SEC News

What's new arround internet

Last one

Src	Date (GMT)	Titre	Description	Tags	Stories	Notes
	2023-02-10 19:45:08	December ransomware attack leads to massive data breach from California health network (lien direct)	Facilities within California's Heritage Provider Network reported a data breach related to a ransomware attack in December	Ransomware Data Breach Guideline	Heritage Heritage	★★★
	2022-10-23 16:05:58	The RISC Deprogrammer (lien direct)	I should write up a larger technical document on this, but in the meanwhile is this short (-ish) blogpost. Everything you know about RISC is wrong. It's some weird nerd cult. Techies frequently mention RISC in conversation, with other techies nodding their head in agreement, but it's all wrong. Somehow everyone has been mind controlled to believe in wrong concepts.An example is this recent blogpost which starts out saying that "RISC is a set of design principles". No, it wasn't. Let's start from this sort of viewpoint to discuss this odd cult.What is RISC?Because of the march of Moore's Law, every year, more and more parts of a computer could be included onto a single chip. When chip densities reached the point where we could almost fit an entire computer on a chip, designers made tradeoffs, discarding unimportant stuff to make the fit happen. They made tradeoffs, deciding what needed to be included, what needed to change, and what needed to be discarded.RISC is a set of creative tradeoffs, meaningful at the time (early 1980s), but which were meaningless by the late 1990s.The interesting parts of CPU evolution are the three decades from 1964 with IBM's System/360 mainframe and 2007 with Apple's iPhone. The issue was a 32-bit core with memory-protection allowing isolation among different programs with virtual memory. These were real computers, from the modern perspective: real computers have at least 32-bit and an MMU (memory management unit).The year 1975 saw the release of Intel 8080 and MOS 6502, but these were 8-bit systems without memory protection. This was at the point of Moore's Law where we could get a useful CPU onto a single chip.In the year 1977 we saw DEC release it's VAX minicomputer, having a 32-bit CPU w/ MMU. Real computing had moved from insanely expensive mainframes filling entire rooms to less expensive devices that merely filled a rack. But the VAX was way too big to fit onto a chip at this time.The real interesting evolution of real computing happened in 1980 with Motorola's 68000 (aka. 68k) processor, essentially the first microprocessor that supported real computing.But this comes with caveats. Making microprocessor required creative work to decide what wasn't included. In the case of the 68k, it had only a 16-bit ALU. This meant adding two 32-bit registers required passing them twice through the ALU, adding each half separately. Because of this, many call the 68k a 16-bit rather than 32-bit microprocessor.More importantly, only the lower 24-bits of the registers were valid for memory addresses. Since it's memory addressing that makes a real computer "real", this is the more important measure. But 24-bits allows for 16-megabytes of memory, which is all that anybody could afford to include in a computer anyway. It was more than enough to run a real operating system like Unix. In contrast, 16-bit processors could only address 64-kilobytes of memory, and weren't really practical for real computing.The 68k didn't come with a MMU, but it allowed an extra MMU chip. Thus, the early 1980s saw an explosion of workstations and servers consisting of a 68k and an MMU. The most famous was Sun Microsystems launched in 1982, with their own custom designed MMU chip.Sun and its competitors transformed the industry running Unix. Many point to IBM's PC from 1982 as the transformative moment in computer history, but these were non-real 16-bit systems that struggled with more than 64k of memory. IBM PC computers wouldn't become real until 1993 with Microsoft's Windows NT, supporting full 32-bits, memory-protection, and pre-emptive multitasking.But except for Windows itself, the rest of computing is dominated by the Unix heritage. The phone in your hand, whether Android or iPhone, is a Unix compu	Guideline	Heritage
	2021-06-02 10:00:00	Introducing AT&T USM Anywhere Advisors (lien direct)	As environments evolve and cybercriminals become more sophisticated, threat detection and response is becoming increasingly complex. While some organizations are turning to a fully managed detection and response solution, many others with established internal security teams are looking for additional support and expert guidance, while still keeping their program in-house. Our new service, AT&T USM Anywhere Advisors, is the middle-ground solution customers are looking for. USM Anywhere Advisors By combining USM Anywhere, our industry-leading threat detection and response solution, with AT&T USM Anywhere Advisors, companies gain centralized visibility into their entire environment and reactive security support from our expert AT&T Cybersecurity Consultants when additional assistance is needed. Basically, AT&T USM Anywhere Advisors serve as an extension of your in-house staff, providing reactive security support and helping with day-to-day operations while allowing your security team to learn industry best practices and the latest techniques for threat detection and incident response from our cybersecurity experts. The AT&T USM Anywhere Advisors’ reactive incident response services help to identify and triage potential security incidents within your environment. Based on their security expertise, the team evaluates your environment for signs of suspicious activity that have been missed by existing security controls and that could potentially impact confidentiality, integrity, and availability of your environment. When an incident occurs, the team is available to help investigate and deliver an analysis of findings and recommendations for remediation or further investigation. This solution allows you to maintain control of your environment, while gaining a comprehensive security platform for threat detection and response and support for your staff from a team of cybersecurity experts, without having to onboard multiple tools or new employees. With this service, we can help take some of the burden off your existing security team without the cost and complexity of bringing on additional staff. How does it work? AT&T USM Anywhere Advisors work with your internal team to help improve your security posture and help you get the most out of USM Anywhere. The reactive support is available for a pre-defined set of hours each month, ranging from 4-40 hours. When support is needed, your team can call or send an email to engage the team. The hours can be used to help with a range of security operation activities from platform tuning to incident investigation and response. Platform onboarding and tuning includes general tuning, sensor deployment, enabling asset discovery, AlienApp configuration, and more. During an investigation, the USM Anywhere Advisors will investigate your environment for indicators of compromise to determine if rogue users or malicious actors have gained a foothold in your environment. The team will begin each investigation by evaluating all actionable alarms and events in USM Anywhere and creating a specific hypothesis. If all of the required information is not available, they will work with your team to identify any additional systems, applications, and networks to include in the scope of the investigation. The team will utilize the Investigations feature in USM Anywhere to track all investigative activities, including initial detection and response, data collection, data analysis, and impact analysis and reporting. Gain a trusted advisor Our USM Anywhere Advisors team consists of highly trained AT&T Cybersecurity Consultants with over 90 industry-recognized security certifications among them. AT&T Cybersecurity Consulting has a heritage of delivering quality technology and business consulting to companies of all sizes and across industries. Based on their experience, these consultants deliver a vast catalog of services, including strategic planning, architecture and design, and integration and	Threat Guideline	Heritage Heritage
	2021-01-15 17:59:45	Honoring Martin Luther King Jr.\'s Legacy with McAfee\'s African Heritage Community (lien direct)	Today, we celebrate the life and legacy of Dr. Martin Luther King Jr. Dr. King diligently dedicated his life to dismantling systemic racism affecting marginalized groups and leading a peaceful movement to promote equality for all Americans, irrespective of color and creed. He leaves behind a legacy of courage, strength, perseverance, and a life-long dedication […]	Guideline	Heritage Heritage
	2018-04-03 12:35:00	(Déjà vu) Software-defined Global Network as a Service Firm Meta Networks Emerges From Stealth (lien direct)	>Meta NaaS Provides a Software-defined Virtual 'Overlay' to Existing Disjointed Physical Networks Emerging from stealth with $10 million in seed funding led by Vertex Ventures and the BRM Group, Tel Aviv-based Meta Networks has launched Meta NaaS -- a secure software-defined virtual private network aimed at redefining the concept of distributed, cloud-employing corporate networks. The advent of public and private cloud services and offerings, together with the growth of mobile computing and remote working, plus the tendency for most companies to combine all of these with their own on-premise resources has had one major and well-recognized effect: there is no longer a physical network perimeter that can be defined and protected. Solutions generally require point products for every device, aimed at protecting the device and its communication to other parts of the network. This rapidly becomes very complex with multiple points of possible failure. Meta NaaS provides a software-defined virtual 'overlay' to existing disjointed physical networks. It is user-centric, draws on the principle of zero-trust, and brings together all aspects of remote users, mobile devices, separate branch offices, on premise data centers and cloud apps within one single software-defined overlay. It creates a new perimeter in the cloud. Like Google's BeyondCorp, the user is key. Every user device is given a unique permanent identity at the packet level, but is also given access to an always-on virtual private network (VPN). A global distribution of PoPs ensures high performance in accessing and using the VPN from any location, and all corporate traffic from corporate users is securely sent to the NaaS before being delivered to its destination. This includes both internal resources and internet traffic -- and security is handled in the NaaS rather than at the device. "It's worldwide," Etay Bogner, CEO and founder of Meta Networks, told SecurityWeek. "You don't have to install any appliances. You connect separate offices through their existing routers. On top of the network we are deploying best network security. So instead of having the firewall deployed as an appliance in a specific physical location, we have the firewall functionality within the cloud in every one of the PoPs, and we apply security at those locations." The effect is to provide security in even hostile environments -- mobile employees working in internet cafes or airport waiting lounges are as secure and productive as if they were still in the office. Meta NaaS interoperates with other cloud-delivered security solutions, supporting a best-breeds security stack for the enterprise. It delivers identity-based policy routing and packet-level identity verification; and since it is cloud-based, it promises cloud advantages: agility, scalability and cloud economics. "Meta NaaS is a new zero-trust paradi	Guideline	Heritage

Last update at: 2024-07-16 03:08:06
See our sources.

To see everything: Our RSS (filtrered)