Network management vulnerability exposes cable modems to hacking

Hundreds of thousands of internet gateway devices around the world, primarily residential cable modems, are vulnerable to hacking because of a serious weakness in their Simple Network Management Protocol implementation.

SNMP is used for automated network device identification, monitoring and remote configuration. It is supported and enabled by default in many devices, including servers, printers, networking hubs, switches and routers.

Independent researchers Ezequiel Fernandez and Bertin Bervis recently found a way to bypass SNMP authentication on 78 models of cable modems that ISPs from around the world have provided to their customers.

To read this article in full or to leave a comment, please click here


Source: Infoworld.com | Security

Annual Verizon security report says sloppiness causes most data breaches

Security threats are constantly evolving, but as Verizon’s latest DBIR (Data Breach Investigations Report) shows, the more things change in information security, the more they stay the same.

More than half (51 percent) of the data breaches analyzed in the report involved malware, 73 percent of the breaches were financially motivated, and 75 percent of security incidents were tracked back to outside actors. This year’s report found that email was the No. 1 malware delivery vector, compared to last year, when it was web drive-by-download attacks.

The DBIR data set, which includes 1,935 confirmed data breaches and 42,068 security incidents across 84 countries, is compiled from 65 sources, including Verizon’s own investigation team as well as the U.S. Secret Service and other law enforcement groups. The report distinguishes between data breaches, where data is confirmed to have been exposed to an unauthorized party, and security incidents, which are security events that compromised “the integrity, confidentiality, or availability” of data.

To read this article in full or to leave a comment, please click here


Source: Infoworld.com | Security

IDG Contributor Network: Book Review: Practical Packet Analysis: Using Wireshark to Solve Real-World Network Problems

The overall equation is pretty simple: If you want to understand network traffic, you really should install Wireshark. And, if you really want to use Wireshark effectively, you should consider this book. Already in its third edition, Practical Packet Analysis both explains how Wireshark works and provides expert guidance on how you can use the tool to solve real-world network problems.

Yes, there are other packet analyzers, but Wireshark is one of the best, works on Windows, Mac, and Linux, and is free and open source. And, yes, there are other books, but this one focuses both on understanding the tool and using it to address the kind of problems that you’re likely to encounter.

To read this article in full or to leave a comment, please click here


Source: Computerworld.com | Security

Ransomware attacks are taking a bigger toll on victims' wallets

Hackers spreading ransomware are getting greedier. In 2016, the average ransom demand to free computers hit with the infection rose to $1,077, up from $294 the year before, according to security firm Symantec.

“Attackers clearly think that there’s more to be squeezed from victims,” Symantec said in a Wednesday report

In addition, the security company has been detecting more ransomware infection attempts. In 2016, the figure jumped 36 percent compared with the prior year.  

To read this article in full or to leave a comment, please click here


Source: Computerworld.com | Security

Foiled! 15 tricks to hold off the hackers

Malicious hackers have outsize reputations. They are über-geniuses who can guess any password in seconds, hack any system, and cause widespread havoc across multiple, unrelated networks with a single keystroke—or so Hollywood says. Those of us who fight hackers every day know the good guys are usually far smarter. Hackers simply have to be persistent.

Each year, a few hackers do something truly new. But for the most part, hackers repeat the tried and true. It doesn’t take a supergenius to check for missing patches or craft a social engineering attack. Hacking by and large is tradework: Once you learn a few tricks and tools, the rest becomes routine. The truly inspired work is that of security defenders, those who successfully hack the hackers.

To read this article in full or to leave a comment, please click here


Source: Infoworld.com | Security

5 ways the U.S. is educating cybersecurity talent – and what’s still missing

It’s no secret that the world is facing a shortage of cybersecurity talent. The (ISC)² Center for Cyber Safety and Education’s 2017 Global Information Security Workforce study projects a deficit of over 1.8 million qualified cybersecurity professionals between now and 2022.

To read this article in full or to leave a comment, please click here

(Insider Story)
Source: Infoworld.com | Security

Old Windows Server machines can still fend off hacks. Here's how

If you’re running a Windows Server 2003 machine, you have a problem. Your already-vulnerable computer is now at severe risk of being hacked.

That’s due to the internet release earlier this month of a batch of updates that paint a bulls-eye on computers running Windows Server 2003, according to security researchers.

“I can teach my mom how to use some of these exploits,” said Jake Williams, founder of Rendition Infosec, a security provider. “They are not very complicated at all.”

To read this article in full or to leave a comment, please click here


Source: Infoworld.com | Security

Old Windows Server machines can still fend off hacks. Here's how

If you’re running a Windows Server 2003 machine, you have a problem. Your already-vulnerable computer is now at severe risk of being hacked.

That’s due to the internet release earlier this month of a batch of updates that paint a bull’s-eye on computers running Windows Server 2003, according to security researchers.

“I can teach my mom how to use some of these exploits,” said Jake Williams, founder of Rendition Infosec, a security provider. “They are not very complicated at all.”

Experts are urging affected businesses to upgrade to the latest Windows OSes, which offer security patches that can address the threat.

To read this article in full or to leave a comment, please click here


Source: Computerworld.com | Security

The 20 highest-paying markets for cybersecurity engineers

Big spenders

highest-paying markets for cyber security engineers

Image by Unsplash

IT security professionals are in high demand in most job markets, but some metropolitan areas are better than others when it comes to offering a top paycheck. Randstat recently released its annual IT salary study, which looked at the top 45 highest-paying markets in 27 states. Following are the top 20 markets for cybersecurity engineers, based on the medium salary reported.

To read this article in full or to leave a comment, please click here


Source: Infoworld.com | Security

How your company needs to train workers in cybersecurity

With workplace cyberattacks on the rise, industry experts are pressing businesses to train their workers to be more vigilant than ever to protect passwords and sensitive data and to recognize threats.

“It is imperative for organizations of all sizes to instill among employees the critical role they play in keeping their workplace safe and secure,” said Michael Kaiser, executive director of the National Cyber Security Alliance, a group that promotes education on the safe and secure use of the internet. The group’s members include such major technology companies as Cisco, Facebook, Google, Intel and Microsoft.

To read this article in full or to leave a comment, please click here


Source: Computerworld.com | Security

Predict – Prevent – Detect – Analyse – Respond | Cyber Security