Tag: Microsoft

top secret file

US Allows More Talk About Surveillance Orders

The U.S. Department of Justice has acceded to requests from some large, technology firms, allowing them to post more specific information about government requests for data on their users, according to a report by The New York Times. In a statement released on Monday, Attorney General Eric Holder and James R. Clapper, the Director of National Intelligence, the new rules allowing some declassification followed a speech by President Obama calling for intelligence reform. “The administration is acting to allow more detailed disclosures about the number of national security orders and requests issued to communications providers, and the number of customer accounts targeted under those orders and requests including the underlying legal authorities,” the joint statement reads. “Through these new reporting methods, communications providers will be permitted to disclose more information than ever before to their customers.” [Read more Security Ledger coverage of the NSA surveillance story.] Previously, companies were prohibited from […]

When The Internet of Things Attacks! Parsing The IoT Botnet Story

I spent most of last week at a conference in Florida going deep on the security of critical infrastructure – you know: the software that runs power plants and manufacturing lines. (More to come on that!) While there, the security firm Proofpoint released a statement saying that it had evidence that a spam botnet was using “Internet of Things” devices. The company said on January 16 that a spam campaign totaling 750,000 malicious emails originated with a botnet made up of “more than 100,000 everyday consumer gadgets” including home networking routers, multi media centers, televisions and at least one refrigerator.” Proofpoint claims it is the “first time the industry has reported actual proof of such a cyber attack involving common appliances.” [Read: “Missing in action at Black Hat: the PC.”] Heady stuff – but is it true? It’s hard to know for sure. As with all these reports, it’s important […]

Ephemeral, In-Memory Attack Used With New IE 0Day

It was just last week that we wrote about research from the security firm Triumfant that found evidence for the growing use of ephemeral “diskless” malware. That point was driven home over the weekend, with a report from the firm Fireeye that found a new Internet Explorer zero day vulnerability was being used in conjunction with a disk-less variant of the Hydraq (aka “McRAT”) Trojan horse program.   Fireeye first called attention to the existence of attacks exploiting new, “zero day” (or previously unknown) vulnerabilities in the Internet Explorer web browser on Friday. The company discovered the malicious activity on the web site of a “strategically important website” that was being used as a “watering hole” to attack visitors who were “interested in national and international security policy.” The company described two IE vulnerabilities: an information leakage hole and an IE out-of-bounds memory access vulnerability. The information leak affects Windows XP […]

Windows XP Users Six Times More Likely To Be Infected By Malware

Microsoft came out with a new edition of its Security Intelligence Report today, saying that company data shows that Windows XP machines are much more likely to be infected in encounters with malicious software on the Internet. Windows XP machines were six times more likely to be infected than machines running Windows 8, the latest version of Microsoft’s operating system, the company said. The Security Intelligence Report (or SIR) is a unique window into the malicious activity online, given Microsoft’s massive footprint of more than 1 billion systems running versions of the Windows operating system, and the detailed data it collects from them through its automatic update patching- and malware removal features. This is the 15th such report Microsoft has issued.  The company used the latest report to hammer home a message about the need for Windows XP users to move off that system to a newer version of the […]

Gartner_Magic_Quadrant1

Gartner: Traditional IT Security Dead By End of Decade?

The analyst firm Gartner Inc. prides itself on its ability to identify emerging technology trends and talking up what’s next before it has even happened. The firm’s Hype Cycle maps the familiar path from promising new technology to ‘hot technology buzz word du jour,’ and (maybe) on to useful, less buzzy technology that’s actually being used. More important: the Gartner Magic Quadrant rates  technology companies (and their products) according to a set of criteria that includes how forward-looking (or “visionary”) the company is. Given the sway Gartner’s ratings have in companies’ willingness to invest in products, it’s a foregone conclusion that companies Gartner picks to ‘do well’ end up…umm…doing well. Gartner has an interest in finding the next big thing in every market – but also of preserving as much of the status quo as possible. (All those quadrants generate some serious cash!!) So I was interested to read about […]