What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2016-09-26 03:00:00 | Yahoo\'s compromised records likely hidden within encrypted traffic, vendor says (lien direct) | LOUISVILLE, KY – As Derby Con was winding down, an interesting email hit Salted Hash's inbox form Venafi. The security firm, known for their tools that secure digital keys and certificates, outlined a number of cryptographic issues at Yahoo.The email then claimed they're not saying these flaws led to the massive data breach that impacted 500 million users. Yet, that's exactly what their statements hint at.In Venafi's experience, an emailed statement from Alex Kaplunov, Venafi's vice president of engineering explains, breaches like the one suffered by Yahoo are often accompanied by weak cryptographic controls.Granted, Venafi has a horse in the race, so this isn't an unusual statement for them to make, but it's interesting – as it could explain how Yahoo failed to notice half-a-billion records moving into criminal hands over time.To read this article in full or to leave a comment, please click here | Yahoo | ||
|
2016-09-23 17:57:00 | Some thoughts on the Krebs situation: Akamai made a painful business call (lien direct) | LOUISVILLE, KY – This weekend Salted Hash is at DerbyCon, and we'll be posting a few updates from the show, but some recent events have generated buzz, and they're worth discussing. Namely, Brian Krebs is being censored, and that sets a bad precedence for everyone.Earlier this month, Krebs published a story on vDOS, a DDoS service that's likely responsible for a number of attacks on the Web over the last few years. Earlier this week, on Tuesday, Krebs detailed how two of the people behind vDOS were arrested. Hours later, Krebs' website was hit, smashed with a 620 Gbps DDoS, representing the largest attack of this kind in history – something even the most prepared anti-DDoS vendors would struggle with.To read this article in full or to leave a comment, please click here | |||
|
2016-09-23 11:25:00 | (Déjà vu) DDoS attack takes down Krebs site (lien direct) | Securing the internet of things should become a major priority now that an army of compromised devices – perhaps 1 million strong - has swamped one of the industry's top distributed denial-of-service protection services.A giant botnet made up of hijacked internet-connected things like cameras, lightbulbs, and thermostats has launched the largest DDoS attack ever against a top security blogger, an attack so big Akamai had to cancel his account because defending it ate up too many resources.It wasn't that Akamai couldn't mitigate the attack – it did so for three days – but doing so became too costly, so the company made a business decision to cut the affected customer loose, says Andy Ellis the company's chief security officer.To read this article in full or to leave a comment, please click here | |||
|
2016-09-23 10:38:00 | NY regulation aims to raise bank security standards (lien direct) | Next week, New York State will begin a 45-day public comment period on its new financial industry cybersecurity regulation -- and, so far, security experts have a favorable view of the proposal.Under the new regulations, banks and insurance companies doing business in New York State will need to establish a cybersecurity program, appoint a Chief Information Security Officer and monitor the cybersecurity policies of their business partners.According to New York Gov. Andrew Cuomo, this is the first such regulation in the country. "This regulation helps guarantee the financial services industry upholds its obligation to protect consumers and ensure that its systems are sufficiently constructed to prevent cyber-attacks to the fullest extent possible," he said in a statement.To read this article in full or to leave a comment, please click here | |||
|
2016-09-23 10:27:00 | ICS vulnerabilities are still rampant (lien direct) | To put it in somewhat technical terms, the nation's industrial control systems (ICS) – part of its critical infrastructure – are not only vulnerable to compromise, they are likely compromised right now.Or, in Paul Dant's much more blunt, and less technical terms, “your sh-- is f--ked.â€Dant, chief strategist and managing principal at Independent Security Evaluators, was one of three experts on a panel titled “Securing Industrial Control Systems†at the recent Security of Things Forum in Cambridge, Mass.He added that he believes more attacks on US critical infrastructure are inevitable. “To think that stuff is not vulnerable is a complete fallacy.â€To read this article in full or to leave a comment, please click here | |||
|
2016-09-23 10:15:00 | IDG Contributor Network: When BOTS make legal headlines, who wins? (lien direct) | In 2013, the Associated Press and The New York Times won a case against Meltwater, which had been scraping news for its own offering. In 2014, LinkedIn filed a lawsuit against unnamed parties after discovering that bots were used to scrape data from the profiles of hundreds of thousands of users (possibly by a startup trying to build their own database). Currently, the online coupon code service provider Coupon Cabin has filed suit against several competitors over stolen codes. Though these actors are in direct violation of the Computer Fraud and Abuse Act, it's really difficult to identify who is actually perpetrating these bots. When enterprises like LinkedIn suffers a bot attack that scrapes the data of millions of users, the question isn't only who wins in a legal suit, but who loses overall. It's bots vs. people.To read this article in full or to leave a comment, please click here | |||
|
2016-09-23 07:37:00 | Who you gonna call when the crisis comes (lien direct) | There will be times in your career when you know that you will face a crisis. These will be times when things will go horribly and irretrievably wrong. One question that I ask folks over and over again is, “What's your incident response plan and have you tested it?†This will usually illicit a wide variety of responses. Seldom are they 100% positive but, better than I could have hoped for in many cases.Then I ask the question that I never get a good answer for, “What is your crisis communication plan?†This has almost uniformly been met with glazed eye balls and slack jaws. I've wondered why crisis communication is treated like the red-headed step child of the incident response plan.To read this article in full or to leave a comment, please click here | |||
|
2016-09-23 06:13:00 | 23% off HDMI Cloner Box for Gaming or HD Video Stream Capture, No PC needed - Deal Alert (lien direct) | Here's a device any gamer or video enthusiast may want to have on hand. Connect a game console, DVD, or any video source to this gadget via its HDMI input, and with the push of a button it captures and saves the video stream to any attached USB flash drive, with no PC required. Advanced hardware H.264 encoding captures your live gameplay or video playback in 1080p Full HD, while keeping the file size low and capturing speeds high. Averaging 4 out of 5 stars on Amazon from over 170 customers (read reviews), the gadget's $129.99 list price has been reduced 23% to $99.99. With the unit you'll get a free 16gb USB stick to get you started (enough for several hours of video). See the discounted cloner box now on Amazon.To read this article in full or to leave a comment, please click here | |||
|
2016-09-23 03:12:00 | 6 expert tips to better secure third-party network access (lien direct) | Third-party access Image by Harris & Ewing Collection (Library of Congress)Earlier this year, the Soha Third-Party Advisory Group conducted a study that surveyed more than 200 enterprise IT and security C-Level executives, directors and managers about the daily challenges they face providing fast and secure third-party application access to their contractors and suppliers. The survey revealed that 98 percent of respondents do not consider third-party access a top priority in terms of IT initiatives and budget allocation. This is a huge concern, considering that third parties cause or are implicated in 63 percent of all data breaches.To read this article in full or to leave a comment, please click here |
|||
|
2016-09-22 13:48:00 | Medical devices: Many benefits, but many insecurities (lien direct) | In the world of medical device security, success comes down to having the capability to fail gracefully.This is not as oxymoronic as it might seem, Kevin Fu told an audience at the Security of Things Forum in Cambridge, Mass., on Thursday. What is more important than bulletproof security, he said, is the ability to contain or “localize†breaches or infections so they don't disrupt the continuity of operations.Fu, CEO and cofounder of Virta Laboratories. whose opening keynote was titled, “Your Fly is Down: Managing Medical Device Security Risk,†was just one of multiple experts who said the security of those devices could be drastically improved just by practicing basic security hygiene.To read this article in full or to leave a comment, please click here | |||
|
2016-09-22 11:33:00 | CISOs shouldn\'t wait until retirement for social security (lien direct) | U.S. CISOs are eligible for Social Security at 62 years of age, same as all American citizens. One industry expert says employees of all ages at all U.S. organizations should be on the receiving end of social security -- from their CISOs -- now.To be clear, we are talking about social media security -- namely security wrapped around LinkedIn, Twitter, and Facebook accounts.Joseph Steinberg is a social media expert, and his credentials include CISSP, ISSAP, ISSMP, and CSSLP. He is a contributing columnist at Inc. Magazine covering cybersecurity, and author of (ISC)2's information-security management textbook, i.e., the official textbook for the CISSP-ISSMP (Information Systems Security Management Professional) CBK and exam. Steinberg is also founder and CEO at SecureMySocial, which protects against reputational harm and the leakage of confidential information by social media users.To read this article in full or to leave a comment, please click here | |||
|
2016-09-22 09:36:00 | IDG Contributor Network: Security\'s new training center, a first of its kind (lien direct) | Baltimore announced some exciting news yesterday. Electronic Technology Associates (ETA) and Cyberbit have partnered together in a new adventure, launching the first stand alone hands-on cybersecurity training center in the U.S.To read this article in full or to leave a comment, please click here | Guideline | ||
|
2016-09-22 06:37:00 | Plan now for the EU\'s privacy regulation revolution, says HPE exec (lien direct) | The cost of complying with the European Union's General Data Protection Regulation might seem like something best deferred until it enters force in 2018 -- but working on compliance just might boost profit, not reduce it.The GDPR, the EU's latest rewrite of its data privacy laws, doesn't enter effect until May 25, 2018, but already IT companies are talking up their software and services for complying with the new rules.It's not just an issue for EU enterprises: Any company processing the personal information of EU citizens is affected.To read this article in full or to leave a comment, please click here | |||
|
2016-09-22 05:04:00 | How to harden Windows 10 for maximum security (lien direct) | You may have heard that Microsoft has made Windows 10 more secure than any of its predecessors, packing it with security goodies. What you might not know is that some of these vaunted security features aren't available out of the box or they require additional hardware -- you may not be getting the level of security you bargained for.Features such as Credential Guard are available for only certain editions of Windows 10, while the advanced biometrics promised by Windows Hello require a hefty investment in third-party hardware. Windows 10 may be the most secure Windows operating system to date, but the security-savvy organization -- and individual user -- needs to keep the following hardware and Windows 10 edition requirements in mind in order to unlock the necessary features to achieve optimum security.To read this article in full or to leave a comment, please click here | |||
|
2016-09-22 05:00:00 | As migration anniversary approaches, only a third of retailers accept chip cards (lien direct) | Retailers were supposed to start accepting chip cards last October, but a year past the start of the EMV liability shift, two-thirds still haven't done so.Only 2 million merchants, representing 33 percent of the industry, are actively accepting chip cards, according to a data released by MasterCard earlier this month. This is up from 1.4 million in June.The rest are liable for in-person payment fraud. Before last October, merchants were not liable for fraudulent purchases at physical locations, only for "card not present" purchases such as those made on ecommerce sites.To read this article in full or to leave a comment, please click here | |||
|
2016-09-22 04:00:00 | Over 6,000 vulnerabilities went unassigned by MITRE\'s CVE project in 2015 (lien direct) | In 1999, MITRE created the Common Vulnerabilities and Exposures (CVE) database as a way to standardize the naming of disclosed vulnerabilities. Seventeen years later, the CVE system is faced with bottlenecks and coverage gaps, as thousands of vulnerabilities go without CVE-ID assignments. These gaps are leaving business leaders and security teams exposed to vulnerabilities their security products, which rely on CVE-IDs to function and assess risk, don't even know exist in some cases. Before CVE existed, the public had access to IBM X-Force (1997) and the SecurityFocus' BID database, which was established around six months before CVE. Each had their own methods of tracking and disclosing vulnerabilities, and this led to a situation where there wasn't an easy way to determine if the different databases tracking such problems were referring to the same thing. MITRE Corporation, seeing an opportunity, created CVE to fix these issues.To read this article in full or to leave a comment, please click here | Guideline | ||
|
2016-09-22 03:44:00 | Investigating Cybersecurity Incidents - a free course (lien direct) | One of the biggest mistakes companies make when responding to a cybersecurity incident is taking well-meaning steps to “clean up the mess†that actually ruin the digital evidence needed to investigate and prosecute the case.To read this article in full or to leave a comment, please click here | |||
|
2016-09-22 03:17:00 | Security is no fiction: Infosec on TV, film-and in space (lien direct) | Where no password has gone before  Image by Paramount PicturesI predate the modern tech age by just enough that the first time I saw a computer password was on-screen: In Star Trek II: The Wrath of Khan, Admiral Kirk staves off disaster by using a five-digit numeric code to hack into the stolen USS Reliant's computer, ordering it to lower its shields. The idea that a powerful warship's central control computer could be accessed with just a five-number password seems laughable today-though not as laughable as the USS Enterprise's self-destruct password being "000-destruct-0," as we saw in the next film.To read this article in full or to leave a comment, please click here |
|||
|
2016-09-22 01:20:00 | University of Ottawa gets failing grade in data breach (lien direct) | The University of Ottawa has found itself the subject of an investigation regarding a potential data breach. According to news reports, the information of some 900 students may have been exposed when an external hard drive went missing.This involved the personal information of people with disabilities and mental health issues. Um, so that's really bad. I'm having a hard time with this, as I do with so many data breaches. At first blush it appears that the information was not encrypted.Now, it doesn't spell that out in the report on CBC. But, if this information was contained on an encrypted drive I wouldn't think that there would be breach notification letters being sent out and having the Ottawa police involved.To read this article in full or to leave a comment, please click here | |||
|
2016-09-21 18:04:00 | Sexting, Weiner and other bad ideas (lien direct) | When I was a kid I was always flirting with the edge of trouble. I was really fortunate that I had strong guidance and good friends that helped to keep me from getting into any real sort of trouble. But, not everyone was so lucky. But, for a lot people that I knew who got themselves into trouble their misdeeds vanished into the mists of time.There was no social media, no websites and well, no Internet. Hindsight being what it is I'm very happy that I was born when I was and avoided the complications of the modern world. Take for example the famous story of Kevin Colvin who was an intern at Anglo Irish Bank. In 2007 he told his manager that he had miss work due to an apparent family emergency. This came apart when Colvin posted pictures of himself at a Halloween party which he was attending when he was allegedly dealing with family matters.To read this article in full or to leave a comment, please click here | |||
|
2016-09-21 03:48:00 | Why (and when) outsourcing security makes sense (lien direct) | Phenix Energy Group, an oil pipeline operator and construction company, is preparing to take its IT infrastructure from zero to 60 in a matter of months. To get a years-in-the-making pipeline project off the ground, the company is preparing to grow from a relatively small office environment to a data center setting of 75 servers and 250TB of storage. As a result, security, which hasn't been a top priority, is suddenly a big deal, according to CIO and COO Bruce Perrin.To read this article in full or to leave a comment, please click here | |||
|
2016-09-21 03:43:00 | How flexible should your infosec model be? (lien direct) | Security is a top priority at the Bank of Labor, but the financial institution updates its formal information security policy only once a year, maybe twice, regardless of what's happening in the ever-changing threat landscape.To read this article in full or to leave a comment, please click here | |||
|
2016-09-21 03:32:00 | Five social engineering scams employees still fall for (lien direct) | You've trained them. You've deployed simulated phishing tests. You've reminded your employees countless times with posters and games and emails about avoiding phishing scams. Still, they keep falling for the same ploys they've been warned about for years. It's enough to drive security teams to madness. According to Verizon's 2016 Data Breach Investigation Report, 30 percent of phishing messages were opened by their intended target, and about 12 percent of recipients went on to click the malicious attachment or link that enabled the attack to succeed. A year earlier, only 23 percent of users opened the email, which suggests that employees are getting worse at identifying phishing emails -- or the bad guys are finding more creative ways to outsmart users.To read this article in full or to leave a comment, please click here | |||
|
2016-09-21 03:23:00 | Navigating the muddy waters of enterprise infosec (lien direct) | Executives at Booz Allen Hamilton learned the importance of information security the hard way back in 2011 when the hacker group Anonymous claimed that it had penetrated one of Booz Allen's servers and had deleted 4GB of source code and released a list of more than 90,000 military email addresses and encrypted passwords. The breached server turned out to be a development environment containing test data, “but that didn't really matter; it was a wakeup call,†says Michael Waters, director of information security at the consulting firm and government contractor. “It was a pretty unpleasant experience, but it did galvanize substantial investment - both capital and HR - in getting things done. The firm looked around and said, 'We have been working on this, but we need to put more toward it.'â€To read this article in full or to leave a comment, please click here | |||
|
2016-09-21 03:22:00 | Security challenge: Wearing multiple hats in IT (lien direct) | Are you taking on multiple job responsibilities at your company, including some aspects of information security? If so, you're not alone. At many organizations, IT professionals are being asked to handle a variety of security tasks and functions. For them, wearing multiple hats can create both opportunities and stress.To read this article in full or to leave a comment, please click here | Guideline | ||
|
2016-09-21 03:18:00 | Is security making the grade? What IT and business pros really think (lien direct) | Grading on a curve  Image by ThinkstockIf you sense some discontent in how information security is handled in your company, you're not alone. Half of the 287 U.S.-based IT and business professionals who responded to a recent survey from CSO and its sister sites CIO and Computerworld gave their organizations' security practices a grade of C or below.To read this article in full or to leave a comment, please click here |
|||
|
2016-09-20 05:35:00 | Industrial IoT is inching toward a consensus on security (lien direct) | IoT is complex, fast-growing and often intertwined with systems that govern things like water and power. That makes IoT security a critical requirement, but it's one that's not necessarily well understood.The Industrial Internet Consortium, a group that includes some of the biggest players in the internet of things, took action on Monday to clear the air. It rolled out the IISF (Industrial Internet Security Framework), a set of best practices to help developers and users assess risks and defend against them.To read this article in full or to leave a comment, please click here | |||
|
2016-09-20 05:34:00 | This hospital is moving to Amazon\'s cloud to protect its network (lien direct) | Since 2012 three Texas-based health care organizations have merged to create USMD Health System. During the past four years CIO Mike Yerrid has been on a mission to centralize and consolidate IT operations. And a big part of that is moving to Amazon's cloud.Yes, as a health care organization, USMD is subject to stringent regulations for protecting patient information, and yes it's moving to the public cloud. USMD isn't alone. “Health care organizations are becoming more comfortable with cloud technology,†says Lynne Dunbrack, leader of research firm IDC's Health Insights practice.+MORE AT NETWORK WORLD: 9 Keys to a HIPAA compliant cloud | From CSO: What to think about when moving to the cloud +To read this article in full or to leave a comment, please click here | Guideline | ||
|
2016-09-20 05:29:00 | IDG Contributor Network: What the FUD? (lien direct) | From password management tools to data loss prevention and VPN solutions, many security companies are making fantastic claims that they have the magic elixir of security solutions. Yet, anyone who knows security understands that there is no silver bullet.For the record, defenders of information security are doing a rock solid job preventing major catastrophes from happening, but they can't possible guarantee 100 percent security. So, for those who are doing their due diligence and evaluating their overall security posture, looking at the infrastructure and ecosystem to determine what works and where the gaps are, kudos to you.To read this article in full or to leave a comment, please click here | |||
|
2016-09-20 03:53:00 | These ransomware situations can result in colossal outcomes (lien direct) | Gimme all your money Image by ThinkstockIn a world where ransomware hackers are expected to extort $1 billion in damages throughout 2016 in the US alone, businesses and individuals are being forced to be on high-alert when it comes to digital security. Carbonite's customer support team has handled over 7,300 ransomware-related calls just since January 2015 (365/month), encountering breaches occurring through everything from Xerox scans to fake Microsoft IT representatives.To read this article in full or to leave a comment, please click here |
|||
|
2016-09-20 01:20:00 | Backups aren\'t just for smoking crater scenarios (lien direct) | Every company I had worked for in the past was another piece in my continuing education. Along the way there have been some lessons that were recurring. One of the main ones was around backups. Time and again I would encounter the most curious backup…um, strategies.At one company in particular I made the mistake of asking what we were doing for backups on the core production systems. I was met with confused looks and the response that any server could be rebuilt by reinstalling the operating system. I asked about the database and was met with a glazed over look.This was a shop that had absolutely no backup plan whatsoever. When I dug a little deeper I discovered that only some systems were being backed up at all. And none of those backup tapes were ever tested. No one knew if the tapes would even recover a single iota of data. But, the rationale was that the systems were being backed up and thus, compliant.To read this article in full or to leave a comment, please click here | |||
|
2016-09-20 00:00:00 | BrandPost: Container Sprawl: The Next Great Security Challenge (lien direct) | Containers, the younger and smaller siblings of virtualization, are more active and growing faster than a litter of puppies. Recent stats for one vendor show containers now running on 10% of hosts, up from 2% 18 months ago. Adoption is skewed toward larger organizations running more than 100 hosts. And the number of running containers is expected to increase by a factor of 5 in nine months, with few signs of slowing. Once companies go in, they go all in. The number of containers per host is increasing, with 25% of companies running 10 or more containers simultaneously on one system. Containers also live for only one-sixth the time of virtual machines. These stats would appear to support the assertion that containers are not simply a replacement for server virtualization, but the next step in granular resource allocation.To read this article in full or to leave a comment, please click here | |||
|
2016-09-19 14:12:00 | The speed of ransomware: 3 seconds to encryption [Infographic] (lien direct) | Ransomware has reached epidemic proportions, especially among small and midsize businesses (SMBs). A 2015 Securities and Exchange Commission statement noted that SMBs are at "greater risk" of cybercrime, including ransomware, compared to larger enterprises, and they "are far more vulnerable once they are victimized."To read this article in full or to leave a comment, please click here | |||
|
2016-09-19 11:50:00 | BrandPost: Automating the Threat Defense Lifecycle. What the Heck Does THAT Mean? (lien direct) | When we introduced our strategy at FOCUS '15, at its core a simple concept: create integrated security systems to automate the threat defense lifecycle so you can address more threats, faster, with fewer resources. With the recent announcement of our strategic partnership with TPG we want to further define our strategy and show how we are uniquely leading the market, making IT security as dynamic and responsive as today's most dangerous threats.[1]To read this article in full or to leave a comment, please click here | Guideline | ||
|
2016-09-19 10:18:00 | IDG Contributor Network: The only three passwords your survivors will ever need (lien direct) | The other day I had a fit of long-overdue reorganizing. Moving to a new office space will do that to you, I guess, but it's a good opportunity to review, reassess and purge. In doing so I came across an old list that I had given to my wife just prior to a transatlantic trip; I figured that in today's world you never know what craziness might ensue so better to err on the side of caution. Some people use the same password for every website (a very bad idea) and others use a different one that they make up and have to remember for each site (a better idea but too difficult to remember them all).  In the past I took the same approach that a lot of people do: I used a formula for creating passwords. The long-overlooked list contained my password "formulas" for all different types of websites.  To read this article in full or to leave a comment, please click here | |||
|
2016-09-19 09:55:00 | Sour attackers publish health data on Olympic athletes (lien direct) | There is really no denying it. The Russians are still upset about the decision to ban their athletes from performing in the Olympics this year in Rio. The part that still causes me to scratch my head is that they cheated and they got caught. Full stop. There really isn't a discussion to be had beyond that. They were caught with their hand in the medical cupboard. The world anti-doping agency or WADA had their systems compromised and health data pertaining to athletes who participated in this years games was published to a website controlled by an apparent Russian based attack group.To read this article in full or to leave a comment, please click here | |||
|
2016-09-19 05:48:00 | In the wrong hands, drones can be a life-threatening (lien direct) | Everyone is familiar with the military use of drones. You've probably heard about Amazon's plans to deliver commercial goods to consumers via drones. And Google is reportedly developing solar-powered drones that will deliver high-speed Internet.To read this article in full or to leave a comment, please click here | |||
|
2016-09-19 05:43:00 | Zero-percent cybersecurity unemployment, 1 million jobs unfilled (lien direct) | *Disclaimer: Steve Morgan is founder and CEO of Cybersecurity Ventures.Last summer the Cybersecurity Business Report pointed out a severe cybersecurity workforce shortage. The numbers haven't changed much since then. There's still roughly 1 million job openings in 2016 -- which is expected to reach 1.5 million by 2019. The Palo Alto Research Center reports that, by 2019, the demand for cybersecurity professionals will increase to approximately 6 million globally.To read this article in full or to leave a comment, please click here | |||
|
2016-09-19 05:27:00 | Performance, management and privacy issues stymie SSL inspections, and the bad guys know it (lien direct) | The technology is there for companies to inspect the SSL traffic going in and out of their networks, but performance, management and privacy concerns combine to hinder its adoption -- allowing cyberattackers to hide their malicious activity in the encrypted traffic.According to a new report by the Ponemon Institute, 41 percent of companies who were victims of a cyberattack said that the attacker used SSL encryption to hide their activities and to sneak data out of organizations.And this percentage is likely to rise, experts say. Encryption tools are already available to the savviest criminals, and it's only a matter of time before they are commercialized, made easier to use, and become widely available to attackers.To read this article in full or to leave a comment, please click here | |||
|
2016-09-19 05:00:00 | What to think about when moving to the cloud (lien direct) | Well, it's 2016, and a few years ago Garnter reported that "By 2016, poor return on equity will drive more than 60 percent of banks worldwide to process the majority of their transactions in the cloud."Enterprises across all sectors are either in the cloud, transitioning to the cloud, or thinking about making the idea of cloud a reality. For those who are preparing to make the move, there are a variety of concerns to consider and plan for in order to make for a smooth transition. In addition to deciding on the right cloud provider and whether to go with a private or a public cloud, CISOs also need to think about implementing solutions for controls on access, encryption, legal and compliance issues.To read this article in full or to leave a comment, please click here | |||
|
2016-09-19 04:57:00 | IDG Contributor Network: Post layoff makeover, certs that attract attention (lien direct) | Lots of companies have either gone through, are going through, or will soon go through a merger or acquisition process. While M&As are usually good for business, they aren't always good for individual employees. Many folks fear losing their jobs, and some have had to face the harsh reality that their position has been cut. A layoff isn't always the result of poor performance, but regardless of why you are let go, the reality is that you need to find another job.Of course, you want to find a new position in another company that will provide you with similar compensation and benefits. So, what do you need to ensure that you will swiftly be rehired if that dreadful day should ever come?To read this article in full or to leave a comment, please click here | |||
|
2016-09-19 03:30:00 | Investment fund loses $6 million in BEC scam, suspends operations (lien direct) | A lawsuit filed on Friday by Tillage Commodities Fund alleges that SS&C Technology showed an egregious lack of diligence and care, when they fell for an email scam that ultimately led to hackers in China looting $5.9 million.Tillage says that SS&C didn't follow their own policies, which enabled the theft, but they actually assisted the criminals by fixing transfer orders that had initially failed.The lawsuit was filed early Friday morning, and the documents were posted online by the law firm representing Tillage in the case.To read this article in full or to leave a comment, please click here | |||
|
2016-09-19 03:20:00 | How to keep IT security at the forefront during a merger (lien direct) | 1. Let two become one-safely Image by PexelsStephen Boyer, CTO and co-founder of BitSight, knows one of the biggest threats to your company's tech security: the possibility that it might buy another company. He points to a survey from West Monroe Partners that found that 40% of acquiring companies discovered a cybersecurity problem in an acquired company-after a deal went through. It probably shouldn't be surprising that, in a 2014 survey from Freshfields Bruckhaus Deringer, a staggering 78% of respondents said cybersecurity is not analyzed in-depth as part of due diligence in an acquisition.To read this article in full or to leave a comment, please click here |
|||
|
2016-09-16 08:38:00 | Security leaders need to stop chasing “risk catnip†(lien direct) | How often do you indulge in “risk catnipâ€? Here's an example: The hardest problem in computer science is fighting the urge to solve a different, more interesting problem than the one at hand.- Nick Lockwood (@nicklockwood) August 18, 2016 That tweet earned over 3000 retweets and over 4000 likes. The chain of comments express understanding and offer more examples. The concept is similar the effect of catnip on felines. Some just can't resist. In security, I dubbed this “risk catnip.â€Â To read this article in full or to leave a comment, please click here | Guideline | ||
|
2016-09-16 05:00:00 | The CSO password management survival guide (lien direct) | By now we're all well aware of what makes a bad password … it's us. A glance at SplashData's annual reporting on the world's worst passwords shows just how laughably bad at creating passwords us humans really are. But what's worse, as Steve Ragan's analysis of leaked passwords shows, is that many passwords on the naughty list adhere to the carefully crafted password policies in use in companies today. How can security leaders do better? For one thing, we can stop blaming users, says Michael Santarcangelo. Instead, we can focus on providing them with technology that makes the job easier. That's where this guide comes in.To read this article in full or to leave a comment, please click here | Guideline | ||
|
2016-09-16 03:33:00 | Cyber-security VCs are holding onto their cash – but that\'s OK (lien direct) |
Cybersecurity has never been hotter. Analysts say that $3.8 billion went into cybersecurity companies in 2015, a year which saw five private companies in the market reach more than $1 billion in valuations, and others – such as Rapid7, Sophos and Mimecast -- filed for IPO.
The market's rise has been impressive – CB Insights says that last year's funding figure represented a 235 percent increase from the $1.1 billion ploughed into 166 deals in 2011. No surprise then that big firms like Intel Capital, Google Ventures and Qualcomm Ventures have become the sector's most active investors, all eyeing up the next potential unicorn.
This explosion in funding hasn't solely been confined with VCs, with the cybersecurity M&A market exploding in recent months. PwC reports that total deal activity since 2008 has exceeded $22 billion globally, with 451 Research noting that the number of security acquisitions has risen 41 percent in the last two years.To read this article in full or to leave a comment, please click here |
|||
|
2016-09-16 01:20:00 | IoT and your digital supply chain (lien direct) | “Money, it's a gas. Grab that cash with both hands and make a stashâ€, Pink Floyd is always near and dear to my heart. No doubt the theme song to a lot of producers of devices that fall into the category of Internet of Things or IoT.I can't help but to giggle at the image that comes to mind when I think about IoT manufacturers. I have this vision in my head of a wild-eyed prospector jumping around after finding a nugget of gold the size of a child's tooth. While this imagery may cause some giggles it also gives me pause when I worry about what these gold miners are forgetting. Security comes to mind.I know, I was shocked myself. Who saw that coming?To read this article in full or to leave a comment, please click here | |||
|
2016-09-15 10:33:00 | IDG Contributor Network: The future of passwords is no more passwords (lien direct) | Earlier this summer I wrote about password management tools as way for both individual practitioners and enterprises to confront the issue of password security. This week I wrote a piece on the effectiveness of security awareness training programs and was reminded of the threats to enterprise security that are inherent in user credentials.Many organizations continue to search for a solution to the password problem, which leaves me thinking, maybe the answer is no more passwords.To read this article in full or to leave a comment, please click here | |||
|
2016-09-15 08:11:00 | Data breaches move into syndication (lien direct) | Data breaches, much like death and taxes, are a fact of life these days. They are getting bigger and uglier with each passing breach. There are massive that occurring on what seems like a daily basis.I read breach reports as a part of my daily routine and I see themes developing as a result. The three main ones that I can't help but see are the stolen equipment, bad passwords or patching.Laptops get lost or removed by miscreants from the trunks of cars. More often than naught when I read about it in the data breach reports that involve stolen laptops there is a refrain that I can't help but giggle about. “It's OK, the laptop is password protectedâ€. This is always a a curiosity to me as this is the equivalent of holding gauze in front of a semi truck and thinking that will stop it from running you over (hat tip to the late great Robin Williams).To read this article in full or to leave a comment, please click here | |||
|
2016-09-15 07:18:00 | McCain opposes splitting NSA and Cyber Command (lien direct) | The head of the Senate Armed Services Committee is threatening to block any nominee to head up the National Security Agency if the Obama administration follows through on a plan to decouple the spy agency from U.S. Cyber Command, the digital warfare unit established in 2009.[ Related: U.S. Cyber Command struggles to retain top cybersecurity talent ]At a hearing on cybersecurity and encryption this week, Sen. John McCain (R-Ariz.) argued for preserving the current "dual hat" operating structure with the spy agency and the cyber warfare organization co-located and under common leadership.To read this article in full or to leave a comment, please click here | Guideline |
To see everything:
Our RSS (filtrered)
