What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2016-08-25 07:18:00 | How to get a job as a security engineer (lien direct) | In a world where a teenager can remotely steal customers' bank and personal details and cause millions of pounds worth of damage to telecoms giant TalkTalk from his bedroom, the role of the security engineer has never been more important.The risk of financial and reputational damage caused by a data breach has led to greater demand for security engineers, and a growing skills gap.A Global Information Security Workforce Study cited by former Chancellor George Osborne in a speech in November predicts a 1.5 million employee shortage in the sector by 2020. "We will never succeed in keeping Britain safe in cyberspace unless we have more people with the cyber skills that we need," Osborne told the Government Communications Headquarters (GCHQ).To read this article in full or to leave a comment, please click here | |||
|
2016-08-25 03:46:00 | 10 tips for retaining top IT talent (lien direct) | ||||
|
2016-08-25 03:10:00 | Data lakes security could use a life preserver (lien direct) | As big data initiatives gain steam at organizations, many companies are creating “data lakes†to provide a large number of users with access to the data they need. And as with almost every type of new IT initiative, this comes with a variety of security risks that enterprises must address. Data lakes are storage repositories that hold huge volumes of raw data kept in its native format until it's needed. They're becoming more common as organizations gather enormous amounts of data from a variety of resources. The growing business demand for analytics is helping to fuel the move to large repositories of data. And data lakes are likely to take on even more significance with the growth of the internet of things (IoT), in which companies will gather data from and about countless networked objects.To read this article in full or to leave a comment, please click here | |||
|
2016-08-24 11:42:00 | IDG Contributor Network: In defense of “Good Enough†security (lien direct) | Given enough time and resources, every security technology is breakable. But for most people, it doesn't take perfect security to become considerably more secure than average. Security wonks like me often give lists of ways to lock your system down against all but the most determined adversaries, but in truth just taking a few big steps towards better protecting our data is enough. As long as they're the right steps. We can all think of some security technology that has been declared “dead†or that is widely proclaimed to be unsafe: AV is “deadâ€. Passwords are “deadâ€. Using text messaging for two-factor authentication should be killed off. Biometric scanners on phones are “brokenâ€. But does this really mean that these technologies should be abandoned? In my opinion, they should not. And by waxing hyperbolic about their demise, we're decreasing security overall.To read this article in full or to leave a comment, please click here | Guideline | ||
|
2016-08-24 11:12:00 | How can we improve awareness training? (lien direct) | As more companies face the realities of cybercrime, malware and data breaches, many of them are turning to security awareness training programs to keep their employees from becoming the next victim of an attack. But a lot of these programs are ineffective, giving employees a “read this email, watch this video†program, and the CSO a “box to check offâ€. In the latest episode of Security Sessions, I spoke with Bill Rosenthal, CEO of Logical Operations, about the lack of effective security awareness programs at companies. Among the highlights of the video are the following sections: 1:14 The current state of security awareness training at companies. 2:49 What will it take to get more companies on board with security awareness training? 3:51 Why don't end users follow cyber-security policies? How can IT engage them more? 5:37 Why going beyond self-assessment training is needed for most companies. 7:20 Figuring out different training for different employee roles. 8:54 Advice for security executives on improving engagement with end users beyond the weekly security email.To read this article in full or to leave a comment, please click here | |||
|
2016-08-24 10:45:00 | BrandPost: Uh oh: The Bad Guys Love the Cloud Just as Much as We Do (lien direct) | Oh how we love the public cloud-with its ability to quickly spin up services and grow compute rapidly to meet our customers' demands. What an amazing opportunity for our organization. We also love software as a service (SaaS) with its ease of use and ability to access applications anywhere at any time from most any device. What is there not to love? Unfortunately, our nemeses are as enamored as we are. The wonderful attributes that make these services so attractive to us are equally attractive to cybercriminals.Just a few weeks ago, researchers at Intel Security uncovered ransomware attacks hosted in the public cloud. These files could have been the payload of a ransomware attack-the crypto malware where an infected URL is directed, that would then be downloaded and installed on the user's machine, locking it from usage. Or perhaps these files were part of a ransomware service, where cybercriminals are sharing malware from the cloud to further distribute them.To read this article in full or to leave a comment, please click here | |||
|
2016-08-24 08:08:00 | vBulletin vulnerabilities expose 27 million accounts, including gamers on mail.ru (lien direct) | Recently exploited software vulnerabilities in vBulletin have exposed more than 27 million accounts across nearly a dozen websites.A majority of the compromised accounts are linked to three games on mail.ru. In addition to the gaming accounts, more than 190,000 accounts were exposed on expertlaw.com, as well as more than 100,000 accounts on gamesforum.comCombined, the compromised mail.ru domains allowed LeakedSource to add 25,133,805 accounts to their database on Wednesday. At the time of notification, they had managed to crack 12,463,300 passwords.The compromised mail.ru accounts were exposed recently (August 2016) and are from the gaming side of the company. CFire, Parapa, and Tanks accounts were all exposed. The Parapa forums were also compromised.To read this article in full or to leave a comment, please click here | |||
|
2016-08-24 07:26:00 | What you need to do to stop data from leaving with exiting employees (lien direct) | It may come as a surprise, but more likely than not, when employees leave a company they're taking company data with them. While it's not always out of malicious intent, the amount of unprotected company information that walks out the door can result in bigger losses in the future.Biscom's national study around data in the workplace revealed that more than one in four employees leave their job with company data. The study spotlights employees as a big security vulnerability to business data. To help prevent this, Bill Ho, CEO of Biscom, offers a few tips to minimize this threat.1. Establish clear employee policies on handling company data and informationTo read this article in full or to leave a comment, please click here | |||
|
2016-08-24 04:15:00 | As Zika looms, a question arises: Who gets to telecommute? (lien direct) | Florida's announcement Tuesday that a locally transmitted Zika case turned up Pinellas County, which includes St. Petersburg, moves reported cases of the virus a little closer to Georgia. That's where Maria Stephens, who is pregnant, works as a senior data research analyst.Stephens was initially skeptical about Zika and paid little attention to the headlines about it.“I don't really respond to dramatization and felt that things were possibly being blown out of proportion,†said Stephens. “I'm a statistician at heart and only listen to numbers, so when my quant-minded OB-GYN shared the figures with me, this threat became a lot more real."To read this article in full or to leave a comment, please click here | |||
|
2016-08-23 14:34:00 | BrandPost: Securing the skies: Cybersecurity in aviation (lien direct) | It's no secret that the rise of the Internet of Things (IoT) introduces a host of new cybersecurity challenges and vulnerabilities. A recent report from AT&T surveyed the data risks – and the physical threats – that compromised IoT systems could pose. Few of those risk scenarios are more frightening than that of a hacker taking over the controls of an in-flight plane.That scenario seemed to be playing out just over a year ago, in April 2015, when a passenger onboard a flight tweeted that he had tapped into the plane's operational systems by hacking the in-flight entertainment system. A subsequent FBI investigation found that the hacker claimed to have made a plane climb and move sideways on an earlier flight. Many experts soon disputed these claims, but they were enough to shine a spotlight on the growing dependency of modern aircraft on digital controls and multiple networks.To read this article in full or to leave a comment, please click here | |||
|
2016-08-23 14:20:00 | BrandPost: Where are the cybersecurity experts? (lien direct) | There's no way to sugarcoat it; the shortage of cyber security professionals is at an all-time high just as attacks are also reaching record levels. By various estimates, there will be a global shortage of between four and six million security pros between now and 2020. The Peninsula Press project of the Stanford University Journalism Program determined that more than 209,000 cybersecurity jobs in the U.S. were unfilled, with vacancies up 74% over the past five years. A recent Enterprise Strategy Group survey found that 46% of organizations say they have a “problematic shortage†of cybersecurity skills.To read this article in full or to leave a comment, please click here | |||
|
2016-08-23 14:11:00 | Journalists are easy targets for hackers, and that shouldn\'t surprise anyone (lien direct) | Earlier today, the news broke that Russian intelligence is suspected of hacking journalists at the New York Times and other media outlets. The idea that intelligence agencies would target the media isn't at all surprising. But what may surprise some is how easily a journalist or the company they work for can be targeted. There are a number of ways a person can be compromised. This number expands if the individual in question is being targeted by an intelligence agency. Criminals have a limited amount of time and resources at their disposal, but governments have no such restrictions. Funny enough, many of the same tricks that led to massive breaches at healthcare organizations, law firms, government agencies, banks, etc. are the things intelligence agencies will use – namely, software vulnerabilities and Phishing.To read this article in full or to leave a comment, please click here | |||
|
2016-08-23 12:28:00 | Epic Games forum hack underscores the need to install security patches (lien direct) | A recent data breach at Epic Games may have been avoided if the company had simply installed a security patch.On Monday, Epic Games reported that its internet forums had been compromised. The leaked data includes email addresses and hashed passwords taken from legacy forums at Infinity Blade, previous Unreal Tournament games, and an archived Gears of War forum.Epic Games declined to explain how the leak occurred, but a website that stores information on data breaches said hackers were responsible and that 808,000 users are affected.The anonymous attackers targeted the vBulletin forum software on Aug. 11, according to the website Leaked Source, which has been in contact with the hackers.  To read this article in full or to leave a comment, please click here | |||
|
2016-08-22 22:20:00 | BrandPost: When tactics get in the way of strategy (lien direct) | Buying the latest antivirus software or firewall can help bolster enterprise cybersecurity, but don't confuse tactical responses to cyberattacks with strategy.To be sure, tactics and strategy are inextricably intertwined and both are crucial components of any cyberplan. But there's a temptation to conflate the two, a misunderstanding that dooms organizations to play a losing game of catch up.This is more than a minor semantic distinction. If tactics are not moored to a broader organizational strategy, IT is always going to wind up applying security fixes only after the damage is already done.Cybercriminals constantly change the terms of engagement and technologies in response to obstacles that defenders erect in their way. CSOs now find themselves battling against a multiplicity of actors - including nation state actors, cybercriminals, hacktivists, and non-state “for-hire groups - who are on the cutting edge when it comes to techniques and procedures.To read this article in full or to leave a comment, please click here | |||
|
2016-08-22 13:05:00 | Despite billions spent on cybersecurity, companies aren\'t truly safe from hacks (lien direct) | Last year, private sector companies globally spent more than $75 billion on security software to safeguard their systems and data.That number is expected to grow about 7% annually, according to Gartner and other analyst firms. It doesn't include all the massive amounts spent on fraud prevention by banks, a number that is widely underreported and expected to reach into the billions annually.Has all that spending made private sector data and systems any safer? Is customer personal data any safer? MORE ON CSO: How to spot a phishing email The general answer is no, according to many analysts, but that's not necessarily because the latest software is considered ineffective.To read this article in full or to leave a comment, please click here | |||
|
2016-08-19 13:49:00 | How cyber attacks work [Infographic] (lien direct) | For their 2016 Cyber Weapons Report security startup LightCyber used network analysis to understand what tools hackers use "to expand their footprint," that is, the tools they use to communicate with command and control servers, gain access privileges, and access new hosts.To read this article in full or to leave a comment, please click here | |||
|
2016-08-19 03:00:00 | Eddie Bauer is latest retailer to be hit by point-of-sale malware (lien direct) | Clothing retailer Eddie Bauer has informed customers that point-of-sale systems at its stores were hit by malware, enabling the theft of payment card information. All the retailer's stores in the U.S. and Canada, numbering about 350, were affected, a company spokesman disclosed Thursday. He added that the retailer is not disclosing the number of customers affected. The card information harvested included cardholder name, payment card number, security code and expiration date. The retailer said that information of payment cards used at its stores on various dates between Jan. 2 and July 17, 2016 may have been accessed, but added that not all cardholder transactions were affected. Payment card information that was used for online purchases at its website was not affected.To read this article in full or to leave a comment, please click here | |||
|
2016-08-18 04:00:00 | Hype and buzzwords lead to confusion, as vendors leverage the halo effect (lien direct) | Vendors serving the InfoSec market are quick to sling buzzwords and jargon, but do the terms used accurately reflect their product's abilities? Sometimes the marketing is correct, but most of the time the pitches are full of FUD and sensationalized with hype.Earlier this month, security vendors from all over the globe flooded Las Vegas to showcase their products and meet with potential buyers during Black Hat. Like the RSA conference, which is held at the start of the year, vendors spend a good deal of money and time getting out to Las Vegas in order to attend the business side of what's affectionately called hacker summer camp.To read this article in full or to leave a comment, please click here | Guideline | ||
|
2016-08-16 13:38:00 | Google details security features in Android 7.0 \'Nougat\' (lien direct) | During an hour-long Hangouts web chat for the media and select IT professionals, Google today provided a glimpse of some of the new security features in its upcoming mobile OS, Android 7.0 "Nougat," which should be available on Google Nexus devices "in a few weeks," according to the company. The online briefing wasn't meant to be exhaustive. Instead, it provided a top-level look at a set of new security and management tools in Android Nougat and Android for Work. Here's a breakdown of some of the most notable security improvements in Nougat, for Android users and IT administrators.To read this article in full or to leave a comment, please click here | |||
|
2016-08-16 13:36:00 | Snowden: Auction of stolen NSA malware likely political (lien direct) | A public auction of stolen NSA malware may be a warning to the U.S. that blaming Russia for the hack of the Democratic National Committee could have dire consequences, says Edward Snowden, who also famously breached NSA security. In a series of tweets, Snowden spelled out his interpretation of what's behind the auction of hacking tools allegedly stolen from the NSA, and he concludes that Russia is trying to demonstrate it has ammunition to strike back if the U.S. exacts penalties for the DNC breach.To read this article in full or to leave a comment, please click here | |||
|
2016-08-15 13:38:00 | NSA hacked? Top cyber weapons allegedly go up for auction (lien direct) | An anonymous group claims to have stolen hacking tools that might belong to the National Security Agency and is auctioning them off to the highest bidder.It's a pretty bold claim, but the hackers have offered sample files, and some security researchers say they appear to contain legitimate exploits.The files were allegedly stolen from the Equation Group, a top cyberespionage team that may have links to the NSA.The Equation Group is known to use some of the most advanced malware and probably helped develop the infamous Stuxnet computer worm, according to security firm Kaspersky Lab.To read this article in full or to leave a comment, please click here | |||
|
2016-08-15 02:30:00 | Sounds from your hard disk drive can be used to steal a PC\'s data (lien direct) | Researchers have found a way to steal a PC's data by using the mechanical noise coming from the hard disk drives inside. It's not a very practical hack, but the scheme has been designed for “air-gapped†systems, or computers that have been sectioned off from the Internet. The researchers at Ben-Gurion University of the Negev in Israel have been studying how to use sound to extract information from air-gapped computers. In June, they showed that even a PC's cooling fans can be controlled to secretly transmit data, including passwords and encryption keys.To read this article in full or to leave a comment, please click here | |||
|
2016-08-11 09:57:00 | How well does social engineering work? One test returned 150% (lien direct) |
White hat hackers see companies at their worst. It is, after all, their job to expose weaknesses. Network World Editor in Chief John Dix recently chatted with penetration testing expert Josh Berry, Senior Technology Manager at Accudata Systems, an IT consulting and integration firm based in Houston, to learn more about the attack techniques he encounters and what he advises clients do to fight back.
Josh Berry, Senior Technology Manager, Accudata SystemsTo read this article in full or to leave a comment, please click here |
|||
|
2016-08-11 09:53:00 | Snowden and Huang hope to help smartphones go dark (lien direct) | “Privacy is dead,†has been a mantra, for different reasons, for generations. In the cybersecurity community, it has been conventional wisdom for at least a decade. But Edward Snowden and Andrew “bunnie†Huang apparently think they can revive it a bit, at least if you own an iPhone 6.Their goal, they say in a white paper titled, “Against the Law – Countering Lawful Abuses of Digital Surveillance,†is to create an add-on hardware component that will protect “front-line journalists†in repressive regimes where governments have demonstrated the capability to track people through their smartphones even if the devices are set to “Airplane Mode.â€To read this article in full or to leave a comment, please click here | |||
|
2016-08-11 05:03:00 | Use the internet? This Linux flaw could open you up to attack (lien direct) | A flaw in the Transmission Control Protocol (TCP) used by Linux since late 2012 poses a serious threat to internet users, whether or not they use Linux directly.That's the key finding of a research study that's scheduled to be presented Wednesday at the USENIX Security Symposium in Austin, Texas.The TCP weakness, identified by researchers from the University of California at Riverside, enables attackers to hijack users' internet communications completely remotely. It could be used to launch targeted attacks that track users' online activity, forcibly terminate a communication, hijack a conversation between hosts or degrade the privacy guarantee of anonymity networks such as Tor, the researchers said.To read this article in full or to leave a comment, please click here | |||
|
2016-08-11 04:59:00 | Want secure code? Give devs the right tools (lien direct) | The Internet has serious security problems that need to be fixed. Despite many calls to action over the years for the industry to band together and work on solutions, progress has been mild. What's needed isn't necessarily more security technology. What's needed are better tools for developers so that they can improve the security of their code.In his keynote at Black Hat in Las Vegas, Dan Kaminsky, chief scientist and co-founder of White Ops, advocated for environments and coding frameworks that make it easier for developers to implement security without compromising usability or stifling creativity. His keynote, “The Hidden Architecture of Our Time: Why This Internet Worked, How We Could Lose It, and the Role Hackers Play,†called on the security industry to think about how new programming environments could have basic functionality and security features built in and turned on by default.To read this article in full or to leave a comment, please click here | |||
|
2016-08-11 04:57:00 | IDG Contributor Network: Presentations show the auto industry needs to shore up cars\' security (lien direct) | Once again automotive cybersecurity researchers Charlie Miller and Chris Valasek hacked into a Jeep Cherokee and showed that they can take control of the car steering wheel and brakes- but this time at high speeds, not low speeds (self-parking mode) as they did in July 2015. This year's Black Hat conference also offered a "Car Hacking--Hands on" training with Robert Leale, founder of CanBusHack.For a few years, the auto industry has been under fire, motivating manufacturers to focus more on security. That's one reason why connected car vulnerabilities has been a notable event at major conferences. In its endeavors to build stronger security, the industry at large has invested extensive resources into researching and educating practitioners. To read this article in full or to leave a comment, please click here | |||
|
2016-08-11 00:00:00 | IDG Contributor Network: Mobile malware – same attacks – different pathogens (lien direct) | I've been blogging about mobile attacks and how they can be different than attacks on more traditional platforms. For example, I wrote about: Mobile phishing – same attacks – different hooks Mobile pharming – same attacks – different seeds Now I've turned my focus to mobile malware. Like phishing and pharming, malware has shown considerable staying power on traditional devices and evolved to work with mobile devices. The theory of malware, or self-reproducing code at least, can actually be traced back to 1949 with early experimental code and exploits in the 1970s. Today malware like CryptoLocker, Zeus and of course Stuxnet are part of our shared industry vernacular. To read this article in full or to leave a comment, please click here | |||
|
2016-08-10 11:22:00 | Official Dota 2 forum hack leaks nearly 2 million user passwords (lien direct) | While the blockbuster International 2016 tournament plays out on the front page of Dota 2's website, more sinister machinations are grinding away in the background. Overnight, breach notification site Leaked Source revealed that a hacker has allegedly pilfered sensitive information about nearly two million user accounts on the official Dota 2 message board.“This data set contains 1,923,972 records. Each record contains an email address, IP address, username, user identifier, and one password,†Leaked Source reports. The attack allegedly occurred one month ago, on July 10, via an SQL injection vulnerability in the old vBulletin forum software used by the site, according to ZDNet.To read this article in full or to leave a comment, please click here | ★★ | ||
|
2016-08-10 11:18:00 | A new $500,000 iOS bug bounty beats Apple\'s offer (lien direct) | A security firm is offering up to $500,000 for information on zero-day vulnerabilities in iOS, surpassing Apple's bug bounty just days after it was announced.On Tuesday, Texas-based Exodus Intelligence said it will give between $5,000 and $500,000 for zero-day vulnerabilities relating to iOS version 9.3 and higher.These zero-days are software flaws that have gone undetected by Apple, making them potentially very valuable, especially for cyber criminals who can use them to hack iPhones. [ ALSO ON CSO: Why bug bounty hunters love the thrill of the chase ]To read this article in full or to leave a comment, please click here | ★★★★★ | ||
|
2016-08-10 06:58:00 | Microsoft patches 27 flaws in Windows, Office, IE, and Edge (lien direct) | Microsoft released another batch of security patches Tuesday, fixing 27 vulnerabilities in Windows, Microsoft Office, Internet Explorer, and its new Edge browser.The patches are organized in nine security bulletins, five of which are rated critical and the rest important, making this Microsoft patch bundle one of the lightest this year in terms of the number of patches.All of the issues resolved this month are in desktop deployments, but Windows servers might also be affected depending on their configuration."For example, Windows servers running Terminal Services tend to act as both desktop and server environments," said Tod Beardsley, security research manager at Rapid7, via email. However, the majority of Windows server admins out there can roll out patches at a fairly leisurely pace, he said.To read this article in full or to leave a comment, please click here | ★★★★ | ||
|
2016-08-10 06:48:00 | How to block phishers when they come a knockin\' (lien direct) | Just like throwing out a fishing line into the water, a phisher waits for just the slightest nibble before pouncing on a network.Eyal Benishti, CEO of IronScales, says the way to cut off the phishers food supply is to first go to the core of the issue: employee awareness. The CEO notes that cybercriminals by nature are lazy. “If your organization is a tough nut to crack, they will move on to find more low-hanging fruit,†Benishti says.According to the Verizon data breach investigation report published earlier this year, phishing remains a major data breach weapon of choice. Trend Micro added that ransomware is expected to be one of the biggest threats in 2016 and that a single ransom demand will go much higher, reaching seven figures.To read this article in full or to leave a comment, please click here | |||
|
2016-08-10 04:50:00 | Census outage was caused by DoS attacks, says Australian statistics agency (lien direct) | The Australian Bureau of Statistics (ABS) has blamed Denial of Service attacks originating from overseas for the outage which hit the census website last night. But security experts have expressed their doubts. The website received three DoS attacks through the evening, the bureau said, but after a fourth attack at around 7.30pm, it decided to close down the system to 'ensure the integrity of the data'.ALSO ON CSO: The 15 worst data security breaches of the 21st century “Probably when many people had finished their dinner and were sitting down to use the online census form we had a fourth attack where we took the precaution of closing down the system to ensure the integrity of the data,†ABS chief David Kalisch told ABC Radio's AM programme this morning.To read this article in full or to leave a comment, please click here | |||
|
2016-08-10 04:49:00 | Does entertainment trump security in connected cars? (lien direct) | Reduction in sales and damage to brand are potential bottom line impacts that auto manufacturers need to be concerned about when it comes to security risks and connected cars. According to a newly released IOActive report , "Commonalities in Vehicle Vulnerabilities", authored by senior security consultant Corey Thuen, "39 percent of vulnerabilities are related to the network. This is a general category that includes all network traffic, such as Ethernet or web."Using security best practices publications to design connected cars can mitigate up to 45 percent of vulnerabilities, yet OBD2 adapters, telematics systems and other embedded devices remain security problems in the modern vehicle.To read this article in full or to leave a comment, please click here | |||
|
2016-08-09 12:54:00 | IDG Contributor Network: Maturity models can compel your leadership to action (lien direct) | The cyber environment is filled with threats. It's virtually impossible to avoid “INFRASTRUCTURE FACES IMMINENT CYBER ATTACK,†or something very similar every time you encounter online or television news. Nobody argues that there's no threat. At the same time few people, much less experts, agree on how to solve the threat. Let's go a step beyond acknowledging our infrastructure is in danger. How do we quantify the threat and our preparation to respond? How do you, our nation's cybersecurity professionals, assess the readiness and agility of an organization, and more importantly how do you describe the threat and defense landscape to people outside the profession? To read this article in full or to leave a comment, please click here | Guideline | ||
|
2016-08-09 09:44:00 | Many bluetooth smart locks open easily for attackers (lien direct) | Security researchers used the recent Def Con hackers' convention to show just how easily some Bluetooth-based smart locks can be opened.Researchers Ben Ramsey and Anthony Rose of Merculite Security took a look at 16 smart locks from companies such as Ceomate, Elecycle, iBlulock, Mesh Motion, Okidokey, Plantraco, Quicklock, and Vians. Ramsey and Rose discovered that of those 16 locks, 12 could be hacked. Several of them could also be hacked with little to no effort. The researchers' presentation slides are available on GitHub; the presentation was first reported by Tom's Guide.To read this article in full or to leave a comment, please click here | |||
|
2016-08-09 09:43:00 | IDG Contributor Network: What\'s happening with email? (lien direct) | During the hot summer months, many of us are being asked to pay attention to our water usage. A faulty sprinkler head in your lawn's sprinkler system can result in water all over your lawn. Perhaps you have a leaky faucet, and water just drips away.Email is like a leaky faucet. Lots of towns have instituted water bans in an effort to conserve water, which is one solution to fixing a problem. Just don't use it isn't the most effective way to mitigate risks and vulnerabilities in the digital world, though, especially when it comes to email.There is an entire ecosystem of email protection, which includes email security. Email security is not only about inbound hygiene, but a more holistic email protection solution. As part of any layered security system for the enterprise, both email protection and email security have to exist.To read this article in full or to leave a comment, please click here | |||
|
2016-08-09 07:51:00 | IDG Contributor Network: Pokémon Go\'s strategy could thwart cybersecurity threats (lien direct) | By now most people already know the Pokémon GO is a free to play iOS and Android AR game that leverages physical location as its core gaming mechanism. User location data is used a) the gamer's avatar is represented in a simplified virtual map of his or her location b) when a Pokémon character (cure creatures) is nearby, user's smartphone camera can be used to scan the nearby area to find and catch the Pokémon. It also provide known as Gyms in the game, in the local landmarks and popular public areas where players can battle with each other. Why doesn't the security industry develop a similar technology to track and hunt for cybersecurity threats and adversaries?To read this article in full or to leave a comment, please click here | |||
|
2016-08-09 00:05:00 | BrandPost: The Early Adopter\'s Guide to Securing the Software-Defined Data Center (lien direct) | With Gartner estimating that more than 85% of data center workloads are now virtualized, it's clear that the age of the software defined data center (SDDC) is upon us. The next steps in the evolution toward SDDC will be moving other traditionally hardware-bound functions like networking and storage into a full “as-a-service†model, so that applications and workloads can be flexibly provisioned and resourced in both private and public cloud environments.There are many IT and business advantages to infrastructure virtualization, including: More flexible and fluid allocation of existing resources Faster deployment of new resources Lower failure rates Higher availability Hardware and processing workloads can be managed independently Given these benefits, it's not surprising that one study predicts the SDDC market will grow at a compound annual rate of 28.8% over the next four years to surpass $77 billion in 2020.To read this article in full or to leave a comment, please click here | |||
|
2016-08-09 00:00:00 | IDG Contributor Network: Mobile pharming – same attacks – different seeds (lien direct) | I recently wrote a blog on mobile phishing titled: Mobile phishing – same attacks – different hooks. There was so much feedback that I've decided to a write a few more posts around mobile security differences. Since I've already talked about phishing, let's take a closer look at pharming.Like phishing, pharming has been around for a long time and also like phishing, that's because it simply works. In the most general sense, pharming works by having a victim's web traffic redirected to a fake, malicious site. This can happen via a compromise on the victim's system that redirects their system's traffic or another mechanism like a compromised DNS server (DNS Spoofing or DNS Cache Poisoning) that redirects many systems to fake, malicious sites.To read this article in full or to leave a comment, please click here |
To see everything:
Our RSS (filtrered)
