SEC News

What's new arround internet

Last one

Src	Date (GMT)	Titre	Description	Tags	Stories	Notes
	2018-07-19 11:16:00	IDG Contributor Network: The router of all evil (lien direct)	We spend a lot of time researching and highlighting the dangers of IoT devices. Cameras, DVRs, thermostats, light bulbs, and even refrigerators, connected to the internet may be vulnerable to attacks and exploits.Still, there's one IoT device that everyone owns and, I'll wager, the vast majority of people forget about: the router.“The box,” as my parents call it, typically is happily blinking away in a forgotten corner of the house and left alone for years. These home routers recently became the target of a Russian malware campaign using what is known as “VPNfilter” malware.	Malware	VPNFilter
	2018-07-19 06:00:00	BrandPost: The Value of Third Party Testing (lien direct)	We all wrestle with the challenges of security in today's digital marketplace. The security landscape and potential attack surfaces continue to expand, and malware and exploits continue to become more sophisticated. However, one of the most significant security challenges that organizations face is simply deciding which solutions they want to incorporate into their security strategy. Vendors are multiplying at a dizzying pace, and anyone who has even been partway around the block knows that data sheets and marketing materials aren't nearly as reliable as they could be. Moreover, given time and resource constraints, setting up a testbed and evaluating all potential solutions by hand is rarely a viable option.	Malware
	2018-07-19 04:00:00	IDG Contributor Network: Hack like a CISO (lien direct)	I have written several times over the last couple of years about how the role of today's CISOs have changed and are now more tuned to support business activities and the management of enterprise risk. Serving an organization as their most senior security executive requires one to be creative and flexible on how to approach issues. Part of this creativity that many CISOs develop over time is specific processes or “hacks” that they have found useful to grow their security programs and use resources efficiently.A hack has multiple definitions; it can be defined as a piece of computer code providing a quick or inelegant technique to solve a particular problem. It also can be what I believe is a more appropriate definition for CISOs – a process, strategy or technique for managing one's time, resources, teams or program more efficiently.	Hack
	2018-07-19 02:58:00	Review: Predictively locking down security with Balbix (lien direct)	If cybersecurity defenders could accurately predict when and how future attacks against their networks would take place, it would be a lot easier for organizations to commit their limited resources where they could do the most good. But there are precious few programs designed to stop attacks in the so-called “left of boom” area. Vulnerability managers do attack this problem head-on, but suffer from several disadvantages including not having enough insight into the assets they are protecting, no ability to rank or predict found vulnerabilities, and the fact that identifying millions of vulnerabilities out of context is almost as bad as not finding anything at all.	Vulnerability
	2018-07-18 12:25:00	IDG Contributor Network: Are network-based security detection tools going dark? (lien direct)	In cybersecurity, there is no shortage of detection tools designed to alert organizations to potential threats. To over-simplify things, you can broadly categorize these into two camps (although there are others): Endpoint Detection tools, and Network Detection tools. Each provide unique benefits and a unique perspective upon threats, but each also have their drawbacks.Endpoint detection solutions, like virus scanners or ETDR systems provide visibility upon what happens on the endpoint, regardless of where the endpoint is located. If the user encounters a threat while at the local coffee shop or at home, the endpoint can continue to be protected. However, an endpoint solution can only defend systems upon which they are installed. As most organizations are not heterogenous (I.E. 100% Windows 10, for example) and most endpoint solutions do not have solutions for every platform (I.E. mobile devices and Linux servers may not be covered), endpoint solutions must be augmented with other solutions to get total visibility.	Threat
	2018-07-18 04:30:00	IDG Contributor Network: N-dimensional behavioral biometrics: a viable solution for digital fraud? (lien direct)	Identity fraud is expected to reach an all-time high in 2018. Javelin Research Center reported a record 16.7 million consumers fell victim last year, in large part due to the massive Equifax breach which left millions of consumers' data exposed to would-be hackers. Now, hackers are using exposed credit and debit card numbers to steal from bank and loyalty accounts, shifting to digital attacks without ever needing a physical card in their hands. According to Javelin, card-not-present fraud (CNP) is 81 percent more likely than point-of-sale fraud (PoS). In 2017, more consumers had their cards misused in a CNP transaction than at the cash register.		Equifax
	2018-07-17 08:33:00	IDG Contributor Network: 8 steps to secure unmanaged devices in the enterprise (lien direct)	For many years now, enterprise networks have seen a steady stream of new devices that are outside of IT department control. The mobility trend has given way to the rise of the IoT and the result is a lot of unmanageable endpoints that represent a clear security risk. Smart lighting, printers, Bluetooth keyboards, smart TVs, video cameras, switches and routers are all connected devices that often lack any built-in security.This security blind spot is ripe for exploitation by cybercriminals probing your network for weaknesses. Despite 97 percent of risk professionals admitting that a data breach or cyber-attack caused by unsecure IoT devices could be catastrophic for their organization, according to a survey by the Ponemon Institute and Shared Assessments, just 15 percent have an inventory of most of their IoT and only 46 percent have a policy in place to disable devices that pose a risk.	Data Breach
	2018-07-16 09:05:00	IDG Contributor Network: Redefining threat prediction (lien direct)	While the definition of “prediction” might seem like an obvious concept, in the context of security I've found that most people's expectations seldom align with reality. You can blame pop culture if you like. Some misunderstandings surrounding prediction come from movies or television where fiction and fact is blurred. In reality, security analysts cannot predict successful attacks before they happen (yet). Your average security operations center (SOC) does not look like the set of the film, Minority Report.When someone talks about threat prediction in the computer security world, they might imagine automatically and instantly detecting threats. On TV shows, we see words like unknown, motivation, adversary, attack and threat – flashing across a screen, while a tech savvy protagonist breezes through lines of code that are shown crossing the circuits and wires behind the “dark web.” When we talk to some technology providers we hear terms like artificial intelligence, machine learning and analytics, which offer the potential to see into the future. While many of these technologies exist today, our ideas on what they can predict is off-base.	Threat
	2018-07-16 08:45:00	IDG Contributor Network: HTML5: a devil in disguise (lien direct)	In today's digital age, online users have become much more demanding about the quality of the websites or applications they are using. They have come to expect an optimized user experience as a basic requirement and HTML5 has played a key role in enabling developers to improve user experience, without the security risks associated with plugins like Flash. Indeed, after the series of reported Adobe Flash vulnerabilities in recent years, browser vendors, publishers and developers have turned to HTML5, which seemed to promise greater security and more advanced features. As a result, the percentage of websites that use HTML5 has grown to 70 percent.However, despite HTML5 being universally supported on various devices as well as web and mobile platforms, it has a security issue of its own. Over the last couple of months, The Media Trust Digital & Security Operations team discovered numerous malware incidents that calls into question HTML5's security reputation.	Malware
	2018-07-16 02:58:00	5 ways to hack blockchain in the enterprise (lien direct)	One of the hottest topics in cybersecurity circles is the enterprise blockchain. This is the same technology that underpins cryptocurrencies like Bitcoin. Simply defined, blockchain is a list of transactions or contracts shared with peers and locked down by some clever cryptography. Beyond Bitcoin, it can ensure the integrity of supply chains, manage contracts, or even as serve as a platform for financial transactions.	Hack
	2018-07-15 09:57:00	Concerned about smart TVs invading privacy, lawmakers ask FTC to investigate (lien direct)	Two senators, alarmed about the potential of smart TVs to spy on users in the privacy of their homes, asked the FTC to “launch an investigation into the privacy policies and practices of smart TV manufacturers.”Wait, what year is this? There's nothing new about smart TV spying. Zero-day vulnerabilities in Samsung Smart TVs were exposed at the end of 2012; if exploited, attackers could gain control of the webcam and microphone. Smart TVs were called the perfect target for spying on users back in 2013 – the same year as a Black Hat presentation about hacking Samsung Smart TVs. It was not just exploits that allowed for spying as a scandal erupted about LG Smart TV spying in 2013.
	2018-07-10 11:46:00	IDG Contributor Network: Stop training your employees to fall for phishing attacks (lien direct)	I recently received an email from an address I didn't recognize, that purported to be from a trusted authority, using urgent language to insist that I open an unexpected attachment. Clearly, this message must be a phishing attack that I deleted immediately, right?As you may have guessed, after careful research I found that it was a legitimate message that did include important information, even if it was significantly less urgent than the message's wording implied. I also found that people who should absolutely “know better” are sending messages that actively groom recipients to fall victim to phishy messages. The only way that “avoid phishing” tips work is if actual trusted authorities don't use the same techniques as criminals.
	2018-07-10 08:24:00	IDG Contributor Network: 10 ways to prevent, detect and recover from ransomware and zeroday threats (lien direct)	Ransomware is a kind of malware that typically encrypts data, blocking access to it until a fee is paid to the attacker. While the hype used to outweigh the actual risk, ransomware has evolved, spread and grown rapidly more sophisticated in response to our efforts to defend against it.There have been some high-profile ransomware attacks in the last few years, as part of a growing tide of threats. Ransomware volumes increased by 350% in 2017 alone, according to a recent NTT Security report. Security professionals tasked with safeguarding company data must have ransomware on their radars and it's crucial to take steps to mitigate the threat.	Ransomware Malware
	2018-07-10 03:00:00	Duty of care: Why (and how) law firms should up their security game (lien direct)	June 17, 1972, changed the legal profession forever.The Watergate break-in, and subsequent coverup, implicated more than a dozen lawyers working for the White House or the Committee for the Re-election of the President (CREEP). The scandal led to calls to regulate the legal profession, and today ethics is a mandatory part of law school training and bar association rules of conduct. [ How much does a data breach cost? Here's where the money goes. \| Get the latest from CSO by signing up for our newsletters. ]	Data Breach
	2018-07-09 07:55:00	Thieves hack Marathon gas station, steal $1,800 of gas (lien direct)	An hour past high noon, hackers allegedly used a “remote device” to control a prepaid gas pump at a Marathon gas station in Detroit, allowing 10 vehicles to steal $1,800 of gas over a 90-minute period.How many gallons of gas can your vehicle hold? Surely not 60? Yet the Detroit gas “hack” reportedly included a “convoy” of 10 vehicles, pulling in and pumping one after another for an hour and a half, managing to steal 600 gallons of gas. That implies each vehicle stole 60 gallons. There is no mention of people in those vehicles also filling up gas cans, barrels or other storage, so the total of 10 vehicles filling up for free to make off with 600 gallons doesn't seem quite right.	Hack
	2018-07-02 18:55:00	No data breach at Patreon, but proactive notice caused some concern (lien direct)	Patreon, the membership platform that helps creators get paid for their work, sent users a letter on Monday warning them about a data breach at Typeform.Patreon uses Typeform for user surveys, and on June 27, Typeform announced a data breach that impacts thousands of people. Being proactive, Patreon wanted to alert their users, but the wording of the letter led to some confusion.The Patreon letter recaps the Typeform data breach, and then informs the recipient that "as a result, we are reaching out to you as the data that was potentially impacted includes your [name and email address]."	Data Breach
	2018-07-02 09:50:00	IDG Contributor Network: The great identity re-architecture: enabling trust and interoperable credentials (lien direct)	Last week Andreessen Horowitz launched a $300M crypto fund aimed at fueling innovation in blockchain solutions and while the fund only addresses use cases for blockchain, of which Identity Management is a subset, the goal is to solve a problem every organization today is struggling with – how to build trust in a world where every business runs on software?Businesses written in software are more customer-centric, service-oriented and interconnected but, to inspire trust, identity architects will have to address new requirements including the growing sprawl of identity data, the ever-increasing mass of dormant and disposable online accounts that create points of attack for credential theft.
	2018-07-02 06:00:00	BrandPost: Building an Adaptive and Secure SD-WAN Framework to Support Digital Transformation (lien direct)	Organizations are facing new business and technological pressures, such as the rise in the number and variety of smart devices, and the growth of an increasingly mobile workforce. Demands for greater performance across a distributed network, better access to critical data, and the need to comply with new standards and regulations are forcing organizations to adopt new networking strategies and solutions.To adapt to these new requirements, customers are building next-gen offices that utilize cloud-based applications, global collaboration through video and audio teleconferencing, and highly scalable bandwidth. At the same time, they need to protect the enterprise from new attacks targeting this expanding attack surface.
	2018-07-01 08:17:00	Privacy breach: Home security camera footage sent to wrong person (lien direct)	After receiving a few security camera motion detection alerts, a woman realized the video footage she was seeing on her phone was not recorded from inside her house. Instead, she was seeing footage from a different "smart" Swann camera; she was seeing into the home of a different family - seeing a man and a woman and hearing the voice of child.The woman, BBC journalist Louisa Lewis, contacted Swann after video clips tied to motion detection in someone else's kitchen showed up in the app on her phone. It was the weekend, however, and Swann said nothing could be done until Monday even though Lewis asked Swann, “Do you understand this is really serious breach of privacy?”
	2018-06-29 08:50:00	BrandPost: 3 Musts for VPN Multi-Factor Authentication (lien direct)	Remember the good old days, when the only people who needed access to your virtual private network (VPN) were full-time, on-site employees using company-issued devices? Today, the people who need VPN access are as likely to be contractors as employees, and as likely to be logging in from a personal device as an office laptop. VPN access makes it easier for them to connect to the resources they need, improving your organization's ability to work collaboratively and productively. But it can also increase your identity risk.Think about it: How do you know that the third party who's trying to access resources is really who they claim to be? Or that they haven't shared their credentials with someone else in their organization who isn't entitled to access? Just because someone has a legitimate username/password to access the VPN doesn't mean they're the legitimate owner of those credentials. According to the 2017 Verizon Data Breach Investigations Report, 81 percent of hacking-related data breaches involve weak or stolen passwords.	Data Breach
	2018-06-28 12:18:00	Best Android antivirus? The top 12 tools (lien direct)	The following are the 12 best antivirus tools for Android, according to AV-TEST's May 2018 evaluations of 20 Android security apps. (The AV-TEST Institute is a Germany-based independent service provider of IT security and antivirus research.) Each Android antivirus software app listed below received perfect protection and usability scores of 6.0. The apps are in alphabetical order. [ Learn how SandBlast Mobile simplifies mobile security. \| Get the latest from CSO by signing up for our newsletters. ]
	2018-06-27 08:34:00	Nearly half of companies worried about IoT have no way to detect attack on ICS, report (lien direct)	Industrial organizations may say that cybersecurity is a major priority, even while most expect to become a target of a cybersecurity incident, but how big of a priority can it be if nearly half of the companies surveyed admitted to not having any measures in place to even detect or monitor if their industrial control networks suffered an attack?It seems everyone wants in on the internet of things and that desire for connectivity includes power plants, water treatment centers and manufacturers even though 65 percent of surveyed companies acknowledged that Industrial Control Systems (ICS) security risks are more likely with IoT. Nevertheless, organizations want to bump up the efficiency of their industrial processes with new IT; they are pouring money into security for IT networks, while also boosting automation efficiency by connecting their operational technology (OT) with external networks – this despite 77 percent believing their organization is likely to become a target of a cybersecurity incident involving their industrial control networks.
	2018-06-27 06:14:00	Reduce breach risk and costs with security resilience (lien direct)	In cybersecurity circles, there's a common axiom that states, “There are two types of companies: those that have been breached and those that don't know they have been breached.” If the phrase sounds of doom and gloom, it's meant to be because the harsh reality is that almost every company will suffer a cybersecurity breach. Businesses can spend and spend on the latest and greatest security technology and still get breached for a number of reasons, including user-related issues. The challenge for businesses is to find the breach as soon as possible and return to normal operations as quickly as possible. [ Find out how 4 deception tools deliver truer network security. \| Get the latest from CSO by signing up for our newsletters. ]		APT 17
	2018-06-26 03:40:00	4 scams that illustrate the one-way authentication problem (lien direct)	My 11 ways to hack 2FA column a few weeks ago continues to be a popular discussion topic with readers. Most people are shocked about how easy it is to hack around two-factor (2FA) and multi-factor authentication (MFA). It isn't hard. Sometimes it's as easy as a regular phishing email. [ Learn about alternatives to the password. \| Get the latest from CSO by signing up for our newsletters. ]	Hack
	2018-06-26 03:30:00	DDoS attacks on the rise; China and Russia behind most credential abuse attacks, report (lien direct)	Cyber defenders need to stay on their toes as DDoS attacks are still on the rise, a 16 percent increase in the number of attacks recorded since last year, as well as attackers devising new and advanced DDoS methods. Since last year, there has been a 4 percent increase in reflection-based DDoS attacks, a 38 percent increase in application-layer attacks like SQL injection or cross-site scripting and 1.35 terabyte per second memcached reflector attack – the largest DDoS attack to hit the internet yet.These and other wonderful insights are included in Akamai Technologies' Summer 2018 State of the Internet / Security: Web Attack report; moving forward, the reports will be biannual as Akamai will release reports in summer and winter instead of quarterly. In this report, Akamai covered cyberattack trends from Nov. 2017 to April 2018.
	2018-06-25 16:17:00	BrandPost: Rising Breach Rate Drives Businesses Toward Zero Trust Security Model (lien direct)	Despite an increasing number of dollars budgeted annually for IT security in enterprises around the globe, breaches and security incidents continue to rise. In fact, a recent Forrester study found two-thirds of organizations experienced an average of five or more security breaches in the past two years.This disconnect means security is failing its basic mission, according to Tom Kemp, CEO of Centrify.
	2018-06-25 03:00:00	What is a zero-day exploit? A powerful but fragile weapon (lien direct)	A zero-day is a security flaw that has not yet been patched by the vendor and can be exploited and turned into a powerful but fragile weapon. Governments discover, purchase, and use zero-days for military, intelligence and law enforcement purposes - a controversial practice, as it leaves society defenseless against other attackers who discover the same vulnerability. [ How much does a cyber attack really cost? Take a look at the numbers.. \| Get the latest from CSO by signing up for our newsletters. ]
	2018-06-21 08:02:00	Decade-old attack can pwn Google Home, Chromecast, Sonos and Roku (lien direct)	While DNS rebinding attacks have been around for over a decade, two different researchers started poking around in the attack vector and discovered that Roku streaming devices, Sonos wireless speakers, smart home thermostats, Google Home, and Chromecast were all vulnerable and can all be pwned via DNS rebinding attacks.First up is research from programmer Brannon Dorsey. Excited to finally share this research publicly!TL;DR Following the wrong link could allow remote attackers to control your WiFi router, Google Home, Roku, Sonos speakers, home thermostats and more 😲https://t.co/UgJbTalDeL
	2018-06-20 10:58:00	IDG Contributor Network: What does GDPR mean for an organization\'s hybrid IT strategy? (lien direct)	On May 25, 2018, the European Union officially enacted the General Data Protection Regulation (GDPR), which will have a transformative effect on how companies manage and secure personal data. The GDPR marks the biggest change to EU data privacy laws in more than 20 years and applies to any organization worldwide that collects and stores personal EU citizen data such as health history, financial information, and the like. Further, still more privacy regulations are cropping up around the globe, making data privacy and protection perhaps one of the most pressing industry evolutions in years to impact CISOs.If you're reading this, chances are you already know the basics about GDPR and are starting to comply with – or, for many, developed an IT roadmap and begun execution toward that plan – the key elements of GDPR. Most organizations have naturally gravitated toward leveraging analytical tools to map what data they have and then classify a subset of the information they manage that is personal data, and thus responsive to GDPR as a first practical step toward compliance. Other IT projects in full flight are likely to be encryption, breach detection, and breach prevention to ensure citizen data is appropriately protected.
	2018-06-18 03:00:00	Does cyber insurance make us more (or less) secure? (lien direct)	If data is the new oil, then we're looking at pelicans soaked in crude on a beach.When an oil tanker goes down or an oil rig explodes, dumping millions of gallons of petroleum into the ocean, we clean up the spill, we look for first causes, and we hold the company - even individuals - responsible for the harm they've caused to a shared resource: the environment we all live in.[ Watch out for 7 common modeling mistakes \| Get the latest from CSO by signing up for our newsletters. ] When a company like Equifax commits gross negligence for failing to secure our data, and a breach pumps 147.9 million records onto the internet, the company's directors keep their jobs, their cyber insurance policy pays out, and the company posts a profit.		Equifax APT 32
	2018-06-14 06:50:00	Security executives on the move and in the news (lien direct)	The upper ranks of corporate security are seeing a high rate of change as companies try to adapt to the evolving threat landscape. Many companies are hiring a chief security officer (CSO) or chief information security officer (CISO) for the first time to support a deeper commitment to information security.CSO's Movers & Shakers is where you can keep up with new appointments to senior-level security roles and perhaps gain a little insight into hiring trends. If you have an announcement of your own that you would like us to include here, contact Michael Nadeau, senior editor.June 11, 2018: Matt Stamper named CISO and executive advisor at Evotek Stamper will guide digital enablement solutions provider Evotek's clients as they develop and mature their cybersecurity programs to address digital risks. Prior to joining Evotek, Stamper was a research director in Gartner's Security and Risk Management practice where he covered security program design, security incident response, security governance, privacy, breach and attack simulation, and security standards and frameworks. Earlier, Stamper was the CISO for U.S. operations and vice president of services at KIO Networks (formerly redIT), an international managed services provider.
	2018-06-13 13:26:00	Cisco poised to become a cybersecurity force (lien direct)	Cisco held its annual customer event this week in Orlando, Florida, and invited the industry analysts to attend. CEO Chuck Robbins highlighted the company's commitment to security in his CiscoLive keynote, while other executives elaborated on more security product and services details.After a few days of meetings, I believe Cisco's cybersecurity strategy focuses on: Product integration. Cisco wants a common cybersecurity product architecture that spans endpoints, networks, data centers, and the public cloud, that can service most of its customers cybersecurity technology needs. As a result, Cisco is busy integrating products and services such as AMP, Umbrella, Firepower, Talos, etc. Cisco demonstrated its platform and discussed its future roadmap in detail. Openness and programmability. Beyond gluing its own products together, Cisco's cybersecurity platform is built with connectors and APIs for third-party integration and programmability. To illustrate its technology alliance partner ecosystem, Cisco crowed about dozens of partners, including Anomali, IBM, LogRhythm, and McAfee. Cisco's intent-based networking (IBN) programmability also extends to security for service providers, taking advantage of APIs and building value-added services on top of Cisco security tools. A foundation of threat intelligence. CiscoLive started last Sunday with a day-long session by the Talos team on security research and threat intelligence. Beyond the data, the Cisco team focused on teaching customers how to operationalize threat intelligence for threat detection, hunting, and risk management. Clearly, Cisco believes that Talos threat intelligence can give the company a strategic advantage versus narrowband security vendors, so it is anchoring all security products with Talos threat feeds. The company is also bolstering market education to get the Talos word out more broadly. Comprehensive cloud security. Cisco wants customers to know that it can protect workloads in the public cloud with a one-two punch of Tetration and StealthWatch cloud. Beyond IaaS and PaaS, Cisco also promoted its CloudLock CASB product for SaaS management and data protection. Finally, Cisco is offering several "security from the cloud" services, such as Umbrella and email security to safeguard mobile workers and branch offices. Operational simplicity. When it comes to security operations, Cisco understands that many of its customers are understaffed, lack advanced skills, have too many point tools, and still rely on manual processes. To address those shortcomings, Cisco demonstrated a security operations platform called Visibility, a common SOC analyst workbench for threat detection, incident response, and risk remediation. In its current iteration, Visibility supports a handful of Cisco products, but the company previewed an aggressive roadmap for integration of additional Cisco and third-party products. Professional and managed services. What many customers may not realize is that Cisco professional and managed cybersecurity services are growing like a weed. Cisco plans to expand its services portfolio to provide flexible consumption options and help customers benefit further from all its security products. While Cisco realizes it must compete with best-of-breed products, its security go-to-market is now focused on campaigns, providing solutions for security threats such as ransomware defense, breach response, and data center security. These strategic solutions often encompass an integrated bundle of several Cisco products at once.
	2018-06-11 06:02:00	IDG Contributor Network: Cyber games at the World Cup 2018 (lien direct)	Woohoo! The World Cup is coming! That's what I would say if I wasn't a stereotypical American who knows almost nothing about football (soccer to us Americans). Or a stereotypical security geek who knows almost nothing about our own handegg sporting events. I'm not really interested in either form of football. However, I am interested in understanding an event that draws interest from around the Internet and what it means to the security of the event, the organizations supporting it, and all the properties that have nothing to do with the event, yet somehow draw an attacker's ire anyway.Looking back at the 2014 World Cup, we saw five attacks that showed strong indicators that the event was influencing attack traffic at a national level. The day of the Brazil vs. Croatia match, attack traffic originating from Croatia was nearly eight times higher, specifically targeting a Brazilian financial institution. Most of the traffic came in the form of SQL injection. Maybe the attackers were hoping the Security personnel would be more interested in watching the game than their computer screens and they'd slip through?
	2018-06-07 09:49:00	IDG Contributor Network: Third-party risk: it\'s the second hop you should fear (lien direct)	GDPR has changed everything now that it is post-May 25, 2018. We can no longer make pro-forma proclamations about being good stewards of others' data; we will actually be held accountable for losing or misusing data. The fine print in your typical non-disclosure agreement will not protect a company from liability associated with the loss of sensitive data. The buck (or euro) stops at the owner's desk. What should be the best mitigation strategy for a CISO to deal with this old, but now far more expensive, security problem?There will be a first offender from an inevitable breach that will be fined by some EU regulator. That's an easy bet to make. Perhaps Vegas has a betting line on who it may be and how much they are fined, but I don't think a CISO should be placing any bets. The prudent CISO should be considering a new way to protect data from third-party data losses, the second hop problem. That is, where does your data go when it leaves your hands and gets passed on to another? Are you still liable for what your partner does with your data?
	2017-08-24 06:47:00	35% off Pulse Solo Dimmable LED Light with Dual Channel Bluetooth Speakers - Deal Alert (lien direct)	Pulse SoloÂ is the world's first LED light with dual speakers in one bulb. Pulse Solo combines the energy efficiency of a dimmable LED light with the high-quality audio of JBL Bluetooth speakers. Setup is easy, twist the Pulse Solo into any standard light socket, and adjust both lighting and sound from any Bluetooth enabled iOS or Android device. Experience the soaring highs and the rich stereo sound of JBL combined with warm, dimmable lighting, without the fuss of speaker wires, power cords, or an independent remote control. The intuitive iOS and Android App offers seamless control of both light and sound while listening to your favorite streamed music or media, offering you the ability to customize your light and music to suit any mood.Â The Pulse Solo typically lists on Amazon for $59.99, but is currently discounted 35% to $38.93. Â Â See this deal on Amazon .To read this article in full or to leave a comment, please click here
	2017-08-22 06:28:00	Just $9.99 Right Now For a 3-Pack of 6-foot Lightning/Micro USB Combo Cables - Deal Alert (lien direct)	Sync and charge iOS & Android devices with this generous 6-foot lightning/micro USB combo cable, available right now as a 3-pack, discounted to $9.99. Features a durable stainless steel connector, and a tangle-free nylon braided cord. The company offers a 12-month warranty against any issues with quality, as well. Â See this 3-pack deal on Amazon.To read this article in full or to leave a comment, please click here
	2017-08-14 06:31:00	45% off Vastar 4-in-1 USB Charging Cable Adapter With Micro, Mini USB and Lightning - Deal Alert (lien direct)	This charging cable from VastarÂ features micro and mini USB, 30-pin and lightning connectors, making it compatible with a very wide range of newer and older smartphones, tablets, USB devices and more.Â Equipped with a connector for iPhone 6/6 plus, 5/5s, iPad4, iPad Air, iPad mini, USB type C for Nexus 6P, Nexus 5X, Oneplus 2, 2015 MacBook with 12" Retina Display, 2015 Google Chromebook Pixel.Â Micro USB connector charge for most android phones, Bluetooth headset, external batteries; Mini USB connector for some additional mobile phone models, MP3, digital cameras or other devices. The list price on this cable has been reduced 45% to just $5.99. See it on Amazon.To read this article in full or to leave a comment, please click here
	2017-05-01 12:41:00	Finance and government veteran Mark Morrison joins OCC as chief security officer (lien direct)	The equity derivatives clearing organization OCC has hired Mark Morrison as OCC Mark Morrison,Â senior vice president and CSO, OCC Â In this new position, Morrison will report to OCC's executive vice president and chief risk officer John Fennell.Â "To deliver world-class risk management, clearance and settlement services, we must ensure the confidentiality, availability, and integrity of our systems on behalf of market participants in our role as a Systemically Important Financial Market Utility," saidÂ Craig Donohue, OCC executive chairman and chief executive officer in a press release. "With over 35 years of experience in the field of information and cyber security, Mark brings a high level of expertise to our risk management team. His leadership will help OCC continue to integrate information security best practices into our service offerings, reduce systemic risks, and safeguard the integrity of the markets we clear."To read this article in full or to leave a comment, please click here	Guideline
	2017-05-01 08:00:00	Three shades of hackers: The differences among the white, grey, and black hats (lien direct)	The infographic below provides good, entertaining definitions of the terms white hat, grey hat and black hat hackers courtesy of Exigent Networks. As the infographic explains, there are some, well, grey areas between categories-for example, there is sometimes a fine line between grey hats and black hats.To read this article in full or to leave a comment, please click here
	2017-05-01 04:21:00	Dan Geer: Cybersecurity is \'paramount national security risk\' (lien direct)	Dan Geer probably wouldn't call himself a prophet. But he may come about as close to it as anyone in IT security. And his view is that while current trends in the online world are not necessarily irreversible, they are headed in a dystopian direction.Geer, CISO at the venture capital firm In-Q-Tel, who gave the closing keynote at SOURCE Boston 2017 this past week, even cited a New Testament prophecy early on – I Corinthians 13:12: "For now we see through a glass, darkly; but then face to face: now I know in part; but then shall I know even as also I am known.â€But while he doesn't claim prophet status, he is all about predictions. â€œThe future is once and always the topic for any security talk,â€ he said, because, â€œcybersecurity and the future of humanity are conjoined now.â€To read this article in full or to leave a comment, please click here
	2017-05-01 04:00:00	No, Netflix is not a victim of Ransomware (lien direct)	A security firm has claimed the recent issues facing Netflix and their series "Orange is the New Black" are Ransomware, and a recent report from NBC News states the same. While no company wants to be held under the threat of ransom demands, Ransomware and extortion are two different types of problems.Over the weekend, a hacker known as TheDarkOverlord resurfaced and released the first episode of season five for "Orange is the New Black" a popular show on Netflix that isn't slated to air until June.A short time later, TheDarkOverlord released episodes 2 though 10, along with a warning to other Hollywood studios – you're next.To read this article in full or to leave a comment, please click here
	2017-05-01 03:25:00	Believe your employer doesn\'t know about your legal problems? Think again (lien direct)	An employee gets stopped over the weekend for a DUI. Unbeknownst to him once his name hits the police's public database, his employer will know about it soon after – whether the conviction has any impact on the employee's job performance or not.That is just one scenario in which enterprises are checking up on their employees to make sure their private lives don't impact the companies bottom lines. It is not uncommon for companies to do background checks on prospective employees, but some businesses are carrying that through while employees still punch the clock.Security company Endera explained that employers want to know if an employee is on a criminal watchlist, is booked or arrested, loses a key certificate, is in financial distress or is involved in a lawsuit. An employee roster is loaded into the continuous monitoring system, and that system provides 24/7 scanning of thousands of external data sources. The employer receives real-time, secure alerts for further investigation.To read this article in full or to leave a comment, please click here
	2017-05-01 03:00:00	CSO50 winners remain a step ahead (lien direct)	This week, we kick of our annual CSO50 event in Scottsdale, Arizona. Â The event honors 50 organizations for their outstanding work on security projects and initiatives that have demonstrable ROI and business value.To read this article in full or to leave a comment, please click here
	2017-04-28 10:53:00	BrandPost: Why a One-Size Fits All Approach to Threat Intelligence Does Not Work (lien direct)	Underground forums make exploit kits easily available, enabling anyone to perpetrate sophisticated and targeted attacks. This â€œcommercializationâ€ of malware makes it almost effortless for attackers to stay ahead of security vendors and incident responders because instead of starting from scratch, hackers keep adapting their capabilities.It's not all doom-and-gloom, as the continuous reuse of these kits increases the likelihood that someone - e.g., a researcher, analyst, organization or group - has already seen the attack and provides the intelligence for organizations to make decisions about how to respond. There is a lot of interest in threat intelligence. The segment is a hot one: 85 percent compounded annual growth off of $190 million in 2015 revenue and there is a long list of vendors that provide a range of threat intelligence-related services.To read this article in full or to leave a comment, please click here
	2017-04-28 10:29:00	54% off Logitech Bluetooth Multi-Device Keyboard - Deal Alert (lien direct)	Here's a Bluetooth keyboard for your computer that you can also use with your tablet and smartphone -- switch between all three effortlessly by just turning the dial. And unlike other Bluetooth keyboards, Logitech has integrated a cradle so your device stays propped up at just the right angle as you type. Works with Windows or Mac, Android or iOS, and features a key layout you'll be familiar with on any of those platforms. Logitech's multi-device keyboard currently averages 4 out of 5 stars from over 1,450 people (read reviews) on Amazon, where its typical list price of $49.99 has been recently dropped 54% to just $22.99. Â See this deal now on Amazon.To read this article in full or to leave a comment, please click here
	2017-04-28 09:41:00	IDG Contributor Network: Need a fix? Steal patient data (lien direct)	The health care sector continues to be a sieve when it comes to protecting patients' Personally Identifiable Information (PII) and Protected Health Information (PHI). Often, the data breach involving PII or PHI is discovered by a third party, which leaves the doctor, dentist, hospital or pharmacy dumped into sleuth mode.This was not the case with Canadian medical provider, William Osler Health Systems (Osler). According to Canadian news outlet 680news, in January Osler launched an internal investigation into patient information being used to illicitly acquire a prescription narcotic, Percocet. Osler's internal narcotic stores of Percocet was inexplicably being depleted. What is unclear is if local pharmacies also reported an influx in fulfilling prescriptions for Percocet, 680news reported. Osler has not revealed the number of individuals affected. A call for clarification to Osler was not returned.To read this article in full or to leave a comment, please click here
	2017-04-28 09:37:00	Cyber Resilience 2.0, now shipping (lien direct)	The latest 'version' of cyber resilience includes "testing", according to a new report published by Cybersecurity Ventures. (Disclaimer: Steve Morgan is the CEO and founder of Cybersecurity Ventures.)At a recent cyber resilience 'Think Tank' held in San Francisco during RSA Conference 2017, the heads of IT security, CISOs, cybersecurity industry experts, and vendor executives gathered to come up with a new definition of an old term.The report states that cyber resilience is an organization's capacity to adapt to adverse cyber events-whether the events are external or internal, malicious or unintentional-in ways that maintain the confidentiality, integrity, and availability of whatever data and service are important to the organization.To read this article in full or to leave a comment, please click here	Guideline
	2017-04-28 06:05:00	(Déjà vu) University of Utah hires Randall Arvay as CISO (lien direct)	On May 22, Randall (Randy) J. Arvay, will become the University of Utah's new chief information security officer (CISO). Arvay is currently CISO at Mississippi Medical Center. Arvay is a certified information systems security professional, project management professional and has top-secret Department of Defense clearance.Earlier, Arvay was chief of the cybersecurity and quality assurance in the Joint Spectrum Center for the Defense Information Systems Agency (DISA), where he was accountable for all cyber operations in all technical and non-technical aspects of cyberspace and overall information assurance, risk management and regulatory compliance.To read this article in full or to leave a comment, please click here	Guideline
	2017-04-27 10:33:00	9 security tools for the mobile worker (lien direct)	Have security gadgets, will travelImage by Kensington, Anonabox, Yubikey The highly digitized and hyper-connected world that we live in today has heightened the security stakes for us all. But if work frequently takes you away from the home office, you have some particular security and privacy concerns.To read this article in full or to leave a comment, please click here
	2017-04-27 06:42:00	State-of-the-art multifactor authentication (MFA) technologies (lien direct)	Enterprises authenticate users based on their knowledge, possession, or inherence of some evidence that they are the party with the given right of access. Some experts see the context of the user's authentication such as the time, their network IP and device, and their location as the fourth factor of authentication.Stephen Cobb, senior security researcher at ESET says you can assure greater security with each additional factor of authentication that you add.MFA is more important than ever as attackers are increasingly breaking into accounts that use single-factor authentication and sometimes even those with two factors. In one example, attackers tried to get the second factor by using phishing texts that asked users to send over their tokens.To read this article in full or to leave a comment, please click here

Last update at: 2024-05-16 05:07:55
See our sources.

To see everything: Our RSS (filtrered)