Cerber ransomware kills database connections to access important data

In order to encrypt some of the most important data stored on computers and servers, the Cerber ransomware now tries to kill processes associated with database servers.The goal for ransomware programs is to affect as many valuable files as possible in order to increase the chance that affected users will pay to have them restored. For consumers these files are things like personal photos, videos, documents and even game saves, but for businesses, its usually data stored in databases.The problem for hackers is that write access to database files can be blocked by the OS if they're already being used by other processes, which prevents the ransomware program from encrypting them.To read this article in full or to leave a comment, please click here

Cerber ransomware kills database connections to access important data

In order to encrypt some of the most important data stored on computers and servers, the Cerber ransomware now tries to kill processes associated with database servers.The goal for ransomware programs is to affect as many valuable files as possible in order to increase the chance that affected users will pay to have them restored. For consumers these files are things like personal photos, videos, documents and even game saves, but for businesses, its usually data stored in databases.The problem for hackers is that write access to database files can be blocked by the OS if they're already being used by other processes, which prevents the ransomware program from encrypting them.To read this article in full or to leave a comment, please click here

Level 3 blames huge network outage on human error

Level 3 Communications has cited a "configuration error" as the root cause of its nationwide network outage on Tuesday.Here's the public statement issued by the Broomfield, Colo., service provider: On October 4, our voice network experienced a service disruption affecting some of our customers in North America due to a configuration error. We know how important these services are to our customers. As an organization, we’re putting processes in place to prevent issues like this from recurring in the future. We were able to restore all services by 9:31 a.m. Mountain time. (UPDATED on Oct. 14, 2016) Level 3 got more specific with customers, issuing a Reason for Outage (RFO) Summary (shared by a Network World reader) headlined "Repair Area: Human Error Occurrence" and that read in part: "Investigations revealed that an improper entry was made to a call routing table during provisioning work being performed on the Level 3 network. This was the configuration chane that led to the outage. The entry did not specify a telephone number to limit the configuration change to, resulting in non-subscriber country code +1 calls to be releaed while the entry remained present. The configuration adjustments deleted this entry to Continue reading

Level 3 blames huge network outage on unspecified configuration error

Level 3 Communications has cited an unspecified "configuration error" as the root cause of its nationwide network outage on Tuesday.Here's the statement issued by the Broomfield, Colo., service provider: On October 4, our voice network experienced a service disruption affecting some of our customers in North America due to a configuration error. We know how important these services are to our customers. As an organization, we’re putting processes in place to prevent issues like this from recurring in the future. We were able to restore all services by 9:31 a.m. Mountain time. Social media sites such as Reddit and Twitter erupted on Tuesday morning with inquiries and complaints about the outage from Level 3 customers, as well as customers of other big carriers like AT&T and Verizon that were affected by the outage. Speculation for the outage ranged from possible fiber cuts to more outlandish theories.To read this article in full or to leave a comment, please click here

Carrier Ethernet – Definition | Service Types | Requirements

CARRIER ETHERNET DEFINITION Carrier Ethernet is an attempt to expand Ethernet beyond the borders of Local Area Network (LAN), into the Wide Area Networks (WAN). With Carrier Ethernet, customer sites are connected through the Wide Area Network. Carriers have connected the customers with ATM (Asynchronous Transfer Mode) and Frame Relay interfaces in the past. (User to Network Interface/UNI). […]

The post Carrier Ethernet – Definition | Service Types | Requirements appeared first on Cisco Network Design and Architecture | CCDE Bootcamp | orhanergun.net.

Q&A: The myths and realities of hacking an election

Election hacking has become a key topic during this year's presidential elections, more so now that candidates and voters are being actively targeted by actors that are assumed to be acting with Russian support. In this modified edition of CSO Online's Hacked Opinions series, we explore the myths and realities of hacking an election, by speaking with a number of security experts.Q: Can the national election really be hacked? If so, how? "It’s unlikely that the national election could really be hacked to alter the outcome. Voter registration databases have recently proven vulnerable, but adding, modifying, or deleting records doesn’t produce the intended effect (changed outcome); it just raises questions about the integrity of the database on election day," said Levi Gundert, CP of Intelligence and Strategy, Recorded Future.To read this article in full or to leave a comment, please click here

Hacking an election is about influence and disruption, not voting machines

Every time there's an election, the topic of hacking one comes to the surface. During a presidential election, that conversation gets louder. Yet, even the elections held every two years see some sort of vote hacking coverage. But can you really hack an election? Maybe, but that depends on your goals.The topic of election hacking is different this year, and that's because someone is actually hacking political targets. Adding fuel to the fire, on Aug. 12, 2016, during an event in Pennsylvania, Donald Trump warned the crowd that if he loses the battleground state, it's because the vote was rigged.To read this article in full or to leave a comment, please click here

One election-system vendor uses developers in Serbia

Voting machines are privately manufactured and developed and, as with other many other IT systems, the code is typically proprietary.The use of proprietary systems in elections has its critics. One Silicon Valley group, the Open Source Election Technology Foundation, is pushing for an election system that shifts from proprietary, vendor-owned systems to one that that is owned "by the people of the United States."To read this article in full or to leave a comment, please click here

If the election is hacked, we may never know

The upcoming U.S. presidential election can be rigged and sabotaged, and we might never even know it happened.This Election Day voters in 10 states, or parts of them, will use touch-screen voting machines with rewritable flash memory and no paper backup of an individual's vote; some will have rewritable flash memory. If malware is inserted into these machines that's smart enough to rewrite itself, votes can be erased or assigned to another candidate with little possibility of figuring out the actual vote.To read this article in full or to leave a comment, please click here

QoS – Quick Post on Low Latency Queuing

A friend was looking for some input on low latency queuing yesterday. I thought the exchange we had could be useful for others so I decided to write a quick post.

The query was where the rule about the priority queue being limited to 33% came from. The follow up question is how you handle dual priority queues.

This is one of those rules that are known as a best practice and doesn’t really get challenged. The rule is based on Cisco internal testing within technical marketing. Their testing showed that data applications suffered when the LLQ was assigned a to large portion of the available bandwidth. The background to this rule is that you have a converged network running voice, video and data. It is possibly to break this rule if you are delivering a pure voice or pure video transport where the other traffic in place is not business critical. Other applications are likely to suffer if the LLQ gets too big and if everything is priority then essentially nothing is priority. I have seen implementations using around 50-55% LLQ for VoIP circuits which is a reasonable amount.

How should dual LLQs be deployed? The rule still applies. Continue reading

3 nightmare election hack scenarios

The question on the mind of many voting security experts is not whether hackers could disrupt a U.S. election. Instead, they wonder how likely an election hack might be and how it might happen. The good news is a hack that changes the outcome of a U.S. presidential election would be difficult, although not impossible. First of all, there are technology challenges -- more than 20 voting technologies are used across the country, including a half dozen electronic voting machine models and several optical scanners, in addition to hand-counted paper ballots. But the major difficulty of hacking an election is less a technological challenge than an organizational one, with hackers needing to marshal and manage the resources needed to pull it off, election security experts say. And a handful of conditions would need to fall into place for an election hack to work.To read this article in full or to leave a comment, please click here

Hacked voter registration systems: a recipe for election chaos

How do you disrupt the U.S. election? Hacking a voter registration database could very well do just that. Imagine thousands or even millions of citizens' names mysteriously disappearing from a database. Then when election day comes along, they find out they aren't registered to vote.   Some security experts warn that this scenario isn't totally far-fetched and could deny citizens from casting ballots. "If that happens to a few voters here and a few there, it's not a big deal," said Dan Wallach, a professor at Rice University who studies electronic voting systems. "If that happens to millions of voters, the processes and procedures we have would grind to a halt."To read this article in full or to leave a comment, please click here

5 ways to improve voting security in the US

With the U.S. presidential election just weeks away, questions about election security continue to dog the nation's voting system. It's too late for election officials to make major improvements, "and there are no resources," said Joe Kiniry, a long-time election security researcher. However, officials can take several steps for upcoming elections, security experts say. "Nobody should ever imagine changing the voting technology used this close to a general election," said Douglas Jones, a computer science professor at the University of Iowa. "The best time to buy new equipment would be in January after a general election, so you've got almost two years to learn how to use it."To read this article in full or to leave a comment, please click here

IDG Contributor Network: Building an insider threat program that works — Part 2

Organizations attempting to implement a world-class insider threat program have learned from experience what doesn't work well (see Part I of this post). As a result, they have a better sense of what they require to prevail in today's evolving insider threat landscape.There is an emerging consensus that any world-class insider threat program must have the following three core characteristics:1. Preventive: Organizations want more than just a threat detection system that tells them an attack has already taken place. They need an early-warning system that allows them to prevent insider threat events through a comprehensive threat assessment framework that leverages all available internal and external data and produces far fewer false negatives and positives.To read this article in full or to leave a comment, please click here

1 2,625 2,626 2,627 2,628 2,629 3,845