The FBI’s Internet Crime Complaint Center (IC3) this week said the plague it calls the Business Email Compromise continues to rack-up victims and money – over 40,000 worldwide victims and $5 billion in the latest count.

+More on Network World: FBI/FTC: Watch those e-mails from your “CEO”+

The BEC scam is typically carried out by compromising legitimate business e-mail accounts through social engineering or computer intrusion to conduct unauthorized transfers of funds, the IC3 stated. Most victims report using wire transfers as a common method of transferring funds for business purposes; however, some victims report using checks as a common method of payment. The fraudsters will use the method most commonly associated with their victim’s normal business practices. The scam has evolved to include the compromising of legitimate business e-mail accounts and requesting Personally Identifiable Information (PII) or Wage and Tax Statement (W-2) forms for employees, and may not always be associated with a request for transfer of funds, the IC3 stated.

To read this article in full, please click here

NASA is looking to bolster the speed – from ten to 10,000 times -- of the software on its Pleiades supercomputer and is issuing a public challenge to get the job done.

The catch is that the software the space agency is looking to squeeze all of that performance out of is based on Fortran – a program that has roots back to 1954.

“This is the ultimate ‘geek’ dream assignment,” said Doug Rohn, director of NASA’s Transformative Aeronautics Concepts Program (TACP) in a statement.

According to IBM: “From its creation in 1954, and its commercial release in 1957 as the progenitor of software, Fortran (FORMula TRANslator) became the first computer language standard, ‘helped open the door to modern computing,’ and may well be the most influential software product in history. Fortran liberated computers from the exclusive realm of programmers and opened them to nearly everybody else. It is still in use more than 50 years after its creation.

To read this article in full, please click here

The technology issues involved in supporting about 27 distinct DHS information systems and databases hinder the effort by U.S. Immigration and Customs Enforcement (ICE) to track people who overstay their visas.

That was the chief conclusion of a scathing Department of Homeland Security (DHS) Office of Inspector General (OIG) report on the status of ICE’s ability to track visa overstays.

+More on Network World: DHS warns on immigration spoofing scam+

To read this article in full, please click here

I have detailed the crazy things that the TSA has found in airline travelers checked bags over the past few years but…every once and awhile, something new and cracked turns up.

TSA/22MM tank round LAX

Recently the agency’s agents reported that a live 22 MM anti-tank round was discovered by TSA agents in a checked bag at Los Angeles (LAX) airport.

To read this article in full, please click here

The financial services industry is the target of a whopping 65% more targeted cyber-attacks than the average business, according to security watchers at IBM’s X Force.

The number of financial services records breached skyrocketed 937% in 2016 to more than 200 million. Financial institutions were forced to defend against a 29 percent increase in the number of attacks from 2015, IBM stated.

+More on Network World:  IBM: Tax-related spam up 6,000% since Dec.; Darkweb tactics net billions+

To read this article in full, please click here

In announcing its Q1 earnings yesterday Juniper company executives were delighted about the company’s returns on its cloud computing directions.

In the results conference call Juniper CEO Rami Rahim said cloud computing sales grew 25% year-over-year and noted that four of the company’s top 10 accounts were cloud-related. Specifically, the cloud vertical earned $331.6 million in the first quarter, over $264.8 million a year ago.

“As the industry evolves, cloud architectures are no longer the exclusive domain of the cloud providers. Customers across all verticals are developing strategies for moving to cloud service delivery models and this aligns with our strategy to power the cloud transformation,” Rahim said [Seeking Alpha has a full transcript of the call here]. “The cloud is a massive paradigm shift that is reshaping all industries, and I'm excited about the opportunity we have in front of us.”

To read this article in full, please click here

It’s not at all uncommon for competitors to snipe at one another but it still makes for good reading and it provides an interesting look into a company’s strategy – and perhaps a signal to a competitor they are in for a fight.

Today’s round comes from Juniper which has a piece of marketing out there that says: “In March 2017, Extreme Networks announced it will acquire Brocade's data center networking business. This acquisition has hindered Brocade/Extreme's ability to meet your long-term goals. They can no longer deliver networking solutions that will help you embark on your digital transformation journey. Juniper Networks can.”

To read this article in full, please click here

DARPA today said it  opened unique and massive testbed it will use as a battleground for researchers to build and test autonomous, intelligent and collaborative wireless technologies.

Calling it a “magnificent electronic arena” The Colosseum will be primarily used to host the Defense Advanced Research Projects Agency’s $3.75 million three-year Spectrum Collaboration Challenge (SC2), which will pit researchers against each other to develop what the agency calls radically new technologies for “using and managing access to the electromagnetic spectrum in both military and civilian domains.”

To read this article in full, please click here

You could probably see this one and others like it coming, given the current immigration quagmire that is the United States immigration environment. Today the U.S. Department of Homeland Security issued a fraud alert saying criminals have been using the agency’s Hotline as part of a spoofing scam to steal personal information.

+More on Network World: DARPA to eliminate “patch & pray” by baking chips with cybersecurity fortification+

The DHS Office of Inspector General (OIG) said perpetrators of the scam represent themselves as employees with “U.S. Immigration” and can alter caller ID systems to make it appear that the call is coming from the DHS OIG Hotline telephone number (1-800-323-8603).

To read this article in full, please click here

True legends in any field are few and far between but Robert Taylor, who died last week at 85, was definitely was one in the field of computer networking.

A key figure on the development of the Internet and ubiquitous Ethernet, Taylor was also instrumental in developing the first personal computer known as the Alto and a host of other computer and networking advances throughout his career. And his career was dotted with major positions at Advanced Research Projects Agency, the Stanford Research Institute, NASA, the Pentagon, Xerox and Digital Equipment Corporation.

To read this article in full, please click here

In an IT world where security software patches seem to be a dime a dozen, the researchers at the Defense Advanced Research Projects Agency want to take a different approach – bake cybersecurity right into the circuitry.

The research outfit will this month detail a new program called System Security Integrated Through Hardware and Firmware (SSITH) that has as one of its major goals to develop new integrated circuit architectures that lack the current software-accessible points of criminal entry, yet retain the computational functions and high-performance the integrated circuits were designed to deliver. Another goal of the program is the development of design tools that would become widely available so that hardware-anchored security would eventually become a standard feature of integrated circuit in both Defense Department and commercial electronic systems, DARPA stated.

To read this article in full, please click here

In this era where disinformation, alternative facts and other falsehoods are the rule of the day, the researchers at DARPA are looking to build a mechanism that can glean some truth from the obfuscation.

DARPA says the program, called Active Interpretation of Disparate Alternatives (AIDA), looks to develop a “semantic engine” that generates alternative interpretations or meaning of real-world events, situations, and trends based on data obtained from an extensive range of channels. The program aims to create technology capable of aggregating and mapping pieces of information automatically derived from multiple media sources into a common representation or storyline, and then generating and exploring multiple theories about the true nature and implications of events, situations, and trends of interest, DARPA says. +More on Network World: DARPA plan would reinvent not-so-clever machine learning systems+  

To read this article in full, please click here

Looking to drive the use of Network Functions Virtualization, the OPNFV project this week released the fourth version of its open source platform, known as Danube, that promises to help large organizations and service providers get a better handle on virtualization, SDN and cloud services.

+More on Network World: Open source routing project gets a vital technology infusion+

Heather Kirksey, director, OPNFV said Danube melds a ton of work that has been done around NFV and brings DevOps methodologies to NFV. “It brings together full next-gen networking stacks in an open, collaborative environment. By harnessing work with upstream communities into an open, iterative testing and deployment domain, we’re delivering the capabilities that truly enable NFV,” Kirksey said.

To read this article in full, please click here

Tis’ the season for tax villains. The notion that spam has been increasing lately has been obvious recently and for more evidence of that nasty trends you need look no further than this fact: From Dec 2016 to Feb 2017, IBM X-Force researchers saw a 6,000% increase in tax-related spam emails.

And that’s just one of a number of tax season scams and frauds IBM X-Force security researchers have been tracking in a report “Cybercrime Riding Tax Season Tides: Trending Spam and Dark Web Findings” issued today.

+More on Network World: IRS Dirty Dozen: Phishing, phone cons and identity theft lead scam list for 2017+

To read this article in full, please click here

Open source networking proponents have uncorked an updated routing protocol project designed to give white box, virtualized environments of all sizes fast and reliable communications.

The project, now called the Free Range Routing (FRR) offers a full-on IP routing protocol suite for Linux/Unix platforms and includes protocol daemons for BGP, IS-IS, LDP, OSPF, PIM, and RIP. The FRR groupsays that the technology’s integration with the native Linux/Unix IP networking stacksmakes it applicable to a wide variety of applications from connectinghosts/virtual machines/containers to the network, advertising network services, LAN switching and routing, Internet access routers, and Internet peering.

To read this article in full, please click here

Cisco has issued an urgent request to Cisco customers running specific releases of software on their Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) appliances to reboot their devices to prevent a device from hanging and stop passing traffic.

Cisco said its ASA and FTD devices are affected by a “functional software defect that will cause the device to stop passing traffic after 213 days of uptime” and that the issue is a result of a software regression bug introduced when addressing Cisco bug ID CSCva03607.

+More on Network World: IBM on the state of network security: Abysmal

To read this article in full, please click here

IBM said that it has patented a machine learning technology that defines how to shift control of an autonomous vehicle between a human driver and a vehicle control processor in the event of a potential emergency.

+More on Network World: IBM on the state of network security: Abysmal

Basically the patented IBM system employs onboard sensors and artificial intelligence to determine potential safety concerns and control whether self-driving vehicles are operated autonomously or by surrendering control to a human driver.

To read this article in full, please click here

The state of online security is darn dreadful. At least if you look at the results from the IBM Security’s 2017 IBM X-Force Threat Intelligence Index released today which contains myriad depressing nuggets such as:

• The number of records compromised grew a historic 566% in 2016 from 600 million to more than 4 billion -- more than the combined total from the two previous years.
• In one case, a single source leaked more than 1.5 billion records [see Yahoo breach].
• In the first three months of 2016, the FBI estimated cybercriminals were paid a reported $209 million via ransomware. This would put criminals on pace to make nearly $1 billion from their use of the malware just last year.
• In 2016, many significant breaches related to unstructured data such as email archives, business documents, intellectual property and source code were also compromised.
• The most popular types of malcode we observed in 2016 were Android malware, banking Trojans, ransomware offerings and DDoS-as-a-service vendors. Since DDoS tools are mostly sold as a service and not as malware per se, we will focus here on banking Trojans, Android malware and ransomware.
• In December 2016, a malware developer with an ongoing banking Trojan project showed up in underground forums, aspiring to sell some licenses as he worked on completing the development of all its modules. The actor promised to deliver future capabilities, such as a Socket Secure (SOCKS) proxy and hidden virtual network computing alongside technical support and free bug fixes. The malware was named Nuclear Bot, or NukeBot, at the time. IBM wrote it has yet to see NukeBot/Micro Bot active in the wild, analyses performed by X-Force and other vendors found that it has the potential to rise in 2017 and bring back commercial Trojan sales in the underground.
• In 2015, Healthcare was the most attacked industry with Financial Services falling to third, however, attackers in 2016 refocused back on Financial Services.

IBM did note that while the healthcare industry continued to be beleaguered by a high number of incidents, attackers hit on smaller targets resulting in a lower number of leaked records. In 2016, only 12 million records were compromised in healthcare - keeping it out of the top 5 most-breached industries. For perspective, nearly 100 million healthcare records were compromised in 2015 resulting in an 88% drop in 2016, IBM stated.

To read this article in full, please click here

Cisco Talos today warned of a flaw in the X.509 certificate validation feature of Apple macOS and iOS that could let an attacker remotely execute code and steal information.

X.509 security certificates are widely used and integral to many Internet protocols, including TLS/SSL, which is the basis for HTTPS, the secure web browsing protocol.

+More on Network World: 5 burning questions with new IETF Chair and Cisco Fellow Alissa Cooper+

“For most people, securely connecting to a website seems as simple as checking to make sure the little padlock in the address bar is present. However, in the background there are many different steps that are taken to ensure you are safely and securely connecting to the websites that claim they are who they are. This process includes certificate validation, or making sure that the servers that users are connecting to present “identification” showing they are legitimate. This helps to protect users from fraudulent servers that might otherwise steal sensitive information,” Talos wrote.

To read this article in full, please click here

The Federal Trade Commission this week issued a warning about the irritating and illegal “Can you hear me now?” robocall scam making the rounds on phones across the country.

The FTC says it has received hundreds of complaints on the calls which could end up being part of a scam to get your money.

+More on Network World: U.S. Marshals warn against dual phone scams+

The Better Business Bureau described the scam earlier this year: “By replying ‘yes,’  ‘sure,’ or other agreeable response, the scammer records the call and uses that sound bite to authorize unwanted charges to the scammers benefit. “It seems like an innocent question, but it can cause undue financial burdens and stress. The scam caller may already have your financial information, which is how they authorize a payment and, if you dispute a charge, the scammer has doctored the recording to make it seems as though you agreed to it.”

To read this article in full, please click here

Cisco is warning IOS and IOS EXE users of five security vulnerabilities it rates as “High” that could lead to denial of service attacks or allow an invader to execute arbitrary code on an particular system.

The warnings – which include Cisco’s DHCP client, L2TP, Zero Touch Provisioning, HTTP server and Web user interface -- are part of what Cisco says are a twice-yearly bundle of IOS security advisories it issues to keep those users up-to-date on current IOS security issues.

To read this article in full, please click here

It’s hard to fathom and may be even harder for it to happen but a couple NASA-funded scientists say Mars might have had Saturn-like rings around it in the past and may have them again sometime in the distant future.

NASA’s Jet Propulsion Lab said Purdue University scientists David Minton and Andrew Hesselbrock developed a model that suggests debris that was pushed into space from an asteroid or other body slamming into Mars around 4.3 billion years ago alternates between becoming a planetary ring and clumping together to form a moon.

More on Network World: Elon Musk’s next great adventure: Colonizing Mars+

To read this article in full, please click here

Researchers with the Defense Advanced Research Projects Agency will this month present a program that looks to develop a new generation of radiofrequency (RF) and millimeter-wave transistors to address the power and range requirements for billions of wirelessly communicating devices in everything from unmanned aircraft and home appliances to sensors and smartphones.

+More on Network World: DARPA plan would reinvent not-so-clever machine learning systems+

“The same basic transistor types have been dominant since their invention and we have been engineering the heck out of them for 50 years,” said Dan Green, a program manager in DARPA’s Microsystems Technology Office (MTO) and the overseer of the forthcoming Dynamic Range-enhanced Electronics and Materials (DREaM) program. “We’ve gotten a lot out of that approach, but the focus on so few types of transistor technologies and just a few semiconductor materials also has fundamentally limited us in the RF world.”

To read this article in full, please click here

Machine learning systems maybe be smart but they have a lot to discover.

Innovative researchers with DARPA hope to achieve superior machine learning systems with a new program called Lifelong Learning Machines (L2M) which has as its primary goal to develop next-generation machine learning technologies that can learn from new situations and apply that learning to become better and more reliable than current constrained systems.

+More on Network World: DARPA fortifies early warning system for power-grid cyber assault+

To read this article in full, please click here

The Defense Advanced Research Projects Agency (DARPA) continues to hone the system it hopes would quickly restore power to the U.S. electric grid in the event of a massive cyberattack. The research agency this week said it awarded defense system stalwart BAE Systems an $8.6 million contract to develop a system under its Rapid Attack Detection, Isolation and Characterization (RADICS) program that has as its central goal to develop technology that will detect and automatically respond to cyber-attacks on US critical infrastructure.

+More on Network World: Cisco’s Jasper deal – one year, 18 million new IoT devices later, challenges remain+

To read this article in full, please click here

That was fast. Networking veteran Jonathan Davidson is re-joining Cisco a little less than a week after resigning as rival Juniper executive VP and general manager.

Cisco/Jonathan Davidson

Davidson is joining Cisco’s Service Provider Business Unit and will report to Yvette Kanouff, the senior vice president and general manager that unit.

+More on Network World: Cisco’s Jasper deal – one year, 18 million new IoT devices later, challenges remain+

To read this article in full, please click here

Spam is once again raising its ugly head as a chief way for attackers to grab protected data.

IBM’s X-Force Threat Intelligence group said today that one of the key findings from its forthcoming Threat Intelligence Index for 2017 is that spam volume grew dramatically throughout 2016, bringing with its host of new malicious attachments harboring banking Trojans and ransomware.

+More on Network World: IBM technology moves even closer to human speech recognition parity+

“Attackers are not limited to a single set of tools, however. The ongoing expansion of domain name choices has added another instrument to the spammer’s toolbox: enticing recipients to click through to malicious sites, ultimately allowing attackers to infiltrate their networks,” wrote Ralf Iffert, Manager, X-Force Content Security in a blog about the spam findings. “More than 35% of the URLs found in spam sent in 2016 used traditional, generic top-level domains (gTLD) .com and .info. Surprisingly, over 20% of the URLs used the .ru country code top-level domain (ccTLD), helped mainly by the large number of spam emails containing the .ru ccTLD.”

To read this article in full, please click here

Cisco's security team today called the weakness in Apache Struts “critical” and is evaluating many its products to assess the impact.

The company said it will publish a list of vulnerable products here as it learns of them.

Earlier this week Apache revealed a vulnerability in the Jakarta multipart parser used in Apache Struts2 that could let an attacker execute commands remotely on the targeted system using what’s known as acrafted Content-Type header value.

-More on Network World: Cisco’s Jasper deal – one year, 18 million new IoT devices later, challenges remain+

To read this article in full, please click here

IBM this week said its speech recognition system set an industry record of 5.5% word error rate, a percentage that lets a computer understand human conversation almost as well as the average person does.

According to IBM human parity was considered a 5.9% word error rate but IBM who partnered with Appen, a speech and technology service provider, reassessed the industry benchmark and determined that human parity is lower than what anyone has yet achieved: 5.1%.

+More on Network World: Gartner: Artificial intelligence, algorithms and smart software at the heart of big network changes+

To read this article in full, please click here

A number of reports are warning businesses and consumers alike that a new round of ransomware based on the infamous Cryptolocker (aka TorrentLocker or Teerac) code is making the rounds.

Today Cisco Talos wrote: “Crypt0l0cker has gone through a long evolution, the adversaries are updating and improving the malware on a regular basis. Several indicators inside the samples we have analyzed point to a new major version of the malware. We have already seen large campaigns targeting Europe and other parts of the world in 2014 and 2015. It seems to be that the actors behind these campaigns are back now and launching again massive spam attacks.”

To read this article in full, please click here