What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2017-03-10 07:18:00 | IDG Contributor Network: Well-funded doesn\'t mean well-secured (lien direct) | Three of my four children are of school-going age. When they arrive home in the afternoon, the youngest usually makes a dash for the games console, the middle one is tired to the point of being miserable, and the eldest announces herself loudly, wanting to share every detail from her day with anyone who will lend an ear. The only thing they all seem to have in common is that they are hungry and want dinner.RELATED: What IT admins love/hate about 8 top network monitoring tools While I'm the type of parent who makes the children fish-finger sandwiches and declares them fed, my wife prefers to serve a lavish five-course meal. In the past, she would often customize meals to meet each child's individual taste and preference. After a while, I had to put a stop to it.To read this article in full or to leave a comment, please click here | |||
|
2017-03-10 05:34:00 | Google tries to beat AWS at cloud security (lien direct) | Google knows that if enterprises are going to move their critical services to its cloud, then it has to offer something that AWS doesn't. At Google Cloud Next, the company's leadership made the case that Google Cloud was the most secure cloud.At the conference this week, Google unveiled tools that would let IT teams provide granular access to applications, better manage encryption keys, and enforce stronger authentication mechanisms for applications running on Google Cloud. While Google is just playing catch-up to Amazon with the Key Management System for GCP, it is stepping into uncharted territory with Data Leak Prevention API by giving administrators tools that go beyond the infrastructure to protect individual applications. Google is tackling the identity access management challenge differently from Amazon, and it will be up to enterprises to decide which approach they prefer.To read this article in full or to leave a comment, please click here | Guideline | ||
|
2017-03-10 05:33:00 | Newer car tech opens doors to CIA attacks (lien direct) | The revelation through Wikileaks that the CIA has explored hacking vehicle computer control systems should concern consumers, particularly as more and more cars and trucks roll off assembly lines with autonomous features."I think it's a legitimate concern considering all of the computers being added to cars," said Kit Walsh, a staff attorney with the privacy group Electronic Frontier Foundation (EFF). "There's no reason the CIA or other intelligence agencies or bad actors couldn't use those vulnerabilities to hurt people.To read this article in full or to leave a comment, please click here | |||
|
2017-03-10 05:32:00 | Danes targeted by malware spread through Dropbox (lien direct) | Earlier this week, Danish-speaking users were hit by malware spread through Dropbox, but the company responded quickly to shut down the attack. According to a research report by AppRiver, the attack hit Denmark, Germany, and several surrounding Scandinavian countries on Wednesday morning. The attack was unusual in that it narrowly targeted a specific audience, said Troy Gill, security analyst at AppRiver. "Somehow, they found this language-based list of email addresses," he said. "I'm not sure where they gathered it."To read this article in full or to leave a comment, please click here | |||
|
2017-03-10 03:00:00 | Protecting the enterprise against mobile threats (lien direct) | Mobile devices have transformed the digital enterprise allowing employees to access the information they need to be most productive from virtually anywhere. Has that convenience come at a cost to enterprise security, though? According to Forrester's The State of Enterprise Mobile Security: 2016 to 2017, by Chris Sherman, "Employees are going to continue to purchase and use whatever devices and apps they need to serve customers and be highly productive, whether or not these devices are company-sanctioned."To read this article in full or to leave a comment, please click here | |||
|
2017-03-09 19:06:47 | WikiLeaks will share CIA hacking details with companies, but can they use it? (lien direct) | WikiLeaks plans to share details about what it says are CIA hacking tools with the tech companies so that software fixes can be developed.But will software companies want it?The information WikiLeaks plans to share comes from 8,700-plus documents it says were stolen from an internal CIA server. If the data is classified -- and it almost certainly is -- possessing it would be a crime.That was underlined on Thursday by White House press secretary Sean Spicer, who advised tech vendors to consider the legal consequences of receiving documents from WikiLeaks.To read this article in full or to leave a comment, please click here | |||
|
2017-03-09 14:59:00 | The CIA should help vendors patch the flaws it was exploiting (lien direct) | The CIA exploits exposed this week reveal that the agency does hacking just like criminals do, including buying exploits from black-hat researchers who sell their wares on the dark web.It's also a demonstration of bad security on the part of the CIA, which apparently entrusted the entire portfolio to both agency employees and contractors, one of whom turned out not to be trustworthy and passed them on to Wikileaks.A criminal investigation into who that was is underway so the CIA is rightfully busy with that, but it should try to find time to help out the vendors whose gear was exploited patch the flaws quickly. Before the leak, these attacks were not widely known. But now that they are, they have little value to the CIA anymore, so the CIA should help shore up the vulnerabilities.To read this article in full or to leave a comment, please click here | |||
|
2017-03-09 13:38:00 | How to achieve security via whitelisting with Docker containers  (lien direct) | This column is available in a weekly newsletter called IT Best Practices.  Click here to subscribe.  Docker containers have become an important means for organizations to build and run applications in the cloud. There's a lot of flexibility with containers, as they can be deployed on top of any bare-metal server, virtual machine, or platform-as-as-service (PaaS) environment. Developers have embraced Docker containers on public clouds because they don't need help from an IT operations team to spin them up.A software container is simply a thin package of an application and the libraries that support the application, making it easy to move a container from one operating system to another. This makes it possible for a developer to build an application and then take all the source code and supporting files and basically create something like a zip file so the container can be deployed just about anywhere. It contains everything the application needs to run, including code, runtime, system tools and system libraries.To read this article in full or to leave a comment, please click here | |||
|
2017-03-09 13:32:26 | After CIA leak, Intel Security releases detection tool for EFI rootkits (lien direct) | Intel Security has released a tool that allows users to check if their computer's low-level system firmware has been modified and contains unauthorized code.The release comes after CIA documents leaked Tuesday revealed that the agency has developed EFI (Extensible Firmware Interface) rootkits for Apple's Macbooks. A rootkit is a malicious program that runs with high privileges -- typically in the kernel -- and hides the existence of other malicious components and activities.The documents from CIA's Embedded Development Branch (EDB) mention an OS X "implant" called DerStarke that includes a kernel code injection module dubbed Bokor and an EFI persistence module called DarkMatter.To read this article in full or to leave a comment, please click here | |||
|
2017-03-09 12:22:00 | After WikiLeaks\' CIA dump, China tells U.S. to stop spying (lien direct) | China today asked the U.S. government to stop spying on it, China's first reaction to WikiLeaks' disclosure of a trove of CIA documents that alleged the agency was able to hack smartphones, personal computers, routers and other digital devices worldwide."We urge the U.S. to stop listening in, monitoring, stealing secrets and [conducting] cyber-attacks against China and other countries," said Geng Shuang, a Foreign Ministry spokesman said today in a Beijing press briefing.Geng also said that China would protect its own networks, was willing to work with others toward what he called "orderly cyberspace," and repeated his government's stock denunciation of hacking.To read this article in full or to leave a comment, please click here | |||
|
2017-03-09 12:03:00 | After the WikiLeaks dump: Do nothing (lien direct) | You heard it here first. Don't do a damn thing in response to the WikiLeaks dump that you're not already doing. Don't sit still, be vigilant, keep your eye on the targets. Because this isn't news.What? Not news?!?No. Between the three-letter agencies, if they want you, they have you. They'll find a way. It's a matter of time. But they're largely ahead of the ne'er-do-wells. You should expect this.+ Also on Network World:Â Apple, Cisco, Microsoft and Samsung react to CIA targeting their products + If hardware and device makers gasp that their stuff is crackable, it's only time to snicker. Nothing is foolproof because 1) fools are so ingenious and 2) with a big enough hammer you can crack anything. Even you. You are not impregnable. It's a matter of degree-and if you can detect the breach quickly.To read this article in full or to leave a comment, please click here | |||
|
2017-03-09 08:03:00 | Assange: CIA had lost control of its cyberweapon documents (lien direct) | Information about purported CIA cyberattacks was "passed around" among members of the U.S. intelligence community and contractors before it was published by WikiLeaks this week, Julian Assange says.The CIA "lost control of its entire cyberweapons arsenal," the WikiLeaks editor in chief said during a press conference Thursday. "This is a historic act of devastating incompetence, to have created such an arsenal and stored all in one place and not secured it."Assange declined to name the source who gave the information to WikiLeaks, but he seemed to suggest the 8,700-plus documents, purportedly from an isolated CIA server, came from an insider source.To read this article in full or to leave a comment, please click here | |||
|
2017-03-09 07:13:00 | IDG Contributor Network: Basic training: Cybersecurity lessons inspired by an opportunistic developer (lien direct) | Today, not only do we see a significant increase in the number of cyber attacks, but by design the incidents are also more fearless and larger in their scale and impact to the business. According to Cisco, the frequency of distributed denial of service (DDoS) attacks has increased more than 2.5 times since 2013, with the current average DDoS attack large enough to take many organizations completely offline.RELATED: Machine learning offers new hope against cyber attacks Most businesses have cybersecurity initiatives, but how can we be sure the policies and people are keeping pace with the threats that are becoming more dynamic as technology progresses? TechRepublic reported that an estimated 90 million cyber attacks occurred in 2016, which means 400 attacks every minute. As data travels through a virtual ecosystem, security must extend beyond the device itself. To read this article in full or to leave a comment, please click here | |||
|
2017-03-09 06:02:00 | IBM technology moves even closer to human speech recognition parity (lien direct) | IBM this week said its speech recognition system set an industry record of 5.5% word error rate, a percentage that lets a computer understand human conversation almost as well as the average person does.According to IBM human parity was considered a 5.9% word error rate but IBM who partnered with Appen, a speech and technology service provider, reassessed the industry benchmark and determined that human parity is lower than what anyone has yet achieved: 5.1%.+More on Network World: Gartner: Artificial intelligence, algorithms and smart software at the heart of big network changes+To read this article in full or to leave a comment, please click here | |||
|
2017-03-09 05:25:00 | Profiling 10 types of hackers (lien direct) | Different shapes and sizes Image by ThinkstockHackers, like the attacks they perpetrate, come in many forms, with motivations that range from monetary to political to ethical. Understanding the different types of hackers that exist and what motivates them can help you to identify the attackers you are most susceptible to and properly defend yourself and your organization against cyberattacks. Travis Farral, director of security strategy at Anomali, outlines the top 10 types of hackers you should have on your radar.To read this article in full or to leave a comment, please click here |
|||
|
2017-03-09 05:24:00 | Bots: Biggest player on the cybercrime block (lien direct) | In the world of cybercrime, ransomware and DDoS attacks had the highest profile by far during the past year. There was an entire day devoted to a ransomware “summit†at the recent RSA conference in San Francisco.But when it comes to money being lost (and made), bot fraud is king – by a lot.Most estimates of losses in the US from ransomware during 2016 were in the $1 billion range. By contrast, a study published in January 2016 by White Ops and the Association of National Advertisers (ANA) titled “Bot Baseline: Fraud in Digital Advertising,†estimated global losses in 2016 would be $7.2 billion.To read this article in full or to leave a comment, please click here | |||
|
2017-03-09 05:20:00 | Darktrace finds more attacks, cuts response time, saves money for Blackhawk Network (lien direct) | Blackhawk Network, a $1.9 billion multinational in the prepaid-card industry, was undergoing a consolidation of its security architecture in an effort to give better visibility into threats as they unfolded and that would also adapt to the threat environment as attackers changed their strategies. That included hiring a new head of cyber defense, Vari Bindra, in December of 2015, who wanted to create a central security operations center and consolidate the company's varied data centers down to just two. As he set out on that mission, he came across the Enterprise Immune System made by Darktrace that uses machine learning to detect threats, including those it has never seen before.To read this article in full or to leave a comment, please click here | |||
|
2017-03-09 03:53:29 | Hackers exploit Apache Struts vulnerability to compromise corporate web servers (lien direct) | Attackers are widely exploiting a recently patched vulnerability in Apache Struts that allows them to remotely execute malicious code on web servers.Apache Struts is an open-source web development framework for Java web applications. It's widely used to build corporate websites in sectors including education, government, financial services, retail and media.On Monday, the Apache Struts developers fixed a high-impact vulnerability in the framework's Jakarta Multipart parser. Hours later, an exploit for the flaw appeared on Chinese-language websites and this was almost immediately followed by real-world attacks, according to researchers from Cisco Systems.To read this article in full or to leave a comment, please click here | |||
|
2017-03-08 18:37:42 | WikiLeaks looks at helping tech vendors disarm CIA hacking tools (lien direct) | WikiLeaks has attracted plenty of haters over its controversial disclosures. But the site may be in a unique position to help tech vendors better secure their products.That's because WikiLeaks has published secret hacking tools allegedly taken from the CIA, which appear to target smartphones, smart TVs and PCs.Companies including Apple and Cisco have been looking through the stolen documents to address any vulnerabilities the CIA may have exploited. However, WikiLeaks might be able to speed up and expand the whole process.To read this article in full or to leave a comment, please click here | |||
|
2017-03-08 13:49:00 | Apple has already fixed most of the iOS exploits the CIA used (lien direct) | WikiLeaks is back at it again, this time with more than 8,700 leaked documents apparently from inside the CIA's Center for Cyber Intelligence. According to those documents, the CIA had knowledge of zero-day exploits it could use to hack iPhones. But Apple said many of those bugs have already been patched with the latest version of iOS.The WikiLeaks documents didn't include details of the bugs or whether the CIA has actually used them, so it's unclear if or how Apple knows the exploits have been patched. But the company released a statement to multiple media outlets following the WikiLeaks dump on Tuesday: “Apple is deeply committed to safeguarding our customers' privacy and security. The technology built into today's iPhone represents the best data security available to consumers, and we're constantly working to keep it that way. Our products and software are designed to quickly get security updates into the hands of our customers, with nearly 80 percent of users running the latest version of our operating system. While our initial analysis indicates that many of the issues leaked today were already patched in the latest OS, we will continue work to rapidly address any identified vulnerabilities. We always urge customers to download the latest iOS to make sure they have the most recent security updates.â€To read this article in full or to leave a comment, please click here | |||
|
2017-03-08 12:51:51 | Security holes in Confide messaging app exposed user details (lien direct) | Confide, a messaging app reportedly used by U.S. White House staff, apparently had several security holes that made it easier to hack.Security consultancy IOActive found the vulnerabilities in Confide, which promotes itself as an app that offers “military-grade†end-to-end encryption.But despite its marketing, the app contained glaring problems with securing user account information, IOActive said in a Wednesday post.The consultancy noticed it could access records for 7,000 Confide users by exploiting vulnerabilities in the app's account management system. Part of the problem resided with Confide's API, which could be used to reveal data on user's phone numbers and email addresses.To read this article in full or to leave a comment, please click here | |||
|
2017-03-08 11:39:00 | Leaked docs suggest NSA and CIA behind Equation cyberespionage group (lien direct) | Purported CIA documents leaked Tuesday appear to confirm that the U.S. National Security Agency and one of CIA's own divisions were responsible for the malware tools and operations attributed to a group that security researchers have dubbed the Equation. The Equation's cyberespionage activities were documented in February 2015 by researchers from antivirus vendor Kaspersky Lab. It is widely considered to be the most advanced cyberespionage group in the world based on the sophistication of its tools and the length of its operations, some possibly dating as far back as 1996.To read this article in full or to leave a comment, please click here | |||
|
2017-03-08 10:13:00 | Fears of election hacking spread in Europe (lien direct) | France has followed the Netherlands in placing its faith in paper-based voting systems ahead of key elections later this year, following allegations that Russian hackers influenced last year's U.S. presidential election. The French government will not allow internet voting in legislative elections to be held in June because of the "extremely elevated threat of cyberattacks." The move follows a recommendation from the French Network and Information Security Agency (ANSSI), it said Monday. The move will only affect 11 of the 577 electoral districts voting, those representing French citizens living outside their home country. These expatriates had previously been allowed to vote over the internet in some elections because the alternative was to require some of them to travel vast distances to the nearest embassy or consulate with a ballot box.To read this article in full or to leave a comment, please click here | |||
|
2017-03-08 10:02:00 | Cisco Talos warns of new Cryptolocker ransomware campaigns (lien direct) | A number of reports are warning businesses and consumers alike that a new round of ransomware based on the infamous Cryptolocker (aka TorrentLocker or Teerac) code is making the rounds.Today Cisco Talos wrote: “Crypt0l0cker has gone through a long evolution, the adversaries are updating and improving the malware on a regular basis. Several indicators inside the samples we have analyzed point to a new major version of the malware. We have already seen large campaigns targeting Europe and other parts of the world in 2014 and 2015. It seems to be that the actors behind these campaigns are back now and launching again massive spam attacks.â€To read this article in full or to leave a comment, please click here | |||
|
2017-03-08 09:49:00 | Comey: Strong encryption “shatters†privacy-security bargain (lien direct) | FBI Director James Comey told a Boston audience this morning that “ubiquitous strong encryption†– the kind now available on most smartphones and other digital devices – is threatening to undermine the “bargain†that he said has balanced privacy and security in the US since its founding. Actually, he went further, declaring that such default encryption “shatters†the bargain. “This is a big deal, and I urge you to continue to engage in a hard conversation about it. I love privacy, but I also love the bargain,†he said, noting that the FBI's inability to crack encrypted devices means the investigative “room†where the agency works is increasingly growing dark, and therefore undermining security.To read this article in full or to leave a comment, please click here | |||
|
2017-03-08 08:48:00 | Juniper product development chief resigns, company resets engineering makeup (lien direct) | Juniper is reshaping some of its top executive roles as Jonathan Davidson, executive VP and general manager of the firm's Development and Innovation group resigned from the company.Davidson, a former Cisco executive in charge products such as the Cisco 7200 and Enterprise ASR 1000 product management team joined Juniper in 2010 to lead the company's Security, Switching and Solutions Business Unit. He ultimately became executive vice president and general manager of the Juniper Development and Innovation group, where he replaced Rami Rahim who is now the company's CEO.To read this article in full or to leave a comment, please click here | Guideline | ||
|
2017-03-08 06:46:00 | Third-party releases \'nano-patch\' for Microsoft zero day bug (lien direct) | The delay in last month's Patch Tuesday fixes has caused considerable angst given there were several known problems, including two disclosed by Google.Microsoft is on track, as far as we know, for a patch release next week, but one company isn't waiting. It has issued its own fix for a minor bug.A U.K. security company called ACROS Security has released what they call their first "nano-patch" for CVE-2017-0038, a bug in EMF image format parsing logic that does not adequately check image dimensions specified in the image file being parsed against the amount of pixels in the file.If image dimensions are large enough, the parser is tricked into reading memory contents beyond the memory-mapped EMF file being parsed. An attacker could use this vulnerability to steal sensitive data in memory or as an aid in other exploits when ASLR needs to be defeated.To read this article in full or to leave a comment, please click here | |||
|
2017-03-08 06:22:00 | Apple, Cisco, Microsoft and Samsung react to CIA targeting their products (lien direct) | From the trove of CIA documents dumped by WikiLeaks, we've heard a lot about attacks the agency could pull off against TVs and smartphones. Some of companies with targeted products have issued their initial responses.October 2014 notes discuss the CIA's Embedded Devices Branch (EDB) and what it should target. For the “really non-technical,†the CIA would define “embedded systems†as “The Things in the Internet of Things.†But the fact that the CIA intended to exploit IoT should not surprise anyone, considering that in 2012, then-CIA Director David Petraeus said the CIA “cannot wait to spy on you†through your smart internet-connected devices.To read this article in full or to leave a comment, please click here | |||
|
2017-03-08 05:29:16 | CIA false flag team repurposed Shamoon data wiper, other malware (lien direct) | The U.S. Central Intelligence Agency documents published by WikiLeaks Tuesday shows that one of the agency's teams specializes in reusing bits of code and techniques from public malware samples.According to the leaked documents the Umbrage team is part of the Remote Development Branch under the CIA's Center for Cyber Intelligence. It maintains a library of techniques borrowed from in-the-wild malware that could be integrated into its own projects.To read this article in full or to leave a comment, please click here | |||
|
2017-03-08 05:14:00 | What\'s the value in attack attribution? (lien direct) | For those who pursue forensic analysis with the hope of identifying and prosecuting an attacker, they likely will find that the time spent on attack attribution is fruitless.If, however, they are looking to use what they gain through attack attribution to inform their overall security procedures from prevention to response, the effort yields valuable results.Many experts in the industry have questioned whether there is any value to attribution. SafeBreach CTO & co-founder Itzik Kotler said, "The only interesting aspect in attribution itself is to classify and put information in a box and use it over and over again."Kolter offered a hypothetical in which right now CNN gets hacked by the Chinese. "That someone can or cannot attribute it to the Chinese doesn't matter. It does matter if we can say we think this is from China," Kolter said.To read this article in full or to leave a comment, please click here | |||
|
2017-03-08 03:45:00 | Consumer Reports decision to rate cybersecurity is a huge deal (lien direct) | Conventional wisdom has it that most consumers simply don't pay much attention to computer security and privacy issues. Perhaps worse, they don't think they can do much to protect themselves without foregoing many of the benefits of our digital, connected age. Consumer Reports is trying to change both of those things. Consumer Reports' new cybersecurity standard The influential publication and public-interest organization announced on Monday that it has collaborated on a digital consumer-protection standard designed to define “how companies should build these products to really be good for consumers in terms of privacy and other issues,†said Maria Rerecich, who directs electronics testing at Consumer Reports, in a statement. To read this article in full or to leave a comment, please click here | |||
|
2017-03-08 00:07:34 | US senator probes into CloudPets smart toy hack (lien direct) | A U.S. senator is probing reports of a breach of data from smart toys from Spiral Toys, writing to the company's CEO a letter with ten questions about the issue, including about the company's security practices.Bill Nelson, a Florida Democrat, wrote in a letter Tuesday to CEO Mark Meyers that the breach raises serious questions concerning how well the company protects the information it collects, particularly from children.Nelson also said that the incident raises questions about the vendor's compliance with the Children's Online Privacy Protection Act that requires covered companies to have reasonable procedures to protect the confidentiality, security and integrity of personal information collected from children.To read this article in full or to leave a comment, please click here | |||
|
2017-03-07 22:55:38 | US Senate resolution aims to roll back privacy rules for ISPs (lien direct) | A resolution introduced in the U.S. Senate on Tuesday aims to roll back privacy rules for broadband service providers that were approved by the Federal Communications Commission in October.The rules include the requirement that internet service providers like Comcast, AT&T, and Verizon should obtain "opt-in" consent from consumers to use and share sensitive personal information such as geolocation and web browsing history, and also give customers the option to opt out from the sharing of non-sensitive information such as email addresses or service tier information.The rules have been opposed by internet service providers who argue that they are being treated differently from other Internet entities like search engines and social networking companies.To read this article in full or to leave a comment, please click here | |||
|
2017-03-07 18:15:47 | CIA-made malware? Now antivirus vendors can find out (lien direct) | Thanks to WikiLeaks, antivirus vendors will soon be able to figure out if you have been hacked by the CIA. On Tuesday, WikiLeaks dumped a trove of 8,700 documents that allegedly detail the CIA's secret hacking operations, including spying tools designed for mobile phones, PCs and smart TVs. WikiLeaks has redacted the actual source code from the files to prevent the distribution of cyber weapons, it said. Nevertheless, the document dump -- if real -- still exposes some of the techniques that the CIA has allegedly been using.To read this article in full or to leave a comment, please click here | |||
|
2017-03-07 14:58:00 | Extreme grabs Avaya\'s networking business for $100M (lien direct) | Extreme Networks continued to expand its enterprise networking portfolio today buying up the network technology of Avaya Holdings– which is in Chapter 11 bankruptcy -- for $100 million. Extreme's Ed Meyercord, President and CEO said he expects the deal will broaden the company's software and strengthen its presence in vertical markets such as healthcare and manufacturing. Norman Rice, an executive vice president with Extreme added that some of Avaya's strengths included its networking fabric and Network Micro-Segmentation technology that helps customers secure enterprise components. +More on Network World: Avaya wants out of S.F. stadium suite, not too impressed with 49ers on field performance either+ To read this article in full or to leave a comment, please click here | |||
|
2017-03-07 14:12:00 | Wikileaks\' dump of CIA exploits exposes enterprises to new risks (lien direct) | Corporations concerned about the release of thousands of CIA documents detailing hacks against Apple iOS and Mac OSX, Google's Android, Microsoft's Windows, Linux and Solaris need to conduct a fresh round of risk assessment that takes the new revelations into account.While the trove of leaked data – known as Vault 7 – doesn't include code for actual exploits, it does describe the types of vulnerabilities they take advantage of, which can still be of value to both defenders and potential attackers, says John Pironti, president of IP Architects, a security risk consulting firm.To read this article in full or to leave a comment, please click here | |||
|
2017-03-07 10:00:00 | Why email is safer in Office 365 than on your Exchange server (lien direct) | Running your own email servers doesn't do anything to differentiate your business from the competition (except in a bad way, if you get hacked). But avoiding the effort of managing and monitoring your own mail server isn't the only advantage of a cloud service. The scale of a cloud mail provider like Office 365 means that malware and phishing attacks are easier to spot - and the protections extend beyond your inbox.Email protection isn't just about blocking spam anymore. It's about blocking malicious messages aimed at infecting computers and stealing credentials. Traditional antivirus scanning isn't the solution either, because attachments aren't just executable files you can recognize with a signature. Often, scammers use JavaScript and macros (including PowerShell) to trigger a secondary download with the malicious payload. And embedded links often go to legitimate but compromised sites, so you also can't rely on site reputation.To read this article in full or to leave a comment, please click here | |||
|
2017-03-07 09:58:00 | Honeypot catches social engineering scams on social media (lien direct) | Say you just got laid off from your job. Bills are piling up and the pressure to get a new job quickly is building. Your desperation has you taking chances you wouldn't normally take, such as clicking on a link to a job offer - even if something about it doesn't quite look right.Research firm ZeroFOX has found that unless a company has a verified recruiting account, it can be difficult for an applicant to decipher a legitimate account from an impersonator. One way to spot an impersonator is that they commonly provide Gmail, Yahoo, and other free email provider addresses through which applicants can inquire about a job and send their resumes (more advanced scammers can spoof company email domains). Some also include links to official job sites and LinkedIn for follow-up. In most cases, the impersonator uses the company logo to portray themselves as an official recruiter for the company. To read this article in full or to leave a comment, please click here | Yahoo | ||
|
2017-03-07 08:01:16 | WikiLeaks\' CIA document dump shows agency can compromise Android, TVs (lien direct) | WikiLeaks has released more than 8,700 documents it says come from the CIA's Center for Cyber Intelligence, with some of the leaks saying the agency had 24 "weaponized" and previously undisclosed exploits for the Android operating system as of 2016.Some of the Android exploits were developed by the CIA, while others came from the U.S. National Security Agency, U.K. intelligence agency GCHQ, and cyber arms dealers, according to the trove of documents released Tuesday. Some smartphone attacks developed by the CIA allow the agency to bypass the encryption in WhatsApp, Confide, and other apps by collecting audio and message traffic before encryption is applied, according to the WikiLeaks analysis.To read this article in full or to leave a comment, please click here | |||
|
2017-03-07 07:40:00 | Android gets patches for critical OpenSSL, media server and kernel driver flaws (lien direct) | A five-month-old flaw in Android's SSL cryptographic libraries is among the 35 critical vulnerabilities Google fixed in its March security patches for the mobile OS.The first set of patches, known as patch level 2017-03-01, is common to all patched phones and contains fixes for 36 vulnerabilities, 11 of which are rated critical and 15 high. Android vulnerabilities rated critical are those that can be exploited to execute malicious code in the context of a privileged process or the kernel, potentially leading to a full device compromise.One of the patched vulnerabilities is located in the OpenSSL cryptographic library and also affects Google's newer BoringSSL library, which is based on OpenSSL. What's interesting is that the flaw, identified as CVE-2016-2182, was patched in OpenSSL back in September. It can be exploited by forcing the library to process an overly large certificate or certificate revocation list from an untrusted source.To read this article in full or to leave a comment, please click here | Guideline | ||
|
2017-03-07 07:08:00 | Cybersecurity skills shortage holding steady (lien direct) | The cybersecurity skills shortage is nothing new-I've been writing about it for years, as have other analysts and researchers. I've also done countless presentations on this topic. Here's a video where I'm interviewed on the cybersecurity skills shortage at the RSA Conference a few years ago. I also presented on this topic at the RSA Conference that same year. RELATED: Akamai CSO takes a creative approach to finding security pros I keep writing about the cybersecurity skills shortage for one consistent and troubling reason: It ain't getting any better. Here's a few data points to back up this claim: To read this article in full or to leave a comment, please click here | |||
|
2017-03-07 07:04:00 | BBC warns Facebook about child porn posts, Facebook reports BBC to cops (lien direct) | The BBC found itself in the no-good-deed-goes-unpunished category thanks to Facebook. Granted, the BBC was investigating for an article to see if Facebook had improved its system for removing child porn from the site after such images are reported. But trying to help “clean up†Facebook should not be rewarded by the social network reporting you to the police.Using Facebook's “report button,†BBC journalists reported 100 images that should not be allowed on the platform according to Facebook's guidelines that claim “nudity or other sexually suggestive content†is not permitted on the site. The images included a still from a child porn video, under-16s in sexual poses and others along the same vein. Of those, only 18 were initially removed. The other 82, Facebook said, did not violate “community standards.â€To read this article in full or to leave a comment, please click here | |||
|
2017-03-07 04:10:00 | Ransomware picks off broader targets with greater severity (lien direct) | If you thought it was bad when the FBI reported last year that ransomware was on the rise, you should read the forecasts for this year. According to SonicWall's most recent Annual Threat Report, “ransomware attacks grew 167 times since 2015, from 3.8 million in 2015 to 638 million in 2016.â€This year, TrendMicro sees a 25-percent growth in the number of new ransomware families available for use in breaches. Reports of the encroachment of ransomware on government, law enforcement, critical infrastructure, and health and safety are already climbing.To read this article in full or to leave a comment, please click here | |||
|
2017-03-07 04:06:00 | 7 tips to strengthen online security (lien direct) | Seeing the light Image by PexelsA lightbulb. We can connect a lightbulb in our house to the internet in case we need to turn the lights on or off while we're away – or if we're too lazy to walk to the light switch. The more lightbulbs, devices, apps and online services we use and connect with on a daily basis, the more we expose ourselves to security risks. This is the nature of how our digital lives have evolved and it requires more active participation as individuals to protect ourselves and minimize exposure.To read this article in full or to leave a comment, please click here |
|||
|
2017-03-06 15:54:31 | Consumers are wary of smart homes that know too much (lien direct) | Nearly two-thirds of consumers are worried about home IoT devices listening in on their conversations, according to a Gartner survey released Monday.Those jitters aren't too surprising after recent news items about TV announcers inadvertently activating viewers' Amazon Echos, or about data from digital assistants being used as evidence in criminal trials. But privacy concerns are just one hurdle smart homes still have to overcome, according to the survey.To read this article in full or to leave a comment, please click here | |||
|
2017-03-06 12:15:00 | Researchers link Middle East attacks to new victim in Europe (lien direct) | Kaspersky Labs announced new research this morning that shows some links between the massive Shamoon attack that took down 35,000 computers in Saudi Arabia to a new attack against a target in Europe.The Shamoon attack, which occurred in 2012, was followed by a series of related against against Gulf States earlier this year. The attacks were widely attributed to Iran.The new malware, called StoneDrill, is, like Shamoon, a wiper -- it destroys all the data on a computer.To read this article in full or to leave a comment, please click here | |||
|
2017-03-06 12:10:00 | IDG Contributor Network: 7 ways to improve your Joomla security (lien direct) | Joomla has exploded in popularity as an open-source website creation tool for individuals, small and medium-sized businesses, enterprises, and developers. It has been downloaded 78 million times and currently powers millions of websites.Joomla websites have not been entirely unaffected by the cyber crime problems that have plagued content management systems (CMSs) and the internet in general. A wave of fake jQuery attacks hit Joomla and WordPress sites in 2015 and 2016, affecting over 4.5 million sites.To read this article in full or to leave a comment, please click here | |||
|
2017-03-06 12:06:45 | Consumer Reports to grade tech products on security, privacy (lien direct) | Consumer Reports, a major source for gadget and appliance reviews in the U.S., plans to start rating products on data security and privacy.On Monday, the non-profit publication unveiled a set of new testing standards it hopes will push the tech industry to create safer products."The goal is to help consumers understand which digital products do the most to protect their privacy and security, and give them the most control over their personal data," the publication said.Already, cybersecurity experts are constantly finding new tech products, whether they be cars or smart teddy bears, that are often poorly secured and easy to hack.  To read this article in full or to leave a comment, please click here | Tesla | ||
|
2017-03-06 11:31:00 | IDG Contributor Network: Robots are malfunctioning, hurting people (lien direct) | A mounting list of robot-related accidents has experts questioning whether the devices will be prone to more dangerous malfunctions or even programmed attacks.Notable mishaps that have been documented include a robotic security guard knocking over a child at a California shopping mall, a demonstration robot smashing a window at a Chinese conference-it caused a bystander to get injured, and 144 deaths in the United States caused by robotic surgery. All this according to security firm IOActive.+ Also on Network World: How secure are home robots? + These incidents “clearly demonstrate the serious potential consequences of robot malfunctions,†the consultancy says in a white paper it recently published about existing robot security (PDF).To read this article in full or to leave a comment, please click here | |||
|
2017-03-06 09:54:00 | Microsoft paying a bug bounty of $30,000 (lien direct) | First off, I have to issue something of a correction regarding last week's blog post on Intel price cuts. As it turns out, I have been informed that Intel didn't cut the prices, Micro Center cut them as a loss leader, something it frequently does. It doesn't change the bargain prices, just the motivation. So, I wanted to set the record straight on that. Onward. Microsoft is looking for a few good bugs. And people who will keep it quiet. OK, so I have no evidence of direct causality, but it seems convenient. Over the past few weeks, Google has embarrassed Microsoft twice by publicly disclosing security vulnerabilities in Windows 10 that still have not been patched after 90 days. Google has no mercy with its Zero Day disclosures and plays no favorites. Any company that does not fix a bug by 90 days after Google informs them of it will be hung out to dry. To read this article in full or to leave a comment, please click here | Guideline |
To see everything:
Our RSS (filtrered)
