How to set up two-factor authentication for iCloud

	Critical vulnerability in popular WordPress newsletter plug-in endangers many blogs | Microsoft hammers No-IP, collateral damage includes Hacking Team's legal malware
	Network World Security				Forward this to a Friend >>>
	How to set up two-factor authentication for iCloud You may have heard that Apple is implementing two-factor authentication for some new iCloud services, and so today I wanted to show you how to set that up.Two-factor authentication—called two-step verification in the Apple ecosystem—is a security system whereby you have to supply two things—instead of just a single password—to log in to an online (or other) service. Typically, those two factors are a password and a code that the service sends to your cell phone. Requiring those two factors, instead of just one, makes it a lot harder for online miscreants to pretend they’re you.To read this article in full or to leave a comment, please click here Read More WHITE PAPER: Juniper Networks Security in the Next-Generation Data Center This white paper examines these trends, and it reveals the key capabilities that today's security teams require to effectively ensure that vital corporate assets remain secure, while at the same time optimizing access, cost, and administrative efficiency. View Now In this Issue Critical vulnerability in popular WordPress newsletter plug-in endangers many blogs Microsoft hammers No-IP, collateral damage includes Hacking Team's legal malware US breach-o-rama continues as Butler University admits 163,000-person hack How to spot and avoid installing potentially unwanted programs Microsoft legal action cramping other hacking campaigns, Kaspersky says FBI, CIA can query US communications collected by NSA WHITE PAPER: HP Why you need a next-generation firewall This white paper explores the reasons for implementing NG firewalls and lays out a path to success for overburdened IT organizations. Learn More Critical vulnerability in popular WordPress newsletter plug-in endangers many blogs A critical vulnerability found in a WordPress plug-in that has been downloaded over 1.7 million times allows potential attackers to take complete control of blogs that use it.The flaw is located in the MailPoet Newsletters plug-in, previously known as wysija-newsletters, and was discovered by researchers from Web security firm Sucuri.“This bug should be taken seriously; it gives a potential intruder the power to do anything he wants on his victim’s website,” Daniel Cid, Sucuri’s chief technology officer, said in a blog post Tuesday. “It allows for any PHP file to be uploaded. This can allow an attacker to use your website for phishing lures, sending SPAM, hosting malware, infecting other customers (on a shared server), and so on!”To read this article in full or to leave a comment, please click here Read More Microsoft hammers No-IP, collateral damage includes Hacking Team's legal malware Microsoft brought the hammer down on No-IP and seized 22 of their domains. They also filed a civil case against “Mohamed Benabdellah and Naser Al Mutairi, and a U.S. company, Vitalwerks Internet Solutions, LLC (doing business as No-IP.com), for their roles in creating, controlling, and assisting in infecting millions of computers with malicious software—harming Microsoft, its customers and the public at large.”Microsoft Digital Crimes Unit reported, “On June 19, Microsoft filed for an ex parte temporary restraining order (TRO) from the U.S. District Court for Nevada against No-IP. On June 26, the court granted our request and made Microsoft the DNS authority for the company’s 23 free No-IP domains, allowing us to identify and route all known bad traffic to the Microsoft sinkhole and classify the identified threats.” All of the legal documents are posted here.To read this article in full or to leave a comment, please click here Read More WEBCAST: Network Instruments 3 Choices for Effective UC Management This webcast discusses five best practices on how to successfully optimize and manage UC, as well as how to gain clear picture of overall performance and quickly troubleshoot when the inevitable issues arise. Learn More US breach-o-rama continues as Butler University admits 163,000-person hack Butler University in Indianapolis has told 163,000 staff and students including those connected to the institution in the past that a data breach dating back to 2013 could have compromised their personal details.In a letter sent to employees and alumni by president Jim Danko, the University said it had learned of the possible breach a month ago after being contacted by police in California who had detained a suspect carrying a flash drive on which employee data was found.The University carried out a forensic investigation, tracing the attack to between November 2013 and May this year. Stolen data included names, dates of birth, social security numbers and driver's licenses, he said.To read this article in full or to leave a comment, please click here Read More How to spot and avoid installing potentially unwanted programs The only PUP no one lovesThey're called PUPs—Potentially Unwanted Programs—and they sneak onto your system as accessories to the program you actually intend to install. They're annoying, and they can result in slower performance, space-stealing browser toolbars, annoying pop-ups, and even loss of privacy.To read this article in full or to leave a comment, please click here Read More WEBCAST: Kemp Technologies How To: Agile Hybrid Cloud Deployment with Virtual ADC's The Growth of Hybrid Cloud is effecting companies of all sizes. In this webinar you will learn: How to deploy Hybrid Cloud Applications in Hours Not Weeks, Enable Security & High Availability for Apps Migrated to the Hybrid Cloud. Learn More Microsoft legal action cramping other hacking campaigns, Kaspersky says Microsoft’s seizure of domains from a DNS service provider has also disrupted some state-sponsored cyberespionage campaigns, according to security vendor Kaspersky Lab.A quarter of the long-term malware operations run by hacking groups tracked by the Russian security vendor have been affected by the seizure of domains from No-IP, wrote analyst Costin Rau on a company blog Tuesday.No-IP, run by Nevada-based Vitalwerks, has a free “dynamic DNS” service that updates DNS entries for a domain that has a changing IP address assigned by an ISP. It does that by lending a subdomain to the customer, then updating the DNS record as the IP address for the hostname changes.To read this article in full or to leave a comment, please click here Read More FBI, CIA can query US communications collected by NSA The FBI doesn't track the number of US searches it does on data collected for foreign intelligence purposes Read More
	SLIDESHOWS 10 disturbing attacks at Black Hat USA 2014 Attacking car systems, Google Glass for password theft, using free cloud trials to launch botnets, more. JOIN THE NETWORK WORLD COMMUNITIES As network pros you understand that the value of connections increase as the number of connections increase, the so called network effect, and no where is this more evident than in professional relationships. Join Network World's LinkedIn and Facebook communities to share ideas, post questions, see what your peers are working on and scout out job applicants (or maybe find your next opportunity). Network World on Facebook Network World on LinkedIn MOST-READ STORIES 1. 10 disturbing attacks at Black Hat USA 2014 2. FixIt giving away 15K iPhone 'liberation kits' 3. Tools catch security holes in open source code 4. Wzor's return brings Windows 9 rumors 5. 4 key features coming to Windows 9 (hopefully) 6. Google is killing off Orkut 7. 10 Bad Coding Practices That Wreck Software Development Projects 8. 10 security start-ups to watch 9. HP's giant Proliant challenges big iron from IBM, Oracle 10. Netflix open sources its Amazon cloud security enforcer
	Do You Tweet? Follow everything from NetworkWorld.com on Twitter @NetworkWorld. You are currently subscribed to networkworld_security_alert as security.world@gmail.com. Unsubscribe from this newsletter | Manage your subscriptions | Subscribe | Privacy Policy If you are interested in advertising in this newsletter, please contact: bglynn@cxo.com To contact Network World, please send an e-mail to customer_service@nww.com. Copyright (C) 2014 Network World, 492 Old Connecticut Path, Framingham MA 01701 ** Please do not reply to this message. If you want to contact someone directly, send an e-mail to customer_service@nww.com. **