Archive

Category Archives for "Networking"

DDoS attacks from webcams, routers hit Singapore’s StarHub

Following Friday's massive internet disruption in the U.S., a Singapore-based broadband provider reports it faced two distributed denial-of-service attacks, forcing users offline.The attacks, which occurred Saturday and then on Monday, targeted Singapore's StarHub, briefly cutting internet access for the company's home broadband subscribers before services were restored."These two recent attacks that we experienced were unprecedented in scale, nature and complexity," StarHub said in a Facebook posting on Wednesday.In addition, the company has reportedly said that malware-infected broadband routers and webcams were involved in the two attacks, producing a spike in internet traffic that overwhelmed the company's services.To read this article in full or to leave a comment, please click here

The gender gap in tech is getting worse but it’s fixable

With all the recent attention paid to the IT skills gap and the need for more women and underrepresented minorities in technology, you'd think that the IT industry would have innovative solutions, programs and processes in place to fix it. You'd be wrong.New research from global professional services company Accenture and not-for-profit organization Girls Who Code, unveiled at the Grace Hopper Celebration of Women in Computing, held in Houston last week, that despite heightened awareness of the problem, without interventions, strategic planning and targeted tactics, the share of women in the U.S. computing workforce will decline from the current rate of 24 percent to 22 percent by 2025.To read this article in full or to leave a comment, please click here

Do you know where your sensitive documents are?

No organization wants to see sensitive information walk out its doors, yet it happens with alarming frequency.According to a recent study by Accusoft, a provider of document and imaging software, 34 percent of IT managers say their organization "has had sensitive information compromised due to poor file management practices." Yet 90 percent of them report being "confident they have the tools they need to protect their organizations’ documents."The survey of more than 100 U.S. IT managers and 250 full-time employees revealed an alarming disconnect between IT managers and their users. "Seventy-four percent of IT managers report that their firms have a formalized document management solution," according to the report. "At the same time, less than half (49 percent) of end users believed these resources were available." And 20 percent of employees "claim they don’t know what document management tools their employer uses."To read this article in full or to leave a comment, please click here(Insider Story)

Emergency Flash Player patch fixes zero-day critical flaw

Adobe Systems has released an emergency patch for Flash Player in order to fix a critical vulnerability that attackers are already taking advantage of.The vulnerability, tracked as CVE-2016-7855 in the Common Vulnerabilities and Exposures database, is a use-after-free error that could lead to arbitrary code execution."Adobe is aware of a report that an exploit for CVE-2016-7855 exists in the wild, and is being used in limited, targeted attacks against users running Windows versions 7, 8.1 and 10," the company warned in a security advisory Wednesday.Users are advised to upgrade to Flash Player 23.0.0.205 on Windows and Mac and to version 11.2.202.643 on Linux. The Flash Player runtime bundled with Google Chrome and Microsoft Edge or Internet Explorer 11 on Windows 10 and 8.1 will be updated automatically through those browsers' update mechanisms.To read this article in full or to leave a comment, please click here

Emergency Flash Player patch fixes zero-day critical flaw

Adobe Systems has released an emergency patch for Flash Player in order to fix a critical vulnerability that attackers are already taking advantage of.The vulnerability, tracked as CVE-2016-7855 in the Common Vulnerabilities and Exposures database, is a use-after-free error that could lead to arbitrary code execution."Adobe is aware of a report that an exploit for CVE-2016-7855 exists in the wild, and is being used in limited, targeted attacks against users running Windows versions 7, 8.1 and 10," the company warned in a security advisory Wednesday.Users are advised to upgrade to Flash Player 23.0.0.205 on Windows and Mac and to version 11.2.202.643 on Linux. The Flash Player runtime bundled with Google Chrome and Microsoft Edge or Internet Explorer 11 on Windows 10 and 8.1 will be updated automatically through those browsers' update mechanisms.To read this article in full or to leave a comment, please click here

Raspberry Pi Roundup: Watching for the meter-reader, driving Lego cars and sweet art

Being a person that lives in San Francisco, we’re reliably informed, is one of the best ways to spend lots of money, while simultaneously competing with other persons for very limited living space. The situation is much the same for cars, apparently, because one clever San Franciscan developed a Raspberry Pi-based gadget to help him hold onto parking spaces for as long as possible.The resident parking spaces near developer John Naulty’s home in the Castro have a two-hour limit, but he realized that those two hours didn’t start until San Francisco’s parking enforcement interceptors – distinctive little vehicles that monitor parked cars – drove past and noted his position.To read this article in full or to leave a comment, please click here

Attackers are now abusing exposed LDAP servers to amplify DDoS attacks

Attackers are abusing yet another widely used protocol in order to amplify distributed denial-of-service attacks: the Lightweight Directory Access Protocol (LDAP), which is used for directory services on corporate networks.DDoS mitigation provider Corero Network Security has recently observed an attack against its customers that was reflected and amplified through Connectionless LDAP (CLDAP), a variant of LDAP that uses the User Datagram Protocol (UDP) for transport.DDoS reflection is the practice of sending requests using a spoofed source IP address to various servers on the Internet, which will then direct their responses to that address instead of the real sender. The spoofed IP address is that of the intended victim.To read this article in full or to leave a comment, please click here

Attackers are now abusing exposed LDAP servers to amplify DDoS attacks

Attackers are abusing yet another widely used protocol in order to amplify distributed denial-of-service attacks: the Lightweight Directory Access Protocol (LDAP), which is used for directory services on corporate networks.DDoS mitigation provider Corero Network Security has recently observed an attack against its customers that was reflected and amplified through Connectionless LDAP (CLDAP), a variant of LDAP that uses the User Datagram Protocol (UDP) for transport.DDoS reflection is the practice of sending requests using a spoofed source IP address to various servers on the Internet, which will then direct their responses to that address instead of the real sender. The spoofed IP address is that of the intended victim.To read this article in full or to leave a comment, please click here

What’s the one thing Amazon will not manufacture? Guns

Amazon Web Services CEO Andy Jassy made some bold claims about the cloud computing market during a Q&A with the Wall Street Journal this week and left open the possibility for Amazon to enter almost any new market, except for one.In response to a question about if there’s anything Amazon would not make, Jassy reportedly responded: “Manufacturing guns.”+MORE AT NETWORK WORLD: What's behind Amazon, Microsoft and Google's aggressive cloud expansions? Check out our interactive map to find out +To read this article in full or to leave a comment, please click here

FBI snags group that allegedly pinched 23,000 or $6.7 million worth of iPhones

The FBI today said it had arrested a group of men in connection with the theft of 23,000 Apple iPhones from a cargo area at the Miami International Airport in April.The stolen iPhones were worth approximately $6.7 million and the arrests of Yoan Perez, 33; Rodolfo Urra, 36; Misael Cabrera, 37; Rasiel Perez, 45; and Eloy Garcia, 42 were all made at the suspect’s residences throughout Miami Dade County, the FBI said. These subjects are in federal custody and are facing federal charges. Their initial appearances are expected to be in federal court in Miami.+More on Network World: US Senator wants to know why IoT security is so anemic+To read this article in full or to leave a comment, please click here

FBI snags group that allegedly pinched 23,000 or $6.7 million worth of iPhones

The FBI today said it had arrested a group of men in connection with the theft of 23,000 Apple iPhones from a cargo area at the Miami International Airport in April.The stolen iPhones were worth approximately $6.7 million and the arrests of Yoan Perez, 33; Rodolfo Urra, 36; Misael Cabrera, 37; Rasiel Perez, 45; and Eloy Garcia, 42 were all made at the suspect’s residences throughout Miami Dade County, the FBI said. These subjects are in federal custody and are facing federal charges. Their initial appearances are expected to be in federal court in Miami.+More on Network World: US Senator wants to know why IoT security is so anemic+To read this article in full or to leave a comment, please click here

The PDF format finally reaches 2.0 release

Twenty-three years after Adobe Systems introduced the Portable Document Format (PDF), the format is finally getting a significant makeover. The new release will be available some time next year. So, what can expect after all this time? PDF was designed as a way to make formatted documents, such as contracts, available as electronic images without requiring them to be printed. What started as merely a static image when introduced in 1993 has grown into an industry standard that is modifyable, so people can PDF-fill forms on their computers, and capable of being generated by a wide variety of applications.A BPI Network report called "Dealing With Document Deluge and Danger" (available as a PDF, of course) states some 2.5 trillion PDFs are generated every year, and about 90 percent of survey respondents describe themselves and their co-workers as "PDF-dependent." So, PDF has become integral in the lives of many people and businesses. To read this article in full or to leave a comment, please click here

Worth Reading: The hidden world of news cameras

Most professional photographers are familiar with the fact that their cameras embed a wealth of metadata hidden in the images they create in formats like EXIF, IPTC and XMP. This metadata typically records the camera, lens and flash settings used to create the photograph, reflecting whether the image is a close-up macro portrait or a distant zoom lens shot. Yet, the fields can also contain textual descriptions of the image written by the photographer, authorship information, subject keywords, GPS coordinates, the names of public figures and events depicted in the image and a myriad other pieces of information that allow the image to be easily cataloged and searched. —Forbes

LinkedInTwitterGoogle+Facebook

The post Worth Reading: The hidden world of news cameras appeared first on 'net work.

Samy Kamkar hacks IoT security camera to show exploitable dangers to enterprise

ForeScout Technologies released an “IoT Enterprise Risk Report” (pdf) which identified seven IoT devices that can be hacked in as little as three minutes: IP-connected security systems, smart HVACs and energy meters, VoIP phones, connected printers, video conferencing systems, smart light bulbs and smart refrigerators. Although the hack might only take a few minutes to pull off, it might take weeks to find and fix.Other “key findings” of the report include: Should any of these devices become infected, hackers can plant backdoors to create and launch an automated IoT botnet DDoS attack. Cybercriminals can leverage jamming or spoofing techniques to hack smart enterprise security systems, enabling them to control motion sensors, locks and surveillance equipment. With VoIP phones, exploiting configuration settings to evade authentication can open opportunities for snooping and recording of calls. Via connected HVAC systems and energy meters, hackers can force critical rooms (e.g. server rooms) to overheat critical infrastructure and ultimately cause physical damage. Potential scenarios for after an IoT device is hacked include using compromised smart video conferencing systems for spying via camera and microphone, disabling security cameras to allow physical break-ins, snooping on calls via VoIP phones and snagging private company Continue reading

Samy Kamkar hacks IoT security camera to show exploitable dangers to enterprise

ForeScout Technologies released an “IoT Enterprise Risk Report” (pdf) which identified seven IoT devices that can be hacked in as little as three minutes: IP-connected security systems, smart HVACs and energy meters, VoIP phones, connected printers, video conferencing systems, smart light bulbs and smart refrigerators. Although the hack might only take a few minutes to pull off, it might take weeks to find and fix.Other “key findings” of the report include: Should any of these devices become infected, hackers can plant backdoors to create and launch an automated IoT botnet DDoS attack. Cybercriminals can leverage jamming or spoofing techniques to hack smart enterprise security systems, enabling them to control motion sensors, locks and surveillance equipment. With VoIP phones, exploiting configuration settings to evade authentication can open opportunities for snooping and recording of calls. Via connected HVAC systems and energy meters, hackers can force critical rooms (e.g. server rooms) to overheat critical infrastructure and ultimately cause physical damage. Potential scenarios for after an IoT device is hacked include using compromised smart video conferencing systems for spying via camera and microphone, disabling security cameras to allow physical break-ins, snooping on calls via VoIP phones and snagging private company Continue reading

1 2,158 2,159 2,160 2,161 2,162 3,354