New Android Trojan SpyNote leaks on underground forums

A new and potent Android Trojan has been leaked on several underground forums, making it available for free to less resourceful cybercriminals who are now likely to use it in attacks.The Trojan app is called SpyNote and allows hackers to steal users' messages and contacts, listen in on their calls, record audio using the device's built-in microphone, control the device camera, make rogue calls and more.According to researchers from Palo Alto Networks, SpyNote does not require root access to a device, but does prompt users for a long list of permissions on installation. The Trojan can also update itself and install other rogue applications on the device.To read this article in full or to leave a comment, please click here

New Android Trojan SpyNote leaks on underground forums

A new and potent Android Trojan has been leaked on several underground forums, making it available for free to less resourceful cybercriminals who are now likely to use it in attacks.The Trojan app is called SpyNote and allows hackers to steal users' messages and contacts, listen in on their calls, record audio using the device's built-in microphone, control the device camera, make rogue calls and more.According to researchers from Palo Alto Networks, SpyNote does not require root access to a device, but does prompt users for a long list of permissions on installation. The Trojan can also update itself and install other rogue applications on the device.To read this article in full or to leave a comment, please click here

Telco central offices could be in for open source makeover

A first-of-its-kind gathering dedicated to re-inventing telco central offices as open source-infused data centers will take place on Friday at Google's Sunnyvale Tech Campus. CORD The CORD Summit, hosted by the Open Networking Lab (On.Lab) and The Linux Foundation, promotes the use of technologies such as Network Functions Virtualization (NFV), software-defined networking (SDN) and the cloud "to bring datacenter economics and cloud agility to service providers' Central Office." CORD is kind of an acronym for Central Office Re-architected as a Datacenter, and is designed to benefit enterprise, residential and wireless networks. A mini version of this event was held in March as part of the broader Open Networking Summit.To read this article in full or to leave a comment, please click here

Telco central offices could be in for open source makeover

A first-of-its-kind gathering dedicated to re-inventing telco central offices as open source-infused data centers will take place on Friday at Google's Sunnyvale Tech Campus. CORD The CORD Summit, hosted by the Open Networking Lab (On.Lab) and The Linux Foundation, promotes the use of technologies such as Network Functions Virtualization (NFV), software-defined networking (SDN) and the cloud "to bring datacenter economics and cloud agility to service providers' Central Office." CORD is kind of an acronym for Central Office Re-architected as a Datacenter, and is designed to benefit enterprise, residential and wireless networks. A mini version of this event was held in March as part of the broader Open Networking Summit.To read this article in full or to leave a comment, please click here

Telco central offices could be in for open source makeover

A first-of-its-kind gathering dedicated to re-inventing telco central offices as open source-infused data centers will take place on Friday at Google's Sunnyvale Tech Campus. CORD The CORD Summit, hosted by the Open Networking Lab (On.Lab) and The Linux Foundation, promotes the use of technologies such as Network Functions Virtualization (NFV), software-defined networking (SDN) and the cloud "to bring datacenter economics and cloud agility to service providers' Central Office." CORD is kind of an acronym for Central Office Re-architected as a Datacenter, and is designed to benefit enterprise, residential and wireless networks. A mini version of this event was held in March as part of the broader Open Networking Summit.To read this article in full or to leave a comment, please click here

Inside Dyn Research: North Korea

Last week I published a blog that discussed the role Dyn has played in major international news stories. This week I’ve decided to pull back the curtain a bit and give you an in-depth look into how something like this goes down.

This past month you may have read in publications like Vice, NBC or Bloomberg about a Facebook clone operating out of North Korea. You may have also noticed that it was our research team that first discovered this. Finally, you probably asked: how did they see this and why does Dyn care about Kim Jong-un and social networks?

I can answer the latter question first. At Dyn we are passionate about the performance of the internet. We believe the internet is a tool with unlimited potential. What is fascinating though is that it is a flawed tool. The internet by its very nature is volatile. There are outages and threats happening every day. It is up to the companies who want to use this tool to understand this volatility and prepare for it. At Dyn we believe with the right Internet Performance Management strategy you can own the Internet.

But to do that you must know the issues. Continue reading

Onyx: A Star Trek-like communication badge solution in search of a problem

Fans of Star Trek know that its communicator device was iconic. Whether it was Captain Kirk on the original series asking Scotty for a beam-up (he never actually did say, “Beam me up, Scotty”), or Captain Picard tapping on his Starfleet insignia badge asking for a status report from Engineering, this was the way that instant voice communication would work in “the future.”Many devices seen on these shows have evolved into real-life products. While the communicator that Kirk used evolved into the flip-phone (which then evolved into the smartphone), the badge that Picard wore hasn’t hit the mainstream. Over the years I’ve seen a few products attempt to recreate this device (one company had success deploying a badge-like system via Wi-Fi, geared towards hospital doctors and nurses), but there hasn’t been a popular badge-like device.To read this article in full or to leave a comment, please click here

IDG Contributor Network: Service providers see opportunity in enterprise WLANs

Somewhere there’s an alternate universe where service providers are so effective that they dominate the enterprise communications market.In that world: What cannot be delivered remotely over fiber, wires or wireless—a pervasive, shared communications grid—is installed on site and managed remotely by service provider engineers. Small businesses and large enterprises requiring wired or wireless communications look to these large service providers because they deliver all required services at the lowest cost, with high reliability and national reach. At the end of the month, a single bill covers all services consumed.+ Also on Network World: IoT-dedicated networks beginning to rollout +To read this article in full or to leave a comment, please click here

IDG Contributor Network: Attack attribution does little to improve enterprise security

After every major data breach, the security community engages in a game of whodunit and attempts to figure out what entity or nation state carried out the attack. The North Koreans were behind the Sony breach, while China carried out the attack on the Office of Personnel Management (OPM). Meanwhile, hackers linked to the Iranian government hacked a small dam in New York as well as the networks of AT&T, Bank of America and the New York Stock Exchange, among other major U.S. businesses. And now Russia is being singled out for supporting hackers who infiltrated the Democratic National Committee’s computers and disclosed sensitive files and emails.To read this article in full or to leave a comment, please click here

IDG Contributor Network: Attack attribution does little to improve enterprise security

After every major data breach, the security community engages in a game of whodunit and attempts to figure out what entity or nation state carried out the attack. The North Koreans were behind the Sony breach, while China carried out the attack on the Office of Personnel Management (OPM). Meanwhile, hackers linked to the Iranian government hacked a small dam in New York as well as the networks of AT&T, Bank of America and the New York Stock Exchange, among other major U.S. businesses. And now Russia is being singled out for supporting hackers who infiltrated the Democratic National Committee’s computers and disclosed sensitive files and emails.To read this article in full or to leave a comment, please click here

IDG Contributor Network: Fixing the perception that enterprise IT is irrelevant

Continuing perception of IT being slow to innovate is reflected in a new report from consultancy Accenture. IT is no longer the body sought out by executives to perform business transformations, research has found. And IT doesn’t have the skills to adapt successfully to an as-a-service environment either.As-a-service is a term for cloud, software, tech services and so on that is delivered on-demand over the internet.+ Also on Network World: The IT skills gap is a reality, but doesn’t have to be +To read this article in full or to leave a comment, please click here

There are mobile and IoT companion documents for the CIS (Top 20) Critical Security Controls

This column is available in a weekly newsletter called IT Best Practices.  Click here to subscribe.  Most people who have anything to do with cybersecurity are familiar with the Center for Internet Security (CIS) Critical Security Controls, also commonly known as the SANS Top 20, or more simply the Controls. This list consists of a recommended set of actions for cyber defense that provide specific and actionable ways to stop today's most pervasive and dangerous attacks.Implementing the Controls is no guarantee an organization will have a bullet-proof defensive posture, but it significantly reduces both the risk that a breach will happen and the impact to the organization if such an event were to occur. What's more, theControls constitute a minimum level of security that any organization that collects or maintains personal or sensitive information should meet.To read this article in full or to leave a comment, please click here

There are mobile and IoT companion documents for the CIS (Top 20) Critical Security Controls

This column is available in a weekly newsletter called IT Best Practices.  Click here to subscribe.  Most people who have anything to do with cybersecurity are familiar with the Center for Internet Security (CIS) Critical Security Controls, also commonly known as the SANS Top 20, or more simply the Controls. This list consists of a recommended set of actions for cyber defense that provide specific and actionable ways to stop today's most pervasive and dangerous attacks.Implementing the Controls is no guarantee an organization will have a bullet-proof defensive posture, but it significantly reduces both the risk that a breach will happen and the impact to the organization if such an event were to occur. What's more, theControls constitute a minimum level of security that any organization that collects or maintains personal or sensitive information should meet.To read this article in full or to leave a comment, please click here

Micro-segmentation with Service Insertion – NSX Securing “Anywhere” Part IV

NSX Service InsertionWelcome to part 4 in the Micro-Segmentation Defined– NSX Securing “Anywhere”  blog series. Today we will cover the role of NSX as a foundational security platform through NSX Micro-segmentation with Service Insertion. Previous topics covered in this series includes

This blog covers the following topics:

  1. Defining Service Insertion
  2. The Role of Service Insertion in Micro-segmentation
  3. Network and Guest Introspection
  4. NSX Service Insertion

Defining Service Insertion

In modern datacenters, network and compute services either have been or are being decoupled from the physical appliances on which they have traditionally run. In the past, a datacenter service required traffic to be steered through a series of such appliances in order to be serviced appropriately, through services such as firewalls, intrusion detection and prevention, and load balancing services. As infrastructure services transition from physical appliances to software functions, it becomes possible to deploy these services with greater granularity by inserting them into a specific forwarding path. Combining multiple functions in this manner is generally referred to as a service chain or service graph.

service insertion-Picture1aFigure 1: Two distinct service chains utilizing different functions

Once infrastructure Continue reading

IBM’s Cloud CTO: ‘We’re in this game to win’

IBM saw from the get-go that the cloud was going to cause a major disruption to its business. "We knew it was a massive opportunity for IBM, but not in a way that necessarily fit our mold," said Jim Comfort, who is now CTO for IBM Cloud. "Every dimension of our business model would change -- we knew that going in." Change they have, and there's little denying that the cloud businesses is now a ray of sunshine brightening IBM's outlook as its legacy businesses struggle. In its second-quarter earnings report last week, cloud revenue was up 30 percent for the quarter year over year, reaching $11.6 billion over the preceding 12 months. Revenue from systems hardware and operating systems software, on the other hand, was down more than 23 percent.To read this article in full or to leave a comment, please click here

CSC announces layoffs in advance of HPE merger

Computer Sciences Corp. is laying off workers as it shifts some work overseas, according to a federal application for employment benefits.A federal Trade Adjustment Act (TAA) benefit application, filed on July 14, claims "CSC merging with HP (Hewlett-Packard Enterprise) caused services to be shifted to India. This included teleworkers in the US."It says 500 workers are affected. The types of jobs are not described.In May, Hewlett-Packard Enterprise announced it would spin off its enterprise services business and merge it with CSC. This combined entity will have about $26 billion in revenue.To read this article in full or to leave a comment, please click here

Microsoft will cut 2,850 more jobs by the end of the year

Satya Nadella isn't stopping the job cuts train at Microsoft any time soon. The company revealed Thursday that 2,850 people will lose their jobs by the middle of 2017, on top of the 1,850 cuts announced earlier this year.According to a regulatory filing, those impacted will primarily be in its phone hardware business, which has already been hit hard by layoffs, and in global sales.The cuts are more fallout from Microsoft's decision to downsize its smartphone business, which it acquired from Nokia in 2015. Putting that acquisition in motion was one of the last things that former Microsoft CEO Steve Ballmer did before announcing that he would be leaving the company's top job. His successor hasn't taken the same shine to the phone hardware business that Microsoft bought.To read this article in full or to leave a comment, please click here