What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2016-09-06 05:09:00 | How to control your privacy in Chromebooks vs. Windows 10 (lien direct) | When it comes to privacy, both Google's Chrome OS and Microsoft's Windows 10 take an “opt-out†stance.By default, both platforms collect a variety of data about your usage, but the way they go about it is often different. While Microsoft presents users with a long list of privacy-related toggles, Google's controls are less granular. Both companies, however, make you jump through additional hoops to disable the kind of personalized ads that help them turn a profit.PCWorld recently broke down all the ways Microsoft grabs at your data in Windows 10, so it's only fair we compare that to Google's computing platform. Here's how Chrome OS and Windows 10 measure up on privacy and data collection.To read this article in full or to leave a comment, please click here | |||
|
2016-09-06 05:02:00 | IDG Contributor Network: Bugcrowd, the Match.com for developers and researchers? (lien direct) | Relationships are never easy, particularly because many of us struggle with trust. In cybersecurity, especially for application developers, trusting your product in the hands of a researcher can be a bit unnerving.When most people enter into a relationship, it is with the hope that the other party will appreciate their strengths, not identify their weaknesses. When application developers engage with researchers, though, they are hiring a virtual stranger to seek out their imperfections. On rare occasions, the hiring company and the researcher develop a professional appreciation for one another that extends beyond a single assignment. Such was the case for Aruba Networks.To read this article in full or to leave a comment, please click here | |||
|
2016-09-06 04:41:00 | Mark Cuban\'s new app leaves messages in the dust, not the cloud (lien direct) | Whisper a secret in someone's ear, not to be repeated. Intimacy and private relationships are basic human rights. Society has gone digital -- and the modern form of whispering to each other is text messaging... except that, it really isn't.Mark Cuban -- who needs no introduction -- recently told Business Insider, "There's somebody trying to hack you, your email, your company, your credit card company, and everything that you're attached to... and at some point it's going to come out."To read this article in full or to leave a comment, please click here | |||
|
2016-09-06 04:30:00 | What this expensive \'secure\' phone tells us about mobile hacking (lien direct) | Mobile security is a bit of a misnomer. Few of us can say we've been attacked by a piece of malware or have quarantined an actual virus. The odds are stacked against us. Mobile operators like Verizon and Sprint routinely scan for threats, and both Google Android and the Apple iPhone include multiple security measures on their devices, from fingerprint scanners to full encryption. Yet, there's a sneaking suspicion that mobile security is a bigger concern. According to one HP report, 67 percent of employees in the U.S. now work remotely. We're relying on phones more and more. We store sensitive business documents on them and use them to make purchases.To read this article in full or to leave a comment, please click here | |||
|
2016-09-06 04:00:00 | Malware author tries hand at PR, contacts IBM to correct blog post (lien direct) |
An author on the IBM security blog recently got an interesting request.The developer of a mobile malware kit wasn't pleased with their reporting, so they reached out to correct the record. IBM's coverage wasn't helping the criminal's business, and so the researcher's post needed fixing.The email came from the author and core developer of Bilal Bot, a low-rent Android-based malware application designed to harvest data for use in a number of schemes, including banking fraud, card fraud, and identity theft.The developer reached out to IBM's Limor Kessem after she wrote about the competition in the mobile malware marketplace.
The criminal's PR outreach centered on two points; correcting the record with two of the other kits mentioned in the post, and to make sure IBM understands the kit is no longer in beta – it has increased it's features and the pricing model has changed.To read this article in full or to leave a comment, please click here |
|||
|
2016-09-06 03:11:00 | How to create a data-centric security infrastructure (lien direct) | Data everywhere  Image by ThinkstockFirewalls, APT protection, antivirus, etc., are all necessary to protect an organization's integrity. But when you get down to the nitty gritty, it's about the data – the intellectual property, the customer PII, the M&A info, your customer data and all the information that keeps the business running. With today's multiplatform environment, your sensitive information may no longer completely be under your control. It could be on any device, shared in unauthorized locations, or accessed by the right people the wrong way. You need to manage every facet of what is being accessed, by whom, when, where, and how.To read this article in full or to leave a comment, please click here |
|||
|
2016-09-06 03:00:00 | 98 million Rambler.ru accounts surface after 2012 hack (lien direct) | LeakedSource has revealed that 98 million Rambler.ru accounts have surfaced, four years after Russia's version of Facebook was compromised in 2012. The records were shared with the breach notification service by the same person who released the Last.fm database earlier this month.The compromised Rambler.ru records were added to the LeakedSource database on Monday. Details include username (which is also the person's email address), password (stored via plaintext), ICQ account number, and other internal data.The contents of the database were verified by a Russian journalist, Maria Nefedova , who had three individuals confirm the details associated with their accounts.To read this article in full or to leave a comment, please click here | |||
|
2016-09-06 02:00:00 | SWIFT kick in the banking (lien direct) | When SWIFT made headlines back in April of 2016, I could not help but wonder how bad things really were. Many people were blissfully unaware as to what SWIFT (Society for Worldwide Interbank Financial Telecommunication) even was or what it could be used for.This is supposed to be a secure financial network that banks can use for payment authorizations. It seems that of the 11,000 reported banks that use the system not all were up to snuff on security.For example in Bangladesh, criminals were able to leverage the SWIFT system to a nefarious end to make off with $81 million dollars. Not bad for a days work. But, why was this possible? Sure, SWIFT talk a good security game but, I can think of 81 million arguments against that.To read this article in full or to leave a comment, please click here | |||
|
2016-09-05 13:39:00 | IDG Contributor Network: Mobile app reversing and tampering (lien direct) | Mobile applications are, well, applications. And like any application they need to be protected. I've been blogging about attacks on mobile like mobile malware, mobile pharming and mobile phishing and I even wrote a blog on data at rest encryption for mobile. This blog will take a very high level look at a topic that can get very deep very quickly, mobile app risks related to reversing and tampering.To read this article in full or to leave a comment, please click here | |||
|
2016-09-02 08:13:00 | The Good Ole Days Of Hacker Summer Camp (lien direct) | Only now am I starting to recover the feeling in my legs from my adventures in the Vegas desert. Over time my conference going experience has changed for me as it relates to BSides Las Vegas, Black Hat and DEF CON. Much in the same vein, the conferences themselves have changed as well.DEF CON entered a legendary status in the days at the Alexis Park Hotel. In the common vernacular you would hear the “old timers†like myself, refer to the good times at the AP. There was no end of shenanigans there and it was quite an experience. From trying to fight your way past the pool area to listening to talks in the tent on the roof (damn that was hot) as the conference had already outgrown the facilities at that point.To read this article in full or to leave a comment, please click here | |||
|
2016-09-02 07:50:00 | IDG Contributor Network: Florida privacy law adds breach notification and strengthens compliance (lien direct) | We all remember from our early education learning about the three major branches of government in the US: The executive, the legislative and the judicial branches. But how does our legal system work to create privacy law for all our different business sectors?Hint.. it's not how they do it in Europe. We begin by looking at Constitutional law. The U.S and state Constitutions are the primary source of law in America. However a state Constitution may afford more privacy protection than the broader U.S. Constitution. Enter the FIPA act of 2014 from the state of Florida. The Florida Information Protection Act. Each state has its own flavor of data privacy law if it has one at all. FIPA says, "An act relating to security of confidential personal information; providing a short title; repealing s. 4 817.5681, F.S., relating to a breach of security concerning confidential personal information in third-party possession; creating s. 501.171, F.S.; providing definitions; requiring specified entities to take reasonable measures to protect and secure data containing personal information in electronic form; requiring specified entities to notify the Department of Legal Affairs of data security breaches; requiring notice to individuals of data security breaches under certain circumstances..."To read this article in full or to leave a comment, please click here | Guideline | ||
|
2016-09-02 06:18:00 | IDG Contributor Network: 4 important tips for mentoring, coaching and growing women\'s roles in cybersecurity (lien direct) | Women are underrepresented in every industry, at every level of companies. Even more discouraging, a report from the Wall Street Journal suggests that there are significantly less women in the higher ranks of companies, indicating that growth of a female employee plateaus before their careers have even taken off. Not surprisingly, a mere 11 percent of the world's information security workforce are women and less than 2 percent of those women hold C-Suite level positions. This begs the question: how can the women that have become industry leaders help those in entry-level positions grow and develop their careers? Put simply, by acting as mentor to foster career advancement and encourage continued growth.To read this article in full or to leave a comment, please click here | Guideline | ||
|
2016-09-02 04:31:00 | IDG Contributor Network: Stop missing the vendor alerts you need (lien direct) | The digital age has given birth to an abundance of news sources, some reporting quality journalism and others delivering only half truths, or worse. It's a challenge to find the best source of information in our every day lives, and it's an even greater challenge to find the most reliable technology to help security professionals do their jobs.No doubt that third-party vendors (and every vendor in the expansive supply chain) pose risks to the enterprise, and experts advise security practitioners to use some solution that helps monitor their downstream vendors.Lots of organizations rely on Google Alerts, but as more advanced AI technologies are developed, will there be newer more advanced solutions that can provide more accurate alerts?To read this article in full or to leave a comment, please click here | |||
|
2016-09-02 03:06:00 | Fall security conferences you don\'t want to miss (lien direct) | Check out more than foliage this fall Image by ThinkstockConferences can be great opportunities for networking and information sharing. While it's a challenge to break away from the responsibilities at the office, taking a day or two to connect with peers across the industry can be invigorating and uplifting, allowing you to return with a fresh and optimistic perspective on the doldrums of threat intelligene. At the MASSTLC Conference in Cambrige, the message of keynote speaker Dave Mahon was to not see each event as a failure. Rather, see each event as an opportunity to learn. That's exactly how I feel about conferences. Attending a conference is the furthest thing from a drag. Each is an opportunity to learn. Here are nine conferences I wish I could attend this fall.To read this article in full or to leave a comment, please click here |
Guideline | ||
|
2016-09-02 03:00:00 | Myth versus fact: Open source projects and federal agencies (lien direct) | Many agencies in the federal government use approved public repositories for open source software development. According to the General Services Administration (GSA) GitHub dashboard, there are 236 federal organizations using a combined 5,254 project repositories.More federal agencies are increasing their use and creation of open source software to achieve their IT objectives. In order to best prepare for the implementation of even more open source projects, federal agencies need to understand the facts among the many misconceptions and myths surrounding public repositories. To read this article in full or to leave a comment, please click here | |||
|
2016-09-01 11:54:00 | 33% off Energizer Ultra Compact DC to AC 100W Vehicle Power Inverter - Deal Alert (lien direct) | On a road trip, camping, or during a power outage or emergency, this adapter plugs into your vehicle's power socket and, more or less, mimics a household wall power outlet. The fanless inverter quietly and safely delivers 100 watts of continuous power to your laptop, fan, DVD player, musical instrument, video game system and much more (just be mindful of the wattage requirements on your device). Dual USB ports are built-in, and with a max power output of 2.1A, the power inverter is also ideal for charging your iPhones, iPods, iPads, tablets, Samsung Galaxy, and other mobile phones or USB powered devices. Currently averaging 4.5 out of 5 stars from over 580 people on Amazon (read reviews), its typical list price of $29.99 has been reduced 33% to $19.99. See the discounted Energizer 100W power inverter now on Amazon.To read this article in full or to leave a comment, please click here | |||
|
2016-09-01 11:33:00 | IDG Contributor Network: Cyber incident response: Who does what? (lien direct) | “Who in the government will help me if we face a significant cyber incident?†It's a question I get asked all the time, and until recently, there hasn't been a clear answer. That changed last month, when President Obama issued a Presidential Policy Directive (PPD) on cyber incident coordination. The PPD identifies federal agencies to lead specific aspects of incident response in the event of a significant cyber incident. (A “significant cyber incident†is defined as a cyber incident likely to result in demonstrable harm to the U.S. economy, national security interests, foreign relations, or to the public confidence, civil liberties, or public health and safety of the American people.) Unfortunately, the federal government has responded to several significant cyber incidents over the past few years. This PPD builds upon lessons learned from responding to those incidents, as well as the federal government's experience in all types of disaster response (hurricanes, bombings, etc.).To read this article in full or to leave a comment, please click here | Guideline | ||
|
2016-09-01 10:12:00 | Guccifer gets 52 months in prison (lien direct) | The attacker with the nom de plume of Guccifer, who had breached all manner of email accounts including exposing the existence of the Clinton's ill advised self-hosted email server has gotten himself thrown in prison.This was an outcome that really comes as a surprise to no one in particular. He already had a series of convictions in Romania from 2014 as a part of his spree. The attacker from Sâmbăteni Romania, Marcel Lehel Lazar aka Guccifer pled guilty to charges including breaching systems and identity theft. The original US indictment included charges of aggravated identity theft, wire fraud and obstruction of justice.He had made some claims that he had in fact compromised an email server the Clinton's were running at home. But, as far as law enforcement could discern, this simply wasn't verifiable.To read this article in full or to leave a comment, please click here | |||
|
2016-09-01 09:14:00 | 43 million Last.fm records compromised in 2012 (lien direct) | In March of 2012, Last.fm issued a warning to users, encouraging them to change their passwords, after the music service learned of the existence of leaked account records. Turns out, the leak was 43 million records large, and four years later they've surfaced in the public. On Thursday, LeakedSource added 43,570,999 records to their database, after someone sent them the Last.fm collection. In 2012, the music service admitted the account passwords were unsalted and hashed via MD5, something LeakedSource confirmed after adding the records to their service.To read this article in full or to leave a comment, please click here | |||
|
2016-09-01 07:23:00 | IDG Contributor Network: How to make mergers and acquistions work (lien direct) | What's in a name?Ever since the end of the Industrial Revolution and into the first part of the 20th Century, companies have been buying, building and partnering with other companies. Economists might even suggest that that period of “First Wave Mergers,†back in the early 1900s, saw monopolies take over what were then the original critical infrastructure sectors of this country (railroads, electricity, shipping, etc.).In the tech space - especially where cyber security is concerned - you can almost time your watch by who's buying who, and how, like in a second marriage, the new “Mom†and the new “Dad†start planning where and how they want to manage their new household.To read this article in full or to leave a comment, please click here | Guideline | ||
|
2016-09-01 06:00:00 | Detection and response, where to begin (lien direct) | Cambridge, Mass. - As the threat landscape continues to evolve, cybersecurity experts rely more on detection and incident response, making security a collaborative exercise. But, where do they start? Many security executives used the MASSTLC Conference as a launching point.Chris Poulin, research strategist of X-Force at IBM, said, "The problem is that it takes them understanding their environment. How much is too much data being downloaded or uploaded? SIEMs look at thresholds to understand policy and compliance, but they also have to have environmental knowledge. Users don't typically up/download certain size files."Understanding their environment requires the manpower that most enterprises don't have right now. So how does a security team gain an understanding of their environment when they are inundated with alerts and spending their days putting out fires?To read this article in full or to leave a comment, please click here | |||
|
2016-09-01 05:15:00 | Report: Smartphone infection rate doubled in first half of 2016 (lien direct) | Smartphone infection rates nearly doubled during the first half of this year, from 0.25 percent to 0.49 percent compared to the second half of 2015, according to a report released today by Nokia.Nokia provides endpoint malware detection services to major mobile carriers and covers 100 million devices around the world, with the exception of China and Russia, said Kevin McNamee, director of the Nokia Threat Intelligence Lab.Android is the most targeted device, accounting for 74 percent of the infections.IPhones accounted for 4 percent and Windows phones did not show up in the statistics, due to their low market share and low infection rates.To read this article in full or to leave a comment, please click here | |||
|
2016-09-01 02:00:00 | IDG Contributor Network: Combating insider threats faced by utilities (lien direct) | Utilities within the U.S. energy sector are inundated with outside threats - often from angry customers, environmental groups, hacktivists, and criminals looking for targets of opportunity. These cyber and physical threats often focus on interrupting services or destroying critical equipment for the purposes of inflicting damage and embarrassing the utility. In order to accomplish such an attack with any magnitude, the attacker needs knowledge of the equipment or system. This is often accomplished with surveillance, probing, and conducting reconnaissance of the potential target. As you might assume, this is time intensive, has a learning curve, and is risky in terms of the bad-actor getting noticed or caught by authorities.To read this article in full or to leave a comment, please click here | |||
|
2016-08-31 14:05:00 | 24% off Zackees LED Turn Signal Bike lights (lien direct) | The use of turn signals drastically increases safety of cars. Now cycling can have that same benefit with these turn signal gloves from Zackees. These machine washable gloves are made from premium materials -- tough, flexible leather and breathable spandex. The LED lights are powerful and bright, running on rechargeable coin batteries that will last for several weeks of moderate daily use before needing a charge. Ambient light sensors increase brightness 4x during the day. These gloves average 4.5 out of 5 stars from over 150 people (read reviews), and their typical list price of $99 has been reduced 24% to $74.95.To read this article in full or to leave a comment, please click here | |||
|
2016-08-31 10:08:00 | Security skills high on jobs report (lien direct) | Recruiting and staffing specialist Robert Half Technology released its annual guide to U.S. tech salaries, which finds IT workers can expect slightly bigger pay bumps than many other professionals are getting.To read this article in full or to leave a comment, please click here | |||
|
2016-08-31 06:38:00 | IDG Contributor Network: Go for the gold! (lien direct) | This was the most exciting Olympics I have seen in a long time. Two weeks ago, we pulled over to a pizza place on a drive to Purdue University to watch Usain Bolt win the 100 meters. Seeing these remarkable athletes, I couldn't help wondering how they got to the levels of achievement they demonstrate. So I researched it. Almost all of the careers I looked at showed the importance of continuous improvement. This method can also help you achieve excellence in your security program, if not to the Olympic stage.In Simone Biles' first competition in 2011 she place third all-around. In her next she placed 20th all-around. The next year she increased her training regimen and started on the path to gold. How about the aforementioned Bolt? His early sprint career was marked by both spectacular wins and losses. His coach Glen Mills advised him “…to learn to lose, because by doing so you could figure out what you needed to do to win†(Usain Bolt: 9.58, by Usain Bolt). Nastia Liukin, a 2008 gold medal gymnast, recommends that you “…strive to achieve something on a day-to-day basisâ€.To read this article in full or to leave a comment, please click here | Guideline | ||
|
2016-08-31 06:00:00 | BrandPost: A Tale of Two T\'s (lien direct) | The first step to really understanding OT is to forget everything you know about IT.It was the best of times, it was the worst of times, it was the age of wisdom, it was the age of foolishness, it was the time of information technology (IT), it was the time of operational technology (OT), it was the time of clouds and revolution, which would cause their paths to cross in a way that neither anticipated.Industrial control, SCADA, DCS, process automation, OT; there are many names and flavors in the various relevant verticals, and there are a lot of verticals. Many of these environments were designed to last for 20 or 30 years or more, with vastly different lifecycles than IT. Surprisingly, OT environments seem to generally have a better understanding of their assets and associated criticality. They see the potential damage to those assets from physical-world incidents – like a vat that gets too hot can explode – but may fail to recognize how the condition or scenario could be precipitated by a cyber threat.To read this article in full or to leave a comment, please click here | |||
|
2016-08-31 04:25:00 | (Déjà vu) Dropbox changed passwords after 68M account records were compromised (lien direct) | Dropbox's move last week to ask users who had signed up before mid-2012 to change their account passwords followed the discovery of a large dump of email addresses and passwords related to these accounts.The online storage company confirmed late Tuesday reports that 68 million user email addresses and hashed and salted passwords from an incident in 2012 had been compromised.Dropbox said that the password reset the company completed last week covered all of the affected users so that the Dropbox accounts are protected.Last week, the company asked users who signed up before mid-2012 to change their passwords if they haven't done so since then, describing it as a preventive measure and not because there was any indication that their accounts were improperly accessed.To read this article in full or to leave a comment, please click here | |||
|
2016-08-31 04:15:00 | Crooks are selling a skimmer that works on all chip card readers (lien direct) | Think that your new EMV-compliant chip-reading point of sale terminal will keep crooks from stealing your customer credit card info?Think again.Researchers have spotted a website setting EMV skimmers -- at www.emvskimmer.com, if it hasn't already been taken down -- that claims to sell "the most advanced EMV chip data collector in the world."And it's a scary piece of equipment.According to the seller, it's powered by the point of sale terminal, and can hold information on up to 5,000 credit cards in its memory. It can also be used on machines made by Ingenico and Verifone, as well as terminals on gas station pumps, ticket purchase stations, and on small ATMs, specifically those manufactured by Triton.To read this article in full or to leave a comment, please click here | |||
|
2016-08-31 03:10:00 | How to keep viral memes from spreading malware in your enterprise (lien direct) | Perhaps the worst news about Pokemon Go is how attackers are using it to spread malware. This is not the first time bad-guy hackers have leveraged the popularity of games to spread malicious software. Viral memes spread malware, too, via drive-by attacks as people visit malicious sites that draw them by hosting or linking to the internet-based cultural sensation. Users assume that games and meme sites have integrity. This makes it easy for the hackers to push compromising software onto consumers' phones and computers and into your organization. Cyber thugs also use man-in-the-middle attacks on game apps to take control of mobile devices and launch attacks on the enterprise.To read this article in full or to leave a comment, please click here | |||
|
2016-08-30 08:25:00 | IDG Contributor Network: CASB can help address gaps in cyber security (lien direct) | Cloud computing provides huge benefits to the enterprise in the next wave of digital evaluation and will add further values as compute costs go further down. There are various benefits of using cloud services such as pay-as-you-go, being able to quickly scale up or down to match the demand, and developing new solutions by using emerging technologies like big data analytics, IoT, and machine learning capabilities.However, it also raises the cyber security challenges for enterprises to protect and secure the sensitive data and grows the privacy concern, and poses risk of IT team's ability to prevent the loss or non-compliant exposure of sensitive corporate data.To read this article in full or to leave a comment, please click here | |||
|
2016-08-30 06:41:00 | IDG Contributor Network: A tale of two PCI attestation documents (lien direct) | A pediatrician I know told me that after nearly 25 years in the field, he can accurately make a diagnosis within 2 minutes with 90 percent accuracy. Naturally, he still has to do a complete workup and examination, in addition to calming down the often nervous and anxious parents. Similarly, when it comes to PCI DSS (Payment Card Industry Data Security Standard) compliance, I've found a good indicator of a service providers level of compliance is the ease in which they share their attestation of compliance (AoC). Let me give you two recent examples.To read this article in full or to leave a comment, please click here | |||
|
2016-08-30 04:09:00 | IDG Contributor Network: Identity governance and admin: beyond basic access management (lien direct) | Identity management continues to fall into the top security efforts needed to protect information resources. However, traditional solutions rely on significant human analysis and management: analysis and management that result in high productivity costs for analysts and managers. And even then, deep understanding of identity behavior, compliance, and role requirements is often unattainable. New identity solutions, labeled in 2013 by Gartner as Identity Governance and Administration (IGA), help get the information we need to meet governance, risk, and compliance (GRC) challenges.To read this article in full or to leave a comment, please click here | |||
|
2016-08-30 03:48:00 | What to look for in endpoint detection and response tools and services (lien direct) | What you need to know Organizations are quickly learning that keeping the bad guys out of an enterprise environment isn't as simple as deploying firewalls and antivirus. As cybercriminals utilize customized malware and bypass traditional antivirus solutions, it's become necessary to take a broader and more proactive approach to protect the endpoint. This means real-time monitoring, detection and advanced threat analysis coupled with response technology.To read this article in full or to leave a comment, please click here |
|||
|
2016-08-30 03:37:00 | How cyber security pros transition to board level decision makers (lien direct) | Like most good planners, Jasper Ossentjuk is beginning to ponder how he'll transition into retirement – even though it's more than a dozen years away. “When I'm 60, do I still want to be coming into the office Monday through Friday from 9 to 5 and taking the pager home?†he wonders. In his current role as senior vice president and CISO of TransUnion, and with almost a decade of similar roles under his belt, Ossentjuk has certainly cultivated cybersecurity skills and expertise. He hopes to share his knowledge on a board of directors or on an advisory role. There's just one thing standing in Ossentjuk's way. He needs to get on the radar of those key executives who are often asked to recommend someone for those rare and highly sought-after seats. So far “nobody is coming forward and saying, 'here is the manual on how this works,'†he says.To read this article in full or to leave a comment, please click here | |||
|
2016-08-29 09:10:00 | IDG Contributor Network: Hackers prey on human resources using ransomware (lien direct) | Whether job seekers submit their resumes via email attachments or LinkedIn, the files present risks, and hackers continue to target human resources organizations, particularly with ransomware.It's no secret that this year has been deemed the year of ransomware, and for every bitcoin criminals are earning, there's a newly evolved version making its way through your files.Petya, though, encrypts the hard drive rather than files. It has been a popular choice of ransomware targeting HR, coming through spam emails posing as authentic job applications.[ ALSO ON CSO: Tricks that ransomware uses to fool you ]To read this article in full or to leave a comment, please click here | |||
|
2016-08-29 07:58:00 | FBI: Common scanning tools used to target state election systems (lien direct) | An FBI memo citing information released by MS-ISAC (Multi-State Information Sharing Analysis Center) says that foreign actors are using common scanning tools to locate vulnerable election systems. There is evidence to suggest, but not conclusively prove, that at least two incidents are connected to these scans.The Memo: The Amber TLP memo, which was leaked to the press, is a need-to-know memo circulated by the FBI. The source of the leak isn't known.The leaked memo focuses on information shared by MS-ISAC concerning the July 2016 data breach at a state election website. Further, the memo goes on to say that a second attempt was made in August 2016 on a separate election website. While the targeted election websites are not named, evidence suggests that the memo is referencing the incidents in Illinois and Arizona.To read this article in full or to leave a comment, please click here | |||
|
2016-08-29 06:18:00 | Social media, the gateway for malware (lien direct) | Easy to access, widely used, and outside of enterprise control, social media sites are gold mines for malicious actors. People share a lot of seemingly innocuous information, which is exactly the kind of data that hackers love to collect and use in phishing or spear phishing campaigns. A recent NopSec 2016 State of Vulnerability Risk Management Report found that organizations use inadequate risk evaluation scoring systems. The report claimed that social media -- which often isn't included in any risk evaluation system -- is now a top platform for cybersecurity. So, what's the correlation between social media and the rise in malware?To read this article in full or to leave a comment, please click here | |||
|
2016-08-29 05:49:00 | Deception technology grows and evolves (lien direct) | Deception technologies such as honeypots are becoming increasingly popular with enterprises as the products get more flexible and the tools allow security analysts swamped with incident reports to zero in on cases of actual ongoing infiltration. According to a report released in August by research firm Technavio, the deception technology market is growing at a compound annual growth rate of 9 percent, and is predicted to reach $1.33 billion by 2020. The technology includes not only the traditional honeypots but also a new class of multi-layered, distributed endpoint decoys, according to Technavio analyst Amrita Choudhury.To read this article in full or to leave a comment, please click here | |||
|
2016-08-29 03:20:00 | Are InfoSec vendors \'sowing confusion\' and selling \'useless\' products? (lien direct) | As a journalist, you know the drill at media briefings. Hosted and paid-for by a vendor, and with speakers from the company - as well as (usually) an end-user or an academic, the idea is to bring journalists together with the experts to discuss the prominent matters in the industry. And if those issues and industry challenges can be resolved with one of the vendor's solutions then everyone's a winner. The vendor gets the business, the press coverage and the thought leadership, while the journalist gets the story, the contacts and the free lunch. The speakers get some media air-time. It's no surprise then, that these are usually enjoyable, if tame, affairs.To read this article in full or to leave a comment, please click here | Guideline | ||
|
2016-08-29 00:00:00 | IDG Contributor Network: Data at rest encryption for mobile devices (lien direct) | Data at rest encryption is about as far from a cutting-edge topic as one can get. But while encrypting inactive data that is stored digitally is regarded by most security professionals as a must have, as well as data in use and data in transit for that matter, there are some special considerations that need to be thought through on the mobile side of the equation. This is my latest in a number of blogs that looks at the intersection between traditional security issues and mobile. I've also written about mobile malware, mobile pharming and mobile phishing. I wanted to tackle data at rest encryption on mobile because like these other blogs, the particulars can be very different for mobile devices vs. traditional devices. To read this article in full or to leave a comment, please click here | |||
|
2016-08-27 06:40:00 | Opera warns Sync users of possible data breach (lien direct) | On Friday, Opera, the Norwegian company responsible for the popular browser, warned users that the Opera Sync service might have been compromised. In response, the company issued a forced password reset for all Sync users.Opera sent the emails to Sync user base after they detected "signs of an attack where access was gained to the Opera sync system," the company said."This attack was quickly blocked. Our investigations are ongoing, but we believe some data, including some of our sync users' passwords and account information, such as login names, may have been compromised."To read this article in full or to leave a comment, please click here | |||
|
2016-08-26 08:18:00 | 31% off Seagate Backup Plus Ultra Slim 2TB Portable External Hard Drive - Deal Post (lien direct) | The Backup Plus Ultra Slim Portable Drive is one of Seagate's thinnest and most eye-catching portable hard drives. Available in stunning gold and platinum colors- style meets storage- and easily slips into your backpack along with your other essentials. At 9.6mm thin, capacity is not sacrificed with 1TB and 2TB options-bring your most important files and head out the door. Back up and manage your favorite files from your computer, tablet and mobile devices using the Seagate Dashboard. Run a one-click backup or schedule an automatic backup plan to help protect your files. Convenient tools for local, mobile, cloud and social media backup at the ready. With high-speed USB 3.0 and 2.0 connectivity, you can depend on seamless plug-and-play functionality. And the USB bus-power eliminates the need for an external power supply, letting you access your files while on the move. The Lyve mobile and desktop app gives you the ability to access a single, consolidated and personalized photo and video library. When you purchase a Backup Plus Ultra Slim Portable Drive, you get 200GB of OneDrive cloud storage for 2 years (US$95 value).   The Backup Plus Portable Drive averages 4.5 out of 5 stars on Amazon(read reviews). It's typical list price of $129.99 has been reduced 31% to $89.99 on Amazon.To read this article in full or to leave a comment, please click here | |||
|
2016-08-26 07:48:00 | Who needs a bug bounty when you got this? (lien direct) | Does shorting a stock for profit signal a new trend in security research?Bug bounties and programs to find and address security issues are on the rise. The bounty programs offer a way to coordinate efforts. They offer the potential of reward for those who discover and disclose. Bug bounties are an emerging marketplace. Some rewards are generous. Others draw criticism. One group took a different approach.  They partnered with a financial firm to share their research. Then they shorted the stock of the company right before disclosing what they found. They profited when the stock dropped. They set their own payout. It's not clear if they did anything illegal. The ethics of the approach is getting a lot of discussion.  To read this article in full or to leave a comment, please click here | Guideline | ||
|
2016-08-26 07:17:00 | IDG Contributor Network: Measuring security (lien direct) | Measuring security is sort of like measuring happiness. How do you compare your happiness with someone else's? Are you happy? Are you happier today than you were yesterday? Will the things that make you happy today make you happy tomorrow? More importantly, will you discover that you thought you were happy, but it was only because of ignorance? Measuring security is one of the most difficult tasks a security leader faces. How do you measure something that has no quantifiable definition? There just isn't an accepted metric by which to measure or compare, yet this is exactly what most board members want to know. I always chuckle when I review a new contract for our company that has verbiage that says we must maintain “adequate securityâ€. Do you know what “adequate security†means? I do. It means you haven't been breached yet. By definition, once you are breached, your security wasn't adequate. Agreeing legally to maintain “adequate security†is tantamount to legally agreeing to never be breached.To read this article in full or to leave a comment, please click here | Guideline | ||
|
2016-08-26 06:27:00 | IDG Contributor Network: Voice technologies make waves in security (lien direct) | Who is this? It's a question we rarely have to ask of callers these days with caller ID, but I remember back in the days of land lines when a call or two came through from a person whose voice I didn't recognize.Parents warned their children not to talk to people they didn't know and to never tell a stranger they were home alone. Children complied because even at a young age, we are able to recognize each other through voice.Not only do we identify people by their voices, but we also make assumptions about people based on their voice, said Rita Singh, research scientists, Carnegie Mellon University.Singh said her work focuses on the core algorithmic aspects of computer speech recognition, and the understanding of and learning from speech signals. "The goal of my work is to enable computing machines to recognize speech better in general, especially in high noise and complex environments," Singh said.To read this article in full or to leave a comment, please click here | |||
|
2016-08-26 04:57:00 | IDG Contributor Network: Skills for a new age – the need for data fluency in the info economy (lien direct) | At the turn of the 18th to 19th centuries, the academic world was on the cusp of a long period of upheaval. Traditional methods of instruction – tutoring students in Latin, Greek, theology, and rhetoric – had been in place since the Italian Renaissance. The great force of the Industrial Revolution was upending the needs of society and, as a result, academia was destined for seismic changes in the content, quality, accessibility and delivery of education.The rise of industry demanded professionals with new skills. Archaic languages gave way to the sciences and engineering. Rhetoric and theology remained, but the canon of higher education broadened to encompass the needs of the emerging economy. Even with these changes, it would take a further century to see the launch of the Harvard Business School in 1908.To read this article in full or to leave a comment, please click here | |||
|
2016-08-26 04:00:00 | NASA CIO allows HPE contract to expire, refuses to sign-off on authority to operate (lien direct) | In the wake of continued security problems, NASA's CIO is sending a no-confidence signal to Hewlett Packard Enterprise, which received a $2.5 billion contract in 2011 to address problems with the agency's outdated and insecure information technology infrastructure.In late July, CIO Renee Wynn, who took over the job last fall, took the unprecedented step of not signing off on the contract's "authority to operate," which expired on July 24."I have to applaud Renee for stepping up here," said government security expert Torsten George, vice president at Albuquerque, NM-based RiskSense, Inc. "You can almost call her a whistleblower. It's a bold move. Not a lot of people would have made that move, for career reasons."To read this article in full or to leave a comment, please click here | Guideline | ||
|
2016-08-26 03:53:00 | Real-life examples test whether you are prepared for a cyberattack? (lien direct) | Are you ready?To read this article in full or to leave a comment, please click here | |||
|
2016-08-25 07:41:00 | How to handle the aftermath of being hacked (lien direct) |
After a company has been hacked and the hack has been discovered to be a harmful one, top executives and IT leaders normally huddle in a room to assess the loss.It's usually not a pretty scene.It's not as if heads are exploding. It is more like what some might call a tense "come to Jesus" moment."It's not good," said cyber security expert Tyler Cohen Wood. She's participated in post-hack forensics sessions at companies and has witnessed the faces of panicked executives firsthand. Inspired eLearning
Tyler Cohen Wood is cyber security advisor to elearning company Inspired eLearning, and was previously a Defense Intelligence Agency cyber deputy division chief.To read this article in full or to leave a comment, please click here |
Guideline |
To see everything:
Our RSS (filtrered)
