Russian cyberspies blamed for US election hacks are now targeting Macs

Security researchers have discovered a macOS malware program that's likely part of the arsenal used by the Russian cyberespionage group blamed for hacking into the U.S. Democratic National Committee last year.The group, which is known in the security industry under different names, including Fancy Bear, Pawn Storm, and APT28, has been operating for almost a decade. It is believed to be the sole user and likely developer of a Trojan program called Sofacy or X-Agent.X-Agent variants for Windows, Linux, Android, and iOS have been found in the wild in the past, but researchers from Bitdefender have now come across what appears to be the first macOS version of the Trojan.To read this article in full or to leave a comment, please click here

Russian cyberspies blamed for US election hacks are now targeting Macs

Security researchers have discovered a macOS malware program that's likely part of the arsenal used by the Russian cyberespionage group blamed for hacking into the U.S. Democratic National Committee last year.The group, which is known in the security industry under different names, including Fancy Bear, Pawn Storm, and APT28, has been operating for almost a decade. It is believed to be the sole user and likely developer of a Trojan program called Sofacy or X-Agent.X-Agent variants for Windows, Linux, Android, and iOS have been found in the wild in the past, but researchers from Bitdefender have now come across what appears to be the first macOS version of the Trojan.To read this article in full or to leave a comment, please click here

Want to see your DNS analytics? We have a Grafana plugin for that

Curious where your DNS traffic is coming from, how much DNS traffic is on your domain, and what records people are querying for that don’t exist? We now have a Grafana plugin for you.

Grafana is an open source data visualization tool that you can use to integrate data from many sources into one cohesive dashboard, and even use it to set up alerts. We’re big Grafana fans here - we use Grafana internally for our ops metrics dashboards.

In the Cloudflare Grafana plugin, you can see the response code breakdown of your DNS traffic. During a random prefix flood, a common type of DNS DDoS attack where an attacker queries random subdomains to bypass DNS caches and overwhelm the origin nameservers, you will see the number of NXDOMAIN responses increase dramatically. It is also common during normal traffic to have a small amount of negative answers due to typos or clients searching for missing records.

You can also see the breakdown of queries by data center and by query type to understand where your traffic is coming from and what your domains are being queried for. This is very useful to identify localized issues, and to see how your Continue reading

Forward Networks – A forward approach to formal verification

Forward Networks has stepped out of the shadows to announce their Network Assurance platform, and I was fortunate enough to be a delegate for Networking Field Day 13 to see their first public briefing. We were all excited to set foot onto the Andressen Horowitz campus that day, but none of us were quite sure what exactly to expect.

Forward Networks was founded by David Erickson and Brandon Heller, PhD in Computer Science from Stanford University, who saw the great need for help in the networking market and decided to tackle a challenge that no one else recognized. They worked in Nick McKeown’s Lab at Stanford University back in 2006 before SDN was ever put on a Networking Bingo card, let alone even heard of. They helped create the standards and shape OpenFlow as it came into existence. Working on bleeding edge SDN networks they realized that the tools network engineers were dealing with were wholly insufficient to troubleshoot many advanced and complicated networks.

In 2013 they founded Forward networks with the goal of understanding how networks work at the functional level. They’ve written an algorithm that can take in large amounts of data from your devices and build a Continue reading

9 Security Startups Worth Watching In 2017

Legacy security products are not keeping up.

IDG Contributor Network: Komprise scoops up $12M upon general availability of its data management platform

It's been a year or so since I last caught up with Komprise, the data management vendor that was founded by Krishna Subramanian, a well-respected Silicon Valley veteran who has successfully founded, built, merged and acquired businesses -- both as founder/CEO of a startup backed by tier-one VCs and as corporate development leader at Sun.Her previous startup, Kaviza, was focused on eliminating the cost and complexity of my personal pet hate, virtual desktops, and -- notwithstanding my distaste for the space -- was acquired by Citrix in 2011. Subramanian then did her obligatory two years of duty within Citrix before embarking on her new thing.To read this article in full or to leave a comment, please click here

Juniper Enlists Partners for Software-Defined Secure Networks

The network is your security tool. Sound familiar?

Why tech companies are uniting to fight Trump’s immigration ban

In less than a month since being sworn in as the 45th President of the United States, Donald Trump has struck an emotional chord with tech companies, generating an unparalleled unifying force of opposition. The Trump administration’s executive order banning all people from seven predominantly Muslim countries from the entering the United States has created a rift between political and business interests, and one that many technology leaders consider a threat to their very existence.A group of 127 technology companies last week filed an official friend-of-the-court brief in the lawsuits opposing the administration’s executive order in Minnesota and Washington. Apple, Facebook, Google, LinkedIn, Microsoft, Snap and Twitter are all on board, but there are some conspicuous absences. Enterprise leaders IBM and Oracle haven’t joined the effort and all of the major telecom and cable providers have held out thus far as well. Amazon was asked not to join the filing because it’s a witness in the original lawsuit, according to Mashable.To read this article in full or to leave a comment, please click here

Google’s new cloud service is a unique take on a database

Google has turned a database service that it uses to run some of its mission-critical products into an offering for its public cloud customers.On Tuesday, the company launched Cloud Spanner, a new, fully managed database that’s supposed to provide the transactional consistency of a traditional database plus the scalability and performance of a NoSQL database. It’s based on the same systems that run the company’s own Spanner database internally.Usually, businesses have to pick either a traditional or a NoSQL database, and each comes with particular trade-offs. Traditional databases provide better transactional consistency, but can be hard to scale. NoSQL databases are better at scaling but sacrifice consistency.To read this article in full or to leave a comment, please click here

Worth Reading: A Field Guide to Internet Governance in 2017

The global debate on Internet Governance has come a long way since 2005. In the 12 years following the World Summit on the Information Society (WSIS) in Tunis, governments have paid more attention than ever to policies that can promote economic development, security, and innovation. You may not have felt the progress, however; if it is hard to see a reduction in the confusion and “soup of forums” described on this site nearly six years ago, this is because as we have made progress, the scope of the issues addressed have increased to match. On the spectrum between a sprint and a marathon, Internet Governance may have become the Self-Transcendence 3100 Mile Race. —CircleID

The post Worth Reading: A Field Guide to Internet Governance in 2017 appeared first on 'net work.

IDG Contributor Network: Accelerating digital transformation using the Medici Effect

The King Abdullah University of Science and Technology, known as KAUST, is a fascinating place. A literal and figurative oasis about an hour north of Jeddah, Saudi Arabia, KAUST is a tier-one research university with a mission to inspire discoveries that address global challenges and to serve as a beacon of knowledge that bridges people and cultures for the betterment of humanity.Last week, KAUST brought together nearly 100 leaders from industry, government, education and other research institutions to help it craft its forward-looking IT strategy. But more than just helping craft their strategy, this summit proved to be a model for executing a digital transformation.To read this article in full or to leave a comment, please click here

Wireless charging for iPhones & iPads might finally be coming together for Apple

Apple joining the Wireless Power Consortium in advance of the group's conference this week in London, combined with new research out of MIT designed to safeguard wireless charging, has to be encouraging news for iPhone and iPad users tired of being tethered.Apple showing up on the Wireless Power Consortium's member list took place without any fanfare from the vendor itself, but the revelation did add strength to analyst claims that wireless charging could be coming to the iPhone 8 (or iPhone X) and other new Apple smartphones this year.To read this article in full or to leave a comment, please click here

Microsoft’s president wants a Geneva Convention for cyberwar

Microsoft is calling for a Digital Geneva Convention, as global tensions over digital attacks continue to rise. The tech giant wants to see civilian use of the internet protected as part of an international set of accords, Brad Smith, the company’s president and chief legal officer, said in a blog post. The manifesto, published alongside his keynote address at the RSA conference in San Francisco on Tuesday, argued for codifying recent international norms around cyberwarfare and for establishing an independent agency to respond to and analyze cyberattacks.To read this article in full or to leave a comment, please click here

Microsoft’s president wants a Geneva Convention for cyberwar

Microsoft is calling for a Digital Geneva Convention, as global tensions over digital attacks continue to rise. The tech giant wants to see civilian use of the internet protected as part of an international set of accords, Brad Smith, the company’s president and chief legal officer, said in a blog post. The manifesto, published alongside his keynote address at the RSA conference in San Francisco on Tuesday, argued for codifying recent international norms around cyberwarfare and for establishing an independent agency to respond to and analyze cyberattacks.To read this article in full or to leave a comment, please click here

IDG Contributor Network: Unified communications for reals

It all started with Voice over Internet Protocol (VoIP). Prior to VoIP, the PBX was totally independent with its own server connected to proprietary endpoints (telephones) over a proprietary network. VoIP enabled telephony to co-mingle with other servers, networks and endpoints.Telephony grabbed hold of the concept of unified communications (UC) and made “PBX” a legacy term. A single UC client could support voice, voicemail and instant messaging (IM). UC APIs offered communications capabilities to other applications.+ Also on Network World: Office, Outlook, Slack, Handoff: The digital workplace reborn + While the UC industry has done a great deal with multi-modal communications, it has not been successful at unifying communications. In many ways, we are more connected and converse more than ever before, but most of these conversations occur outside of the UC suite.To read this article in full or to leave a comment, please click here

Save $50 on the PlayStation 4 Slim 500GB Console, Call of Duty: Infinite Warfare Legacy Bundle – Deal Alert

The bundle includes a new slim 500GB PlayStation 4 system, and a matching DualShock 4 Wireless Controller. It's discounted 17% on Amazon at the moment, so you can buy it for $250 instead of $300. See the discounted PS4 bundle now on Amazon. To read this article in full or to leave a comment, please click here

Avaya Surge protects the Internet of Things

The Internet of Things (IoT) is hitting a tipping point. While there has been a fair amount of IoT chatter and hype over the past few years, deployments have been limited to the traditional machine to machine (M2M) verticals such as oil and gas, mining and manufacturing. Over the past couple of years, though, more verticals have been looking to connect more non-traditional IoT devices.The reason I think we’re at this tipping point is because businesses aren’t referring to these deployments as “IoT” but rather it’s becoming normal operations to connect more and more devices. + Also on Network World: The Internet of Things security threat + Healthcare has rapidly been connecting patient devices, retailers are making point-of-sale systems “smart,” hotels are looking to improve the guest experience, and sports and entertainment venues are connecting more devices. While these verticals may seem different, the commonality of IoT initiatives is that when everything is connected, you can change the way the business interacts with customers, students, patients, patrons, employees or other constituents that interact with the organization. To read this article in full or to leave a comment, please click here

Avaya Surge protects the Internet of Things

The Internet of Things (IoT) is hitting a tipping point. While there has been a fair amount of IoT chatter and hype over the past few years, deployments have been limited to the traditional machine to machine (M2M) verticals such as oil and gas, mining and manufacturing. Over the past couple of years, though, more verticals have been looking to connect more non-traditional IoT devices.The reason I think we’re at this tipping point is because businesses aren’t referring to these deployments as “IoT” but rather it’s becoming normal operations to connect more and more devices. + Also on Network World: The Internet of Things security threat + Healthcare has rapidly been connecting patient devices, retailers are making point-of-sale systems “smart,” hotels are looking to improve the guest experience, and sports and entertainment venues are connecting more devices. While these verticals may seem different, the commonality of IoT initiatives is that when everything is connected, you can change the way the business interacts with customers, students, patients, patrons, employees or other constituents that interact with the organization. To read this article in full or to leave a comment, please click here

ExtraHop Creates Addy for Real-Time Network Security

Addy draws interpretations from the data ExtraHop is picking up real-time.

22% off Intel NUC Kit Mini PC – Deal Alert

The Intel NUC Kit NUC6i5SYH is a Mini PC with the power of a desktop PC. Equipped with Intel’s newest architecture, the 6th generation Intel Core i5-6260U processor, NUC6i5SYK has the performance to stream media, manage spreadsheets, or create presentations all in a 4x4” form factor. With 7.1 surround sound and an HDMI port for brilliant 4K resolution, the NUC6i5SYH is an ideal home theater PC. There’s room for a 2.5” SSD or HDD and up to 32 GB of RAM. This NUC is a barebones kit, meaning it is ready to accept the memory, storage, and operating system of your choice. It's currently listed as a #1 best seller on Amazon with 4.5 out of 5 stars from over 160 people (read recent reviews here). It's typical list price of $386 has been reduced 22% to $299.99, a good deal that may not be available for very long. See the discounted Intel NUC Kit on Amazon.To read this article in full or to leave a comment, please click here