What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2017-02-06 02:49:00 | (Déjà vu) New products of the week 2.6.17 (lien direct) | New products of the week Image by FortinetOur roundup of intriguing new products. Read how to submit an entry to Network World's products of the week slideshow.Red Armor NSE7000 Image by corsaTo read this article in full or to leave a comment, please click here |
|||
|
2017-02-05 08:46:00 | Hacker stackoverflowin pwning printers, forcing rogue botnet warning print jobs (lien direct) | If your printer printed a “YOUR PRINTER HAS BEEN PWND'D†message from “stackoverflowin,†then it's just one of more than 150,000 printers that have been pwned. Although the message likely referenced your printer being part of a botnet or “flaming botnet,†the hacker responsible says it's not and that he is trying to raise awareness about the pitiful state of printer security.One of the messages the hacker caused to print was: stackoverflowin the hacker god has returned, your printer is part of a flaming botnet, operating on putin's forehead utilising BTI's (break the internet) complete infrastructure. Another stated:To read this article in full or to leave a comment, please click here | |||
|
2017-02-03 11:59:39 | UK defense secretary urges NATO to fend off Russian cyberattacks (lien direct) | The U.K.'s defense secretary is accusing Russia of using cyber attacks to “disable†democratic processes across the West, and he's demanding that NATO fight back.“NATO must defend itself as effectively in the cyber sphere as it does in the air, on land, and at sea,†Defense Secretary Michael Fallon said. “So adversaries know there is a price to pay if they use cyber weapons.â€Fallon made the comments in a Thursday speech about the threat of “Russia's military resurgence.â€He pointed to the Kremlin's suspected role in influencing last year's presidential election in the U.S., as part of growing number of alleged cyber attacks that have targeted Western governments.   To read this article in full or to leave a comment, please click here | |||
|
2017-02-03 11:22:00 | US Immigration and Customs Enforcement nabs $20M in fake sports gear ahead of Super Bowl 51 (lien direct) |
Like clockwork, the week leading up to the Super Bowl has seen the federal government tear into the counterfeit sports gear element – this time seizing some $20 million worth of fake jerseys, hats, cell-phone accessories and thousands of other bogus items prepared to be sold to unsuspecting consumers.+More on Network World: 10 of the latest craziest and scariest things the TSA found on your fellow travelers+ ICE/DHS
U.S. Immigration and Customs Enforcement (ICE) and Homeland Security Investigations (HSI) teams nabbed 260,000 counterfeit sports-related items during its annual, year-long Operation Team Player sting. Last year ICE seized nearly 450,000 phony items worth an estimated $39 million. In 2014 it grabbed 326,147 phony items worth more than $19.5 million.To read this article in full or to leave a comment, please click here |
Guideline | ||
|
2017-02-03 10:48:05 | Microsoft will likely fix Windows SMB denial-of-service flaw on Patch Tuesday (lien direct) | Microsoft will likely wait until February 14 to fix a publicly disclosed vulnerability in the SMB network file sharing protocol that can be exploited to crash Windows computers. The vulnerability was disclosed Thursday when the security researcher who found it posted a proof-of-concept exploit for it on GitHub. There was concern initially that the flaw might also allow for arbitrary code execution and not just denial-of-service, which would have made it critical. The CERT Coordination Center (CERT/CC) at Carnegie Mellon University at first mentioned arbitrary code execution as a possibility in an advisory released Thursday. However, the organization has since removed that wording from the document and downgraded the flaw's severity score from 10 (critical) to 7.8 (high).To read this article in full or to leave a comment, please click here | |||
|
2017-02-03 08:35:19 | Zero-day Windows file-sharing flaw can crash systems, maybe worse (lien direct) | The implementation of the SMB network file sharing protocol in Windows has a serious vulnerability that could allow hackers to, at the very least, remotely crash systems. The unpatched vulnerability was publicly disclosed Thursday by an independent security researcher named Laurent Gaffié, who claims that Microsoft has delayed releasing a patch for the flaw for the past three months. Gaffié, who is known on Twitter as PythonResponder, published a proof-of-concept exploit for the vulnerability on GitHub, triggering an advisory from the CERT Coordination Center (CERT/CC) at Carnegie Mellon University.To read this article in full or to leave a comment, please click here | |||
|
2017-02-03 08:10:00 | IDG Contributor Network: Thinking of cutting out your database administrator? Think again (lien direct) | Once upon a time, there was a role known as the database administrator. Back when all data was stored locally, these employees were the keepers of the company database, responsible for making sure all information was accessible and tracking things such as financial information and customer details.Typically, these employees would hold a bachelor's degree in computer science or similar subjects, while being well-versed in the major database management products (SQL, SAP and Oracle-based database management software).+ Also on Network World:Â If the cloud is so great, why are so many businesses unsatisfied? + In 2017, however, the trend of enterprises moving data into the cloud continues to reduce the role of the database administrator (DBA) in big and small businesses alike around the world.To read this article in full or to leave a comment, please click here | |||
|
2017-02-03 04:35:00 | How AI is stopping criminal hacking in real time (lien direct) | Almost every day, there's news about a massive data leak -- a breach at Yahoo that reveals millions of user accounts, a compromise involving Gmail phishing scams. Security professionals are constantly moving the chess pieces around, but it can be a losing battle.Yet, there is one ally that has emerged in recent years. Artificial intelligence can stay vigilant at all times, looking for patterns in behavior and alerting you to a new threat.To read this article in full or to leave a comment, please click here | Yahoo | ||
|
2017-02-03 03:19:00 | 6 things software vendors need to know about HIPAA compliance (lien direct) | Maintaining HIPAA compliance  Image by ThinkstockMany people are loosely familiar with Health Insurance Portability and Accountability Act (HIPAA) and usually associate it with hospitals, clinics and health insurance companies. However, it can be less clear how HIPAA compliance standards apply to countless other software vendors, SaaS providers that work with healthcare-related businesses or handle protected health information (PHI). In recent months, the Office for Civil Rights has been coming down hard on HIPAA violators, doling out some of the large fines – upwards of $5 million. So in order to ensure your business is protected and to maintain your brand reputation, it is vital to know the ins and outs of HIPAA compliance. With this in mind, Dizzion provides suggestions for ways vendors can maintain HIPAA compliance while still focusing on their primary business objectives.To read this article in full or to leave a comment, please click here |
|||
|
2017-02-02 17:22:07 | AT&T extends NetBond service to secure IoT connections (lien direct) | The internet is what made IoT happen, providing a common protocol to take the place of separate, specialized networks. But the public internet itself may not always be the best path between a connected device and the cloud.Enterprises can now connect cellular IoT devices to back-end systems via NetBond, a private network service from AT&T, instead of the Internet. The NetBond service sets up a VPN (virtual private network) from an edge device to the cloud. It can connect to 16 different public clouds, including Amazon Web Services and Microsoft Azure, or a private or hybrid cloud.To read this article in full or to leave a comment, please click here | |||
|
2017-02-02 16:40:00 | RSA 2017: The Internet of Things security threat (lien direct) | RSA Conference 2017 will take on the threat posed by the internet of things, something that was demonstrated last fall by the DDoS attacks that took down Dyn data centers and many of the high-profile Web sites it supports.Those attacks, generating peak traffic of 1TByte or more, raise the question of how best to secure these devices, and sessions at the Feb.13-17 conference in San Francisco try to answer it.+More on Network World: Cisco: Faulty clock part could cause failure in some Nexus switches, ISR routers, ASA security appliances+To read this article in full or to leave a comment, please click here | |||
|
2017-02-02 14:50:00 | IRS warns on ever-changing “dangerous W-2 phishing scam†(lien direct) | Just as tax season gets underway in earnest, the Internal Revenue Service put out a warning about what it called dangerous, evolving W-2 scams that are targeting corporations, school districts and other public and private concerns.“This is one of the most dangerous email phishing scams we've seen in a long time. It can result in the large-scale theft of sensitive data that criminals can use to commit various crimes, including filing fraudulent tax returns. We need everyone's help to turn the tide against this scheme,'' said IRS Commissioner John Koskinen in a statement. “Taxpayers should avoid opening surprise emails or clicking on web links claiming to be from the IRS. Don't be fooled by unexpected emails about big refunds, tax bills or requesting personal information. That's not how the IRS communicates with taxpayers.â€To read this article in full or to leave a comment, please click here | |||
|
2017-02-02 14:34:31 | Obama-led sanction accidentally hampered U.S. tech firms in Russia (lien direct) | Sanctions imposed by former President Obama on Russia for hacking during the U.S. election had an unintended side effect: they essentially barred U.S. tech firms from selling new IT products in the country.Part of last month's sanction order was designed to block U.S. companies from doing business with Russia's Federal Security Service, also known as the FSB, because of its suspected role in influencing last year's election.But the FSB isn't just an intelligence agency. It's also a crucial regulator in Russia that clears new IT products, including smartphones and tablets, for sale in the country.To read this article in full or to leave a comment, please click here | |||
|
2017-02-02 12:40:00 | IDG Contributor Network: SSL or IPsec: Which is best for IoT network security? (lien direct) | Internet of Things (IoT) devices are soon expected to outnumber end-user devices by as much as four to one. These applications can be found everywhere-from manufacturing floors and building management to video surveillance and lighting systems.However, security threats pose serious obstacles to IoT adoption in enterprises or even home environments for sensitive applications such as remote healthcare monitoring. IoT security can be divided into the following three distinct components: Application service End device Transport Although all three are critical for systemwide security, this post will address only transport security.To read this article in full or to leave a comment, please click here | |||
|
2017-02-02 12:38:00 | RSA 2017: Anticipating network security chatter (lien direct) | Earlier this week, I  wrote about my expectations for endpoint security at the upcoming RSA Conference. Similarly, here's what I anticipate hearing about regarding network security:1. DDoS protection. While data breaches get front page, above-the-fold headlines, DDoS attacks remain relatively invisible by comparison. This is puzzling because DDoS attacks happen almost daily. A quick review of the news shows that the Trump hotel website, Sonic (ISP in CA), Emsisoft and Lloyd's Bank have all been hit with DDoS attacks over the past few weeks. These are relatively pedestrian attacks compared to the now infamous Mirai botnet DDoS attack on Dyn back in October and the subsequent attack on French hosting provider OVH a week later. To read this article in full or to leave a comment, please click here | |||
|
2017-02-02 10:34:00 | IDG Contributor Network: A patchwork quilt of IoT security (lien direct) | The Internet of Things (IoT) presents a security threat. A key point of my last article is that manufacturers do not have the right incentives. But all is not lost. With a little ingenuity, we can make a quilt of independent pieces that can nevertheless turn out to offer good security coverage.The term “patchwork quilt†is often used pejoratively to describe something that is made up of an assortment of other parts. Yet it is worth remembering that a well-made quilt is still functional, durable and beautiful. And quilts are often made collaboratively in quilting bees. We need this sort of approach to network security.To read this article in full or to leave a comment, please click here | |||
|
2017-02-02 10:06:40 | Cisco patches critical flaw in Prime Home device management server (lien direct) | Cisco Systems has fixed a critical vulnerability that could allow hackers to take over servers used by telecommunications providers to remotely manage customer equipment such as routers.The vulnerability affects Cisco Prime Home, an automated configuration server (ACS) that communicates with subscriber devices using the TR-069 protocol. In addition to remotely managing customer equipment, it can also "automatically activate and configure subscribers and deliver advanced services via service packages" over mobile, fiber, cable, and other ISP networks."A vulnerability in the web-based GUI of Cisco Prime Home could allow an unauthenticated, remote attacker to bypass authentication and execute actions with administrator privileges," Cisco said in its advisory.To read this article in full or to leave a comment, please click here | |||
|
2017-02-02 06:44:00 | Using DNS to weaken Locky, the powerful ransomware threat (lien direct) | This vendor-written tech primer has been edited by Network World to eliminate product promotion, but readers should note it will likely favor the submitter's approach.Ransomware and other cyberthreats often go unseen by traditional detection methods like antivirus, deep packet inspection (DPI) or sandboxing. In fact, a report by Lastline Labs indicates that 51% of zero-day malware-threats that strike before developers have time to release a patch-is undetected by anti-virus solutions. So what can security professionals do to stop attacks? The answer lies, in part, in DNS.One of the most powerful ransomware threats currently targeting individuals and organizations is Locky, which infects up to 100,000 devices per day, of which 3% submit payments. Cybersecurity experts estimate that Locky possesses 17% of the entire global market share for all ransomware infections.To read this article in full or to leave a comment, please click here | |||
|
2017-02-02 06:41:39 | WordPress silently fixes dangerous code injection vulnerability (lien direct) | Developers of the widely used WordPress content management system released an update last week, but intentionally delayed announcing that the patch addressed a severe vulnerability.WordPress version 4.7.2 was released on January 26 as a security update, but the accompanying release notes only mentioned fixes for three moderate risk vulnerabilities, one of which did not even affect the platform's core code.On Wednesday, a week later, the WordPress security team disclosed that a fourth vulnerability, much more serious than the others, was also patched in version 4.7.2.To read this article in full or to leave a comment, please click here | |||
|
2017-02-02 05:09:00 | GitLab database goes out after spam attack (lien direct) | Code-hosting site GitLab has suffered an outage after sustaining a "serious" incident on Tuesday with one of its databases that has required emergency maintenance.The company today said it lost six hours of database data, including issues, merge requests, users, comments, and snippets, for GitLab.com and was in the process restoring data from a backup. Data was accidentally deleted, according to a Twitter message.[ Docker, Amazon, TensorFlow, Windows 10, and more: See InfoWorld's 2017 Technology of the Year Award winners. | Cut to the key news in technology trends and IT breakthroughs with the InfoWorld Daily newsletter, our summary of the top tech happenings. ] "Losing production data is unacceptable, and in a few days we'll post the five whys of why this happened and a list of measures we will implement," GitLab said in a bulletin this morning. Git.wiki repositories and self-hosted installations were unaffected.To read this article in full or to leave a comment, please click here | |||
|
2017-02-02 05:08:00 | The problem with threat intelligence [Infographic] (lien direct) | Organizations are drowning in threat intelligence that they recognize as being vital to their security even as they are unable to use it to identify specific threats, according to a July 2016 Ponemon Institute research report. The survey of 1,000 IT and IT security practitioners from North America and the U.K., conducted by Ponemon and sponsored by network security provider Anomali, shines a light on the the perceived value of threat data and the inability of organizations to harness it. For example, while 77 percent of respondents said threat intelligence is “very valuable to their organization's overall security mission,†fewer than half said that “incident responders use threat data when deciding how to respond to threats.†Furthermore, only 27 percent said their organizations are effective in “utilizing threat data to pinpoint cyber threats.â€To read this article in full or to leave a comment, please click here | |||
|
2017-02-02 04:58:00 | Phishing test results in a barely-passing grade for users (lien direct) | Perhaps hundreds of emails cross your screen every day. The day can drag on and in the monotony of your daily routine, you just keep clicking on links without a care in the world.OK, maybe things aren't that bad, but those phishing scams are tricky and it takes ever-vigilant users and security departments to keep them from spreading. Recently, Diligent, a vendor that provides secure collaboration for corporate boards, rolled out a test to 2,000 users to see how much attention they were paying to what enters their in-box. â– RELATED: Take a look at the messsages and see which ones are real An estimated 156 million phishing emails are sent worldwide every day, and about 16 million of those make it through our spam filters and into our inboxes. The global nonprofit Anti-Phishing Working Group (APWG) recorded more unique phishing campaigns in the first quarter of 2016 than in any other three-month span since it began tracking data more than a decade ago, and the U.S. is reportedly home to more phishing sites than any other country, according to Diligent.To read this article in full or to leave a comment, please click here | |||
|
2017-02-02 04:53:00 | Why 2017 will be the worst year ever for security (lien direct) | Sony. Anthem. The Office of Personnel Management. Target. Yahoo. The past two years have seen one mega-breach after another-and 2017 promises to be the most catastrophic year yet.Security experts have long warned that most organizations don't even know they've been breached. Attackers rely on stealth to learn about the network, find valuable information and systems, and steal what they want. Only recently have organizations improved their detection efforts and started investing the time, capital, and people needed to uncover vulnerabilities. When they do, the results are often alarming.[ 18 surprising tips for security pros. | Discover how to secure your systems with InfoWorld's Security Report newsletter. ] “I think we are going to find more, not less, breaches in 2017,†says Ray Rothrock, CEO of RedSeal, a security analytics firm.To read this article in full or to leave a comment, please click here | Yahoo | ||
|
2017-02-01 23:26:00 | HPE acquires security startup Niara to boost its ClearPass portfolio (lien direct) | Hewlett Packard Enterprise has acquired Niara, a startup that uses machine learning and big data analytics on enterprise packet streams and log streams to detect and protect customers from advanced cyberattacks that have penetrated perimeter defenses. The financial terms of the deal were not disclosed. Operating in the User and Entity Behavior Analytics (UEBA) market, Niara's technology starts by automatically establishing baseline characteristics for all users and devices across the enterprise and then looking for anomalous, inconsistent activities that may indicate a security threat, Keerti Melkote, senior vice president and general manager of HPE Aruba and cofounder of Aruba Networks, wrote in a blog post on Wednesday.To read this article in full or to leave a comment, please click here | |||
|
2017-02-01 17:31:37 | Hackers are seeking out company insiders on the black market (lien direct) | If you're the CEO of a company, here's another threat you need to worry about: hackers trying to recruit your employees for insider-related crimes.Researchers at security firms RedOwl and IntSights have noticed growing activity from online black market dealers trying to recruit company employees for insider trading and cashing out stolen credit card numbers. These dealers are appearing on underground forums located on the dark web, which are accessible through Tor, a browser designed for anonymous web surfing, according to the researchers, who published their findings on Tuesday. To read this article in full or to leave a comment, please click here | |||
|
2017-02-01 15:55:00 | Trump may ask businesses to boost cybersecurity (lien direct) | President Donald Trump may be seeking more cooperation from private businesses to shore up the defense of critical infrastructure that they control.The signing of an executive order on cybersecurity was canceled unexpectedly Tuesday, but a draft of the order was leaked to The Washington Post.In it, Trump calls for, “…economic and other incentives to: induce private sector owners and operators of the Nation's critical infrastructure to maximize protective measures; invest in cyber enterprise risk management tools and services; and adopt best practices with respect to processes and technologies necessary for the increased sharing of and response to real-time cyber threat information.â€To read this article in full or to leave a comment, please click here | |||
|
2017-02-01 15:02:00 | Computing conference to celebrate 50 years of Turing Award (lien direct) | The Association for Computing Machinery (ACM) has announced it will celebrate 50 years of the A.M. Turing Award -- dubbed the "Nobel Prize of Computing -- with a (tech) star-studded conference in San Francisco this summer.The two-day event, to be held June 23-24, will "explore how computing has evolved and where the field is headed," according to the ACM.MORE: Why there's no official Nobel Prize in ComputingACM, which boasts of nearly 100,000 computing professional and student members around the world, is calling the event the Celebration of 50 Years of the ACM Turing Award. If you can't attend in person, be aware that a live stream will be available.To read this article in full or to leave a comment, please click here | |||
|
2017-02-01 13:53:05 | WhatsApp reduces spam, despite end-to-end encryption (lien direct) | Can a spam filter work even without reading the content of your messages?WhatsApp thinks so. Since last April, the messenger app has been successfully fighting spam abuse, even as it's been using end-to-end encryption.That encryption means that no one -- not even WhatsApp -- can read the content of your messages, except for the recipient.More privacy, however, can raise issues about spam detection. If WhatsApp can't scan your messages for suspicious content, say for advertisements peddling cheap Viagra, then how can it effectively filter them out?To read this article in full or to leave a comment, please click here | |||
|
2017-02-01 12:00:53 | In treason case, Russia alleges security experts aided US (lien direct) | Two officers of the Russian Federal Security Service (FSB) and a cybercrime investigator from Kaspersky Lab have reportedly been charged with treason for helping U.S. intelligence services. The arrests of Ruslan Stoyanov, the head of the computer incidents investigation team at Kaspersky, and Sergei Mikhailov, the deputy head of the Information Security Center at the FSB, happened in early December and were reported in the Russian media last week. Since then, the arrest of a third FSB officer named Dmitry Dokuchayev, who also worked for the agency's Information Security Center, came to light, and the investigation is said to have targeted even more people.To read this article in full or to leave a comment, please click here | |||
|
2017-02-01 10:46:00 | Cisco amps-up Tetration platform with better security, reduced footprint, AWS cloud option (lien direct) | Cisco has rolled out a second release of its Tetration Analytics package with features such as a smaller footprint and a cloud service that will go a long way toward making the system alluring to more data center customers.Announced in June of last year, Cisco's Tetration Analytics is a turnkey analytics package that gathers information from hardware and software sensors and analyzes the information using big data and machine learning.Tetration software sensors support Linux and Windows server hosts, while hardware sensors are embedded in Cisco network switch ASICS: Nexus 9200, Nexus 9300-EX and Nexus 9500-EX, to collect flow data at line rate from all the ports. Per Cisco once in place, the Tetration platform learns its enterprise environment and any policies IT has in place. From there it can learn which applications are dependent on each other throughout their data center and into the cloud. It can monitor server behavior patterns and group servers more efficiently.To read this article in full or to leave a comment, please click here | |||
|
2017-02-01 10:37:00 | How Facebook and Google are battling internet terrorism (lien direct) | WASHINGTON -- Social media heavyweights like Facebook and YouTube have been working with the U.S. government and other international partners as they look to take a more active role in combating terrorist propaganda and other extremist messages that have gained traction online.Officials from the popular social network and YouTube parent Google addressed the issue here at a recent tech policy conference, where they described efforts to go beyond simply removing extremist content, and actually engaging in counter-messaging programs to present alternative narratives to those advanced by groups like ISIS."We're really focused on utilizing the strength that comes out of YouTube to push back on these messages," said Alexandria Walden, Google's counsel on free expression and human rights. "We know the power of our platform, and so we know that the best way to counter messages of hate and violence is to promote messages that push back against that, that push back against the hate and extremism and xenophobia around the world."To read this article in full or to leave a comment, please click here | |||
|
2017-02-01 08:29:57 | Mobile security firm offers cash to hackers for their old exploits (lien direct) | Mobile security firm Zimperium has launched an exploit acquisition program that aims to bring undisclosed attack code for already patched vulnerabilities out in the open.Paying for old exploits might seem like a waste of money, but there are technical and business arguments to justify such an acquisition system and they ultimately have to do with the difference between exploits and vulnerabilities.A vulnerability is a software defect with potential security implications, while an exploit is the actual code that takes advantage of that bug to achieve a specific malicious goal, often by bypassing other security barriers along the way.In practice, many vulnerabilities that get reported to vendors are not accompanied by working exploits. Showing that a programming error can lead to memory corruption is typically enough for the vendor to understand its potential implications -- for example, arbitrary code execution.To read this article in full or to leave a comment, please click here | Guideline | ||
|
2017-02-01 08:05:00 | Cisco unveils Tetration 2.0, focuses on application security (lien direct) | The middle of last year, Cisco held an event in New York to release its newest product, Tetration. The product moved Cisco into the analytics market, with the information being used to help customers better understand application performance and improve data center security. This week, Cisco announced the next version of Tetration Analytics, which is focused at providing security at the application layer. Cisco also released some new deployment options to make it easier for customers to get started with Tetration. To read this article in full or to leave a comment, please click here | |||
|
2017-02-01 07:03:00 | Witcher dev, XBOX 360 ISO & PSP ISO forums hacked: Over 4.4 million accounts exposed (lien direct) |
Well it's bad news for some gamers and modders, about 4.5 million of them, as three different forums were hacked. If you are looking for the silver lining in the dark breach cloud, then none of the hacks were recent; the flipside? The email addresses, usernames and passwords have been “out there†since as far back as September 2015.The Witcher fans started receiving breach notifications from Have I Been Pwned, but the CD Projekt Red forum was compromised in March 2016. Have I Been Pwned
Nearly 1.9 million CD Projekt Red accounts were exposed; Have I Been Pwned numbered the burned accounts at 1,871,373.To read this article in full or to leave a comment, please click here |
|||
|
2017-02-01 05:34:00 | Are Apple-specific threats on the rise? (lien direct) | Macs are really no more secure than a PC, but for many years there just weren't as many out there because of the expense of the hardware and other issues. They've historically been a much less popular choice among both consumers, enterprises, and hackers alike.The PC attack surface is much wider; therefore, criminals develop malware that works on PCs because the payout is much higher. James Plouffe, lead solutions architect at mobile-security company MobileIron, said there are, however, a couple of oft-overlooked things that also protect Macs.First, Plouffe said, "MacOS is actually BSD Unix derivative. Granted, it's heavily customized but this meant that, unlike Windows (which had a long tail of viruses reaching back to the days of MS-DOS), bad actors had a lot more heavy lifting to do to be able to attack macOS."To read this article in full or to leave a comment, please click here | Guideline | ||
|
2017-02-01 05:33:00 | What IT security pros are earning in 2017 (lien direct) | Continued high demand following a record year of breaches Image by ThinkstockLast year was a record one for data breaches, with some 1,093 breaches reported. That represented a 40 percent increase over the prior year, according to the Identity Theft Resource Center. It is no wonder that information security remains one of the most top-of-mind issues for CIOs, CISOs, and CEOs. The result is continued high demand for IT security pros. “The market for IT security professionals is poised for another strong year,†notes CompTIA Senior Vice President Tim Herbert. “The security job category was one of the faster growing IT occupations during 2016. During the last 90 days, U.S. employers posted nearly 25,000 job openings for security positions.â€To read this article in full or to leave a comment, please click here |
|||
|
2017-02-01 05:32:00 | Sniff out and kick out Windows malware for free (lien direct) | No single antimalware engine can keep up with all the malware out there. But how about 57 of 'em?[ 18 surprising tips for security pros. | Discover how to secure your systems with InfoWorld's Security Report newsletter. ] In this video, you'll learn how to download and run Windows Sysinternals Process Explorer to test all currently running executables on your Windows system against VirusTotal's 57 antivirus engines, which together offer the best accuracy you can ever get (with a small percentage of false positives that are pretty easy to spot).To read this article in full or to leave a comment, please click here | |||
|
2017-02-01 05:26:00 | 5 things DevOps needs to do to secure containers (lien direct) | Can't we all get along Image by PixabayDo deepening adoption and broader deployment of container technologies (from the likes of Docker, CoreOS and others) threaten to escalate into the latest skirmish between operations, developers and information security? Certainly, the potential exists to widen the rift, but in fact there is far more common ground than would initially suggest. Containerization introduces new infrastructure that operates dynamically and is open in nature, with more potential for cross-container activity. Containerization presents an almost unprecedented opportunity to embed security into the software delivery pipeline – rather than graft on security checks, container monitoring and policy for access controls as an afterthought.To read this article in full or to leave a comment, please click here |
|||
|
2017-02-01 05:22:00 | AI isn\'t just for the good guys anymore (lien direct) | Last summer at the Black Hat cybersecurity conference, the DARPA Cyber Grand Challenge pitted automated systems against one another, trying to find weaknesses in the others' code and exploit them."This is a great example of how easily machines can find and exploit new vulnerabilities, something we'll likely see increase and become more sophisticated over time," said David Gibson, vice president of strategy and market development at Varonis Systems.His company hasn't seen any examples of hackers leveraging artificial intelligence technology or machine learning, but nobody adopts new technologies faster than the sin and hacking industries, he said.To read this article in full or to leave a comment, please click here | |||
|
2017-01-31 14:29:31 | How to make PC security alerts better? Make them twirl, jiggle (lien direct) | Have you ever ignored a security alert on your PC? You're not the only one.The warnings are designed to save us from malware infections and hacking risks, but often times we'll neglect them. It could be because we're too busy or we've seen them too many times, and we've become conditioned to dismiss them -- even the most serious ones, according to Anthony Vance, a professor at Brigham Young University.Vance has been studying the problem and he's found that introducing certain small, but noticeable changes, can make the alerts more useful and harder to ignore. Â "Our security UI (user interface) needs to be designed to be compatible with the way our brains work," he said at the USENIX Enigma 2017 conference on Tuesday. "Not against it."To read this article in full or to leave a comment, please click here | |||
|
2017-01-31 12:59:58 | Trump stresses cybersecurity but postpones executive order (lien direct) | U.S. President Donald Trump called on government agencies to better protect their networks, but he delayed signing an executive order to kick-start a government-wide review of cybersecurity policy.A draft copy of the order, leaked earlier, would give the Department of Defense and the Department of Homeland Security 60 days to submit a list of recommendations to protect U.S. government and private networks. Trump had been scheduled to sign the executive order Tuesday but canceled shortly before it was due to happen.To read this article in full or to leave a comment, please click here | |||
|
2017-01-31 12:13:00 | Google upgrades G Suite with tools for IT pros (lien direct) | Google today bolstered its G Suite of productivity apps with new controls and tools for IT professionals. G Suite administrators now have more access to control security key enforcement, data control with data loss prevention (DLP) for Google Drive and Gmail, and additional insights by connecting Gmail to BigQuery, Google's enterprise data warehouse designed to enable SQL queries, according to Google.All of the changes, which are live today, are designed to elevate G Suite for the enterprise, especially among companies that need more confidence in the controls they can maintain over corporate data, according to Google.To read this article in full or to leave a comment, please click here | |||
|
2017-01-31 11:44:00 | Illumio extends its segmentation to the network and cloud (lien direct) | Data centers have become increasingly dynamic and distributed, which is why there has been a rise in technologies such as virtual machines, containers and hyperconverged systems.Security has been slow to evolve to meet the needs of the new world, but thanks to innovative start-ups such as Illumio, security is starting to change and is able to meet the demands of digital organizations. One of the big advancements in data center security has been the rise of segmentation tools. In actuality, coarse-grained segmentation has been around for decades in the form of firewalls, VLANs and ACLs, but companies like Illumio and VMware have extended the paradigm to applications, workloads and users. To read this article in full or to leave a comment, please click here | |||
|
2017-01-31 11:10:00 | Cisco: Spam is making a big-time comeback (lien direct) | Spam is making a surprising resurgence as a threat to corporate security and becoming a more significant carrier of attacks as varied as spear phishing, ransomware and bots, according to Cisco's 2017 Annual Cybersecurity Report.The company's 10th such report says spam is way up. It accounts for 65% of all corporate email among customers who opted in to let the company gather data via telemetry in Cisco gear.Whereas spam had been knocked down as a threat in 2010 and kept at relatively low levels through 2015, it made a surge in 2016. In 2010, Cisco recorded 5,000 spam messages being sent per second. That number stayed generally below 1,500 for the next five years, spiking to about 2,000 briefly in 2014. But in 2016 it leaped to more than 3,000.To read this article in full or to leave a comment, please click here | |||
|
2017-01-31 09:26:05 | Easy-to-exploit authentication bypass flaw puts Netgear routers at risk (lien direct) | For the past half year Netgear has been working on fixing a serious and easy-to-exploit vulnerability in many of its routers. And it's still not done.While Netgear has worked to fix the issue, the list of affected router models increased to 30, of which only 20 have firmware fixes available to date. A manual workaround is available for the rest.The vulnerability was discovered by Simon Kenin, a security researcher at Trustwave, and stems from a faulty password recovery implementation in the firmware of many Netgear routers. It is a variation of an older vulnerability that has been publicly known since 2014, but this new version is actually easier to exploit.To read this article in full or to leave a comment, please click here | |||
|
2017-01-31 09:02:31 | Trump to sign cybersecurity order calling for government-wide review (lien direct) | President Donald Trump is due to sign an executive order Tuesday that gives each cabinet official more responsibility for the safety of data within their agency.It will be accompanied by a government-wide review of cybersecurity by the Office of Management and Budget, looking at the technology in place that guards U.S. government systems from cyberattacks, according to a White House official.The results of that review could lead to a government-wide upgrade of federal cybersecurity systems.The U.S. government has been hit by hacks in the last few years. The State Department spent months trying to get rid of intruders in its unclassified network and the Office of Personnel Management lost personal information on millions of government workers through a second hack.To read this article in full or to leave a comment, please click here | Guideline | ||
|
2017-01-31 07:50:00 | RSA Conference 2017: Endpoint security in the spotlight (lien direct) | As the calendar shifts from January to February, cybersecurity professionals are gearing up for the RSA Security Conference in a few short weeks. Remarkably, the management team is expecting more than 50,000 attendees this year. So, what can we expect from RSA 2017? Well, cybersecurity is being driven by dangerous threats, digital transformation and the need for massive scalability. This means innovation and change in just about every aspect of cybersecurity technology, so I plan to write a few posts about my expectations for the RSA Conference. I'll start with this one about endpoint security.To be clear, endpoint security should no longer be defined as antivirus software. No disrespect to tried-and-true AV, but endpoint security now spans a continuum that includes advanced prevention technologies, endpoint security controls and advanced detection/response tools. My colleague Doug Cahill and I are currently tracking more than 50 endpoint security vendors, demonstrating just how much activity there is today.To read this article in full or to leave a comment, please click here | |||
|
2017-01-31 07:31:00 | Busted: Federal Reserve employee mined bitcoin using government server (lien direct) | At least one employee of the U.S. Federal Reserve sees the value of bitcoin and mining for it if you get your computing power for free. Nicholas Berthaume, who is now a former employee, was sentenced to 12 months' probation and fined $5,000 for installing unauthorized bitcoin software on a Board of Governors of the Federal Reserve System server.According to a news release by the Office of Inspector General, Berthaume pleaded guilty to one count of unlawful conversion of government property.Working as a Communications Analyst, Berthaume had access to some Board computer servers. He put the computing power of a federal server to work for him. Mining is costly after all, as nowadays it tends to use more electricity than a miner earns. Unless a person has excess power from a solar farm for mining, then stealing electricity for mining is an option some people choose. You may have heard about the three men and one woman recently arrested in Venezuela for electricity theft and internet fraud.To read this article in full or to leave a comment, please click here | Guideline | ||
|
2017-01-31 05:56:00 | Privacy worries are on the rise, new poll of U.S. consumers shows (lien direct) | A recent IDC survey found 84% of U.S. consumers are concerned about the privacy of their personal information, with 70% saying their concern is greater today than it was a few years ago.These concerns of consumers should also alarm businesses: Consumers are willing to switch to another bank, medical center or retailer if they feel their personal information is threatened, the survey found."Consumers can exact punishment for data breaches or mishandled data by changing buyer behavior or shifting loyalty," said Sean Pike, an analyst at IDC, in a statement. The survey, released last week, polled 2,500 U.S. consumers about their privacy concerns across four verticals: Financial services, healthcare, retail and government.To read this article in full or to leave a comment, please click here | |||
|
2017-01-31 05:47:00 | SonicWall CEO talks of life after Dell spinout (lien direct) | SonicWall has been through it all. The San Jose, CA-based security company began as a hot start up, went public, then private, was acquired by Dell and then spun off to a private equity firm as part of the massive Dell/EMC merger in 2016. In the wake of that change, SonicWall also got a new CEO, Bill Conner, a long-time security and tech industry leader, who took the helm in November. In this installment of the IDG CEO Interview Series, Conner spoke with Chief Content Officer John Gallant about what the Dell spin out means for customers and where SonicWall is focusing its development efforts. Hint: Think IoT, mobile and hybrid data centers. He also discussed the company's cloud strategy and how the changing threat landscape opens up new opportunities in the enterprise for SonicWall, which is better known in the SMB space.To read this article in full or to leave a comment, please click here | Guideline |
To see everything:
Our RSS (filtrered)
