What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2017-02-27 10:10:54 | SK Telecom pushes for interoperable quantum crypto systems (lien direct) | SK Telecom and Nokia have developed a prototype quantum cryptography system that combines the South Korean company's quantum key server with an encryption device from Nokia.The system, shown Monday at Mobile World Congress in Barcelona, was put together to demonstrate interoperability between the two vendors and comes as SK Telecom kicks off a push to get telecom carriers and equipment vendors working together on next-generation quantum-secured networks.Quantum cryptography involves the transmission of encryption keys across fiber optic networks. It relies on the principles of quantum mechanics to detect if an eavesdropper has viewed a key en route.To read this article in full or to leave a comment, please click here | |||
|
2017-02-27 09:59:00 | IDG Contributor Network: 5 ecommerce fraud predictions for 2017 (lien direct) | As the number of consumers turning to online shopping increases, the rise of online fraud is also rising.Those committing internet crimes are depriving their victims of either funds, interests, personal property and/or sensitive data. As the threat escalates, consumers and companies alike are seeking various methods to tackle the phenomenon.Ecommerce fraud has a long and controversial history. Thus, providing a forecast for the months ahead can help retailers adopt an adequate solution to confront the many challenges in 2017.1. Identity theft and friendly fraud The main threat will remain identity theft. Fraudsters will seek your personal information. Their main goal is to use a different identity and, for example, place an online order. Identity theft also includes a concept known as man-in-the-middle attacks where credit-card data is intercepted and copied as it is transferred online. To read this article in full or to leave a comment, please click here | |||
|
2017-02-27 09:00:02 | Cog Systems offers more secure version of HTC A9 smartphone (lien direct) | It sounds like a smartphone user's worst fear: Software that starts up before the phone's operating system, intercepting and encrypting every byte sent to or from the flash memory or the network interface. This is not some new kind of ransomware, though, this is the D4 Secure Platform from Cog Systems. The product grew out of custom security software the company developed for governments, and which it saw could also be put to use in the enterprise as a way to make smartphones more productive while still maintaining a high level of security. It includes a Type 1 hypervisor, a virtualized VPN and additional storage encryption that wrap the standard Android OS in additional layers of protection largely invisible to the end user.To read this article in full or to leave a comment, please click here | |||
|
2017-02-27 07:36:00 | Down the rabbit hole, part 7: How to limit personal data collection from city cameras (lien direct) | My home is my sanctuary. My computers (and handheld devices) all run free software systems that have been (fairly) tightly buttoned down and secured. My online documents, messaging and emails are handled either on my own servers or by companies dedicated to open source and security. Is my personal information 100 percent safe and unhackable? No, but it's pretty good. And it's about as good as I can get it without making significant sacrifices in the name of privacy. But eventually I need to leave my home. And that is where things get much more difficult. Let's talk, briefly, about the challenges faced when trying to maintain a certain level of personal privacy when traveling around your city. To read this article in full or to leave a comment, please click here | |||
|
2017-02-27 06:53:00 | Who should be on an insider risk team? (lien direct) | Left to chance, unless you happen to bump into someone leaving the building with a box full of documents, you might never catch an insider red-handed. That is where an insider risk team comes in - group of employees from various departments who have created policies that create a system to notice if those confidential items have left the building.“Insider risk is a real cybersecurity challenge. When a security professional or executive gets that call that there's suspicious activity - and it looks like it's someone on the inside who turned rogue - the organization needs to have the right policies and playbooks, technologies, and right team ready to go,†said Rinki Sethi, senior director of information security at Palo Alto Networks.To read this article in full or to leave a comment, please click here | |||
|
2017-02-27 06:51:00 | What should an insider risk policy cover? (lien direct) | Just before the holidays, a company was faced with cutting the pay of their contracted janitors. That didn't sit well with those employees.Threat actors saw an opportunity and pounced, convincing the possibly vengeful employees to turn on their employer. According to Verizon's recent breach report, the threat actors gave any agreeable janitor a USB drive to quietly stick into any networked computer at the company. It was later found, but the damage was done.What were the responsibilities of any employees who witnessed this act? A thorough insider risk policy would have spelled it out. Here, security experts provide their insights on what makes for a successful insider risk policy.To read this article in full or to leave a comment, please click here | |||
|
2017-02-27 06:35:00 | Russian cybersecurity expert charged with treason for sharing \'secrets\' with US firms (lien direct) | Remember when Ruslan Stoyanov, a top cybercrime investigator for Kaspersky Lab, was arrested and charged with treason? It is now being reported that the treason charges were for allegedly passing state secrets to Verisign and other US companies.An unnamed source told Reuters that the accusations of treason were first made in 2010 by Russian businessman and founder of the online payment firm ChronoPay, Pavel Vrublevsky. The December 2016 arrests of Stoyanov and two FSB officers, Sergei Mikhailov and Dmitry Dokuchayev, were in response to those 2010 claims that the men had passed secrets on to American companies.To read this article in full or to leave a comment, please click here | |||
|
2017-02-27 05:59:00 | Microsoft\'s anti-malware program still isn\'t very good (lien direct) | In spite of a recent effort to improve the performance and detection rates in Windows Defender, Microsoft's anti-malware tool is still not very good at its job. According to the latest tests, it's downright lousy. The latest round of tests performed by German institute AV-TEST, one of the most respected and regarded malware testing shops, show that Microsoft Security Essentials and Windows Malicious Software Removal Tool fared the poorest in removing an existing infection. AV-TEST conducted a lengthy, comprehensive test over a 12-month period to determine the best malware removal solutions for Windows 10. This involved 897 individual evaluations for each product, evaluating eight security suites. To read this article in full or to leave a comment, please click here | |||
|
2017-02-27 02:33:00 | (Déjà vu) New products of the week 2.27.17 (lien direct) | New products of the week Image by Transition NetworksOur roundup of intriguing new products. Read how to submit an entry to Network World's products of the week slideshow.ONLYOFFICE app for ownCloud Image by ascensioTo read this article in full or to leave a comment, please click here |
|||
|
2017-02-27 02:15:00 | Oldies but goodies make presence felt amid glitzy startups at RSAC (lien direct) | SAN FRANCISCO -- The sprawling show floor at this year's RSA Conference featured hundreds of shiny, new companies, from Acalvio to ZingBox. It seemed like every vendor in the hall managed to incorporate into its marketing pitches at least one of the 2017 hot buzzwords – Advanced Threat Protection, machine learning, AI, threat intelligence, IoT.But three of the original anti-virus vendors – Symantec, McAfee and Trend Micro – were out in full force at the show as well, scoffing at the unproven point products of the startups and touting their own reorganizations, renewed focus and broad product portfolios. According to Gartner, the Big 3 lead the way in endpoint security market share, with Symantec, at $3.6 billion in annual revenue, out front, McAfee second, followed by Trend Micro.To read this article in full or to leave a comment, please click here | Guideline | ||
|
2017-02-26 08:08:00 | Ransomware attacks targeted hundreds of MySQL databases (lien direct) | Hundreds of MySQL databases were hit in ransomware attacks, which were described as “an evolution of the MongoDB ransomware attacks;†in January, there were tens of thousands of MongoDB installs erased and replaced with ransom demands. In the new attacks, targeted MySQL databases are erased and replaced with a ransom demand for 0.2 bitcoin, which is currently equal to about $234.To read this article in full or to leave a comment, please click here | |||
|
2017-02-25 11:13:00 | The new BlackBerry has a physical keyboard and will arrive in April (lien direct) | The new BlackBerry KEYone smartphone, unveiled Saturday, is the first smartphone to carry the brand that doesn't come from BlackBerry. It will go on sale globally in April, said Nicolas Zibell, CEO of TCL Communication, the phone's manufacturer and licensee of the brand, at a launch event in Barcelona on the eve of Mobile World Congress. Like the BlackBerries of old, the KEYone has a physical keyboard with raised keys. A neat twist is that it also acts as a touchpad of sorts, and each letter can be used as a shortcut, with a short or long keypress, for 52 shortcuts in all.To read this article in full or to leave a comment, please click here | |||
|
2017-02-24 11:58:00 | I come to bury SHA1, not to praise it (lien direct) | Most cryptography is theoretical research. When it is no longer theoretical, in practice it can become a harmful exploit.Google and Dutch research institute CWI proved that the SHA1 hash method, first introduced 20 years ago, could produce a duplicate hash from different documents using a technique that consumed significant computational resources: 6,500 years of CPU computation to complete the attack first phase and 110 years of GPU computation to complete the second phase. The exercise was computationally intensive but proved it is within the realm of possibility, especially compared to a brute force attack that would require 12 million GPU compute years.To read this article in full or to leave a comment, please click here | |||
|
2017-02-24 10:44:56 | Google discloses unpatched IE vulnerability after Patch Tuesday delay (lien direct) | Google's Project Zero team has disclosed a potential arbitrary code execution vulnerability in Internet Explorer because Microsoft has not acted within Google's 90-day disclosure deadline.This is the second flaw in Microsoft products made public by Google Project Zero since the Redmond giant decided to skip this month's Patch Tuesday and postpone its previously planned security fixes until March.Microsoft blamed the unprecedented decision to push back scheduled security updates by a month on a "last minute issue" that could have had an impact on customers, but the company hasn't clarified the nature of the problem.To read this article in full or to leave a comment, please click here | |||
|
2017-02-24 10:43:55 | FCC puts the brakes on ISP privacy rules it just passed in October (lien direct) | The new chairman of the U.S. Federal Communications Commission will seek a stay on privacy rules for broadband providers that the agency just passed in October.FCC Chairman Ajit Pai will ask for either a full commission vote on the stay before parts of the rules take effect next Thursday or he will instruct FCC staff to delay part of the rules pending a commission vote, a spokesman said Friday.The rules, passed when the FCC had a Democratic majority, require broadband providers to receive opt-in customer permission to share sensitive personal information, including web-browsing history, geolocation, and financial details, with third parties. Without the stay, the opt-in requirements were scheduled to take effect next week.To read this article in full or to leave a comment, please click here | |||
|
2017-02-24 10:29:00 | Cisco unveils Hierarchy of Needs for the digital enterprise (lien direct) | The European edition of Cisco Live took place this week in Berlin, which is a fitting location given the amount of innovation happening in that city right now. If you ever find yourself in Berlin, be sure to check out Cisco's Open Berlin innovation center where inventive start-ups are building and showcasing solutions that run on Cisco technology. Innovation and digital transformation are linked together like Kirk and Spock. You can't have one without the other. At this week's event, Ruba Borno, Cisco vice president of growth initiatives and chief of staff for the office of the CEO, gave her first-ever keynote to a Cisco Live audience. Not surprisingly, she focused on digital transformation. However, unlike many keynotes I have seen, Borno didn't just talk about digitization at a high level. Instead she was more prescriptive and gave the audience a guide on how to proceed with making the shift to a digital enterprise. To read this article in full or to leave a comment, please click here | |||
|
2017-02-24 10:07:00 | Fraud rises as cybercriminals flock to online lenders (lien direct) | Cybercrime is becoming more automated, organized and networked than ever before, according to the ThreatMetrix Cybercrime Report: Q4 2016.Cybercriminals are increasingly targeting online lenders and emerging financial services, says Vanita Pandey, vice president of strategy and product marketing, ThreatMetrix.[ Related: 8 tips to defend against online financial fraud threats ]To read this article in full or to leave a comment, please click here | |||
|
2017-02-24 10:03:00 | Replace SHA-1. It\'s not that hard. (lien direct) | Now that SHA-1 has been broken it's time for enterprises that have ignored its potential weakness for years to finally act, and it's not that hard. The most common use of the hash function is in securing SSL and TLS connections, and to get rid of SHA-1 in that use is to utilize browsers and servers that don't support it. Depending on the size of an organization, this isn't onerous, says Paul Ducklin, a senior security advisor at Sophos. (See his excellent description of the problem with SHA-1 and other hashing algorithms.)To read this article in full or to leave a comment, please click here | |||
|
2017-02-24 08:47:36 | Cloudflare bug exposed passwords, other sensitive data from websites (lien direct) | For months, a bug in Cloudflare's content optimization systems exposed sensitive information sent by users to websites that use the company's content delivery network. The data included passwords, session cookies, authentication tokens and even private messages.Cloudflare acts as a reverse proxy for millions of websites, including those of major internet services and Fortune 500 companies, for which it provides security and content optimization services behind the scenes. As part of that process, the company's systems modify HTML pages as they pass through its servers in order to rewrite HTTP links to HTTPS, hide certain content from bots, obfuscate email addresses, enable Accelerated Mobile Pages (AMP) and more.To read this article in full or to leave a comment, please click here | |||
|
2017-02-24 06:03:00 | IDG Contributor Network: 3 security analytics approaches that don\'t work (but could) - Part 2 (lien direct) | A security analytics approach that exploits the unique strengths of Bayesian networks, machine learning and rules-based systems-while also compensating for or eliminating their individual weaknesses-leads to powerful solutions that are effective across a wide array of security missions. Despite the drawbacks of security analytics approaches I described in part 1 of this series, it's possible to build such solutions today, giving users a way to rapidly identify their highest-priority security threats at very large scale without being deluged with false-positive alerts or being forced to hire an army of extra analysts.To read this article in full or to leave a comment, please click here | Guideline | ||
|
2017-02-24 04:54:00 | Ransomware \'customer support\' chat reveals criminals\' ruthlessness (lien direct) | Ransomware criminals chatting up victims, offering to delay deadlines, showing how to obtain Bitcoin, dispensing the kind of customer support that consumers lust for from their cable and mobile plan providers, PC and software makers?What's not to love?Finnish security vendor F-Secure yesterday released 34 pages of transcripts from the group chat used by the crafters of the Spora ransomware family. The back-and-forth not only put a spotlight on the gang's customer support chops, but, said a company security advisor, illustrated the intertwining of Bitcoin and extortion malware.To read this article in full or to leave a comment, please click here | |||
|
2017-02-24 04:47:00 | The future of biometrics and IoT (lien direct) | Biometrics in use Image by ThinkstockBiometrics falls into the third category of security modalities: (1) what we have: e.g. key, RFID card or ID card; (2) what we know: e.g. password, PIN, challenge/response answers like mother's maiden name or first pet; and (3) what we are: e.g. biometrics, such as our fingerprint, face, iris, etc.To read this article in full or to leave a comment, please click here |
|||
|
2017-02-24 04:46:00 | Has fraud met its match? (lien direct) | Many prognosticators have pronounced privacy a pipe dream. With the mountains of personal information on social networks and the lack of security awareness by many users, cybercriminals have more than a snowball's chance to grab anyone's identity.However, there are new ideas for counteracting identity theft that would take into account a person's physical attributes to add another layer of security. The idea of using a fingerprint reader to log on to a smartphone isn't new, but the latest wrinkle is to incorporate the pressure with which that finger types on the phone.More than 41 million Americans have had their identities stolen, and millions more have had their personally identifiable information (PII) placed at risk through a data breach, according to a Bankrate.com survey of 1,000 adults conducted last month.To read this article in full or to leave a comment, please click here | |||
|
2017-02-23 14:35:46 | Stop using SHA1: It\'s now completely unsafe (lien direct) | Security researchers have achieved the first real-world collision attack against the SHA-1 hash function, producing two different PDF files with the same SHA-1 signature. This shows that the algorithm's use for security-sensitive functions should be discontinued as soon as possible.SHA-1 (Secure Hash Algorithm 1) dates back to 1995 and has been known to be vulnerable to theoretical attacks since 2005. The U.S. National Institute of Standards and Technology has banned the use of SHA-1 by U.S. federal agencies since 2010, and digital certificate authorities have not been allowed to issue SHA-1-signed certificates since Jan. 1, 2016, although some exemptions have been made.To read this article in full or to leave a comment, please click here | |||
|
2017-02-23 12:15:00 | How to assess security automation tools (lien direct) | This column is available in a weekly newsletter called IT Best Practices. Â Click here to subscribe. Â During my recent trip to Tel Aviv to attend CyberTech 2017, I had a one-on-one conversation with Barak Klinghofer, co-founder and CTO of Hexadite. He gave me a preview of an educational presentation he was to give two weeks later at the RSA Conference. His insight is worth repeating for anyone looking to add automation tools to their security toolset.As I saw at CyberTech, and I'm sure was the case at RSA, the hottest topics were security automation, automated incident response and security orchestration. These can be confusing terms, as every vendor describes them a little bit differently.To read this article in full or to leave a comment, please click here | Guideline | ||
|
2017-02-23 10:59:00 | New York State cybersecurity regulations: Who wins? (lien direct) | As you probably know by now, on February 16, the State of New York's Department of Financial Services (DFS) finalized its new cybersecurity regulations, which take effect on March 1, 2017. These regulations are somewhat redundant with others in the financial services industry (i.e. FFIEC, GLBA, NIST CSF, OCC, etc.) but tend to go a bit further with several specific prescriptive requirements. For example, the New York State cybersecurity regulations cover nonpublic data (rather than customer data), mandate the presence of a CISO (or third-party equivalent) and require a program for secure data destruction.To read this article in full or to leave a comment, please click here | |||
|
2017-02-23 10:33:00 | Breaking and protecting devops tool chains (lien direct) | Ken Johnson, CTO of nVisium, and Chris Gates, Senior Security Engineer at Uber talk to CSO Online's Steve Ragan about working with devops tool chains. | Uber | ||
|
2017-02-23 10:32:00 | Bruce Schneier and the call for "public service technologists" (lien direct) | Bruce Schneier, CTO of IBM Resilient on the increasing importance of technologist's presence in education and policy-making. | |||
|
2017-02-23 08:32:00 | Ethernet 2.5GBASE-T and 5GBASE-T grows, testing on tap from UNH lab (lien direct) | The University of New Hampshire InterOperability Laboratory (UNH-IOL) said it would begin offering testing and standards conformance services 2.5GBASE-T and 5GBASE-T Ethernet products.The broad testing services safeguard that Ethernet products and services are interoperable and will help customers boost network speed up to five times without requiring cabling infrastructure changes.The Ethernet Alliance in September wrote that the IEEE 802.3bz Standard for Ethernet Amendment sets Media Access Control Parameters, Physical Layers and Management Parameters for 2.5G and 5Gbps Operation lets access layer bandwidth evolve incrementally beyond 1Gbps, it will help address emerging needs in a variety of settings and applications, including enterprise, wireless networks.To read this article in full or to leave a comment, please click here | |||
|
2017-02-23 07:11:33 | Eleven-year-old root flaw found and patched in the Linux kernel (lien direct) | Linux system administrators should be on the watch for kernel updates because they fix a local privilege escalation flaw that could lead to a full system compromise.The vulnerability, tracked as CVE-2017-6074, is over 11 years old and was likely introduced in 2005 when the Linux kernel gained support for the Datagram Congestion Control Protocol (DCCP). It was discovered last week and was patched by the kernel developers on Friday.The flaw can be exploited locally by using heap spraying techniques to execute arbitrary code inside the kernel, the most privileged part of the OS. Andrey Konovalov, the Google researcher who found the vulnerability, plans to publish an exploit for it a few days.To read this article in full or to leave a comment, please click here | Guideline | ||
|
2017-02-23 06:52:00 | IDG Contributor Network: Is DevOps security about behavior or process? (lien direct) | One of my main roles is improving the security of the software produced by my employer, and it was in that role that I attended the annual gathering of the security industry in San Francisco last week. The RSA Conference is one of the two global security conferences I attend, the other being Blackhat. While Blackhat has become more corporate, it's still dominated by hackers and focuses more on vulnerabilities, whereas RSA is very much a corporate event focused on enterprise security and security policy.RELATED: Machine learning offers new hope against cyber attacks Several of the tracks at RSA this year covered the area of security in the development process. I was most interested in the Advanced Security & DevOps track. DevOps is a hot topic in the industry, and now we have SecDevOps, or perhaps DevSecOps as the new security buzzword spinoff. Behind the buzzwords, however, I learned some useful lessons, a few of which I'd like to discuss here.To read this article in full or to leave a comment, please click here | |||
|
2017-02-23 06:27:00 | How to scrub your private data from \'people finder\' sites (lien direct) | It doesn't matter what you do online: The internet knows a ton about you, and that information is a mouse click away.Search any people finder site-Spokeo, PeekYou, Whitepages, to name a few-and odds are you'll find a page listing your full name, date of birth, names of family members, current address, and phone number. Depending on the site's aggressiveness, it may offer (for a low membership fee or the price of registering an account) additional details such as past addresses, social media profiles, marital status, employment history, education, court cases such as bankruptcies, hobbies, and even a photo of where you live.[ 18 surprising tips for security pros. | Discover how to secure your systems with InfoWorld's Security Report newsletter. ] Forget the National Security Agency. Aggregator sites such as Intelius, Radaris, and PeopleFinder have data warehouses full of information about you, accessible to people without your permission, and used for purposes you know nothing about. While these sites ostensibly provide background checks and other public services, they also simplify identity theft, stalking, and doxxing (exposing personal information online to encourage harassment), which is both creepy and downright dangerous.To read this article in full or to leave a comment, please click here | |||
|
2017-02-23 06:20:00 | Why DRaaS is a better defense against ransomware (lien direct) | Recovering from a ransomware attack doesn't have to take days Image by Eric E CastroIt's one thing for a user's files to get infected with ransomware, it's quite another to have a production database or mission-critical application infected. But, restoring these databases and apps from a traditional backup solution (appliance, cloud or tape) will take hours or even days which can cost a business tens or hundreds of thousands of dollars. Dean Nicolls, vice president of marketing at Infrascale, shares some tangible ways disaster recovery as a service (DRaaS) can pay big dividends and quickly restore systems in the wake of a ransomware attack.To read this article in full or to leave a comment, please click here |
|||
|
2017-02-23 06:19:00 | Are you afraid your car will be taken over? (lien direct) | In 2013 Charlie Miller and Chris Valesek showed how easy it was to take over a connected car. It was a monumental moment that made the auto industry stand up and take notice of the vulnerability of the connected cars they manufactured.Miller and Valesek were not maliciously running cars off the road, but they did give demonstrations so that the auto industry would begin to take security seriously. As seen in this video, the two researchers had the capability through their laptops to shut down the vehicle's engine on the highway or spew window washing fluid onto the windshield, which could startle an unsuspecting driver to perhaps jerk the wheel and hit another car. They identified more than seven major categories of remote attack surfaces, based on their study of 20 models (2014 to 2015) from different car manufacturers.To read this article in full or to leave a comment, please click here | |||
|
2017-02-23 05:38:17 | Police arrest man suspected of building million-router German botnet (lien direct) | Last year, someone turned a German internet service provider into a million-router botnet. German police think they will soon have the culprit.The U.K.'s National Crime Agency (NCA) made an arrest on Wednesday in connection with the November 2016 hack on Deutsche Telekom. The agency said it arrested a 29-year-old man at Luton airport, acting on a European Arrest Warrant issued by the public prosecutor's office in Cologne, Germany.The German Federal Criminal Police Office (Bundeskriminalamt, or BKA), which led the investigation, said it had worked with British law enforcement officials to arrest the man, a Briton.To read this article in full or to leave a comment, please click here | |||
|
2017-02-23 05:30:03 | Amid cyberattacks, ISPs try to clean up the internet (lien direct) | If your computer's been hacked, Dale Drew might actually know something about that.He's CSO (chief security officer) at Level 3 Communications, a major internet backbone provider that's routinely on the lookout for cyberattacks on the network level. The company has linked more than 150 million IP addresses to malicious activity worldwide.That means all of those IP addresses have computers behind them that are probably involved in distributed denial-of-service attacks, email spam, or breaches of company servers, Drew said.Hackers have managed to hijack those computers to "cause harm to the internet," but the owners don't always know that, Drew said. To read this article in full or to leave a comment, please click here | |||
|
2017-02-22 16:40:33 | A hard drive\'s LED light can be used to covertly leak data (lien direct) | The seemingly harmless blinking lights on servers and desktop PCs may give away secrets if a hacker can hijack them with malware. Researchers in Israel have come up with an innovative hack that turns a computer's LED light into a signaling system that shows passwords and other sensitive data. The researchers at Ben-Gurion University of the Negev demonstrated the hack in a YouTube video posted Wednesday. It shows a hacked computer broadcasting the data through a computer's LED light, with a drone flying nearby reading the pattern. The researchers designed the scheme to underscore vulnerabilities of air-gapped systems, or computers that have been intentionally disconnected from the internet.To read this article in full or to leave a comment, please click here | |||
|
2017-02-22 13:19:00 | 7.4% of software on PCs are past end of life (lien direct) | A new Secunia Research report states that the average private user in the U.S. has 75 programs installed on their PC, and 7.4% of them are past end of life and no longer patched by the vendor.  By being past end of life, this software becomes a popular attack target by hackers because the programs are so widespread on devices today. This was the warning from Microsoft when it ended support for Windows XP in 2014-that people should no longer use it because exploits would no longer be fixed. The report from Secunia Research, which is owned by Flexera Software, covers findings for the fourth quarter of 2016 in 12 countries. In the U.S., it found 7.5 percent of private users had unpatched Windows operating systems in Q4 of 2016, up from 6.1 percent in Q3 of 2016 and down from 9.9 percent in Q4 of 2015.To read this article in full or to leave a comment, please click here | |||
|
2017-02-22 11:42:00 | IDG Contributor Network: Reaching the cybersecurity tipping point (lien direct) | Remember that moment when you really committed yourself to solid security and privacy practices? The moment when you committed to never clicking on a link you weren't sure about, to always checking for badges on people coming in the door, to always using your password manager to create a complex password? If you do, you reached your “cybersecurity tipping point.â€For many, that moment has not yet come. And if you are reading this article, it might be your job to get your employees to hit that point. And you already know that the hard part is figuring out how.To read this article in full or to leave a comment, please click here | |||
|
2017-02-22 11:07:40 | What to expect from the Trump administration on cybersecurity (lien direct) | Look for U.S. President Donald Trump's administration to push for increased cybersecurity spending in government, but also for increased digital surveillance and encryption workarounds.That's the view of some cybersecurity policy experts, who said they expect Trump to focus on improving U.S. agencies' cybersecurity while shying away from new cybersecurity regulations for businesses. Trump is likely to look for ways for the National Security Agency and other agencies to assist the government and companies defend against cyberattacks, said Jeffrey Eisenach, a visiting scholar at the American Enterprise Institute and a tech advisor during Trump's presidential transition.To read this article in full or to leave a comment, please click here | |||
|
2017-02-22 10:58:05 | New macOS ransomware spotted in the wild (lien direct) | A new file-encrypting ransomware program for macOS is being distributed through bittorrent websites and users who fall victim to it won't be able to recover their files, even if they pay.Crypto ransomware programs for macOS are rare. This is the second such threat found in the wild so far, and it's a poorly designed one. The program was named OSX/Filecoder.E by the malware researchers from antivirus vendor ESET who found it.OSX/Filecoder.E masquerades as a cracking tool for commercial software like Adobe Premiere Pro CC and Microsoft Office for Mac and is being distributed as a bittorrent download. It is written in Apple's Swift programming language by what appears to be an inexperienced developer, judging from the many mistakes made in its implementation.To read this article in full or to leave a comment, please click here | |||
|
2017-02-22 10:55:00 | How the DOT discovered its network was compromised by shadow IT (lien direct) | When Richard McKinney set out to migrate the Department of Transportation (DOT) to Microsoft Office 365, he got a valuable lesson in shadow IT, one that could serve as a cautionary tale for other government leaders as they look to upgrade and consolidate their systems.McKinney, who only recently stepped down as CIO at DOT, had been leading a turnaround mission at the department since his arrival, but when it came time for the Office 365 rollout, he quickly discovered how chaotic the situation was, with hundreds of unauthorized devices running undetected on the sprawling network.To read this article in full or to leave a comment, please click here | Guideline | ||
|
2017-02-22 10:00:00 | Cisco touts next-gen firewall gear for midsize installations (lien direct) | Cisco is coming out with four next-generation firewall boxes aimed at giving smaller organizations protection that is better sized to their needs and engineered to minimize performance hits as additional security services are turned on.The devices make up a family called the Cisco Firepower 2100 series and are built around dual, multi-core processors. That architecture enables custom processing of traffic requiring threat inspection, and also supports tagging traffic that doesn't need threat inspection so it flows through only the separate network processing unit.These features combine to provide ample processing power for services such as IPS and also lighten the total load on that processor by diverting traffic that doesn't require those services, Cisco says.To read this article in full or to leave a comment, please click here | |||
|
2017-02-22 09:05:00 | IDG Contributor Network: What is OWASP, and why it matters for AppSec (lien direct) | Modern software development is firmly focused on speed. The race to be first in the market is extremely competitive. To innovate, companies develop at breakneck pace, quickly establishing feedback loops that allow them to hone their software. Security, however, is often an afterthought for stressed developers and the business people pushing them to deliver faster.The importance of application security (AppSec) is widely understood, with 97 percent of respondents to the SANS Institute's 2016 State of Application Security report revealing they have an AppSec program in place.To read this article in full or to leave a comment, please click here | |||
|
2017-02-22 08:45:00 | Senator to file bill requiring border agents to get a warrant before searching phones (lien direct) | In moments of optimism, I'd like to believe there is still some common ground upon which liberals and conservatives – even supporters of President Trump – can stand with firm resolve. One such patch should be ensuring privacy protections for the digital devices and sensitive personal information of all U.S. citizens when they pass through border checkpoints.Toward that end, U.S. Sen. Ron Wyden, D-Ore., has signaled his intention to file legislation that would require customs and law enforcement agencies to acquire a warrant before compelling access to a U.S. traveler's electronic device and also prohibit the growing practice of demanding social media identities and passwords. In a letter to John Kelly, director of homeland security, Wyden poses the following questions:To read this article in full or to leave a comment, please click here | |||
|
2017-02-22 06:37:00 | Microsoft releases Adobe Flash Player fix, but doesn\'t patch 2 zero-day exploits (lien direct) | Microsoft released MS17-005 to patch critical flaws in Adobe Flash Player, but that's it. Microsoft didn't release the fix for the two zero-day exploits disclosed this month.After the company said patches would be delayed in February, it clarified that security updates would instead be released on Patch Tuesday in March. Yet InfoWorld's Woody Leonhard reported that Microsoft emailed its largest customers on Monday with a heads-up about the Flash patches for Internet Explorer and Edge.To read this article in full or to leave a comment, please click here | |||
|
2017-02-22 05:38:22 | Microsoft pushes out critical Flash Player patches with one week delay (lien direct) | After deciding to postpone its February patches for a month, Microsoft released one critical security update for Windows on Tuesday that contains Flash Player patches released by Adobe Systems last week.The new security bulletin, identified as MS17-005, is rated critical for Windows 8.1, Windows RT 8.1, Windows 10 and Windows Server 2016, and moderate for Windows Server 2012 and Windows Server 2012 R2. On these Windows versions, Flash Player is bundled by default with Internet Explorer 11 and Microsoft Edge, so Microsoft delivers patches for it through Windows Update.This month's Flash Player patches were released by Adobe on February 14 and address 13 vulnerabilities that could lead to remote code execution. Typically Adobe releases patches on the same day as Microsoft, a day known in the industry as Patch Tuesday. This month, though, Microsoft postponed its updates at the last minute due to an unspecified issue that, it said, could have affected customers.To read this article in full or to leave a comment, please click here | Guideline | ||
|
2017-02-22 04:45:00 | 5 ways to spot a phishing email (lien direct) | No one wants to believe they'd fall for a phishing scam. Yet, according to Verizon's 2016 Data Breach Investigations Report, 30 percent of phishing emails get opened. Yes, that's right -- 30 percent. That incredible click-through rate explains why these attacks remain so popular: it just works.Phishing works because cybercriminals take great pains to camouflage their "bait" as legitimate email communication, hoping to convince targets to reveal login and password information and/or download malware, but there are still a number of ways to identify phishing emails. Here are five of the most common elements to look for.To read this article in full or to leave a comment, please click here | |||
|
2017-02-22 04:41:00 | 7 Wi-Fi vulnerabilities beyond weak passwords (lien direct) | To keep private Wi-Fi networks secure, encryption is a must-have -- and using strong passwords or passphrases is necessary to prevent the encryption from being cracked. But don't stop there! Many other settings, features and situations can make your Wi-Fi network as much or even more insecure as when you use a weak password. Make sure you're not leaving your network vulnerable by doing any of the following.1. Using a default SSID or password Your Wi-Fi network's name, called the service set identifier (SSID), can make your network less secure. If you leave the default SSID for your router or wireless access point (AP), such as linksys or dlink, it can increase the chances of someone successfully cracking the Wi-Fi password. This is because dictionary-based cracking depends upon the SSID, and a default or common SSID makes it a bit easier. So do not use any default SSID; instead, carefully choose your own.To read this article in full or to leave a comment, please click here | |||
|
2017-02-22 04:00:00 | Kaspersky announces its OS for IoT devices (lien direct) | Just what the world needs, another Linux distro. But does the fact it came from a top anti-malware vendor give it a competitive edge in the quest for security?Eugene Kaspersky, CEO of the antivirus company that bears his name, took to his blog to announce KasperskyOS, a project that has been in the works for 14 years. Talk about slow development time. KasperskyOS is available for both x86 and ARM processors. It takes concepts from the Flux Advanced Security Kernel (FLASK) architecture, which was used in SELinux and SEBSD, but builds a new OS from scratch with security in mind, enabling what he calls "global Default Deny at the process level."Â To read this article in full or to leave a comment, please click here |
To see everything:
Our RSS (filtrered)
