itwbennett writes: Cisco has published an advisory for a vulnerability with a CVSS (Common Vulnerability Scoring System) score of 10 that was discovered by researchers from Exodus Intelligence. According to the advisory, 'a vulnerability in the Internet Key Exchange (IKE) version 1 (v1) and IKE version 2 (v2) code of Cisco ASA Software could allow an unauthenticated, remote attacker to cause a reload of the affected system or to remotely execute code.' As CSO's Dave Lewis points out, 'the part of this that is most pressing is that Cisco claims that there are over a million of these deployed.'
itwbennett writes: Renting a set-top cable box from your ISP doesn't cost you much compared to your overall cable bill, but it adds up to billions for the ISPs. A 2015 survey commissioned by two U.S. senators found that 99 percent of pay TV subscribers rent set-top boxes. 'The set-top box rental market may be worth more than $19.5 billion per year, with the average American household spending more than $231 per year on set-top box rental fees,' wrote Sens. Edward J. Markey (D-Mass.) and Richard Blumenthals (D-Conn.) Enter a proposal by FCC Chairman Tom Wheeler 'to end the set-top box monopoly and let subscribers use whatever devices they wish to access paid programming,' writes Bill Snyder. A preliminary vote is set for next week.
itwbennett writes: In January attackers targeted an IRS Web application in an attempt to obtain E-file PINs corresponding to 464,000 previously stolen social security numbers (SSNs) and other taxpayer data. The automated bot was blocked by the IRS after obtaining 100,000 PINs. The IRS said in a statement Tuesday that the SSNs were not stolen from the agency and that the agency would be notifying affected taxpayers.
itwbennett writes: Cheating at the online card game Hearthstone (which is based on Blizzard's World of Warcraft) can get you banned from the game, but now it also puts you at risk of 'financial losses and system ruin,' writes CSO's Steve Ragan. Symantec is warning Hearthstone players about add-on tools and cheat scripts that are spiked with malware. 'In one example, Hearth Buddy, a tool that allows bots to play the game instead of a human player (which is supposed to help with rank earnings and gold earning) compromises the entire system,' says Ragan. 'Another example, are the dust and gold hacking tools (Hearthstone Hack Tool), which install malware that targets Bitcoin wallets.'
itwbennett writes: The U.S has been working since 2009 to improve the nation's cyber defenses, said Michael Daniel, special assistant to the President and cybersecurity coordinator, in a phone briefing with reporters Monday. But spending on cybersecurity is about to be ratcheted up. A plan being announced today by President Obama calls for a $3.1 billion fund to replace outdated IT infrastructure; a new position of federal chief information security officer; a commission to study cybersecurity problems, and a program to recruit cybersecurity experts into government roles.
itwbennett writes: On Friday, Oracle published a security advisory recommending that users delete all the Java installers they might have laying around on their computers and use new ones for versions 6u113, 7u97, 8u73 or later. The reason: Older versions of the Java installer were vulnerable to binary planting in the Downloads folder. 'Though considered relatively complex to exploit, this vulnerability may result, if successfully exploited, in a complete compromise of the unsuspecting user’s system,' said Eric Maurice, Oracle's software security assurance director, in a blog post.
itwbennett writes: Sysadmins, web developers, technical writers beware. Your jobs may be killing you. A new study from CareerCast determined the most stressful and least stressful jobs across industries. Of those, 8 technology jobs made the naughty list.
itwbennett writes: On Sunday, the name, title, email address, and phone number of more than 9,000 DHS employees, with titles ranging from engineers, to security specialists, program analysts, InfoSec and IT, all the way up to director level was posted on Twitter. 'The account went on to claim that an additional data dump focused on 20,000 FBI employees was next,' writes CSO's Steve Ragan. The hacker told Motherboard that the data was obtained by 'compromising the email account of a DoJ employee, although he would not elaborate on how that account was accessed in the first place.'
itwbennett writes: Neutrino is using passive OS fingerprinting to detect visiting Linux machines, according to Trustwave researchers who found that computers they were using for research couldn't make a connection with servers that delivered Neutrino. Daniel Chechik, senior security researcher at Trustwave's SpiderLabs division wrote that they tried changing IP addresses and Web browsers to avoid whatever was causing the Neutrino server to not respond, but it didn't work. But by fiddling with some data traffic that Trustwave's computers were sending to the Neutrino server, they figured out what was going on.
itwbennett writes: If you don't live in Chattanooga, Tenn., you probably aren't aware that the city's municipally owned electric utility, EPB, provides its broadband Internet — nice, fast Internet to boot. And, even if you did happen to know that, you probably don't care. But CIO's Bill Snyder explains why you should take note of AT&T's efforts to block the expansion of EPB's network on the grounds that 'the government should not compete with private enterprise.' At issue is more than a question of whether the greater Chattanooga area can have access to fast broadband because in all areas of the U.S. 'where big ISPs have the market to themselves, consumers often get stuck in the Web's slow lane,' says Snyder.
itwbennett writes: Some rogue do-gooder has 'gained access to some of the servers that cybercriminals use to distribute the Dridex Trojan and replaced it with an installer for Avira Free Antivirus,' writes Lucian Constantin. For those unfamiliar with Dridex, it is 'one of the three most widely used computer Trojans that target online banking users' — and it's resilient: In October, 2015, one month after its administrator was arrested, it was back in full swing.
itwbennett writes: In a lawsuit filed January 8, 2016, Enigma Software, maker of anti-malware software SpyHunter, accuses self-help portal Bleeping Computer of making 'false, disparaging, and defamatory statements.' At issue: a bad review posted by a user in September, 2014. The lawsuit also accuses Bleeping Computer of profiting from driving traffic to competitor Malwarebytes via affiliate links: 'Bleeping has a direct financial interest in driving traffic and sales to Malwarebytes and driving traffic and sales away from ESG.' Perhaps not helping matters, one of the first donations to a fund set up by Bleeping Computer to help with legal costs came from Malwarebytes.
itwbennett writes: Malwarebytes CEO Marcin Kleczynski said in a blog post on Monday that the company has fixed several server-side vulnerabilities that were found by Google security researcher Tavis Ormandy in November, but is still testing a new version of its Anti-Malware product to fix client-side problems. Until the problems are fixed, which could take 3 or 4 weeks, customers can implement a workaround: those using the premium version of Anti-Malware 'should enable self-protection under settings to mitigate all of the reported vulnerabilities,' Kleczynski wrote.
itwbennett writes: CrowdStrike's latest global threat report, which covers attacks by nation states, cybercriminals and hacktivists, finds that 'China is the biggest offender,' said Adam Meyers, vice president of intelligence at CrowdStrike. According to the report, the country is mostly focused on collecting intelligence that supports its economic system. China's next five-year plan is expected to be released in March, but some general information is available now and 'they're focusing on getting Western technology out,' said Meyers. Of particular interest: agricultural technologies, clean energy, high-speed railways, electric cars, computer chips, and defense technologies and operations.