Everyone’s a tech company these days. From new-school video streaming services like Netflix to old-school grocery businesses and government agencies, technology increasingly drives business productivity. At the heart of this movement is Linux, resulting in exceptional, highly paid job opportunities for Linux professionals.
Archive for the Category ◊ IT Security ◊
Recently-released attack code exploiting a critical Android vulnerability gives attackers a point-and-click interface for hacking a majority of smartphones and tablets that run the Google operating system, its creators said.
The attack was published last week as a module to the open-source Metasploit exploit framework used by security professionals and hackers alike. The code exploits a critical bug in Android’s WebView programming interface that was disclosed 14 months ago. The security hole typically gives attackers remote access to a phone’s camera and file system and in some cases also exposes other resources, such as geographic location data, SD card contents, and address books. Google patched the vulnerability in November with the release of Android 4.2, but according to the company’s figures, the fix is installed on well under half of the handsets it tracks.
Tripwire has analyzed the security provided by the most popular wireless routers used in many small and home offices and found that 80 percent of Amazon’s top 25 best-selling SOHO wireless router models have security vulnerabilities.
Today’s malware uses ingenious techniques to evade detection by traditional signature-based antimalware. Intrusion prevention systems, Web filtering and antivirus products are simply no longer sufficient for defending against a new breed of attacker that combines sophisticated malware with persistent remote access, with the aim of stealing sensitive corporate data over an extended period of time.
New threat-detection tools that offer advanced malware detection through sandboxing technology aim to counter this problem. These products are offered by various companies, including FireEye Inc, Damballa Inc, Palo Alto Networks, NetWitness and others. All of these systems promise near-complete protection from the malware threat. In this tip, we’ll discuss the emerging techniques employed by today’s advanced malware and threat-detection products, focusing on the advantages they offer and the challenges that they have yet to solve.
Singapore is on high alert after over 100 local web sites were defaced, including several run by the opposition Reform Party.
The majority are now either offline or defaced with the message “Hacked By Mr. AzRooT” and a link to the Twitter profile of user @4zrai, who boasts of other scalps this month including the Italian and Mali governments and Indonesian military.
Network World – McAfee says it’s developing a product it calls “Threat Intelligence Exchange,” which it expects to introduce by mid-year as a core means to garner information about cyber-attacks and response for the enterprise.
Threat Intelligence Exchange is described as a “messaging framework” that would initially collect information about Windows-based endpoints in the enterprise and whether they had been compromised, identify patterns and allow for a rapid “immunization” of assets. According to Bradon Rogers, McAfee senior vice president of product solutions and marketing, it will include a client add-on agent for McAfee’s anti-malware software that could be deployed via McAfee ePolicy Orchestrator management console. There will also be a server-based Threat Intelligence Exchange component that will work as a VMware-based virtual-machine that could reside in the organization’s data center to centrally collect the wide variety of contextual information related to threats.
CSO – Chief security officers who believe the latest Bitcoin problems do not affect them should think again. Securing such digital currency flowing through peer-to-peer payment systems may one day be the responsibility of security pros.
The world of Bitcoin has certainly had a bad week. A bug in its protocol forced two exchanges, Mt. Gox and BitStamp, to halt trading temporarily. The flaw was also blamed for the theft of $2.6 million from the Bitcoin wallet belonging to Silk Road 2, the online black market that took the place of the original Silk Road after it was shutdown by federal authorities. Both anonymous marketplaces provide a place on the dark web to sell and buy illegal drugs.
While the latest events may seem unimportant to security pros, they should not be ignored, because they represent the maturing process of a payment system that corporations may one day be asking CSOs to secure.
As everyone knows, lone actors such as active shooters and bombers target public places like schools, malls and movie theaters and public events like speaking engagements. In many cases, threats of violence posted to social media precede these attacks.
With this in mind, CSOs and CISOs should consider complementing security measures with social media monitoring and response efforts designed to address the potential that lone actors will carry out threats of violence against the enterprise or any of its employees.
When U.S. CERT comes knocking, it seems unwise for a company to stick its head in the sand and hide. But that’s reportedly what happened when the CERT division of the Carnegie Mellon Software Engineering Institute tried to contact Belkin about numerous vulnerabilities discovered in Belkin WeMo home automation devices.
CERT was contacted by researchers from IOActive after they uncovered “multiple vulnerabilities in Belkin WeMo Home Automation devices that could affect over half a million users.” Since Belkin failed to issue a fix for any of the flaws, IOActive “recommends unplugging all devices from the affected WeMo products.”
IDG News Service – AT&T and IBM will start jointly offering services designed to help municipalities, utility companies and other organizations use “Internet of things” technologies to better manage their infrastructure.
“There is a huge amount of growth of the things that are connected” to networks, said Michael Curry, IBM vice president of product management. “When you have that many things connected in, you have a big data problem. Companies want to be able to take that data and use it to optimize operations and predict failures.”
IBM estimates that there will be over 18 billion connected devices in the world by 2022. Examples of connected devices include mobile phones and sensors.