The latest ransomware threat: Doxware

This vendor-written tech primer has been edited by Network World to eliminate product promotion, but readers should note it will likely favor the submitter’s approach.

As if ransomware wasn’t bad enough, there is a new twist called doxware.  The term "doxware" is a combination of doxing — posting hacked personal information online — and ransomware. Attackers notify victims that their sensitive, confidential or personal files will be released online. If contact lists are also stolen, the perpetrators may threaten to release information to the lists or send them links to the online content.

Doxware and ransomware share some similarities. They both encrypt the victim's files, both include a demand for payment, and both attacks are highly automated. However, in a ransomware attack, files do not have to be removed from the target; encrypting the files is sufficient. A doxware attack is meaningless unless the files are uploaded to the attacker's system. Uploading all of the victim's files is unwieldy, so doxware attacks tend to be more focused, prioritizing files that include trigger words such as confidential, privileged communication, sensitive or private. 

To read this article in full or to leave a comment, please click here

The latest ransomware threat: Doxware

This vendor-written tech primer has been edited by Network World to eliminate product promotion, but readers should note it will likely favor the submitter’s approach.As if ransomware wasn’t bad enough, there is a new twist called doxware.  The term "doxware" is a combination of doxing — posting hacked personal information online — and ransomware. Attackers notify victims that their sensitive, confidential or personal files will be released online. If contact lists are also stolen, the perpetrators may threaten to release information to the lists or send them links to the online content.Doxware and ransomware share some similarities. They both encrypt the victim's files, both include a demand for payment, and both attacks are highly automated. However, in a ransomware attack, files do not have to be removed from the target; encrypting the files is sufficient. A doxware attack is meaningless unless the files are uploaded to the attacker's system. Uploading all of the victim's files is unwieldy, so doxware attacks tend to be more focused, prioritizing files that include trigger words such as confidential, privileged communication, sensitive or private. To read this article in full or to leave a comment, please click here

Securing Electronic Healthcare Records: The New Frontier

We didn’t find any medical sutures or gauze at HIMSS last week, but there sure was a lot of talk about the future of healthcare IT security. The status of electronic health record (EHR) security as a hot topic is clear, too: patient information is increasingly being moved to electronic form in order for healthcare organizations to increase clinician efficiency and remain compliant, but as we’ve seen in other industries, electronic information is difficult to keep safe. EHR data contains our medical identities, complete with medical histories, address histories, extended family names and histories, and more, making it a prime target for bad actors attempting to steal personal information.

What is the current threat landscape for this EHR data? A recent Accenture survey found approximately 26 percent of Americans have been impacted by a healthcare data breach. To combat the rise in healthcare cyber attacks, health providers are looking to IT for infrastructure and application support that prioritizes data security while continuing to maximize clinician workflow efficiency and drive better patient outcomes.

That’s where VMware NSX comes in. NSX empowers healthcare organizations to secure the infrastructure that EHR systems and other critical care applications live on. This ensures the healthcare Continue reading

SHA-1 collision can break SVN code repositories

A recently announced SHA-1 collision attack has the potential to break code repositories that use the Subversion (SVN) revision control system. The first victim was the repository for the WebKit browser engine that was corrupted after someone committed two different PDF files with the same SHA-1 hash to it.The incident happened hours after researchers from Google and Centrum Wiskunde & Informatica (CWI) in the Netherlands announced the first practical collision attack against the SHA-1 hash function on Thursday. Their demonstration consisted of creating two PDF files with different contents that had the same SHA-1 digest.To read this article in full or to leave a comment, please click here

SHA-1 collision can break SVN code repositories

A recently announced SHA-1 collision attack has the potential to break code repositories that use the Subversion (SVN) revision control system. The first victim was the repository for the WebKit browser engine that was corrupted after someone committed two different PDF files with the same SHA-1 hash to it.The incident happened hours after researchers from Google and Centrum Wiskunde & Informatica (CWI) in the Netherlands announced the first practical collision attack against the SHA-1 hash function on Thursday. Their demonstration consisted of creating two PDF files with different contents that had the same SHA-1 digest.To read this article in full or to leave a comment, please click here

The Perfect and the Good

Perfect and good: one is just an extension of the other, right?

When I was 16 (a long, long, long time ago), I was destined to be a great graphis—a designer and/or illustrator of some note. Things didn’t turn out that way, of course, but the why is a tale for another day. At any rate, in art class that year, I took an old four foot spool end, stretched canvas across it, and painted a piece in acrylic. The painting was a beach sunset, the sun’s oblong shape offsetting the round of the overall painting, with deep reds and yellows in streaks above the beach, which was dark. I painted the image as if the viewer were standing just on the break at the top of the beach, so there was a bit of sea grass scattered around to offset the darkness of the beach.

And, along one side, a rose.

I really don’t know why I included the rose; I think I just wanted to paint one for some reason, and it seemed like a good idea to combine the ideas (the sunset on the beach and the rose). I entered this large painting in a local Continue reading

SK Telecom pushes for interoperable quantum crypto systems

SK Telecom and Nokia have developed a prototype quantum cryptography system that combines the South Korean company's quantum key server with an encryption device from Nokia.The system, shown Monday at Mobile World Congress in Barcelona, was put together to demonstrate interoperability between the two vendors and comes as SK Telecom kicks off a push to get telecom carriers and equipment vendors working together on next-generation quantum-secured networks.Quantum cryptography involves the transmission of encryption keys across fiber optic networks. It relies on the principles of quantum mechanics to detect if an eavesdropper has viewed a key en route.To read this article in full or to leave a comment, please click here

SK Telecom pushes for interoperable quantum crypto systems

SK Telecom and Nokia have developed a prototype quantum cryptography system that combines the South Korean company's quantum key server with an encryption device from Nokia.The system, shown Monday at Mobile World Congress in Barcelona, was put together to demonstrate interoperability between the two vendors and comes as SK Telecom kicks off a push to get telecom carriers and equipment vendors working together on next-generation quantum-secured networks.Quantum cryptography involves the transmission of encryption keys across fiber optic networks. It relies on the principles of quantum mechanics to detect if an eavesdropper has viewed a key en route.To read this article in full or to leave a comment, please click here

SK Telecom pushes for interoperable quantum crypto systems

SK Telecom and Nokia have developed a prototype quantum cryptography system that combines the South Korean company's quantum key server with an encryption device from Nokia.The system, shown Monday at Mobile World Congress in Barcelona, was put together to demonstrate interoperability between the two vendors and comes as SK Telecom kicks off a push to get telecom carriers and equipment vendors working together on next-generation quantum-secured networks.Quantum cryptography involves the transmission of encryption keys across fiber optic networks. It relies on the principles of quantum mechanics to detect if an eavesdropper has viewed a key en route.To read this article in full or to leave a comment, please click here

Research: The Business Bene ts of Automation and Orchestration – Cisco

Whitepaper from Cisco SPBU that nicely sums the advantages of orchestration and automation. Although its focussed on the service provider market, you could easily use this for an Enterprise proposal and make the case.

The overall savings in time and motions ranged from 60 to 70 percent, with the related OpEx avoidance from 50 to 70 percent. Over five years, that translated to an ROI of 383 percent and savings of $3 to $16.7 million for Tier 3 to 5 providers. The data for Tier 1 and 2 operators shows an estimated savings over five years that exceed $70 million.

Link: The Business Bene ts of Automation and Orchestration – http://www.cisco.com/c/dam/en/us/products/collateral/cloud-systems-management/network-services-orchestrator/white-paper-c11-738289.pdf

The post Research: The Business Bene ts of Automation and Orchestration – Cisco appeared first on EtherealMind.

IDG Contributor Network: 5 ecommerce fraud predictions for 2017

As the number of consumers turning to online shopping increases, the rise of online fraud is also rising.Those committing internet crimes are depriving their victims of either funds, interests, personal property and/or sensitive data. As the threat escalates, consumers and companies alike are seeking various methods to tackle the phenomenon.Ecommerce fraud has a long and controversial history. Thus, providing a forecast for the months ahead can help retailers adopt an adequate solution to confront the many challenges in 2017.1. Identity theft and friendly fraud The main threat will remain identity theft. Fraudsters will seek your personal information. Their main goal is to use a different identity and, for example, place an online order. Identity theft also includes a concept known as man-in-the-middle attacks where credit-card data is intercepted and copied as it is transferred online. To read this article in full or to leave a comment, please click here

IDG Contributor Network: 5 ecommerce fraud predictions for 2017

As the number of consumers turning to online shopping increases, the rise of online fraud is also rising.Those committing internet crimes are depriving their victims of either funds, interests, personal property and/or sensitive data. As the threat escalates, consumers and companies alike are seeking various methods to tackle the phenomenon.Ecommerce fraud has a long and controversial history. Thus, providing a forecast for the months ahead can help retailers adopt an adequate solution to confront the many challenges in 2017.1. Identity theft and friendly fraud The main threat will remain identity theft. Fraudsters will seek your personal information. Their main goal is to use a different identity and, for example, place an online order. Identity theft also includes a concept known as man-in-the-middle attacks where credit-card data is intercepted and copied as it is transferred online. To read this article in full or to leave a comment, please click here

How to remain relevant in a changing IT world

Brian LeClaire exercises, in his words, “like there’s no tomorrow.”And while he does, LeClaire tracks his workout stats through Polar and FitBit workout devices, which tie back to Go365, Humana’s new health and wellness app. The more his heart rate hits, say, 60 percent of its maximum for 30 minutes, the more rewards he reaps.[ Related: Fitness apps moving up to the big leagues ]But this isn’t some executive perk: Go365 is one of the latest initiatives that Humana, the $54-billion healthcare insurance provider, has launched in its ongoing focus on customer experience driven by technology. Humana, like its major competitors in the healthcare space, have faced monumental challenges in recent years as both current and potential customers have begun demanding that their providers offer services that mirror the technology they use in their personal lives.To read this article in full or to leave a comment, please click here

Save 38% on the TP-LINK Wi-Fi Smart Plug, Works with Amazon Alexa – Deal Alert

The TP-LINK HS100 smart plug is quite simply a power outlet that you can control from anywhere. Using your smartphone, you can turn devices on & off, set programs to turn them on & off at set times while you're away, or engage a "countdown timer" which powers the switch off after a set amount of time. Installation is simple -- just plug a device into your smart plug and connect to your wifi network. The HS100 is also compatible with Amazon Alexa, for voice control. Buy multiple plugs and get creative.To read this article in full or to leave a comment, please click here

The 3 biggest challenges facing augmented reality

Until the massive success of Pokémon Go in 2016 when augmented reality (AR) was catapulted into the public’s consciousness, AR was overshadowed by its cousin, virtual reality (VR). Many were more optimistic about the applications of virtual reality compared to augmented reality.  However, as AR and VR have evolved over the past year, it has become evident that AR offers more practical daily use cases. From retail to education to manufacturing, AR is positioned to drive business value across sectors. With that, there are still several challenges that lie ahead for the mass adoption of AR in the short term. Here's a look at three:1. Augmented reality hardware Today, no AR headsets are available for consumers. Microsoft HoloLens and Meta 2 have released developer versions, but they have not yet announced when we can expect their devices to ship to consumers. Even more, HoloLens and Meta still boast hefty price tags at $3,000 and $949, respectively. To read this article in full or to leave a comment, please click here

Cog Systems offers more secure version of HTC A9 smartphone

It sounds like a smartphone user's worst fear: Software that starts up before the phone's operating system, intercepting and encrypting every byte sent to or from the flash memory or the network interface. This is not some new kind of ransomware, though, this is the D4 Secure Platform from Cog Systems. The product grew out of custom security software the company developed for governments, and which it saw could also be put to use in the enterprise as a way to make smartphones more productive while still maintaining a high level of security. It includes a Type 1 hypervisor, a virtualized VPN and additional storage encryption that wrap the standard Android OS in additional layers of protection largely invisible to the end user.To read this article in full or to leave a comment, please click here

Cog Systems offers more secure version of HTC A9 smartphone

It sounds like a smartphone user's worst fear: Software that starts up before the phone's operating system, intercepting and encrypting every byte sent to or from the flash memory or the network interface. This is not some new kind of ransomware, though, this is the D4 Secure Platform from Cog Systems. The product grew out of custom security software the company developed for governments, and which it saw could also be put to use in the enterprise as a way to make smartphones more productive while still maintaining a high level of security. It includes a Type 1 hypervisor, a virtualized VPN and additional storage encryption that wrap the standard Android OS in additional layers of protection largely invisible to the end user.To read this article in full or to leave a comment, please click here

1 2,128 2,129 2,130 2,131 2,132 3,696