[*] [-] [-] [x] [A+] [a-]  
[l] at 7/16/19 8:00am
Last week, the Federal Trade Commission hit Facebook with a $5 billion fine for mishandling user data. The fine comes after the FTC’s investigation following the Cambridge Analytica scandal. On this episode of TECH(feed), Juliet discusses the implications of this fine -- and how Facebook may (or may not) change its practices.

[Category: Social Networking, Facebook, FTC, GDPR, Technology Industry, Security]

[*] [+] [-] [x] [A+] [a-]  
[l] at 7/11/19 9:00am
This new add-on will let you set up alerts about suspicious sign-on activity for Office 365 and other cloud apps.

[Category: Security, Windows]

[*] [+] [-] [x] [A+] [a-]  
[l] at 7/1/19 5:52am

The TCP/IP protocol is the foundation of the internet and pretty much every single network out there. The protocol was designed 45 years ago and was originally only created for connectivity. There’s nothing in the protocol for security, mobility, or trusted authentication.

The fundamental problem with TCP/IP is that the IP address within the protocol represents both the device location and the device identity on a network. This dual functionality of the address lacks the basic mechanisms for security and mobility of devices on a network.

This is one of the reasons networks are so complicated today. To connect to things on a network or over the internet, you need VPNs, firewalls, routers, cell modems, etc. and you have all the configurations that come with ACLs, VLANs, certificates, and so on. The nightmare grows exponentially when you factor in internet of things (IoT) device connectivity and security. It’s all unsustainable at scale.

To read this article in full, please click here

[Author: Linda Musthaler] [Category: Network Security, Security, SDN]

[*] [+] [-] [x] [A+] [a-]  
[l] at 6/28/19 8:36am

Cisco issued three “critical” security warnings for its DNA Center users – two having a Common Vulnerability Scoring System rating of 9.8 out of 10.

The two worst problems involve Cisco Data Center Network Manager (DCNM).  Cisco DNA Center controls access through policies using Software-Defined Access, automatically provision through Cisco DNA Automation, virtualize devices through Cisco Network Functions Virtualization (NFV), and lower security risks through segmentation and Encrypted Traffic Analysis.

More about SD-WAN

In one advisory Cisco said a vulnerability in the web-based management interface of DCNM could let an attacker obtain a valid session cookie without knowing the administrative user password by sending a specially crafted HTTP request to a specific web servlet that is available on affected devices. The vulnerability is due to improper session management on affected DCNM software.

To read this article in full, please click here

[Author: Michael Cooney] [Category: Security, Data Center]

[*] [+] [-] [x] [A+] [a-]  
[l] at 6/26/19 1:37pm
CSO senior writer Lucian Constantin and Computerworld Executive Editor Ken Mingis talk database security and how MongoDB's new field-level encryption takes security to the next level.

[Category: Security, Database, Encryption]

[*] [-] [-] [x] [A+] [a-]  
[l] at 6/26/19 11:41am

Some may call it a normal, even boring course of vendor business operations but others find it a pain the rump or worse.

That about sums up the reaction to news this week that Oracle will end its Dyn Domain Name System enterprise services by 2020 and try to get customers to move to DNS services provided through Oracle Cloud.

More about DNS:

Oracle said that since its acquisition of Dyn in 2016 and the ensuing acquisition of Zenedge, its engineering teams have been working to integrate Dyn’s products and services into the Oracle Cloud Infrastructure platform. “Enterprises can now leverage the best-in-class DNS, web application security, and email delivery services within Oracle Cloud Infrastructure and enhance their applications with a comprehensive platform to build, scale, and operate their cloud infrastructure," according to Oracle's
FAQ on the move. "As a result, Dyn legacy Enterprise services are targeted to be retired on May 31, 2020 with the exception of Internet Intelligence.”

To read this article in full, please click here

(Insider Story)

[Author: Michael Cooney] [Category: Security, Technology Industry, Internet, IDG Insider]

[*] [-] [-] [x] [A+] [a-]  
[l] at 6/26/19 9:08am

While not nearly commonly seen on Linux systems, library (shared object files on Linux) injections are still a serious threat. On interviewing Jaime Blasco from AT&T's Alien Labs, I've become more aware of how easily some of these attacks are conducted.

In this post, I'll cover one method of attack and some ways that it can be detected. I'll also provide some links that will provide more details on both attack methods and detection tools. First, a little background.

[ Two-Minute Linux Tips: Learn how to master a host of Linux commands in these 2-minute video tutorials ] Shared library vulnerability

Both DLL and .so files are shared library files that allow code (and sometimes data) to be shared by various processes. Commonly used code might be put into one of these files so that it can be reused rather than rewritten many times over for each process that requires it. This also facilitates management of commonly used code.

To read this article in full, please click here

[Author: Sandra Henry-Stocker] [Category: Linux, Security]

[*] [-] [-] [x] [A+] [a-]  
[l] at 6/24/19 10:00pm

One of the biggest concerns with the Internet of Things (IoT) is making sure networks, data, and devices are secure. IoT-related security incidents have already occurred, and the worries among IT, security and networking managers that similar events will take place are justified.

“In all but the most restrictive environments, you’re going to have IoT devices in your midst,” says Jason Taule, vice president of standards and CISO at security standards and assurance company HITRUST. "The question then isn’t if, but how you are going to allow such devices to connect to and interact with your networks, systems and data.”

To read this article in full, please click here

[Author: Bob Violino] [Category: Internet of Things, Security]

[*] [-] [-] [x] [A+] [a-]  
[l] at 6/18/19 8:00am
We’ve already talked about how the Huawei ban may affect business, but how will it affect security? Google has already warned of security threats should the company be unable to send updates to Huawei’s Android-powered devices. And even if Huawei responds with its own OS, will people trust it? In this episode of TECH(feed), Juliet discusses those security implications and what some people think the U.S. should do instead.

[Category: Mobile, 5G, Huawei, Security]

[*] [-] [-] [x] [A+] [a-]  
[l] at 6/14/19 10:16am

Mirai – the software that has hijacked hundreds of thousands of internet-connected devices to launch massive DDoS attacks – now goes beyond recruiting just IoT products; it also includes code that seeks to exploit a vulnerability in corporate SD-WAN gear.

That specific equipment – VMware’s SDX line of SD-WAN appliances – now has an updated software version that fixes the vulnerability, but by targeting it Mirai’s authors show that they now look beyond enlisting security cameras and set-top boxes and seek out any vulnerable connected devices, including enterprise networking gear.

More about SD-WAN

To read this article in full, please click here

(Insider Story)

[Author: Jon Gold] [Category: Internet of Things, Security, SD-WAN, IDG Insider]

[*] [-] [-] [x] [A+] [a-]  
[l] at 6/12/19 3:30am

If you follow the news surrounding the internet of things (IoT), you know that security issues have long been a key concern for IoT consumers, enterprises, and vendors. Those issues are very real, but I’m becoming increasingly convinced that related but fundamentally different privacy vulnerabilities may well be an even bigger threat to the success of the IoT.

In June alone, we’ve seen a flood of IoT privacy issues inundate the news cycle, and observers are increasingly sounding the alarm that IoT users should be paying attention to what happens to the data collected by IoT devices.

[ Also read: It’s time for the IoT to 'optimize for trust' and A corporate guide to addressing IoT security ]

Predictably, most of the teeth-gnashing has come on the consumer side, but that doesn’t mean enterprises users are immune to the issue. One the one hand, just like consumers, companies are vulnerable to their proprietary information being improperly shared and misused. More immediately, companies may face backlash from their own customers if they are seen as not properly guarding the data they collect via the IoT. Too often, in fact, enterprises shoot themselves in the foot on privacy issues, with practices that range from tone-deaf to exploitative to downright illegal—leading almost two-thirds (63%) of consumers to describe IoT data collection as “creepy,” while more than half (53%) “distrust connected devices to protect their privacy and handle information in a responsible manner.”

To read this article in full, please click here

[Author: Fredric Paul] [Category: Security, Internet of Things]

[*] [-] [-] [x] [A+] [a-]  
[l] at 6/11/19 10:46pm

IoT devices are proliferating on corporate networks, gathering data that enables organizations to make smarter business decisions, improve productivity and help avoid costly equipment failures, but there is one big downside – security of the internet of things remains a problem.

It makes sense, then, for enterprises to try to spot vulnerabilities in the IoT gear in their networks before they can be exploited by malicious actors.

[ For more on IoT security see tips to securing IoT on your network and 10 best practices to minimize IoT security vulnerabilities. | Get regularly scheduled insights by signing up for Network World newsletters. ]

To help this along, Network World and Pluralsight have teamed up to present a free course, Ethical Hacking: Hacking the Internet of Things, that provides IT pros with skills they need to protect their network infrastructure.

To read this article in full, please click here

(Insider Story)

[Author: Network World staff] [Category: Internet of Things, Security, IDG Insider]

[*] [-] [-] [x] [A+] [a-]  
[l] at 6/6/19 9:57am

Looking to expand its IoT security and management offerings Cisco plans to acquire Sentryo, a company based in France that offers anomaly detection and real-time threat detection for Industrial Internet of Things (IIoT) networks.

Founded in 2014 Sentryo products include ICS CyberVision – an asset inventory, network monitoring and threat intelligence platform – and CyberVision network edge sensors, which analyze network flows.

More on IoT:

To read this article in full, please click here

[Author: Michael Cooney] [Category: Internet of Things, Networking, Security]

[*] [+] [-] [x] [A+] [a-]  
[l] at 5/30/19 11:38am
Recently released public SAP exploits (dubbed 10KBLAZE) could pose a security risk for thousands of businesses. Computerworld executive editor Ken Mingis and CSO Online's Lucian Constantin discuss the fallout of 10KBLAZE, and how businesses using SAP should respond.

[Category: Cloud Computing, SAP, Security]

[*] [+] [-] [x] [A+] [a-]  
[l] at 5/29/19 2:52pm

It’s no secret that if you have a cloud-based e-mail service, fighting off the barrage of security issues has become a maddening daily routine.

The leading e-mail service – in Microsoft’s Office 365 package – seems to be getting the most attention from those attackers hellbent on stealing enterprise data or your private information via phishing attacks. Amazon and Google see their share of phishing attempts in their cloud-based services as well. 

[ Also see What to consider when deploying a next generation firewall. | Get regularly scheduled insights by signing up for Network World newsletters. ]

But attackers are crafting and launching phishing campaigns targeting Office 365 users, wrote Ben Nahorney, a Threat Intelligence Analyst focused on covering the threat landscape for Cisco Security in a blog focusing on the Office 365 phishing issue.

To read this article in full, please click here

(Insider Story)

[Author: Michael Cooney] [Category: Security, IDG Insider]

[*] [+] [-] [x] [A+] [a-]  
[l] at 5/29/19 1:10pm

This week SD-WAN vendor Cato Networks announced the results of its Telcos and the Future of the WAN in 2019 survey. The study was a mix of companies of all sizes, with 42% being enterprise-class (over 2,500 employees). More than 70% had a network with more than 10 locations, and almost a quarter (24%) had over 100 sites. All of the respondents have a cloud presence, and almost 80% have at least two data centers.  The survey had good geographic diversity, with 57% of respondents coming from the U.S. and 24% from Europe.

Highlights of the survey include the following key findings:

To read this article in full, please click here

[Author: Zeus Kerravala] [Category: SD-WAN, Internet, Networking, WAN, Security]

[*] [+] [-] [x] [A+] [a-]  
[l] at 5/23/19 2:07pm

Of the millions of enterprise-IoT transactions examined in a recent study, the vast majority were sent without benefit of encryption, leaving the data vulnerable to theft and tampering.

The research by cloud-based security provider Zscaler found that about 91.5 percent of transactions by internet of things devices took place over plaintext, while 8.5 percent were encrypted with SSL. That means if attackers could intercept the unencrypted traffic, they’d be able to read it and possibly alter it, then deliver it as if it had not been changed.

To read this article in full, please click here

[Author: Tim Greene] [Category: Internet of Things, Security]

[*] [+] [-] [x] [A+] [a-]  
[l] at 5/17/19 11:56am

Microsoft took the rare step of issuing security fixes for both the server and desktop versions of Windows that are long out of support, so you know this is serious.

The vulnerability (CVE-2019-0708) is in the Remote Desktop Services component built into all versions of Windows. RDP, formerly known as Terminal Services, itself is not vulnerable. CVE-2019-0708 is pre-authentication and requires no user interaction, meaning any future malware could self-propagate from one vulnerable machine to another.

CVE-2019-0708 affects Windows XP, Windows 7, Windows Server 2003, Windows Server 2008 R2, and Windows Server 2008. It does not impact Microsoft’s newest operating systems; Windows 8 through 10 and Windows Server 2012 through 2019 are not affected.

To read this article in full, please click here

[Author: Andy Patrizio] [Category: Windows Server, Software, Security]

[*] [+] [-] [x] [A+] [a-]  
[l] at 5/16/19 4:00am
WhatsApp’s recent spyware hack took advantage of a security vulnerability and allowed attackers to access private, digital communication. In this episode of TECH(feed), Juliet walks through the hack, who was affected and how you can secure your devices ASAP.

[Category: Mobile, Security, Spyware]

[*] [+] [-] [x] [A+] [a-]  
[l] at 10/23/18 4:00am

You know you need to protect your company from unauthorized or unwanted access. You need a network-security tool that examines the flow of packets in and out of the enterprise, governed by rules that decide whether that flow is safe, malicious or questionable and in need of inspection. You need a firewall.

Recognizing that you need a firewall is the first – and most obvious -- step. The next crucial step in the decision-making process is determining which firewall features and policies best-suit your company’s needs.

Today’s enterprise firewalls must be able to secure an increasingly complex network that includes traditional on-premises data center deployments, remote offices and a range of cloud environments. Then you have to implement and test the firewall once it's installed. Perhaps the only element more complex than configuring, testing and managing a next-generation firewall is the decision-making process regarding which product to trust with your enterprise security.

To read this article in full, please click here

(Insider Story)

[Author: Sheryl Hodge] [Category: Firewalls, Security, Networking, IDG Insider]

[*] [+] [-] [x] [A+] [a-]  
[l] at 7/27/18 9:06am

When selecting VPN routers, small businesses want ones that support the VPN protocols they desire as well as ones that fit their budgets, are easy to use and have good documentation.

We looked at five different models from five different vendors: Cisco, D-Link, and DrayTek, Mikrotik and ZyXEL. Our evaluation called for setting up each unit and weighing the relative merits of their price, features and user-friendliness.

[ Learn who's developing quantum computers.]

Below is a quick summary of the results:

To read this article in full, please click here

(Insider Story)

[Author: Eric Geier] [Category: Networking, Router, Security, Cisco Systems, Small Business, IDG Insider]

[*] [-] [-] [x] [A+] [a-]  
[l] at 5/9/18 4:57pm

"I am all about useful tools. One of my mottos is 'the right tool for the right job.'" –Martha Stewart

If your "right job" involves wrangling computer networks and figuring out how to do digital things effectively and efficiently or diagnosing why digital things aren't working as they're supposed to, you've got your hands full. Not only does your job evolve incredibly quickly becoming evermore complex, but whatever tools you use need frequent updating and/or replacing to keep pace, and that's what we're here for; to help in your quest for the right tools.

[ Don’t miss customer reviews of top remote access tools and see the most powerful IoT companies . | Get daily insights by signing up for Network World newsletters. ]

We've done several roundups of free network tools in the past, and since the last one, technology has, if anything, sped up even more. To help you keep up, we've compiled a new shortlist of seven of the most useful tools that you should add to your toolbox.

To read this article in full, please click here

(Insider Story)

[Author: Mark Gibbs] [Category: Network Management, Security, Infrastructure, Networking, IDG Insider]

As of 7/16/19 8:42pm. Last new 7/16/19 9:13am.

First feed in category: Scientific American