Attackers are abusing the Windows Background Intelligent Transfer Service (BITS) to re-infect computers with malware after they've been already cleaned by antivirus products.The technique was observed in the wild last month by researchers from SecureWorks while responding to a malware incident for a customer. The antivirus software installed on a compromised computer detected and removed a malware program, but the computer was still showing signs of malicious activity at the network level.Upon further investigation, the researchers found two rogue jobs registered in BITS, a Windows service that's used by the OS and other apps to download updates or transfer files. The two malicious jobs periodically downloaded and attempted to reinstall the deleted malware.To read this article in full or to leave a comment, please click here
When Clark Golestani set about transforming the IT organization at Merck & Co., he adopted a “three horizons” model:To read this article in full or to leave a comment, please click here(Insider Story)
Verizon Communications will be bidding about US$3 billion for the Internet assets of ailing Yahoo, according to a newspaper report.The communications company will try to beat other potential bidders such as private-equity firm TPG with a deal that would likely aim to combine Yahoo Web properties, with over 1 billion users a month, with Verizon’s growing business in online ads, the Wall Street Journal reported late Monday.The bidding is far from final and Yahoo is expected to hold at least one more cycle of bidding, WSJ said quoting people familiar with the matter. But the price offered by Verizon could be an indicator of which way the fight for the acquisition of the Internet company is going.To read this article in full or to leave a comment, please click here
At U.S. Cyber Command, the top brass has made recruiting top talent a leading priority, but those efforts have been slowed by challenges in attracting and retaining the next generation of cyber warriors.Maj. Gen. Paul Nakasone, commander of Cyber Command's Cyber National Mission Force, spoke to those struggles in a recent online event hosted by Federal News Radio.[ Related: 'HACKERS WANTED' Report: NSA Not Having Trouble Filing Cybersecurity Jobs ]To read this article in full or to leave a comment, please click here
More companies are contributing to open source projects, but the management of open source software is still chaotic.To read this article in full or to leave a comment, please click here(Insider Story)
It is no easy task to secure today's digital enterprise. With all of the irons in the fire of the digital ecosystem, there is a lot that can compromise the corporate website. Both website visitors and Internet users are vulnerable to web-based malware, and it is increasingly more difficult for security practitioners to thwart web-based attacks.Even with the daily occurrence of breaches, some organizations are not thinking about security, especially those enterprises for whom a large percentage of their revenue comes directly through the website. Many companies that do worry about security, think of it in terms of restricting internal users from accessing what might be potentially risky sites.To read this article in full or to leave a comment, please click here
Videoconferencing and the enterprise have had a good old love-hate relationship over the past few decades. It’s kind of like what’s happening with Tom Brady and the NFL. Both know they’re better off with each other, but there’s so much historical pain that it’s hard to move on and give each other another shot.Enterprise video has come a long way over the past five years, but there are so many painful memories of how things were that many IT and business leaders don’t want to give video another chance. However, it’s worth taking another look. Complicated user interfaces have been replaced with easy-to-use touchscreens. IT no longer has to roll around carts and spend half the meeting time trying to dial the other side’s ISDN SPID. Quality issues have all but been resolved, and modern systems work fine now even over low bandwidth connections.To read this article in full or to leave a comment, please click here
Four Cisco Systems executives who led “spin-in” ventures that became important parts of the company have resigned.The longtime leaders decided to leave the company on June 17 because of “a disconnect regarding roles, responsibilities and charter” after a new Cisco business unit was announced, according to an internal memo posted Monday by CEO Chuck Robbins and seen by IDG News Service. The move was first reported by the Wall Street Journal.Engineers Mario Mazzola, Prem Jain and Luca Cafiero, and marketer Soni Jiandani, nicknamed “MPLS” after their first initials, started several companies with Cisco’s backing that later were absorbed back into the networking giant. The companies included Andiamo Networks in storage, Nuova Systems in data-center switching and Insieme Networks in SDN (software-defined networking).To read this article in full or to leave a comment, please click here
Egnyte, an enterprise-focused file sync and sharing startup, is expanding beyond its roots in holding onto companies' data for them, and now aims to protect any data a company has, no matter where it's stored.
Egnyte Protect is a service that aims to provide a single tool for controlling and securing company data that's stored in private data centers and in the public cloud.
It's based on the content protection capabilities that are built into Egnyte's file sync and share product, and works with products including SharePoint, OneDrive, Dropbox and Google Drive, the company said Tuesday.
Moving into the content services business means that Egnyte can meet enterprises where they are, even if they never plan to use its file storage service, which is now known as Egnyte Connect.To read this article in full or to leave a comment, please click here
Google has quite the duopoly with Android and Chrome. The latter is the world’s most popular mobile operating system, while Chrome dominates the charts when it comes to browser usage.So it’s long past time to make these two stalwarts play together a little more closely. Yes, we know that the Google Play Store is coming to Chromebooks, but there are still millions of people who either by choice or necessity do their desktop computing in Windows or OS X. Android and Chrome complement each other in a few ways already. Your browsing history and active tabs can sync across devices. Chrome supports rich notifications for most of the Google and third-party services that you probably use across mobile and the desktop.To read this article in full or to leave a comment, please click here
For IT organizations hungry for talent, agile is key to helping attract and retain the next generation of engineers and developers, because the principles of the methodology dovetail with millennials' intrinsic motivation.Autonomy, mastery and purpose
One of the hallmarks of the millennial generation is its need for autonomy, mastery and purpose in the work they're doing, and a demonstrable impact on the success of the companies they work for and the larger world around them. It's one of the reasons millennial software engineers embrace the agile methodology, with its emphasis on flat management, self-regulating teams, business context, iteration and ability to adapt quickly to changing needs and demands, says Dave West, product owner at Scrum.org.To read this article in full or to leave a comment, please click here
Despite the fact that they received plenty of media attention during the past few years, "proximity" mobile payments, or mobile payments made at retailers' points of sale (PoS), have yet to hit the mainstream. Multiple reasons why exist, but perhaps the most significant roadblock thus far: Today's mobile payment systems simply don't offer a strong enough value proposition to compel consumers to use them consistently.To date, the market has seen four alternative-payment success stories, according to Penny Gillespie, a research director of digital commerce with Gartner: PayPal, for online payments; Visa Signature debit cards; payroll cards; and gift cards. Each option offers "strong value propositions to consumers, as well as to merchants," Gillespie says, because they provide something new and beneficial that wasn't available before. Gift cards, for example, let consumers to easily send funds to friends and family, they make it easy for recipients to spend that money, and they drive recipients to stores, which benefits retailers. To read this article in full or to leave a comment, please click here
Shaming carriers and smartphone manufacturers into applying patches faster is a step forward, but a lot more needs to be done to improve security of the Android platform, security experts say.Last month, Bloomberg, citing unnamed sources, is considering releasing a list of vendors ranked by how up-to-date their headsets are.This has long been a problem for Android. Unlike Apple, which can unilaterally push out updates to its customers as they come out, the situation with Android is a lot more complicated.When a patch comes out, only Nexus phones get them automatically, said Kyle Lady, research and development engineer at Duo Security.To read this article in full or to leave a comment, please click here
Copenhagen has become the first city in the world to attempt to monetize its, and others’, data through a city data market.Traffic snarl-ups, home break-ins, whether it rained or snowed, and how much electricity the city dwellers use each day is among the data to be traded for cash, city officials announced. Interestingly, the city, which is partnering with Hitachi on the project, also wants to incorporate others’ data.City officials say the availability of municipal data through the City Data Exchange website will help companies “develop new, innovative solutions to create smarter cities.” But it’s both public and “private sector organization” data that will be made available.To read this article in full or to leave a comment, please click here
There were 19 distributed denial-of-service (DDoS) attacks that exceeded 100 Gbps during the first three months of the year, almost four times more than in the previous quarter.
Even more concerning is that these mega attacks, which few companies can withstand on their own, were launched using so-called booter or stresser botnets that are common and cheap to rent. This means that more criminals can now afford to launch such crippling attacks.
"In the past, very few attacks generated with booter/stresser tools exceeded the 100 Gbps mark," researchers from Akamai said in the company's State of the Internet security report for the first quarter of 2016 that was released Tuesday.To read this article in full or to leave a comment, please click here
Prezi, the seven-year-old startup that aims to reinvent the way that people make presentations, has launched a new business-focused offering that's aimed at getting companies to use its software instead of rivals like PowerPoint. Teams that sign up for Prezi Business will get several new features, including the ability to present over the Web, analytics to understand how different parts of presentations fly with audiences, and real-time collaboration. It's a major push for the presentation software company, which is competing against the likes of Microsoft, Google and Apple with a cloud-based tool that pans and zooms through a canvas, rather than showing an audience a series of slides. Prezi CEO Peter Arvai argued in an interview that the software's ability to easily show relationships between presentation elements makes it a more effective tool for convincing an audience.To read this article in full or to leave a comment, please click here
Making sense of data can involve a wide variety of tools, and IBM is hoping to make data scientists' lives easier by putting them all in one place.
The company on Tuesday released what it calls Data Science Experience, a new development environment in the cloud for real-time, high-performance analytics.
Based on data-processing framework Apache Spark, Data Science Experience is designed to speed and simplify the process of embedding data and machine learning into cloud applications. Included in the new offering are tools such as RStudio and Jupyter Notebooks.To read this article in full or to leave a comment, please click here
Legal professionals are by their nature a skeptical and cautious lot, but the sharp rise in cloud-based applications being used by enterprises and law firms, as well as recent high-profile law firm security breaches, has many legal professionals reticent about entering cloud engagements.“The buck stops with the lawyer,” says Michael R. Overly, a partner and intellectual property lawyer focusing on technology at Foley & Lardner LLP in Los Angeles. “You’re trusting the [cloud provider] with how they manage security,” and yet their contract language excuses them from almost all responsibility if a security or confidentiality breach occurs, he says. “One can’t simply go to clients or the state bar association and say the third party caused a breach, so it’s really not our responsibility.”To read this article in full or to leave a comment, please click here
Security talksImage by ThinkstockWe know you’re busy, that’s why we invested the time to find you the 10 Security TED talks that you really can’t miss. These talks tackle some of the biggest security challenges of our time, from securing medical devices to how cyber-attacks can threaten world peace. Some of them will be given by security experts you know, and other talks here by those who may be new to you. Some are recent, others were recorded years ago, but are just (if not more) relevant today. We think you’ll be better for having taken the time to listen and consider their messages.To read this article in full or to leave a comment, please click here
New products of the weekOur roundup of intriguing new products. Read how to submit an entry to Network World's products of the week slideshow.IntellaFlex HyperEngine Packet ProcessorKey features – APCON’s HyperEngine monitoring solution supports up to 200Gbps throughput and provides a set of monitoring services including ultra-fast deduplication and NetFlow at hyperspeed, with additional features coming later in 2016. More info.To read this article in full or to leave a comment, please click here