What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2017-02-21 23:52:17 | LinkedIn will help people in India train for semi-skilled jobs (lien direct) | Microsoft has launched Project Sangam, a cloud service integrated with LinkedIn that will help train and generate employment for middle and low-skilled workers.The professional network that was acquired by Microsoft in December has been generally associated with educated urban professionals but the company is now planning to extend its reach to semi-skilled people in India.Having connected white-collared professionals around the world with the right job opportunities and training through LinkedIn Learning, the platform is now developing a new set of products that extends this service to low- and semi-skilled workers, said Microsoft CEO Satya Nadella at an event on digital transformation in Mumbai on Wednesday.To read this article in full or to leave a comment, please click here | |||
|
2017-02-21 09:52:32 | Java and Python FTP attacks can punch holes through firewalls (lien direct) | The Java and Python runtimes fail to properly validate FTP URLs, which can potentially allow attackers to punch holes through firewalls to access local networks.On Saturday, security researcher Alexander Klink disclosed an interesting attack where exploiting an XXE (XML External Entity) vulnerability in a Java application can be used to send emails.XXE vulnerabilities can be exploited by tricking applications to parse specially crafted XML files that would force the XML parser to disclose sensitive information such as files, directory listings, or even information about processes running on the server.Klink showed that the same type of vulnerabilities can be used to trick the Java runtime to initiate FTP connections to remote servers by feeding it FTP URLs in the form of ftp://user:password@host:port/file.ext.To read this article in full or to leave a comment, please click here | |||
|
2017-02-21 09:43:00 | Cisco deepens enterprise network virtualization, security detection of DNA suite (lien direct) | Cisco today announced a variety of hardware, software and services designed to increase network virtualization and bolster security for campus, branch office and cloud customers. The products, which include a Network Functions Virtualization branch office device and improved security network segmentation software, fall under Cisco's overarching Digital Network Architecture plan. DNA offers integrated networking software-virtualization, automation, analytics, cloud service management and security under a single suite. +More Cisco News on Network World: Cisco reserves $125 million to pay for faulty clock component in switches, routers+To read this article in full or to leave a comment, please click here | |||
|
2017-02-21 09:40:00 | IDG Contributor Network: Cisco Rapid Threat Containment quickly detects, removes infected end points (lien direct) | Many of the readers of this blog are aware that ever since Cisco acquired SourceFire, and cybersecurity industry legends such as Marty Roesch took leadership roles within the company, Cisco's initiative is for all security products to be open and to interoperate with other products.Another very large acquisition was OpenDNS, and the CEO from OpenDNS now leads all of the security business at Cisco. The culture is all about Cisco products, as well as non-Cisco products, working better together. + Also on Network World: Cisco ONE simplifies security purchasing + For many, it's shocking to think about Cisco as a vendor pushing for openness and standards. I'm not sure why because Cisco has spent its life creating networking protocols and then helping them to become standards available to all. But I digress.To read this article in full or to leave a comment, please click here | Guideline | ||
|
2017-02-21 08:37:00 | IDG Contributor Network: IoT in crime prevention: Balancing justice with privacy (lien direct) | A homeowner reports a robbery. His IoT-enabled pacemaker doesn't indicate any change in heart rate during the robbery? Can investigators obtain that information from the service provider? Should they?+ Also on Network World:Â Cops use pacemaker data to charge homeowner with arson, insurance fraud + Issues of privacy increase as IoT sensors collect more information about us. What rights do individuals have over the information collected about them? Can the accuracy of sensor data be trusted?To read this article in full or to leave a comment, please click here | |||
|
2017-02-21 07:55:00 | New York State cybersecurity rules and the skills shortage (lien direct) | While the cybersecurity industry was knee-deep in vision, rhetoric and endless cocktail parties at the RSA Conference, the State of New York introduced new cybersecurity regulations for the financial services industry. The Department of Financial Services (DFS) rules (23 NYCRR 500) go into effect next week on March 1, 2017.Anyone who has reviewed similar cybersecurity regulations will find requirements in 23 NYCRR 500 familiar, so while the regulations are somewhat broader than others, there are obvious common threads. In reviewing the document, however, section 500.10 caught my eye. Here is the text from this section:To read this article in full or to leave a comment, please click here | |||
|
2017-02-21 07:36:00 | EFF: Congress considers making it illegal to protect consumer privacy online (lien direct) | “When you go online you reveal a tremendous amount of private information about yourself,†wrote the Electronics Frontier Foundation (EFF). “What you browse, what you purchase, who you communicate with-all reveal something personal about you.†These are examples of what your ISP knows about you.But it's more than that for people with smart connected devices. Think about a smart refrigerator. As former FCC Chairman Tom Wheeler asked, “Who would have ever imagined that what you have in your refrigerator would be information available to AT&T, Comcast, or whoever your network provider is?†Who would have thought they could sell that type of information?To read this article in full or to leave a comment, please click here | |||
|
2017-02-21 07:15:00 | IDG Contributor Network: Breaking through the cybersecurity bubble (lien direct) | For many in the cybersecurity space, the world revolves around the attack vector. Many security vendors narrowly focus on their version of the prevent, defend and respond paradigm-focusing on their purported supremacy and on making their case to get a piece of the enterprise security budget pie. At the recent RSA Conference in San Francisco, however, there were some hopeful signs that this narrow view and myopic perspective is evolving-at least for some. “Don't draw lines that separate different fields. Draw connections that bring them together,†implored RSA CTO Dr. Zulfikar Ramzan in the opening keynote as he called for business-driven security. “In my experience, today's security professionals must also draw connections between security details and business objectives.â€To read this article in full or to leave a comment, please click here | |||
|
2017-02-21 06:54:00 | We finally know how much a data breach can cost (lien direct) | Everyone knows corporate data breaches can be expensive, but does anyone really know exactly how expensive? Recent estimates for the average cost have landed all over the map, ranging from $4 million to $7 million. But when it comes to the top end of the scale, those appraisals turn out to be laughably small.+ Also on Network World: Everything you know about cyberwar is wrong + The massive Yahoo data breaches of 2013 and 2014 now have a real cost attached to them, and it's a couple orders of magnitude larger than those piddly estimates. Simply put, the breaches forced Yahoo to renegotiate its sale to Verizon, cutting the price by $350 million. To read this article in full or to leave a comment, please click here | Yahoo | ||
|
2017-02-21 06:41:55 | Verizon knocks off $350M from Yahoo deal after breaches (lien direct) | Verizon Communications will pay US$350 million less for Yahoo after two major data breaches reported by the struggling internet pioneer.Verizon will pay about $4.48 billion for Yahoo's operating business, and the two companies will share any potential legal and regulatory liabilities arising from two major data breaches announced in late 2016. The companies announced the amended terms of the deal Tuesday.Back in October, one news report had Verizon seeking a $1 billion discount after the first breach was announced.To read this article in full or to leave a comment, please click here | Yahoo | ||
|
2017-02-21 06:22:00 | 9 new hacks coming to get you (lien direct) | Securitywise, the internet of things is going as badly as most computer security experts predicted. In fact, most vendors don't fully appreciate the potential threats IoT devices pose. Anything connected to the internet and running code can be taken over for malicious purposes. Given the accelerating proliferation of internet-connected devices, we could be hurtling toward catastrophe. Personal security cameras, for example, are being used to conduct the largest denial-of-service attacks the world has ever seen, not to mention allowing strangers to spy on the very people the cameras are supposed to protect.To read this article in full or to leave a comment, please click here | |||
|
2017-02-21 06:19:00 | Understanding the attack surface to better allocate funds (lien direct) | In the last few years, the attack surface has changed from defending the perimeter to protecting applications in the cloud, leaving CISOs wondering how they can best allocate funds to stay ahead of attacks.Misha Govshteyn, co-founder and CISO at Alert Logic, said, "For a long time, when people thought about defensive strategies it was about their enterprise or their perimeters, where the infrastructure ends and the outside world begins."According to Earl Perkins, research vice president, digital security, the IoT group at Gartner, "We now embrace multiple forms of wireless networks as an enterprise. We distribute smaller, fit-for-purpose devices that have some processor and memory function, but aren't general-purpose platforms in the sense of traditional IT. All of these are now ingress points and vulnerable assets if they are inadequately protected."To read this article in full or to leave a comment, please click here | |||
|
2017-02-21 06:12:00 | 5 open source security tools too good to ignore (lien direct) | Open source is a wonderful thing. A significant chunk of today's enterprise IT and personal technology depends on open source software. But even while open source software is widely used in networking, operating systems, and virtualization, enterprise security platforms still tend to be proprietary and vendor-locked. Fortunately, that's changing. If you haven't been looking to open source to help address your security needs, it's a shame-you're missing out on a growing number of freely available tools for protecting your networks, hosts, and data. The best part is, many of these tools come from active projects backed by well-known sources you can trust, such as leading security companies and major cloud operators. And many have been tested in the biggest and most challenging environments you can imagine. To read this article in full or to leave a comment, please click here | Guideline | ||
|
2017-02-21 06:08:00 | Why you need a bug bounty program (lien direct) | Every business needs to have a process in place for handling security vulnerability reports, but some organizations take a much more proactive approach to dealing with security researchers.An increasing number of hardware and software vendors have formal bug bounty programs. Google, for example, runs its own vulnerability rewards program, and Microsoft has multiple bug bounties covering Office 365, Azure, .NET and Edge as general programs covering exploits and defenses.To read this article in full or to leave a comment, please click here | |||
|
2017-02-21 06:04:00 | Would killing Bitcoin end ransomware? (lien direct) | Ransomware is running rampant. The SonicWall GRID Threat Network detected an increase from 3.8 million ransomware attacks in 2015 to 638 million in 2016. According to a Radware report, 49 percent of businesses were hit by a ransomware attack in 2016. Quite often the attacker asks for some amount of cybercurrency – usually Bitcoin – in exchange for providing a decryption key.One question this raises is whether ransomware attacks would decrease if Bitcoin ceased to exist? Security experts answer that question with a resounding “noâ€, indicating that cybercriminals would just move on to another anonymous payment method to continue their extortion."Getting rid of Bitcoin to stop ransomware would be like the U.S. Government getting rid of $100 bills to try to stop drug dealers from laundering their dirty money. It's not the right solution. Would it momentarily create a bump in the road for cyber attackers who are making millions off of ransomware? Absolutely, but only for a fleeting moment,†said Richard Henderson, global security strategist at Absolute.To read this article in full or to leave a comment, please click here | |||
|
2017-02-21 06:03:00 | 8 steps to regaining control over shadow IT (lien direct) | A dangerous practice on the rise Image by Pexels“Shadow IT†refers to the too-common practice whereby managers select and deploy cloud services without the consent or even the knowledge of the IT department. These services act as extensions of the corporation but are steered entirely by groups that lack the knowledge or process to ensure they follow necessary guidelines, introducing security, compliance, and brand risk throughout the enterprise. Gartner predicts that by 2020, one-third of security breaches will come in through shadow IT services.To read this article in full or to leave a comment, please click here |
|||
|
2017-02-20 09:15:00 | Iraqi hacker took credit for hijacking subdomain and defacing Trump site (lien direct) |
A hacker, purportedly from Iraq, defaced a site previously used by President Donald Trump for campaign fundraising. The “hack†occurred Sunday on the server, secure2.donaldjtrump.com. It was short-lived.A screenshot of the defacement was posted on the subreddit Hacking. The page displayed an anonymous man in a fedora above the message:
Hacked By Pro_Mast3r ~Attacker GovNothing Is ImpossiblePeace From Iraq
 g33xter
Ars Technica reported the server was “behind Cloudflare's content management and security platform, and does not appear to be directly linked from the Trump Pence campaign's home page. But it does appear to be an actual Trump campaign server.â€To read this article in full or to leave a comment, please click here |
|||
|
2017-02-20 07:00:37 | Hackers behind bank attack campaign use Russian as decoy (lien direct) | The hackers behind a sophisticated attack campaign that has recently targeted financial organizations around the world have intentionally inserted Russian words and commands into their malware in an attempt to throw investigators off.Researchers from cybersecurity firm BAE Systems have recently obtained and analyzed additional malware samples related to an attack campaign that has targeted 104 organizations -- most of them banks -- from 31 different countries.They found multiple commands and strings in the malware that appear to have been translated into Russian using online tools, the results making little sense to a native Russian speaker.To read this article in full or to leave a comment, please click here | |||
|
2017-02-20 04:18:00 | 12 steps to small business security (lien direct) | Swimming upstream? Image by ThinkstockIf you're a small to midsized business and you wing it when it comes to network management and security then it's not a question of if you will have a disaster, it's merely a question of when. Why? Because malware, accidents and disasters are all waiting in the wings to pop out and make your life hell and cost you lots of money. Now I won't lie to you, getting insulated from the bad stuff isn't cheap, but if you think security and reliability is expensive, try fixing a disaster. Here are 12 steps that will, in the long run, make your business safer. Think you've got this covered? How many have you got in place?To read this article in full or to leave a comment, please click here |
|||
|
2017-02-20 03:06:00 | (Déjà vu) New products of the week 2.20.17 (lien direct) | New products of the week Image by RiverbedOur roundup of intriguing new products. Read how to submit an entry to Network World's products of the week slideshow.Ambra for Developers Image by ambraTo read this article in full or to leave a comment, please click here |
|||
|
2017-02-19 08:39:00 | F-bombing cop recorded threatening to sic dog on driver to rip him up (lien direct) | Getting pulled over by the cops can be stressful, especially if one of the cops is shouting, cursing and threatening to sic a 90-pound dog on a motorist to rip the *bleep* out of him. The Atlantic City cop was dropping f-bombs all over the place, doing so at least 10 times in a one-minute, 20-second video clip of the traffic stop incident which was posted on Facebook.I don't see how you could help but be offended by the video. If not by the cop's spewing of foul-language, then by the threats the officer made. It is unclear why the cops pulled over the young men, but one of the cops nuked out upon discovering the driver was using his phone to film them. One of the unidentified cops said, “Listen there's two ways that this can go. Take that phone and stick it out of my face. I'm not gonna tell you again.â€To read this article in full or to leave a comment, please click here | |||
|
2017-02-17 17:00:00 | (Déjà vu) Users take the cheese to solve data breaches (lien direct) | Cheese Movers International's restructuring resulted in some employees being unhappy with either their new role or the new management. And unhappy employees, especially those who know the system well and have access, can become major problems for companies.Verizon's RISK Team was called in because the multinational company had heard rumblings among the disgruntled employees and found some negative comments online. While there was no evidence of a data breach, Cheese Movers' upper management was concerned something was coming.This is just one case found in Verizon's recently released annual breach report, which examines some of the cases where the RISK Team was called in to hunt down culprits. The “ride–along edition†of Verizon's report provides a first-person perspective of the company that calls in the heavy hitters to find out why the network has slowed, who defaced a website or where a leak is coming from. With all the accounts, the names of the companies have been changed to protect the brand from public ridicule.To read this article in full or to leave a comment, please click here | |||
|
2017-02-17 16:59:00 | Ride along to solve these data breaches (lien direct) | Riding along Image by Daimler AGVerizon's recently released annual breach report that examines some of its cases where the RISK Team was called in to hunt down culprits. The “ride –along edition†of Verizon's report gets a first-person perspective of the company that calls in the heavy hitters to find out why the network has slowed or where a leak is. With all the accounts, the names of the companies have been changed to protect the brand from public ridicule.To read this article in full or to leave a comment, please click here |
|||
|
2017-02-17 15:50:00 | RSA demo: TruStar anonymizes incident data to improve information exchange (lien direct) | TruStar's head of product, Shimon Modi, shows CSO Online's Steve Ragan how his company is changing the game when it comes to incident reporting for companies. | |||
|
2017-02-17 15:46:00 | Why cyber-robotics is key to cybersecurity\'s future (lien direct) | Chad Holmes, Principal of Ernst & Young LLP sits down with Network World's Neal Weinberg to talk about how cyber-robotics will help shape the future of cybersecurity. | |||
|
2017-02-17 13:34:08 | Here\'s how the US government can bolster cybersecurity (lien direct) | Almost 20 years ago, Chris Wysopal was among a group of hackers who testified before U.S. Congress, warning it about the dangers of the internet.Unfortunately, the U.S. government is still struggling to act, he said. "You're just going to keep ending up with the status quo," he said, pointing to the U.S. government's failure to regulate the tech industry or incentivize any change.It's a feeling that was shared by the experts who attended this week's RSA cybersecurity show. Clearly, the U.S. government needs to do more on cybersecurity, but what?  Public and Private sector Perhaps, the need for U.S. action hasn't been more urgent. In last year's election, Russia was accused of hacking U.S. political groups and figures in an effort to influence the outcome.To read this article in full or to leave a comment, please click here | |||
|
2017-02-17 11:09:00 | IRS Dirty Dozen: Phishing, phone cons and identity theft lead scam list for 2017 (lien direct) | The Internal Revenue Service rounded up some of the usual suspects in its annual look at the Dirty Dozen scams you need to watch out for this year. It should come as no surprise that the IRS saw a big spike in phishing and malware incidents during the 2016 tax season because the agency has been very public about its battle with this scourge. Just this month the IRS issued another warning about what it called a dangerous, evolving W-2 scams that are targeting corporations, school districts and other public and private concerns.To read this article in full or to leave a comment, please click here | Guideline | ||
|
2017-02-17 08:33:28 | Insecure Android apps put connected cars at risk (lien direct) | Android applications that allow millions of car owners to remotely locate and unlock their vehicles are missing security features that could prevent tampering by hackers.Researchers from antivirus vendor Kaspersky Lab took seven of the most popular Android apps that accompany connected cars from various manufacturers and analyzed them from the perspective of a compromised Android device. The apps and manufacturers have not been named.The researchers looked at whether such apps use any of the available countermeasures that would make it hard for attackers to hijack them when the devices they're installed on are infected with malware. Other types of applications, such as banking apps, have such protections.To read this article in full or to leave a comment, please click here | |||
|
2017-02-17 07:11:00 | CyberTech conference showcases cybersecurity solutions originating in Israel  (lien direct) | This column is available in a weekly newsletter called IT Best Practices.  Click here to subscribe.  Mention “cybersecurity conference†and most people think of the annual RSA Conference, which was held last week. But halfway around the world, the annual CyberTech Tel Aviv event is building momentum as one of the largest gatherings of cybersecurity professionals in the world. This year, more than 10,000 people representing 67 countries amassed in Tel Aviv, and I had the privilege of being one of them.Israel is making a name for itself, and that name is Cyber Nation. A 2011 government resolution created the National Cyber Bureau as an advising body for the Prime Minister. The bureau's main mission is to bolster Israel's national cybersecurity defenses, but a secondary mission is to promote research and development in the cyber field and encourage the commercial cyber industry in Israel.To read this article in full or to leave a comment, please click here | |||
|
2017-02-17 04:42:00 | The high price of security shaming [Infographic] (lien direct) | Bad press following a security breach hits companies hard. In fact, it can be so damaging that “two-thirds of companies would pay an average of $124k to avoid public shaming scandals,†according to a recent Bitdefender survey of 250 IT security professionals. What's more, “some 14 percent would pay more than $500k.†If you think that's a high price to pay, consider this: 34 percent of companies were breached in the past 12 months, according to the report, and “74 percent of IT decision makers don't know how the company was breached.†Among the survey's other notable findings is that while 64 percent of respondents said they think their current security budget is sufficient, they also admitted that “only 64 percent of cyberattacks can be stopped, detected or prevented with the current resources.â€To read this article in full or to leave a comment, please click here | |||
|
2017-02-17 04:42:00 | RSA: Eric Schmidt shares deep learning on AI (lien direct) | SAN FRANCISCO – Alphabet chairman Eric Schmidt says artificial intelligence is key to advances in diverse areas such as healthcare and datacenter design and that security concerns related to it are somewhat misguided. (Alphabet is the parent company of Google).In a wide-ranging on-stage conversation here at the RSA Security conference with Gideon Lewis-Kraus, author of The Great A.I. Awakening, Schmidt shared his insights from decades of work related to AI (he studied AI as a PhD student 40 years ago) and why the technology seems to finally be hitting its stride.In fact, last year Google CEO Sundar Pichai said AI is what helps the search giant build better products over time. "We will move from a mobile-first to an AI-first world,†he said.To read this article in full or to leave a comment, please click here | |||
|
2017-02-16 16:34:19 | Experts at RSA give their best cybersecurity advice (lien direct) | Come to the RSA show, and you'll find plenty of cybersecurity technology. The top vendors from across the industry are here, showing products for fighting ransomware, preventing data breaches and more.But even the best security software is useless if users and businesses aren't taking the right steps to protect themselves. So we asked experts at the show for their best cybersecurity tips.Joe Stewart, director of malware research at Dell SecureWorks He advises everyone to set up two-factor authentication to protect their internet accounts, especially email. It can be particularly useful when stopping hackers who are trying to steal login passwords from users, whether through malware or email phishing schemes.To read this article in full or to leave a comment, please click here | |||
|
2017-02-16 13:36:00 | Why (or where) many security programs fail (lien direct) | At RSA 2017, CSO's Steve Ragan chats with security expert Ira Winkler about where many security programs are failing within companies, as well as his concept of “advanced persistent security.†| |||
|
2017-02-16 12:45:33 | Israeli soldiers hit in cyberespionage campaign using Android malware (lien direct) | More than 100 members of the Israel Defense Forces (IDF), the majority of them stationed around the Gaza strip, fell victim to a cyberespionage attack that used malicious Android applications to steal information from their mobile devices.The attack campaign started in July and continues to date, according to researchers from antivirus firm Kaspersky Lab, who cooperated in the investigation with the IDF Information Security Department.The Israeli soldiers were lured via Facebook Messenger and other social networks by hackers who posed as attractive women from various countries like Canada, Germany, and Switzerland. The victims were tricked into installing a malicious Android application, which then scanned the phone and downloaded another malicious app that masqueraded as an update for one of the already installed applications.To read this article in full or to leave a comment, please click here | |||
|
2017-02-16 12:37:00 | SD-WANs get IPv6 support from Versa (lien direct) | Software Defined Networking vendor Versa this week added support for IPv6 to its SD-WAN and security packages.According to Kumar Mehta, founder and CDO of Versa Networks by supporting IPv4 and IPv6 for SD-WAN and SD-Security, customers will have the flexibility to design their WAN under IPv4 today and protect it from obsolescence as they switch over to IPv6 in the future.To read this article in full or to leave a comment, please click here | |||
|
2017-02-16 11:29:00 | How the Cyber Threat Alliance works to fight cybercrime (lien direct) | At RSA 2017, Derek Manky, Global Security Strategist at Fortinet, talks about the mission and goals of the Cyber Threat Alliance, which shares malware information between members to improve defenses in the cybersecurity space. | |||
|
2017-02-16 11:03:00 | How blockchain can help drive cybersecurity (lien direct) | At RSA 2017, security expert Konstantin Karagiannis (CTO at BT North America) gives Network World an overview of blockchain security and how it could help shape the future of cybersecurity. | |||
|
2017-02-16 08:55:00 | Microsoft\'s monthlong delay of patches may pose risks (lien direct) | Microsoft has decided to bundle its February patches together with those scheduled for March, a move that at least some security experts disagree with."I was surprised to learn that Microsoft wants to postpone by a full month," said Carsten Eiram, the chief research officer at vulnerability intelligence firm Risk Based Security, via email. "Even without knowing all the details, I find such a decision very hard to justify. They are aware of vulnerabilities in their products and have developed fixes; those should always be made available to customers in a timely fashion."Microsoft took everyone by surprise on Tuesday when it announced that this month's patches had to be delayed because of a "last minute issue" that could have had an impact on customers. The company did not initially specify for how long the patches will be postponed, which likely threw a wrench in some systems administrators' patch deployment plans.To read this article in full or to leave a comment, please click here | |||
|
2017-02-16 07:36:04 | Tech groups gear up for FISA surveillance fight (lien direct) | A controversial provision in U.S. law that gives the National Security Agency broad authority to spy on people overseas expires at the end of the year, and six major tech trade groups are gearing up for a fight over an extension.Section 702 of the Foreign Intelligence Surveillance Act expires on Dec. 31, and Congress almost certain to extend it in some form. The tech trade groups, including BSA, the Consumer Technology Association, and the Computer and Communications Industry Association, are asking lawmakers to build in new privacy protections for internet users. "It is critical that Congress takes a balanced yet focused approach with respect to Section 702," the groups said in a letter sent to top lawmakers Wednesday. "We urge your committees to ensure that any reauthorization includes meaningful safeguards for internet users' privacy and civil liberties."To read this article in full or to leave a comment, please click here | |||
|
2017-02-16 05:26:00 | IT leaders say it\'s hard to keep the cloud safe (lien direct) | IT managers are finding it difficult to keep their applications and data safe in the cloud, and many are slowing cloud adoption because of it.That was one of the findings of an Intel cloud security report that surveyed 2,000 IT professionals in different countries and industries last fall.The issue isn't with the cloud itself, since trust outnumbers distrust for public clouds by more than two to one, according to Intel's survey.IT professionals told Intel that shadow IT and a shortage of cybersecurity skills are causing the most problems.To read this article in full or to leave a comment, please click here | Guideline | ||
|
2017-02-16 05:24:00 | The 7 security threats to technology that scare experts the most (lien direct) | What happens if a bad actor turns off your heat in the middle of winter, then demands $1,000 to turn it back on? Or even holds a small city's power for ransom? Those kinds of attacks to personal, corporate, and infrastructure technology were among the top concerns for security experts from the SANS Institute, who spoke Wednesday during the RSA conference in San Francisco.+ MORE FROM RSA: Hot products at RSA 2017 +Some of these threats target consumers directly, but even the ones that target corporations could eventually “filter down†to consumers, though the effects might not be felt for some time.To read this article in full or to leave a comment, please click here | |||
|
2017-02-16 05:14:00 | Should security pros get special H-1B visa consideration? (lien direct) | New U.S. Attorney General Jeff Sessions may disagree about whether there is a shortage of skilled IT workers in America, as he has asserted at hearings over the past two years, but talk to most CISOs and they will confirm that when it comes to cybersecurity talent in particular, the skills shortage is very real.“There's no doubt about it,†says John Masserini, CISO at equity derivatives marketMIAX Options in Princeton, N.J. “We've had two positions open for three months now,†a security operations center analyst and a security engineer position. The company's location between two major metro areas – New York City and Philadelphia – makes the competition for cybersecurity talent especially tough, he says. Meanwhile, the firm's security workload keeps growing. “I already know that by the end of this year I'm going to have a couple more openings,†he says.To read this article in full or to leave a comment, please click here | |||
|
2017-02-16 05:12:00 | 7 ways MDM threatens employee privacy (lien direct) | Controlling BYOD Image by PexelsFor years, organizations have turned to Mobile Device Management (MDM) solutions with the hope of wrapping their arms around BYOD. MDM is a technology that enables organizations to control every aspect of a mobile device, from permitted apps to outbound communications. But with that complete control comes the potential for abuse.To read this article in full or to leave a comment, please click here |
|||
|
2017-02-16 05:07:00 | Tips for negotiating with cyber extortionists (lien direct) | Paying ransom to a cyber extortionist holding enterprise data hostage might seem like a poor idea in principle but sometimes it might the best, or even only, option for extricating your organization from a crisis.Seventy percent of businesses hit in ransomware attacks have paid to resolve the problem, half of them over $10,000 and 20 percent over $40,000, a recent IBM survey of 600 corporate executives showed. Nearly six in 10 indicated they would be willing to pay a ransom to recover data.If your organization happens to be among those willing to consider a ransom payment, it is a good idea to devise a strategy for negotiating with the attackers before the need for it actually arises.To read this article in full or to leave a comment, please click here | |||
|
2017-02-16 00:00:00 | What is Cyber Deception? (lien direct) | Cymmetria founder and CEO Gadi Evron explains the complex world of cyber deception, and how the principles of information control are helping to secure our systems. | |||
|
2017-02-16 00:00:00 | The Challenges of Identity in the Cloud (lien direct) | JD Sherry, VP of Cloud Security at Optiv talks to Infoworld's Fahmida Rashid about the challenges of identity in cloud environments. | |||
|
2017-02-15 23:38:13 | US legislation revived to curb warrantless geolocation tracking (lien direct) | U.S. legislators have reintroduced bills that would place curbs on warrantless access by the government to electronically generated geolocation information of Americans, including on the use of cell-site simulators that can capture cellphone data.Bicameral legislation introduced Wednesday, called the Geolocation Privacy and Surveillance Act, aims to create clear rules for when law enforcement agencies can acquire an individual's geolocation information, generated from electronic devices like smartphones, GPS units and Wi-Fi equipped laptops.To read this article in full or to leave a comment, please click here | |||
|
2017-02-15 14:51:20 | A.I. faces hype, skepticism at RSA cybersecurity show (lien direct) | Vendors at this week's RSA cybersecurity show in San Francisco are pushing artificial intelligence and machine learning as the new way to detect the latest threats, but RSA CTO Zulfikar Ramzan is giving visitors a reality check."I think it (the technology) moves the needle," he said on Wednesday. "The real open question to me is how much has that needle actually moved in practice?"It's not as much as vendors claim, Ramzan warned, but for customers it won't be easy cutting through the hype and marketing. The reality is that a lot of the technology now being pushed isn't necessarily new.In particular, he was talking about machine learning, a subfield in A.I. that's become a popular marketing term in cybersecurity. In practice, it essentially involves building algorithms to spot bad computer behavior from good.To read this article in full or to leave a comment, please click here | |||
|
2017-02-15 14:37:00 | Bruce Schneier: Public-service technologists are needed to tame the IoT (lien direct) | The internet of things needs to be regulated and soon before it becomes even more of a tool to facilitate cyberattacks, and that means coming up with civic-minded technologists to help formulate government policies, security expert Bruce Schneier told an RSA Conference 2017 audience.+More on Network World: RSA: Watch out for a new weapon - your own data | Hot products at RSA 2017 +The problem is governments lack the technological expertise to understand the mindset of the makers of IoT devices and the markets in which they are sold.To read this article in full or to leave a comment, please click here | |||
|
2017-02-15 11:53:55 | Sophos CEO sounds the alarm on enterprise ransomware attacks (lien direct) | Ransomware is increasingly becoming a problem for companies, and the CEO of a leading computer security company says he fears 2017 could see entire companies shut down until they pay up, or risk losing all their data.Ransomware works by infiltrating a computer with malware and then encrypting all the files on the disk. The user is presented with a limited time offer: Lose all your data or send money with the promise your data will be unlocked. The fee typically varies from a few tens of dollars to hundreds of dollars and often has to be transmitted in Bitcoin.The problem began on a fairly small scale, targeting individual users, but has been growing. Last year, a hospital in Los Angeles admitted to paying $17,000 to get its system unlocked, and a report in October said ransomware cases were on course to quadruple in 2016 over the previous year.To read this article in full or to leave a comment, please click here | Guideline |
To see everything:
Our RSS (filtrered)
