Google has stopped Wednesday’s clever email phishing scheme, but the attack may very well make a comeback.One security researcher has already managed to replicate it, even as Google is trying to protect users from such attacks.“It looks exactly like the original spoof,” said Matt Austin, director of security research at Contrast Security.The phishing scheme -- which may have circulated to 1 million Gmail users -- is particularly effective because it fooled users with a dummy app that looked like Google Docs.To read this article in full or to leave a comment, please click here
A sophisticated Russian cyberespionage group is readying attacks against Mac users and has recently ported its Windows backdoor program to macOS.The group, known in the security industry as Snake, Turla or Uroburos, has been active since at least 2007 and has been responsible for some of the most complex cyberespionage attacks. It targets government entities, intelligence agencies, embassies, military organizations, research and academic institutions and large corporations."Compared to other prolific attackers with alleged ties to Russia, such as APT28 (Fancy Bear) and APT29 (Cozy Bear), Snake’s code is significantly more sophisticated, it’s infrastructure more complex and targets more carefully selected," researchers from Dutch cybsersecurity firm Fox-IT said in a blog post Wednesday.To read this article in full or to leave a comment, please click here
After about half a decade, Intel is wiping the confusing E5 and E7 monikers off its Xeon chips and rebranding them to bring more clarity about the performance and features that come with the processors.Xeon chips are used in servers and workstations like Mac Pro. Xeon chips being released mid-year will be broken down into Platinum, Gold, Silver, and Bronze processors.The naming scheme -- derived from metals -- is a mix of Olympic medals and branding of credit cards from companies like Delta. A person familiar with Intel's plans earlier said the chips will likely be widely referred to as Xeon-P, Xeon-G, Xeon-S, and Xeon-B, with the P for Platinum, G for Gold, etc.To read this article in full or to leave a comment, please click here
Now that the rumored cloud version of Windows 10 has been revealed, the facts are starting to come out, one of which may not sit very well with some users. Microsoft is all but locking users of Windows 10 S into its Edge browser. Windows 10 S is a locked-down version of the operating system that will only run apps from the Windows Store. When Microsoft tried this a few years back with Windows RT on the Surface tablet, it failed miserably due to a lack of apps.+ Also on Network World: Windows 10 adoption faster than any previous OS +
However, with time and the switch from ARM to x86, there is a much larger app library from which to choose, and that includes third-party browsers. But while you can install Chrome from the Windows Store, there is a big catch—you cannot change the default browser. To read this article in full or to leave a comment, please click here
Red Hat presented a vision during today's keynote address at the Red Hat Summit that it believes Ansible can and will be the foundation for enterprise-wide automation. Red Hat, by the way, recently acquired Ansible.Although the vision appears enticing at first glance, the broad statements about unifying the enterprise data center under Ansible really don't ring true.What is Ansible?
Ansible describes its technology in the following way:Ansible is the most popular open source automation tool on GitHub today with more than a quarter million downloads per month. With over 2,400 contributors submitting new modules all the time, rest assured that what you are automating is covered in Ansible already, or will be very soon."
Ansible was founded to provide a new way to think about managing systems and applications that better fit this new world. Historically, management vendors and home-grown scripting solutions were created to manage stacks of software on servers. In contrast, Ansible was created to orchestrate multi-tier applications across clouds. From configuration to deployment to zero-downtime rolling upgrades, Ansible is a single framework that can fully automate today’s modern enteprise apps.
OUR DIFFERENCE
Simple, agentless & powerful. Ansible’s simple, YAML-based automation syntax is quick Continue reading
Saving money may be a good enough reason to try a brand-new cloud storage service -- if it can deliver on its promises.That's the equation some enterprises may use when they look at Wasabi Technologies, an object storage startup that says it offers six times the performance of Amazon's S3 service at one-fifth the price. The service is available globally on Wednesday.The company, started by the co-founders of online backup provider Carbonite, says its single pool of capacity can deliver primary, secondary or archive data at a sustained-read speed of 1.3GB per second, versus 191MB per second at Amazon. Its durability is the same, Wasabi says.To read this article in full or to leave a comment, please click here
Cisco today warned user of a critical vulnerability in its CVR100W Wireless-N VPN router execute that could let an attacker issues arbitrary code or cause a denial of service situation.The company also issues three “High” level impact warnings advisories on its IOS XR Software, Teleprescence and Aironet wireless access point products.On the Critical warning, Cisco said a vulnerability in the Universal Plug-and-Play (UPnP) implementation in the Cisco CVR100W Wireless-N VPN Router could let an unauthenticated, Layer 2–adjacent attacker to execute arbitrary code or cause a denial of service (DoS).To read this article in full or to leave a comment, please click here
Verizon shut down its public cloud service in early 2016, and is now unloading its virtual private cloud and managed hosting offerings to IBM.The deal, announced Tuesday, allows IBM to improve its position in cloud computing, a spokesman said by email. Meanwhile, the deal allows Verizon to get out of the cloud infrastructure market dominated by Amazon, Google, and Microsoft, allowing it to focus on its managed network, security, and communications services.The companies did not disclose the terms of the sale. The transaction is expected to close later this year.To read this article in full or to leave a comment, please click here
What do UFOs, the Loch Ness Monster and intent-based networks have in common? These are all things that people claim to have seen, but no one can really prove it and their existence remains largely a myth.While the good folks over at the X-Files will continue to try and prove the first two, start-up vendor Apstra appears to have licked the third, as its latest operating system release, AOS 1.2 is making vendor-agnostic, intent-based networking a reality. RELATED: SD-WAN: What it is and why you will use it one day
You might be asking what exactly intent-based networking is? Think of it as a network where you tell it the “what,” and the “how” is determined by the system. A good example of this is a self-driving car where the driver puts in the destination address, and the car’s system figures out the details. The driver just gives it a command and then gets there. To read this article in full or to leave a comment, please click here
Google has joined Amazon Web Services in promising customers of its cloud services that it will be compliant with new European Union data protection rules due to take effect next year.Neither company is fully compliant yet, but both have now made public commitments to meet the requirements of the EU General Data Protection Regulation (GDPR) by May 25, 2018, echoing a promise Microsoft made back in February.The GDPR replaces the 1995 Data Protection Directive. Among its biggest changes are requirements that companies:- erase personal data on request unless there is a legitimate reason to retain it; - inform those affected by data breaches, and- design data protection into their products and services from the earliest stage of development.To read this article in full or to leave a comment, please click here
The Wine Saver is a vacuum pump that extracts the air from an opened wine bottle and re-seals it using a rubber stopper. The airtight vacuum inhibits the oxidation process that is responsible for the deterioration of wine. The vacuum is created by placing a stopper into the neck of the opened bottle and pumping it until resistance is detectable. The pump incorporates a patented 'click' mechanism that indicates when a sufficient airtight environment has been established. It's discounted 33% on Amazon, so you can get it right now for just $9.43 To read this article in full or to leave a comment, please click here
Many industrial IoT systems have open doors that create unintended vulnerabilities. What information could be exposed by open communications protocols? How do hackers identify vulnerable systems? What security resources are available? How do IoT firewalls protect against such threats?TCP Port 502 vulnerabilities
Many industrial systems use TCP Port 502, which allows two hosts to establish a connection and exchange streams of data. TCP guarantees delivery of data and that packets will be delivered on port 502 in the same order in which they were sent. This creates the risk of remote attackers to install arbitrary firmware updates via a MODBUS 125 function code to TCP port 502. Scans from services such as Shodan identify systems that have an open TCP port 502 that could be vulnerable.To read this article in full or to leave a comment, please click here
I recently participated in a webinar, and one of the questions I was asked made me think about a great first topic for this blog: What are the key drivers to keep an application and “lift and shift”?If you’re in a company that has a plan to move to the cloud, you’ve probably been asked what it is going to take to move an existing application to the cloud. In one of my previous roles, our CIO gave us the mandate that we were going to move everything out of one of our expensive data centers to the cloud within two years, so I saw a lot of “lift and shift” requests. But not a single one of those requests resulted in a lift and shift.Let’s review the benefits of running in the cloud and then see if we can characterize the types of applications that will run well in the cloud.To read this article in full or to leave a comment, please click here
SSDs operate the fastest when inside a computer. Micron's new SolidScale storage system uproots SSDs from servers and pushes them into discrete boxes while reducing latency.SolidScale is a top-of-the-rack storage system that will house many SSDs. It will connect to servers, memory, and other computing resources in a data center via gigabit ethernet, and will use the emerging NVMeoF (NVMe over Fabric) 1.0 protocol for data transfers.The new storage system is faster than regular storage arrays, Micron claimed. SolidScale can deliver data more than two times faster than a standard all-flash array.SolidScale is a step in decoupling SSDs from servers and putting them into shared storage in data centers. It also provides a power-efficient way of packing fast storage into tight spaces.To read this article in full or to leave a comment, please click here
Many companies have automated systems in place for preventing, detecting, and investigating security incidents, but automating the incident response and mitigation process for networks and endpoint devices has been a tougher nut to crack.That includes actions such as automatically re-imaging endpoint devices, isolating devices from corporate networks, or shutting down particular network processes in order to quickly and efficiently respond to attacks."I think there's a lot of potential," said Joseph Blankenship, analyst at Forrester Research. "We're definitely in a period of discovery, though, and that has to take place before we're going to see widespread, mainstream adoption."To read this article in full or to leave a comment, please click here
At a time where state actors have working exploits that target smart TVs and undisclosed zero-day exploits of fully patched PC and smartphone platforms, there is no question that practicing safe computing is more important than ever. While there is no silver bullet for you to protect yourself against constantly evolving security threats, there are some steps you can take to reduce your likelihood of being a victim in this age of insecurity.To read this article in full or to leave a comment, please click here(Insider Story)
I did wonder whether my youngest teenage son would return from a recent week-long service trip on which electronic devices were banned quivering from some sort of social media withdrawal, but he survived just fine and the salmon in Washington State thank him for his efforts.Despite what you might see all around you, teens taking either voluntary or involuntary hiatuses from social media apparently isn't entirely unusual: A new survey of nearly 800 Americans between the ages of 13 and 17 found that 58% of them reported taking significant breaks from the likes of Snapchat and Instagram.What's more, 65% of those teens claimed to have done so voluntarily, according to the Associated Press-NORC Center for Public Affairs Research survey. Also, one in five teens who haven't taken a break say they would like to do so.To read this article in full or to leave a comment, please click here
Many people are not aware of this, but Wi-Fi hotspots at Starbucks, Barnes & Noble or your local hotel that offers it as a complimentary service are not safe for confidential browsing, performing financial transactions or for viewing your emails.Public Wi-Fi does not offer encryption for individuals using the same password and hotspot. Also, your signals are broadcast across the immediate area. It is easy for someone else within your vicinity to eavesdrop on your communication. An unskilled hacker can intercept your signal using a phony hotspot or a tampering software that can be found on a search engine.+ Also on Network World: 4 lesser-known Wi-Fi security threats and how to defend against them +
The first task of a hacker is to get on the same network as the potential victim, then they can carry out that task with a public Wi-Fi network because they have the password. It does not matter if a network password is given out by the cashier or printed in your hotel room's welcome packet, once public, your security is compromised.To read this article in full or to leave a comment, please click here
The Xen Project has fixed three vulnerabilities in its widely used hypervisor that could allow operating systems running inside virtual machines to access the memory of the host systems, breaking the critical security layer among them.Two of the patched vulnerabilities can only be exploited under certain conditions, which limits their use in potential attacks, but one is a highly reliable flaw that poses a serious threat to multitenant data centers where the customers' virtualized servers share the same underlying hardware.The flaws don't yet have CVE tracking numbers, but are covered in three Xen security advisories called XSA-213, XSA-214 and XSA-215.To read this article in full or to leave a comment, please click here
The world of smartphones and tablets hasn’t yet completely taken over the world just yet – there are lots of people who still use an old-fashioned notebook (gosh, can’t believe I’m using the term ‘old-fashioned’ and ‘notebook’ in the same sentence) for their work, whether at home, in the office or traveling.But there are still limitations to these devices when it comes to audio and video – especially if you’re looking for some higher-end quality, as well as some portability. I recently tested two such devices – the new Logitech BRIO 4K webcam and the Jabra Speak 710 Bluetooth speaker. Don’t be scared by the higher price tags compared with other webcams and speaker systems – the higher-end quality and style make up for the extra price tag.To read this article in full or to leave a comment, please click here