Microsoft released 12 patches, 5 rated critical, 1 being exploited in the wild

Microsoft released 12 security updates for September 2015 Patch Tuesday, five of which are rated critical and one is currently being exploited in the wild.Microsoft patches rated criticalMS15-097 contains a fix for a flaw currently being exploited in the wild, so it should be your top priority. It patches 11 vulnerabilities in Microsoft Graphics Component which could allow remote code execution.Qualys CTO Wolfgang Kandek wrote, “The bulletin is rated critical on Windows Vista and Server 2008, plus Microsoft Office 2007 and 2010, plus Lync 2007, 2010, 2013. In addition one of the vulnerabilities, rated as only as important in the bulletin is under attack in the wild: CVE-2015-2546 allows for an escalation of privilege once on the machines, allowing the attacker to become administrator of the targeted machine. CVE-2015-2546 affects all versions of Windows including Windows 10.”To read this article in full or to leave a comment, please click here

Blackmail rising from Ashley Madison breach

Cybercriminals are maddeningly adaptable.If a Dark Web illicit marketplace gets shut down, others spring up almost immediately to take its place. If credit cards get tougher to hack, there is always spear phishing, poorly protected electronic health records or the unending variety of devices that make up the Internet of Things (IoT), most of which have little to no security built in.To read this article in full or to leave a comment, please click here

Blurred lines: Cyberespionage group caught borrowing banking malware code

A group of hackers that target military and government organizations has recently borrowed code from an old online banking Trojan called Carberp, further blurring the line between cybercrime and cyberespionage.The hacker group is known by various names in the security industry, including Pawn Storm and APT28. Its primary malware tool is a backdoor program called Sednit or Sofacy.The group has been active since at least 2007 and has targeted governmental, security and military organizations from NATO member countries, as well as defense contractors and media organizations, Ukrainian political activists and Kremlin critics.To read this article in full or to leave a comment, please click here

IDG Contributor Network: Light-based networks could replace wires for hospital patients

Interference has been a major issue when hospitals have tried to replace the cluttered, bulky wiring used to monitor patients’ conditions—those are the wires protruding from a body, along with the associated beeps, as seen in the hospital TV drama procedurals we know and love.Hard-wiring, though, has never been an ideal solution for biomedical signals—it prevents patients from moving around, for one thing. That ties up expensive hospital beds.Interference RF interference can not only interfere with other signals, but it can apparently damage hospital equipment, say some researchers in South Korea.Those researchers, from Pukyong National University in Busan, reckon that they have a better solution. They want to use light instead.To read this article in full or to leave a comment, please click here

IDG Contributor Network: Light-based networks could replace wires for hospital patients

Interference has been a major issue when hospitals have tried to replace the cluttered, bulky wiring used to monitor patients’ conditions—those are the wires protruding from a body, along with the associated beeps, as seen in the hospital TV drama procedurals we know and love.Hard-wiring, though, has never been an ideal solution for biomedical signals—it prevents patients from moving around, for one thing. That ties up expensive hospital beds.Interference RF interference can not only interfere with other signals, but it can apparently damage hospital equipment, say some researchers in South Korea.Those researchers, from Pukyong National University in Busan, reckon that they have a better solution. They want to use light instead.To read this article in full or to leave a comment, please click here

IDG Contributor Network: Will the Ashley Madison hack really bring about any change in corporate IT security?

That sultry, sexy, "shh." We've all seen it over and over and over again during the past month. That "shh" promised sex and security. It looks like Ashley Madison didn't deliver much of either. Except for the sordid stories that keep Ashley Madison in the news, there is really nothing notable about the Ashley Madison breach. We are swimming in a sea of data breaches. They've become so routine it takes sex and scandal for anyone to notice. With so many data breaches over the past several years, you would expect companies (and governments) to do something about them.To read this article in full or to leave a comment, please click here

CCIE at 50k: Software Defined? Or Hardware Driven?

50kSticker

Congratulations to Ryan Booth (@That1Guy_15) on becoming CCIE #50117. It’s a huge accomplishment for him and the networking community. Ryan has put in a lot of study time so this is just the payoff for hard work and a job well done. Ryan has done something many dream of and few can achieve. But where is the CCIE program today? And where will it be in the future?

Who Wants To Be A CCIE?

A lot of virtual ink has been committed to opinions in the past couple of years about how the CCIE is become increasingly irrelevant in a world of software defined DevOps focused non-traditional networking teams. It has been said that the CCIE doesn’t teach modern networking concepts like programming or building networks in a world with no CLI access. While this is all true, I don’t think it diminishes the value of getting a CCIE.

The CCIE has never been about building a modern network. It has never been focused on creating anything other than a medium-sized enterprise network in the case of the routing and switching exam. It is not a test of best practices or of greenfield deployment scenarios. Instead, it has Continue reading

Evaluating my own books…

This is a bit of a slow week in the US, and I’ve been deeply imbibing philosophy and theology this weekend (getting ready for the first two PhD classes), so I’m going to do something a little different this week. A lot of folks email me asking about which of my books are worth buying, or asking me if they should buy this or that specific book I’ve written across the years. So, herewith, an honest appraisal of my own books.

Advanced IP Network Design

This book is based on single question—what have we learned from working on failed networks from the perspective of TAC and Escalation in terms of good network design? It’s hard to believe, but this was (AFAIK) the second book published by Cisco Press, in 1999 (that’s 16 years, 10 books, and two degrees ago!). While I have a fond place in my heart for this book, all the material here is generally updated and improved in Optimal Routing Design, below.

EIGRP for IP

This started life as the EIGRP white paper, written based on a thorough reading of the EIGRP code base as it existing in 2000, along with many hours spent with GDB, Continue reading

4 new cybercrime trends threaten your business

The more things change, the more things stay the same -- at least for hackers. That's one of the finding in Proofpoint's mid-year threat report on the attacks of choice for the first half of 2015. In addition to the return of an old friend, the cybersecurity company also found more targeted attacks towards businesses, heightened activity around social media and a shift in the volume and accuracy of the bad stuff that ends up in your inbox, looking to take your money. Click the attachment They're baaaaaack – email attachments that infect a computer once clicked upon, that is. To read this article in full or to leave a comment, please click here

Credentials stored in Ashley Madison’s source code might have helped attackers

If you're a company that makes its own websites and applications, make sure your developers don't do what the Ashley Madison coders did: store sensitive credentials like database passwords, API secrets, authentication tokens or SSL private keys in source code repositories.Judging by the massive amount of data leaked last month by Impact Team from AshleyMadison.com's owner Avid Life Media (ALM), the hackers gained extensive access to the Canadian company's IT infrastructure.The ALM data dumps contained customer records and transaction details from the Ashley Madison infidelity website, but also the email database of the company's now-former CEO and the source code for the company's other online dating websites including CougarLife.com and EstablishedMen.com.To read this article in full or to leave a comment, please click here

New products of the week 09.08.15

New products of the weekOur roundup of intriguing new products. Read how to submit an entry to Network World's products of the week slideshow.Alteryx 10.0 Pricing: Alteryx starts at $3,995 Per-User, Per-Year (3-Year Subscription); $5,194 Per-User, Per-Year (1-Year Subscription)To read this article in full or to leave a comment, please click here

1 3,341 3,342 3,343 3,344 3,345 3,853