What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2016-09-14 17:09:58 | Hackers are shaping U.S. election coverage with data leaks (lien direct) | Hackers are becoming a major source of political leaks in this year's presidential race.Case in point: On Tuesday, stolen emails from former secretary of state Colin Powell became headline news after a mysterious site with possible ties to Russian cyber spies gave them to the press. Since then, media outlets have been pointing out juicy details found in the emails. For example, Powell called Clinton “greedy†and her rival Donald Trump a “national disgrace.â€The incident has security experts worried that hackers are manipulating U.S. media outlets to influence this year's election.To read this article in full or to leave a comment, please click here | |||
|
2016-09-14 10:15:41 | Volkswagen is founding a new cybersecurity firm to prevent car hacking (lien direct) | As cars become more computerized, they're also facing a greater risk of being hacked. That's why Volkswagen is founding a new cyber security company devoted to protecting next-generation vehicles.On Wednesday, the automaker said it would partner with a former Israeli intelligence agency director to jointly establish a new company, called Cymotive Technologies.It's unclear how much Volkswagen is investing in the new firm, but security experts have been warning that internet-connected cars and self-driving vehicles could one day be a major target for hackers.Even older cars from Volkswagen are vulnerable. Last month, researchers said that millions of vehicles from the automaker can be broken into by exploiting the remote control key systems.To read this article in full or to leave a comment, please click here | |||
|
2016-09-14 09:39:36 | Adobe fixes critical flaws in Flash Player and Digital Editions (lien direct) | Adobe Systems has fixed more than 30 vulnerabilities in its Flash Player and Digital Editions products, most of which could be exploited to remotely install malware on computers.The bulk of the flaws, 26, were patched in Flash Player on all supported platforms: Windows, Mac and Linux.Twenty-three of those vulnerabilities can lead to remote code execution and the remaining three can be used for information disclosure or to bypass security features, Adobe said in an advisory.Adobe advises users to update Flash Player version 23.0.0.162 on Windows and Mac or version 11.2.202.635 on Linux. The new version of the Flash Player extended support release, which only receives security patches, is now 18.0.0.375.To read this article in full or to leave a comment, please click here | Guideline | ||
|
2016-09-14 07:33:32 | Microsoft releases one of its biggest security updates this year (lien direct) | Microsoft released one of its biggest security updates this year, fixing 50 vulnerabilities in its products and 26 more in Flash Player, which is bundled with its Edge browser.The patches are split into 14 security bulletins, including the one dedicated to Flash Player, seven of which are rated critical. They address vulnerabilities in Windows, Internet Explorer, Microsoft Edge, Microsoft Exchange, Microsoft Office and Microsoft Office web services and apps.For desktop deployments, administrators should prioritize the fixes for Internet Explorer, which are covered in the MS16-104 bulletin, Microsoft Edge (MS16-105), Microsoft Office (MS16-107), Microsoft Graphics Component (MS16-106), OLE Automation for VBScript Scripting Engine (MS16-116) and Adobe Flash Player (MS16-117).To read this article in full or to leave a comment, please click here | |||
|
2016-09-14 07:16:00 | Russian hackers accused of leaking US Olympic athletes\' medical files (lien direct) | The World Anti-Doping Agency (WADA) was hacked and confidential medical files of US Olympic athletes Simone Biles, Serena and Venus Williams and Elena Delle Donne were leaked online. The hackers dubbed the dump as “just the tip of the iceberg.â€A group claiming to be the Fancy Bears' Hack Team took credit for the attack and accused American Olympic athletes of doping, of using “dirty methods to win.†Furthermore, the hackers claimed that although the US Olympic team had "played well but not fair,†it had “disgraced its name by tainted victories.â€To read this article in full or to leave a comment, please click here | APT 28 | ||
|
2016-09-14 05:28:00 | The most secure home computer ever (lien direct) | We've all heard tales of foreign intelligence entities breaking into hotel rooms and cloning a person's hard drive while he or she is in the bar downstairs.You might dismiss it as the stuff of urban legend or Jason Bourne movies, but this style of attack does highlight one of the most basic weaknesses of today's PCs: Their data is extremely vulnerable once an attacker has physical access to a machine. Cold boot attacks, USB exploits,or DMA attacks over FireWire, among other breaches, are all possible if a bad actor can get his or her hands on the hardware.To read this article in full or to leave a comment, please click here | |||
|
2016-09-14 05:25:00 | Apple Pay coming to 200,000-plus websites, not just in-store or in-app (lien direct) | Apple Pay on websites launched on Tuesday with the release of iOS 10 for the iPhone and iPad -- and will hit Mac desktops when macOS Sierra launches next Tuesday.More than 200,000 websites -- including small and large retailers -- plan to support Apple Pay on their sites in coming weeks, Apple said Tuesday. Many of the sites include online retailers using e-commerce platforms run by Shopify, Demandware and IBM.The move means that online shoppers with iPhones, iPads and Macs updated with the latest operating systems can save time when finishing an online purchase through the Apple's Safari browser. Retailers that have signed up for the service are expected to see an uptick in the number of customers that finish a web purchase, instead of giving up because typing in credit information was considered too complicated, awkward or time-consuming.To read this article in full or to leave a comment, please click here | |||
|
2016-09-14 05:22:00 | Google offers $200K for top prize in new Android hack challenge (lien direct) | Google yesterday announced a six-month bug contest that will pay up to $200,000 for an Android "bug chain," one or more successful exploits of previously unknown vulnerabilities.Dubbed "Project Zero Prize," it differed from hacking contests that take place over one or two days: Researchers can submit entries from now until March 14, 2017. In that regard, Google's contest resembled the limited-time bug bounties that rival Microsoft has offered to focus on, among other areas and applications, in Windows 10's Edge browser.In the case of multi-exploit entries, Google also departed from the usual contest or bounty rules by encouraging researchers to submit each link in the bug chain as the flaws were uncovered, rather than wait until all were in place and exploitable.To read this article in full or to leave a comment, please click here | |||
|
2016-09-14 05:19:00 | Microsoft Intune to support Android for Work (lien direct) | Microsoft announced late Tuesday that it has joined Google's Android for Work program and will support Google's container technology for mobile application management in a future release of Intune, Microsoft's own enterprise mobility management (EMM) server. The Microsoft blog post gave no timeline.Android for Work, initially released in winter 2015 as part of an Android 5.0 Lollipop update, brought to Android the same level of enterprise-grade protection for mobile apps that had previously been available only to Apple's iOS devices or Samsung's Android devices running Samsung's own Knox technology.To read this article in full or to leave a comment, please click here | |||
|
2016-09-13 17:09:52 | Hackers smear Olympic athletes with data dump of medical files (lien direct) | Hackers are trying to tarnish the U.S. Olympic team by releasing documents they claim show athletes including gymnast Simone Biles and tennis players Venus and Serena Williams used illegal substances during the Rio Games.The medical files, allegedly from the World Anti-Doping Agency, were posted Tuesday on a site bearing the name of the hacking group Fancy Bears. “Today we'd like to tell you about the U.S. Olympic team and their dirty methods to win,†said a message on the hackers' site.The World Anti-Doping Agency confirmed it had been hacked and blamed Fancy Bears, a Russian state-sponsored cyber espionage team that is also known as APT 28 -- the very same group that may have recently breached the Democratic National Committee.To read this article in full or to leave a comment, please click here | APT 28 | ||
|
2016-09-13 13:54:46 | Russian hackers allegedly target the World Anti-Doping Agency (lien direct) | The same Russian state-sponsored hackers that allegedly breached the Democratic National Committee may have also targeted the World Anti-Doping Agency.On Tuesday, the sports drug-testing agency blamed a recent breach of its network on a Russian hacking group known as APT 28 or Fancy Bear.The hackers gained access to the agency's database and stole information about  athletes including confidential medical data. Some of that data has already been publicly released, and the hackers have threatened to release more, the agency said in a statement.To read this article in full or to leave a comment, please click here | APT 28 | ||
|
2016-09-13 12:51:00 | Mergers create greater security risk (lien direct) | Corporate mergers and acquisitions (M&A) can be fraught with risks related to financial matters, company culture, personnel, IT systems integration and other areas.Security risks, both cyber and physical, certainly belong on the list of concerns. And with the ongoing shortage of professionals who are expert in various aspects of data protection-coupled with the seemingly endless stream of reports about data breaches and other security threats-this has become an even bigger concern for companies that are considering or in the midst of M&A deals.“Any M&A activity involves an assumption of risk,†says Ariel Silverstone, vice president of security strategy, privacy and trust at GoDaddy, a provider of domain name registrations.To read this article in full or to leave a comment, please click here | |||
|
2016-09-13 12:05:00 | Who knew Edward Snowden would become such a musical inspiration? (lien direct) | Many would like to see famed whistleblower Edward Snowden face the music for releasing classified information from the NSA a few years back, but who knew his actions would wind up having an impact on the music world itself?A slew of Snowden-inspired songs emerged from the DIY set in the immediate wake of the leaks back in 2013. But 2016 is shaping up to be another big year with fresh material.The latest Snowden song comes courtesy of Peter Gabriel for the new Oliver Stone biopic featuring Joseph Gordon-Leveitt called "Snowden."Â Gabriel's song, "The Veil," plays during the end credits of the film, and basically tells the Snowden story, as the former Genesis band member sings about Snowden being a hero to some and a traitor to others.To read this article in full or to leave a comment, please click here | |||
|
2016-09-13 11:56:00 | Sept 2016 Patch Tuesday: Microsoft released 14 security bulletins, rated 7 as critical (lien direct) | Microsoft released 14 security bulletins for September, seven of which are rated critical due to remote code execution flaws. Microsoft in all its wisdom didn't regard all RCEs as critical. There's also an “important rated†patch for a publicly disclosed flaw which Microsoft claims isn't a zero-day being exploited. But at least a 10-year-old hole is finally being plugged.Next month marks a significant change as Microsoft says it intends roll out "servicing changes" which include bundled patches; unless things change, not all Windows users will be able to pick and choose specific security updates starting in October.To read this article in full or to leave a comment, please click here | |||
|
2016-09-13 09:25:00 | Enterprises hope their mobile users pay attention to security (lien direct) | To ensure mobile security, enterprises need the whole-hearted cooperation of their workforce. But many workers don't seem to know or care about their company's mobile security policies.That conundrum fits my experience of how these things work in the real world, and it's also one of the conclusions of a new survey-Enterprise Mobility Security Goals & Challenges-conducted by Silicon Valley management services provider NetEnrich.To read this article in full or to leave a comment, please click here | |||
|
2016-09-13 08:28:51 | Hackers found 47 new vulnerabilities in 23 IoT devices at DEF CON (lien direct) | Smart door locks, padlocks, thermostats, refrigerators, wheelchairs and even solar panel arrays were among the internet-of-things devices that fell to hackers during the IoT Village held at the DEF CON security conference in August.A month after the conference ended, the results are in: 47 new vulnerabilities affecting 23 devices from 21 manufacturers were disclosed during the IoT security talks, workshops and onsite hacking contests.The types of vulnerabilities found ranged from poor design decisions like the use of plaintext and hard-coded passwords to coding flaws like buffer overflows and command injection.Door locks and padlocks from vendors like Quicklock, iBlulock, Plantraco, Ceomate, Elecycle, Vians, Lagute, Okidokeys, Danalock were found to be vulnerable to password sniffing and replay attacks, where a captured command can be replayed later to open the locks.To read this article in full or to leave a comment, please click here | |||
|
2016-09-13 08:21:00 | Apple\'s new Bluetooth security hole (lien direct) | When the iPhone7 ships, you'd best have your mobile device management (MDM) on the phone locked down. Apple's self-described “courageous†move to warrant Bluetooth instead of wired headphone connectivity will give you nightmares. Part of the problem is the Bluetooth protocol itself; the other problem is that civilians leave it on and accessible. But you've already buttoned down all of that stuff, right? Like others in the tech press, I've taken out my Bluetooth analyzer and watched the count of responding devices in downtown Bloomington, Indiana, near the lab. It's easy to do. To read this article in full or to leave a comment, please click here | |||
|
2016-09-13 07:35:00 | FTC focuses on combating ransomware (lien direct) | Ransomware, where a hacker commandeers a user's computer files and threatens to permanently delete them unless an extortion payment is made, is on a sharp uptick and now ranks "among the most troubling cyberthreats," the head of the Federal Trade Commission is warning.[ Related: The history of ransomware ]FTC Chair Edith Ramirez addressed the issue at a recent forum that the agency convened to examine the spread of ransomware and explore strategies to combat the crime."The spate of ransomware incidents are escalating at an alarming rate," Ramirez says, citing an estimate from the Department of Justice that incidents of ransomware, now averaging some 4,000 a day, have increased 300 percent in the past year.To read this article in full or to leave a comment, please click here | |||
|
2016-09-13 06:14:00 | (Déjà vu) 6 questions to ask about containers (lien direct) | Shoring up containers Image by ThinkstockContainer technology promises greater agility and efficiency when it comes to building and deploying applications, a critical ability in this age of zero tolerance for downtime and great expectations for capabilities on demand. But with any new technology comes new risk, and security professionals must be able to accurately determine the risk-reward balance of containers for their organizations. Lars Herrmann, general manager, Integrated Solutions Business Unit at Red Hat, poses six questions CISOs must ask when evaluating container platforms.To read this article in full or to leave a comment, please click here |
|||
|
2016-09-13 06:04:00 | Autonomous cars? How about airliners? (lien direct) | Imagine if US Airways Flight 1549 out of New York – operating without a pilot -- had hit the same flock of birds, landed itself on the Hudson River, and saved the lives of 153 passengers and flight attendants.Well, there would be no movie called “Sully†playing in theaters right now.Pilotless airliners? Far-fetched, you say. Not so, according to Tim Robinson, editor-in-chief of the Royal Aeronautical Society's magazine Aerospace, who tells the BBC:  “So with pilots relying on autopilots for 95% of today's flights, the argument goes, why not make the final 5% – take-off and landing – automated?†says Robinson. “Computers fly ultra-precise, repeatable trajectories, do not fly drunk, do not get tired, do not get distracted and so the thinking goes could be safer than human pilots in the future.â€To read this article in full or to leave a comment, please click here | |||
|
2016-09-13 02:00:00 | Why You Lost Your Windows 10 Product Key (lien direct) | Goodbye, product key; hello, digital license. Learn more about the changes here. | |||
|
2016-09-12 11:27:29 | MySQL zero-day exploit puts some servers at risk of hacking (lien direct) | A publicly disclosed vulnerability in the MySQL database could allow attackers to completely compromise some servers.The vulnerability affects "all MySQL servers in default configuration in all version branches (5.7, 5.6, and 5.5) including the latest versions," as well as the MySQL-derived databases MariaDB and Percona DB, according to Dawid Golunski, the researcher who found it.The flaw, tracked as CVE-2016-6662, can be exploited to modify the MySQL configuration file (my.cnf) and cause an attacker-controlled library to be executed with root privileges if the MySQL process is started with the mysqld_safe wrapper script.The exploit can be executed if the attacker has an authenticated connection to the MySQL service, which is common in shared hosting environments, or through an SQL injection flaw, a common type of vulnerability in websites.To read this article in full or to leave a comment, please click here | |||
|
2016-09-12 07:38:00 | IDG Contributor Network: Does the NSA have a duty to disclose zero-day exploits? (lien direct) | To say the National Security Agency (NSA) prefers to lay low and shuns the limelight is an understatement. One joke said about the secretive group, widely regarded as the most skilled state-sponsored hackers in the world, is NSA actually stands for “No Such Agency.â€But now a recent leak has put the group right where it loathes to be-squarely in the headlines. Last month, a group called “The Shadow Brokers†published what it claimed were a set of NSA “cyber weapons,†a combination of exploits, both zero day and long past, designed to target routers and firewalls from American manufacturers, including Cisco, Juniper and Fortinet.To read this article in full or to leave a comment, please click here | |||
|
2016-09-12 07:15:12 | Thousands of Seagate NAS boxes host cryptocurrency mining malware (lien direct) | Thousands of publicly accessible FTP servers, including many from Seagate network-attached storage devices, are being used by criminals to host cryptocurrency mining malware.Researchers from security vendor Sophos made the discovery when they investigated a malicious program dubbed Mal/Miner-C, which infects Windows computers and hijacks their CPUs and GPUs to generate Monero, a bitcoin-inspired cryptocurrency.With most cryptocurrencies, users can generate new units by devoting their computing resources to solving complex math problems needed to validate transactions in the network. This process, known as "mining," provides an incentive for attackers to hijack other people's computers and use them for their own gain.To read this article in full or to leave a comment, please click here | |||
|
2016-09-12 07:08:00 | IDG Contributor Network: Smartphones to get best encryption possible (lien direct) | In somewhat of a kick in the teeth for law enforcement and spy agencies, a science institute says smartphones will soon be able to take advantage of some of the most spectacular encryption ever known.The Institute of Photonic Sciences (ICFO) says random number generators (RNGs) will soon be able to function without ever repeating the random number and that the quantum-based chips will soon be small enough to fit in a smartphone's form factor. It would create the fastest and smallest encryption functionality ever.+ Also on Network World:Â Why smartphone encryption has law enforcement feathers ruffled +To read this article in full or to leave a comment, please click here | |||
|
2016-09-12 03:00:00 | (Déjà vu) 5 open source alternatives for routing/firewall (lien direct) | Economical and flexible Open source software offers an economical and flexible option for deploying basic home, SMB or even enterprise networking. These open source products deliver simple routing and networking features, plus they are combined with security functionality, starting with a basic firewall and possibly including antivirus, antispam and Web filtering. These products can be downloaded and deployed on your own hardware, on a virtual platform, or in the cloud. Many of them sell pre-configured appliances as well. We reviewed five products: ClearOS, DD-WRT, pfSense, Untangle and ZeroShell. We found that ClearOS, pfSense, and Untangle could be appropriate for home use all the way up to the enterprise environment.To read this article in full or to leave a comment, please click here |
|||
|
2016-09-12 03:00:00 | (Déjà vu) Review: 5 open source alternatives for routers/firewalls (lien direct) | Open source software offers an economical and flexible option for deploying basic home, SMB or even enterprise networking. These open source products deliver simple routing and networking features, like DHCP and DNS. Plus, they are combined with security functionality, starting with a basic firewall and possibly including antivirus, antispam and Web filtering.These products can be downloaded and deployed on your own hardware, on a virtual platform, or in the cloud. Many of them sell pre-configured appliances as well if you like their feature-set or support, but don't want to build your own machine.We reviewed five products: ClearOS, DD-WRT, pfSense, Untangle and ZeroShell. We found that ClearOS, pfSense, and Untangle could be appropriate for home use all the way up to the enterprise environment.To read this article in full or to leave a comment, please click here | |||
|
2016-09-11 08:48:00 | Krebs\' site under attack after alleged owners of DDoS-for-hire service were arrested (lien direct) | After security journalist Brian Krebs exposed the DDoS-for-hire service, vDOS, and the alleged owners of the service were arrested, a massive attack was launched against the Krebs on Security site.Last Thursday, Krebs wrote about vDOS and the two 18-year-old Israeli hackers running the DDoS attack service. In the past two years, the duo launched over 150,000 attacks and made at least $618,000. vDOS had been hacked and Krebs had obtained a copy of the vDOS database.vDOS had paying subscribers with the cost depending upon how many seconds the DDoS attack lasted. Krebs reported, “In just four months between April and July 2016, vDOS was responsible for launching more than 277 million seconds of attack time, or approximately 8.81 years' worth of attack traffic.â€To read this article in full or to leave a comment, please click here | |||
|
2016-09-09 17:05:50 | Crafty malware is found targeting U.S. government employees (lien direct) | A tough-to-detect malware that attacks government and corporate computers has been upgraded, making it more aggressive in its mission to steal sensitive files, according to security firm InfoArmor.Last November, InfoArmor published details on GovRAT, a sophisticated piece of malware that's designed to bypass antivirus tools. It does this by using stolen digital certificates to avoid detection.Through GovRAT, hackers can potentially steal files from a victim's computer, remotely execute commands, or upload other malware to the system.To read this article in full or to leave a comment, please click here | |||
|
2016-09-09 09:25:00 | A satisfying tale of sleuthing, justice (lien direct) | Texas-born Christian Hascheck teaches computer science in Vienna, Austria when not working on his own projects, which include a novel grading system. In 2012, he won $500 worth of Apple gift cards for a funny sysadmin story about ferreting out a not terribly sophisticated rogue Wi-Fi operation.Then the move aboard. He tells the story on his blog: Since then I have repeatedly tried to use or sell (the cards) but since I'm not currently living in the US it wasn't possible for me.My last attempt to sell them was via reddit. I know there are a lot of scammers out there, so I thought Bitcoin would be the right choice since the scammer can't just reclaim their money after I gave them the card codes.To read this article in full or to leave a comment, please click here | |||
|
2016-09-09 07:49:00 | Today\'s supercomputers will get blown away by these systems (lien direct) | The Department of Energy says the $40 million it is investing in nearly two dozen multi-year projects will result in exascale computing systems that perform calculations on data 50 to 100 times faster than today's most powerful supercomputers.The DoE Exascale Computing Project says such high-performance computing systems can make at least a billion billion calculations per second, and will be used to process data for applications such as energy security, economic security, scientific discovery, healthcare and climate/environmental science. The U.S. is shooting to attain such powerful systems by the mid-2020s and China is aiming for 2020.To read this article in full or to leave a comment, please click here | |||
|
2016-09-09 07:30:49 | UK police listened in to 9 percent more calls last year (lien direct) | The U.K. government has published a report on the staggering scale of surveillance in the country last year.The report, compiled by the Interception of Communications Commissioner's Office (IOCCO), covers the surveillance activities of the U.K.'s three main intelligence agencies (MI5, the Secret Intelligence Service, and GCHQ, the Government Communications Headquarters), the tax authority, and a number of police forces.It shows that warrants for the interception of communications rose 9 percent and that authorities continue to collect communications metadata -- information about who called or connected to whom, when, how often -- with abandon. To read this article in full or to leave a comment, please click here | |||
|
2016-09-09 06:25:17 | Xen Project patches serious virtual machine escape flaws (lien direct) | The Xen Project has fixed four vulnerabilities in its widely used virtualization software, two of which could allow malicious virtual machine administrators to take over host servers.Flaws that break the isolation layer between virtual machines are the most serious kind for a hypervisor like Xen, which allows users to run multiple VMs on the same underlying hardware in a secure manner.The Xen hypervisor is widely used by cloud computing providers and virtual private server hosting companies like Linode, which had to reboot some of its servers over the past few days to apply the new patches.To read this article in full or to leave a comment, please click here | |||
|
2016-09-09 05:19:00 | This USB stick will fry your unsecured computer (lien direct) |
A Hong Kong-based technology manufacturer, USBKill.com, has taken data security to the "Mission Impossible" extreme by creating a USB stick that uses an electrical discharge to fry an unauthorized computer into which it's plugged."When the USB Kill stick is plugged in, it rapidly charges its capacitors from the USB power supply, and then discharges -- all in the matter of seconds," the company said in a news release. USBKill.com
The USB Kill 2.0 stick.To read this article in full or to leave a comment, please click here |
|||
|
2016-09-09 04:00:00 | IDG Contributor Network: Massive solar storm will \'kill\' the internet, says space expert (lien direct) | Not enough is being done to protect networks from solar storms that could wipe out electric power grids and destroy satellites. The end game in a catastrophic solar storm would be the internet's time synchronization not working anymore. That would stop the internet altogether.“An impending calamitous solar storm†is how Joseph N. Pelton, the former dean of the International Space University (ISU) in Strasbourg, describes the perceived event in his press release.Pelton, who is also a current executive board member of the International Association of Space Safety (IAASS), has published an article in Room: The Space Journal (subscription) on the subject.To read this article in full or to leave a comment, please click here | |||
|
2016-09-08 16:13:00 | Yes, U.S. did hack Elysée Palace in 2012, French ex-spy says (lien direct) | Bernard Barbier, a former head of the French signals intelligence service, shared a few stories with students of CentraleSupélec, the elite engineering school from which he graduated in 1976, at a symposium this summer.There was that time he caught the U.S. National Security Agency delving into computers at the Elysée Palace, residence of the French president, for example. And flew to Washington to tell them they'd been found out. Or when the Canadians said they -- and the Iranians, the Spaniards, the Algerians and a few others -- had all been hacked by a Frenchman, and they were totally right, although the French government denied it.These little confessions to the members of a student association at his old school, though, have reached a somewhat larger audience than he may have planned on.To read this article in full or to leave a comment, please click here | |||
|
2016-09-08 15:34:00 | RSA: Expect business as usual now that Dell owns it (lien direct) |
 RSA
Amit Yoran
Enterprises should expect business as usual from RSA in the wake of its being swept up by Dell this week in the largest tech deal ever, with company executives saying it will retain a good deal of autonomy to carry out its strategic plans.To read this article in full or to leave a comment, please click here |
|||
|
2016-09-08 15:18:20 | Data hoarders are shining a spotlight on past breaches (lien direct) | Old data breaches carried out years ago are entering into the limelight thanks to anonymous internet users like Keen.Earlier this week, Keen, a data collector who runs the site Vigilante.pw, helped to uncover details about stolen data taken from the popular porn site Brazzers. A copy of almost 800,000 accounts, probably originally hacked back in 2012, fell into his hands.The stolen database is just one of the many Keen has on file, in fact, and each one can involve thousands or even millions of internet accounts. Vigilante.pw continually archives past data breaches as a way to warn the public. To read this article in full or to leave a comment, please click here | |||
|
2016-09-08 14:00:00 | NuData Security adds \'unspoofable\' dimensions to the identity process  (lien direct) | This column is available in a weekly newsletter called IT Best Practices.  Click here to subscribe.  In 2012, the social networking site LinkedIn suffered a data breach in which username/password combinations were stolen. Four years later, in 2016, at least 117 million sets of credentials from this breach were available for purchase online. MySpace suffered a similar data breach, and years later 427 million sets of credential were posted online.These events have prompted e-commerce companies that have not suffered a data breach to urge their customers to change their passwords as soon as possible.To read this article in full or to leave a comment, please click here | |||
|
2016-09-08 13:39:00 | Closing the incident response gap: Q&A with Sean Convery of ServiceNow (lien direct) | A decade ago, security meant a big firewall at a single ingress point. All devices and applications were under IT's tight control, so they did not create significant security risks.  Today, everything has changed. The rise of cloud computing, BYOD, shadow IT, WiFi devices, software defined everything and other trends have blown up the tightly controlled model and created a rather chaotic system. Adding to the challenge is that attackers are getting smarter and targeting IoT systems and end users directly, which often bypasses the security technology. This is why some security experts say there are two types of organizations, those that have been breached and know about it and those that have been breached and don't know about it. To read this article in full or to leave a comment, please click here | |||
|
2016-09-08 12:10:00 | Government ill-equipped to thwart cyberwarfare (lien direct) | In January, V. Miller Newton, CEO and president of PKWARE, made his annual list of predictions for most likely cyberattacks of the year. Number 3 on the list: The U.S. electrical grid will be attacked. He's been making predictions since 2011, and claims 95 percent accuracy so far (he also predicts that healthcare systems were at risk and that smart watches would be hacked). [ Related: Battling cyberattacks with bombs? ] "This country's infrastructure runs on antiquated technology and systems," he says. "We've already seen an electrical power grid hacked in December of last year in Ukraine," which blacked out 103 cities and partially blacked out an additional 186.To read this article in full or to leave a comment, please click here | |||
|
2016-09-08 12:06:00 | Google puts screws to HTTP with new warnings in Chrome (lien direct) | Google today continued its campaign to tighten the screws on unencrypted web traffic as it outlined the next steps it will take with Chrome to warn users of insecure connections.Starting with Chrome 56, which is currently scheduled to ship in stable format on Jan. 31, 2017, the browser will mark sites that transmit either passwords or credit card information over HTTP connections as "non-secure."The move will be "Part of a long-term plan to mark all HTTP sites as non-secure," Emily Schechter, a product manager in the Chrome security team, said in a post to a company blog Thursday. The plan, Schechter continued, "will take place in gradual steps, based on increasingly stringent criteria."To read this article in full or to leave a comment, please click here | |||
|
2016-09-08 12:01:40 | FBI arrests hackers who allegedly dumped details on government agents (lien direct) | U.S. authorities have arrested two suspects allegedly involved in dumping details on 29,000 officials with the FBI and the Department of Homeland Security.Andrew Otto Boggs and Justin Gray Liverman have been charged with hacking into the internet accounts of senior U.S. government officials and breaking into government computer systems.Both suspects were arrested on Thursday, according to the U.S. Department of Justice.Boggs, age 22, and Liverman, 24, are from North Carolina and are allegedly part of a hacking group called Crackas With Attitude.From October 215 until February, they used hacking techniques, including "victim impersonation" to trick internet service providers and a government help desk into giving up access to the accounts, the DOJ alleged.To read this article in full or to leave a comment, please click here | |||
|
2016-09-08 11:23:00 | 20% off Kuna Smart Home Security Outdoor Light & Camera - Deal Alert (lien direct) | Kuna is a smart home security camera in a stylish outdoor light that detects and allows you to interact with people outside your door. The security device includes HD live and recorded video, two-way intercom, alarm, smart motion detection alerts to your phone, and more. Easy 15 minute installation with no batteries to replace so you have continuous protection around the clock. Be protected at all times - Access HD live video with its 720P wide angle camera, communicate via its two way intercom from your mobile device, or activate its 100 dB alarm siren. Smart light control lets you turn on or off your lights remotely, or program a schedule for when you're away. Access live video or review & download events for 2 hours free or up to 30-days on an optional subscription plan, starting as low as $4.99 per month. This Kuna security light averages 4 out of 5 stars from over 330 people (read reviews), and its typical list price of $199 has been reduced 20% to $159. See the discounted Kuna Smart Home Security Light and Camera on Amazon.To read this article in full or to leave a comment, please click here | |||
|
2016-09-08 11:16:00 | Open source algorithm helps spot social media shams (lien direct) | Researchers from Carnegie Mellon University say they have developed an open source algorithm that can help spot social media frauds trying to sway valuable community influence.+More on Network World: Star Trek turns 50!+“Given the rise in popularity of social networks and other web services in recent years, fraudsters have strong incentives to manipulate these services. On several shady websites, anyone can buy fake Facebook page-likes or Twitter followers by the thousands. Yelp, Amazon and TripAdvisor fake reviews are also available for sale, misleading consumers about restaurants, hotels, and other services and products. Detecting and neutralizing these actions is important for companies and consumers alike,†the researchers wrote in a paper outlining their algorithm known as FRAUDAR.To read this article in full or to leave a comment, please click here | Guideline | ||
|
2016-09-08 11:13:00 | Cybersecurity Goes Private: McAfee and RSA (lien direct) | There are some interesting industry dynamics going on in the cybersecurity market. Just a few months ago, Symantec bought Blue Coat taking a private company public and forming a cybersecurity industry colossus in the process. Now two other historical cybersecurity powerhouses are heading in the other direction and going private. When the Dell/EMC deal was approved this week, industry veteran RSA became the security division of the world's largest diversified private technology company. Not to be outdone, Intel and partner TPG are spinning out McAfee as an independent private company.The good news for both companies is that the market for cybersecurity products and services is quite healthy, and large customers are looking for enterprise-class security vendors with integrated product suites, managed/professional services, and business process experience to partner with. Cybersecurity vendors like Cisco and IBM that fit this description are doing quite well in the enterprise so McAfee and RSA (as well as Forcepoint, Palo Alto Networks, Symantec, Trend Micro, and a few others) could join this exclusive club. To read this article in full or to leave a comment, please click here | |||
|
2016-09-08 10:58:07 | Google Chrome to start marking HTTP connections as insecure (lien direct) | To push more websites to implement encryption and to better protect users, Google will start flagging plain HTTP connections as insecure in its popular Chrome browser.The plan will go into effect in January with the release of Chrome 56 and will roll out in stages. Chrome 56 will display a "not secure" indicator before HTTP URLs in the browser's address bar, but only for those web pages that contain password or credit card form fields.Transmitting such sensitive information over HTTP is dangerous because the data can be intercepted by man-in-the-middle attackers on public wireless networks or via compromised routers, for example.In later Chrome releases, the HTTP warnings will be further expanded. First, HTTP pages will be labeled as "not secure" when accessed in the browser's privacy-oriented Incognito mode. Eventually, Chrome will show the warning for all HTTP pages and will switch the security indicator to the red triangle now used for broken HTTPS connections.To read this article in full or to leave a comment, please click here | |||
|
2016-09-08 08:47:00 | Security an afterthought in connected home, wearable devices (lien direct) | Based on an extensive review of publicly reported internet of things (IoT) device vulnerabilities, the Online Trust Alliance (OTA) today announced that all of the problems could have been easily avoided. "In this rush to bring connected devices to market, security and privacy is often being overlooked," Craig Spiezle, executive director and president of the OTA, said in a statement today. "If businesses do not make a systematic change, we risk seeing the weaponization of these devices and an erosion of consumer confidence impacting the IoT industry on a whole due to their security and privacy shortcomings."To read this article in full or to leave a comment, please click here | |||
|
2016-09-08 07:40:36 | Canada-EU counter-terror data exchange is illegal, says top EU judge (lien direct) | An agreement to send Canadian authorities passenger name record (PNR) data for flights from the European Union cannot be entered into in its current form, a top European Union judge has said.That's because parts of the draft agreement are incompatible with EU citizens' fundamental privacy rights, according to Paolo Mengozzi, Advocate General of the Court of Justice of the EU, in a legal opinion issued Thursday.His opinion, on a case brought by the European Parliament, is only advisory, and it still remains for the CJEU to make a final ruling on the matter.But if the court follows his advice, it could disrupt the European Commission's plans for a new directive on the sharing of PNR data among EU member states and with other countries. To read this article in full or to leave a comment, please click here | |||
|
2016-09-08 06:32:00 | IDG Contributor Network: Implementing secure WANs in the cloud age (lien direct) | Over the past few years most organizations have significantly increased their reliance on the Internet, primarily due to the outsourcing of utility applications like email, unified communications, ERP, CRM, etc. to SaaS providers. Cloud-based applications provide IT organizations with an agile and cost effective means for expanding the range of services they provide and delivering new productivity tools requested by teams, departments or lines of business.Despite this growing adoption of cloud services, many enterprises have resisted connecting their remote offices directly to application providers over the public Internet. This is due to the fact that direct access at every branch introduces compliance issues. The only way to mitigate these is by creating extensive security policies at each location. Imagine having 3,000 sites with each requiring its own set of policies that need to be set-up and maintained. This is the definition of a management nightmare.To read this article in full or to leave a comment, please click here |
To see everything:
Our RSS (filtrered)
