What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2016-09-22 05:48:00 | (Déjà vu) Lockdown! Harden Windows 10 for maximum security (lien direct) | You may have heard that Microsoft has made Windows 10 more secure than any of its predecessors, packing it with security goodies. What you might not know is that some of these vaunted security features aren't available out of the box or they require additional hardware -- you may not be getting the level of security you bargained for.Features such as Credential Guard are available for only certain editions of Windows 10, while the advanced biometrics promised by Windows Hello require a hefty investment in third-party hardware. Windows 10 may be the most secure Windows operating system to date, but the security-savvy organization -- and individual user -- needs to keep the following hardware and Windows 10 edition requirements in mind in order to unlock the necessary features to achieve optimum security.To read this article in full or to leave a comment, please click here | |||
|
2016-09-21 14:06:00 | How to watch the 2016 Ig Nobels (lien direct) | If you can't make it to the annual Ig Nobel ceremony at Harvard University on Thursday night to celebrate the most unusual and imaginative breakthroughs in science, you can follow along online instead.That includes right here, we're we've embedded code for the live webcast, which starts at 6pm, EST, Sept. 22. MORE: Why there's no Nobel Prize in ComputingTo read this article in full or to leave a comment, please click here | |||
|
2016-09-21 13:52:54 | New legislation seeks to prevent US voting systems from being hacked (lien direct) | A U.S. lawmaker has introduced two bills to protect voting systems from hacking, amid fears that Russian cyber spies may be interfering with this year's presidential election.Representative Hank Johnson, a Democrat serving Georgia, is proposing a moratorium on state purchases of electronic voting machines that don't produce a paper trail. His Election Integrity Act, introduced Wednesday, would also prohibit voting systems from being connected to the internet as a way to prevent online tampering.The high-profile hack of the Democratic National Committee publicized in June has citizens worried that U.S. election systems may be vulnerable, Johnson said.To read this article in full or to leave a comment, please click here | |||
|
2016-09-21 12:10:00 | IDG Contributor Network: IoT security: Intel EPID simplifies authentication of IoT devices (lien direct) | Did you know that over 75 million tourists visit the United States every year? Or that the Transport Security Administration (TSA) screens over 2 million people daily?The TSA processes 150 passengers per security lane. Imagine the public outrage if it took 20 minutes to screen a passenger and the process publicly disclosed personal information. That's the average time and result of installing an IoT device today.What lessons can be applied from security screenings to accelerate IoT device adoption? How can the authentication and installation of new IoT devices be streamlined?To read this article in full or to leave a comment, please click here | |||
|
2016-09-21 11:43:00 | Cisco Talos: Spam at levels not seen since 2010 (lien direct) | Spam is back in a big way – levels that have not been seen since 201o in fact. That's according to a blog post today form Cisco Talos that stated the main culprit of the increase is largely the handiwork of the Necurs botnet, stated the blog's author Jaeson Schultz.+More on Network World: The weirdest, wackiest and coolest sci/tech stories of 2016 (so far!)+“Many of the host IPs sending Necurs' spam have been infected for more than two years. To help keep the full scope of the botnet hidden, Necurs will only send spam from a subset of its minions. An infected host might be used for two to three days, and then sometimes not again for two to three weeks. This greatly complicates the job of security personnel who respond to spam attacks, because while they may believe the offending host was subsequently found and cleaned up, the reality is that the miscreants behind Necurs are just biding their time, and suddenly the spam starts all over again. At Talos, we see this pattern over, and over again for many Necurs-affiliated IPs,†he wrote.To read this article in full or to leave a comment, please click here | |||
|
2016-09-21 10:50:00 | More than 840,000 Cisco devices are vulnerable to NSA-related exploit (lien direct) | More than 840,000 Cisco networking devices from around the world are exposed to a vulnerability that's similar to one exploited by a hacking group believed to be linked to the U.S. National Security Agency.The vulnerability was announced by Cisco last week and it affects the IOS, IOS XE, and IOS XR software that powers many of its networking devices. The flaw allows hackers to remotely extract the contents of a device's memory, which can lead to the exposure of sensitive information.The vulnerability stems from how the OS processes IKEv1 (Internet Key Exchange version 1) requests. This key exchange protocol is used for VPNs (Virtual Private Networks) and other features that are popular in enterprise environments.To read this article in full or to leave a comment, please click here | Guideline | ||
|
2016-09-21 09:57:59 | Hackers sell tool to spread malware through torrent files (lien direct) | Be careful with what you torrent. A new tool on the black market is helping hackers distribute malware through torrent files in exchange for a fee.On Tuesday, security researchers at InfoArmor said they discovered the so-called "RAUM" tool in underground forums.It leverages torrenting -- a popular file-sharing method associated with piracy -- to spread the malware. Popular torrent files, especially games, are packaged with malicious coding and then uploaded for unsuspecting users to download.Using torrents to infect computers is nothing new. But the makers of the RAUM tool have streamlined the whole process with a "Pay-Per-Install" model, according to InfoArmor.To read this article in full or to leave a comment, please click here | |||
|
2016-09-21 09:47:00 | How to protect your mission-critical information (lien direct) | Given the vast and increasing volumes of data within organizations today, securing your data can seem an insurmountable task. But you can get your arms around it if you assess the value of your data and focus your attention on protecting your mission-critical information assets - the crown jewels.Yesterday, the nonprofit Information Security Forum (ISF) announced the availability of Protecting the Crown Jewels: How to Secure Mission-Critical Information Assets, the latest in a series of reports geared to helping organizations do just that."Businesses must prioritize the protection of mission-critical information assets," says Steve Durbin, managing director of the ISF. "Far too often, organizations consider the value of these assets, but fail to recognize the extent to which they are exposed to global security threats."To read this article in full or to leave a comment, please click here | |||
|
2016-09-21 09:42:00 | IDG Contributor Network: 3D printers hackable via smartphone (lien direct) | A smartphone's built-in sensors can be used to swipe important intellectual property, such as product models and prototypes, by reading a combination of acoustic traces and electromagnetic energy as a 3D printer's print head moves across a platen.New research discovered that it's not just the sounds that the nozzle makes as it prints the model that gives the game away, as was previously thought. A new study indicates that by combining the collection of sounds with electromagnetic readings, hackers can obtain a powerful facsimile of what's being made.+ Also on Network World: 3D printers wide-open to hacking +To read this article in full or to leave a comment, please click here | |||
|
2016-09-21 08:38:00 | Education needs to study up on fighting ransomware (lien direct) | It should surprise no one that ransomware is on the rise, but it may be news that education -- not healthcare -- is outstripping other industries for rate of infection, according to a study by security ratings firm BitSight.Organizations in education had the highest rate of infection, with at least one in 10 experiencing ransomware on their networks, according to “The Rising Face of Cyber Crime: Ransomware†report.The study looks at businesses in finance, retail, healthcare, energy/utilities, government and education, which are listed in order from best to worst for ransomware infection rate. Education's score is far behind that of the others, more than double that for government. The rate ranges from 13% of those in education down to 1.5% for those in finance.To read this article in full or to leave a comment, please click here | |||
|
2016-09-21 08:00:32 | Apple\'s new macOS Sierra fixes over 60 security flaws (lien direct) | Apple launched its newest operating system, macOS Sierra 10.12, on Tuesday and aside from new and interesting features, it has a large number of important security fixes.The new OS patches 65 vulnerabilities in various core and third-party components. Some of these vulnerabilities are critical and can result in arbitrary code execution with kernel privileges.Flaws that allow local applications to execute malicious code with kernel or system privileges were fixed in Apple's HSSPI support component, AppleEFIRuntime, AppleMobileFileIntegrity, AppleUUC, the Bluetooth stack, DiskArbitration, the Intel Graphics Driver, the IOAcceleratorFamily and IOThunderboltFamily, the S2 Camera, the Security service and the kernel itself.To read this article in full or to leave a comment, please click here | |||
|
2016-09-21 06:54:00 | ACLU: Cops accidentally recorded themselves making up bogus criminal charges (lien direct) | If cops are going to do something shady, something as unethical and illegal as violating a citizen's First Amendment rights to free speech and his Fourth Amendment rights against warrantless seizure, then they definitely don't want their actions being recorded; yet that is exactly what happened when Connecticut State Police troopers seized a camera belonging to a protestor and the camera continued to film while they conspired on which bogus charges to level against him.In September 2015, Michael Picard was protesting near a DUI checkpoint in West Hartford by holding up a big handwritten sign which read “Cops Ahead: Keep Calm and Remain Silent.†Picard, who was lawfully carrying a handgun, also had a camera which he was using to film the police – public employees on a public street.To read this article in full or to leave a comment, please click here | |||
|
2016-09-21 03:00:00 | IT security: 3 things you need to know now (lien direct) | Computerworld, CSO and CIO surveyed 287 business and IT leaders on the state of security in their organization. Here's what they had to say (it ain't always pretty...). | Guideline | ||
|
2016-09-21 03:00:00 | Cisco CEO Robbins: Wait til you see what\'s in our innovation pipeline (lien direct) | It's been a little over a year since Chuck Robbins took the reins at Cisco from the venerated John Chambers. In that time, the face and pace of the IT realm has transformed -- from Dell buying EMC and HP splitting up to the swift rise of IoT and harsh impact of security challenges. Robbins has embraced this rapid change and, he says in this wide-ranging interview, moved the company forward with relentless speed to address everything from hyperconvergence to application-centric infrastructures. To read this article in full or to leave a comment, please click here | |||
|
2016-09-20 23:22:22 | Russia has previously tried to influence US elections, says spy chief (lien direct) | Russia has tried to influence U.S. elections since the 1960s during the Cold War, U.S. Director of National Intelligence James R. Clapper said Tuesday.It's not clear whether the interference, which has a long history, aims to influence the outcome of the election or tries to sow seeds of doubt about the sanctity of the process, Clapper said in an interview to The Washington Post.The remarks are the closest the U.S. spy chief has come to suggesting that Russia could be involved in recent hacks of Democratic party organizations.To read this article in full or to leave a comment, please click here | |||
|
2016-09-20 13:22:49 | Receive alerts when your data is leaked with this tool (lien direct) | If you're worried that your data might end up in the hands of a hacker, one site is offering a free service that can give you a head's up.Baltimore-based Terbium Labs has come up with a product called Matchlight, which crawls the dark recesses of the internet, looking for stolen data that's circulating on the black market.On Tuesday, Terbium Labs opened the product to the public. That means any user can sign up to have five of their personal records monitored for free.To read this article in full or to leave a comment, please click here | |||
|
2016-09-20 11:09:00 | IDG Contributor Network: Data breaches: This time it\'s more personal (lien direct) | Summer 2016 was not a good time for data breaches.First, news broke that the Democratic National Committee was hacked, leading to the resignation of DNC Chair Debbie Wasserman Schultz and driving a wedge between Democratic Party members.Later, the World Anti-Doping Agency (WADA) announced that Russian hackers had illegally accessed its Anti-Doping Administration and Management System (ADAMS) database, leaking confidential medical information for U.S. athletes, including Simone Biles and Serena Williams.To read this article in full or to leave a comment, please click here | Guideline | ||
|
2016-09-20 10:29:06 | TLS 1.3 gets early adoption boost through CloudFlare (lien direct) | Website security and performance vendor CloudFlare has made the newest version of the TLS secure communications protocol available to all of its customers.The TLS (Transport Layer Security) 1.3 specification is yet to be finalized by the Internet Engineering Task Force (IETF), the body that develops internet standards. However, the protocol is already supported in beta versions of Google Chrome and Mozilla Firefox, and it's being hailed as an important step forward in securing internet communications.TLS 1.3 removes some cryptographic algorithms present in TLS 1.2 that are known to be vulnerable. This makes it easier for server administrators to deploy secure-by-default HTTPS configurations. HTTPS (HTTP Secure) is a mix between HTTP and TLS.To read this article in full or to leave a comment, please click here | |||
|
2016-09-20 09:56:48 | Data hoarding site represents the dark side of data breach monitoring (lien direct) | A site that's been warning the public about data breaches might actually be doing more harm than good.Enter LeakedSource, a giant repository online that can potentially make hacking easier. Your email address and the associated Internet accounts -- including the passwords -- is probably in it.In fact, the giant repository is made up of stolen databases taken from LinkedIn, Myspace, Dropbox, and thousands of other sites. It bills itself as a data breach monitoring site and for months now, it's been collecting details on hacks, both old and new, and alerting the media about them.To read this article in full or to leave a comment, please click here | |||
|
2016-09-20 08:46:00 | SIEM Market Dynamics in Play (lien direct) | When I started focusing on the security market 14 years ago, the SIEM market was burgeoning market populated by vendors such as CA, e-Security, Intellitactics, and NetForensics. In the intervening timeframe, the SIEM market has grown, thrived, and changed every few years. SIEM started as a central repository for event correlation for perimeter security devices. It then morphed into a reporting engine for governance and compliance. In a subsequent phase, SIEM became more of a query and log management tools for security analysts. Fast forward to 2016 and SIEM has taken on a much bigger scope – an enterprise software platform that anchors security operations centers (SOCs). In this role, SIEM platforms can also include:To read this article in full or to leave a comment, please click here | |||
|
2016-09-20 07:55:10 | (Déjà vu) Researchers demonstrate remote attack against Tesla Model S (lien direct) | Tesla Motors is considered one of the most cybersecurity-conscious car manufacturers in the world -- among other things, it has a bug bounty program. But that doesn't mean the software in its cars is free of security flaws.Researchers from Chinese technology company Tencent found a series of vulnerabilities that, when combined, allowed them to remotely take over a Tesla Model S car and control its sunroof, central display, door locks and even the breaking system. The attack allowed the researchers to access the car's controller area network (CAN) bus, which lets the vehicle's specialized computers communicate with each other."As far as we know, this is the first case of remote attack which compromises CAN Bus to achieve remote controls on Tesla cars," the researchers from Tencent's Keen Security Lab said in a blog post Monday. "We have verified the attack vector on multiple varieties of Tesla Model S. It is reasonable to assume that other Tesla models are affected."To read this article in full or to leave a comment, please click here | Tesla | ||
|
2016-09-20 07:12:00 | Researchers remotely hack Tesla Model S while it is being driven (lien direct) | Chinese researchers from Keen Security Lab of Tencent announced that they could chain multiple vulnerabilities together which allowed them to remotely hack the Tesla Model S P85 and 75D from as far as 12 miles away.The researchers said: As far as we know, this is the first case of remote attack which compromises CAN Bus to achieve remote controls on Tesla cars. We have verified the attack vector on multiple varieties of Tesla Model S. It is reasonable to assume that other Tesla models are affected.To read this article in full or to leave a comment, please click here | Tesla | ||
|
2016-09-20 05:53:00 | (Déjà vu) Be careful not to fall for these ransomware situations (lien direct) | Gimme all your money Image by ThinkstockIn a world where ransomware hackers are expected to extort $1 billion in damages throughout 2016 in the US alone, businesses and individuals are being forced to be on high-alert when it comes to digital security. Carbonite's customer support team has handled over 7,300 ransomware-related calls just since January 2015 (365/month), encountering breaches occurring through everything from Xerox scans to fake Microsoft IT representatives.To read this article in full or to leave a comment, please click here |
|||
|
2016-09-20 04:02:58 | Swift hopes daily reporting will help stem payment fraud (lien direct) | Swift is introducing a new reporting system to help banks identify fraudulent payments made over its financial transfer network -- but the reports will arrive up to a day too late to stop them.Over the last year, cybercriminals have hacked systems at a number of banks, using their credentials to issue fraudulent payment instructions over the Swift network. Swift's network wasn't comprimised, but because genuine credentials were used on authorized bank terminals, no alarms were raised until some time after the transfers were made, leaving victims struggling to recover their funds from the destination accounts.To read this article in full or to leave a comment, please click here | |||
|
2016-09-19 10:11:00 | Explaining security automation and its evolving definitions (lien direct) | This vendor-written tech primer has been edited by Network World to eliminate product promotion, but readers should note it will likely favor the submitter's approach.There's been a lot of talk about security automation, but it's increasingly unclear what is what. For example, a Network World article on security automation last year focused mostly on threat detection, a Gartner report on Intelligent and Automated Security Controls focused on the threat intelligence component, and another recent piece referenced security automation simply as “the automation of cybersecurity controls.â€To read this article in full or to leave a comment, please click here | |||
|
2016-09-19 07:59:00 | Cisco discloses PIX firewall, IOS software security holes (lien direct) | Cisco has warned of a high priority security hole in its IOS software that could have let attackers snatch memory contents from a variety of products that could lead to the disclosure of confidential information.+More on Network World: Cisco buys into containers with Container X acquisition+Specifically Cisco said the vulnerability is due to “insufficient condition checks in the part of the code that handles [Internet Key Exchange] IKEv1 security negotiation requests. An attacker could exploit this vulnerability by sending a crafted IKEv1 packet to an affected device configured to accept IKEv1 security negotiation requests.â€To read this article in full or to leave a comment, please click here | Guideline | ||
|
2016-09-19 07:56:00 | Teenager claims to have accessed FTPs, downloaded data from every state with .us domain (lien direct) | A security researcher going by Minxomat scanned IPv4 addresses and then released a list of nearly 800,000 open FTP servers, meaning no authentication is required to access them. His scan revealed that 4.32% of all FTP servers in the IPv4 address space allowed “anonymous†users to login with no password.“This is a list of all (796,578) FTP servers directly connected to port 21 in the IPv4 address space that allow anonymous logins,†Minxomat wrote on GitHub. “The login must be completed in less than five seconds to qualify for this list.â€If an FTP server was meant to be public, he did not include it in the list. In his post describing “mass-analyzing a chunk of the internet,†Minxomat said he set up filters to exclude other results such as “POS system firmware update servers and printers (firmware|printer).â€To read this article in full or to leave a comment, please click here | |||
|
2016-09-19 07:08:07 | Cisco patches Equation group exploit in IOS, IOS XE and IOS XR devices (lien direct) | Cisco Systems has patched a vulnerability similar to one exploited by a cyberespionage group believed to be linked to the U.S. National Security Agency.The vulnerability affects networking devices running Cisco's IOS, IOS XE and IOS XR operating systems that process IKEv1 (Internet Key Exchange version 1) packets. When exploited, it allows remote unauthenticated attackers to extract contents from a device's memory, potentially leading to the exposure of sensitive and confidential information.IKE is a key exchange protocol used by several popular features including LAN-to-LAN VPN (Virtual Private Network), remote access VPN, Dynamic Multipoint VPN (DMVPN) and Group Domain of Interpretation (GDOI). It is likely to be enabled on many Cisco devices in enterprise environments.To read this article in full or to leave a comment, please click here | Guideline | ||
|
2016-09-19 06:00:00 | New products of the week 9.19.16 (lien direct) | New products of the week Our roundup of intriguing new products. Read how to submit an entry to Network World's products of the week slideshow.Contempo Key features: Contempo is a real-time political news app: swipe left for “the left†and right for “the right.†Integration with Rock the Vote provides an opportunity to register to vote, check registration status. More info.To read this article in full or to leave a comment, please click here |
|||
|
2016-09-18 19:50:53 | Oracle will acquire cloud security vendor Palerra (lien direct) | Oracle has agreed to acquire Palerra, a vendor of software for securing cloud services, as part of its strategy to provide customers comprehensive identity and security cloud servicesPalerra offers a Cloud Access Security Broker product called Loric that offers a combination of visibility into cloud usage, data security, user behavior analytics, and security configuration, with automated incident responses."We think this is an important addition to our overall cloud security portfolio," Larry Ellison, Oracle's executive chairman and chief technology officer said in his keynote Sunday at the Oracle OpenWorld conference. "It [Security] is job one at Oracle. We'll keep building, and when we find a supplier out there who is doing good work, we'll buy them."To read this article in full or to leave a comment, please click here | |||
|
2016-09-18 09:20:00 | Valve nukes Digital Homicide\'s games after developer sues to unmask 100 Steam users (lien direct) | If you write a negative review for a game, is that harassment? It is according to game developer Digital Homicide which is suing 100 Steam users for $18 million.After Digital Homicide developer James Romine filed a lawsuit, an Arizona judge granted a subpoena to obtain the personal “identification and associated data†of 100 anonymous Steam users. Romine alleges that the Steam group of Jane and John Does created a “hate and harassment group, Digital Homicides Poop Games.â€To read this article in full or to leave a comment, please click here | |||
|
2016-09-16 13:07:00 | Continuous Authentication: The future of Identity and Access Management (IAM) (lien direct) | Although vendor-written, this contributed piece does not promote a product or service and has been edited and approved by Network World editors.Usernames and passwords act as a gateway. Insert another authentication step on top of these credentials and this gateway becomes harder to infiltrate. But once access is gained, how can the device or Web application be certain that the authenticated user is, in fact, the same person throughout the entire session?For example, you may log in and walk away from your device, creating an opportunity for someone else to take over your session and thus, your identity. Or more commonly, you may hand the device to a colleague – a non-authenticated user – trusting they won't do anything nonsensical or malicious. In fact, according to a survey by B2B International and Kaspersky Lab, 32% of respondents who share an Internet-enabled device with their relatives, colleagues or friends noted that they do not take any precautions in protecting their information. To read this article in full or to leave a comment, please click here | |||
|
2016-09-16 12:41:29 | Judge paves the way for British hacker\'s extradition to US (lien direct) | A U.K. judge has ruled in favor of extraditing a British man to the U.S. on charges of hacking government computers, despite fears he may commit suicide.Lauri Love, 31, has been fighting his extradition for allegedly stealing data from U.S. government agencies, including the Department of Defense and NASA.On Friday, a Westminster Magistrates court ruled that Love can be safely extradited to the U.S. to face trial, even though he has Asperger Syndrome and a history of depression.“I send this case to the secretary of state for her decision as to whether or not Mr. Love should be extradited,†Judge Nina Tempia said in the ruling.To read this article in full or to leave a comment, please click here | |||
|
2016-09-16 10:02:12 | FBI faces lawsuit because it\'s stayed mum on iPhone 5c hack (lien direct) | The FBI's refusal to reveal how it accessed an iPhone 5c from a San Bernardino mass shooter will face scrutiny in court. USA Today's parent company and two other news groups have filed a lawsuit against the agency, demanding it turn over the details.In March, the FBI unlocked the passcode-protected iPhone through an unknown third party, for a reportedly large sum that the agency hasn't officially disclosed.The lack of details prompted USA Today to submit a Freedom of Information Act request to the FBI, regarding the costs paid to the third-party contractor. But in June, the FBI denied the request, claiming that the disclosure could interfere with law enforcement.To read this article in full or to leave a comment, please click here | |||
|
2016-09-16 09:52:00 | (Déjà vu) Tech jobs that will get you the biggest raise next year (lien direct) | The biggest raises in 2017 will go to data scientists, who can expect a 6.4% boost in pay next year. That's well above the average 3.8% increase that's predicted for tech workers, according to new data from Robert Half Technology. The recruiting and staffing specialist recently released its annual guide to U.S. tech salaries, which finds IT workers will be getting slightly bigger pay bumps than many other professionals. Across all fields, U.S. starting salaries for professional occupations are projected to increase 3.6% in 2017. The largest gains will occur in tech – where starting salaries for newly hired IT workers are forecast to climb 3.8%.To read this article in full or to leave a comment, please click here | |||
|
2016-09-16 09:15:52 | Remote Safe Mode attack defeats Windows 10 pass-the-hash defenses (lien direct) | Microsoft tries to protect user account credentials from theft in Windows 10 Enterprise, and security products detect attempts to pilfer user passwords. But all those efforts can be undone by Safe Mode, according to security researchers.The Safe Mode is an OS diagnostic mode of operation that has existed since Windows 95. It can be activated at boot time and only loads the minimal set of services and drivers that Windows requires to run.This means that most third-party software, including security products, don't start in Safe Mode, negating the protection they otherwise offer. In addition, there are also Windows optional features like the Virtual Secure Module (VSM), which don't run in this mode.To read this article in full or to leave a comment, please click here | |||
|
2016-09-16 08:22:53 | Bank of England wants next payment system to be blockchain-ready (lien direct) | The Bank of England wants to open its interbank settlement service to blockchain technologies as part of a major revamp of the system.The bank is not suggesting that U.K. banks should begin processing bitcoin payments as a matter of routine. However, it does want the replacement for its ageing real-time gross settlement (RTGS) system to be ready for whatever the industry is likely to throw at it when it goes into service in 2020.It identified five key strategic drivers for the new RTGS system in a consultation document, "A new RTGS service for the U.K.: safeguarding stability, enabling innovation," published Friday. Among them, it lists the need to interface with new technologies such as distributed ledgers. These are often referred to as blockchains, and include systems such as bitcoin and Ethereum.To read this article in full or to leave a comment, please click here | |||
|
2016-09-16 08:18:00 | Small, low flying drones the target of newfangled DARPA defense system (lien direct) | Drones flying at or below 1,000ft are the targets of a proposed surveillance system from the Defense Advanced Research Projects Agency.DARPA said it envisions its Aerial Dragnet program will develop technologies to deliver persistent, wide-area surveillance of all low flying unmanned aircraft via a network of surveillance nodes. These nodes would offer coverage, say of a neighborhood-sized urban area, perhaps mounted on long-endurance unmanned aircraft.+More on Network World: Hot stuff: The coolest drones+“Using sensor technologies that can look over and between buildings, the surveillance nodes would maintain UAS tracks even when the craft disappear from sight around corners or behind objects. The output of the Aerial Dragnet system would be a continually updated common operational picture of the airspace at altitudes below where current aircraft surveillance systems can monitor, disseminated electronically to authorized users via secure data links,†DARPA stated.To read this article in full or to leave a comment, please click here | |||
|
2016-09-16 06:38:00 | FBI urges ransomware victims to step forward (lien direct) | The FBI has issued a plea for those who have been hit by ransomware to report this to federal law enforcement so that the country can get a better sense of just how bad this problem really is.Ransomware refers to malware that encrypts files on computers or locks users out of their computers, and requests ransom be paid to set files free or allow users to regain access. Such malware, often going by spooky names like Cryptolocker or TeslaCrypt, can be activated by clicking on a web link or even visiting a compromised website, or opening an file in email. One nasty variant even takes your money and still deletes your files.To read this article in full or to leave a comment, please click here | Tesla | ||
|
2016-09-15 16:19:26 | Don\'t pardon Snowden, lawmakers tell Obama (lien direct) | U.S. lawmakers are trying to stifle any hope that National Security Agency leaker Edward Snowden will receive a pardon. On Thursday, the House intelligence committee sent a letter to President Obama urging him to treat Snowden as a criminal.“Mr. Snowden is not a patriot. He is not a whistleblower,†the letter said.The letter was sent amid calls from tech leaders and liberal activists for Obama to pardon Snowden. The campaign, supported by Apple co-founder Steve Wozniak and celebrities including actor Daniel Radcliffe, argues that Snowden sparked an important debate about government mass surveillance.To read this article in full or to leave a comment, please click here | Guideline | ||
|
2016-09-15 13:58:00 | Infocyte HUNT sets out to answer the question, "Have we been hacked?" (lien direct) | This column is available in a weekly newsletter called IT Best Practices. Â Click here to subscribe. Â Your company's senior executives are discussing cyber security and the possibility of suffering a data breach. The CEO read that if a company has valuable data, then a breach is statistically inevitable. Thankfully your company hasn't discovered a breach, but that means very little. FireEye says that a breach can go undetected for as long as 200 days. The worried CEO picks up the phone, calls you and asks, "Has our enterprise network been hacked?" He wants a definitive yes or no answer, right then and there. What do you tell him?To read this article in full or to leave a comment, please click here | |||
|
2016-09-15 13:48:00 | The FBI could have saved money with this iPhone 5c hack (lien direct) | The FBI may have paid a small fortune to unlock an iPhone 5c used by the San Bernardino shooter. But a security researcher has demonstrated a way to do it for less than US $100. Sergei Skorobogatov at the University of Cambridge used a technique known as NAND mirroring to bypass the passcode retry limit on an iPhone 5c. Using store-bought equipment, he created copies of the phone's flash memory to generate more tries to guess the passcode. Â Skorobogatov detailed the whole process in a new paper that disputes the FBI's assertion that the San Bernardino shooter's iPhone couldn't be accessed with the NAND mirroring technique. Â To read this article in full or to leave a comment, please click here | |||
|
2016-09-15 11:26:00 | IDG Contributor Network: Security talent management for the digitization era (lien direct) | Stiff competition for talent and a limited pool of security specialists make information security staffing a perennial challenge. Complicating this is the fact that security has not yet adapted to its changing role as organizations digitize. Now more than ever, information security leaders need to understand the new business environment and adapt how they hire, compete for and manage talent for the digital era.+ Also on Network World:Â High-demand cybersecurity skill sets +Digitization is transforming organizations' products, channels and operations. While this change comes with the potential for higher profit margins through enhanced efficiency, it also brings an increase in the number and variety of advanced threats, board oversight and regulatory compliance issues.To read this article in full or to leave a comment, please click here | Guideline | ||
|
2016-09-15 10:13:00 | Federal CISO\'s define greatest challenges to authority (lien direct) | If you are a federal Chief Information Security Officers – or even if you are not, you face some serious trials just to do your difficult job.Federal agencies in particular lack clarity on how to ensure that their CISOs have adequate authority to effectively carry out their duties in the face of numerous challenges, a report out this week form the watchdogs at the Government Accountability Office stated.+More on Network World: The 7 most common challenges to cloud computing+The GAO said that 13 of the 24 agencies it reviewed – including the Departments of Defense, Commerce Energy, Justice and State-- for its report “had not fully defined the role of their CISO in accordance with these requirements. For example, these agencies did not always identify a role for the CISO in ensuring that security controls are periodically tested; procedures are in place for detecting, reporting, and responding to security incidents; or contingency plans and procedures for agency information systems are in place. Thus, CISOs' ability to effectively oversee these agencies' information security activities can be limited,†the GAO stated.To read this article in full or to leave a comment, please click here | |||
|
2016-09-15 10:07:38 | Chrome OS gets cryptographically verified enterprise device management (lien direct) | Companies will now be able to cryptographically validate the identity of Chrome OS devices connecting to their networks and verify that those devices conform to their security policies.On Thursday, Google announced a new feature and administration API called Verified Access. The API relies on digital certificates stored in the hardware-based Trusted Platform Modules (TPMs) present in every Chrome OS device to certify that the security state of those devices has not been altered.Many organizations have access controls in place to ensure that only authorized users are allowed to access sensitive resources and they do so from enterprise-managed devices conforming to their security policies.To read this article in full or to leave a comment, please click here | |||
|
2016-09-15 08:43:00 | The Era of Identity-based Applications (lien direct) | Identity and access management (IAM) has always been a heavy burden for large organizations. Why? Multiple folks across companies – business people, software developers, IT operations, human resources, security, compliance auditors, etc. – play some role across the IAM spectrum.As a result of this IAM group hug, technology decisions tend to be made tactically without any central oversight or integrated strategy but this behavior may be changing. According to ESG research, 49% of large organizations claim they now have a formal enterprise-wide strategy in which IAM technology decisions are managed by central IT (note: I am an ESG employee). In other words, someone in IT is now responsible and accountable for all IAM technology.To read this article in full or to leave a comment, please click here | |||
|
2016-09-15 07:40:44 | Pokémon Go guide app with half a million downloads hacks Android devices (lien direct) | Security researchers have found a malicious application on Google Play that had over 500,000 downloads and was designed to gain complete control over Android devices.The application masqueraded as a guide for the popular Pokémon Go game and used multiple layers of obfuscation to bypass Google Play's malware detection mechanisms, researchers from Kaspersky Lab said in a blog post.The app contains a malicious module that doesn't execute immediately. Instead, the app waits for another application to be installed or uninstalled in order to determine if it's running on a real device or in an emulated environment, like the ones used to detect malware.To read this article in full or to leave a comment, please click here | |||
|
2016-09-15 07:18:04 | Tech leaders, activists call for Obama to pardon Snowden (lien direct) | Tech luminaries Steve Wozniak, co-founder of Apple, and Jimmy Wales, founder of Wikipedia, have joined a new campaign pushing for a pardon of National Security Agency leaker Edward Snowden.Other supporters of the PardonSnowden.org campaign, launched Wednesday, are Harvard law professor and tech policy author Lawrence Lessig; tech investor Esther Dyson; noted cryptographer and MIT professor Ron Rivest; and Electronic Frontier Foundation co-founder John Perry Barlow.The campaign, supported by the American Civil Liberties Union, Amnesty International, and Human Rights Watch, asks supporters to sign a letter asking President Barack Obama to pardon the former NSA contractor. "Snowden's actions ... set in motion the most important debate about government surveillance in decades, and brought about reforms that continue to benefit our security and democracy," the letter says.To read this article in full or to leave a comment, please click here | Guideline | ||
|
2016-09-15 07:00:00 | FCC Chair\'s update on 5G wireless, robocalls, business data services & more (lien direct) | The following statement was made by FCC Chairman Tom Wheeler before the Committee on Commerce, Science and Transportation of the United States Senate during a hearing on "Oversight of the Federal Communications Commission" on Sept. 15.Chairman Thune, Ranking Member Nelson, and Members of the Committee, thank you for this opportunity to discuss our work at the Federal Communications Commission. Since we last met six months ago, the Commission has continued to make strong progress on our policy agenda. While I am pleased with this progress, our work is far from done. With each passing day, communications technology grows more important to our economy and quality of life. That means there's no letting up at the Commission. We must continue to promote core values like universal access, public safety, consumer protection, and competition at the same bold pace we have consistently maintained. To read this article in full or to leave a comment, please click here | |||
|
2016-09-15 05:02:00 | Sophos rolls out Intercept X for endpoint protection (lien direct) | Sophos is coming out with Intercept X, its new name for endpoint protection that's based on technology acquired when it bought SurfRight last year to broaden its endpoint strategy.The product uses behavior-based screening to detect malicious behavior on endpoints rather than signature-based protection that requires constant updating and can lag behind attackers' efforts to create new versions.The software looks at the behavior of processes, specifically watching for 24 techniques that malware uses as part of attacks, says Dan Schiappa, senior vice president of the Enduser Security Group at Sophos. That boosts the chances of finding zero-day attacks that use a common set of techniques.To read this article in full or to leave a comment, please click here |
To see everything:
Our RSS (filtrered)
