Non-malware attacks are on the rise

Security pros need to pay attention to malicious activities that don’t rely on actual malware to succeed, according to a study by Carbon Black.Attacks that exploited applications and processes legitimately running on systems – non-malware incidents – have risen from representing about 3% of all attacks in January to about 13% in November, the company’s “Non-malware attacks and ransomware take center stage in 2016” report says.“Non-malware attacks are at the highest levels we have seen and should be a major focus for security defenders during the coming year,” it says.The research included data from more than 1,000 Carbon Black customers that represent 2.5 million-plus endpoints. For measuring the non-malware attacks, the authors considered the malicious use of PowerShell and Windows Management Instrumentation were considered.To read this article in full or to leave a comment, please click here

IDG Contributor Network: Five ways cybersecurity is nothing like the way Hollywood portrays it

According to pop culture’s portrayal of cybersecurity, the industry is hot property. Hacks and breaches not only dominate the real-world media, but they can be seen everywhere in TV and movies today.Granted, there have been some early examples of security issues playing a role in pop culture plot lines, such as the 1980s cult-classic Tron. But in recent years, Hollywood seems to have really picked up the mantle when it comes to cybersecurity. If the bright lights of TV and movies are to be believed, hackers are simultaneously the coolest and scariest people on the planet.Let’s take a look at five of the most common cybersecurity misperceptions as portrayed in TV shows and movies:To read this article in full or to leave a comment, please click here

IDG Contributor Network: Five ways cybersecurity is nothing like the way Hollywood portrays it

According to pop culture’s portrayal of cybersecurity, the industry is hot property. Hacks and breaches not only dominate the real-world media, but they can be seen everywhere in TV and movies today.Granted, there have been some early examples of security issues playing a role in pop culture plot lines, such as the 1980s cult-classic Tron. But in recent years, Hollywood seems to have really picked up the mantle when it comes to cybersecurity. If the bright lights of TV and movies are to be believed, hackers are simultaneously the coolest and scariest people on the planet.Let’s take a look at five of the most common cybersecurity misperceptions as portrayed in TV shows and movies:To read this article in full or to leave a comment, please click here

Worth Reading: The new security normal

Today, the industry average time for finding an active attacker is about five months, reflecting the colossal failure of conventional security. The state of the union for federal security is that few if any non-defense agencies can find an active attacker on their network. Most cannot find a network intruder or a malicious insider, such as a rogue employee or contractor, working to steal or damage information or assets. Consider that the National Security Agency, the Office of Personnel Management and the FBI were breached along top security vendors and agencies. —MarketWatch

LinkedInTwitterGoogle+Facebook

The post Worth Reading: The new security normal appeared first on 'net work.

Ransomware fighting coalition adds new members and decryption tools

The No More Ransom project, a coalition of law enforcement and security companies, has expanded with 30 new members and added 32 new decryption tools for various ransomware variants.The project, which consists of a website dedicated to fighting ransomware, was originally launched by Europol’s European Cybercrime Centre in partnership with the National High Tech Crime Unit of the Netherlands police, Kaspersky Lab, and Intel Security.The website has a tool that allows users to determine which type of ransomware has affected their files but also contains general information about ransomware, prevention advice, and instruction on reporting incidents to law enforcement.To read this article in full or to leave a comment, please click here

Ransomware fighting coalition adds new members and decryption tools

The No More Ransom project, a coalition of law enforcement and security companies, has expanded with 30 new members and added 32 new decryption tools for various ransomware variants.The project, which consists of a website dedicated to fighting ransomware, was originally launched by Europol’s European Cybercrime Centre in partnership with the National High Tech Crime Unit of the Netherlands police, Kaspersky Lab, and Intel Security.The website has a tool that allows users to determine which type of ransomware has affected their files but also contains general information about ransomware, prevention advice, and instruction on reporting incidents to law enforcement.To read this article in full or to leave a comment, please click here

Monitoring Linux services

Mainstream Linux distributions have moved to systemd to manage daemons (e.g. httpd, sshd, etc.). The diagram illustrates how systemd runs each daemon within its own container so that it can maintain tight control of the daemon's resources.

This article describes how to use the open source Host sFlow agent to gather telemetry from daemons running under systemd.

Host sFlow systemd monitoring exports a standard set of metrics for each systemd service - the sFlow Host Structures extension defines metrics for Virtual Nodes (virtual machines, containers, etc.) that are used to export Xen, KVM, Docker, and Java resource usage. Exporting the standard metrics for systemd services provides interoperability with sFlow analyzers, allowing them to report on Linux services using existing virtual node monitoring capabilities.

While running daemons within containers helps systemd maintain control of the resources, it also provides a very useful abstraction for monitoring. For example, a single service (like the Apache web server) may consist of dozens of processes. Reporting on container level metrics abstracts away the per-process details and gives a view of the total resources consumed by the service. In addition, service metadata (like the service name) provides a useful way of identifying and grouping Continue reading

Help light an IPv6-enabled Christmas tree

Posted to Reddit’s section devoted to networking by user felixdgniezno, this IPv6-enabled Christmas tree is garnering rave reviews from the kinds of people who read Reddit’s section devoted to networking and are amused by the notion of an IPv6-enabled Christmas tree.From the instructions found on the hosting site, which is located in Belgium, not surprisingly (I’ll explain why below): Ping it to light it up! 2001:6a8:28c0:2017::AA:BB:CC for HTML Color #AABBCC 2001:6a8:28c0:2017::FF:00:00 for color RED 2001:6a8:28c0:2017::00:FF:00 for color GREEN 2001:6a8:28c0:2017::00:00:FF for color BLUE 2001:6a8:28c0:2017::FF:FF:FF for color WHITE ... and so on...To read this article in full or to leave a comment, please click here

Help light an IPv6-enabled Christmas tree

Posted to Reddit’s section devoted to networking by user felixdgniezno, this IPv6-enabled Christmas tree is garnering rave reviews from the kinds of people who read Reddit’s section devoted to networking and are amused by the notion of an IPv6-enabled Christmas tree.From the instructions found on the hosting site, which is located in Belgium, not surprisingly (I’ll explain why below): Ping it to light it up! 2001:6a8:28c0:2017::AA:BB:CC for HTML Color #AABBCC 2001:6a8:28c0:2017::FF:00:00 for color RED 2001:6a8:28c0:2017::00:FF:00 for color GREEN 2001:6a8:28c0:2017::00:00:FF for color BLUE 2001:6a8:28c0:2017::FF:FF:FF for color WHITE ... and so on...To read this article in full or to leave a comment, please click here

Feds frustrated by constantly crashing apps

Imagine if Twitter was offline for an entire day. Sure, some might be happy for the break, but the uproar that would greet a day with no access to the internet's public square would no doubt be loud and angry.Within the federal government, however, seeing collaboration, communication and database applications go offline for a day or longer is commonplace, a new survey has found.[ Related: Not dead yet: 7 of the oldest federal IT systems still wheezing away ]To read this article in full or to leave a comment, please click here

Despite risk, 1,000 in tech pledge not to help Trump’s data efforts

As President-elect Donald Trump met with high-tech business leaders in New York on Wednesday, some of their employees were affirming, in tweets, a decision to join the resistance.The Neveragain.tech pledge passed more than 1,000 signatures, it announced late Wednesday, hours after Trump had wrapped up his meeting with a dozen tech executives. Participating in the pledge means agreeing not to help the government create a database that can be used to target people based on race or religion or "facilitate mass deportations."[To comment on this article, visit Computerworld's Facebook page.]To read this article in full or to leave a comment, please click here

FCC Chairman Wheeler to step down in January

U.S. Federal Communications Commission Chairman Tom Wheeler will step down on Jan. 20, clearing the way for President-elect Donald Trump to appoint a Republican chairman and majority at the agency.Wheeler, a Democrat appointed chairman by President Barack Obama in late 2013, was the architect of the FCC's strong net neutrality regulations, approved by the FCC in February 2015. Ajit Pai, a Republican commissioner who's mentioned as a possible successor to Wheeler, has vowed to repeal the net neutrality rules and to take a "weed wacker" to other FCC regulations.To read this article in full or to leave a comment, please click here

FCC Chairman Wheeler to step down in January

U.S. Federal Communications Commission Chairman Tom Wheeler will step down on Jan. 20, clearing the way for President-elect Donald Trump to appoint a Republican chairman and majority at the agency.Wheeler, a Democrat appointed chairman by President Barack Obama in late 2013, was the architect of the FCC's strong net neutrality regulations, approved by the FCC in February 2015. Ajit Pai, a Republican commissioner who's mentioned as a possible successor to Wheeler, has vowed to repeal the net neutrality rules and to take a "weed wacker" to other FCC regulations.To read this article in full or to leave a comment, please click here

IDG Contributor Network: Conversica raises truckloads of cash to apply AI

A year ago my inbox staggered under the barrage of vendors that promised to apply big data and predictive analytics to the sales and marketing departments within organizations. I spent a lot of time writing about the space, talking with the multitudinous vendors and expressing my view that there were way to many vendors doing essentially the same thing and making some pretty big claims about what they could actually achieve for their customers.This market seems to have simmered down, however, and I’ve not see a lot of predictive analytics activity in the space.But where one buzzword dies and leaves a vacuum, another is sure to arise. And it seems to be the case that artificial intelligence (AI) is that latest buzzword du jour. The number of vendors, both of a large and startup variety, who have been talking about AI in recent months is legion. And the reason for that sort of talk: Buzzwords generate interest and investment.To read this article in full or to leave a comment, please click here

1 2,438 2,439 2,440 2,441 2,442 3,832