Cybersecurity Industry News, 2/2016

Just five weeks into 2016 and it’s already been a busy year for the cybersecurity industry.  Here are just a few highlights so far:FireEye goes on a shopping spree. Ignoring Wall Street’s trepidation, FireEye continues to remain aggressive on the acquisition front by grabbing iSight Partners and Invotas.  With the addition of these two companies, FireEye can claim leadership in:  Threat intelligence.  FireEye/Mandiant was already strong in this area and with the addition of iSight, FireEye becomes the instant market leader.  FireEye already had a different view of threat intelligence, pivoting from cyber-adversaries (i.e. threat actors, TTPs, etc.) into the enterprise.  With this perspective, FireEye believes it can help customers anticipate attacks and become more proactive with prevention, detection, and response.  By adding iSight, FireEye attains a broader view of the threat landscape that can be integrated into its products and used to create a variety of threat intelligence services for enterprise and mid-market customers.  Oh, and let’s not forget that FireEye picks up a few hundred cybersecurity experts in the deal which is especially important given the acute global cybersecurity skills shortage.  This will certainly boost FireEye’s Continue reading

Worth Reading: Cisco/Arista Lawsuit

The dispute between Arista Networks and Cisco heated up this week. Arista, the target of a lawsuit by Cisco for the past year over claims of copyright and patent infringement, leveled its own countersuit. This countersuit claims that Cisco violated the Sherman Antitrust Act by encouraging the industry to use Cisco’s CLI commands as a standard, then turning around and suing companies that embraced that CLI standard. -va network computing

The post Worth Reading: Cisco/Arista Lawsuit appeared first on 'net work.

Serious flaws found in Netgear’s NMS300 network management system

Serious vulnerabilities in the Netgear NMS300 ProSafe network management system, an application used to discover, monitor and configure a wide range of network devices, can allow hackers to take control of the servers it's running on.The NMS300 can be installed on Windows XP, 7, 8, 10, as well as Windows Server 2003, 2008 and 2012. It allows network administrators to centrally manage network switches, routers, wireless access points, printers, network-attached storage systems, firewall appliances and other devices that support SNMP (Simple Network Management Protocol).The software is free for managing up to 200 devices and provides an easy-to-use Web graphical interface that can be accessed remotely.To read this article in full or to leave a comment, please click here

Serious flaws found in Netgear’s NMS300 network management system

Serious vulnerabilities in the Netgear NMS300 ProSafe network management system, an application used to discover, monitor and configure a wide range of network devices, can allow hackers to take control of the servers it's running on.The NMS300 can be installed on Windows XP, 7, 8, 10, as well as Windows Server 2003, 2008 and 2012. It allows network administrators to centrally manage network switches, routers, wireless access points, printers, network-attached storage systems, firewall appliances and other devices that support SNMP (Simple Network Management Protocol).The software is free for managing up to 200 devices and provides an easy-to-use Web graphical interface that can be accessed remotely.To read this article in full or to leave a comment, please click here

Research ‘net 0x1339ECC: The cloud begins with coal

So is reading a book on your e-reader really cheaper than reading it in hardback? I know I do most of my reading electronically now, but that’s mostly because I fly a lot and I don’t want to carry a lot of books, and because I find it faster to take notes (and find them later) in electronic formats. But cheaper? I doubt it, really. Consider this:

The information economy is a blue-whale economy with its energy uses mostly out of sight. Based on a mid-range estimate, the world’s Information-Communications-Technologies (ICT) ecosystem uses about 1,500 TWh of electricity annually, equal to all the electric generation of Japan and Germany combined — as much electricity as was used for global illumination in 1985. The ICT ecosystem now approaches 10% of world electricity generation. Or in other energy terms – the zettabyte era already uses about 50% more energy than global aviation. Reduced to personal terms, although charging up a single tablet or smart phone requires a negligible amount of electricity, using either to watch an hour of video weekly consumes annually more electricity in the remote networks than two new refrigerators use in a year. And as the world continues to Continue reading

Dell is stepping in to protect the boot layer of PCs, tablets

Dell's business laptops and tablets will get an extra layer of protection from hackers with a new security tool being loaded into the company's portable computers.The new Dell security tool focuses on protecting the boot layer so PC hardware or software don't malfunction. It secures the low-level UEFI (Unified Extensible Firmware Interface), which sits in a protected layer above the OS. An attack on this firmware can compromise a system at boot time.Hacking the firmware can cause the OS and hardware components to malfunction. Hackers have shown increasingly sophisticated ways in which the UEFI -- which has replaced the conventional BIOS -- can be infected with malware. To read this article in full or to leave a comment, please click here

What did we learn about cybersecurity in 2015?

A data breach can be the biggest kind of crisis an IT leader will have to face. And when an incident occurs, it’s an emergency situation – typically an all-hands-on-deck moment.After the dust settles, however, it’s time to determine what lessons were learned from the experience. Your organization may have escaped 2015 without a data breach. But that’s no guarantee that hackers, cybercriminals and others won’t turn their attention to your business soon.2015 by the numbers According to the Identity Theft Resource Center (ITRC), organizations around the world suffered over 700 data breaches in 2015. The attacks covered every sector and records were lost in many sectors. For 2015, the ITRC reports the following findings:To read this article in full or to leave a comment, please click here

Upcoming Event: Network Automation Workshop

I spent most of last year developing SDN-related content, resulting in pretty successful 2-day workshop and 20+ hours of online content. However, I fully agree with Matt Oswalt that network automation matters even more than lofty centralized ideas, so it was time to focus on that area.

As always, the easiest way to push yourself is to commit to a deadline, so I agreed to do a network automation workshop during the Troopers 16 event. Here’s what it will cover:

Read more ...

Study of another IP camera reveals serious problems

An in-depth analysis of yet another Internet-connected security camera has revealed a host of software problems.Alex Farrant and Neil Biggs, both of the research team for Context Information Security in the U.K, analyzed Motorola's Focus 73, an outdoor security camera. Images and video taken by the camera can be delivered to a mobile phone app.They found they could take control of the camera remotely and control its movement, redirect the video feed and figure out the password for the wireless network the device is connected to.One attack exploits a cross-site request forgery problem. It was possible to scan for camera connected to the Internet and then get a reverse root shell.To read this article in full or to leave a comment, please click here

Lawfare thinks it can redefine π, and backdoors

There is gulf between how people believe law to work (from watching TV shows like Law and Order) and how law actually works. You lawyer people know what I'm talking about. It's laughable.

The same is true of cyber: there's a gulf between how people think it works and how it actually works.

This Lawfare blogpost thinks it's come up with a clever method to get their way in the crypto-backdoor debate, by making carriers like AT&T responsible only for the what ("deliver interpretable signal in response to lawful wiretap order") without defining the how (crypto backdoors, etc.). This pressure would come in the form of removing current liability protections they now enjoy for not being responsible for what customers transmit across their network. Or as the post paraphrases the proposal:
Don’t expect us to protect you from liability for third-party conduct if you actively design your systems to frustrate government efforts to monitor that third-party conduct.
The post is proud of its own smarts, as if they've figured out how to outwit mathematicians and redefine pi (π). But their solution is nonsense, based on a hopelessly naive understanding of how the Internet works. It appears all Continue reading

Cisco-Jasper deal should make enterprise IoT safer

Cisco Systems' planned US$1.4 billion acquisition of Jasper Technologies could make it easier for enterprises to build businesses around services instead of products. While the Internet of Things includes sensors and devices that enterprises can use to better run their operations and cut costs, it can also give them whole new business models. Much of Jasper's business is connecting the products companies make to mobile networks. It sits between enterprises and mobile operators, doing the complicated work of tying IoT applications to network connections. Cisco builds a lot of the gear on the network side of that equation, plus higher-level smarts like analytics on the other end that can make IoT more effective and profitable. Bringing their capabilities together will simplify deployments that currently involve lots of different companies and pieces of software, the companies say.To read this article in full or to leave a comment, please click here

Comodo to fix major flaw in knock-off Chrome browser

Comodo will release an update Wednesday to fix a serious vulnerability in its web browser, which it markets as a way for users to enhance their security.Google engineer Tavis Ormandy found that the company's Chromodo browser disables the "same origin policy," one of the most basic tenets of web security, according to a writeup.To read this article in full or to leave a comment, please click here

1 3,066 3,067 3,068 3,069 3,070 3,753