Independent – Page 439 – Computer Security Articles

To better vet foreign travelers, the U.S. might demand that some visa applicants hand over the passwords to their social media accounts, a proposal that’s alarming privacy experts.

“If they don’t want to give us the information, then they don’t come,” said John Kelly, the head of the Department of Homeland Security, on Tuesday.

Kelly mentioned the proposal in a congressional hearing when he was asked what his department was doing to look at visa applicants’ social media activity.

He said it was “very hard to truly vet” the visa applicants from the seven Muslim-majority countries covered by the Trump administration’s travel ban, which is now in legal limbo. Many of the countries are failed states with little internal infrastructure, he said.

To read this article in full or to leave a comment, please click here

ComputerWorld Independent

February 8, 2017 admin

AT&T, IBM, Nokia join to make IoT systems safer

Some big players in security and the internet of things, including AT&T and Nokia, are joining forces to solve problems that they say make IoT vulnerable in many areas.

The IoT Cybersecurity Alliance, formed Wednesday, also includes IBM, Symantec, Palo Alto Networks, and mobile security company Trustonic. The group said it won’t set standards but will conduct research, educate consumers and businesses, and influence standards and policies.

As IoT technologies take shape, there’s a danger of new vulnerabilities being created in several areas. Consumer devices have been in the security spotlight thanks to incidents like the DDoS attacks last year that turned poorly secured set-top boxes and DVRs into botnets. But the potential weaknesses are much broader, spanning the network, cloud, and application layers, the new group said in a press release.

To read this article in full or to leave a comment, please click here

ComputerWorld Independent

February 8, 2017 admin

Accenture wants to help businesses secure their blockchains

Accenture wants to help businesses use blockchain technologies more securely by locking away the encryption keys they use to sign transactions.

It’s built a system that blockchain developers can use to store credentials in specialized cryptoprocessors called hardware security modules (HSMs).

HSMs are typically used by banks to store the PINs associated with payment cards or the credentials used to make interbank payments over the SWIFT network, and are much more secure than storing the credentials, even in encrypted form, on network-connected servers from where attackers could steal them.

The PINs or credentials never leave the HSMs, and their use within them is strictly controlled.

To read this article in full or to leave a comment, please click here

ComputerWorld Independent

February 8, 2017 admin

Hard-to-detect fileless attacks target banks, other organizations

A wave of attacks that have recently affected banks and other enterprises used open-source penetration testing tools loaded directly into memory instead of traditional malware, making their detection much harder.

Researchers from antivirus vendor Kaspersky Lab started investigating these attacks after the security team from an unnamed bank found Meterpreter in the random access memory (RAM) of a server that acted as the organization’s Windows domain controller.

Meterpreter is an in-memory attack payload that can inject itself into other running processes and is used to establish persistency on a compromised system. It is part of the Metasploit penetration testing framework, a popular tool used both by internal security teams and by malicious hackers.

To read this article in full or to leave a comment, please click here

Independent Krebs

February 8, 2017 admin

‘Top 10 Spammer’ Indicted for Wire Fraud

Michael A. Persaud, a California man profiled in a Nov. 2014 KrebsOnSecurity story about a junk email purveyor tagged as one of the World’s Top 10 Worst Spammers, was indicted this week on federal wire fraud charges tied to an alleged spamming operation.

ComputerWorld Independent

February 8, 2017 admin

IDG Contributor Network: Rapid7 demystifies penetration testing

In a surprisingly detailed 20+ page report titled “UNDER THE HOODIE: Actionable Research from Penetration Testing Engagements“, Rapid7 – provider of tools such as Metasploit and Nexpose – is sharing some very interesting insights into the choices being made by companies in their penetration testing and what the testers are uncovering. Released just moments ago, this research report provides details on:

how much organizations budget for pen testing engagements;
what information organizations are most interested in protecting, despite the recent uptick in online industrial espionage;
what percentage of sites are free of exploitable vulnerabilities;
the easiest ways for attackers to execute their attacks; and
how often pen tests successfully identify and exploit software vulnerabilities.

The statistics provided will likely help many companies refine or initiate their own penetration testing. The findings are based on 128 penetration tests that the company conducted in Q4 of 2016. They reveal many interesting details and some surprising details on testing choices such as:

To read this article in full or to leave a comment, please click here

ComputerWorld Independent

February 8, 2017 admin

'Invisible' memory-based malware hit over 140 banks, telecoms and government agencies

Cybercriminals have hit more than 40 countries with hidden malware that steals passwords and financial data. The malware is not found on hard drives as it hides in the memory of compromised computers, making it almost “invisible” as criminals exfiltrate system administrators’ credentials and other sensitive data. When a targeted machine is rebooted, nearly all traces of the malware disappear.

Over 140 enterprise networks – banks, government organizations and telecommunication companies – from 40 countries have been hit, according to Kaspersky Lab. The cybercriminals are using methods and sophisticated malware previously used by nation-state attackers.

To read this article in full or to leave a comment, please click here

ComputerWorld Independent

February 8, 2017 admin

At Dulles, a security awareness success story

When Kjell Magne Bondevik, the former prime minister of Norway, was temporarily detained upon arriving at Dulles International Airport on Jan. 31, international controversy ensued.

The controversy was purely political, and while I do not support the executive order stopping people from seven countries from entering the U.S., Bondevik’s detention had nothing to do with that issue. Instead, he was detained for additional questioning under a 2015 law that requires people who visited any of the seven countries in question to obtain a visa prior to entering the U.S., even if they are from a country that does not normally require a visa for entrance to the U.S. The law was put in place in the aftermath of the Paris attacks. Whether or not the law is just is not relevant to this discussion.

To read this article in full or to leave a comment, please click here