U.S. President Donald Trump called on government agencies to better protect their networks, but he delayed signing an executive order to kick-start a government-wide review of cybersecurity policy.A draft copy of the order, leaked earlier, would give the Department of Defense and the Department of Homeland Security 60 days to submit a list of recommendations to protect U.S. government and private networks. Trump had been scheduled to sign the executive order Tuesday but canceled shortly before it was due to happen.To read this article in full or to leave a comment, please click here
Google today bolstered its G Suite of productivity apps with new controls and tools for IT professionals. G Suite administrators now have more access to control security key enforcement, data control with data loss prevention (DLP) for Google Drive and Gmail, and additional insights by connecting Gmail to BigQuery, Google’s enterprise data warehouse designed to enable SQL queries, according to Google.All of the changes, which are live today, are designed to elevate G Suite for the enterprise, especially among companies that need more confidence in the controls they can maintain over corporate data, according to Google.To read this article in full or to leave a comment, please click here
Data centers have become increasingly dynamic and distributed, which is why there has been a rise in technologies such as virtual machines, containers and hyperconverged systems.Security has been slow to evolve to meet the needs of the new world, but thanks to innovative start-ups such as Illumio, security is starting to change and is able to meet the demands of digital organizations. One of the big advancements in data center security has been the rise of segmentation tools. In actuality, coarse-grained segmentation has been around for decades in the form of firewalls, VLANs and ACLs, but companies like Illumio and VMware have extended the paradigm to applications, workloads and users. To read this article in full or to leave a comment, please click here
Spam is making a surprising resurgence as a threat to corporate security and becoming a more significant carrier of attacks as varied as spear phishing, ransomware and bots, according to Cisco’s 2017 Annual Cybersecurity Report.The company’s 10th such report says spam is way up. It accounts for 65% of all corporate email among customers who opted in to let the company gather data via telemetry in Cisco gear.Whereas spam had been knocked down as a threat in 2010 and kept at relatively low levels through 2015, it made a surge in 2016. In 2010, Cisco recorded 5,000 spam messages being sent per second. That number stayed generally below 1,500 for the next five years, spiking to about 2,000 briefly in 2014. But in 2016 it leaped to more than 3,000.To read this article in full or to leave a comment, please click here
For the past half year Netgear has been working on fixing a serious and easy-to-exploit vulnerability in many of its routers. And it's still not done.While Netgear has worked to fix the issue, the list of affected router models increased to 30, of which only 20 have firmware fixes available to date. A manual workaround is available for the rest.The vulnerability was discovered by Simon Kenin, a security researcher at Trustwave, and stems from a faulty password recovery implementation in the firmware of many Netgear routers. It is a variation of an older vulnerability that has been publicly known since 2014, but this new version is actually easier to exploit.To read this article in full or to leave a comment, please click here
President Donald Trump is due to sign an executive order Tuesday that gives each cabinet official more responsibility for the safety of data within their agency.It will be accompanied by a government-wide review of cybersecurity by the Office of Management and Budget, looking at the technology in place that guards U.S. government systems from cyberattacks, according to a White House official.The results of that review could lead to a government-wide upgrade of federal cybersecurity systems.The U.S. government has been hit by hacks in the last few years. The State Department spent months trying to get rid of intruders in its unclassified network and the Office of Personnel Management lost personal information on millions of government workers through a second hack.To read this article in full or to leave a comment, please click here
As the calendar shifts from January to February, cybersecurity professionals are gearing up for the RSA Security Conference in a few short weeks. Remarkably, the management team is expecting more than 50,000 attendees this year! So, what can we expect from RSA 2017? Well, cybersecurity is being driven by dangerous threats, digital transformation, and the need for massive scalability. This means innovation and change in just about every aspect of cybersecurity technology so I plan of writing a few blogs about my expectations for the RSA Conference. I’ll start with this one about endpoint security.To be clear, endpoint security should no longer be defined as antivirus software. No disrespect to tried-and-true AV, but endpoint security now spans a continuum that includes advanced prevention technologies, endpoint security controls, and advanced detection/response tools. My colleague Doug Cahill and I are currently tracking more than 50 endpoint security vendors, demonstrating just how much activity there is today.To read this article in full or to leave a comment, please click here
As the calendar shifts from January to February, cybersecurity professionals are gearing up for the RSA Security Conference in a few short weeks. Remarkably, the management team is expecting more than 50,000 attendees this year. So, what can we expect from RSA 2017? Well, cybersecurity is being driven by dangerous threats, digital transformation and the need for massive scalability. This means innovation and change in just about every aspect of cybersecurity technology, so I plan to write a few posts about my expectations for the RSA Conference. I’ll start with this one about endpoint security.To be clear, endpoint security should no longer be defined as antivirus software. No disrespect to tried-and-true AV, but endpoint security now spans a continuum that includes advanced prevention technologies, endpoint security controls and advanced detection/response tools. My colleague Doug Cahill and I are currently tracking more than 50 endpoint security vendors, demonstrating just how much activity there is today.To read this article in full or to leave a comment, please click here
At least one employee of the U.S. Federal Reserve sees the value of bitcoin and mining for it if you get your computing power for free. Nicholas Berthaume, who is now a former employee, was sentenced to 12 months’ probation and fined $5,000 for installing unauthorized bitcoin software on a Board of Governors of the Federal Reserve System server.According to a news release by the Office of Inspector General, Berthaume pleaded guilty to one count of unlawful conversion of government property.Working as a Communications Analyst, Berthaume had access to some Board computer servers. He put the computing power of a federal server to work for him. Mining is costly after all, as nowadays it tends to use more electricity than a miner earns. Unless a person has excess power from a solar farm for mining, then stealing electricity for mining is an option some people choose. You may have heard about the three men and one woman recently arrested in Venezuela for electricity theft and internet fraud.To read this article in full or to leave a comment, please click here
A recent IDC survey found 84% of U.S. consumers are concerned about the privacy of their personal information, with 70% saying their concern is greater today than it was a few years ago.These concerns of consumers should also alarm businesses: Consumers are willing to switch to another bank, medical center or retailer if they feel their personal information is threatened, the survey found."Consumers can exact punishment for data breaches or mishandled data by changing buyer behavior or shifting loyalty," said Sean Pike, an analyst at IDC, in a statement. The survey, released last week, polled 2,500 U.S. consumers about their privacy concerns across four verticals: Financial services, healthcare, retail and government.To read this article in full or to leave a comment, please click here
SonicWall has been through it all. The San Jose, CA-based security company began as a hot start up, went public, then private, was acquired by Dell and then spun off to a private equity firm as part of the massive Dell/EMC merger in 2016. In the wake of that change, SonicWall also got a new CEO, Bill Conner, a long-time security and tech industry leader, who took the helm in November. In this installment of the IDG CEO Interview Series, Conner spoke with Chief Content Officer John Gallant about what the Dell spin out means for customers and where SonicWall is focusing its development efforts. Hint: Think IoT, mobile and hybrid data centers. He also discussed the company’s cloud strategy and how the changing threat landscape opens up new opportunities in the enterprise for SonicWall, which is better known in the SMB space.To read this article in full or to leave a comment, please click here(Insider Story)
President Obama is only a couple of weeks out of office, but his legacy on cybersecurity is already getting reviews – mixed reviews.According to a number of experts, Obama said a lot of good things, did a lot of good things and devoted considerable energy to making cybersecurity a priority, but ultimately didn't accomplish the goal of making either government or the private sector more secure.The most recent, stark illustration was the series of leaks, enabled by hacks that US intelligence agencies attribute to Russia, that undermined both the credibility of Democratic presidential candidate Hillary Clinton and the election itself.To read this article in full or to leave a comment, please click here
F5 Networks CEO and President John McAdam, thrust back into that role in late 2015 under unusual circumstances, has announced that Ciena SVP and COO Francois Locoh-Donou will succeed him on April 3.McAdam joined F5 in 2000 and served as CEO and President until July 2015, when he handed the reins to Manuel Rivelo. But Rivelo stepped down in December of that year for unspecified personal conduct issues, and McAdam jumped back into the fray at the Seattle company, which he has helped to build into an application delivery powerhouse generating about $2B in annual revenue. To read this article in full or to leave a comment, please click here
By Presidential proclamation, non-U.S. citizens' data is in jeopardy. An executive order by President Trump could hurt a data transfer framework that allows EU citizens’ personal information to be transmitted to the U.S. for processing with the promise that the data would have the same privacy protection in the U.S. as it has in the EU. That’s because a section of the order says, “Agencies shall, to the extent consistent with applicable law, ensure that their privacy policies exclude persons who are not United States citizens or lawful permanent residents from the protections of the Privacy Act regarding personally identifiable information.” To read this article in full or to leave a comment, please click here
Forgot your password? Well, Facebook wants to help you recover your internet account.The company is releasing an open source protocol that will let third-party sites recover user accounts through Facebook.Typically, when people forget their password to a site, they’re forced to answer a security question or send a password reset request to their email. But these methods of account recovery can be vulnerable to hacking, said Facebook security engineer Brad Hill.He recalled a time when he was granted permission to break into an online bank account. To do so, he took advantage of the password reset questions.“It asked me what my favorite color was, and it let me guess as many times as I wanted,” he said Monday, during a presentation at the USENIX Enigma 2017 security conference.To read this article in full or to leave a comment, please click here
DARPA says there are now 30 contenders for its $3.75 million Spectrum Collaboration Challenge (SC2) whose goal is to get mobile devices more intelligent access to the ever-tightening wireless spectrum.+More on Network World: Intelligence agency opens $325,000 advanced, automated fingerprint gathering competition+ The defense research agency last March announced Spectrum Collaboration Challenge and said the primary goal of the contest was to infuse radios with “advanced machine-learning capabilities so they can collectively develop strategies that optimize use of the wireless spectrum in ways not possible with today’s intrinsically inefficient approach of pre-allocating exclusive access to designated frequencies.”To read this article in full or to leave a comment, please click here
Keeping companies safe from attackers is no longer just a technical issue of having the right defensive technologies in place. To me, this is practicing IT security, which is still needed but doesn’t address what happens after the attackers infiltrate your organization (and they will, despite your best efforts to keep them out).I’m trying to draw attention to this topic to get security teams, businesses executives and corporate boards to realize that IT security will not help them once attackers infiltrate a target. Once this happens, cybersecurity is required. + Also on Network World: Recruiting and retaining cybersecurity talent +
In cybersecurity, the defenders acknowledge that highly motivated and creative adversaries are launching sophisticated attacks. There’s also the realization that when software is used as a weapon, building a stronger or taller wall may not necessarily keep out the bad guys. To them, more defensive measures provide them with additional opportunities to find weak spots and gain access to a network.To read this article in full or to leave a comment, please click here
Trying to filter out phishing emails is tough work, even for organizations trying to find a better way through automation, according to a new study from security software company GreatHorn.The company makes software that seeks out phishing attempts and can autonomously block them, but even its customers don’t switch on all the features, according to GreatHorn’s study of how customers dealt with just over half a million spear phishing attempts.The most common autonomous action, taken a third of the time against suspicious emails, was to alert an admin when a policy was violated and let them decide what to do. This option is also chosen in order to create a record of potential threats, the company says. Another 6% of emails trigger alerts to the recipients so they can be on the lookout for similar attempts.To read this article in full or to leave a comment, please click here
Cisco has helped form a consortium to develop blockchain that could secure Internet of Things applications and more while new study by IBM shows why the technology could become invaluable for businesses worldwide.Reports from Reuters and a press release from the group said that Cisco has teamed up with Bank of New York Mellon, Foxconn, Gemalto and blockchain startups Consensus Systems (ConsenSys), BitSE and Chronicled to form a blockchain consortium that said it will develop a shared blockchain protocol for aimed at IoT products.To read this article in full or to leave a comment, please click here
About 70 percent of the cameras hooked up to the police's closed-circuit TV (CCTV) system in Washington, D.C., were reportedly unable to record footage for several days before President Trump's inauguration due to a ransomware attack.The attack affected 123 of the 187 network video recorders that form the city's CCTV system, the Washington Post reported Saturday. Each of these devices is used to store video footage captured by up to four cameras installed in public spaces.To read this article in full or to leave a comment, please click here