What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2016-10-25 12:29:00 | How to approach keeping your IoT devices safe (lien direct) | Nothing is safe Image by Shardayyy With the recent take down of DYN and Brian Krebs' web site, cybercriminals have found a way to use your own devices to bring the Internet to its knees. Portnox's CEO Ofer Amitai provides some ways to keep those devices safe from these attacks.To read this article in full or to leave a comment, please click here |
|||
|
2016-10-25 12:25:00 | Rise of the IoT machines (lien direct) | Friday's distributed denial-of-service attack on domain name service provider Dyn may have seemed like the end of the world for millions of Netflix, Twitter and Spotify users, but security professionals say the service disruption was merely a nuisance attack – although an eye opening one – compared to the potential damage that can be unleashed by billions of unsecure IoT devices.“It's really just the tip of the iceberg,†says Nicholas Evans, vice president and general manager within the Office of the CTO at Unisys, where he leads its worldwide applied innovation program. “You can grade the threat intensity as the IoT devices become more autonomous, like self-driving cars, or more controllable, like some of factory-type devices that actually manipulate the physical environment. That's where the real threat is.â€To read this article in full or to leave a comment, please click here | Guideline | ||
|
2016-10-25 10:46:00 | DoJ: What does it take to prosecute federal computer crimes? (lien direct) | The need for vigorous criminal enforcement of cybercrime laws will only become more important as networked computers and the criminals who target them grow.That was how the Department of Justice started a blog post this week that defined how it decides whether or not to prosecute a federal computer-related crime.+More on Network World: Â Gartner: Artificial intelligence, algorithms and smart software at the heart of big network changes+To read this article in full or to leave a comment, please click here | |||
|
2016-10-25 10:37:00 | IDG Contributor Network: Residential routers easy to hack (lien direct) | The infamous “admin†user ID and hackable, weak passwords are prevalent on large numbers of home routers, says a security firm. That's despite the public's increasing awareness of vulnerabilities and associated hacking.Researchers at ESET recently tested more than 12,000 home routers and found that many of the devices are insecure. Firmware was flawed in some cases.+ Also on Network World: Answers to 'Is the internet broken?' and other Dyn DDoS questions +“Approximately 7 percent of the routers tested show vulnerabilities of high or medium severity,†ESET says in an article on its Welivesecurity editorial website. “Fifteen percent of the tested routers used weak passwords, with 'admin' left as the username in most cases.â€To read this article in full or to leave a comment, please click here | |||
|
2016-10-25 10:00:02 | (Déjà vu) Workstation software flaw exposes industrial control systems to hacking (lien direct) | The software used to program and deploy code to various Schneider Electric industrial controllers has a weakness that could allow hackers to remotely take over engineering workstations.The software, known as Unity Pro, runs on PCs used by engineers and includes a simulator for testing code before deploying it to programmable logic controllers (PLCs). These are the specialized hardware devices that monitor and control mechanical processes -- spinning motors, opening and closing valves, etc. -- inside factories, power stations, gas refineries, public utilities and other industrial installations.Researchers from industrial cybersecurity firm Indegy found that unauthenticated attackers could execute malicious code on Windows computers where the Unity Pro PLC simulator is installed. That code would run with debug privileges leading to a complete system compromise.To read this article in full or to leave a comment, please click here | Guideline | ||
|
2016-10-25 09:56:14 | Critical account creation flaws patched in popular Joomla CMS (lien direct) | The Joomla developers are warning website administrators to apply an update for the popular content management system that fixes two critical vulnerabilities.The flaws are serious enough that the Joomla project released a prenotification about the planned update on Friday, urging everyone to be prepared to install it as soon as possible. This suggests that attacks targeting these vulnerabilities are expected to follow shortly.Joomla 3.6.4, released Tuesday, fixes a high-priority flaw in the account creation component that could be exploited to create accounts on a Joomla-based website even if user registration has been disabled on it.To read this article in full or to leave a comment, please click here | |||
|
2016-10-25 09:25:01 | ARM builds up security in the tiniest IoT chips (lien direct) | IoT is making devices smaller, smarter, and – we hope – safer. It's not easy to make all those things happen at once, but chips that can help are starting to emerge.On Tuesday at ARM TechCon in Silicon Valley, ARM will introduce processors that are just a fraction of a millimeter across and incorporate the company's TrustZone technology. TrustZone is hardware-based security built into SoC (system on chip) processors to establish a root of trust.It's designed to prevent devices from being hacked and taken over by intruders, a danger that's been in the news since the discovery of the Mirai botnet, which recently took over thousands of IP cameras to mount denial-of-service attacks.To read this article in full or to leave a comment, please click here | |||
|
2016-10-25 08:06:00 | Privacy and security problems in TrackR, iTrack Easy and Nut IoT trackers (lien direct) | People who tend to lose or misplace things may turn to “smart†trackers, tiny devices which can be attached to keys, TV remotes, just about anything, and then the Bluetooth-enabled tracker helps you find the “lost†item via a smartphone. Many have a crowdsourcing feature so other people on that tracker's network can also help locate a missing item. But how secure are these IoT trackers? Two researchers at Rapid7 decided to find out.Deral Heiland, principal security consultant at Rapid7, aka @Percent_X, and Adam Compton, senior security consultant at Rapid7, aka @tatanus, took aim at four different trackers: iTrack Easy, Nut Smart Tracker, TrackR Bravo and Tile. They looked at the devices as well as the companion iOS apps and found issues with each.To read this article in full or to leave a comment, please click here | |||
|
2016-10-25 05:46:30 | Schneider Electric PLC simulator flaw exposes workstations to hacking (lien direct) | The software used to program and deploy code to various Schneider Electric industrial controllers has a weakness that could allow hackers to remotely take over engineering workstations.The software, known as Unity Pro, runs on PCs used by engineers and includes a simulator for testing code before deploying it to programmable logic controllers (PLCs). These are the specialized hardware devices that monitor and control mechanical processes -- spinning motors, opening and closing valves, etc. -- inside factories, power stations, gas refineries, public utilities and other industrial installations.Researchers from industrial cybersecurity firm Indegy found that unauthenticated attackers could execute malicious code on Windows computers where the Unity Pro PLC simulator is installed. That code would run with debug privileges leading to a complete system compromise.To read this article in full or to leave a comment, please click here | Guideline | ||
|
2016-10-25 04:59:00 | REVIEW: BIO-key\'s plug-in fingerprint readers for Windows 10 computers (lien direct) | A biometric fingerprint reader makes it convenient to sign into your computer, by just pressing or swiping your finger on the reader which scans your fingerprint. It bypasses the need for entering a password while increasing the level of security for the computer -- anyone can enter your password if they get it somehow, but not your finger, after all. It can also be a convenient and secure system to set up on a computer at work that should be accessed by only a specific person or persons.In late September, BIO-key launched three fingerprint reader devices for the business and everyday computer user. Each sells for $40: the EcoID, the SideSwipe, and the SideTouch. You plug these readers into an USB port on your computer. They're meant to be used with Windows 10 and this OS' biometric sign-in feature, Windows Hello. (The EcoID and SideSwipe also run on Windows 7.)To read this article in full or to leave a comment, please click here | |||
|
2016-10-25 04:53:00 | Cybersecurity staffing issues may be putting you at risk (lien direct) | A study from Spiceworks found that even though 80 percent of organizations experienced a "security incident" in 2015, only 29 percent of companies have a cybersecurity expert working in their IT department and only 7 percent have a cybersecurity expert on their executive team. And a majority -- 55 percent to be exact - said that their business didn't have "regular access" to any IT security experts at all, internal or third-party, with the majority of companies also reporting they had no plans to hire or contract one within the next year.To read this article in full or to leave a comment, please click here | |||
|
2016-10-24 23:10:40 | US transport agency guidance on vehicle cybersecurity irks lawmakers (lien direct) | Guidance from the National Highway Traffic Safety Administration for improving motor vehicle cybersecurity has attracted criticism from lawmakers who said that mandatory security standards were required.“This new cybersecurity guidance from the Department of Transportation is like giving a take-home exam on the honor code to failing students,†said Senators Edward J. Markey, a Democrat from Massachusetts, and Richard Blumenthal, a Democrat from Connecticut, who are both members of the Commerce, Science and Transportation Committee.“In this new Internet of Things era, we cannot let safety, cybersecurity, and privacy be an afterthought,†the senators added.To read this article in full or to leave a comment, please click here | |||
|
2016-10-24 17:34:11 | Lyft customers face potential hack from recycled phone numbers (lien direct) | Giving up an old cell phone number for a new one may seem harmless. But for Lyft customers, it can potentially expose their accounts to complete strangers.That's what happened to Lara Miller, a media relations specialist living in California. Earlier this month, she discovered two credit card charges made in Las Vegas, over 400 miles away."I thought it was legit fraud on my debit card," Miller said. Â But in reality, another woman had accidentally taken over her old Lyft account. It happened because the phone company had recycled the cell phone number Miller had canceled back in April -- opening the door to the hack.The problem involves Lyft's login process. The ride-hailing app does away with the hassle of usernames and passwords, and instead signs up customers with their smartphone's cell number.To read this article in full or to leave a comment, please click here | |||
|
2016-10-24 14:43:00 | White House: Small satellites bring “Moore\'s Law†into space (lien direct) | Small satellites, sometimes called cubesats or just smallsats are a very popular way of getting inexpensive communications and surveillance into space quickly.Looking to bolster that notion, the White House recently revealed a number of program that it says will help drive the use of smallsats even further. The White House Office of Science and Technology Policy (OSTP) announced what it called the “Harnessing the Small Satellite Revolution†initiative, which basically brings together National Aeronautics and Space Administration (NASA), the Department of Defense, the Department of Commerce, and other Federal agencies, to promote and support government and private use of small satellites for remote sensing, communications, science, and the exploration of space. To read this article in full or to leave a comment, please click here | |||
|
2016-10-24 13:49:00 | Answers to \'Is the internet broken?\' and other Dyn DDoS questions (lien direct) | The massive DDoS attacks that took down internet address-translation service Dyn and its customers last week raise a lot of need-to-know questions about the overall security of online infrastructure and its performance.While the attacks were ultimately mitigated and have subsided, the means for carrying out others are still viable and could crop up at any time with other targets. Here are some questions and answers that address what happened, how it happened, whether it could happen again and what the consequences might be.Is the internet broken?No, or at least not any more than it was before. It's made up of a system of independent vendors and institutions working cooperatively to provide access to sites around the world. Each works in its own best interests but also cooperates with the others to make the system work for everybody. Like any such system, it's got flaws and weaknesses. The Dyn attackers targeted some of these vulnerabilities and exploited them for maximum effect.To read this article in full or to leave a comment, please click here | |||
|
2016-10-24 11:15:38 | Physical RAM attack can root Android and possibly other devices (lien direct) | Researchers have devised a new way to compromise Android devices without exploiting any software vulnerabilities and instead of taking advantage of a physical design weakness in RAM chips. The attack technique could also affect other ARM and x86-based devices and computers.The attack stems from the push over the past decade to pack more DRAM (dynamic random-access memory) capacity onto increasingly smaller chips, which can lead to memory cells on adjacent rows leaking electric charges to one another under certain conditions.For example, repeated and rapid accessing of physical memory locations -- an action now dubbed "hammering" -- can cause the bit values from adjacent locations to flip from 0 to 1 or the other way around.To read this article in full or to leave a comment, please click here | Guideline | ||
|
2016-10-24 10:45:52 | Chinese firm recalls camera products linked to massive DDOS attack (lien direct) | A Chinese electronics component maker is recalling 4.3 million internet-connected camera products from the U.S. market amid claims they may have played a role in Friday's massive internet disruption.On Monday, Hangzhou Xiongmai Technology said it was recalling earlier models of four kinds of cameras due to a security vulnerability that can make them easy to hack."The main security problem is that users aren't changing the device's default passwords," Xiongmai said in a Chinese-language statement posted online.To read this article in full or to leave a comment, please click here | |||
|
2016-10-24 09:38:00 | Media fails to tell consumers about device flaws in Friday\'s internet outage (lien direct) | Hacked cameras, DVRs and other internet-connected consumer devices were conscripted by perpetrators who installed botnet malware, causing last Friday's internet outages. The national media reported the event, but it failed to tell consumers what they need to know about buying those types of devices. For example, before making a purchase, consumers need to ask: Does the manufacturer routinely update this device with security patches? Can I change the default passwords when I install the device? The national media could have talked to someone who has first-hand experience with this type of attack, such as Brian Krebs, former Washington Post journalist and now one of the leading security industry bloggers, who would have repeated what he posted on Friday:To read this article in full or to leave a comment, please click here | Guideline | ||
|
2016-10-24 07:33:00 | SnapChat, Skype among worst messaging apps for not respecting users\' right to privacy (lien direct) | Amnesty International set out to determine which technology companies met “their human rights responsibilities in the way they use encryption to protect users' online security.†The research resulted in ranking messaging apps of 11 tech companies based on the use of encryption to protect users' privacy.According to the detailed list of Message Privacy Rankings (pdf), Facebook did the best, scoring 73 out of 100 for WhatsApp and Facebook Messenger. Both Apple for iMessage and FaceTime and Telegram for the Telegram Messenger scored 67. Google came in with a score of 53 for Allo, Duo and Hangouts.To read this article in full or to leave a comment, please click here | |||
|
2016-10-24 07:21:00 | Does Southwest\'s new \'password\' commercial need to get away? (lien direct) | If you watched any football yesterday, chances are you saw the latest in Southwest Airlines' “Wanna get away?†commercial series, this one featuring a military general and his comical willingness to surrender his network access password.While funny on its face, the commercial is not exactly a lesson in proper password management. Watch or read the transcript that follows: Transcript:To read this article in full or to leave a comment, please click here | |||
|
2016-10-24 07:07:00 | Cybersecurity, Business, and IT Relationships (lien direct) | As the old adage states:  People are the weakest link in the cybersecurity chain. This is a problem because strong cybersecurity depends upon both individual skills and organizational collaboration between cybersecurity, business, and IT groups. To use another analogy, cybersecurity is a team sport. If the cybersecurity team doesn't communicate and collaborate well with other groups within an organization, it will be difficult if not impossible to stay current with what's needed for security incident prevention, detection, and response.Unfortunately, this is the situation too often today. According to a new research report from ESG and the Information Systems Security Association (ISSA), 20% of cybersecurity professionals claim that the relationship between cybersecurity and IT teams is “fair or poor†today, while 27% rate the relationship between cybersecurity and business team as “fair or poor†(Note: I am an ESG employee).To read this article in full or to leave a comment, please click here | |||
|
2016-10-24 05:00:00 | Bots may be trumping online polls (lien direct) | Politicians are fond of saying that the only poll that matters is the one on election day.That may be especially true this year, especially when it comes to online polls that, like anything in the digital, connected world, are vulnerable to mischief.The mischief is enabled by bots – hundreds to many thousands of computers under the control of an attacker that are more typically used to send out spam, create Distributed Denial of Service (DDoS) attacks and commit various kinds of fraud – but in this case are used to skew poll results. They can make it look like public opinion views one candidate as the winner of a debate when the real vote would show the other candidate did.To read this article in full or to leave a comment, please click here | |||
|
2016-10-24 04:31:23 | French surveillance law is unconstitutional after all, highest court says (lien direct) | The French Constitutional Council has taken another look at a new security law it waved through in July 2015, and found it wanting.A key clause of last year's Surveillance Law essentially allowed security agencies to monitor and control wireless communications without the usual oversight applied to wiretapping operations.This is unconstitutional as the lack of oversight is likely to result in a disproportionate invasion of privacy, the council ruled Friday. It was responding to a complaint filed by La Quadrature du Net (LQDN), an association campaigning for online rights, the ISP French Data Network (FDN) and the Federation of Non-Profit ISPs.To read this article in full or to leave a comment, please click here | |||
|
2016-10-24 03:30:00 | Better safe than sorry: 5 apps for encrypting and shredding files (lien direct) | While safeguarding personal and business data has always been important, the necessity for maintaining digital privacy has become even more vital as more of our records are digitized.People are starting to realize that passwords alone aren't enough. Even with password protection, anything on your computer can potentially be viewed by an enterprising hacker. And if your computer is lost or stolen, its hard drive can be removed and connected to a new computer, revealing its secrets. To be safer, encryption is the way to go. These days, the accepted standard for encryption is the Advanced Encryption Standard (AES) algorithm with a 256-bit key.To read this article in full or to leave a comment, please click here | |||
|
2016-10-24 02:25:00 | New products of the week 10.24.16 (lien direct) | New products of the week Our roundup of intriguing new products. Read how to submit an entry to Network World's products of the week slideshow.The Back-UPS battery backup Key features: APC by Schneider Electric's new Back-UPS battery backup solutions are designed to deliver reliable/secure power protection for wireless networks, computers and other home/business electronics to help users stay connected. More info.To read this article in full or to leave a comment, please click here |
|||
|
2016-10-23 23:51:20 | WikiLeaks says it doesn\'t collaborate with states (lien direct) | WikiLeaks claims to have many thousands of sources but does not collaborate with states in the publication of documents, its editorial board said late Sunday.The statement by the board of the whistleblowing site assumes significance after the administration of U.S. President Barack Obama charged that it and other sites had released allegedly hacked emails under the direction of Russia. WikiLeaks has leaked mails from the Democratic National Committee that showed that the Democratic Party's national strategy and fund-raising committee had favored Hillary Clinton over her rival Senator Bernie Sanders for the Democratic Party nomination. The website has also published mails from the account of John Podesta, chairman of Clinton's campaign for the presidential election, which could prove to be embarrassing to the candidate.To read this article in full or to leave a comment, please click here | |||
|
2016-10-23 12:01:32 | Chinese firm admits its hacked products were behind Friday\'s massive DDOS attack (lien direct) | A Chinese electronics component manufacturer says its products inadvertently played a role in a massive cyberattack that disrupted major internet sites in the U.S. on Friday.Hangzhou Xiongmai Technology, a vendor behind DVRs and internet-connected cameras, said on Sunday that security vulnerabilities involving weak default passwords in its products were partly to blame.According to security researchers, malware known as Mirai has been taking advantage of these vulnerabilities by infecting the devices and using them to launch huge distributed denial-of service attacks, including Friday's outage.To read this article in full or to leave a comment, please click here | |||
|
2016-10-22 23:00:00 | IoT botnets used in unprecedented DDoS against Dyn DNS; FBI, DHS investigating (lien direct) | Infected IoT devices turned into botnets, at least some controlled by Mirai, were used in multiple DDoS attacks against New Hampshire-based internet infrastructure company Dyn. The attacks against Dyn DNS were similar to some thugs shredding an internet address book, since addresses of thousands of websites couldn't be looked up and users couldn't be connected to the right servers; by the third wave of attacks, users across the globe had been affected by the massive disruptions.The FBI and the Department of Homeland Security are investigating the attack on Dyn, one provider of DNS services. A spokeswoman told The New York Times that the FBI and DHS “were looking into the incident and all potential causes, including criminal activity and a nation-state attack.â€To read this article in full or to leave a comment, please click here | |||
|
2016-10-21 17:11:53 | U.S. indicts Russian for hacking LinkedIn, Dropbox, Formspring (lien direct) | The U.S. has charged a suspected Russian hacker with breaking into computers at LinkedIn, Dropbox and a question-and-answer site formerly known as Formspring.On Thursday, a federal grand jury indicted 29-year-old Yevgeniy Aleksandrovich Nikulin following his arrest by Czech police in Prague on Oct. 5.LinkedIn has said that Nikulin was involved in the 2012 breach of the company that stole details from over 167 million accounts. However, a U.S. court filing unsealed on Friday only gave limited details on Nikulin's alleged crimes.To read this article in full or to leave a comment, please click here | |||
|
2016-10-21 16:52:00 | How the Dyn DDoS attack unfolded (lien direct) | Today's attacks that overwhelmed the internet-address lookup service provided by Dyn were well coordinated and carefully plotted to take down data centers all over the globe, preventing customers from reaching more than 1,200 domains Dyn was in charge of.The attacks were still going on at 7 p.m. Eastern time, according to ThousandEye, a network monitoring service.Dyn's service takes human-language internet addresses such as www.networkworld.com and delivers the IP addresses associated with them so routers can direct the traffic to the right locations.To read this article in full or to leave a comment, please click here | |||
|
2016-10-21 15:54:12 | An IoT botnet is partly behind Friday\'s massive DDOS attack (lien direct) | Malware that can build botnets out of IoT devices is at least partly responsible for a massive distributed denial-of-service attack that disrupted U.S. internet traffic on Friday, according to network security companies.Since Friday morning, the assault has been disrupting access to popular websites by flooding a DNS service provider called Dyn with an overwhelming amount of internet traffic.Some of that traffic has been observed coming from botnets created with the Mirai malware that is estimated to have infected over 500,000 devices, according to Level 3 Communications, a provider of internet backbone services.To read this article in full or to leave a comment, please click here | |||
|
2016-10-21 12:34:00 | Extensive DDoS attack against Dyn restarts, could indicate a new use of old criminal tech (lien direct) | Attacks against DNS service provider Dyn resumed today after a two and a half hour lull, and could indicate a new application of an old criminal technology, experts say.Dyn hasn't shared details on the type of DDoS attacks used nor the size of those attacks that have affected access to sites including Amazon, Etsy, GitHub, Shopify, Twitter and the New York Times.+More on Network World: Gartner Top 10 strategic technology trends you should know for 2017To read this article in full or to leave a comment, please click here | |||
|
2016-10-21 08:29:39 | Easy-to-exploit rooting flaw puts Linux computers at risk (lien direct) | The maintainers of Linux distributions are rushing to patch a privilege escalation vulnerability that's already being exploited in the wild and poses a serious risk to servers, desktops and other devices that run the OS.The vulnerability, tracked as CVE-2016-5195, has existed in the Linux kernel for the past nine years. This means that many kernel versions that are used in a variety of computers, servers, routers, embedded devices and hardware appliances are affected.The Red Hat security team describes the flaw as a "race" condition, "in the way the Linux kernel's memory subsystem handles the copy-on-write (COW) breakage of private read-only memory mappings." This allows an attacker who gains access to a limited user account to obtain root privileges and therefore take complete control over the system.To read this article in full or to leave a comment, please click here | |||
|
2016-10-21 07:03:00 | DNS provider Dyn gets DDoSed, takes out Twitter, GitHub and plenty others (lien direct) | Some of the biggest names on the internet – including Twitter, GitHub, Etsy, Shopify, the New York Times and the Boston Globe, among many others – were temporarily knocked offline by a DDoS attack that targeted DNS provider Dyn early Friday morning.DNS is the mechanism by which computers turn human-readable web addresses like www.networkworld.com into a numerical format that can be used to retrieve the actual web page. Dyn is a managed DNS provider – essentially, a phone book that computers use to correlate IP addresses to web page names.+ALSO ON NETWORK WORLD: Apple sues Amazon supplier over fake iPhone chargers + Technology confirms election ballot error is less than .001%To read this article in full or to leave a comment, please click here | |||
|
2016-10-21 04:00:00 | IDG Contributor Network: 7 steps to proactive security (lien direct) | Data breaches are increasingly becoming an expensive problem for more and more companies. According to the most recent Ponemon Institute Data Breach report, insecure data cost companies an average of $221 per compromised record in 2016, an increase of 7 percent from the previous year and an all-time high.+ Also on Network World:Â A breach alone means liability + The key to securing against this threat lies in a common metaphor-if a ship has a hole, it is better to patch the breach than bail the water. Effective cybersecurity means being proactive, getting ahead of the problem and addressing the issue at its core rather than operating in a reactive fashion, constantly fixing the symptoms.To read this article in full or to leave a comment, please click here | |||
|
2016-10-20 23:56:47 | Intel asserts its trademark rights against John McAfee (lien direct) | Intel does not object to John McAfee using his personal name in connection with his business, but it objects to the use by the maverick entrepreneur and security expert of the McAfee trade name and trademark in a way that could confuse or deceive consumers or dilute the brand.The issue came up when John McAfee teamed with MGT Capital Investments, which had been until recently mainly into gaming sites, and announced in May that it is in the process of acquiring a diverse portfolio of cybersecurity technologies. MGT also announced that it intended to change its corporate name to “John McAfee Global Technologies, Inc.†with John McAfee at the helm of the new company.To read this article in full or to leave a comment, please click here | |||
|
2016-10-20 14:42:18 | Ex-NSA contractor hoarded two decades\' worth of secrets (lien direct) | The former National Security Agency contractor suspected of stealing U.S. hacking tools allegedly was found hoarding two decades' worth of classified materials.In a Thursday court filing, federal investigators provided new details on their case against 51-year-old Harold Martin, who was arrested in late August. Investigators have seized 50 terabytes of information from Martin, in addition to thousands of pages of documents, the filing said. Among them are classified operational plans against a known enemy of the U.S that Martin had no need to know about.On Wednesday, The New York Times also reported that Martin was found in possession of NSA hacking tools that have recently been put up for sale online. An anonymous group of hackers calling themselves the Shadow Brokers have been trying to sell the tools since mid-August, but it's unclear how they obtained them.To read this article in full or to leave a comment, please click here | |||
|
2016-10-20 09:26:00 | US intelligence targets advanced security management of virtual systems (lien direct) | Looking to lock down government cloud-based resources in particular, researchers from the Intelligence Advance Research Projects Activity this week announced a program that will develop better technology to manage and secure Virtual Desktop Infrastructure environments.+More on Network World: Gartner: Virtual personal health assistants and other technology eliminate the physician for annual exams+The advanced research arm of the Office of the Director of National Intelligence rolled out the Virtuous User Environment (VirtUE) program which the agency says “is looking to use the federal government's impending migration to commercial cloud-based IT infrastructures and the current explosion of new virtualization and operating system concepts to create and demonstrate a more secure interactive user computing environment than the government has had in the past or likely to have in the near future.â€To read this article in full or to leave a comment, please click here | |||
|
2016-10-20 08:50:16 | Indian banks replace millions of debit cards after possible breach (lien direct) | Indian banks have asked customers to change the PINs, and in some cases blocked access, to 3.2 million debit cards after concerns about a security breach.The issue surfaced in September when some banks complained that their customers' cards were used fraudulently mainly in China and the U.S. while the account holders were in India, the National Payments Corporation of India said late Thursday.India's top government-controlled bank, the State Bank of India, said earlier this week that after card network companies like Visa and MasterCard had informed various banks of a potential risk to some cards because of a data breach, it had taken the precautionary measure of blocking the cards identified by the networks.To read this article in full or to leave a comment, please click here | |||
|
2016-10-20 08:04:00 | GuardiCore helps security teams see into apps and networks before they segment (lien direct) | The digital business era has brought with it a number of new tools and technologies, such as software-defined networking (SDN), Internet of Things (IoT), mobility and the cloud. These innovations enable businesses to increase their level of dynamism and be more distributed, but they also increase the complexity of securing the business. Old-school security methods and tools do not work in an environment where the perimeter is eroding and resources are becoming more virtual and cloud-centric.+ Also on Network World: Always be prepared: Monitor, analyze and test your security + To combat this, security professionals have embraced the concept of segmentation. The number of segmentation providers has exploded over the past few years, including VMware repositioning its NSX network virtualization product as a micro-segmentation solution. To read this article in full or to leave a comment, please click here | |||
|
2016-10-20 07:48:00 | 3 ways Windows Server 2016 is tackling security (lien direct) | Every version of Windows - client and server - has promised improved security. But with Windows 10 and Windows Server 2016, Microsoft is going beyond the usual incremental improvements and closing of loopholes and giving you the tools to reduce the dangers of phished credentials, over-privileged admins and untrustworthy binaries.“In the past, security was always something that was part of another technology†says Jeff Woolsey, principal group program manager at Microsoft. “We needed to pull it out.â€Security and protecting identity comes up in every conversation Microsoft has with customers, he says. And the scale of attacks means that security isn't just something for the IT team to worry about any more, adds Jeffrey Snover, lead architect for the enterprise cloud group and the Microsoft Azure stack. “When we asked customers 'what are your IT concerns?' there were some messages we heard consistently. There were too many stories about getting hacked and not knowing for months.â€To read this article in full or to leave a comment, please click here | Guideline | ||
|
2016-10-20 07:30:39 | Free tool protects PCs from master boot record attacks (lien direct) | Cisco Systems' Talos team has developed an open-source tool that can protect the master boot record of Windows computers from modification by ransomware and other malicious attacks.The tool, called MBRFilter, functions as a signed system driver and puts the disk's sector 0 into a read-only state. It is available for both 32-bit and 64-bit Windows versions and its source code has been published on GitHub.The master boot record (MBR) consists of executable code that's stored in the first sector (sector 0) of a hard disk drive and launches the operating system's boot loader. The MBR also contains information about the disk's partitions and their file systems.To read this article in full or to leave a comment, please click here | |||
|
2016-10-20 07:17:00 | Technology confirms election ballot error is less than .001% (lien direct) | Distrust in the U.S. voting process and the presidential election has reached an all-time high, with many concerned their ballots won't be counted. Voters can rest easy, though, when it comes to voting technology. Ballot errors are almost non-existent, said the CEO of voting system builder Clear Ballot.+ Also on Network World: Hacking the Election: Myths & Realities + Clear Ballot, a venture-backed company in Boston, builds an end-to-end voting system that includes precinct voting, accessible voting to serve disabled voters, central tabulation, consolidation and reporting, and an election management system, all using commodity off-the-shelf hardware. Most voting systems are built using proprietary hardware and software platforms. Because the voting system relies on commodity hardware, acquiring and setting up a ballot verification system is straightforward.To read this article in full or to leave a comment, please click here | |||
|
2016-10-20 04:54:00 | Stupid encryption mistakes criminals make (lien direct) | Writing secure code can be challenging, and implementing cryptography correctly in software is just plain hard. Even experienced developers can get tripped up. And if your goal is to swindle people quickly, not to wow them with the quality of your software, there are sure to be serious crypto mistakes in your code.Malware authors may provide significant lessons in how not to implement cryptography. Such was the upshot of research by Check Point's Yaniv Balmas and Ben Herzog at the recent Virus Bulletin conference in Denver. Malware authors may be more likely to insert crypto doozies in their code than developers working on legitimate software because they may not care as much about code quality or design, said Balmas and Herzog. These criminals are focused on getting a product that does enough to satisfy their immediate requirements -- and no more.To read this article in full or to leave a comment, please click here | |||
|
2016-10-19 14:52:12 | LinkedIn blames Russian hacking suspect for 2012 breach (lien direct) | A suspected Russian hacker arrested recently in the Czech Republic was involved in a massive 2012 data breach at LinkedIn, the professional social networking company says. LinkedIn said Wednesday that it has been working with the FBI to track down the culprits behind the data breach, which exposed hashed passwords from 117 million accounts."We are thankful for the hard work and dedication of the FBI in its efforts to locate and capture the parties believed to be responsible for this criminal activity," LinkedIn said in an email.To read this article in full or to leave a comment, please click here | |||
|
2016-10-19 13:21:29 | Yahoo asks US for clarity on email scanning controversy (lien direct) | Yahoo is asking that the U.S. government set the record straight on requests for user data, following reports saying the internet company has secretly scanned customer emails for terrorism-related information.  On Wednesday, Yahoo sent a letter to the Director of National Intelligence James Clapper, saying the company has been "unable to respond" to news articles earlier this month detailing the alleged government-mandated email scanning."Your office, however, is well positioned to clarify this matter of public interest," the letter said.The scanning allegedly involved searching through the email accounts of every Yahoo user and may have gone beyond other U.S. government requests for information, according to a report from Reuters.  To read this article in full or to leave a comment, please click here | Yahoo | ||
|
2016-10-19 11:57:00 | Russian hacker group used phony Google login page to hack Clinton campaign (lien direct) | A Russian hacking group used spearphishing to steal the Gmail login credentials of Hillary Clinton campaign staff, and that may be how campaign emails now being released were stolen, according to Secure Works.The attack targeted 108 hillaryclinton.com email addresses, and was carried out by a Russian group called Threat Group-4127 (TG-4127), according to Secure Works' Counter Threat Unit (CTU) blog.CTU can't directly link the spearphishing operation against the Clinton campaign with the hack of Democratic National Committee emails revealed June 14, but “CTU researchers suspect that TG-4127 used the spearphishing emails or similar techniques to gain an initial foothold in the DNC network. “To read this article in full or to leave a comment, please click here | APT 28 | ||
|
2016-10-19 11:43:00 | Your robot doctor overlords will see you now (lien direct) | Seems the days of the annual trip to your doctor's office may be fading in favor of a virtual healthcare provider. At least if you follow the research presented by Gartner this week which predicted by 2025, 50% of the population will rely on what it called virtual personal health assistants (VPHAs) for primary care, finding them more responsive and accurate than their human counterparts. +More on Network World: Gartner Top 10 strategic technology trends you should know for 2017To read this article in full or to leave a comment, please click here | |||
|
2016-10-19 11:16:57 | Flaw in Intel CPUs could help attackers defeat ASLR exploit defense (lien direct) | A feature in Intel's Haswell CPUs can be abused to reliably defeat an anti-exploitation technology that exists in all major operating systems, researchers have found.The technique, developed by three researchers from State University of New York at Binghamton and the University of California in Riverside, can be used to bypass address space layout randomization (ASLR) and was presented this week at the 49th annual IEEE/ACM International Symposium on Microarchitecture in Taipei.ASLR is a security mechanism used by operating systems to randomize the memory addresses used by key areas of processes, so that attackers don't know where to inject their exploit shellcode.To read this article in full or to leave a comment, please click here | |||
|
2016-10-19 10:42:00 | Politics keeps the U.S. from securing private-sector networks, says former CIA chief Robert Gates (lien direct) | ORLANDO, Fla. -- A person who had access to the nation's deepest secrets, Robert Gates, the former CIA chief and U.S. Secretary of Defense from 2006 to 2011, is lot more open in retirement.Gates had the crowd at the Gartner Symposium/ITxpo laughing over his observations about IT and applauding at some of the things he believes in.On stage here, for instance, Gartner analyst Richard Hunter fired off questions, asking at one point whether Edward Snowden, the former security contract employee who in 2010 took thousands of classified documents, was a "traitor or hero?"To read this article in full or to leave a comment, please click here |
To see everything:
Our RSS (filtrered)
