Documents with malicious macros deliver fileless malware to financial-transaction systems

Spammed Word documents with malicious macros have become a popular method of infecting computers over the past few months. Attackers are now taking it one step further by using such documents to deliver fileless malware that gets loaded directly in the computer's memory.Security researchers from Palo Alto Networks analyzed a recent attack campaign that pushed spam emails with malicious Word documents to business email addresses from the U.S., Canada and Europe.The emails contained the recipients' names as well as specific information about the companies they worked for, which is not typical of widespread spam campaigns. This attention to detail lent more credibility to spam messages and made it more likely that victims would open the attached documents, the researchers said.To read this article in full or to leave a comment, please click here

Snuggling Up to Papers We Love – What’s Your Favorite Paper?


From a talk by @aysylu22 at QCon London on modern computer science applied to distributed systems in practice.

 

 

There has been a renaissance in the appreciation of computer science papers as a relevant source of wisdom for building today's complex systems. If you're having a problem there's likely some obscure paper written by a researcher twenty years ago that just might help. Which isn't to say there aren't problems with papers, but there's no doubt much of the technology we take for granted today had its start in a research paper. If you want to push the edge it helps to learn from primary research that has helped define the edge.

If you would like to share your love of papers, be proud, you are not alone:

Worth Listening: Aligning IT and the Business

To maximize the value that IT adds to our organizations, it’s critical for us to be cognizant of business requirements and to focus our technology capabilities on meeting them. It can be hard to keep this top of mind when racing against the clock to fix a network outage or meet a big project deadline. So right now, while you are listening to The Next Level, we’re going to hone in on the business end of IT and get strategies for how technology can be better put to business use. -via packet pushers

LinkedInTwitterGoogle+FacebookPinterest

The post Worth Listening: Aligning IT and the Business appeared first on 'net work.

An Abundance of Incident Response Bottlenecks

Manual processes represent a major incident response bottleneck at enterprise organizations.  Here are a few alarming data points from some recent ESG research (note: I am an ESG employee):1.       27% of enterprise organizations (i.e. those with more than 1,000 employees) spend at least 50% of their incident response time on manual processes like filling out paper work, finding a particular person, physically viewing multiple security management tools, etc.2.       93% of organizations believe that their incident response efficiency and effectiveness is limited by the time and effort required for manual processes.As if this wasn’t bad enough, IR process issues are exacerbated by a few other challenges:To read this article in full or to leave a comment, please click here

IDG Contributor Network: Phishers hit large Internet firms more than banks, among study findings

Google, Apple and Facebook were targeted by double the number of phishing sites as financial institutions, like banks and PayPal were in 2015, Webroot says in its latest annual briefing published in February.The reason for the dot-com thrust is so that the hackers can accumulate larger numbers of user IDs and passwords—many people on those sites use the same credentials across the Internet, Webroot explains. Attacking the Facebooks et al, garners “multiple compromised accounts with each phishing victim,” the security outfit says.To read this article in full or to leave a comment, please click here

4 reasons not to pay up in a ransomware attack

When a demand for your money or your data pops up on a critical system, you have only a short period of time to decide whether to respond to a ransomware attack.Online extortion is on the increase, as criminals use a variety of attack vectors, including exploit kits, malicious files, and links in spam messages, to infect systems with ransomware. Once all the files have been encrypted, victims can either try to recover the files on their own or pay the ransom. While there have been some exceptions, victims are seldom able to break the encryption and restore access. More often, successful circumvention of a ransomware attack involves wiping the affected systems and promptly restoring everything from clean backups.To read this article in full or to leave a comment, please click here

Defense in depth: Stop spending, start consolidating

When it comes to layered defense and security tools, less is often more just as more can sometimes be less. The average enterprise uses 75 security products to secure their network. That's a lot of noise and a lot of monitoring and testing for security practitioners. To make sure that the security tools not only work but work in harmony with each other, some security professionals recommend taking a closer look at the layers of the security ecosystem to eliminate redundancies that contribute to alert overload. There is a lot of threat intelligence information out there, and Stephan Chenette, CEO, AttackIQ said all of that threat information can be overwhelming. "They need to use the threat information to determine what is applicable to their organization and tailor it to their industry. Risk has a number of factors, not only the impact to organization but also the real probability of the threat," Chenette said.To read this article in full or to leave a comment, please click here

How to conduct a tabletop exercise

As you discovered in the first installment of this five-part series, tabletop exercises can be an important practical tool for reviewing and updating incident response plans. You should schedule them to correspond with yearly Incident Response (IR) plan reviews.When you use existing incident response measures as you play out tabletop data breaches, you uncover holes in IR that can amplify disaster when real data compromise hits the proverbial fan. Unexpected results in tabletop scenarios can foster positive change in IR planning to prepare the enterprise.To read this article in full or to leave a comment, please click here(Insider Story)

WiFi hotspot jamming: Just the data

Say you don't feel like plowing through my recent investigative report on "WiFi Hotspot Blocking Persists Despite FCC Crackdown." Maybe I can at least entice you to check out the infographic my colleague Steve Sauer assembled for that story, as well as the consumer complaints to the FCC themselves, which you can scroll through via the Scribd widget embedded below. Those complaints were gathered via a Freedom of Information Act (FOIA) request to the FCC in the wake of the agency fining Marriott and others big bucks for purposely blocking people's Wi-Fi hotspot devices.To read this article in full or to leave a comment, please click here

New products of the week 3.14.16

New products of the weekOur roundup of intriguing new products. Read how to submit an entry to Network World's products of the week slideshow.Thunder CFWKey features: Thunder CFW is the first converged security solution for service providers, cloud providers and large enterprises that includes a high-performance Gi / SGi firewall with integrated DDoS protection and carrier grade NAT and data center firewall with server load balancing and DDoS protection. Thunder CFW also includes a high-performance secure web gateway with integrated explicit proxy, URL filtering and SSL insight, IPSec site-to-site VPN and aGalaxy centralized management support. More info.To read this article in full or to leave a comment, please click here

Review: Consider VPN services for hotspot protection

Virtual private networks have many uses. Typically, businesses deploy VPNs so employees can securely access the corporate network from outside the office. However, we’ve seen a rise in third-party VPN services that use the same underlying technology, the encrypted tunnel, to simply provide a secure Internet connection. The main window of the Freedome Windows application shows a big circle which tells you the connection status and serves as a connect/disconnect button. On the sides of that, you see the amount of traffic you have sent/received and the number of harmful sites and tracking attempts blocked while connected to the service. Below you see the VPN location, which you can click on to change to one of 21 countries. You can’t choose the exact city, but can select available regions, such as West or East Coast of the U.S.To read this article in full or to leave a comment, please click here(Insider Story)

7 VPN services for hotspot protection

VPNsVirtual private networks (VPNs) have many uses. When connected to a VPN service, the websites you access think you’re at the location where the VPN server is located. This can help anonymize your Internet traffic so it’s much harder for websites to track your personal browsing history. This also allows you to access content that’s restricted where you are currently located, such as Netflix or Hulu when traveling overseas. We evaluated seven third-party VPN services. Here are the individual reviews: On our Android device, we installed the Avast SecureLine app, version 1.0.7704. By default, you only see a status icon for the app on the status bar of Android and on the notification drawer when you’re connected to the service. However, you can optionally enable the icon and notification to be present when disconnected as well. The Android app is also very simple. There’s no shortcut to any help or documentation within the Android app or Windows application, but it really isn’t needed given how simple the apps and service are. Additionally, your Internet traffic would be encrypted when you’re on unsecured Wi-Fi networks, such as public hotspots. This prevents local eavesdroppers from capturing your browsing history and logins. Continue reading

Review: Consider VPN services for hotspot protection

Virtual private networks have many uses. Typically, businesses deploy VPNs so employees can securely access the corporate network from outside the office. However, we’ve seen a rise in third-party VPN services that use the same underlying technology, the encrypted tunnel, to simply provide a secure Internet connection. Why would you ever need to do this? When connected to a VPN service, the websites you access think you’re at the location where the VPN server is located. This can help anonymize your Internet traffic so it’s much harder for websites to track your personal browsing history. This also allows you to access websites, services, and content that’s restricted where you are currently located, such as Netflix or Hulu when traveling overseas.To read this article in full or to leave a comment, please click here(Insider Story)

Kubernetes Authentication plugins and kubeconfig

Kubernetes offers several different authentication mechanisms or plugins.  The goal of this post is to review each of them and provide a brief example of how they work.  In addition, we’ll talk about the ‘kubeconfig’ file and how it’s used in association with authentication plugins.

Note: In theory there’s no requirement to use any of these authentication plugins.  With the proper configuration, the API server can accept requests over HTTP on any given insecure port you like.  However – doing so is insecure and somewhat limiting because some features of Kubernetes rely on using authentication so it’s recommended to use one or more of the following plugins.

Kubernetes offers 3 default authentication plugins as of version 1.0.  These plugins are used to authenticate requests against the API server.  Since they’re used for communication to the API, that means that they apply to both the Kubelet and Kube-Proxy running on your server nodes as well as any requests or commands you issue through the kubectl CLI tool.  Let’s take a look at each option…

Client Certificate Authentication
This is the most common method of authentication and is widely used to authentication node back Continue reading

1 3,090 3,091 3,092 3,093 3,094 3,836