Tag Archives: security product

[ISN] Report: Hack of government employee records discovered by product demo

http://arstechnica.com/security/2015/06/report-hack-of-government-employee-records-discovered-by-product-demo/ By Sean Gallagher Ars Technica June 11, 2015 As officials of the Obama administration announced that millions of sensitive records associated with current and past federal employees and contractors had been exposed by a long-running infiltration of the networks and systems of the Office of Personnel Management on June 4, they claimed the breach had been found during a government effort to correct problems with OPM’s security. An OPM statement on the attack said that the agency discovered the breach as it had “undertaken an aggressive effort to update its cybersecurity posture.” And a DHS spokesperson told Ars that “interagency partners” were helping the OPM improve its network monitoring “through which OPM detected new malicious activity affecting its information technology systems and data in April 2015.” Those statements may not be entirely accurate. According to a Wall Street Journal report, the breach was indeed discovered in April. But according to sources who spoke to the WSJ’s Damian Paletta and Siobhan Hughes, it was in fact discovered during a sales demonstration of a network forensics software package called CyFIR by its developer, CyTech Services. “CyTech, trying to show OPM how its cybersecurity product worked, ran a diagnostics study on OPM’s network and discovered malware was embedded on the network,” Paletta and Hughes reported. And, according to federal investigators, that malware may have been in place for over a year. US intelligence agencies have joined the investigation into the breach. But it’s still not even clear what data was accessed by the attackers. Meanwhile, the breach has triggered outrage from unions representing federal employees. In a letter to OPM Director Katherine Archuleta, American Federation of Government Employees president J. David Cox expressed displeasure at the way OPM had handled the breach, calling the 18 months of credit monitoring and $1 million liability insurance OPM is offering federal employees “entirely inadequate, either as compensation or protection from harm.” […]




Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] The Post-Sony World: Why A Defense Contractor Bought A Cybersecurity Firm For $1.9 Billion

https://www.fastcompany.com/3045271/welcome-to-the-post-sony-world-why-a-defense-contractor-bought-a-cybersecurity-firm-for-19-b By Neal Ungerleider Fast Company April 22, 2015 One of the worst-kept secrets in the cybersecurity world is out: Raytheon, one of the world’s biggest defense contractors, just spent a staggering $1.9 billion on a cybersecurity company called Websense. It’s one of the biggest tech deals so far this year. So why is a military firm best known for building missiles plopping down money for software and tech talent? The answer doesn’t have to do with cyberwar, but with the sweet, sweet cash of corporate America. Let’s explore what this means. Because of a number of high-profile hack attacks over the past two years—Target, Sony Pictures, and JPMorgan Chase, just to name a few out of an even larger number of publicized and covered-up breaches—corporate America is running scared. Fear of liability, fear of customer loss, and fear of stumbling stock prices and brand reputation mean that enterprise customers feel compelled to shell out big, big bucks for cybersecurity products. Corporate boards are, perhaps understandably, nervous. That global market, which analyst firm Gartner pegs at being worth approximately $76.9 billion in spending for 2015, is something Raytheon and its competitors want a big part of. The defense contractor has had enterprise-oriented cybersecurity products on the market for quite some time, but has only made limited market inroads. About 50% of Websense’s customers are overseas, which also gives Raytheon considerable pull outside their core market in America. […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] Security pros name their must-have tools

http://www.networkworld.com/article/2910248/security0/security-pros-name-their-must-have-tools.html By Ann Bednarz Network World April 16, 2015 Secure file sharing is imperative for Lawyers Without Borders, a group that works with volunteer lawyers to advance human rights law in conflict-ridden regions. The nonprofit organization, headquartered in Hartford, Conn., uses Intralinks VIA to protect confidential legal documents and court papers from unsanctioned access. The SaaS solution for content sharing and collaboration is a favorite of Christina Storm, executive director of Lawyers Without Borders (LWOB). The robustness of the product reassures LWOB’s multinational law firm partners that the group is meeting their security standards, Storm says, and it’s an important safeguard for lawyers in the field. “The product allows us to securely share documents and court papers. Intralinks VIA also permits us to revoke access to documents in the event the wrong people get ahold of them,” Storm says. “This can be a matter of life and death for lawyers doing pro bono work with clients in troubled countries who are battling human trafficking, terrorism and other human rights violations. The interception of sensitive documents by criminals or unfriendly governments can compromise the safety of in-country clients, and in some cases the attorneys with whom they work.” Storm shared LWOB’s experience with Intralinks VIA as part of Network World’s annual Fave Raves project, which asks IT pros to talk about their favorite enterprise tech products. This year, a number of IT pros chose enterprise security products as their favorites. […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] NSA staffers rake in Silicon Valley cash

http://thehill.com/policy/cybersecurity/233740-nsa-staffers-rake-in-silicon-valley-cash By Cory Bennett The Hill 02/24/15 Former employees of the National Security Agency are becoming a hot commodity in Silicon Valley amid the tech industry’s battle against government surveillance. Investors looking to ride the boom in cybersecurity are dangling big paydays in front of former NSA staffers, seeking to secure access to the insider knowledge they gained while working for the world’s most elite surveillance agency. With companies desperate to protect their networks against hackers, many tech executives say the best way to develop security products is to enlist the talents of people who have years of experience cracking through them. “The stories he could tell,” venture capitalist Ray Rothrock recalled about his meetings with a former NSA employee who founded the start-up Area 1 Security. “They come with a perspective that nobody in Silicon Valley has.” […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] About the infosec skills shortage

http://3vildata.tumblr.com/post/109188919632/about-the-infosec-skills-shortage By https://twitter.com/addelindh and https://twitter.com/0xtero http://3vildata.tumblr.com/ Jan 26th, 2015 Today I got into an argument on Twitter that started with me saying something sarcastic in reference to a recent statement by a vendor and ended with a discussion about the skills shortage in security. Twitter can be a difficult medium sometimes and I don’t really feel that I got my point across, so this is my attempt to correct that. Before I start I would like to point out that in no way do I think that this is the only reason there is a skills shortage in security, but that I do consider it a large contributing factor. In the beginning, there was firewalls Enterprise investment in security has traditionally been in products such as firewalls, anti-virus, IPS/IDS, and so on. Security products has in turn been marketed and sold as “solutions” rather than tools; heavily automated and not really much to work with. Because of this, they have been considered as infrastructure components rather than applications, you just install and configure them and then let them do their magic. Automation is great, until it isn’t The thing about buying automated solutions is that it removes the incentive to invest in knowledge of the problem the solution was supposed to solve. Why pay money so that someone can learn how to solve a problem that has already been solved, right? For an enterprise, this makes perfect sense, and for a while it worked. […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] Attend Cyber Security EXPO

http://www.infosecnews.org/event/cyber-security-expo/ October 8-9, 2014 Brand new for 2014, Cyber Security EXPO is the new place for everybody wanting to protect their organisation from the increasing commercial threat of cyber attacks Co-located with IP EXPO Europe, Cyber Security EXPO has been designed to provide CISOs and IT security staff the tools, new thinking and policies to meet the 21st century business cyber security challenge. At Cyber Security EXPO, discover how to build trust across the enterprise to securely manage disruptive technologies such as: * Cloud computing mobile * Bring your own device (BYOD) * Social media * Identity and access * Encryption * GRC * Analytics * Data The event delves into business issues beyond traditional enterprise security products, providing exclusive content on behaviour trends and business continuity. As well as providing the opportunity to meet top tier industry vendors you can hear presentations from the likes of Mikko Hypponen, Eugene Kaspersky and many more. Cyber Security EXPO will also host the first “Cyber Hack” a live open source security lab. In the lab, you’ll be able to share ideas with White Hat hackers, security gurus, Cyber Security EXPO speakers and fellow professionals. For more information or to register: http://bit.ly/1lBuUGi


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] Malware infections tripled in late 2013, Microsoft finds

http://www.computerworld.com/s/article/9248166/Malware_infections_tripled_in_late_2013_Microsoft_finds By Jeremy Kirk IDG News Service May 7, 2014 A three-fold increase in Microsoft Windows computers infected with malicious software in late 2013 came from an application that was for some time classified as harmless by security companies. The finding comes as part of Microsoft’s latest biannual Security Intelligence Report (SIR), released on Wednesday, which studies security issues encountered by more than 800 million computers using its security tools. In the third quarter of 2013, an average of 5.8 Windows computers out of every 1,000 were infected with malware, said Tim Rains, director of Microsoft’s Trustworthy Computing division, which tracks security trends targeting the company’s widely used products. That jumped to about 17 computers per 1,000 for the last quarter of the year. Rains attributed the rise to malware called “Rotbrow.” The program masquerades as a browser add-on called “Browser Protector” and is supposedly a security product, Rains said by phone Wednesday. Rotbrow was found on about 59 of every 1,000 computers using its security products, he said. […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] TDL4 rootkit can be modified to pwn any security product, Bromium researchers discover

http://news.techworld.com/security/3513668/tdl4-rootkit-can-be-modified-pwn-any-security-product-bromium-researchers-discover/ By John E Dunn Techworld 28 April 2014 Kernel mode rootkits are more viable than has been realised and could be used to bypass more or less any security product in existence, researchers at Bromium have discovered after conducting a proof-of-concept attack using a modified variant of in the infamous TDL4 malware. Due to be presented in more detail by the firm at this week’s Security BSides event in London, the research involved ‘tweaking’ the TDL4 variant that had appeared to take advantage of the Windows kernel privilege zero day (CVE-2013-3660), discovered in June last year. With a new payload, what this created was something lethal enough to overcome a variety of security layers the team tested against it such as antivirus, sandboxes and intrusion prevention, making it a sort of “Swiss Army knife” attack hiding behind ring zero. “While many were aware of the discovery of the TDL4 rootkit rumoured to be using kernel exploit code at the end of last year, few paid it any serious attention. And that was a huge error of judgement,” said Bromium’s head of security, Rahul Kashyap. […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail