerability on GitHub, triggering an advisory from the CERT Coordination Center (CERT/CC) at Carnegie Mellon University.To read this article in full or to leave a comment, please click here
Once upon a time, there was a role known as the database administrator. Back when all data was stored locally, these employees were the keepers of the company database, responsible for making sure all information was accessible and tracking things such as financial information and customer details.Typically, these employees would hold a bachelor’s degree in computer science or similar subjects, while being well-versed in the major database management products (SQL, SAP and Oracle-based database management software).+ Also on Network World: If the cloud is so great, why are so many businesses unsatisfied? +
In 2017, however, the trend of enterprises moving data into the cloud continues to reduce the role of the database administrator (DBA) in big and small businesses alike around the world.To read this article in full or to leave a comment, please click here
Almost every day, there’s news about a massive data leak -- a breach at Yahoo that reveals millions of user accounts, a compromise involving Gmail phishing scams. Security professionals are constantly moving the chess pieces around, but it can be a losing battle.Yet, there is one ally that has emerged in recent years. Artificial intelligence can stay vigilant at all times, looking for patterns in behavior and alerting you to a new threat.To read this article in full or to leave a comment, please click here
Maintaining HIPAA compliance Image by ThinkstockMany people are loosely familiar with Health Insurance Portability and Accountability Act (HIPAA) and usually associate it with hospitals, clinics and health insurance companies. However, it can be less clear how HIPAA compliance standards apply to countless other software vendors, SaaS providers that work with healthcare-related businesses or handle protected health information (PHI). In recent months, the Office for Civil Rights has been coming down hard on HIPAA violators, doling out some of the large fines – upwards of $5 million. So in order to ensure your business is protected and to maintain your brand reputation, it is vital to know the ins and outs of HIPAA compliance. With this in mind, Dizzion provides suggestions for ways vendors can maintain HIPAA compliance while still focusing on their primary business objectives.To read this article in full or to leave a comment, please click here
The internet is what made IoT happen, providing a common protocol to take the place of separate, specialized networks. But the public internet itself may not always be the best path between a connected device and the cloud.Enterprises can now connect cellular IoT devices to back-end systems via NetBond, a private network service from AT&T, instead of the Internet. The NetBond service sets up a VPN (virtual private network) from an edge device to the cloud. It can connect to 16 different public clouds, including Amazon Web Services and Microsoft Azure, or a private or hybrid cloud.To read this article in full or to leave a comment, please click here
RSA Conference 2017 will take on the threat posed by the internet of things, something that was demonstrated last fall by the DDoS attacks that took down Dyn data centers and many of the high-profile Web sites it supports.Those attacks, generating peak traffic of 1TByte or more, raise the question of how best to secure these devices, and sessions at the Feb.13-17 conference in San Francisco try to answer it.+More on Network World: Cisco: Faulty clock part could cause failure in some Nexus switches, ISR routers, ASA security appliances+To read this article in full or to leave a comment, please click here
Just as tax season gets underway in earnest, the Internal Revenue Service put out a warning about what it called dangerous, evolving W-2 scams that are targeting corporations, school districts and other public and private concerns.“This is one of the most dangerous email phishing scams we’ve seen in a long time. It can result in the large-scale theft of sensitive data that criminals can use to commit various crimes, including filing fraudulent tax returns. We need everyone’s help to turn the tide against this scheme,’’ said IRS Commissioner John Koskinen in a statement. “Taxpayers should avoid opening surprise emails or clicking on web links claiming to be from the IRS. Don’t be fooled by unexpected emails about big refunds, tax bills or requesting personal information. That’s not how the IRS communicates with taxpayers.”To read this article in full or to leave a comment, please click here
Sanctions imposed by former President Obama on Russia for hacking during the U.S. election had an unintended side effect: they essentially barred U.S. tech firms from selling new IT products in the country.Part of last month's sanction order was designed to block U.S. companies from doing business with Russia’s Federal Security Service, also known as the FSB, because of its suspected role in influencing last year’s election.But the FSB isn’t just an intelligence agency. It’s also a crucial regulator in Russia that clears new IT products, including smartphones and tablets, for sale in the country.To read this article in full or to leave a comment, please click here
Internet of Things (IoT) devices are soon expected to outnumber end-user devices by as much as four to one. These applications can be found everywhere—from manufacturing floors and building management to video surveillance and lighting systems.However, security threats pose serious obstacles to IoT adoption in enterprises or even home environments for sensitive applications such as remote healthcare monitoring. IoT security can be divided into the following three distinct components:
Application service
End device
Transport
Although all three are critical for systemwide security, this post will address only transport security.To read this article in full or to leave a comment, please click here
Earlier this week, I posted a blog about my expectations for endpoint security at the upcoming RSA Conference. Similarly, here’s what I anticipate hearing about network security:
1. DDoS protection. While data breaches get front page, above the fold headlines, DDoS attacks remain relatively invisible by comparison. This is puzzling since DDoS attacks happen almost daily. A quick review of the news shows that the Trump hotel website, Sonic (ISP in CA), Emsisoft, and Lloyd’s Bank have all been hit with DDoS attacks over the past few weeks. These are relatively pedestrian attacks compared to the now infamous Mirai botnet DDoS attack on Dyn back in October and the subsequent attack on French hosting provider OVH a week later. These particular DDoS attacks generated between 60mbps and 1tbps worth of traffic! It’s also worth noting that we are also seeing a rise in stealthy application-layer DDoS attacks as well as blended threats of DDoS and ransomware together. DDoS attacks are still a tad on the geeky side to play a starring role at RSA, but I do expect a lot more DDoS chatter. Good thing because a lot of security Continue reading