What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2018-05-24 20:12:01 | Q&A: How Deep Instinct uses \'deep learning\' to detect unknown malware on laptops, smartphones (lien direct) | Deep Instinct was one of the more intriguing cybersecurity vendors I had the privilege of spending some time with at RSA Conference 2018. The Tel Aviv, Israel – based company lays claims to being the first to apply “deep learning” to a truly innovative protection system that extends machine learning and artificial intelligence down to […] | |||
|
2018-05-24 04:47:03 | Can Cisco, FBI stop Russia from deploying VPNFilter to interfere with U.S. elections? (lien direct) | KINGSTON, WA – NewsWrap 23May2018. Cisco’s Talos cyber intelligence unit today said that it has high confidence that the Russian government is behind the campaign, dubbed VPNFilter, to launch destructive attacks on Ukraine. Related article: How Russian bots supported Nunes memo Talos researchers disclosed that VPNFilter has : •Infected 500,000 routers and networking devices 54 […] | VPNFilter | ||
|
2018-05-23 09:47:01 | GUEST ESSAY: DHS tackles supply-chain issues over malware-laden smartphones (lien direct) | At the Black Hat security conference last August, researchers from the security firm Kryptowire announced that they'd discovered Amazon's #1-selling unlocked Android phone, the BLU R1 HD, was sending Personally Identifiable Information (PII) to servers in China. The culprit was a piece of firmware update software created by AdUps Technologies, a company based in Shanghai. […] | |||
|
2018-05-22 22:23:00 | Advanced encryption that locks down \'underlying data\' arrives to support \'digital transformation\' (lien direct) | Encrypting data kept in storage (data at rest) as well as data as it is being transported from one server to another (data in transit) has become a standard business practice. Yet there remains a singular security gap in the way companies collect, store, access and analyze business data, both on premises and, especially, in […] | |||
|
2018-05-21 18:05:01 | CyberArk shows how \'shadow admins\' can be created in cloud environments (lien direct) | There's little doubt “digital transformation” is here to stay. And it is equally clear that just about all of the fundamental network vulnerabilities we already know about will escalate, in lockstep, with any benefits accrued. It turns out that speeding up tech innovation cuts both ways. Related article: How safeguarding privileged accounts can lower insurance […] | |||
|
2018-05-21 15:10:04 | GUEST ESSAY: The Facebook factor: Zuckerberg\'s mea culpa reveals intolerable privacy practices (lien direct) | In the words of the Nobel Prize writer Bob Dylan, “The times, they are a-changin.'” Revelations in the press about Facebook's current privacy problems, and a new comprehensive European Union privacy framework that impacts American businesses, may be changing the climate towards more data privacy regulations by United States lawmakers. As technology and uses for […] | |||
|
2018-05-21 08:02:02 | GUEST ESSAY: How data science and cybersecurity will secure \'digital transformation\' (lien direct) | In today's environment of rapid-fire technical innovation, data science and cybersecurity not only share much in common, it can be argued that they have an important symbiotic relationship. A fundamental understanding of the distinctions – and similarities – of these two fields is good to have. Both must flourish separately and together to fuel “digital […] | |||
|
2018-05-18 17:50:01 | Why antivirus has endured as a primary layer of defense - 30 years into the cat vs. mouse chase (lien direct) | Antivirus software, also known as antimalware, has come a long, long way since it was born in the late 1980's to combat then nascent computer viruses during a time when a minority of families had a home computer. One notable company's journey in the space started in 1987 when three young men, Peter Paško, Rudolf […] | |||
|
2018-05-17 08:35:05 | MY TAKE: Why DDoS attacks continue to escalate - and how businesses need to respond (lien direct) | Law enforcement's big win last month dismantling 'Webstresser,' an online shopping plaza set up to cater to anyone wishing to purchase commoditized DDoS attack services, was a stark reminder of the ever present threat posed by Distributed Denial of Service attacks. Related video: How DDoS attacks leverage the Internet’s DNA The threat actors running Webstresser […] | |||
|
2018-05-16 08:53:02 | MY TAKE: Why the unfolding SIEMs renaissance fits hand-in-glove with \'digital transformation\' (lien direct) | SIEM systems have been on the comeback trail for a few years now. And now SIEMs could be on the verge of a full-blown renaissance. Related article: Freeing SOC analysts from tedious tasks I spoke with several vendors who are contributing to this at RSA Conference 2018. One of them was Securonix, a supplier advanced […] | |||
|
2018-05-09 08:42:03 | LW\'s NEWS WRAP: \'Spectre-NG\' - the latest family of chip vulnerabilities; expect more to come (lien direct) | Last Watchdog’s News Wrap Vol. 1, No. 7. Google and Microsoft don't team up very often. But the software rivals, to their credit, have been moving in unison to help the business community get ahead of a new class of hardware-level security flaws that affect most of the networks now in service. Researchers at Google’s […] | |||
|
2018-05-07 09:07:01 | NEW TECH: Acalvio weaponizes deception to help companies turn the tables on malicious hackers (lien direct) | Differentiating itself in a forest of cybersecurity vendors has not been a problem for start-up Acalvio Technologies. While hundreds of other security companies tout endless types and styles of intrusion detection and prevention systems, Acalvio has staked out turf in a promising new sub-segment: deception-based security systems. Related article: Hunting for exposed data Launched in […] | |||
|
2018-05-04 15:19:05 | How \'identity governance\' addresses new attack vectors opened by \'digital transformation\' (lien direct) | Mark McClain and Kevin Cunningham didn't rest for very long on their laurels, back in late 2003, after they had completed the sale of Waveset Technologies to Sun Microsystems. Waveset at the time was an early innovator in the then-nascent identity and access management (IAM) field. The longtime business partners immediately stepped up planning for […] | |||
|
2018-05-03 15:53:03 | (Déjà vu) PODCAST: Netsparker advances penetration testing 2.0 – automated web app vulnerability scanning (lien direct) | A dozen years ago, or so, Ferruh Mavituna was doing very well as a lead penetration tester at a prominent cybersecurity consultancy when his frustration level began to spike. Mavituna had access to the best tools available to hunt down latent vulnerabilities in web applications. And yet, all too often for Mavituna's tastes, the tools […] | Guideline | ||
|
2018-05-03 15:53:03 | PODCAST: NetSparker advances penetration testing 2.0 – automated web app vulnerability scanning (lien direct) | A dozen years ago, or so, Ferruh Mavituna was doing very well as a lead penetration tester at a prominent cybersecurity consultancy when his frustration level began to spike. Mavituna had access to the best tools available to hunt down latent vulnerabilities in web applications. And yet, all too often for Mavituna's tastes, the tools […] | Guideline | ||
|
2018-04-30 09:31:02 | PODCAST: Can \'gamification\' of cyber training help shrink the human attack vector? (lien direct) | The human attack vector remains the most pervasively probed path for malicious hackers looking to gain a foothold inside a company's firewall. And yet, somehow, cyber awareness training has not kept pace. Circadence hopes to change that. The Boulder, Colo.-based company got its start in the gaming industry 20 years ago, shifted to supplying cyber […] | |||
|
2018-04-27 08:29:02 | PODCAST: How managing \'privileged accounts\' can help make \'digital transformation\' more secure (lien direct) | One of the most basic things a company can do to dramatically improve their security posture is to keep very close track of who has what access to which privileged accounts inside the company firewall. This is a best practice of privileged account management, which is a burgeoning sector of the identity and access management […] | |||
|
2018-04-26 09:19:03 | PODCAST: That crumbling sound you hear is obsolescence creeping into legacy security systems (lien direct) | For more than 20 years companies have, by and large, bought into the notion that they must take a “defense in depth” approach to network security. The best way to curtail network breaches, companies were told, was to erect strong perimeter firewalls, and then pile on dozens of layers of defenses on endpoint devices, databases, […] | |||
|
2018-04-25 08:56:03 | PODCAST: How freeing security analysts from repetitive tasks can turbo boost SOCs (lien direct) | It wasn’t too long ago that security start-up Demisto was merely a notion bantered over at a coffee break. While working at McAfee, Slavik Markovich and Rishi Bhargava would sip espresso and discuss the challenges companies faced getting more effective protection from their Security Operation Centers, or SOCs. Related article: How MSSPs can help small […] | |||
|
2018-04-20 07:08:00 | MY TAKE: Oracle aims to topple Amazon in cloud services - by going database-deep with security (lien direct) | Ahoy, Jeff Bezos and Amazon. Watch out! Larry Ellison and Oracle are coming after you. The ever feisty Ellison, 73, founder of Oracle and an America's Cup sailing champion, recently tacted the good ship Oracle onto a new course. Last October, Ellison announced the launch of a pioneering set of automated cloud services, and boasted […] | |||
|
2018-04-16 21:49:00 | GUEST ESSAY: Rising workplace surveillance is here to stay; here\'s how it can be done responsibly (lien direct) | People often recite the cynical phrase that 'privacy is dead.' I enthusiastically disagree and believe, instead, that anonymity is dead. One area where this is being increasingly demonstrated is in the workplace. Employee surveillance has been rising steadily in the digital age. And because it's difficult, if not impossible, to keep ones digital work life […] | |||
|
2018-04-11 07:00:00 | Q&A: How to prepare for Spectre, Meltdown exploits - and next-gen \'microcode\' attacks (lien direct) | If you think the cyber threat landscape today is nasty, just wait until the battle front drops to the processor chip level. Related artilce: A primer on microcode vulnerabilities It's coming, just around the corner. The disclosure in early January of Spectre and Meltdown, critical vulnerabilities that exist in just about all modern computer processing […] | |||
|
2018-04-10 07:01:02 | PODCAST: Why companies need a strategy to manage compliance, now more than ever (lien direct) | Businesses are embracing the public cloud at an accelerated pace — and for good reason. By tapping hosted services, companies of all sizes and in all verticals are finding fresh, dynamic ways to engage with employees, suppliers, partners and customers. Related articles: 5 things to do to prep for GDPR However, as companies race to […] | |||
|
2018-04-10 00:32:04 | MY TAKE: A breakdown of why Spectre, Meltdown signal a coming wave of \'microcode\' attacks (lien direct) | Hundreds of cybersecurity vendors are making final preparations to put their best foot forward at the RSA Conference at San Francisco's sprawling Moscone Center next week. This will be my 15th RSA, and I can say that there is a distinctively dark undertone simmering under this year's event. It has to do with a somewhat […] | |||
|
2018-04-05 09:44:02 | GUEST ESSAY: How Orbitz\'s poor execution of a systems upgrade left data exposed (lien direct) | In case you thought it had been a suspiciously long time since a massive data breach was announced, well, here you go. Just a couple of days ago, Orbitz (part of the massive travel conglomerate Expedia) revealed that during the second part of last year, the personal data of many of their users was breached. And […] | |||
|
2018-04-02 09:42:02 | MY TAKE: How behavior monitoring can reduce workplace violence, protect sensitive data (lien direct) | In Minority Report police use three mutated humans, called Precogs, who can previsualize crimes, to stop murders before they take place, reducing the Washington D.C. murder rate to zero. The Phillip K. Dick novella ( brought to the big screen by Tom Cruise) is set in 2054. Yet here we are in 2018 with large […] | |||
|
2018-03-29 00:15:03 | MY TAKE: Why Google\'s move to label non-HTTPS sites \'not secure\' is a good thing (lien direct) | San Francisco-based Cloudflare has traversed an interesting path to becoming a leading cybersecurity vendor. Back in 2004, Matthew Prince and Lee Holloway concocted something called Project Honey Pot to detect and deter email spammers. Prince's Harvard Business School classmate, Michelle Zatlyn, joined them in 2009, and together they elevated Project Honey Pot into a company […] | Guideline | ||
|
2018-03-27 09:36:05 | Q&A: What all companies should know about their exposure to \'open-source\' vulnerabilities (lien direct) | Hackers were able to ransack Equifax last year and steal personal data for some 144 million citizens by exploiting a vulnerability in an open source component, which the credit bureau failed to lock down. Related article: Beware of open-source vulnerabilities lurking all through your network The hackers leveraged a vulnerability in something called Apache Struts2, […] | Equifax | ||
|
2018-03-20 20:05:05 | Q&A: How crypto jackers drain computing power from business networks (lien direct) | Messaging security firm Proofpoint has been tracking botnet activity as closely as security vendor. One recent development is the deployment of botnets for hire, such as Necurs, towards illicit crypto mining, or crypto-jacking. Related article: Crypto jacking spreading faster than ransomware This silent stealing of corporate computing resources may seem somewhat benign compared to ransomware […] | |||
|
2018-03-19 22:53:00 | MY TAKE: Why \'crypto-jacking\' is spreading faster than ransomware - and may be more insidious (lien direct) | Has there ever been anything more tailor made for hackers than crypto currency? Is anyone surprised that hackers are innovating ways to crack into digital wallets and currency exchanges? In January, hackers absconded with some 58 billion Japanese yen worth of the XEM cryptocurrency from Tokyo-based Coincheck Exchange. That's a cool $533 million in U.S. […] | |||
|
2018-03-14 07:10:01 | MY TAKE: Why the SEC\'s reporting guidance, Yahoo\'s $80M payout will shake up board rooms (lien direct) | The most encouraging thing about the U.S. Securities and Exchange Commission formally issuing cybersecurity reporting “guidance” for public companies last month was, ironically, commissioner Kara Stein's disappointment that her colleagues did not go much further. Related video: Howard Schmidt’s 2015 observations on board involvement Stein said she would have liked to have seen the commission […] | Yahoo | ||
|
2018-03-12 07:58:02 | MY TAKE: Why Google is labeling websites \'unsafe\' - what publishers need to do about it (lien direct) | One of the things Google's security honchos have long championed – for the most part out of the public spotlight — is to make HTTPS Transport Layer Security (TLS) the de facto standard for preserving the integrity of commercial websites. TLS and its predecessor, Secure Sockets Layer, (SSL), rely on digital certificates to validate that […] | |||
|
2018-03-08 07:17:02 | GUEST ESSAY: Surveillance cam hack shows potential for ransomware collateral damage (lien direct) | The recent charges, and subsequent arrest, of two Romanians alleged to be responsible for a widespread hack of surveillance cameras in our nation's capitol raises a number of intriguing questions. Why hack surveillance cameras? What nefarious activity might escape law enforcement's notice while these particular cameras went dark? Related articles: Surveillance cams are trivial to […] | |||
|
2018-03-05 07:42:05 | MY TAKE: Necurs vs. Mirai – what \'classic\' and \'IoT\' botnets reveal about evolving cyber threats (lien direct) | I've written about how botnets arose as the engine of cybercrime, and then evolved into the Swiss Army Knife of cybercrime. It dawned on me very recently that botnets have now become the bellwether of cybercrime. This epiphany came after checking in with top experts at Proofpoint, Forcepoint, Cloudflare and Corero — leading vendors that […] | Guideline | ||
|
2018-03-04 02:56:02 | NEWS WRAP-UP: Crypto miners tap hacked websites, achieve monetization breakthrough (lien direct) | Week ending March 3, 2018. Cyber criminals have discovered a new pathway to monetization that's as trouble free as anthything they could have dreamed up: crypto mining on the back of hacked websites. Security vendor Cyren put out results of a study this week showing a 725% spike in the number of websites hosting cryptocurrency […] | |||
|
2018-02-26 07:25:01 | MY TAKE: A closer look at why \'carpet bombing\' of phishing email endures (lien direct) | Occasionally, examining something in microcosm can be more instructive than trying to absorb a macro view that overwhelms. Such is the case with the flurry of cyber attack reports that come out this time of year, analyzing and dissecting what transpired in the threat landscape the previous year. Last week, for instance, Fortinet and Cisco […] | |||
|
2018-02-20 07:04:02 | GUEST ESSAY: U.S. \'chip\' adoption reduces card scams - but drives up new account fraud (lien direct) | Identity theft and fraud hit an all-time high in 2017, according to the 2018 Identity Fraud Study released last week by Javelin Strategy & Research. Among Javelin's key findings fraudsters claimed 1.3 million more victims in 2017, with $16.8 billion stolen. That's a record high since 2003 when the firm first began tracking identity theft […] | |||
|
2018-02-19 07:05:01 | MY TAKE: Turning a blind eye: 73% of companies are ill-prepared to defend cyber attacks (lien direct) | Have we truly reached the point where a multiple-year run of nightmarish cyber attacks has become mere white noise to the business community? I cannot think of any other way to explain the findings of a new report starkly showing that fully 73% of companies in five Western nations miserably failed a cyber security readiness […] | |||
|
2018-02-12 09:25:13 | MY TAKE: Here\'s how the U.S. economy would lose $15 billion from a 3-day cloud outage (lien direct) | Cyber attack scenarios have become fairly common. It doesn't take too much imagination to conjure plausible assumptions and project Armageddon-scale damages attributable to crippling cyber attacks. One prime example is the Herjavec Group's 2017 cybercrime report which suggests damage caused by cyber criminals is climbing towards a whopping $6 trillion in annual global encomic damage […] | |||
|
2018-02-09 20:05:14 | NEWS WRAP-UP: Meltdown, Spectre discovered in the wild – live hardware attacks one step closer (lien direct) | Week ending Feb. 9, 2018. We're now one step closer to witnessing cyber criminals exploiting a new class of vulnerability that exists in the hardware level of virtually every computing device in active use. Nearly 140 samples of malware that exploit the Meltdown and Spectre vulnerabilities have been discovered by AV-TEST. Most of these are […] | |||
|
2018-02-05 07:49:02 | MY TAKE: Epiphany strikes Amazon, Google, Microsoft about who bears burden for cloud security (lien direct) | Amazon and Google last week very quietly made some moves that signal they've been hit by the identical epiphany: they each need to do a helluva lot more to secure cloud computing. Microsoft was hit by this lightning bolt about a year ago. The Redmond giant all through 2017 took pronounced steps to relieve users […] | |||
|
2018-02-02 21:29:09 | NEWS WRAP-UP: Dutch spies corroborate Russia\'s meddling in U.S. election - and 19 EU nations (lien direct) | Week ending Feb. 2, 2018. Even more substantive corroborating evidence of Russia's proactive interference in the 2016 U.S. presidential election comes from the Netherlands. European news reports detail how a Dutch intelligence agency secretly hacked into the Kremlin's most notorious hacking group, Cozy Bear, and tracked Cozy Bear's election tampering activities. Dutch spies passed all […] | APT 29 | ||
|
2018-02-01 07:43:56 | GUEST ESSAY: How children using illegal streaming devices get targeted by malicious actors (lien direct) | It is good to see pressure from advertisers prompting a tech titan to clean up its digital neighborhood. I refer to steps being taken recently by Alphabet, the parent conglomerate of Google and YouTube. Alphabet announced a new plan to keep ads from premium brands off YouTube pages with videos pushing dangerous, illegal, and/or illicit […] | |||
|
2018-01-26 21:31:22 | NEWS WRAP-UP: Russian bots conduct social media blitz to discredit Trump-Russia probe (lien direct) | Week ending Jan. 26, 2017. The use of Russian bots and trolls in social media  propaganda blitzes continues. Counter terrorism expert Malcolm Nance minced no words in lambasting the latest deployment of Russian botnets to influence American politics. Related article: Trump is top bait used in spam campaigns Nance appeared on the Stephanie Miller radio […] | |||
|
2018-01-19 17:16:42 | NEWS WRAP-UP: Mirai botnet variants take Internet-of-Things hacking to higher levels (lien direct) | Week ending Jan. 19, 2018. Don't look now but the weaponization of the Internet of Things just kicked into high gear. The Mirai botnet, which I first wrote about in December 2016, is back — in two potent variants. Mirai Okiru targets ARC processors – the chips embedded autos, mobile devices, smart TVs, surveillance cameras […] | |||
|
2018-01-18 22:26:29 | Q&A: What CyberX is doing to help address the hackable state of industrial control systems (lien direct) | Finally, the profoundly hackable state of industrial control systems (ICS) is being elevated as an issue of substantive concern and beginning to get the level of global attention it deserves. Nation-state backed hackers knocking out power grids and discombobulating other critical infrastructure – the cyber Pearl Harbor scenario – has been discussed for years in […] | |||
|
2018-01-16 20:06:53 | MY TAKE: Rising hacks on energy plants suggest ongoing global cyber war has commenced (lien direct) | We all fret over the smorgasbord of cultural and geopolitical controversies complicating our daily lives. That being the case, not enough public attention is being paid to the increasingly plausible scenario of an ongoing global cyber war. I say this because in recent months there has been a series of public disclosures about progressively more […] | |||
|
2018-01-16 11:08:08 | GUEST ESSAY: Why cyber attacks represent a clear and present danger - and what you can do about it (lien direct) | As we begin a new year, cyber attacks may actually pose a more profound threat to mankind than the specter of nuclear warfare. So says billionaire investor Warrant Buffet, and I tend to agree with him. Cyber attacks are growing in prominence every day – from influencing major elections to crippling businesses overnight, the role […] | |||
|
2018-01-12 19:35:45 | NEWS WRAP-UP: The other scary foreign hacking threat Trump is ignoring (lien direct) | Week ending Jan. 12th. Fast Company is reporting that meddling in the U.S. presidential election isn’t the whole story; Russia continues to try to hack into U.S. critical infrastructure. Meanwhile, Trump may be keeping Americans in the dark. Journalist Sarah Kendzior recounts how Sen. John McCain (R-AZ) last summer grilled Attorney General Jeff Sessions about […] | |||
|
2018-01-04 23:58:35 | MY TAKE: Why \'Meltdown\' and \'Spectre\' portend a banner year for malicious hackers (lien direct) | So you think 2017 was a bad year for cyber exposures? It is clear to me that we are about to commence an extended run of cyber incursions of unprecedented scale and sophistication. Four days into 2018 and the world must deal with the disclosure of an all-new class of vulnerability built into the processors […] |
To see everything:
Our RSS (filtrered)
