What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2016-10-19 09:49:27 | Czech police arrest Russian hacker suspected of targeting the US (lien direct) | Police in the Czech Republic have arrested a Russian hacker suspected of targeting the U.S. for cyber crime.Czech police, working in collaboration with the FBI, arrested the Russian man at a hotel in central Prague. He is currently in custody and now faces possible extradition to the U.S., depending on what the local courts decide, according to a statement from the Czech police.The arrest comes as the U.S. has blamed Russian government for hacking U.S. officials and political groups in an effort to influence this year's upcoming election. However, it's unclear if the Russian hacker is in any way involved.To read this article in full or to leave a comment, please click here | |||
|
2016-10-19 07:57:00 | Half of American adults are in face recognition databases, report (lien direct) | Half of all American adults are in a face recognition database and not one law enforcement agency requires a warrant before tapping into that tech to identify someone.While you might be binge-watching Netflix, cooking, working or sleeping, in other words-minding your own business and doing nothing illegal-law enforcement may be running your photo through a face recognition network, using your face in a virtual line-up to find a person suspected of committing a crime.How did you end up in this digital manhunt? It could be because you have a driver's license or state-issued ID since 26 states “enroll their residents in a virtual-line up.†That covers more than 117 million American adults, an investigation found, but since not all drivers are adults, then the total number of drivers in face recognition networks is more than 131 million.To read this article in full or to leave a comment, please click here | |||
|
2016-10-19 07:19:49 | Oracle fixes 100s of vulnerabilities that put enterprise data at risk (lien direct) | Oracle has released another large batch of patches, fixing many critical vulnerabilities in enterprise products that are used to store and work with critical business data.About 40 percent of the patched flaws are located in Oracle E-Business Suite, Oracle Fusion Middleware, Oracle PeopleSoft, Oracle Retail Applications, Oracle JD Edwards, Oracle Supply Chain Products and Oracle Database Server. Many of these flaws can be exploited remotely without authentication to compromise the affected components.In total, Oracle's October Critical Patch Update (CPU) contains 253 security fixes across hundreds of products including database servers, networking components, operating systems, application servers and ERP systems.To read this article in full or to leave a comment, please click here | |||
|
2016-10-19 07:08:00 | Recruiting and Retaining Cybersecurity Talent (lien direct) | As we know, there is an acute shortage of cybersecurity talent available on a global basis. For example, previous ESG research from 2016 reveals that 46% of organizations say they have a “problematic shortage†of cybersecurity talent at present (note: I am an ESG employee).Unfortunately, the cybersecurity skills shortage goes beyond headcount alone. According to a recently published report from ESG and the Information Systems Security Association (ISSA), cybersecurity teams can be in a constant state of flux due to issues with employee satisfaction, a lack of adequate training, and staff attrition. The report also exposes the fact that 46% of cybersecurity professionals are actually recruited to pursue new job opportunities at least once per week! In other words, if your cybersecurity people aren't happy, they won't be around long. To read this article in full or to leave a comment, please click here | |||
|
2016-10-19 05:19:00 | Tim Cook or Bill Gates as Clinton\'s VP? It was considered (lien direct) | Apple CEO Tim Cook and Microsoft founder Bill Gates were both on a list of potential vice presidential candidates for Democrat Hillary Clinton, according to a leaked email published on Tuesday by Wikileaks.The email, apparently sent by campaign chairman John Podesta on March 17, named the two tech titans alongside 37 other people as "a first cut of people to consider for VP."Also on the list, published by WikiLeaks, was Gates' wife Melinda. She co-founded the charitable foundation that bears both their names.MORE ON NETWORK WORLD: 6 simple tricks for protecting your passwords Other business leaders that made the cut were General Motors CEO Mary Barra, Bloomberg News founder and former New York Mayor Michael Bloomberg, Xerox CEO Ursula Burns, Coca-Cola CEO Muhtar Kent, Rockefeller Foundation president Judith Rodin, and Starbucks CEO Howard Schultz.To read this article in full or to leave a comment, please click here | Guideline | ||
|
2016-10-19 05:03:00 | CISOs, it\'s time to bury the hatchet with your CIO (lien direct) | Historically, the head of security (CISO) reporting into the head of IT (CIO) has made a lot of sense.Both departments are – at their core – technical disciplines, and as such there is a need for the two to be in regular contact. They need to overlap on network infrastructure, information security, and IT compliance, not to mention overseeing the release of safe, bug-free code and the delivery of secure products.Yet this relationship is often lambasted by those working in the InfoSec community. Some describe it as 'adversarial' – with two very different people trying to achieve different objectives.CIOs will look to bring new business applications online, to maintain service-level agreements, and ensure that IT services are available for all users. Indeed, a CIO's bonuses are often tied to KPIs around these very principles.To read this article in full or to leave a comment, please click here | |||
|
2016-10-19 04:57:00 | IoT botnets powered by Mirai continue to grow (lien direct) | Level 3 Threat Research has noted an uptick in activity by new IoT botnets that are backed by the Mirai malware, with some attacks enlisting 100,000 individual hijacked devices.A significant number of these zombie devices are enslaved by more than one botnet, according to the research described in the Level 3 Beyond Bandwidth blog, and some of these botnets use overlapping infrastructure.Source code for Mirai was released Sept. 30, “which has inspired a significant number of new bad actors, all working to exploit similar pools of vulnerable devices,†the Level 3 researchers write.To read this article in full or to leave a comment, please click here | |||
|
2016-10-19 04:00:00 | Murphy\'s Law: The security version (lien direct) | Since the first of the month, I've heard colleagues and others report each of the 10 security variants to Murphy's Law listed below. Murphy is not only alive but has been reincarnated. It's worth reminding the gentle reader of various famous last words:1. All documents will be out of date or simply missing Documents will not be maintained. Documents will have pages missing. And authors shall be unavailable for any reason (deployed to Mt. Everest is preferred). No documents shall be in an understandable language, be edited, collated, or have referring URLs that do not 404, 401 or 5XX. Any good documentation shall be the only copy on a laptop that was stolen whilst unencrypted. To read this article in full or to leave a comment, please click here | |||
|
2016-10-18 17:04:10 | Ecuador says it cut WikiLeaks founder\'s internet access to prevent U.S. election interference (lien direct) | Ecuador's embassy in the U.K. says it alone was responsible for cutting WikiLeak's founder Julian Assange's internet connection, stating that the country doesn't want to interfere with the U.S. elections."The government of Ecuador respects the principle of non-intervention in the affairs of other countries," it said in a Tuesday statement. "It does not interfere in external electoral processes or support a particular candidate."As result, the government has temporarily cut access to some private communications at the embassy, where Assange has resided for four years.To read this article in full or to leave a comment, please click here | |||
|
2016-10-18 14:53:00 | Gartner Top 10 strategic technology trends you should know for 2017 (lien direct) | Considering how much significance Gartner is placing the future influence of artificial intelligence and algorithms, it comes as little surprise that the group is saying that technology will be one of the most strategic and potentially disruptive for 2017.At its Gartner Symposium/ITxpo, David Cearley, vice president and Gartner Fellow detailed the key technology trends for 2017 as the group sees them including how data science technologies are evolving to include advanced machine learning and artificial intelligence is helping create intelligent physical and software-based systems that are programmed to learn and adapt. Other key trends include the impact of melding of the physical and digital environments and how digital technology platforms are influencing the enterprise.To read this article in full or to leave a comment, please click here | |||
|
2016-10-18 13:50:56 | Hackers create more IoT botnets with Mirai source code (lien direct) | Malware that can build botnets out of IoT products has gone on to infect twice as many devices after its source code was publicly released.The total number of IoT devices infected with the Mirai malware has reached 493,000, up from 213,000 bots before the source code was disclosed around Oct. 1, according to internet backbone provider Level 3 Communications."The true number of actual bots may be higher," Level 3 said in a Tuesday blog post.Hackers have been taking advantage of the Mirai malware's source code, following its role in launching a massive DDOS (distributed denial-of-service) attack that took down the website of cybersecurity reporter Brian Krebs.To read this article in full or to leave a comment, please click here | |||
|
2016-10-18 12:14:00 | Microsoft\'s Nadella takes on privacy fears about LinkedIn, Cortana (lien direct) | ORLANDO, Fla. -- Microsoft CEO Satya Nadella faced sharp questions from Gartner analysts Tuesday about the privacy-invading implications of its $26.2 billion acquisition of LinkedIn, and its all-knowing virtual assistant, Cortana.Helen Huntley, one of the Gartner analysts questioning Nadella at a conference here, was particularly pointed about the fears.Cortana, said Huntley, "knows everything about me when I'm working. She knows what files I'm looking at, she knows what I'm downloading, she knows when I'm working, when I'm not working," she said.To read this article in full or to leave a comment, please click here | |||
|
2016-10-18 10:50:34 | Hackers hide stolen payment card data inside website product images (lien direct) | Attacks that compromise online shops to skim payment card details are increasing and growing in sophistication. The latest technique involves hiding malicious code and stolen data inside legitimate files.A Dutch researcher reported last week that almost 6,000 online shops, most of them built with the Magento content management system, have malicious code that intercepts and steals payment card data during online transactions. The online storefront of the U.S. National Republican Senatorial Committee (NRSC) was among those websites until earlier this month.To read this article in full or to leave a comment, please click here | |||
|
2016-10-18 10:39:00 | WikiLeaks blames US for cutting Assange\'s internet connection (lien direct) | WikiLeaks is accusing U.S. Secretary of State John Kerry of trying to stop the site from publishing stolen emails from Hillary Clinton's presidential campaign. Citing "multiple U.S. sources,"  the site tweeted on Tuesday that Kerry had asked the Ecuadorian government to prevent WikiLeaks' founder Julian Assange from releasing more documents.  Assange is currently residing in the Ecuadorian embassy in London, where he has been helping to run the WikiLeaks site. But on Saturday, the Ecuadorian government shut down his internet connection. WikiLeaks claimed that Kerry had private negotiations with Ecuador last month. However, the U.S. Department of State is denying any involvement with cutting Assange's internet connection.To read this article in full or to leave a comment, please click here | |||
|
2016-10-18 10:34:00 | Down the rabbit hole, part 4: Securing your email (lien direct) | As I strive to make my life safe and secure from prying eyes, one area stands out as being astoundingly critical: email.Heck, you can barely go 24 hours without another example of leaked or hacked emails being released to the public. Add to that the recent revelations that Yahoo has been working secretly with United States government agencies to scan all email going through their system, and it quickly becomes clear that the majority of us have email accounts that are not even remotely private or secure.To read this article in full or to leave a comment, please click here | Yahoo | ||
|
2016-10-18 09:03:17 | Half of US adults are profiled in police facial recognition databases (lien direct) | Photographs of nearly half of all U.S. adults -- 117 million people -- are collected in police facial recognition databases across the country with little regulation over how the networks are searched and used, according to a new study.Along with a lack of regulation, critics question the accuracy of facial recognition algorithms. Meanwhile, state, city, and federal facial recognition databases include 48 percent of U.S. adults, said the report from the Center on Privacy & Technology at Georgetown Law. The search of facial recognition databases is largely unregulated, the report said. "A few agencies have instituted meaningful protections to prevent the misuse of the technology," its authors wrote. "In many more cases, it is out of control."To read this article in full or to leave a comment, please click here | |||
|
2016-10-18 08:46:00 | FDA to healthcare execs on DMCA exemption: Researchers will find new medical device flaws (lien direct) | The FDA wants the medical device industry to quickly fix cybersecurity issues, reminding healthcare executives that they may soon be hearing about vulnerabilities more frequently from security researchers thanks to a DMCA exemption which will soon go into effect.Although the Librarian of Congress issued the new exemptions (pdf) last year, there was a one year hold supposedly so various agencies could update their policies. It's silly, since the exemptions are not permanent; they must be argued and renewed every three years, which basically means security researchers can take advantage of it for two years. They can hope that if their research will take longer than two years, that the exemption is renewed.To read this article in full or to leave a comment, please click here | |||
|
2016-10-18 06:44:48 | Critical flaws found in open-source encryption software VeraCrypt (lien direct) | A new security audit has found critical vulnerabilities in VeraCrypt, an open-source, full-disk encryption program that's the direct successor of the widely popular, but now defunct, TrueCrypt.Users are encouraged to upgrade to VeraCrypt 1.19, which was released Monday and includes patches for most of the flaws. Some issues remain unpatched because fixing them requires complex changes to the code and in some cases would break backward compatibility with TrueCrypt.However, the impact of most of those issues can be avoided by following the safe practices mentioned in the VeraCrypt user documentation when setting up encrypted containers and using the software.To read this article in full or to leave a comment, please click here | |||
|
2016-10-18 06:01:00 | Roqos Core router combines cybersecurity with parental controls (lien direct) | The home Wi-Fi router space continues to gain momentum, with additional startups aiming to provide devices that do more than just sit there and route traffic. The latest device that has arrived at the Cool Tools testing zone is the Roqos Core.Roqos has three goals with its device: First, to provide an easy setup for its Wi-Fi router, making it so that “even grandma can set it upâ€; second, to provide parents with a control system that lets them pause the Internet at the press of a button, and also give filtering and blocking controls; and third, provide a cloud-based cyber-securitiy system that monitors all network traffic through Deep Packet Inspection.To read this article in full or to leave a comment, please click here | |||
|
2016-10-18 05:27:00 | Younger consumers more likely to fall for tech support con jobs (lien direct) | Contrary to conventional wisdom, it's not older consumers who are most easily duped by technical support scams, a survey released today claimed.According to the poll's results, people between 25 and 34 were more than three times as likely to fall for the fake-out as those aged 55 to 64. And the youngest age group -- between 18 and 24 -- were little better than their slightly-older cohort; they were tricked by the scams more than two and a half times the rate of the group aged 66 and older.The survey, conducted by Ipsos Public Affairs this summer and paid for by Microsoft, queried 1,000 adults ages 18 and up in each of several countries, including the U.S., the U.K., Australia, Brazil, Canada, China, Germany and India.To read this article in full or to leave a comment, please click here | |||
|
2016-10-17 23:59:16 | Asylum of WikiLeaks\' Assange not in question (lien direct) | The asylum granted to WikiLeaks' founder Julian Assange by the government of Ecuador is not in question, despite possible differences of opinion between the two on the release of controversial documents by the whistleblowing site.Late Monday, the Ecuadorian government said that in the wake of speculation, it reaffirmed the continuation of asylum that it had extended to Assange for the last four years. It said that the protection would continue as long as the circumstances that had led to that decision continues.Assange was given asylum by Ecuador in 2012 after he slipped into the country's embassy in London, where he continues to be holed for fear of arrest by U.K. police, who have said that they have to arrest Assange if he steps out of the embassy to meet an extradition request from Sweden.To read this article in full or to leave a comment, please click here | |||
|
2016-10-17 14:07:00 | Breaches, IT skills & innovation keeping CIOs up at night (lien direct) | To say that CIOs have full plates – from guarding against breaches to cloud migration to embracing innovation – is an understatement. But given the growing recognition of IT's importance to organizations of all kinds, it's also a tremendous time to be a CIO despite the complications and demands of the job.These are among the findings of the Society for Information Management's (SIM) 37th Anniversary IT Trends Study, which is being released to SIM members this week as a lead-in to next week's annual SIMposium conference that's taking place in Connecticut. Non-members can get a peek at the study next week.To read this article in full or to leave a comment, please click here | Guideline | ||
|
2016-10-17 13:53:00 | Air Force gets space telescope that can see space objects like no ground-based system before it (lien direct) | The DARPA-developed Space Surveillance Telescope (SST) will this week get a new permanent home in Australia with the Air Force Space Command where it promises to rapidly bolster the nation's ability to more quickly spot and track faint objects in space.The Air Force, says the SST features unique image-capturing technology known as a curved charge coupled device (CCD) system, Â as well as very wide field-of-view, large-aperture optics, and doesn't require the long optics train of a more traditional telescopes. The design makes the SST less cumbersome on its moveable mount, letting it survey the sky rapidly, the Air Force says. The telescope's mount uses advanced servo-control technology, making the SST one of the most agile telescopes of its size ever built.To read this article in full or to leave a comment, please click here | |||
|
2016-10-17 13:29:44 | To unlock phones, feds demand all occupants surrender fingerprints (lien direct) | U.S. investigators are exercising a broad legal authority to force suspects to unlock their smartphones. In a recent case, they demanded that anyone found inside a California residence comply by surrendering their fingerprints.In May, the federal prosecutors made the request as part of a search warrant, according to a court filing uncovered by Forbes. Those fingerprints were crucial to unlocking the smartphones, the Department of Justice argued.However, the federal investigators went beyond asking for the fingerprints of one suspect. Instead, they the sought authority to "depress the fingerprints" of everyone located at the California property.To read this article in full or to leave a comment, please click here | |||
|
2016-10-17 11:45:00 | Assange\'s internet allegedly cut by \'state party;\' Guccifer 2.0 springs back to life (lien direct) | WikiLeaks has continued to dump Clinton-related emails, such as three Goldman Sachs speeches that Clinton was paid about $225,000 to give, but a series of unusual tweets sent parts of the internet into a tizzy, claiming Assange had been killed and the tweets were triggered by a dead man's switch.Yesterday, WikiLeaks' regular tweets were interrupted by three tweets which contained hashes.To read this article in full or to leave a comment, please click here | |||
|
2016-10-17 11:00:16 | UK spy agencies illegally collected data for years, court rules (lien direct) | The U.K.'s spy agencies breached the European Convention on Human Rights for years by secretly collecting almost everything about British citizens' communications except their content, a U.K. court has ruled.However, now that the U.K. government has admitted what it is doing, the collection is legal, the Investigatory Powers Tribunal ruled Monday.It has yet to rule on the issue of proportionality, or whether the agencies' actions were reasonable given the threat they sought to counter.Responding to a June 2015 complaint by campaign group Privacy International, the tribunal said the secret intelligence agencies had breached the ECHR for years because of the way they gathered bulk communications data (BCD) and bulk personal data (BPD).To read this article in full or to leave a comment, please click here | |||
|
2016-10-17 10:37:00 | Gartner: Artificial intelligence, algorithms and smart software at the heart of big network changes (lien direct) | Artificial intelligence, machine learning and advanced algorithms are at the heart of an emerging digital world.That was one of the chiefs components of Gartner's Peter Sondergaard, senior vice president and global head of Research opening remarks at today's Gartner Symposium/ITxpo show in Orlando.More on Network World: Will future developments in the realm of Artificial Intelligence be like the wild west or a more controlled situation? +To read this article in full or to leave a comment, please click here | |||
|
2016-10-17 08:48:54 | WikiLeaker Assange\'s internet access cut by a \'state actor\' (lien direct) | A "state actor" has cut off internet access for Julian Assange, the founder of WikiLeaks, the transparency activist organization said Monday.Assange's internet link has been "intentionally severed by a state party," WikiLeaks said in a Monday morning tweet."We have activated the appropriate contingency plans," the organization added.In recent days, WikiLeaks has published thousands of leaked emails from the account of John Podesta, chairman of U.S. presidential candidate Hillary Clinton's campaign. Clinton's campaign, along with President Barack Obama's administration, have accused WikiLeaks of cooperating with Russian hackers in an effort to raise questions about the legitimacy of the upcoming U.S. presidential election.To read this article in full or to leave a comment, please click here | |||
|
2016-10-17 08:19:04 | Lawmakers question DOJ\'s appeal of Microsoft Irish data case (lien direct) | Four U.S. lawmakers are questioning a Department of Justice decision to appeal a July court decision quashing a search warrant that would have required Microsoft to disclose contents of emails stored on a server in Ireland.Last Thursday, Preet Bharara, U.S. Attorney for the Southern District of New York, filed an appeal of the ruling by a three-judge panel of the U.S. Court of Appeals for the Second Circuit.To read this article in full or to leave a comment, please click here | |||
|
2016-10-17 07:19:39 | Dyre banking Trojan successor rears its ugly head (lien direct) | Cybercriminals have unleashed a new banking Trojan program on the internet and it bears striking similarities to Dyre, a malware threat believed to have been dead for almost a year.The new Trojan is called TrickBot and first appeared in September, targeting users of banks in Australia. After a closer analysis, researchers from Fidelis Cybersecurity believe that it is a rewrite of the Dyre Trojan that plagued online banking users for over a year until the gang behind it was dismantled by Russian authorities.While TrickBot is still a work in progress and doesn't have all of Dyre's features, there are enough similarities in their components to suggest that at the very least one served as inspiration for the other. At the same time, there are also significant differences in how some functions have been implemented in the new Trojan, which also has more C++ code than its predecessor.To read this article in full or to leave a comment, please click here | |||
|
2016-10-17 06:55:00 | Cybersecurity Canon Book Report: There Will Be Cyberwar (lien direct) | Given that it's national cybersecurity awareness month, I hope that all cybersecurity professionals are familiar with the Cybersecurity Canon. For those that are not, the goal of the cybersecurity canon is as follows:To identify a list of must-read books for all cybersecurity practitioners – be they from industry, government or academia -- where the content is timeless, genuinely represents an aspect of the community that is true and precise, reflects the highest quality and, if not read, will leave a hole in the cybersecurity professional's education that will make the practitioner incomplete.               To read this article in full or to leave a comment, please click here | |||
|
2016-10-17 06:33:00 | 5 tools for making sense of system logs (lien direct) | Log management software helps IT managers understand and act on the flood of log data spewing from IT systems - to investigate security problems, prevent outages and improve the online customer experience. In essence, logs are a specialized source of business intelligence, while also providing an audit trail for regulatory compliance.Five of the top log management software products are Splunk, LogRhythm, AlienVault, HPE ArcSight Logger and SevOne, according to online reviews by enterprise users in the IT Central Station community. Those users say that the most important criteria to consider when choosing log management software are speed, stability, ease of use, and robust search capabilities.To read this article in full or to leave a comment, please click here | |||
|
2016-10-17 06:26:00 | How to avoid being the next Yahoo (lien direct) | It's no longer about whether or not you'll get attacked, it's about knowing what the repercussions are and if you have the right controls to minimize or completely eliminate the fallout. In order to be able to do this effectively, you need be attuned with your network controls and architecture. Asking the right questions can get you there and also ensuring that network architects are aligned with business and security goals.VArmour CEO Tim Eades offers a few questions decision makers should be asking to ensure they keep their organizations from being the next Yahoo.If we were subject to a data breach, how would our controls and processes appear when described on tomorrow's front page news? Why is this important?To read this article in full or to leave a comment, please click here | Yahoo | ||
|
2016-10-17 02:59:00 | Check Point SandBlast takes endpoint protection to another level (lien direct) | Check Point has long been known as a firewall company but it is reaching beyond its roots with a new series of protective technologies under its SandBlast line.SandBlast has been around for several years, but received several significant updates over the past year to make it a truly effective endpoint protection product that can handle a wide variety of zero-day exploits across your entire enterprise.The goal behind SandBlast is simply stated: you want to lock down as many entry points for malware as possible, and make your network less of a target for hackers to establish a beachhead and run these exploits.To read this article in full or to leave a comment, please click here | |||
|
2016-10-17 02:56:00 | New products of the week 10.17.16 (lien direct) | New products of the week Our roundup of intriguing new products. Read how to submit an entry to Network World's products of the week slideshow.ScreenBeam 960 Key features: ScreenBeam 960 is an enterprise-grade wireless display receiver for business professionals, medical practitioners and educators who need wireless display connectivity to collaborate, create and communicate. More info.§Â For medium-to-large scale deployments§Â Designed specifically for commercial applications and dense wireless environments§Â No Wi-Fi network required§Â Supports Windows 7/8, 8.1 and 10To read this article in full or to leave a comment, please click here |
|||
|
2016-10-16 13:02:00 | 13% off AmazonBasics 17-Sheet Micro-Cut Paper, CD, and Credit Card Shredder - Deal Alert (lien direct) | This powerful shredder from AmazonBasics micro-cuts a letter-sized sheet of paper into 2,235 useless pieces of confetti, up to 17 sheets at a time. Inserted one at a time into the designated slot, it also destroys credit cards, CDs, DVDs, and Blu Rays, rendering them completely unusable. It features a generous 7-gallon bin that pulls out for easy disposal. This micro-cut shredder averages 4.5 out of 5 stars on Amazon from over 170 people (82% rate a full 5 stars: read reviews). Its typical list price of $165 has been reduced 13% to $144.To read this article in full or to leave a comment, please click here | |||
|
2016-10-16 08:31:00 | GitLab deleted then restored list of online stores infected with skimming software (lien direct) | For at least six months, the online store at the National Republican Senatorial Committee site had “hidden skimming software†in the form of malicious JavaScript code; it was far from the only store which hackers had compromised via exploiting vulnerabilities in unpatched versions of ecommerce platforms, such as Magento. In fact, at least 5,925 stores were unwittingly participating in online skimming attacks run by multiple cybercriminal groups. Dutch researcher Willem de Groot estimated that 85 stores are compromised daily.To read this article in full or to leave a comment, please click here | |||
|
2016-10-14 13:49:00 | Secret Service IT security lambasted by Homeland Security inspector general (lien direct) | For now, the US Secret Service has no reasonable assurance that its information systems are properly secured to protect Law Enforcement Sensitive case management information.That was but one of the conclusions laid at the feet of the US Secret Service today by the Department of Homeland Security's Inspector General, John Roth in a scathing report on the agency tasked with protecting the President and other important government officials.+More on Network World: Federal cyber incidents grew an astounding 1,300% between 2006 and 2015+To read this article in full or to leave a comment, please click here | |||
|
2016-10-14 08:31:04 | US lawmakers want answers on Yahoo email surveillance (lien direct) | A bipartisan group of 48 U.S. lawmakers wants two government agencies to explain a surveillance program in which Yahoo reportedly scanned all the messages of its email users on behalf of the FBI.After recent news reports of the email scanning program, the Department of Justice and the Office of the Director of National Intelligence need to brief Congress about the efforts, the lawmakers said in a letter to the two agencies.The first news reports about the program contained "conflicting reports about which legal authority was used" for the email scans, said the letter, organized by Representatives Justin Amash, a Michigan Republican, and Ted Lieu, a California Democrat.To read this article in full or to leave a comment, please click here | Yahoo | ||
|
2016-10-14 07:31:32 | British navy sends robots to sea in military exercise (lien direct) | The Royal Navy is testing just how much robot craft can do by themselves in military exercises off the British coast.Operation Unmanned Warrior 16 is a chance for allied nations and the defense industry to show off their latest maritime autonomous systems, as part of a broader military exercise called Joint Warrior."Fire and forget" torpedoes capable of homing in on the noise emitted by a target -- then sinking it -- have been around since World War II, but the systems involved in this exercise are less offensive.More than 50 craft are taking part this week, including uncrewed helicopters and underwater vehicles, and an autonomous rigid inflatable boat (RIB). They will perform tasks such as surveillance, intelligence-gathering and mine countermeasures.To read this article in full or to leave a comment, please click here | |||
|
2016-10-14 07:15:16 | GlobalSign certificate revocation error leaves websites inaccessible (lien direct) | Users around the world have had trouble accessing some HTTPS websites due to an error at GlobalSign, one of the world's largest certificate authorities.As part of a planned exercise, GlobalSign revoked one of its cross-certificates that allowed end-user certificates to chain to alternate root certificates. GlobalSign operates multiple roots, which are trusted in browsers and operating systems by default, and links them together through these cross-certificates.The revocation of such a certificate was interpreted by some browsers and systems also as a revocation of the intermediate certificates that chained back to it. This was not really the case or the company's intention.To read this article in full or to leave a comment, please click here | |||
|
2016-10-14 06:52:00 | IT Attrition Could Help Address the Cybersecurity Skills Shortage (lien direct) | When it comes to the cybersecurity skills shortage, ESG research reveals the following (note: I am an ESG employee): 46% of organizations claim that they have a “problematic shortage†of cybersecurity skills. This represents an increase of 18% compared to 2015. A vast majority (87%) admit that it is “very difficult,†“difficult,†or “somewhat difficult†to recruit and hire cybersecurity professionals. Yup, there is a definite shortage of cybersecurity professionals available so recruiters are tripping over each other as they try to poach talent from their existing employers. According to a recently published report by ESG and the Information Systems Security Association (ISSA), 46% of cybersecurity professionals are solicited to consider other cybersecurity jobs by various types of recruiters at least once per week! This situation has led to salary inflation and massive disruption. To read this article in full or to leave a comment, please click here | |||
|
2016-10-14 04:53:00 | University IT employees fighting for jobs question security (lien direct) | Data security is a simmering issue in offshore outsourcing. The offshore workers who staff help desks, call centers and manage systems are accessing data in the U.S. The University of California IT employees, who will soon lose their jobs to overseas workers, are trying point this out.The IT employees say workers in India will have access to UCSF medical and financial information as well as to files with research and study data. The data will reside on hardware based in the U.S.They believe the university has an obligation to disclose its plans to the broader university community and give researchers, in particular, options about who can access this data.To read this article in full or to leave a comment, please click here | |||
|
2016-10-13 18:07:20 | Survey says many companies want to phase out passwords (lien direct) | Don't be surprised if your company decides to do away with password logins. A new survey has found that most organizations are leaning toward phasing out password authentication.The results comes from Wakefield Research, which surveyed 200 IT decision makers in the U.S. last month. Sixty-nine percent of the respondents said they will probably do away with passwords completely in the next five years.Password login systems, though commonplace, are too vulnerable to hacking, according to SecureAuth, the company that commissioned the study. Not surprisingly, SecureAuth sells alternatives to password-based logins.To read this article in full or to leave a comment, please click here | |||
|
2016-10-13 14:11:36 | Verizon signals Yahoo data breach may affect acqusition (lien direct) | Verizon has signaled that Yahoo's massive data breach may be enough reason to halt its US$4.8 billion deal to buy the internet company.On Thursday, Verizon's general counsel Craig Silliman said the company has a "reasonable basis" to believe that the breach involving 500 million Yahoo accounts has had a material impact on the acquisition. This could give the company room to back out or get a large discount."We're looking to Yahoo to demonstrate to us the full impact," he added. "If they believe that it's not, then they'll need to show us that."In response, Yahoo said, "We are confident in Yahoo's value and we continue to work towards integration with Verizon."To read this article in full or to leave a comment, please click here | Yahoo | ||
|
2016-10-13 11:17:37 | Thousands of online shops compromised for credit card theft (lien direct) | Almost 6,000 online shops have been compromised by hackers who added specially crafted code that intercepts and steals payment card details.These online skimming attacks were first discovered by Dutch researcher Willem de Groot a year ago. At that time, he found 3,501 stores containing the malicious JavaScript code. However, instead of getting better, the situation is increasingly worse.By March the number of infected shops grew by almost 30 percent to 4,476, and by September, it reached 5,925. More than 750 online stores who were unwillingly skimming payment card details for attackers in 2015 are still doing so today, showing that this type of activity can go undetected for months, the researcher said in a blog post.To read this article in full or to leave a comment, please click here | |||
|
2016-10-13 09:48:00 | What is MANRS and does your network have it? (lien direct) | While the internet itself was first envisioned as a way of enabling robust, fault-tolerant communication, the global routing infrastructure that underlies it is relatively fragile. A simple error like the misconfiguration of routing information in one of the 7,000 to 10,000 networks central to global routing can lead to a widespread outage, and deliberate actions, like preventing traffic with spoofed source IP addresses, can lead to distributed denial of service (DDoS) attacks.The Internet Society (ISOC), a cause-driven nonprofit organization that seeks to promote the open development, evolution and use of the Internet and the parent organization of the Internet Engineering Task Force (IETF) standards body, is moving to change that. In 2014, ISOC introduced its Mutually Agreed Norms for Routing Security (MANRS) initiative. Today ISOC announced that the initiative membership has more than quadrupled in its first two years, growing from its initial nine network operators to 42 network operators today.To read this article in full or to leave a comment, please click here | Guideline | ||
|
2016-10-13 09:46:00 | The OPM breach report: A long time coming (lien direct) | If you want to have even a chance of defeating cyber attacks, you have to be quick.So, in hindsight, there is no mystery why the federal government's Office of Personnel Management (OPM) was a loser to attackers who exfiltrated personal data – including in many cases detailed security clearance information and fingerprint data – of more than 22 million current and former federal employees.Hackers, said to be from China, were inside the OPM system starting in 2012, but were not detected until March 20, 2014. A second hacker, or group, gained access to OPM through a third-party contractor in May 2014, but was not discovered until nearly a year later.To read this article in full or to leave a comment, please click here | |||
|
2016-10-13 09:03:00 | President Obama targets nasty space weather response with Executive Order (lien direct) | President Barack Obama today issued an Executive Order that defines what the nation's response should be to a catastrophic space weather event that takes out large portions of the electrical power grid, resulting in cascading failures that would affect key services such as water supply, healthcare, and transportation.+More on Network World: NASA: Top 10 space junk missions+To read this article in full or to leave a comment, please click here | |||
|
2016-10-13 06:45:03 | Cisco patches critical authentication flaw in conferencing servers (lien direct) | Cisco Systems has patched a critical vulnerability that could allow hackers to gain access to Cisco Meeting and Acano servers that are used in enterprise environments for video and audio conferencing.The flaw allows an unauthenticated attacker to masquerade as a legitimate user because the Extensible Messaging and Presence Protocol (XMPP) service incorrectly processes a deprecated authentication scheme, Cisco said in an advisory.The flaw affects Cisco Meeting Server versions prior to 2.0.6 with XMPP enabled, as well as versions of the Acano Server prior to 1.8.18 and prior to 1.9.6. If upgrading to the latest releases is not immediately possible, administrators are advised to disable XMPP on their servers and keep using the other available protocols.To read this article in full or to leave a comment, please click here |
To see everything:
Our RSS (filtrered)
