8 steps to regaining control over shadow IT
Credit to Author: Ryan Francis| Date: Thu, 23 Feb 2017 12:17:00 -0800
Breaking and protecting devops tool chains
Ken Johnson, CTO of nVisium, and Chris Gates, Senior Security Engineer at Uber talk to CSO Online's Steve Ragan about working with devops tool chains.
Bruce Schneier and the call for "public service technologists"
Bruce Schneier, CTO of IBM Resilient on the increasing importance of technologist's presence in education and policy-making.
Police arrest man suspected of building million-router German botnet
Credit to Author: Peter Sayer| Date: Thu, 23 Feb 2017 09:06:00 -0800
Last year, someone turned a German internet service provider into a million-router botnet. German police think they will soon have the culprit.
The U.K.’s National Crime Agency (NCA) made an arrest on Wednesday in connection with the November 2016 hack on Deutsche Telekom. The agency said it arrested a 29-year-old man at Luton airport, acting on a European Arrest Warrant issued by the public prosecutor’s office in Cologne, Germany.
The German Federal Criminal Police Office (Bundeskriminalamt, or BKA), which led the investigation, said it had worked with British law enforcement officials to arrest the man, a Briton.
To read this article in full or to leave a comment, please click here
Eleven-year-old root Linux kernel flaw found and patched
Credit to Author: Lucian Constantin| Date: Thu, 23 Feb 2017 07:49:00 -0800
Linux system administrators should be on the watch for kernel updates because they fix a local privilege escalation flaw that could lead to a full system compromise.
The vulnerability, tracked as CVE-2017-6074, is over 11 years old and was likely introduced in 2005 when the Linux kernel gained support for the Datagram Congestion Control Protocol (DCCP). The problem was discovered last week and was patched by the kernel developers on Friday.
The flaw can be exploited locally by using heap spraying techniques to execute arbitrary code inside the kernel, the most privileged part of the OS. Andrey Konovalov, the Google researcher who found the vulnerability, plans to publish an exploit for it a few days.
To read this article in full or to leave a comment, please click here
Amid cyberattacks, ISPs try to clean up the internet
Credit to Author: Michael Kan| Date: Thu, 23 Feb 2017 06:26:00 -0800
If your computer’s been hacked, Dale Drew might know something about that.
Drew is chief security officer at Level 3 Communications, a major internet backbone provider that’s routinely on the lookout for cyberattacks on the network level. The company has linked more than 150 million IP addresses to malicious activity worldwide.
That means all of those IP addresses have computers behind them that are probably involved in distributed denial-of-service attacks, email spam, or breaches of company servers, Drew said.
Hackers have managed to hijack those computers to “cause harm to the internet,” but the owners don’t always know that, Drew said.
To read this article in full or to leave a comment, please click here
A hard drive's LED light can be used to covertly leak data
Credit to Author: Michael Kan| Date: Thu, 23 Feb 2017 03:40:00 -0800
The seemingly harmless blinking lights on servers and desktop PCs may give away secrets if a hacker can hijack them with malware.
Researchers in Israel have come up with an innovative hack that turns a computer’s LED light into a signaling system that shows passwords and other sensitive data.
The researchers at Ben-Gurion University of the Negev demonstrated the hack in a YouTube video posted Wednesday. It shows a hacked computer broadcasting the data through a computer’s LED light, with a drone flying nearby reading the pattern.
The researchers designed the scheme to underscore vulnerabilities of air-gapped systems, or computers that have been intentionally disconnected from the internet.
To read this article in full or to leave a comment, please click here
What to expect from the Trump administration on cybersecurity
Credit to Author: Grant Gross| Date: Wed, 22 Feb 2017 11:39:00 -0800
Look for President Donald Trump’s administration to push for increased cybersecurity spending in government, but also for increased digital surveillance and encryption workarounds.
That’s the view of some cybersecurity policy experts, who said they expect Trump to focus on improving cybersecurity at federal agencies while shying away from new cybersecurity regulations for businesses.
Trump is likely to look for ways for the National Security Agency and other agencies to assist the government and companies in defending against cyberattacks, said Jeffrey Eisenach, a visiting scholar at the American Enterprise Institute and a tech adviser during Trump’s presidential transition.
To read this article in full or to leave a comment, please click here