0

Organizations should focus data sharing post-incident, not attribution

LAS VEGAS - There have been several notable security incidents in the news this year, from healthcare and retail breaches, to financial; even security firms themselves have been targeted.In each instance, attribution seems to take the lead during incident response, something organizations should resist. The key is collecting the right information and passing it on to the right people. When it comes to figuring out who did it and where they are, authorities are the ones who should take the lead – organizations that focus on this area first are wasting resources and time.MORE ON NETWORK WORLD: 26 crazy and scary things the TSA has found on travelers US Attorney Ed McAndrew (DE), who has years of experience working cases dealing with Internet-based crimes under his belt, recently spoke to CSO Online and offered some unique insight into the federal side of incident response and what organizations can to do better prepare for law enforcement involvement.To read this article in full or to leave a comment, please click here

0

Black Hat 2015: Ransomware not all it’s cracked up to be

All ransomware is not created equal and therefore should not be universally feared, a researcher will tell the Black Hat 2015 conference this week. Engin Kirda In fact, some ransomware – which locks up infected computers until a demanded sum is paid – makes false claims about the damage it is capable of doing, and some of the data it purports to seize can be recovered, says Engin Kirda, the cofounder and chief architect at Lastline Labs.To read this article in full or to leave a comment, please click here

0

10 Leaders In Internet Of Things Infrastructure

The Internet of Things needs a strong backbone for the many billions of connected devices and apps most prognosticators expect. Find out which companies are building the IoT behind the scenes.

0

Networking Career: How To Make It To The Big League

Networking pros who want to make the leap from a small shop to a big network environment can learn from how our newest network engineer got the job.

0

Black Hat 2015: Attackers use commercial Terracotta VPN to launch attacks

RSA researchers have discovered a China-based VPN network dubbed Terracotta that is used extensively to launch advanced persistent threat (APT) attacks and that hijacks servers of unsuspecting organizations in order to add new nodes to its network.The Terracotta VPN provides the infrastructure that anchors several anonymizing VPN services that are commercially marketed to the public in China, according to a briefing delivered today at the Black Hat conference.The services are pushed as a means for individuals to hide their Internet activity from prying government eyes, but are used as well by criminals seeking to cloak the origins of their attacks, RSA researchers will tell the conference.To read this article in full or to leave a comment, please click here

0

A deep look at CVE-2015-5477 and how CloudFlare Virtual DNS customers are protected

Last week ISC published a patch for a critical remotely exploitable vulnerability in the BIND9 DNS server capable of causing a crash with a single packet.

CC BY 2.0 image by Ralph Aversen

The public summary tells us that a mistake in handling of queries for the TKEY type causes an assertion to fail, which in turn crashes the server. Since the assertion happens during the query parsing, there is no way to avoid it: it's the first thing that happens on receiving a packet, before any decision is made about what to do with it.

TKEY queries are used in the context of TSIG, a protocol DNS servers can use to authenticate to each other. They are special in that unlike normal DNS queries they include a “meta” record (of type TKEY) in the EXTRA/ADDITIONAL section of the message.

CC BY 2.0 image by Ralph Aversen

Since the exploit packet is now public, I thought we might take a dive and look at the vulnerable code. Let's start by taking a look at the output of a crashing instance:

03-Aug-2015 16:38:55.509 message.c:2352: REQUIRE(*name == ((void*)0)) failed, back trace  
03-Aug-2015 16:38:55.510 #0 0x10001510d in  Continue reading

0

The Upload: Your tech news briefing for Tuesday, August 4

Google has already started its own car companyTurns out that even while Google has been sweet-talking automakers to get its software platform into their cars, it had set up a subsidiary to compete with them, the Guardian reports. Google Auto LLC is registered as a passenger vehicle manufacturer, and was licensed last year as a carmaker in California. It’s run by Chris Urmson, project lead for Google’s self-driving cars. Google wouldn’t talk to the Guardian, which uncovered the company registration via documents it requested under the public records act.To read this article in full or to leave a comment, please click here

0

Can Virtual Routers Compete with Physical Hardware?

One of the participants of the Carrier Ethernet LinkedIn group asked a great question:

When we install a virtual-router of any vendor over an ordinary sever (having general-purpose microprocessor), can it really compete with a physical-router having ASICs, Network Processors…?

Short answer: No … and here’s my longer answer (cross-posted to my blog because not all of my readers participate in that group).

Read more ...

0

Microsoft updates program to encourage diversity in partner law firms

Microsoft has overhauled a program for promoting diversity at the law firms it works with, to promote higher representation for lawyers of different minority groups in the firms’ leadership ranks.The company’s Law Firm Diversity Program has been changed to offer bonuses to 15 law firms it works with, based on how many attorneys in positions of power are female, from racial and ethnic minorities, openly LGBT, people with disabilities or military veterans.Microsoft started the program 7 years ago and originally offered firms a 2 percent bonus on their billings if a set percentage of the hours they billed to the company were worked by diverse attorneys.To read this article in full or to leave a comment, please click here

0

DHS warns about privacy implications of cybersecurity bill

The U.S. Department of Homeland Security has warned about the privacy implications of a cybersecurity bill that is intended to encourage businesses to share information about cyberthreats with the government.The DHS has also warned that the information sharing system proposed by the new bill could slow down responses in the face of a cyberthreat, if companies are allowed to share information directly with various government agencies, instead of routing it through the department.The Cybersecurity Information Sharing Act (CISA), which would give businesses immunity from customer lawsuits when they share cyberthreat data with the government, is under consideration of the Senate.To read this article in full or to leave a comment, please click here

0

Apple computers vulnerable to ‘Thunderstrike 2’ firmware worm

An improved attack on the firmware in Apple computers makes them vulnerable to hard-to-detect malware without even being connected to a network, according to a Black Hat conference presentation due to be given later this week.The new research highlights ongoing weaknesses in the low-level software that runs on every computer before an operating system is loaded.It comes from researchers Xeno Kovah and Corey Kallenberg of LegbaCore and Trammell Hudson of Two Sigma Investments. They showed earlier this year how they could infect a Mac’s firmware with malware by connecting malicious devices to them using Thunderbolt, Apple’s high-speed data transfer interface. The attack was dubbed Thunderstrike.To read this article in full or to leave a comment, please click here

0

Cisco’s SDN controller has a security hole

Cisco has issued software to fix a vulnerability in its SDN controller than allows infiltrators to access the system as root users, with access to root commands.Access to root commands would enable an attacker to access all commands and files on the controller. With that access, the attacker can then modify the system in any way desired, including granting and revoking access permissions for other users, including root users.A vulnerability in the cluster management configuration of Cisco’s Application Policy Infrastructure Controller (APIC) and Nexus 9000 switch in Application Centric Infrastructure (ACI) mode could allow an authenticated, remote attacker to access the APIC as the root user, according to a recently issued Cisco security advisory. The vulnerability is due to improper implementation of access controls in the APIC filesystem, the advisory states.To read this article in full or to leave a comment, please click here

0

PQ Show 54 – IPv6 Adoption Trends With Alain Fiocco

IPv6 is inevitable, but what's the real rate of adoption in North America? Join Ethan Banks and Alain Fiocco as they discuss the state of the protocol, share educational opportunities, and offer tips to get your vendors to fully embrace IPv6.

The post PQ Show 54 – IPv6 Adoption Trends With Alain Fiocco appeared first on Packet Pushers.

0

Condé Nast parent company jumps into big data market with 1010data purchase

Advance, a global media group that owns the Condé Nast group of consumer publications, has ventured into the realm of data analysis, purchasing New York-based analytics firm 1010data for $500 million.Advance plans to infuse 1010data with capital to expand its operations, so it can take on more of the growing market for big data-styled analysis services.Sandy Steier, 1010data co-founder and CEO, in a statement issued Monday that there will be no disruption to its customers, employees nor to its business as a result of the acquisition, which will instead allow 1010data to grow more quickly.The purchase is a bit of an unusual one for Advance, which has filled its portfolio with traditional media properties.To read this article in full or to leave a comment, please click here

0

Zscaler Scales Up With $100M Series B

Another big round for a security startup.

0

Social Engineering: 6 commonly targeted data points that are poorly protected

It's the little things that cause the biggest problemsImage by ThinkstockThis week, thousands of hackers have traveled to Las Vegas to learn about the latest in security research and techniques during BSides Las Vegas and Black Hat. This weekend, during DEF CON, the education continues as hackers roam the halls moving from talk to talk or head over to one of the villages.To read this article in full or to leave a comment, please click here

0

Counterterrorism expert says it’s time to give companies offensive cybercapabilities

The U.S. government should deputize private companies to strike back against cyberattackers as a way to discourage widespread threats against the nation’s businesses, a former government official says.Many U.S. businesses have limited options for defending their IP networks, and the nation needs to develop more “aggressive” capabilities to discourage cyberattacks, said Juan Zarate, the former deputy national security advisor for counterterrorism during President George W. Bush’s administration.The U.S. government should consider allowing businesses to develop “tailored hack-back capabilities,” Zarate said Monday at a forum on economic and cyberespionage hosted by think tank the Hudson Institute. The U.S. government could issue cyberwarrants, giving a private company license “to protect its system, to go and destroy data that’s been stolen or maybe even something more aggressive,” he added.To read this article in full or to leave a comment, please click here

0

Newest RIG exploit kit driven by malicious advertising

LAS VEGAS - Earlier this year, a disgruntled reseller leaked the source code for version 2.0 of the RIG exploit kit.Since then, the RIG's author has released version 3.0, which was recently discovered by researchers from Trustwave. The latest version uses malvertising in order to deliver a majority of its traffic, infecting some 1.25 million systems to date.There have been a few notable changes made to RIG between versions, including a cleaner control panel that's easier to navigate, changes to the URL structure used by the kit that helps it avoid detection, and a security structure that prevents unauthenticated users from accessing internal files – clearly implemented to avoid leaks such as the one that exposed the source code for the previous version.To read this article in full or to leave a comment, please click here

0

Software-Defined Perimeter Remains Undefeated in Hackathon

'We don't have to be vulnerable.'

0

Harvard CISO shares 5 pearls of IT security wisdom

Chief Information Security Officer Christian Hamer, who is responsible for policy and awareness across Harvard University and whose team handles security operations and incident response, took part on a panel last week at the Campus Technology conference in Boston (Campus Technology’s Rhea Kelly moderated; ESET researcher Lysa Myers was also an expert panelist). Here’s a selection of Hamer’s more notable observations:  Most important steps for protecting your network: We think all too often about IT security or information security [as being] about the bits and bytes, and what kind of widget we put on the network or somebody’s computer to protect it… But in general we have populations that want to do the right thing. They’re a lot more aware of the threats now because a lot of them have been in the media quite a bit recently. But they’re just not sure what to do or how to do it. And that’s probably the No. 1 thing that people could double down on. Does your community know what to do? Do they know how to do it? And do they know who to ask if they have trouble understanding that? Mobile security: “There’s a great industry around mobile Continue reading