In-brief: Infoworld writes about the possible deal by ARM to acquire Sansa Security, a maker of security software for embedded systems that populate the Internet of Things.
server
Ghost Vulnerability Replays Third Party Code Woes
In-brief: The security firm Qualys is warning of a serious and remotely exploitable vulnerability in a function of the GNU C Library (glibc) known as gethostbyname. The security hole raises more questions about dangers lurking in legacy, open source software.
IT meets OT as Belden buys TripWire for $710m
In a move that heralded the growing convergence of information security and IT operations, Belden, a maker of industrial networking equipment, said it is acquiring Tripwire, an IT security services firm for $710 in cash. The announcement, on Tuesday, underscores the degree to which traditional IT security focused on securing enterprise networks is becoming part and parcel of the services that industrial firms wish to offer to their customers in heavy industries and critical infrastructure. [Read more Security Ledger reporting on Internet of Things and IT-OT convergence.] In a published statement, Belden said that, together, the companies will “work to deliver the next generation of cybersecurity solutions that can be deployed across enterprise, industrial, and broadcast markets.” John Stroup, President and CEO of Belden, said TripWire will extend his company’s capabilities. The two companies had previously worked together to improve critical infrastructure cybersecurity in manufacturing organizations, tailoring cyber security solutions for specific customer […]
Chief Security Officer: The Toughest Job In IT?
Register now for our CISO Hangout with Jon Trull of Qualys, the former Chief Security Officer for the State of Colorado. Chief Information Security Officers (CISOs) are in the news a lot these days. The breaches at prominent corporations like Target, Home Depot and (this week) JP Morgan have solidified the consensus that the CISO is a necessary complement to the CIO. They’ve also shone a spotlight on what many consider to be the toughest job in corporate America. After all, successful cyber attacks and data breaches are the quickest path to a ruined corporate reputation. And a strong and capable CISO is increasingly seen as the best defense against such an unfortunate occurrence. (Target’s misfortune was the direct result, some argued, on its lack of a CISO.) With all that in the air, the time couldn’t be better to sit down with some of the top CISOs in industry and the public […]
Was An IPMI Flaw Behind 300Gbps DDoS Attack? – ComputerworldUK.com
Computerworld UK has an interesting story that digs into a massive, 300 Gbps DDoS attack that used a flaw in the IPMI protocol to compromise 100,000 unpatched servers, which were then used to send junk traffic to the victim site. The attack was documented by the security firm VeriSign in its quarterly threat report. The flaw, in the Intelligent Platform Management Interface (IPMI) is a well-documented security hole that affects a wide range of devices. The attack in question took place in June and targeted what Verisign described as a content delivery network (CDN) in the media and entertainment sector. The attack combined a variety of techniques, including SYN, TCP and UDP protocols to flood a target data center. The attacks reached a peak traffic volume 300 Gbps and lasted more than a day, prompting Verisign to balance the load across its global network. Verisign attributed the massive volume of the attack to a botnet made up […]
