What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2017-02-10 04:29:00 | Are companies doing enough on the IoT security front? (lien direct) | We continue to hear dire warnings about the inherent security risks of the Internet of Things (IoT), and indeed IoT-related incidents are happening. With many companies beginning to capture IoT data from connected devices, a key question is are they doing enough to ensure that data and networks are secure?If security executives thought they had a lot to handle with the growth of mobile devices and the expanding digital enterprise, the emergence of connected products, corporate assets, vehicles and other “things†is taking security coverage to a whole new level.A December 2016 study by the Institute for Critical Infrastructure Technology (ICIT) - a cyber security think tank that acts as a conduit between private sector companies and U.S. federal agencies, points out how vulnerable enterprises are to attacks such as distributed denial of service (DDoS) via IoT.To read this article in full or to leave a comment, please click here | |||
|
2017-02-09 16:30:00 | Apple\'s iCloud saved deleted browser records, security company finds (lien direct) | Apple's iCloud appears to have been holding on to users' deleted internet browsing histories, including records over a year old. Moscow-based forensics firm Elcomsoft noticed it was able to pull supposedly deleted Safari browser histories from iCloud accounts, such as the date and time the site was visited and when the record was deleted. “In fact, we were able to access records dated more than one year back,â€Â wrote Elcomsoft's CEO Vladimir Katalov in a Thursday blog post. Users can set iCloud to store their browsing history so that it's available from all connected devices. The researchers found that when a user deletes that history, iCloud doesn't actually erase it but keeps it in a format invisible to the user.To read this article in full or to leave a comment, please click here | |||
|
2017-02-09 14:02:00 | Hospital devices left vulnerable, leave patients at risk (lien direct) | A patient lies in a hospital bed waiting for a medical professional to conduct a blood gas analysis. Little does the patient know that his personal information is also undergoing a procedure.The database that stores patient data was found unencrypted, default passwords were used, and the nature of the exploit was basic, according to TrapX Security, which was called in later to recreate and diagnose the issues at the unnamed hospital. The technology research company recently released its findings in a report called "Anatomy of an Attack – Medical Device Hijack (MEDJACK)". The security company declined to name the three hospitals it examined, except to say they were located in the Western and Northeastern U.S.To read this article in full or to leave a comment, please click here | |||
|
2017-02-09 14:00:00 | \'Fileless malware\' attacks, used on banks, have been around for years (lien direct) | Fileless malware attacks, which were recently discovered in the networks of at least 140 banks, telecoms and governments, account for about 15% of known attacks today and have been around for years in different forms."Fileless malware attacks are becoming much more common and circumvent most of the endpoint protection and detection tools deployed today," Gartner security analyst Avivah Litan said.A recent discovery of fileless malware was reported on Wednesday by researchers at Moscow-based Kaspersky Labs. The attackers have not been identified and "attribution [is] almost impossible," according to Kaspersky.To read this article in full or to leave a comment, please click here | |||
|
2017-02-09 12:42:00 | DARPA hits snag in GEO satellite service plan (lien direct) | DARPA is going to have to contend with an Earth-bound problem if it is to get its plan to service satellites in geosynchronous orbit into space.The agency this week said it had picked Space Systems Loral (SSL) as its commercial partner to develop technologies under its Robotic Servicing of Geosynchronous Satellites (RSGS) program that would enable cooperative inspection and servicing of satellites in geosynchronous orbit (GEO), more than 20,000 miles above the Earth, and demonstrate those technologies on orbit.+More on Network World: How to catch a 400lb drone traveling at full speed+To read this article in full or to leave a comment, please click here | |||
|
2017-02-09 12:14:31 | Android privacy assistant seeks to stop unwanted data collection (lien direct) | Not sure what your phone is collecting about you? A free Android app is promising to simplify the privacy settings on your smartphone, and stop any unwanted data collection.The English language app, called Privacy Assistant, comes from a team at Carnegie Mellon University, who've built it after six years of research studying digital privacy.  “It's very clear that a large percentage of people are not willing to give their data to any random app,†said CMU professor Norman Sadeh. “They want to be more selective with their data, so this assistant will help them do that.â€To read this article in full or to leave a comment, please click here | |||
|
2017-02-09 12:08:48 | Microsoft lawsuit against indefinite gag orders can proceed (lien direct) | A Microsoft lawsuit against the U.S. Department of Justice over indefinite gag orders attached to search warrants can proceed, following a federal judge's ruling on Thursday.The tech titan sued last year to end the government's practice of indefinitely blocking it from informing customers of search warrants for their information. Microsoft alleged that such orders violate its First Amendment frees speech rights and the Fourth Amendment privacy rights of its users.The Justice Department argued that Microsoft couldn't bring either of the claims in a motion argued in front of the judge two weeks ago.To read this article in full or to leave a comment, please click here | |||
|
2017-02-09 11:18:00 | IT and C-level leaders point fingers at each other over cyber defense (lien direct) | IT managers disagree with chief executives over who is responsible for a cyber security breach, according to a survey released Thursday.The survey -- of a group of 221 chief executive officers and other C-level executives and another group of 984 IT decision makers -- found that each group largely believes the other group is responsible in the event of a breach.In the survey, 35% of C-level respondents said IT teams would be responsible in a breach, while 50% of IT leaders think that responsibility rests with their senior managers.Also, IT managers estimate a single cyber attack will cost their business nearly twice what top-level executives estimate. The IT managers put the cost of a single attack at $19 million, compared to the C-suite estimate of about $11 million.To read this article in full or to leave a comment, please click here | Guideline | ||
|
2017-02-09 10:05:47 | Windows Trojan hacks into embedded devices to install Mirai (lien direct) | Attackers have started to use Windows and Android malware to hack into embedded devices, dispelling the widely held belief that if such devices are not directly exposed to the Internet they're less vulnerable.Researchers from Russian antivirus vendor Doctor Web have recently come across a Windows Trojan program that was designed to gain access to embedded devices using brute-force methods and to install the Mirai malware on them.Mirai is a malware program for Linux-based internet-of-things devices, such as routers, IP cameras, digital video recorders and others. It's used primarily to launch distributed denial-of-service (DDoS) attacks and spreads over Telnet by using factory device credentials.To read this article in full or to leave a comment, please click here | |||
|
2017-02-09 09:03:00 | As third RSA Conference without \'booth babes\' nears, no one seems to miss them (lien direct) | In March 2015, RSA Conference organizers made news by contractually insisting that vendors pitch their security wares without the help of “booth babes,†a first such ban for the technology industry.Next week's RSAC in San Francisco will be the third without the babes, so I checked in with event staff to see if the policy had evolved at all and how it has been accepted by various stake-holders.  Here's how the contract language read in 2015: All Expo staff are expected to dress in business and/or business casual attire. Exhibitors should ensure that the attire of al staff they deploy at their booth (whether the exhibitor's direct employees or their contractors) be considered appropriate in a professional environment. Attire of an overly revealing or suggestive nature is not permitted. Examples of such attire may include but are not restricted to:To read this article in full or to leave a comment, please click here | |||
|
2017-02-09 07:55:00 | Cisco Umbrella cloud service shapes security for cloud, mobile resources (lien direct) | In these days of always-on, but zero trust enterprise applications, concerns over how to keep the bad guys out 24-7 is a huge IT challenge. In an attempt to address such anxieties Cisco today announced Umbrella, a secure, cloud-based gateway, based on technology from OpenDNS and other technologies it acquired such as CloudLock as well as existing Cisco security services that together ultimately promises to offer secure business access to resources even when users are not using the safety of a VPN.To read this article in full or to leave a comment, please click here | |||
|
2017-02-09 06:01:00 | Review: Arlo Pro cameras offer true flexibility for home security (lien direct) | Netgear's Arlo brand of home security, network-connected cameras continues to improve, defeating every real or perceived criticism about the devices with an upgrade or improvement. Want to place in an area where there's no network cable? Bam! Wi-Fi connection. Need to place in an area where there's no power outlet? Bam! Battery powered! Don't like replacing batteries? Bam! Rechargeable batteries and a quick-charge battery adapter.The latest version of this system is the Arlo Pro – it's the most flexible camera system I've come across so far. After a few weeks of testing, I've determined that anyone who has a problem with this system (or think that it can't do something) is just a cynical old crank.To read this article in full or to leave a comment, please click here | |||
|
2017-02-09 04:48:00 | What cyberinsurance gotchas companies must be ready for (lien direct) | Insurance challenges Image by ThinkstockBusinesses shelled out $2 billion in cyber insurance premiums in 2015 but current projections show that astronomical growth rates will result in a market of over $20 billion by 2025. The single biggest challenge faced by insurance companies today is the lack of actuarial data on cyber attacks which makes pricing these cyber insurance policies very difficult. As a result, insurance companies are increasingly resorting to other methods to assist them in more accurately pricing these policies which is good news for them but which will result in a number of challenges for businesses.To read this article in full or to leave a comment, please click here |
|||
|
2017-02-09 04:47:00 | Can the FTC save the IoT? (lien direct) | Nobody in the IT industry would argue that the Internet of Things (IoT) is becoming more secure. Pretty much the opposite.But not for lack of effort. There have been multiple, ongoing initiatives over the past decade, both public and private. There have been dire warnings, publication of various standards and best practices, technology improvements, legislation to encourage threat information sharing and exhortations from government agencies, congressional committees, security firms and conference speakers.Unfortunately, none of them has worked very well so far.In spite of some of the best minds and technology improvements in the world focused on it, most of the IoT's billions and billions of connected devices remain catastrophically insecure, lacking what experts call the most basic “security hygiene.†The flaws include hard-coded credentials, simple and default user names and passwords and the lack of any way to patch or update exploitable vulnerabilities.To read this article in full or to leave a comment, please click here | |||
|
2017-02-08 21:01:00 | Zingbox launhces IoT protection for business (lien direct) | Zingbox, a cloud-based, internet-of-things security startup, is coming out with its first product that it says can tell good IoT behavior from bad and sends alerts when it finds activity outside the norm.Called Guardian, the solution consists of a virtual appliance that gathers and processes network traffic data and sends it to the Zingbox cloud, where it is analyzed for anomalies. When they are found, it can send alerts to security staff or intervene automatically via integration with firewalls, says May Wang, a founder of the company and its CTO.To read this article in full or to leave a comment, please click here | |||
|
2017-02-08 15:50:20 | US idea to collect travelers\' passwords alarms privacy experts (lien direct) | To better vet foreign travelers, the U.S. might demand that some visa applicants hand over the passwords to their social media accounts, a proposal that's alarming privacy experts.“If they don't want to give us the information, then they don't come,†said John Kelly, the head of the Department of Homeland Security, on Tuesday.Kelly mentioned the proposal in a congressional hearing when he was asked what his department was doing to look at visa applicants' social media activity.He said it was “very hard to truly vet†the visa applicants from the seven Muslim-majority countries covered by the Trump administration's travel ban, which is now in legal limbo. Many of the countries are failed states with little internal infrastructure, he said.To read this article in full or to leave a comment, please click here | |||
|
2017-02-08 12:44:19 | AT&T, IBM, Nokia join to make IoT systems safer (lien direct) | Some big players in security and the internet of things, including AT&T and Nokia, are joining forces to solve problems that they say make IoT vulnerable in many areas.The IoT Cybersecurity Alliance, formed Wednesday, also includes IBM, Symantec, Palo Alto Networks, and mobile security company Trustonic. The group said it won't set standards but will conduct research, educate consumers and businesses, and influence standards and policies.As IoT technologies take shape, there's a danger of new vulnerabilities being created in several areas. Consumer devices have been in the security spotlight thanks to incidents like the DDoS attacks last year that turned poorly secured set-top boxes and DVRs into botnets. But the potential weaknesses are much broader, spanning the network, cloud, and application layers, the new group said in a press release.To read this article in full or to leave a comment, please click here | |||
|
2017-02-08 12:35:00 | Gartner: Algorithm-based technology patents are raging (lien direct) | Algorithms are hot – so hot that Gartner is saying that by 2019, 250,000 patent applications will be filed that include claims for algorithms, a tenfold increase from five years ago.Gartner wrote that according to a worldwide search on analytics vendor Aulive, nearly 17,000 patents applied for in 2015 mentioned "algorithm" in the title or description, versus 570 in 2000. Including those mentioning "algorithm" anywhere in the document, there were more than 100,000 applications last year versus 28,000 five years ago.At this pace, and considering the rising interest in protecting algorithmic intellectual property, by 2020 there could be nearly half a million patent applications mentioning "algorithm," and more than 25,000 patent applications for algorithms themselves, Gartner stated. Of the top 40 organizations patenting the most algorithms the past five years, 33 are Chinese businesses and universities – IBM is the only western tech company on the list at No. 10.To read this article in full or to leave a comment, please click here | |||
|
2017-02-08 10:58:00 | NASA begins recovery after tornado hits Michoud Assembly Facility in New Orleans (lien direct) | A tornado struck NASA's Michoud Assembly Facility in New Orleans on Tuesday. About 3,500 employees were at the facility when a large tornado hit at 11:25 a.m. Fortunately, only five people suffered minor injuries. After the tornado, local law enforcement helped employees reach their homes, as NASA reported about 200 parked cars had been damaged.To read this article in full or to leave a comment, please click here | |||
|
2017-02-08 09:37:47 | Accenture wants to help businesses secure their blockchains (lien direct) | Accenture wants to help businesses use blockchain technologies more securely by locking away the encryption keys they use to sign transactions.It's built a system that blockchain developers can use to store credentials in specialized cryptoprocessors called hardware security modules (HSMs).HSMs are typically used by banks to store the PINs associated with payment cards or the credentials used to make interbank payments over the SWIFT network, and are much more secure than storing the credentials, even in encrypted form, on network-connected servers from where attackers could steal them.The PINs or credentials never leave the HSMs, and their use within them is strictly controlled.To read this article in full or to leave a comment, please click here | |||
|
2017-02-08 08:38:00 | NASA has a shadow IT problem (lien direct) | It's not often enterprises get direct evidence of a shadow IT operation but a recent audit of NASA's IT realm came up with 28 unsanctioned cloud services operating in its environment. NASA's own CIO office found eight such services while the NASA Office of Inspector General discovered another 20, as part of an overall cloud security audit done by the NASA OIG. +More on Network World: NASA's “Human Computers†and the Hidden Figures movie story+To read this article in full or to leave a comment, please click here | Guideline | ||
|
2017-02-08 08:13:12 | Hard-to-detect fileless attacks target banks, other organizations (lien direct) | A wave of attacks that have recently affected banks and other enterprises used open-source penetration testing tools loaded directly into memory instead of traditional malware, making their detection much harder.Researchers from antivirus vendor Kaspersky Lab started investigating these attacks after the security team from an unnamed bank found Meterpreter in the random access memory (RAM) of a server that acted as the organization's Windows domain controller.Meterpreter is an in-memory attack payload that can inject itself into other running processes and is used to establish persistency on a compromised system. It is part of the Metasploit penetration testing framework, a popular tool used both by internal security teams and by malicious hackers.To read this article in full or to leave a comment, please click here | |||
|
2017-02-08 05:14:00 | Open source users: It\'s time for extreme vetting (lien direct) | Open source software is the norm these days rather than the exception. The code is being written in high volumes and turning up in critical applications. While having this code available can offer big benefits, users also must be wary of issues the code can present and implement proper vetting. Josh Bressers, cybersecurity strategist at Red Hat, emphasized this point during a recent talk with InfoWorld Editor at Large Paul Krill.[ Expand your security career horizons with these essential certifications for smart security pros. | Discover how to secure your systems with InfoWorld's Security Report newsletter. ] InfoWorld: Why is Red Hat getting on the soapbox about open source security?To read this article in full or to leave a comment, please click here | |||
|
2017-02-08 05:07:00 | What company execs can learn from Trump\'s tweeting (lien direct) | Like him or hate him, there's no debating that President Trump loves to tweet. What is up for debate, though, is whether his tweet storms will complicate what is already stressful work for the Secret Service. Enormous effort goes into protecting the President and his staff from hackers, and any tweets that could be deemed argumentative, hostile, or reactionary could elevate the risk of a targeted cyber attack on the White House. In the same way, executives at major enterprises also need to be cautious in how they choose to represent the company through social media. This type of security, said Larry Johnson, ex Secret Service agent and CSO of CyberSponse, is not just protecting the individual. Whether it's the Secret Service or the security team, "They're protecting the company, the country, the assets."To read this article in full or to leave a comment, please click here | |||
|
2017-02-07 12:30:00 | Mac malware, possibly made in Iran, targets US defense industry (lien direct) | Just because you're using a Mac doesn't mean you're safe from hackers. That's what two security researchers are warning, after finding a Mac-based malware that may be an attempt by Iranian hackers to target the U.S. defense industry.The malware, called MacDownloader, was found on a website impersonating the U.S. aerospace firm United Technologies, according to a report from Claudio Guarnieri and Collin Anderson, who are researching Iranian cyberespionage threats.The fake site was previously used in a spear phishing email attack to spread Windows malware and is believed to be maintained by Iranian hackers, the researchers claimed.To read this article in full or to leave a comment, please click here | |||
|
2017-02-07 11:34:00 | Study: 1 in 3 website visitors is an attack bot (lien direct) | For the 5th straight year, impersonator bots were the most active bad bots, making up 24.3 percent of all bot activity. Both cheap and effective, impersonator bots are most commonly used to launch DDoS attacks, including October's attack against DNS provider Dyn.That's among the key findings of Imperva's Bot Traffic Report 2016, which is based on analysis of over 16.7 billion visits to 100,000 randomly-selected domains on the Imperva content delivery network from August 9, 2016 to November 6, 2016.To read this article in full or to leave a comment, please click here | |||
|
2017-02-07 09:28:07 | Polish banks on alert after mystery malware found on computers (lien direct) | The discovery of malware on computers and servers of several Polish banks has put the country's financial sector on alert over potential compromises.Polish media reported last week that the IT security teams at many Polish banks have been busy recently searching their systems for a particular strain of malware after several unnamed banks found it on their computers.It's not clear what the malware's end goal is, but in at least one case it was used to exfiltrate data from a bank's computer to an external server. The nature of the stolen information could not be immediately determined because it was encrypted, Polish IT news blog Zaufana Trzecia Strona reported Friday.To read this article in full or to leave a comment, please click here | |||
|
2017-02-07 08:18:00 | Vizio to pay $2.2 million for spying on what customers watch without consent (lien direct) | Whether Vizio is sorry for spying on more than 11 million people while they watched TV in the privacy of their homes is debatable-the company was proud of its ability to capture “highly specific viewing behavior data on a massive scale with great accuracy†in its October 2015 IPO. But Vizio has agreed to pay $2.2 million to settle charges by the FTC. The company collected data about what people were watching without their consent and then shared the data with advertisers and other companies.In the FTC's words, “The data generated when you watch television can reveal a lot about you and your household. So, before a company pulls up a chair next to you and starts taking careful notes on everything you watch (and then shares it with its partners), it should ask if that's OK with you. VIZIO wasn't doing that, and the FTC stepped in.â€To read this article in full or to leave a comment, please click here | |||
|
2017-02-07 06:25:00 | 7 musts for any successful BYOD program (lien direct) | A mobile workforce Image by PexelsToday, employee mobility and office BYOD programs are critical for enterprise productivity. Mobile devices add new security challenges, bypassing many of the security controls you have in place. Mobile devices, mobile apps and the networks they use are now essential to satisfy customers, collaborate more effectively with suppliers, and keep employees productive anytime and anywhere.To read this article in full or to leave a comment, please click here |
|||
|
2017-02-07 06:24:00 | How to protect your privacy with a VPN on Android (lien direct) | Using a VPN on Android can help you access content that's blocked in your region and help maintain your anonymity around the web. There are plenty of apps that offer VPN services for free and as a paid service, but which of them are worth your time?I tested six of the most popular VPN all-in-one apps (with Speedtest and the speedof.me HTML5 test) on Android to see how they stack up. You can also go your own way and use Android's built-in VPN tool. With a few tweaks, you can make it a little easier to use, too.Why use a VPN? A VPN (Virtual Private Network) is basically a way to funnel all your web traffic through a remote server. This makes it look like you're in a different location and obscures your real IP address. VPNs encrypt the traffic passing through them, making it harder for anyone else to listen in on your connection, even if you connect to an unsecured Wi-Fi network.To read this article in full or to leave a comment, please click here | |||
|
2017-02-07 06:15:00 | Criminals release fewer new types of malware last year, double down on ransomware (lien direct) | Cybercriminals have been producing fewer new kinds of malware last year -- but that's because they're so busy raking in the money from their ransomware attacks.The number of unique malware samples discovered last year was 60 million, down 6.25 percent from last year's 64 million, according to a report released this morning by SonicWall."This is the first time I've seen that the number of unique malware samples actually decreased," said Dmitriy Ayrapetov, director of product management at SonicWall, which produced the report, based on data collections from more than a million sensors.To read this article in full or to leave a comment, please click here | |||
|
2017-02-07 06:12:00 | Report: IRS-related phishing scams seen running rampant (lien direct) | If this year is anything like last we are in the midst of phishers' attempts to trick taxpayers, employers and tax preparers into giving up information that will allow attackers to file bogus tax returns and collect IRS refunds, according to PhishLabs' annual phishing report.The latest Phishing Trends and Intelligence Report, which has data about January 2016, says that the IRS phishing sites spotted in that one month totaled more than the IRS phishing attempts seen during all of the previous year. While the numbers for this January aren't in yet, PhishLabs researchers expect yet another spike.That's because last year, 40 businesses that phishers asked for their employees' W2 forms actually sent them to the scammers, says Crane Hassold, a senior security threat researcher at PhishLabs.To read this article in full or to leave a comment, please click here | |||
|
2017-02-07 05:00:00 | IDG Contributor Network: ForeScout extends to offer AWS security visibility (lien direct) | ForeScout is a security company that specializes in giving organizations agentless visibility and control of both traditional and IoT devices connected to the network. That's probably super-interesting if you're a IT security practitioner, but if you're not, you're probably stifling a yawn about now. But remember, if you will, that the first planned IPO of 2017 -- that of AppDynamics -- got canceled very much at the last minute when the company was acquired by Cisco. So given we're yet to see a 2017 IPO, and that ForeScout is rumored to have confidentially filed its documentation for an IPO recently, anything newsy from ForeScout's HQ gets a little more interesting.To read this article in full or to leave a comment, please click here | |||
|
2017-02-06 17:46:08 | Dozens of iOS apps fail to secure users\' data, researcher says (lien direct) | Dozens of iOS apps that are supposed to be encrypting their users' data don't do it properly, according to a security researcher.Will Strafach, CEO of Sudo Security Group, said he found 76 iOS apps that are vulnerable to an attack that can intercept protected data.The developers of the apps have accidentally misconfigured the networking-related code so it will accept an invalid Transport Layer Security (TLS) certificate, Strafach claimed in a Monday blog post. Â Â TLS is used to secure an app's communication over an internet connection. Without it, a hacker can essentially eavesdrop over a network to spy on whatever data the app sends, such as login information. Â To read this article in full or to leave a comment, please click here | |||
|
2017-02-06 15:30:47 | US House approves new privacy protections for email and the cloud (lien direct) | The U.S. House of Representatives approved on Monday the Email Privacy Act, which would require law enforcement agencies to get court-ordered warrants to search email and other data stored with third parties for longer than six months. The House approved the bill by voice vote, and it now goes the Senate for consideration.The Email Privacy Act would update a 31-year-old law called the Electronic Communications Privacy Act (ECPA). Some privacy advocates and tech companies have pushed Congress to update ECPA since 2011. Lax protections for stored data raise doubts about U.S. cloud services among consumers and enterprises, supporters of the bill say.To read this article in full or to leave a comment, please click here | |||
|
2017-02-06 14:38:00 | The key functions to consider when building or buying a log analysis platform (lien direct) | This vendor-written tech primer has been edited by Network World to eliminate product promotion, but readers should note it will likely favor the submitter's approach.“Life is really simple, but we insist on making it complicated.â€Â The immortal words of Confucius resonate with anyone who has ever tried to glean useful information from log data.There are consensus-driven definitions of what exactly log analysis is, but a simplified, accessible explanation might be: to organize log entries into a human-friendly display and make business decisions based on what you learn.To read this article in full or to leave a comment, please click here | |||
|
2017-02-06 11:25:00 | IDG Contributor Network: Why managing trust is critical for digital transformation (lien direct) | Digital disruption has demolished more than 50% of the Fortune 500 since 2000 Technology is creating new online-only companies-i.e., Kickstarter for funding, Sofi for lending and Venmo for payments. The digital disruption and, more important, its pace continues to disrupt long-established business models. Incumbents, not wanting to become another cautionary tale of digital disruption, are making radical changes to their businesses to focus on online and mobile channels.To read this article in full or to leave a comment, please click here | |||
|
2017-02-06 10:45:00 | RSA Conference 2017: Security analytics and operations (lien direct) | So far, I've written two blogs about my expectations for the upcoming RSA Security Conference next week. The first blog was about my outlook for endpoint security, while the second focused on network security. I am also in the middle of a big research project on security analytics and operations right now and believe that many independent technologies will be integrated into a comprehensive architecture that ESG calls SOAPA (i.e. security operations and analytics platform architecture).To read this article in full or to leave a comment, please click here | |||
|
2017-02-06 10:41:12 | Hacker takes out dark web hosting service using well-known exploit (lien direct) | A hacker is proving that sites on the dark web, shrouded in anonymity, can easily be compromised.   On Friday, the unnamed hacker began dumping a sizable database stolen from Freedom Hosting II onto the internet, potentially exposing its users. The hosting service, Freedom Hosting II, was known for operating thousands of sites that were accessible through the Tor browser; the "dark web" is essentially the encrypted network comprising Tor servers and browsers. But on Friday, the service appeared to be down. Its main landing page was replaced with a message saying that it had been hacked. Allegedly, Freedom Hosting II had been hosting child pornography sites, though its anonymous operator claimed to have a zero-tolerance policy toward such content, according to the hacker behind the breach.To read this article in full or to leave a comment, please click here | |||
|
2017-02-06 09:38:00 | TV maker Vizio pays $2.2M to settle complaint that it spied on users (lien direct) | Popular smart TV maker Vizio will pay US $2.2 million to settle complaints that it violated customers' privacy by continuously monitoring their viewing habits without their knowledge.Beginning in February 2014, the California TV maker tracked what TV shows customers were watching on 11 million TV sets sold in the U.S., the U.S. Federal Trade Commission and the Office of the New Jersey Attorney General said in a complaint, released Monday.Vizio smart TVs captured "second-by-second" information about video displayed, including video from consumer cable service, broadband, set-top boxes, DVDs, over-the-air broadcasts, and streaming devices, according to the complaint.To read this article in full or to leave a comment, please click here | |||
|
2017-02-06 09:33:00 | How to catch a 400lb drone traveling at full speed (lien direct) | Catching a full-sized military drone traveling at full speed without destroying it midflight is no easy task. But DARPA this week said a research project it has been working – known as SideArm -- is doing just that and more. DARPA said that SideArm developer Aurora Flight Sciences has successfully tested a full-scale system that repeatedly captured a 400-pound Lockheed Martin Fury unmanned aircraft accelerated to flight speed via an external catapult. A Fury can hit over 130MPH.+More on Network World: Hot stuff: The coolest drones+To read this article in full or to leave a comment, please click here | |||
|
2017-02-06 09:26:44 | Malware distributors are switching to less suspicious file types (lien direct) | After aggressively using JavaScript email attachments to distribute malware for the past year, attackers are now switching to less suspicious file types to trick users.Last week, researchers from the Microsoft Malware Protection Center warned about a new wave of spam emails that carried malicious .LNK files inside ZIP archives. Those files had malicious PowerShell scripts attached to them.PowerShell is a scripting language for automating Windows system administration tasks. It has been abused to download malware in the past and there are even malware programs written entirely in PowerShell.To read this article in full or to leave a comment, please click here | |||
|
2017-02-06 07:38:00 | RSA Conference: Carbon Black to introduce Streaming Prevention (lien direct) | Carbon Black is introducing at RSA Conference 2017 next week a new way for its gear to detect attacks that don't make their way into networks via viruses or malicious files that other endpoint security software can detect.Called Streaming Prevention, the technology can find both malware and non-malware attacks by analyzing endpoint activities in the context of the sequences in which they unfold.It does this by having endpoint agents tag events as they occur and streaming them to Carbon Black's analysis engine in the cloud. There the engine determines whether it falls in a sequence of events that add up to an attack and tells the endpoint to block activity that is deemed malicious.To read this article in full or to leave a comment, please click here | |||
|
2017-02-06 07:26:44 | Hacker hijacks thousands of publicly exposed printers to warn owners (lien direct) | Following recent research that showed many printer models are vulnerable to attacks, a hacker decided to prove the point and forced thousands of publicly exposed printers to spew out rogue messages. The messages included ASCII art depicting robots and warned that the printers had been compromised and they were part of a botnet. The hacker, who uses the online alias Stackoverflowin, later said that the botnet claim was not true and that his efforts served only to raise awareness about the risks of leaving printers exposed to the internet. Stackoverflowin claims to be a high-school student from the U.K. who is interested in security research. He said that for the most part he simply sent print jobs using the Line Printer Daemon (LPD), the Internet Printing Protocol (IPP) and the RAW protocol on communications port 9100 to printers that didn't require authentication.To read this article in full or to leave a comment, please click here | |||
|
2017-02-06 07:11:00 | Hacking the 2016 election: A timeline (lien direct) | History has yet to judge the 2016 presidential election, but from where we sit in the early days of 2017, it's hard to imagine that it will ever be relegated to a footnote. From how spectacularly polling failed to predict the election's outcome to how the election was effectively decided by just “77,759 votes in three states,†not to mention that the loser walked away with 2.8 million more votes than the winner, the 2016 election season produced one big story after another. But what may prove to be the biggest story of the 2016 election is the series of hacks that undermined both the democratic process and the Democratic candidate - and the the role of the Russian government in those hacks.To read this article in full or to leave a comment, please click here | |||
|
2017-02-06 07:02:00 | Friends or enemies? Security vendors tiptoe towards collaboration (lien direct) | There are hundreds of security vendors across the security stack. You have providers for cloud, email, network and endpoint security, as well as threat, malware and DDoS protection, among phishing and whaling protection, insider threat detection and a whole lot more.The trouble is, a huge number of these solutions don't 'play' well with one another, with this often making life difficult for security teams adopting these technologies. At the same time, these same teams are expected to keep up with an ever-changing landscape and criminals who innovate faster than most Fortune 500 companies.Magnum Consulting analyst Frank J. Ohlhorst captured this collaboration issue perfectly in an opinion piece last year.To read this article in full or to leave a comment, please click here | |||
|
2017-02-06 06:07:00 | 97 companies file brief against Trump\'s immigration ban (lien direct) | Apple, Facebook, GitHub, Google, Microsoft, Mozilla, Netflix, PayPal and the Wikimedia Foundation were among 97 companies that filed an amicus brief late Sunday opposing President Donald Trump's executive order on immigration on the grounds that it harms competitiveness and is discriminatory.The brief was filed in the Ninth Circuit Court of Appeals late last night, a bump up in the timetable, as Bloomberg reported the companies had originally planned to file later this week.To read this article in full or to leave a comment, please click here | |||
|
2017-02-06 06:00:00 | Security Sessions: The CSO\'s role in active shooter planning (lien direct) | In the latest episode of Security Sessions, CSO Editor-in-chief Joan Goodchild speaks with Imad Mouline, CTO at Everbridge, about how involved CSOs need to be with planning for an active shooter or other emergency at their company. While many leave physical security to others in the company, the CSO can be key to determining communications plans for alerting employees. | |||
|
2017-02-06 03:32:00 | RSA Innovation Sandbox winners: One year later (lien direct) | With the annual RSA security conference just around the corner, we decided to touch base with the 10 companies selected as finalists in last year's Innovation Sandbox competition and see how they're making out.The RSA Conference had 88 submissions for Innovation Sandbox slots last year and the field was whittled down to Bastille Networks, Illusive Networks, Menlo Security, Phantom Cyber, Prevoty, ProtectWise, SafeBreach, Skyport, Vera and Versa Networks. In last year's competition, each vendor pitched their product to a panel of judges, as well as a packed house of attendees at the Moscone Center in San Francisco. Phantom Networks was selected as the overall winner.To read this article in full or to leave a comment, please click here | |||
|
2017-02-06 03:07:40 | Google ordered by US court to produce emails stored abroad (lien direct) | Google has been ordered by a federal court in Pennsylvania to comply with search warrants and produce customer emails stored abroad, in a decision that is in sharp contrast to that of an appeals court in a similar case involving Microsoft.Magistrate Judge Thomas J. Rueter of the U.S. District Court for the Eastern District of Pennsylvania ruled Friday that the two warrants under the Stored Communications Act (SCA) for emails required by the government in two criminal investigations constituted neither a seizure nor a search of the targets' data in a foreign country.Transferring data electronically from a server in a foreign country to Google's data center in California does not amount to a seizure because “there is no meaningful interference with the account holder's possessory interest in the user data,†and Google's algorithm in any case regularly transfers user data from one data center to another without the customer's knowledge, Judge Rueter wrote.To read this article in full or to leave a comment, please click here |
To see everything:
Our RSS (filtrered)
