NEWS: NETWORK WORLD SECURITY
Setup News Ticker
   NEWS: NETWORK WORLD SECURITY
Network World Security
Dec 11, 2019

How to secure your domain name services
Follow these steps to protect your websites at the server and workstation.

Network World Security
Dec 09, 2019

What's hot for Cisco in 2020
As the industry gets ready to gear up for 2020 things have been a  little disquieting in networking land.

That's because some key players - Arista and Juniper in particular - have been reporting business slowdowns as new deals have been smaller than expected and cloud providers haven't been as free-spending as in the past.

[Get regularly scheduled insights by signing up for Network World newsletters.] Worldwide IT spending has been on the slow side, Gartner said in October that worldwide IT spending is projected to total $3.7 trillion in 2019, an increase of 0.4% from 2018, the lowest growth forecast so far in 2019. The good news: global IT spending is expected to rebound in 2020 with forecast growth of 3.7%, primarily due to enterprise software spending, Gartner stated.

To read this article in full, please click here



Network World Security
Dec 05, 2019

The VPN is dying, long live zero trust
The venerable VPN, which has for decades provided remote workers with a secure tunnel into the enterprise network, is facing extinction as enterprises migrate to a more agile, granular security framework called zero trust, which is better adapted to today's world of digital business.

VPNs are part of a security strategy based on the notion of a network perimeter; trusted employees are on the inside and untrusted employees are on the outside. But that model no longer works in a modern business environment where mobile employees access the network from a variety of inside or outside locations, and where corporate assets reside not behind the walls of an enterprise data center, but in multi-cloud environments.

To read this article in full, please click here



Network World Security
Dec 02, 2019

Welcome to Insider Pro's certifications and training center
Certifications show that you're committed to your job, have specific skills and are willing to up your game. Check out our online training courses and guides to top certifications -- all part of your Insider Pro subscription.

Network World Security
Dec 02, 2019

IT certifications and training center
Certifications show that you're committed to your job, have specific skills and are willing to up your game. Check out our online training courses and guides to top certifications -- all part of your Insider Pro subscription.

Network World Security
Nov 26, 2019

Has the quantum crypto break already happened?
Better quantum algorithms and a strange silence since last year from quantum computing researchers suggest that we are closer to breaking traditional encryption than most people believe.

Network World Security
Nov 20, 2019

IBM aims at hybrid cloud, enterprise security
IBM is taking aim at the challenging concept of securely locking-down company applications and data spread across multiple private and public clouds and on-premises locations.

IBM is addressing this challenge with its Cloud Pak for Security, which features open-source technology for hunting threats, automation capabilities to speed response to cyberattacks, and the ability integrate customers' existing point-product security-system information for better operational safekeeping - all under one roof.

[ Learn how server disaggregation can boost data center efficiency and how Windows Server 2019 embraces hyperconverged data centers . | Get regularly scheduled insights by signing up for Network World newsletters. ] IBM Cloud Paks are bundles of Red Hat's Kubernetes-based OpenShift Container Platform along with Red Hat Linux and a variety of connecting technologies to let enterprise customers deploy and manage containers on their choice of infrastructure, be it private or public clouds, including AWS, Microsoft Azure, Google Cloud Platform, Alibaba and IBM Cloud.

To read this article in full, please click here



Network World Security
Nov 20, 2019

How make a Windows disaster recovery kit
Make your own disaster checklist and recovery toolkit before trouble happens.

Network World Security
Nov 18, 2019

Fortinet CEO: Network and security technologies give rise to security-driven networking
The network and security industries both continue to evolve at a rate never seen before.  Historically, security and network operation teams have worked in parallel with one another, sometimes being at odds with each other's goals.

However, that is changing as businesses rely on their networks to operate. It's fair to say that today, for many companies, the network is the business. As this happens, network and security technologies need to be more closely aligned giving rise to the concept of security-driven networking.

[Get regularly scheduled insights by signing up for Network World newsletters.] In this post, ZK Research had a chance to sit down with the co-founder and CEO of Fortinet Ken Xie to discuss the future of networking and security. 

To read this article in full, please click here



Network World Security
Nov 15, 2019

IoT in 2020: The awkward teenage years
Much of the hyperbole around the Internet of Things isn't really hyperbole anymore - the instrumentation of everything from cars to combine harvesters to factories is just a fact of life these days. IoT's here to stay.

Yet despite the explosive growth - one widely cited prediction from Gartner says that the number of enterprise and automotive IoT endpoints will reach 5.8 billion in 2020 - the IoT market's ability to address its known flaws and complications has progressed at a far more pedestrian pace. That means ongoing security woes and a lack of complete solutions are most of what can be safely predicted for the coming year.

To read this article in full, please click here



Network World Security
Nov 14, 2019

Balancing patient security with healthcare innovation | TECH(talk)
Healthcare organizations are one of the most targeted verticals when it comes to cyberattacks. While those organizations must work to secure patients' sensitive data, it can also be helpful to analyze that data to improve patient outcomes. Jason James, CIO of Net Health, joins Juliet to discuss why attackers target healthcare organizations, Google's Project Nightingale and what it means for a tech giant to have access to the medical data of millions of people.

Network World Security
Nov 13, 2019

Red Hat Responds to Zombieload v2
Three Common Vulnerabilities and Exposures (CVEs) opened yesterday track three flaws in certain Intel processors, which, if exploited, can put sensitive data at risk.

Of the flaws reported, the newly discovered Intel processor flaw is a variant of the Zombieload attack discovered earlier this year and is only known to affect Intel's Cascade Lake chips.

[Get regularly scheduled insights by signing up for Network World newsletters.] Red Hat strongly suggests that all Red Hat systems be updated even if they do not believe their configuration poses a direct threat, and it is providing resources to their customers and to the enterprise IT community.

To read this article in full, please click here



Network World Security
Nov 13, 2019

Get 70% off NordVPN Virtual Private Network Service 3 months free - Deal Alert
Safeguard yourself against snoops, and access blocked content with this no-log VPN service. NordVPN has discounted their popular VPN software 70%, with 3 extra months on top. Use our link and see the discount applied when you click "buy now".

Network World Security
Nov 12, 2019

SASE is more than a buzzword for BioIVT
It seems the latest buzzword coming from those analysts at Gartner is SASE (pronounced "sassy"), which stands for "Secure Access Service Edge." Network World has published several articles recently to explain what SASE is (and perhaps isn't). See Matt Conran's The evolution to Secure Access Service Edge (SASE) is being driven by necessity as well as Zeus Kerravala's article How SD-WAN is evolving into Secure Access Service Edge.

To read this article in full, please click here



Network World Security
Nov 07, 2019

How to harden web browsers against cyberattacks
Use these techniques to limit attackers' ability to compromise systems and websites.

Network World Security
Nov 07, 2019

Printers: The overlooked security threat in your enterprise | TECHtalk
Printers, often a forgotten target in the enterprise, are vulnerable to all the usual cyberattacks. Watch as IDG TECH(talk) hosts Ken Mingis and Juliet Beauchamp and CSO Online's J.M. Porup discuss the threats to these devices, plus how to secure them and protect your network.

Network World Security
Nov 06, 2019

Cisco Meraki ups security with new switch, software
Cisco Meraki has introduced new hardware and software the company says will help customers more effectively support and secure a wide variety of distributed network resources.

The new products, which include a raft of new security features as well a new class of switches and a cellular gateway will help Meraki address customers who perhaps don't have the IT expertise nor staffing to support the increasing number of devices that need to be managed, said Lawrence Huang, vice president of product management at Cisco Meraki.

Network pros react to new Cisco certification curriculum "Threat vectors are evolving and the way customers need to protect themselves need to evolve as well - how customers support applications and IoT devices exemplify the idea its not just one perimeter that needs protecting but a collection of micorperimenters," Huang said.

To read this article in full, please click here



Network World Security
Nov 05, 2019

Boeing's insecure networks threaten security and safety
Aircraft manufacturer Boeing's insecure networks leave the company--and potentially its aircraft--at risk of exploitation. Security researcher Chris Kubecka uncovered these threats in April, and new reporting by CSO's J.M. Porup reveals little has been done to patch these vulnerabilities. They both join Juliet to discuss how Kubecka discovered this information and what it means for national security and passenger safety.

Network World Security
Nov 05, 2019

Boeing's unsecure networks threaten security and safety
Aircraft manufacturer Boeing's unsecure networks leave the company--and potentially its aircraft--at risk of exploitation. Security researcher Chris Kubecka uncovered these threats in April, and new reporting by CSO's J.M. Porup reveals little has been done to patch these vulnerabilities. They both join Juliet to discuss how Kubecka discovered this information and what it means for national security and passenger safety.

Network World Security
Nov 05, 2019

VMware amps security with in-house, Carbon Black technology
VMware is moving quickly to meld its recently purchased Carbon Black technology across its product lines with an eye toward helping users protect their distributed enterprises.

VMware just closed the $2.1 billion buy of cloud-native endpoint-security vendor Carbon Black in October and in the process created a new security business unit that will target cybersecurity and analytics to protect networked enterprise resources.

More about edge networking

To read this article in full, please click here



Network World Security
Nov 04, 2019

A VPN service that gets around the Great Firewall of China legally
The saying goes that China is the world's factory. For many companies around the world, their products or components of their products are produced in mainland China. At the same time, China's population of more than a billion people makes it one of the world's largest consumer markets. Thus, for either production or sales, many companies want to do business in China and have established facilities there.

On the networking front, this means that multinational companies need to extend their wide area network into China to support their large or rapidly growing operations—and that's easier said than done.

[Get regularly scheduled insights by signing up for Network World newsletters.] Many organizations had done this using VPNs, but in early 2018, the Chinese government placed restrictions on IPsec traffic to basically block it from going in and out of the country. The Ministry of Industry and Information Technology (MIIT) said these restrictions are in accordance with the China Cross-border Data Telecommunications Industry Alliance (CDTIA), which was created to regulate cross-border data communication.

To read this article in full, please click here



Network World Security
Nov 04, 2019

An SD-WAN service that gets around the Great Firewall of China legally
The saying goes that China is the world's factory. For many companies around the world, their products or components of their products are produced in mainland China. At the same time, China's population of more than a billion people makes it one of the world's largest consumer markets. Thus, for either production or sales, many companies want to do business in China and have established facilities there.

On the networking front, this means that multinational companies need to extend their wide area network into China to support their large or rapidly growing operations—and that's easier said than done.

[Get regularly scheduled insights by signing up for Network World newsletters.] Many organizations had done this using VPNs, but in early 2018, the Chinese government placed restrictions on IPsec traffic to basically block it from going in and out of the country. The Ministry of Industry and Information Technology (MIIT) said these restrictions are in accordance with the China Cross-border Data Telecommunications Industry Alliance (CDTIA), which was created to regulate cross-border data communication.

To read this article in full, please click here



Network World Security
Oct 30, 2019

IoT roundup: Carriers expand NB-IoT, Congress eyes IoT security …
A powerful IoT networking technology used by the major carriers continues to gain ground, Congress makes noise about training and a prominent researcher warns of security trouble ahead.

Network World Security
Oct 30, 2019

How to and why you should disable LLMNR with Windows Server
Link-Local Multicast Name Resolution could enable a man-in-the-middle attack, so it's best to disable the protocol when setting up Windows Server 2019.

Network World Security
Oct 28, 2019

How SD-WAN is evolving into Secure Access Service Edge
SASE, pronounced "sassy," stands for secure access service edge, and it's being positioned by Gartner as the next big thing in enterprise networking. The technology category, which Gartner and other network experts first introduced earlier this year, converges the WAN edge and network security into a cloud-based, as-a-service delivery model. According to Gartner, the convergence is driven by customer demands for simplicity, scalability, flexibility, low latency, and pervasive security.

SASE brings together security and networking A SASE implementation requires a comprehensive technology portfolio that only a few vendors can currently deliver. The technology is still in its infancy, with less than 1% adoption. There are a handful of existing SD-WAN providers, including Cato Networks, Juniper, Fortinet and Versa, that are expected to compete in the emerging SASE market. There will be other SD-WAN vendors jumping on this wagon, and the industry is likely to see another wave of startups. 

To read this article in full, please click here



Network World Security
Oct 28, 2019

IoT roundup: Carriers expand NB-IoT footprints, Congress eyes security bill, and 'IT asbestos' looms
The major U.S. mobile carriers are eager participants in the rise of IoT, and it's tough to argue that they don't have a major role to play - the ability to connect largely anywhere, coupled with the ability to handle high-throughput applications, means that cellular data can be an attractive option for the connectivity piece of an IoT deployment.

AT&T announced a deal with Vodafone last week to interconnect their respective narrow-band IoT networks across the Atlantic, mating AT&T's U.S. coverage with Vodafone's in western Europe. That means that businesses with NB-IoT deployments in those areas can use that single network to connect their entire implementation. Not to be outdone, Sprint announced that it, too, is rolling out NB-IoT on its Curiosity IoT platform. Sprint shared its plans during a panel discussion at Mobile World Congress in Los Angeles last week.

To read this article in full, please click here



Network World Security
Oct 28, 2019

IoT roundup: VMware, Nokia beef up their IoT
The major U.S. mobile carriers are eager participants in the rise of IoT, and it's tough to argue that they don't have a major role to play - the ability to connect largely anywhere, coupled with the ability to handle high-throughput applications, means that cellular data can be an attractive option for the connectivity piece of an IoT deployment.

AT&T announced a deal with Vodafone last week to interconnect their respective narrow-band IoT networks across the Atlantic, mating AT&T's U.S. coverage with Vodafone's in western Europe. That means that businesses with NB-IoT deployments in those areas can use that single network to connect their entire implementation. Not to be outdone, Sprint announced that it, too, is rolling out NB-IoT on its Curiosity IoT platform. Sprint shared its plans during a panel discussion at Mobile World Congress in Los Angeles last week.

To read this article in full, please click here



Network World Security
Oct 24, 2019

Gartner crystal ball: Looking beyond 2020 at the top IT-changing technologies
ORLANDO -  Forecasting long-range IT technology trends is a little herding cats - things can get a little crazy.

But Gartner analysts have specialized in looking forwardth, boasting an 80 percent  accuracy rate over the years, Daryl Plummer, distinguished vice president and Gartner Fellow told the IT crowd at this year's IT Symposium/XPO.  Some of those successful prediction have included the rise of automation, robotics, AI technology  and other ongoing trends.

Now see how AI can boost data-center availability and efficiency Like some of the other predictions Gartner has made at this event, this year's package of predictions for 2020 and beyond is heavily weighted toward the human side of technology rather than technology itself. 

To read this article in full, please click here



Network World Security
Oct 23, 2019

How to double-check permissions post migration from Windows 7
It pays to make sure all permissions in your Windows environment are correct after migrating from Windows 7 or Server 2008 R2. Here's how to check.

Network World Security
Oct 22, 2019

Cisco issues critical security warning for IOS XE REST API container
Cisco this week said it issued a software update to address a vulnerability in its Cisco REST API virtual service container for Cisco IOS XE software that scored a critical 10 out of 10 on the Common Vulnerability Scoring System (CVSS) system.

With the vulnerability an attacker could submit malicious HTTP requests to the targeted device and if successful, obtain the token-id of an authenticated user. This token-id could be used to bypass authentication and execute privileged actions through the interface of the REST API virtual service container on the affected Cisco IOS XE device, the company said.

To read this article in full, please click here



Network World Security
Oct 22, 2019

Your best defense against insider threats | TECH(talk)
When employees are your weakest link, companies must have programs in place to prevent them from accidentally or intentionally putting the organization at risk. Watch as TECHtalk hosts Ken Mingis and Juliet Beauchamp discuss various options with CSO's Lucian Constantin.

Network World Security
Oct 21, 2019

Train to be a certified cyber security professional for just $39
Cyber crime is responsible for a staggering amount of damage and chaos around the world. Want to be a part of the solution? Then train for a career in this demanding field with The A to Z Cyber Security and IT Certification Training Bundle.

This e-training bundle is perfect for anyone who has an interest in putting a stop to cyber crime. It includes twelve courses that'll introduce students to ethical hacking methods, show them how to test a network for weaknesses, and identify problems so they can be fixed prior to being exploited. It's fast, flexible, and you can even apply your training in preparation for several certification exams

To read this article in full, please click here



Network World Security
Oct 16, 2019

Microsoft's Windows, Office 365 advice for secure elections
Microsoft has issued guidance and offered resources to help election officials and candidate campaigns to better protect their Windows and Office 365 systems.

Network World Security
Oct 11, 2019

Can microsegmentation help IoT security?
The Internet of Things (IoT) promises some big benefits for organizations, such as greater insights about the performance of corporate assets and finished products, improved manufacturing processes, and better customer services. The nagging security issues related to IoT, unfortunately, remain a huge concern for companies and in some cases might be keeping them from moving forward with initiatives. One possible solution to at least some of the security risks of IoT is microsegmentation, a  concept in networking that experts say could help keep IoT environments under control.

To read this article in full, please click here

(Insider Story)

Network World Security
Oct 10, 2019

VMware builds security unit around Carbon Black tech
VMware has wrapped up its $2.1 billion buy of cloud-native endpoint-security vendor Carbon Black and in the process created a new security business unit that will target cybersecurity and analytics to protect networked enterprise resources.

When VMware announced the acquisition in August, its CEO Pat Gelsinger said he expected Carbon Black technology to be integrated across VMware's product families such as NSX networking software and vSphere, VMware's flagship virtualization platform. "Security is broken and fundamentally customers want a different answer in the security space. We think this move will be an opportunity for major disruption," he said. 

To read this article in full, please click here



Network World Security
Oct 08, 2019

Top enterprise VPN vulnerabilities
Don't assume VPNs are always safe. These popular enterprise VPNs all have known remote code execution vulnerabilities.

Network World Security
Oct 02, 2019

How to safely erase data under Windows
Bitlocker and self-encrypting hard drives can make it easier to erase data so that it cannot be recovered. This is how the "crypto-erase" method works.

Network World Security
Sep 30, 2019

IoT roundup: Security holes abound, GE Digital makes noise and more
This week, we look at IoT security holes -- both usual and unusual -- an IIoT player makes a move, and mergers and partnerships worth noting.

Network World Security
Sep 26, 2019

Cisco: 13 IOS, IOS XE security flaws you should patch now
Cisco this week warned its IOS and IOS XE customers of 13 vulnerabilities in the operating system software they should patch as soon as possible.

All of the vulnerabilities - revealed in the company's semiannual IOS and IOS XE Software Security Advisory Bundle - have a security impact rating (SIR) of "high". Successful exploitation of the vulnerabilities could allow an attacker to gain unauthorized access to, conduct a command injection attack on, or cause a denial of service (DoS) condition on an affected device, Cisco stated. 

"How to determine if Wi-Fi 6 is right for you" Two of the vulnerabilities affect both Cisco IOS Software and Cisco IOS XE Software. Two others affect Cisco IOS Software, and eight of the vulnerabilities affect Cisco IOS XE Software. The final one affects the Cisco IOx application environment. Cisco has confirmed that none of the vulnerabilities affect Cisco IOS XR Software or Cisco NX-OS Software.  Cisco has released software updates that address these problems.

To read this article in full, please click here



Network World Security
Sep 25, 2019

How to move users to the Outlook app with Intune
Microsoft is turning off basic authentication, so it's wise to move mobile users to the Outlook app to better protect them from attackers.

Network World Security
Sep 18, 2019

How to monitor Windows to prevent credential theft attacks
Attackers are now enabling WDigest credential caching to allow them to harvest credentials. Here's how to spot it.

Network World Security
Sep 17, 2019

All about U.S. tech antitrust investigations | TECH(feed)
Four large tech companies -- Apple, Amazon, Google and Facebook are under investigation in the U.S. for allegedly anticompetitive behavior. These antitrust investigations on both the federal and state levels are aimed at uncovering the practices these companies engage in to eliminate competition. In this episode of TECH(feed), Juliet discusses the House investigation into big tech and how Congress plans to investigate potential wrongdoing by these companies.

Network World Security
Sep 17, 2019

Review: Blue Hexagon may make you rethink perimeter security
This fully functional, fully trained cybersecurity tool is ready on day 1 to spot threats on whatever network it's charged with protecting.

Network World Security
Sep 13, 2019

Shining light on dark data, shadow IT and shadow IoT
What's lurking in the shadows of YOUR organization? What you don't know can hurt you. Insider Pro columnist Mike Elgan looks at how your business is at risk and offers six steps to minimize it.

Network World Security
Sep 11, 2019

To secure industrial IoT, use segmentation instead of firewalls
The internet of things (IoT) has been top of mind for network and security professionals for the better part of the past five years. This has been particularly true for the area of industrial IoT (IIoT). Connected industrial devices are nothing new, but most IT people aren't familiar with them because they have been managed by operational technology (OT) teams. More and more, though, business leaders want to bring OT and IT together to drive better insights from the combined data set.

While there are many advantages to merging IT and OT and having IIoT fall under IT ownership, it has a profound impact on the cybersecurity team because it introduces several new security threats. Each connected endpoint, if breached, creates a backdoor into the other systems.

To read this article in full, please click here



Network World Security
Sep 11, 2019

How to set up Microsoft Teams for security and compliance
These are the security and compliance decisions you need to make when deploying Microsoft Teams.

Network World Security
Sep 06, 2019

How the California Consumer Privacy Act (CCPA) will affect you and your business | TECH(talk)
The California Consumer Privacy Act (CCPA) is, in some ways, similar to Europe's GDPR. This rule, which goes into effect in 2020, gives individual users more ownership over their own data. Users can even refuse to allow companies to sell their online data. As the compliance deadline approaches, CSO Online contributor Maria Kolokov and senior editor Michael Nadeau discuss with Juliet how CCPA may shift business models, change online behavior and reveal where exactly our data has been. Some tech companies, like Google, are even trying to exempt themselves from regulation. Failure to adhere to the rule could be an "extinction level" event.

Network World Security
Sep 06, 2019

HPE's vision for the intelligent edge
It's not just speeds and feeds anymore, it's intelligent software, integrated security and automation that will drive the networks of the future.

That about sums up the networking areas that Keerti Melkote, HPE's President, Intelligent Edge, thinks are ripe for innovation in the next few years.He has a broad perspective because his role puts him in charge of the company's networking products, both wired and wireless.

Now see how AI can boost data-center availability and efficiency "On the wired side, we are seeing an evolution in terms of manageability," said Melkote, who founded Aruba, now part of HPE. "I think the last couple of decades of wired networking have been about faster connectivity. How do you go from a 10G to 100G Ethernet inside data centers? That will continue, but the bigger picture that we're beginning to see is really around automation." 

To read this article in full, please click here



Network World Security
Sep 05, 2019

FTC fines YouTube, but do fines really encourage change? | TECH(feed)
The FTC hit yet another tech company with a seemingly massive fine for mishandling user data. This time, YouTube, owned by Google, is forced to pay $170 million for collecting data about children under 13 without parental consent. The Federal Trade Commission slapped Facebook with a $5 billion fine just a few months ago. In this episode of TECH(feed), Juliet asks whether or not these fines are effective in regulating the tech industry.

Network World Security
Sep 05, 2019

Exploit found in Supermicro motherboards could allow for remote hijacking
A security group discovered a vulnerability in three models of Supermicro motherboards that could allow an attacker to remotely commandeer the server. Fortunately, a fix is already available.

Eclypsium, which specializes in firmware security, announced in its blog that it had found a set of flaws in the baseboard management controller (BMC) for three different models of Supermicro server boards: the X9, X10, and X11.

[ Also see: What to consider when deploying a next-generation firewall | Get regularly scheduled insights: Sign up for Network World newsletters ] BMCs are designed to permit administrators remote access to the computer so they can do maintenance and other updates, such as firmware and operating system patches. It's meant to be a secure port into the computer while at the same time walled off from the rest of the server.

To read this article in full, please click here



Network World Security
Sep 05, 2019

Flaw found in Supermicro motherboards could allow for remote hijacking
A security group discovered a vulnerability in three models of Supermicro motherboards that could allow an attacker to remotely commandeer the server. Fortunately, a fix is already available.

Eclypsium, which specializes in firmware security, announced in its blog that it had found a set of flaws in the baseboard management controller (BMC) for three different models of Supermicro server boards: the X9, X10, and X11.

[ Also see: What to consider when deploying a next-generation firewall | Get regularly scheduled insights: Sign up for Network World newsletters ] BMCs are designed to permit administrators remote access to the computer so they can do maintenance and other updates, such as firmware and operating system patches. It's meant to be a secure port into the computer while at the same time walled off from the rest of the server.

To read this article in full, please click here



Network World Security
Sep 04, 2019

How to disable basic or legacy authentication to set up MFA in Office 365
Microsoft recommends setting up multi-factor authentication in Windows 10 for better security, but you have to disable basic or legacy authentication first.

Network World Security
Sep 03, 2019

IoT security essentials: Physical, network, software
Even in the planning stages of a deployment, IoT security is one of the chief stumbling blocks to successful adoption of the technology.

And while the problem is vastly complicated, there are three key angles to think about when laying out how IoT sensors will be deployed in any given setup: How secure are the device themselves, how many are there and can they receive security patches.

Physical access Physical access is an important but, generally, straightforward consideration for traditional IT security. Data centers can be carefully secured, and routers and switches are often located in places where they're either difficult to fiddle with discreetly or difficult to access in the first place.

To read this article in full, please click here



Network World Security
Aug 29, 2019

3 leading network access control products reviewed
Real IT users evaluate network access control solutions: Cisco Identity Services Engine, Aruba ClearPass and ForeScout CounterACT. (Download the 27-page comparison.)

Network World Security
Aug 28, 2019

What is phishing? Learn how this attack works
Phishing is a method of trying to gather personal information using deceptive e-mails and websites. Here's what you need to know about this increasingly sophisticated form of cyberattack.

Network World Security
Aug 26, 2019

Top 5 IoT networking security mistakes
Even though Brother International is a supplier of many  IT products, from machine tools to head-mounted displays to industrial sewing machines, it's best known for printers. And in today's world, those printers are no longer stand-alone devices, but components of the internet of things.

That's why I was interested in this list from Robert Burnett, Brother's director, B2B product & solution - basically, the company's point man for large customer implementations. Not surprisingly, Burnett focuses on IoT security mistakes related to printers and also shares Brother's recommendations for dealing with the top five.

To read this article in full, please click here



Network World Security
Aug 23, 2019

VMware spends $4.8B to grab Pivotal, Carbon Black to secure, develop integrated cloud world
All things cloud are major topics of conversation at the VMworld user conference next week, ratcheded up a notch by VMware's $4.8 billion plans to acquire cloud development firm Pivotal and security provider Carbon Black.

VMware said during its quarterly financial call this week it would spend about $2.7 billion on Pivotal and its Cloud Foundry hybrid cloud development technology, and about $2.1 billion for the security technology of Carbon Black, which includes its Predictive Security Cloud and other endpoint-security software.  Both amounts represent the enterprise value of the deals the actual purchase prices will vary, experts said.

To read this article in full, please click here



Network World Security
Aug 22, 2019

VMware spends $4.2B to grab Pivotal, Carbon Black to secure, develop integrated cloud world
All things cloud are certain to be major topics next week at the VMworld user conference, but VMware took things up a notch with plans to spend $4.2 billion to acquire cloud-development firm Pivotal, and security provider Carbon Black.

During its quarterly financial call VMware said it would spend about $2.7 billion on Pivotal and its Cloud Foundry hybrid cloud development technology and another $2.1 billion for Carbon Black, which includes its Predictive Security Cloud offering and other endpoint-security software.

[ Check out What is hybrid cloud computing and learn what you need to know about multi-cloud. | Get regularly scheduled insights by signing up for Network World newsletters. ] VMware had deep relationships with both companies. Carbon Black technology is part of VMware's AppDefense end point security product. Pivotal has a deeper relationship in that VMware and Dell, VMware's parent company spun out Pivotal in 2013.

To read this article in full, please click here



Network World Security
Aug 22, 2019

Texas ransomware attacks: to pay or not to pay? | TECH(feed)
Nearly two dozen cities in Texas have been hit by a ransomware attack executed by a single threat actor. These attacks beg the question: Is it ever worth it to pay a cyber attacker's ransom? In this episode of TECH(feed), Juliet discusses the pattern of ransomware attacks on local governments, how municipalities have responded and how to prevent a ransomware attack in the first place.

Network World Security
Aug 22, 2019

Don't worry about shadow IT. Shadow IoT is much worse.
For years, IT departments have been railing about the dangers of shadow IT and bring-your-own-device. The worry is that these unauthorized practices bring risks to corporate systems, introducing new vulnerabilities and increasing the attack surface.

That may be true, but it's not the whole story. As I've long argued, shadow IT may increase risks, but it can also cut costs, boost productivity and speed innovation. That's why users are often so eager to circumvent what they see as slow and conservative IT departments by adopting increasingly powerful and affordable consumer and cloud-based alternatives, with or without the blessing of the powers that be. Just as important, there's plenty of evidence of that enlightened IT departments should work to leverage those new approaches to serve their internal customers in a more agile manner.

To read this article in full, please click here



Network World Security
Aug 21, 2019

Cisco: 6 critical security alarms for UCS software, small-biz routers
Cisco today warned its Unified Computing System (UCS) customers about four critical fixes they need to make to stop nefarious agents from taking over or attacking their systems.The problems all have a severity rating of 9.8 out of 10 on the Common Vulnerability Scoring System (CVSS).

The critical bugs are found in the Cisco UCS Director and UCS Director Express for Big Data packages.

To read this article in full, please click here



Network World Security
Aug 21, 2019

How to avoid using RDP in Windows
Several new vulnerability disclosures in Windows Remote Desktop Protocol suggest it's time to stop using it. Here's how.

Network World Security
Aug 16, 2019

Get ready for the convergence of IT and OT networking and security
Most IT networking professionals are so busy with their day-to-day responsibilities that they don't have time to consider taking on more work. But for companies with an industrial component, there's an elephant in the room that is clamoring for attention. I'm talking about the increasingly common convergence of IT and operational technology (OT) networking and security.

Traditionally, IT and OT have had very separate roles in an organization. IT is typically tasked with moving data between computers and humans, whereas OT is tasked with moving data between "things," such as sensors, actuators, smart machines, and other devices to enhance manufacturing and industrial processes. Not only were the roles for IT and OT completely separate, but their technologies and networks were, too.

To read this article in full, please click here



Network World Security
Aug 12, 2019

How SD-Branch addresses today's network security concerns
Secure software-defined WAN (SD-WAN) has become one of the hottest new technologies, with some reports claiming that 85% of companies are actively considering SD-WAN to improve cloud-based application performance, replace expensive and inflexible fixed WAN connections, and increase security.

But now the industry is shifting to software-defined branch (SD-Branch), which is broader than SD-WAN but introduced several new things for organizations to consider, including better security for new digital technologies. To understand what's required in this new solution set, I recently sat down with John Maddison, Fortinet's executive vice president of products and solutions.

To read this article in full, please click here



Network World Security
Aug 07, 2019

How to set up Edge Chromium security options
Edge Chromium can provide more protection for organizations that use older versions of Windows.

Network World Security
Aug 06, 2019

Microsoft finds Russia-backed attacks that exploit IoT devices
The STRONTIUM hacking group, which has been strongly linked by security researchers to Russia's GRU military intelligence agency, was responsible for an IoT-based attack on unnamed Microsoft customers, according to the company. a blog post from the company's security response center issued Monday.

Microsoft said in a blog that the attack, which it discovered in April, targeted three specific IoT devices - a VoIP phone, a video decoder and a printer (the company declined to specify the brands) - and used them to gain access to unspecified corporate networks. Two of the devices were compromised because nobody had changed the manufacturer's default password, and the other one hadn't had the latest security patch applied.

To read this article in full, please click here



Network World Security
Aug 05, 2019

Is your enterprise software committing security malpractice?
Back when this blog was dedicated to all things Microsoft I routinely railed against the spying aspects of Windows 10. Well, apparently that's nothing compared to what enterprise security, analytics, and hardware management tools are doing.

An analytics firm called ExtraHop examined the networks of its customers and found that their security and analytic software was quietly uploading information to servers outside of the customer's network. The company issued a report and warning last week.

ExtraHop deliberately chose not to name names in its four examples of enterprise security tools that were sending out data without warning the customer or user. A spokesperson for the company told me via email, "ExtraHop wants the focus of the report to be the trend, which we have observed on multiple occasions and find alarming. Focusing on a specific group would detract from the broader point that this important issue requires more attention from enterprises."

To read this article in full, please click here



Network World Security
Aug 01, 2019

Black Hat 2019 and DEF CON 27: What to expect at hacker summer camp | TECH(talk)
Every year, thousands of hackers arrive in Las Vegas for three large security conferences -- DEF CON, Black Hat and Bsides Las Vegas -- taking place from Monday through Sunday next week. CSO Online's J.M. Porup chats with Juliet about what to expect at the conferences' sessions and what he's looking forward to.

Network World Security
Aug 01, 2019

Cisco pays $8.6M to settle security-software whistleblower lawsuit
Cisco has agreed to pay $8.6 million to settle claims it sold video security software that had a vulnerability that could have opened federal, state and local government agencies to hackers.

Under terms of the settlement Cisco will pay $2.6 million to the federal government and up to $6 million to 15 states, certain cities and other entities that purchased the product. The states that settled with Cisco are California, Delaware, Florida, Hawaii, Illinois, Indiana, Minnesota, Nevada, New Jersey, New Mexico, New York, North Carolina, Tennessee, Massachusetts and Virginia.

RELATED: A conversation with a white hat hacker According to Cisco, the software, which was sold between 2008 and 2014 was created by Broadware, a company Cisco bought in 2007 for its surveillance video technology and ultimately named it Video Surveillance Manager.

To read this article in full, please click here



Network World Security
Jul 31, 2019

The latest large-scale data breach: Capital One | TECH(feed)
Just a few days after Equifax settled with the FTC over its 2017 data breach, Capital One announced it was the target of a March attack. Identifying information and bank account numbers are among some of the data breached in the attack that affects 100 million people. A software engineer is behind the attack and is awaiting a hearing. In this episode of TECH(feed), Juliet discusses the consequences of the attack and how to find out if you've been affected.

Network World Security
Jul 31, 2019

Remote code execution is possible by exploiting flaws in Vxworks
Eleven zero-day vulnerabilities in WindRiver's VxWorks, a real-time operating system in use across an advertised 2 billion connected devices have been discovered by network security vendor Armis.

Six of the vulnerabilities could enable remote attackers to access unpatched systems without any user interaction, even through a firewall according to Armis.

About IoT:

What is the IoT? How the internet of things works What is edge computing and how it's changing the network Most powerful Internet of Things companies 10 Hot IoT startups to watch The 6 ways to make money in IoT What is digital twin technology? [and why it matters] Blockchain, service-centric networking key to IoT success Getting grounded in IoT networking and security

Network World Security
Jul 31, 2019

How an attacker can target phishing attacks
There are a number of ways attackers can exploit public information about your organization's employees. CSO Online's Susan Bradley walks through how an attacker can gain access to your organization's Office 365 accounts and how you can protect your enterprise from these potential attacks.

Network World Security
Jul 30, 2019

The role of next-gen firewalls in an evolving security architecture
As the commercial enterprise firewall approaches its 30th birthday, it is hard to overstate how dramatically the product has evolved. This 2,700-word research report looks the current state of next-generation firewall technology.

Network World Security
Jul 24, 2019

Reports: As the IoT grows, so do its threats to DNS
The internet of things is shaping up to be a more significant threat to the Domain Name System through larger IoT botnets, unintentional adverse effects of IoT-software updates and the continuing development of bot-herding software.

The Internet Corporation for Assigned Names and Numbers (ICANN) and IBM's X-Force security researchers have recently issued reports outlining the interplay between DNS and IoT that includes warnings about the pressure IoT botnets will put on the availability of DNS systems.

More about DNS:

DNS in the cloud: Why and why not DNS over HTTPS seeks to make internet use more private How to protect your infrastructure from DNS cache poisoning ICANN housecleaning revokes old DNS security key ICANN's Security and Stability Advisory Committee (SSAC) wrote in a report that "a significant number of IoT devices will likely be IP enabled and will use the DNS to locate the remote services they require to perform their functions. As a result, the DNS will continue to play the same crucial role for the IoT that it has for traditional applications that enable human users to interact with services and content," ICANN stated. "The  role of  the  DNS  might  become  even  more  crucial  from  a  security  and  stability perspective with IoT devices interacting with peo

Network World Security
Jul 24, 2019

When it comes to the IoT, Wi-Fi has the best security
When it comes to connecting internet of things (IoT) devices, there is a wide variety of networks to choose from, each with its own set of capabilities, advantages and disadvantages, and ideal use cases. Good ol' Wi-Fi is often seen as a default networking choice, available in many places, but of limited range and not particularly suited for IoT implementations.

According to Aerohive Networks, however, Wi-Fi is "evolving to help IT address security complexities and challenges associated with IoT devices." Aerohive sells cloud-managed networking solutions and was acquired recently by software-defined networking company Extreme Networks for some $272 million. And Aerohive's director of product marketing, Mathew Edwards, told me via email that Wi-Fi brings a number of security advantages compared to other IoT networking choices.

To read this article in full, please click here



Network World Security
Jul 24, 2019

How to set up Azure AD to spot risky users
You have several options to set up alerts in Azure Active Directory to help spot risky user behavior.

Network World Security
Jul 19, 2019

What is the dark web? And what will you find there?
The dark web may sound ominous, but it's really a catch-all term for the part of the internet that isn't indexed by search engines. Stay tuned for a guided tour of the web's less mainstream regions.

Network World Security
Jul 18, 2019

Worst DNS attacks and how to mitigate them
The Domain Name System remains under constant attack, and there seems to be no end in sight as threats grow increasingly sophisticated.

DNS, known as the internet's phonebook, is part of the global internet infrastructure that translates between familiar names and the numbers computers need to access a website or send an email. While DNS has long been the target of assailants looking to steal all manner of corporate and private information, the threats in the past year or so indicate a worsening of the situation.

To read this article in full, please click here



Network World Security
Jul 17, 2019

How to manage Microsoft Windows BitLocker
Use these techniques to inventory your network to determine which devices have BitLocker.

Network World Security
Jul 16, 2019

What the FTC's $5 billion fine really means for Facebook | TECH(feed)
Last week, the Federal Trade Commission hit Facebook with a $5 billion fine for mishandling user data. The fine comes after the FTC's investigation following the Cambridge Analytica scandal. On this episode of TECH(feed), Juliet discusses the implications of this fine -- and how Facebook may (or may not) change its practices.

Network World Security
Jul 11, 2019

How to set up Microsoft Cloud App Security
This new add-on will let you set up alerts about suspicious sign-on activity for Office 365 and other cloud apps.

Network World Security
Jul 01, 2019

Tempered Networks simplifies secure network connectivity and microsegmentation
The TCP/IP protocol is the foundation of the internet and pretty much every single network out there. The protocol was designed 45 years ago and was originally only created for connectivity. There's nothing in the protocol for security, mobility, or trusted authentication.

The fundamental problem with TCP/IP is that the IP address within the protocol represents both the device location and the device identity on a network. This dual functionality of the address lacks the basic mechanisms for security and mobility of devices on a network.

This is one of the reasons networks are so complicated today. To connect to things on a network or over the internet, you need VPNs, firewalls, routers, cell modems, etc. and you have all the configurations that come with ACLs, VLANs, certificates, and so on. The nightmare grows exponentially when you factor in internet of things (IoT) device connectivity and security. It's all unsustainable at scale.

To read this article in full, please click here



Network World Security
Jun 28, 2019

Cisco sounds warning on 3 critical security patches for DNA Center
Cisco issued three "critical" security warnings for its DNA Center users - two having a Common Vulnerability Scoring System rating of 9.8 out of 10.

The two worst problems involve Cisco Data Center Network Manager (DCNM).  Cisco DNA Center controls access through policies using Software-Defined Access, automatically provision through Cisco DNA Automation, virtualize devices through Cisco Network Functions Virtualization (NFV), and lower security risks through segmentation and Encrypted Traffic Analysis.

More about SD-WAN

How to buy SD-WAN technology: Key questions to consider when selecting a supplier How to pick an off-site data-backup method SD-Branch: What it is and why you'll need it What are the options for security SD-WAN? In one advisory Cisco said a vulnerability in the web-based management interface of DCNM could let an attacker obtain a valid session cookie without knowing the administrative user password by sending a specially crafted HTTP request to a specific web servlet that is available on affected devices. The vulnerability is due to improper session management on affected DCNM software.



Network World Security
Jun 26, 2019

How updates to MongoDB work to prevent data breaches | TECH(talk)
CSO senior writer Lucian Constantin and Computerworld Executive Editor Ken Mingis talk database security and how MongoDB's new field-level encryption takes security to the next level.

Network World Security
Jun 26, 2019

Oracle does-in Dyn, resets DNS services to cloud
Some may call it a normal, even boring course of vendor business operations but others find it a pain the rump or worse.

That about sums up the reaction to news this week that Oracle will end its Dyn Domain Name System enterprise services by 2020 and try to get customers to move to DNS services provided through Oracle Cloud.

More about DNS:

DNS in the cloud: Why and why not DNS over HTTPS seeks to make internet use more private How to protect your infrastructure from DNS cache poisoning ICANN housecleaning revokes old DNS security key Oracle said that since its acquisition of Dyn in 2016 and the ensuing acquisition of Zenedge, its engineering teams have been working to integrate Dyn's products and services into the Oracle Cloud Infrastructure platform. "Enterprises can now leverage the best-in-class DNS, web application security, and email delivery services within Oracle Cloud Infrastructure and enhance their applications with a comprehensive platform to build, scale, and operate their cloud infrastructure," according to

Network World Security
Jun 26, 2019

Tracking down library injections on Linux
While not nearly commonly seen on Linux systems, library (shared object files on Linux) injections are still a serious threat. On interviewing Jaime Blasco from AT&T's Alien Labs, I've become more aware of how easily some of these attacks are conducted.

In this post, I'll cover one method of attack and some ways that it can be detected. I'll also provide some links that will provide more details on both attack methods and detection tools. First, a little background.

[ Two-Minute Linux Tips: Learn how to master a host of Linux commands in these 2-minute video tutorials ] Shared library vulnerability Both DLL and .so files are shared library files that allow code (and sometimes data) to be shared by various processes. Commonly used code might be put into one of these files so that it can be reused rather than rewritten many times over for each process that requires it. This also facilitates management of commonly used code.

To read this article in full, please click here



Network World Security
Jun 25, 2019

7 steps to enhance IoT security
One of the biggest concerns with the Internet of Things (IoT) is making sure networks, data, and devices are secure. IoT-related security incidents have already occurred, and the worries among IT, security and networking managers that similar events will take place are justified.

"In all but the most restrictive environments, you're going to have IoT devices in your midst," says Jason Taule, vice president of standards and CISO at security standards and assurance company HITRUST. "The question then isn't if, but how you are going to allow such devices to connect to and interact with your networks, systems and data."

To read this article in full, please click here



Network World Security
Jun 18, 2019

How the Huawei ban could become a security threat | TECH(feed)
We've already talked about how the Huawei ban may affect business, but how will it affect security? Google has already warned of security threats should the company be unable to send updates to Huawei's Android-powered devices. And even if Huawei responds with its own OS, will people trust it? In this episode of TECH(feed), Juliet discusses those security implications and what some people think the U.S. should do instead.

Network World Security
Jun 14, 2019

Report: Mirai tries to hook its tentacles into SD-WAN
Mirai - the software that has hijacked hundreds of thousands of internet-connected devices to launch massive DDoS attacks - now goes beyond recruiting just IoT products; it also includes code that seeks to exploit a vulnerability in corporate SD-WAN gear.

That specific equipment - VMware's SDX line of SD-WAN appliances - now has an updated software version that fixes the vulnerability, but by targeting it Mirai's authors show that they now look beyond enlisting security cameras and set-top boxes and seek out any vulnerable connected devices, including enterprise networking gear.

More about SD-WAN

To read this article in full, please click here



Network World Security
Jun 14, 2019

Report: Mirai tries to wrap its tentacles around SD-WAN
Mirai - the software that has hijacked hundreds of thousands of internet-connected devices to launch massive DDoS attacks - now goes beyond recruiting just IoT products; it also includes code that seeks to exploit a vulnerability in corporate SD-WAN gear.

That specific equipment - VMware's SDX line of SD-WAN appliances - now has an updated software version that fixes the vulnerability, but by targeting it Mirai's authors show that they now look beyond enlisting security cameras and set-top boxes and seek out any vulnerable connected devices, including enterprise networking gear.

More about SD-WAN

To read this article in full, please click here

(Insider Story)

Network World Security
Jun 12, 2019

IoT security vs. privacy: Which is a bigger issue?
If you follow the news surrounding the internet of things (IoT), you know that security issues have long been a key concern for IoT consumers, enterprises, and vendors. Those issues are very real, but I'm becoming increasingly convinced that related but fundamentally different privacy vulnerabilities may well be an even bigger threat to the success of the IoT.

In June alone, we've seen a flood of IoT privacy issues inundate the news cycle, and observers are increasingly sounding the alarm that IoT users should be paying attention to what happens to the data collected by IoT devices.

[ Also read: It's time for the IoT to 'optimize for trust' and A corporate guide to addressing IoT security ] Predictably, most of the teeth-gnashing has come on the consumer side, but that doesn't mean enterprises users are immune to the issue. One the one hand, just like consumers, companies are vulnerable to their proprietary information being improperly shared and misused. More immediately, companies may face backlash from their own customers if they are seen as not properly guarding the data they collect via the IoT. Too often, in fact, enterprises shoot themselves in the foot on privacy issues, with practices that range from tone-deaf to exploitative to downright illegal—leading almost two-thirds (63%) of consumers to describe IoT data collection as "creepy," while more than half (53%) "distrust connected devices to protect their privacy and handle

Network World Security
Jun 12, 2019

Free course - Ethical Hacking: Hacking the Internet of Things
IoT devices are proliferating on corporate networks, gathering data that enables organizations to make smarter business decisions, improve productivity and help avoid costly equipment failures, but there is one big downside - security of the internet of things remains a problem.

It makes sense, then, for enterprises to try to spot vulnerabilities in the IoT gear in their networks before they can be exploited by malicious actors.

[ For more on IoT security see tips to securing IoT on your network and 10 best practices to minimize IoT security vulnerabilities. | Get regularly scheduled insights by signing up for Network World newsletters. ] To help this along, Network World and Pluralsight have teamed up to present a free course, Ethical Hacking: Hacking the Internet of Things, that provides IT pros with skills they need to protect their network infrastructure.

To read this article in full, please click here

(Insider Story)

Network World Security
Jun 06, 2019

Cisco to buy IoT security, management firm Sentryo
Looking to expand its IoT security and management offerings Cisco plans to acquire Sentryo, a company based in France that offers anomaly detection and real-time threat detection for Industrial Internet of Things (IIoT) networks.

Founded in 2014 Sentryo products include ICS CyberVision - an asset inventory, network monitoring and threat intelligence platform - and CyberVision network edge sensors, which analyze network flows.

More on IoT:

To read this article in full, please click here



Network World Security
May 30, 2019

What do recent public SAP exploits mean for enterprises? | TECH(talk)
Recently released public SAP exploits (dubbed 10KBLAZE) could pose a security risk for thousands of businesses. Computerworld executive editor Ken Mingis and CSO Online's Lucian Constantin discuss the fallout of 10KBLAZE, and how businesses using SAP should respond.

Network World Security
May 29, 2019

Cisco security spotlights Microsoft Office 365 e-mail phishing increase
It's no secret that if you have a cloud-based e-mail service, fighting off the barrage of security issues has become a maddening daily routine.

The leading e-mail service - in Microsoft's Office 365 package - seems to be getting the most attention from those attackers hellbent on stealing enterprise data or your private information via phishing attacks. Amazon and Google see their share of phishing attempts in their cloud-based services as well. 

[ Also see What to consider when deploying a next generation firewall. | Get regularly scheduled insights by signing up for Network World newsletters. ] But attackers are crafting and launching phishing campaigns targeting Office 365 users, wrote Ben Nahorney, a Threat Intelligence Analyst focused on covering the threat landscape for Cisco Security in a blog focusing on the Office 365 phishing issue.

To read this article in full, please click here



Network World Security
May 29, 2019

Survey finds SD-WANs are hot, but satisfaction with telcos is not
This week SD-WAN vendor Cato Networks announced the results of its Telcos and the Future of the WAN in 2019 survey. The study was a mix of companies of all sizes, with 42% being enterprise-class (over 2,500 employees). More than 70% had a network with more than 10 locations, and almost a quarter (24%) had over 100 sites. All of the respondents have a cloud presence, and almost 80% have at least two data centers.  The survey had good geographic diversity, with 57% of respondents coming from the U.S. and 24% from Europe.

Highlights of the survey include the following key findings:

To read this article in full, please click here



Network World Security
May 23, 2019

Study: Most enterprise IoT transactions are unencrypted
Of the millions of enterprise-IoT transactions examined in a recent study, the vast majority were sent without benefit of encryption, leaving the data vulnerable to theft and tampering.

The research by cloud-based security provider Zscaler found that about 91.5 percent of transactions by internet of things devices took place over plaintext, while 8.5 percent were encrypted with SSL. That means if attackers could intercept the unencrypted traffic, they'd be able to read it and possibly alter it, then deliver it as if it had not been changed.

To read this article in full, please click here



Network World Security
May 17, 2019

Microsoft issues fixes for non-supported versions of Windows Server
Microsoft took the rare step of issuing security fixes for both the server and desktop versions of Windows that are long out of support, so you know this is serious.

The vulnerability (CVE-2019-0708) is in the Remote Desktop Services component built into all versions of Windows. RDP, formerly known as Terminal Services, itself is not vulnerable. CVE-2019-0708 is pre-authentication and requires no user interaction, meaning any future malware could self-propagate from one vulnerable machine to another.

CVE-2019-0708 affects Windows XP, Windows 7, Windows Server 2003, Windows Server 2008 R2, and Windows Server 2008. It does not impact Microsoft's newest operating systems; Windows 8 through 10 and Windows Server 2012 through 2019 are not affected.

To read this article in full, please click here



Network World Security
May 16, 2019

WhatsApp attacked by spyware | TECH(feed)
WhatsApp's recent spyware hack took advantage of a security vulnerability and allowed attackers to access private, digital communication. In this episode of TECH(feed), Juliet walks through the hack, who was affected and how you can secure your devices ASAP.

Network World Security
May 15, 2019

Extreme addresses networked-IoT security
Extreme Networks has taken the wraps off a new security application it says will use machine learning and artificial intelligence to help customers effectively monitor, detect and automatically remediate security issues with networked IoT devices.

The application - ExtremeAI security—features machine-learning technology that can understand typical behavior of IoT devices and automatically trigger alerts when endpoints act in unusual or unexpected ways, Extreme said.

More about edge networking

To read this article in full, please click here



  • CEOExpress
  • 1 Boston Place | Suite 2600
    Boston MA 02108
  • 617 482 1200
    617 299 8649 (fax)
  • Contact
  • As an Amazon Associate
    CEOExpress earns from
    qualifying purchases.

©1999-2019 CEOExpress Company LLC