Regin malware linked to attacks on Belgacom, well-known cryptographer

---------- Forwarded message ----------
From: "Network World Daily News AM Alert" <nww_newsletters@newsletters.networkworld.com>
Date: Nov 25, 2014 8:19 AM
Subject: Regin malware linked to attacks on Belgacom, well-known cryptographer
To: <aquarianm@gmail.com>
Cc:

Regin is groundbreaking malware on par with Stuxnet, Symantec says

Big IT vendors mostly mum on commercial drone plans

Network World Daily News AM

November 25, 2014

Regin malware linked to attacks on Belgacom, well-known cryptographer

After Symantec blew the lid on Regin on Sunday, computer security experts and companies are revealing information that has lead to suspicions that the U.S. and U.K. are involved.Regin has been known about for years by security companies, but Symantec's white paper on the malware prompted several in the last day to come forward with what they know.It's unclear why security companies maintained a collective silence about Regin for so long. Symantec said it first discovered Regin about a year ago and that it took the company that long to analyze it.To read this article in full or to leave a comment, please click here

Issue highlights

1. Regin is groundbreaking malware on par with Stuxnet, Symantec says

2. Big IT vendors mostly mum on commercial drone plans

3. Microsoft cold-shoulders Server 2003 and XP users hit with Microsoft Update error 0x80248015

4. 10 Productivity Gadgets to Add to Your Holiday Shopping List

5. New IBM service shines a light on mobile device and app performance

6. Google's gigabit-Internet service in Austin priced at $70 per month

7. Office 365's spam filter gets smarter at sorting bulk mailings

8. 5 PCI Compliance gaps

9. 11 Black Friday deals for HP Pavilion All-in-One PCs with Windows 8.1

10. Fidelity's top IT exec sees potential in A.I.

11. IoT in the enterprise up three-fold, study finds

12. Would Amazon Web Services ever build an on-premise private cloud?

WHITE PAPER: BMC Software

10 Steps to Reduce Mainframe MLC Costs

Monthly license charges (MLC) are rising by 7% or more each year, and account for 30% of total mainframe costs. Yet managing MLC costs is an inexact science. Learn More

Regin is groundbreaking malware on par with Stuxnet, Symantec says

Regin, a complex and stealthy piece of espionage malware, steals passwords, logs keystrokes and can read, write, move and copy files, among other malicious activity, and has stunned the Symantec researchers that detailed it in a report."In the world of malware threats, only a few rare examples can truly be considered groundbreaking and almost peerless," according to Symantec's report on the threat. "What we have seen in Regin is just such a class of malware." Be sure not to miss:To read this article in full or to leave a comment, please click here READ MORE

Big IT vendors mostly mum on commercial drone plans

Word that the Federal Aviation Administration might take a very hard line on commercial drone use has those with designs on such activity nervous. But as for big enterprise IT vendors, it's really hard to tell what they think because they're keeping any plans in this field very hush-hush.The Wall Street Journal reported Monday that the FAA -- tasked by Congress with coming up with rules next year -- is very likely to require operators of commercial drones (or unmanned aerial vehicles/unmanned aircraft systems) to have actual licenses that include manned aircraft experience. Other restrictions on those who might want to use UAVs/UASs take aerial photos of real estate property, cover news events or monitor agricultural or other properties could include operation only in daylight hours, line-of-site operation and flying only below 400 feet.To read this article in full or to leave a comment, please click here READ MORE

Microsoft cold-shoulders Server 2003 and XP users hit with Microsoft Update error 0x80248015

Microsoft has yet to provide a solution for customers who can't connect to Microsoft Update to install last week's out-of-band patch KB 3011780 READ MORE

10 Productivity Gadgets to Add to Your Holiday Shopping List

Holiday Gadget Gift IdeasImage by ShutterstockIt's that time of the year again. You're probably looking for gifts for a loved one, friend or business associate – or maybe you're looking for a reward for yourself. This list of 10 gadgets will help the people on your holiday shopping list stay productive on the go, whether it's for business or personal travel.To read this article in full or to leave a comment, please click here READ MORE

WHITE PAPER: CommVault

5 Steps to Application-Aware Data Protection

Application Owners need to know that they'll be able to recover their data at the application level when disaster strikes, and yesterday's solutions are simply not up to this job. It's time for modern, application-aware data protection - and here's how to get there. Learn more about how to create application-aware protection. Learn More>>

New IBM service shines a light on mobile device and app performance

With mobile devices rapidly becoming the tools of choice for enterprise work, IBM wants to help IT departments make sure they can serve all users.Developing and delivering software to laptops and desktops is only part of the battle these days. IBM has signaled that mobile is a big part of its enterprise future through the partnership it announced with Apple in July. No new products from that deal have surfaced yet, but on Tuesday, in a separate development, IBM added to its Mobility Services portfolio.One new service helps IT departments gauge how applications on mobile devices are working, while the other offers a way to deliver them virtually. Both are available now and work on any major mobile OS, said Linda Lyding, director of portfolio strategy and development.To read this article in full or to leave a comment, please click here READ MORE

Google's gigabit-Internet service in Austin priced at $70 per month

Google will offer a basic version of its broadband service for no monthly charge when it launches soon in Austin, Texas, with the 1Gbps service priced at $70 per month.The basic plan will provide download speeds of up to 5Mbps (megabits per second) and upload speeds of 1Mbps, according to Google, which announced its pricing plans Monday and said consumers in some neighborhoods will be able to sign up next month. Customers will pay a one-time "construction" fee of $300, but there will be no monthly charges after that.The middle-tier plan that provides Google Fiber's promised 1Gbps service will be priced at $70 per month, with the construction fee waived for a one-year commitment. That plan includes 1TB of cloud storage across Google Drive, Gmail and Google+ photos, the company said.To read this article in full or to leave a comment, please click here READ MORE

Office 365's spam filter gets smarter at sorting bulk mailings

In time for the holiday shopping season, Microsoft has refined how Office 365 handles bulk promotional emails from vendors like Amazon, eBay and Macy's.Those messages, which contain special offers, newsletters and other sales incentives, fall into a gray area between legitimate email and obvious spam. Depending on a variety of factors, recipients sometimes find them useful and other times annoying.Now, Microsoft has added what it describes as a "simple, intuitive control" to the Exchange Online Protection (EOP) security engine in Exchange Online so that Office 365 admins can fine-tune the treatment of these messages for their domain.EOP rates bulk messages on a scale of 1 to 9. The lower the rating, the less likely the message will be considered a nuisance by recipients. Criteria used to rate messages include whether recipients signed up for the mailings, whether the sender offers unsubscribe options and how many complaints the emails have generated.To read this article in full or to leave a comment, please click here READ MORE

5 PCI Compliance gaps

With the holiday shopping season coming up, and crooks lining up to take advantage of the stress and confusion, this is a good time for merchants to review their payment security procedures.Here are the areas where the most merchants have vulnerability gap, according to a report published earlier this year by Verizon, based on compliance assessments with the Payments Card Industry Data Security Standard. Regularly testing security systems and processesOnly 40 percent of companies were fully compliant with this requirement in 2013. On the positive side, this was a significant increase from 11 percent in 2012. "A lot of it has to do with small merchant and mid-sized merchants, who often don't have the IT resources," said Stephen Orfei, General Manager at Wakefield, MA-based PCI Security Standards Council, LLC, which oversees the standard.More merchants are turning to vendors to handle these security requirements, but Orfei warns that, at the end of the day, the merchant is still responsible for the security of the data. "You don't remove yourself from the liability because you've outsourced it," he said.That means following up with the vendors to make sure that they have the right processes in place, and that they are, in fact, following them like they're supposed to.Not using vendors' default passwords or security parametersOnly 51 percent of companies were fully compliant with this requirement, even though it might seem like an obvious security measure.The problem? Old systems that may have been around for years, according to Jeff Man, PCI security evangelist at Columbia, MD-based Tenable Network Security."The reality is that most companies have been in business for a while and haven't historically had robust security programs," he said. "They're playing catch-up."And they are, in fact, catching up -- in 2012, only 26 percent of organizations were fully compliant. Track and monitor all access to network resources and cardholder dataOnly 60 percent of companies were compliant with this requirement, but the number was nearly triple compared to the previous year."I see some very positive momentum," said PCI Security Counsel's Orfei.Part of the reason for the improvement? The recent spate of high-profile data breaches."If there's a silver lining in the latest compromises, it's that it's gotten the attention of the people in the C-level suite," he said. Identify and authenticate access to system componentsAccording to Verizon, 62 percent of organizations were compliant with this requirement. This means that each user gets their own, separate, auditable access to key data, and that accounts aren't shared. This is also the requirements that sets standards for password strength, two-factor authentication, for limiting the number of login attempts, and for protecting those passwords.According to Verizon, 76 percent of all network intrusions involve weak or stolen credentials.In September, for example, Illinois-based sandwich chain Jimmy John's reported that hackers stole payment data from 216 stores by using a login and password stolen from the company's point of sale vendor."It turned out the vendor was using a shared password to administer all their customers," said Tenable's Man. Install and maintain a firewall configuration to protect cardholder dataOnly 64 percent of companies were fully compliant with this requirement, even though, again, this seems like it would be something obvious that all companies would do.And it's not enough to have the firewall up and running in time for the audit -- in order for it to do its job, it actually has to be up all the time. According to Verizon, only 12.5 percent of organizations that had a data breach were fully compliant with this requirement. While having a firewall in place isn't enough by itself to protect a company, not having one is like leaving all the doors of a house wide open.Attention to security and compliance must be ongoing, said Orfei."It's something you have to build into the DNA of the company, and you have to do it religiously," he said.To read this article in full or to leave a comment, please click here READ MORE

WHITE PAPER: IBM

Forrester 2014 Dynamic Case Management Wave

Forrester has released its 2014 Dynamic Case Management Wave, and for the second consecutive time, IBM is a leader. View Now>>

11 Black Friday deals for HP Pavilion All-in-One PCs with Windows 8.1

If you happen to have someone on your Christmas list that insists upon needing a desktop PC, when in fact they don't need a powerful machine and don't want a laptop, then maybe an HP Pavilion All-in-One (AIO) PC is the answer? It becomes an even more attractive option if they have an ancient machine still running Windows XP – even after you've warned them and cut off all 24/7 family-tech support! If that sounds like you, or you are in the market for an all-in-one PC, then here's the HP Pavilion TouchSmart and non-touch-enabled versions being offered for Black Friday sales or available at Black Friday prices right now.HP is currently selling Pavilion AIO PCs for prices comparable to Black Friday prices. There are three basic options that come with Windows 8 installed and a 23-inch screen. As the name implies, it's a desktop computer that's built all-in-one as opposed to a tower and separate monitor; it comes with a mouse and keyboard as well.To read this article in full or to leave a comment, please click here READ MORE

Fidelity's top IT exec sees potential in A.I.

Since his January 2013 appointment as enterprise CTO at Fidelity Investments, Stephen Neff has made a significant impression in the financial services company's highest IT post. Earlier this year, he was named one of five finalists for the 2014 MIT Sloan CIO Leadership Award. Fidelity Investments He oversees an IT organization with an annual budget of $2.5 billion and 12,500 tech employees, associates and contractors around the globe. And he's tasked with running a distributed technology organization where a majority of workers operate within the various business lines reporting into business unit CIOs.To read this article in full or to leave a comment, please click here READ MORE

IoT in the enterprise up three-fold, study finds

Internet of Things deployment in the enterprise has increased 333% since 2012, according to research from an Internet of Things company.Zebra Technologies, a maker of marking and printing products using RFID and real-time location services, says a study it commissioned and conducted by Forrester Research found that IoT deployment in businesses increased over threefold since 2012. Nearly 65% of its survey respondents have deployed IoT technologies in the enterprise in 2014, compared to only 15% in 2012.To read this article in full or to leave a comment, please click here READ MORE

Would Amazon Web Services ever build an on-premise private cloud?

Like some of its major competitors, would Amazon Web ever offer an on-premises private cloud management software? AWS Vice President of Marketing Ariel Kelman wouldn't rule it out - "never say never" he said - but he added that company executives have discussed doing it, but it just doesn't fit AWS's business model at this time. + MORE FROM NETWORK WORLD: Gartner cloud showdown: Amazon Web Services vs. Microsoft Azure + AWS is a services business that operates at massive scale. The company has a market-leading public IaaS platform with a plethora of web services that it updates and adds to all the time. The model of a fast-changing, constantly updating cloud doesn't work very well in an on-premises private cloud model, Kelman said.To read this article in full or to leave a comment, please click here READ MORE

WHITE PAPER: PC Connection

5 Steps for Building a Secure Cloud

The cloud promises impressive gains in infrastructure agility, efficiency, and cost reduction, but the greatest barrier to cloud adoption continues to be security. Read this white paper to learn best practices for keeping your data and your organization safe. Learn More>>

SLIDESHOWS

Top tech turkeys of 2014

This Thanksgiving, just be thankful you aren't associated with any of these people.

JOIN THE NETWORK WORLD COMMUNITIES

As network pros you understand that the value of connections increase as the number of connections increase, the so called network effect, and no where is this more evident than in professional relationships. Join Network World's LinkedIn and Facebook communities to share ideas, post questions, see what your peers are working on and scout out job applicants (or maybe find your next opportunity).

Network World on Facebook

Network World on LinkedIn

MOST-READ STORIES of 2014

1. 20+ Jaw-Dropping Black Friday 2014 Tech Deals

2. Peeping into 73,000 unsecured security cameras thanks to default passwords

3. No, Walmart, you can't walk away with my smartphone for price-matching purposes

4. 14 go-to tools for Mac sysadmins

5. 12 tips to tune your Wi-Fi network

6. Black Friday sales promise iPhone 6 deals

7. 10 cheap or free ways to make your old PC run faster

8. Black Friday: Newegg axes prices on laptops, desktops, tablets

9. SDN groups respond to Cisco's game over