What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2017-02-15 11:46:00 | IDG Contributor Network: 3 new information security jobs for the digital enterprise (lien direct) | The responsibilities of information security are rapidly changing as enterprises digitize. Technology now enables business strategy and is transforming product, channels, and operations. In this new context, information security is expected to take a strategic role by helping business leaders understand the security implications of their digital strategies; support a quicker pace of technology exploitation and experimentation; and govern a larger, more varied project portfolio.Digitization has spurred three company-wide shifts, creating the need for three associated new information security roles.Shift 1: Strategy over governance Information security increasingly plays a larger role in advising business partners on strategy. A key driver is the growing difficulty of executing digital strategies securely. Technology enablement of product, channel, and operations introduces new potential vulnerabilities that can only be spotted by information security's keen eye. More business leaders are recognizing security's centrality; in fact, CEB data shows that 81 percent of boards of director review information security matters in most or every meeting (disclosure: I work for CEB).To read this article in full or to leave a comment, please click here | Guideline | ||
|
2017-02-15 10:48:00 | How Google reinvented security and eliminated the need for firewalls (lien direct) | SAN FRANCISCO -- In some ways, Google is like every other large enterprise. It had the typical defensive security posture based on the concept that the enterprise is your castle and security involves building moats and walls to protect the perimeter.Over time, however, that perimeter developed holes as Google's increasingly mobile workforce, scattered around the world, demanded access to the network. And employees complained about having to go through a sometimes slow, unreliable VPN. On top of that, Google, like everyone else, was moving to the cloud, which was also outside of the castle.In other ways, Google is unlike any other company. Without much of a detailed business plan or cost/benefit analysis, Google execs gave the green light to an ambitious project aimed at totally reinventing the company's security infrastructure.To read this article in full or to leave a comment, please click here | |||
|
2017-02-15 10:46:38 | Yahoo warns users of account breaches related to recent attacks (lien direct) | Yahoo has begun warning individual users that their accounts with the service may have been compromised in a massive data breach it reported late last year.The warning, in email messages sent from Yahoo CISO Bob Lord, tell users that a forged cookie may have been used to access their accounts in previous years.The warning to Yahoo users come at the same time that news reports suggest that Verizon Communications, in negotiations to buy Yahoo, may be seeking a discount of US$250 million because of the data breaches.To read this article in full or to leave a comment, please click here | Yahoo | ||
|
2017-02-15 10:25:00 | India blasts 104 satellites into orbit aboard one rocket (lien direct) | India's space agency said today it had launched 104 satellites from a single rocket, crushing the previous record of 37 satellites from a single rocket by the Russian space agency in 2014.The rocket – India's Polar Satellite Launch Vehicle (PSLV), also known as Cartosat-2 –is a four-stage rocket that India has used for a variety of missions since 1993. This was its 39th flight.+More on Network World: Small satellites bring “Moore's Law†into space+To read this article in full or to leave a comment, please click here | |||
|
2017-02-15 09:45:17 | JavaScript-based ASLR bypass attack simplifies browser exploits (lien direct) | Researchers have devised a new attack that can bypass one of the main exploit mitigations in browsers: address space layout randomization (ASLR). The attack takes advantage of how modern processors cache memory and, because it doesn't rely on a software bug, fixing the problem is not easy.Researchers from the Systems and Network Security Group at Vrije Universiteit Amsterdam (VUSec)Â unveiled the attack, dubbed AnC, Wednesday after having coordinated its disclosure with processor, browser and OS vendors since October.ASLR is a feature present in all major operating systems. Applications, including browsers, take advantage of it to make the exploitation of memory corruption vulnerabilities like buffer overflows more difficult.To read this article in full or to leave a comment, please click here | |||
|
2017-02-15 09:08:00 | RSA: Elite cryptographers scoff at idea that law enforcement can \'overcome\' encryption (lien direct) | U.S. Attorney General Jeff Sessions' call for a way to “overcome†cryptography met with scorn from a panel of elite cryptographers speaking at this week's RSA Conference 2017 in San Francisco.“Any one of my students will be capable of writing good crypto code,†says Adi Shamir, the 'S' in RSA and a professor at the Weizmann Institute in Israel.Sessions' use of the term “overcome†during his confirmation hearings actually means installing backdoors, says Ronald Rivest, the 'R' in RSA and a professor at MIT. He cited a joint Congressional study that concluded that weakening encryption works against the national interest, and that encryption is global anyway -- so the U.S. can't call all the shots.To read this article in full or to leave a comment, please click here | |||
|
2017-02-15 08:31:00 | In and Around the 2017 RSA Conference (lien direct) | As you may have guessed from my blogs, I was really excited about the year's RSA Security Conference. At the end of January, I wrote a blog about my expectations for endpoint security at RSA. I followed up with another ditty about network security banter at this year's show and concluded the series with a blog about security analytics and operations talk at RSA. To read this article in full or to leave a comment, please click here | |||
|
2017-02-15 08:10:00 | NSS Labs rated 13 advanced endpoint security products, flagged 2 with caution rating (lien direct) | Advanced endpoint security products don't do you much good if they can be evaded or eat your time by consistently throw false positives. Since enterprises are expected to defend against sophisticated threats and money in the security budget only goes so far, you might be interested in the results from NSS Labs' testing of 13 security vendors AEP solutions. The results were released during the RSA conference.According to NSS Labs' CEO Vikram Phatak, “The AEP test results provide vendor neutral insight and analysis to help enterprises accelerate their decision process and make informed decisions about when to deploy these products to manage their risk posture.â€To read this article in full or to leave a comment, please click here | |||
|
2017-02-15 08:00:00 | Researchers trick \'CEO\' email scammer into giving up identity (lien direct) | Businesses targeted in email scams don't always have to play the victim. They can actually fight back. Researchers at Dell SecureWorks have documented how they identified a suspected email scammer from Nigeria, by essentially playing along with the scheme to fool the attacker into revealing his true whereabouts. Anyone can use these tips, said Joe Stewart, director of malware research at SecureWorks. “We're letting them (the scammers) give us all the information about themselves,†he said. The email scheme SecureWorks dealt with involved a fraudster impersonating a CEO in what's called a business email spoofing attack. The goal is often to trick a victim into wiring funds to the scammer's bank account.To read this article in full or to leave a comment, please click here | |||
|
2017-02-15 06:20:00 | RSA: Watch out for a new weapon - your own data (lien direct) | As tens of thousands of the world's top security pros gather at RSA Conference 2017 they are being called upon to watch out for a new threat: their own data.By corrupting data that is used for making decisions, attackers can cause all kinds of problems, says Chris Young, general manager of Intel Security. “Now data is manipulated and used against us to affect the decisions we make,†he says.He calls this corruption “data landmines,†which when factored into decision making, can result in bad choices, missed opportunities and economic losses.He says stolen and manipulated data combined to disrupt the 2016 presidential election, for example, and the consequences of similar manipulations could be high for businesses whose big-data analysis is undermined by altered small data that makes it up. With inaccurate input to draw on, the outcomes will be faulty, he says.To read this article in full or to leave a comment, please click here | |||
|
2017-02-15 06:00:00 | Review: Samsung SmartCam PT network camera (lien direct) | The home security camera market has taken a big hit in recent months, becoming the poster child for “bad security behavior†when people talk about the security (or lack thereof) of Internet of Things. Last year's highly publicized DDoS attack on Dyn highlighted insecure cameras being used as part of a botnet; vulnerabilities were also found in Chinese-based security cameras and at least one Samsung SmartCam product. In the U.S., the FTC filed a complaint against D-Link over claims that their webcams were “secureâ€.To read this article in full or to leave a comment, please click here | |||
|
2017-02-15 05:07:00 | Too many victims say yes to ransomware (lien direct) | If you are a victim of ransomware, don't pay!That has been the mantra of the FBI for several years now – one that was forcefully echoed by one of the nation's highest-profile security bloggers – Brian Krebs – in a recent post.But based on the statistics, either a lot of people aren't listening, or it's a bit more complicated than that. The reality is that the success of ransomware isn't just increasing. It's exploding.To read this article in full or to leave a comment, please click here | |||
|
2017-02-15 05:03:00 | Report: some small cities have surprisingly high number of exposed devices (lien direct) | Trend Micro this morning released a report about the exposed cyberassets in the top U.S. cities and most critical industry segments -- and in many cases, it was the smaller municipalities that had the largest number of problems."Larger cities had fewer systems being exposed," said Ed Cabrera, chief cybersecurity officer at Trend Micro.Houston, for example, had 3,900,208 exposed devices, compared with 1,031,325 in New York City, even though New York has nearly four times as many people.But many of the cities with the highest numbers of exposed devices were even smaller. Sometimes, much, much smaller.To read this article in full or to leave a comment, please click here | |||
|
2017-02-15 04:15:00 | 6 Internet of Things companies to watch (lien direct) | Network World increasingly has been writing about companies transforming their businesses via the Internet of Things rather than just tracking the latest IoT vendor announcements. But after taking a spin through our ongoing and interactive startup funding timeline, we figured it was a good time to round up some of the latest startups to rein in venture capital for their IoT-related businesses. To read this article in full or to leave a comment, please click here | |||
|
2017-02-15 00:00:00 | The Future of Passwords and Authentication (lien direct) | Ping Identity's Patrick Harding joins Infoworld's Fahmida Rashid to take a look into the future of passwords and authentication for our increasingly complex online lives. | |||
|
2017-02-15 00:00:00 | New Chinese Cybersecurity Threats (lien direct) | CSO's Steve Ragan talks with Cybereason's Chief Product Officer Sam Curry about the rising threat of attacks from nation-state actors, and how to address the unique nature of their attacks. | |||
|
2017-02-14 20:17:03 | Doubts abound over US action on cybersecurity (lien direct) | How should the U.S. respond to cyber attacks? That's been a major question at this year's RSA security conference, following Russia's suspected attempt to influence last year's election. Clearly, the government should be doing more on cybersecurity, said U.S. lawmakers and officials at the show, but they admit that politics and policy conflicts have hampered the government's approach. “I wish the federal government could do this, but it's very hard, unfortunately, due to partisan politics,†said Virginia State Governor Terry McAuliffe, during a speech at the show. “They haven't been able to take the lead on this issue as they should have.â€To read this article in full or to leave a comment, please click here | Guideline | ||
|
2017-02-14 13:07:00 | Microsoft shelves all February security updates (lien direct) | Microsoft today took the unprecedented step of postponing an entire month's slate of security updates for Windows and its other products just hours before the patches were to begin rolling out to customers."We discovered a last-minute issue that could impact some customers and was not resolved in time for our planned updates today," Microsoft said in a post to the MSRC (Microsoft Security Research Center) blog. "After considering all options, we made the decision to delay this month's updates."Today was set as Patch Tuesday, the monthly release of security fixes from Microsoft. Normally, Microsoft issues the updates around 10 a.m. PT (1 p.m. ET). Although Microsoft did not time stamp its blog post, the SAN Institute's Internet Storm Center (ISC) pointed out the delay at 8:22 a.m. PT (11:22 ET).To read this article in full or to leave a comment, please click here | |||
|
2017-02-14 10:55:00 | Christian Slater wants you to check your printer security (lien direct) | In IT circles, actor Christian Slater is known for the very popular USA Network show "Mr. Robot", so fans of that show might like watching him in this short film, sponsored/created by HP. The film, titled "The Wolf", showcases the security vulnerabilities found at companies through the connected office printer.It's certainly a clever way to get people to think about printer security, especially as more of them become connected not only to the office network, but the Internet. Plus, Slater is really good here.Enjoy! To read this article in full or to leave a comment, please click here | |||
|
2017-02-14 10:50:00 | Microsoft says tech companies need to protect and not to help attack customers (lien direct) | No Microsoft patches today, but have you looked at your Office 365 Secure Score? It is one step Microsoft has taken to help customer mitigate risks. And at RSA, the company called on tech companies to be a “neutral Digital Switzerland†and to be committed to “100 percent defense and zero percent offense.â€No patches on February Patch TuesdayMicrosoft opted not to release patches on Valentine's Day, which should have been Patch Tuesday.The “delay†was announced by MSRC: Our top priority is to provide the best possible experience for customers in maintaining and protecting their systems. This month, we discovered a last minute issue that could impact some customers and was not resolved in time for our planned updates today.To read this article in full or to leave a comment, please click here | |||
|
2017-02-14 10:09:15 | Russian cyberspies blamed for US election hacks are now targeting Macs (lien direct) | Security researchers have discovered a macOS malware program that's likely part of the arsenal used by the Russian cyberespionage group blamed for hacking into the U.S. Democratic National Committee last year.The group, which is known in the security industry under different names, including Fancy Bear, Pawn Storm, and APT28, has been operating for almost a decade. It is believed to be the sole user and likely developer of a Trojan program called Sofacy or X-Agent.X-Agent variants for Windows, Linux, Android, and iOS have been found in the wild in the past, but researchers from Bitdefender have now come across what appears to be the first macOS version of the Trojan.To read this article in full or to leave a comment, please click here | APT 28 | ||
|
2017-02-14 08:30:00 | Microsoft\'s president wants a Geneva Convention for cyberwar (lien direct) | Microsoft is calling for a Digital Geneva Convention, as global tensions over digital attacks continue to rise. The tech giant wants to see civilian use of the internet protected as part of an international set of accords, Brad Smith, the company's president and chief legal officer, said in a blog post. The manifesto, published alongside his keynote address at the RSA conference in San Francisco on Tuesday, argued for codifying recent international norms around cyberwarfare and for establishing an independent agency to respond to and analyze cyberattacks.To read this article in full or to leave a comment, please click here | |||
|
2017-02-14 07:26:00 | Avaya Surge protects the Internet of Things (lien direct) | The Internet of Things (IoT) is hitting a tipping point. While there has been a fair amount of IoT chatter and hype over the past few years, deployments have been limited to the traditional machine to machine (M2M) verticals such as oil and gas, mining and manufacturing. Over the past couple of years, though, more verticals have been looking to connect more non-traditional IoT devices.The reason I think we're at this tipping point is because businesses aren't referring to these deployments as “IoT†but rather it's becoming normal operations to connect more and more devices. + Also on Network World: The Internet of Things security threat + Healthcare has rapidly been connecting patient devices, retailers are making point-of-sale systems “smart,†hotels are looking to improve the guest experience, and sports and entertainment venues are connecting more devices. While these verticals may seem different, the commonality of IoT initiatives is that when everything is connected, you can change the way the business interacts with customers, students, patients, patrons, employees or other constituents that interact with the organization. To read this article in full or to leave a comment, please click here | |||
|
2017-02-14 06:36:00 | IBM\'s Watson teams up with its SIEM platform for smarter, faster event detection (lien direct) | San Francisco -- IBM's Watson supercomputer can now consult with the company's security information and event management (SIEM) platform to deliver well researched responses to security events and do so much faster than a person.Called IBM Q Radar with Watson, the new offering is the introduction of IBM's push for a cognitive security operations center (SOC) that will be built around Watson contributing to decisions made in tandem with other security products from the vendor. IBM announced the service at the RSA Conference 2017.In the case of Q Radar, when the SIEM catches a security event, human security analysts can choose to enlist Watson's help analyzing the event to determine whether it fits into a known pattern of threat and put it a broader context, IBM says.To read this article in full or to leave a comment, please click here | |||
|
2017-02-14 06:27:32 | Forget the network perimeter, say security vendors (lien direct) | What if all your company's computers and applications were connected directly to the Internet? That was the assumption behind BeyondCorp, a new model for network security that Google proposed back in 2014, and it's one that's starting to get some attention from networking and security vendors.Enterprises have moved beyond the traditional workspace in recent years, allowing employees to work remotely by using their personal devices and accessing apps in private or public clouds. To bring roaming workers back into the fold, under the security blanket of their local networks, companies rely on VPNs and endpoint software to enforce network access controls.To read this article in full or to leave a comment, please click here | |||
|
2017-02-14 06:12:00 | Microsoft outlines new Office 365 security capabilities (lien direct) | It's a sad state of affairs when business apps need security measures, but that's what it has come to these days. Microsoft has added some new features to Office 365 designed to add intelligence to catch suspicious behavior and mitigate risk, which it outlined in a recent blog post. Office 365 also needs these security measures because it is cloud based. That means its users are connecting outside their firewall, which adds all kinds of risk, both from intrusion and accidental data loss. There are three new security features: Office 365 Secure Score, Office 365 Threat Intelligence Private Preview, and Office 365 Advanced Data Governance Preview. To read this article in full or to leave a comment, please click here | |||
|
2017-02-14 05:33:00 | Rise of as-a-service lowers bar for cybercriminals (lien direct) | As-a-service offerings for things such as DDoS and malware -- including ransomware -- via exploit kits has seriously lowered the bar for entry into the criminal market. Hackers no longer need to have sophisticated skills in order to gain entry into the world of cybercrime.According to Geoff Webb, vice president of strategy at Micro Focus, the industrialization of the processes and the availability of the tools has created this expanded forum that allows non-technical people, anyone really, to enter into the digital crime market. To read this article in full or to leave a comment, please click here | |||
|
2017-02-14 05:32:00 | Heartbreaking hacks (lien direct) | It warms a hacker's heart Image by ThinkstockValentine's Day is historically about love, flowers and chocolate. Unless you're a hacker, then it's about worms, vulnerabilities, data theft and more. Preying on our need for love and affection, hackers have historically unleashed some hard-hitting attacks around Valentine's Day, or in relation to the topic of love. So, before you open that Valentine's Day email or click through to that online dating site, WatchGuard's Marc Laliberte runs you through some of the most nefarious love-related cyber-attacks.To read this article in full or to leave a comment, please click here |
|||
|
2017-02-14 02:44:00 | Hot products at RSA 2017 (lien direct) | RSA Conference underway Image by Web SummitRSA, the world's largest security conference, is underway this week in San Francisco with attendees from around the world gathering to hear the latest strategies for fighting cyberattacks. They'll also be able to view the latest hardware and software to protect their most valuable corporate assets. Here is a brief description of some new security products being announced at the conference.To read this article in full or to leave a comment, please click here |
|||
|
2017-02-14 00:59:35 | Cybersecurity alliance promoting intel-sharing seeks to expand (lien direct) | Hackers have probably had a harder time slipping past your security software, thanks to an alliance between some of the top vendors in the industry.The Cyber Threat Alliance, a group of security firms that often compete, says its efforts to share intelligence on the latest hacking threats have been paying off. Rivals including Fortinet, Intel Security, Palo Alto Networks and Symantec originally entered into the alliance over two years ago, even as doubts arose over whether it'd last.To read this article in full or to leave a comment, please click here | |||
|
2017-02-14 00:00:00 | Cybersecurity and the Cloud in 2017 (lien direct) | Infoworld Senior Writer Fahmida Rashid chats with Palo Alto Networks' CSO Rick Howard about the biggest cybersecurity challenges facing businesses working in the cloud in 2017. | |||
|
2017-02-14 00:00:00 | The Cybersecurity Canon (lien direct) | Palo Alto Networks' CSO Rick Howard sits down at RSA 2017 with Infoworld's Fahmida Rashid to talk about what the Cybersecurity Canon is, and his top picks for inclusion this year. | |||
|
2017-02-13 23:54:02 | Worried about hacks, senators want info on Trump\'s personal phone (lien direct) | Two senators have written to the U.S. Department of Defense about reports that President Donald Trump may still be using an old unsecured Android phone, including to communicate through his Twitter account.“While it is important for the President to have the ability to communicate electronically, it is equally important that he does so in a manner that is secure and that ensures the preservation of presidential records,†Tom Carper, a Democrat from Delaware, and Claire McCaskill, a Democrat from Missouri, wrote in the letter, which was made public Monday.To read this article in full or to leave a comment, please click here | |||
|
2017-02-13 18:27:48 | Researcher develops ransomware attack that targets water supply (lien direct) | A security researcher is showing that it's not hard to hold industrial control systems for ransom. He's experimented with a simulated water treatment system based on actual programmable logic controllers (PLCs) and documented how these can be hacked.David Formby, a PhD student at Georgia Institute of Technology, conducted his experiment to warn the industry about the danger of poorly-secured PLCs. These small dedicated computers can be used to control important factory processes or utilities, but are sometimes connected to the internet.For instance, Formby found that 1,500 of these industrial PLCs are accessible online, he said while speaking at the RSA cybersecurity conference on Monday. It's not hard to imagine a hacker trying to exploit these exposed PLCs, he added. Cybercriminals have been infecting businesses across the world with ransomware, a form of malware that can hold data hostage in exchange for bitcoin.To read this article in full or to leave a comment, please click here | |||
|
2017-02-13 13:14:00 | Experts worried about ransomware hitting critical infrastructure (lien direct) | Expect ransomware to grow more aggressive in the coming years, including higher ransom payments and attempts to go beyond attacking data -- by shutting down entire computer systems to utilities or factories.“I see no reason for ransomware to stop,†said Neil Jenkins, an official with the U.S. Department of Homeland Security. “It's shown to be effective.â€On Monday at the RSA cybersecurity conference, experts gave a grim outlook on the future of ransomware, which they fear will spread. Through the attacks, cybercriminals have already managed to rake in US$1 billion last year, according to at one estimate.To read this article in full or to leave a comment, please click here | |||
|
2017-02-13 11:59:00 | IDG Contributor Network: Hackers show no mercy-even for pot dispensaries (lien direct) | Back when Apple was the plucky young upstart that dared to be different, the Mac was the machine for creative types and there was a perception that it wasn't a target for hackers because of its cultural cool factor.You would expect the same rules to apply to the legalized marijuana market, but a major hack attack on a pot dispensary last month set that notion up in smoke.MJ Freeway, providers of popular medical marijuana tracking software, suffered a point-of-sale system hack that left over 1,000 marijuana dispensaries across 23 states unable to track their sales and inventories. Because of the state regulations regarding the sale of marijuana, some dispensaries were forced to close early or shut their doors completely. The disruption lasted weeks and caused patients to suffer long delays with obtaining access to their medicine.To read this article in full or to leave a comment, please click here | |||
|
2017-02-13 11:31:00 | Cisco, competitors infiltrate Avaya customer doubts (lien direct) | It is not surprising that Cisco, Mitel and others are targeting Avaya's customers as the networking company goes through Chapter 11 bankruptcy but sometimes it is a bit startling in its boldness. For example, Cisco wrote: “Let's not dance around it. Avaya's recent announcements have put a lot of people into the decision process. Change and uncertainty usually do. So then, what to do next? I'm not bold enough to say, 'Hey, come on over and write me a check right now.' That's not how this works. It's not an overnight decision. You have to figure out who you trust with your unified communications and customer care solutions. And to get there means asking a lot of questions – and getting the answers you need.â€To read this article in full or to leave a comment, please click here | |||
|
2017-02-13 09:11:13 | Recent malware attacks on Polish banks tied to wider hacking campaign (lien direct) | Malware attacks that recently put the Polish banking sector on alert were part of a larger campaign that targeted financial organizations from more than 30 countries.Researchers from Symantec and BAE Systems linked the malware used in the recently discovered Polish attack to similar attacks that have taken place since October in other countries. There are also similarities to tools previously used by a group of attackers known in the security industry as Lazarus.The hackers compromised websites that were of interest to their ultimate targets, a technique known as watering hole attacks. They then injected code into them that redirected visitors to a custom exploit kit.To read this article in full or to leave a comment, please click here | APT 38 | ||
|
2017-02-13 09:07:00 | Most Americans with knowledge of employer\'s cybersecurity wouldn\'t want to be a customer (lien direct) | Today Kaspersky Lab and HackerOne released the report, “Hacking America: Cybersecurity Perception.†Some of its revelations include that most Americans wouldn't want to be a customer of their employers since they don't trust their employers to protect their personal data; also, almost half the people surveyed think America is more vulnerable to cyber-espionage/nation-sponsored cyberattacks with Donald Trump as president.The study, based on answers provided by 5,000 US adults who were surveyed in December 2016, revealed that despite all the cybersecurity news coverage, American consumers and businesses still need a better understanding of cyberthreats and how to protect their personal and sensitive business data online.To read this article in full or to leave a comment, please click here | |||
|
2017-02-13 05:52:00 | How to lock down your security system (lien direct) | Keeping the network safe Image by ThinkstockAs long as data is online there will always be concerns over cyber security. There are many steps a business can take to help better protect their physical security systems from cyber threats. From simple things like not using default or simple passwords, to more advanced steps like using PKI certificates and making sure you download the latest firmware - each are important to keeping your data, and your network, secure.To read this article in full or to leave a comment, please click here |
|||
|
2017-02-13 05:46:00 | Windows 10 will soon have a very different security system (lien direct) | Microsoft announced a new service called Windows Defender Advanced Threat Protection (WDATP) last year specifically for enterprises, meant to help detect, investigate and respond to attacks on their networks. It was released with the Windows 10 Anniversary Update and is built on the existing security in Windows 10. WDATP offers a new post-breach layer of protection to the Windows 10 security stack, as well as a cloud service to help detect threats that have made it past other defenses and trace how far they penetrated into the enterprise. To read this article in full or to leave a comment, please click here | |||
|
2017-02-13 03:23:00 | (Déjà vu) New products of the week 2.13.17 (lien direct) | New products of the week Image by ZenossOur roundup of intriguing new products. Read how to submit an entry to Network World's products of the week slideshow.USM Anywhere Image by alienvaultTo read this article in full or to leave a comment, please click here |
|||
|
2017-02-13 03:00:00 | How San Diego fights off 500,000 cyberattacks a day (lien direct) | Nearly 27 years of network and cybersecurity experience with the Department of Defense didn't prepare Gary Hayslip for the collection of disparate technologies he encountered when he joined the city of San Diego.“Cities don't get rid of anything. If it works, why get rid of it? So you end up having a lot of diverse technologies connected together. You may have something that's 15 years old connected to stuff that's state of the art,†says Hayslip, whose DoD tenure included 20 years of active-duty military service and seven years working in civil service for the military.“Police cars, ambulances, libraries, water treatment facilities, golf courses … One of the things you learn real quickly: the city of San Diego is $4 billion business. And cities don't shut down. They run 24/7,†he says. “My almost 27 years in DoD did not prepare me for how interesting city networks are."To read this article in full or to leave a comment, please click here | |||
|
2017-02-13 02:12:00 | Expert: Line between cyber crooks and cyber spies getting more blurry (lien direct) |
Cybercriminals acting on behalf of national governments and nation-backed espionage agents carrying out cybercrimes for cash on the side is the future of security threats facing corporations and governments, says the former top U.S. attorney in charge of the Department of Justice's national security division. Morrison & Foerster
John Carlin
“I think this blending of criminal and national security, whether it's terrorists or state actors moonlighting as crooks or state actors using criminal groups as a way to distance themselves from the action, I think that is a trend that we saw increasing that's just going to continue to increase over the next three to five years,†says John Carlin, now an attorney with Morrison & Foerster.To read this article in full or to leave a comment, please click here |
|||
|
2017-02-12 23:34:21 | Intel, McAfee dispute heads for settlement talks (lien direct) | A dispute between Intel and security expert John McAfee over the use of his name for another company is headed for settlement talks, according to court records.The move comes shortly after the federal court refused John McAfee and MGT Capital Investments, the company to be renamed, a preliminary injunction on Intel's transfer of marks and related assets containing the word McAfee, as part of a proposed spin-out by the chipmaker of its security business as a separate company that would be called McAfee.The chip company said in September it had signed the agreement with TPG to set up a cybersecurity company in which Intel shareholders would hold 49 percent of the equity with the balance held by the investment firm.To read this article in full or to leave a comment, please click here | |||
|
2017-02-12 08:15:00 | University attacked by its own vending machines, smart light bulbs & 5,000 IoT devices (lien direct) | Today's cautionary tale comes from Verizon's sneak peek (pdf) of the 2017 Data Breach Digest scenario. It involves an unnamed university, seafood searches, and an IoT botnet; hackers were using the university's own vending machines and other IoT devices to attack the university's network.Since the university's help desk had previously blown off student complaints about slow or inaccessible network connectivity, it was a mess by the time a senior member of the IT security team was notified. The incident is given from that team member's perspective; he or she suspected something fishy after detecting a sudden big interest in seafood-related domains.To read this article in full or to leave a comment, please click here | |||
|
2017-02-10 14:48:23 | Privacy groups claim FBI hacking operation went too far (lien direct) | Privacy advocates are claiming in court that an FBI hacking operation to take down a child pornography site was unconstitutional and violated international law.That's because the operation involved the FBI hacking 8,700 computers in 120 countries, based on a single warrant, they said.“How will other countries react to the FBI hacking in their jurisdictions without prior consent?†wrote Scarlet Kim, a legal officer with U.K.-based Privacy International.On Friday, that group, along with the Electronic Frontier Foundation (EFF) and the American Civil Liberties Union of Massachusetts, filed briefs in a lawsuit involving the FBI's hacking operation against Playpen. The child pornography site was accessible through Tor, a browser designed for anonymous web surfing. But in 2014, the FBI managed to take it over.To read this article in full or to leave a comment, please click here | |||
|
2017-02-10 10:33:00 | TechDemocracy aims to provide a holistic assessment of cyber risk  (lien direct) | This column is available in a weekly newsletter called IT Best Practices.  Click here to subscribe.  Gartner estimates that global spending on cybersecurity solutions exceeded $81 billion in 2016. The average enterprise with 1,000 or more employees spends about $15 million fighting cybercrime each year, according to the Ponemon Institute. Despite such heavy investments in all types of solutions, many CISOs still find it challenging to answer the questions, “How likely are we to have a breach, and if we do incur a breach, what will be the financial impact?â€The main obstacle to answering those fundamental questions is that much of the information needed to reveal an organization's state of cyber risk is trapped in product silos, and it's seldom fully mapped to the organization's compliance policies.To read this article in full or to leave a comment, please click here | |||
|
2017-02-10 10:00:01 | Microsoft unveils a bonanza of security capabilities (lien direct) | Companies concerned about cybersecurity have a fleet of new Microsoft tools coming their way. The company announced a host of new security capabilities Friday morning as part of the run-up to the massive RSA security conference next week in San Francisco.On the Windows front, the company announced that it's adding the ability to use on-premises Active Directory with Windows Hello, its system for allowing biometric-based logins with Windows 10. Microsoft also launched new tools to help organizations get more use out of mobile device management products by giving them tools to migrate group policy settings to cloud-managed devices.What's more, Microsoft has launched a new tool that's designed to help customers configure the Surface hardware under their administration, doing things like disabling the tablets' cameras. To read this article in full or to leave a comment, please click here | |||
|
2017-02-10 09:23:39 | Recent WordPress vulnerability used to deface 1.5 million pages (lien direct) | Up to 20 attackers or groups of attackers are defacing WordPress websites that haven't yet applied a recent patch for a critical vulnerability.The vulnerability, located in the platform's REST API, allows unauthenticated attackers to modify the content of any post or page within a WordPress site. The flaw was fixed in WordPress 4.7.2, released on Jan. 26, but the WordPress team did not publicly disclose the vulnerability's existence until a week later, to allow enough time for a large number of users to deploy the update.To read this article in full or to leave a comment, please click here |
To see everything:
Our RSS (filtrered)
