What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2017-01-31 05:44:00 | Obama\'s cybersecurity legacy: Good intentions, good efforts, limited results (lien direct) | President Obama is only a couple of weeks out of office, but his legacy on cybersecurity is already getting reviews – mixed reviews.According to a number of experts, Obama said a lot of good things, did a lot of good things and devoted considerable energy to making cybersecurity a priority, but ultimately didn't accomplish the goal of making either government or the private sector more secure.The most recent, stark illustration was the series of leaks, enabled by hacks that US intelligence agencies attribute to Russia, that undermined both the credibility of Democratic presidential candidate Hillary Clinton and the election itself.To read this article in full or to leave a comment, please click here | |||
|
2017-01-30 14:07:00 | F5 Networks taps versatile Ciena higher-up to take over as CEO (lien direct) | F5 Networks CEO and President John McAdam, thrust back into that role in late 2015 under unusual circumstances, has announced that Ciena SVP and COO Francois Locoh-Donou will succeed him on April 3.McAdam joined F5 in 2000 and served as CEO and President until July 2015, when he handed the reins to Manuel Rivelo. But Rivelo stepped down in December of that year for unspecified personal conduct issues, and McAdam jumped back into the fray at the Seattle company, which he has helped to build into an application delivery powerhouse generating about $2B in annual revenue. Â To read this article in full or to leave a comment, please click here | Guideline | ||
|
2017-01-30 12:45:00 | Harbinger of The Great Internet Wall arrives (lien direct) | By Presidential proclamation, non-U.S. citizens' data is in jeopardy. An executive order by President Trump could hurt a data transfer framework that allows EU citizens' personal information to be transmitted to the U.S. for processing with the promise that the data would have the same privacy protection in the U.S. as it has in the EU. That's because a section of the order says, “Agencies shall, to the extent consistent with applicable law, ensure that their privacy policies exclude persons who are not United States citizens or lawful permanent residents from the protections of the Privacy Act regarding personally identifiable information.â€Â To read this article in full or to leave a comment, please click here | |||
|
2017-01-30 12:37:18 | Facebook tries to revamp password recovery by supplanting email (lien direct) | Forgot your password? Well, Facebook wants to help you recover your internet account.The company is releasing an open source protocol that will let third-party sites recover user accounts through Facebook.Typically, when people forget their password to a site, they're forced to answer a security question or send a password reset request to their email. But these methods of account recovery can be vulnerable to hacking, said Facebook security engineer Brad Hill.He recalled a time when he was granted permission to break into an online bank account. To do so, he took advantage of the password reset questions.“It asked me what my favorite color was, and it let me guess as many times as I wanted,†he said Monday, during a presentation at the USENIX Enigma 2017 security conference.To read this article in full or to leave a comment, please click here | |||
|
2017-01-30 12:33:00 | DARPA picks 30 contenders to battle in wireless spectrum competition (lien direct) | DARPA says there are now 30 contenders for its $3.75 million Spectrum Collaboration Challenge (SC2) whose goal is to get mobile devices more intelligent access to the ever-tightening wireless spectrum.+More on Network World: Intelligence agency opens $325,000 advanced, automated fingerprint gathering competition+ The defense research agency last March announced Spectrum Collaboration Challenge and said the primary goal of the contest was to infuse radios with “advanced machine-learning capabilities so they can collectively develop strategies that optimize use of the wireless spectrum in ways not possible with today's intrinsically inefficient approach of pre-allocating exclusive access to designated frequencies.â€To read this article in full or to leave a comment, please click here | |||
|
2017-01-30 10:38:00 | IDG Contributor Network: How to practice cybersecurity (and why it\'s different from IT security) (lien direct) | Keeping companies safe from attackers is no longer just a technical issue of having the right defensive technologies in place. To me, this is practicing IT security, which is still needed but doesn't address what happens after the attackers infiltrate your organization (and they will, despite your best efforts to keep them out).I'm trying to draw attention to this topic to get security teams, businesses executives and corporate boards to realize that IT security will not help them once attackers infiltrate a target. Once this happens, cybersecurity is required. Â + Also on Network World:Â Recruiting and retaining cybersecurity talent + In cybersecurity, the defenders acknowledge that highly motivated and creative adversaries are launching sophisticated attacks. There's also the realization that when software is used as a weapon, building a stronger or taller wall may not necessarily keep out the bad guys. To them, more defensive measures provide them with additional opportunities to find weak spots and gain access to a network.To read this article in full or to leave a comment, please click here | |||
|
2017-01-30 09:25:00 | Spear phishing tough to block, even when using automation tools (lien direct) | Trying to filter out phishing emails is tough work, even for organizations trying to find a better way through automation, according to a new study from security software company GreatHorn.The company makes software that seeks out phishing attempts and can autonomously block them, but even its customers don't switch on all the features, according to GreatHorn's study of how customers dealt with just over half a million spear phishing attempts.The most common autonomous action, taken a third of the time against suspicious emails, was to alert an admin when a policy was violated and let them decide what to do. This option is also chosen in order to create a record of potential threats, the company says. Another 6% of emails trigger alerts to the recipients so they can be on the lookout for similar attempts.To read this article in full or to leave a comment, please click here | |||
|
2017-01-30 09:05:00 | Cisco fosters Blockchain protocol development, IBM shows why technology could relieve security anxiety (lien direct) | Cisco has helped form a consortium to develop blockchain that could secure Internet of Things applications and more while new study by IBM shows why the technology could become invaluable for businesses worldwide.Reports from Reuters and a press release from the group said that Cisco has teamed up with Bank of New York Mellon, Foxconn, Gemalto and blockchain startups Consensus Systems (ConsenSys), BitSE and Chronicled to form a blockchain consortium that said it will develop a shared blockchain protocol for aimed at IoT products.To read this article in full or to leave a comment, please click here | |||
|
2017-01-30 08:25:34 | Ransomware disrupts Washington DC\'s CCTV system (lien direct) | About 70 percent of the cameras hooked up to the police's closed-circuit TV (CCTV) system in Washington, D.C., were reportedly unable to record footage for several days before President Trump's inauguration due to a ransomware attack.The attack affected 123 of the 187 network video recorders that form the city's CCTV system, the Washington Post reported Saturday. Each of these devices is used to store video footage captured by up to four cameras installed in public spaces.To read this article in full or to leave a comment, please click here | |||
|
2017-01-30 07:12:54 | German consumer groups sue WhatsApp over privacy policy changes (lien direct) | WhatsApp's privacy policy change allowing Facebook to target advertising at its users has landed the company in a German court.The Federation of German Consumer Organizations (VZBZ) has filed suit against WhatsApp in the Berlin regional court, alleging that the company collects and stores data illegally and passes it on to Facebook, the federation said Monday.Facebook acquired WhatsApp in October 2014, but it wasn't until August 2016 that WhatsApp said it would modify its privacy policy to allow it to share lists of users' contacts with Facebook. The move made it possible to match WhatsApp accounts with Facebook ones where users had registered a phone number, giving the parent company more data with which to make new friend suggestions and another way to target advertising.To read this article in full or to leave a comment, please click here | |||
|
2017-01-30 07:08:00 | Cops use pacemaker data to charge homeowner with arson, insurance fraud (lien direct) | If you are dependent upon an embedded medical device, should the device that helps keep you alive also be allowed to incriminate you in a crime? After all, the Fifth Amendment of the U.S. Constitution protects a person from being forced to incriminate themselves.Nonetheless, that's what happened after a house fire in Middletown, Ohio.WCPO Cincinnati caught video of the actual fire, as well delivered news that the owner's cat died in the fire. As a pet owner, it would be hard to believe that a person would set a fire and leave their pet to die in that fire. The fire in question occurred back in September 2016; the fire department was just starting an investigation to determine the cause of the blaze.To read this article in full or to leave a comment, please click here | |||
|
2017-01-30 06:15:00 | Questions to ask your recovery vendor before you buy (lien direct) | At ShmooCon 2017, CSO's Steve Ragan chats with Marc Langer, president of Recovery Point, about the questions that many companies often miss when choosing a data recovery system or process. | |||
|
2017-01-30 06:14:00 | How most hackers get into systems (lien direct) | In part two of CSO's interview with Gabe Bassett from Verizon Enterprise Solutions at ShmooCon 2017, Steve Ragan and Bassett discuss why vulnerabilities are not the major vectors that hackers use to get into a company's infrastructure. | |||
|
2017-01-30 06:14:00 | Managing risk by understanding attack surfaces (lien direct) | At ShmooCon 2017, CSO's Steve Ragan sits down with Gabe Bassett, senior information security data Scientist at Verizon Enterprise Solutions. The two discuss how attack surfaces work within the Verizon Data Breach Investigations Report (DBIR) and how companies can use those to assess their risk profiles. | |||
|
2017-01-30 05:32:00 | How to eliminate insider threats (lien direct) | Insider threats are a major security problem Image by ThinkstockFor years, the primary security objective has been to protect the perimeter-the focus on keeping outsiders from gaining access and doing harm. But statistics prove that more risk exists within an organization. Indeed, many compliance regulations require monitoring of systems to identify and eliminate insider threat. According to Forrester, 58 percent of breaches are caused from internal incidents or with a business partner's organization. And 55 percent of attacks are originated by an insider as cited in the 2015 IBM Cyber Security Intelligence Index.To read this article in full or to leave a comment, please click here |
|||
|
2017-01-30 04:00:00 | IDG Contributor Network: TechDemocracy: Helping execs and boards ensure cybersafety (lien direct) | I sit on a number of not-for-profit and commercial boards of directors. I am lucky in that I have a pretty good understanding of how their technology landscape can introduce risks into the business. As someone who spends much of his time in the tech world, I can bring this knowledge and awareness into the companies I work with. But that isn't the usual way things work. Most boards of directors are made up of individuals who have little or no awareness of their organization's technology footprint and the impacts it can have when something goes wrong. This is the problem space that TechDemocracy, a global cyberrisk assurance solution provider, is trying to solve with its Intellicta platform.To read this article in full or to leave a comment, please click here | |||
|
2017-01-30 04:00:00 | IDG Contributor Network: 6 ways to launch a targeted cyberattack (lien direct) | The threat of a targeted attack for any business is real and substantial. It's vital to ensure that your organization can identify constantly evolving threats, find abnormal and suspicious activity, and take effective action to keep your data safe. Consider that, on average, attackers are in a network for more than 140 days before they're detected, and 60% of network intrusions are eventually traced back to credentials, according to according to Microsoft. Most successful targeted attacks follow six steps or stages, though it's important to remember that these steps often run in parallel. Multifaceted attacks are common, so a robust threat response plan should address all six steps and avoid jumping to conclusions.To read this article in full or to leave a comment, please click here | |||
|
2017-01-30 04:00:00 | IDG Contributor Network: Hackers could use hidden mal-audio to attack Google Now (lien direct) | There's a fabulous story about a slew of Amazon Echo devices that took it upon themselves to order expensive doll houses from the ecommerce retailer all because a news show host uttered the phrase “Alexa ordered me a dollhouse†on air. The machines heard it from the TV switched on in the room.Researchers say it's not an unlikely scenario. They say not only can attackers issue mal-audio voice commands to any AI listening device that is in audible range, but they can also do it using hidden voice commands. Those are commands that might not even be noticed by the user.To read this article in full or to leave a comment, please click here | |||
|
2017-01-30 03:25:00 | (Déjà vu) New products of the week 1.30.17 (lien direct) | New products of the week Image by NSSOur roundup of intriguing new products. Read how to submit an entry to Network World's products of the week slideshow.Blue Medora vRealize Operations Management Pack for Amazon Aurora Image by bluemedoraTo read this article in full or to leave a comment, please click here |
|||
|
2017-01-29 21:00:00 | How to remove malware (lien direct) | If you've found malware on your system, what should you do about it? This video walks you through the steps of getting the bad stuff off your PC. | |||
|
2017-01-29 07:31:00 | Ransomware locked hotel out of its electronic key lock system (lien direct) | A 4-star hotel in the Austrian Alps, the Romantik Seehotel Jaegerwirt, admitted to bowing to extortion after ransomware locked up the computer running the hotel's electronic key lock system.This was not the first time that cyber thugs attacked the hotel. During one of the attacks, the hackers reportedly left a backdoor into the system.The third attack occurred during the opening weekend of the winter season. The computer hit with ransomware controlled the electronic key lock system, the reservation system and the cash desk system.Guests, who paid about nearly $300 a night for a room, could not open their rooms with their existing keycards; new keycards could not be programmed. Arriving guests couldn't have their reservations confirmed.To read this article in full or to leave a comment, please click here | |||
|
2017-01-27 13:09:51 | LeakedSource\'s shutdown is a blow to amateur hackers (lien direct) | Amateur hackers are alarmed with the apparent demise of LeakedSource, a controversial breach notification site that's been accused of doing more harm than good.U.S. law enforcement has allegedly confiscated its servers, and now some hackers are wondering if customers of LeakedSource might be next.  “All the people who used PayPal, credit card, etc. to buy membership, the FBI now have your email, payment details and lookup history,†wrote one user on HackForums.net.To read this article in full or to leave a comment, please click here | |||
|
2017-01-27 11:45:00 | Five arrested for hacking into ATMs and stealing $3.2 million (lien direct) | Law enforcement authorities from Europe and Asia have arrested five members of an international cybercriminal group that specialized in hacking into automated teller machine (ATMs).The investigation began in early 2016, according to Europol. Three suspects were arrested in Taiwan, one in Romania, and one in Belarus. Most of them had multiple citizenships and could travel easily between countries, the agency said Friday.Hacking into ATMs to steal money is nothing new, and there are malware programs built specifically for such machines that allow criminals to withdraw money using hidden commands.To infect ATMs with such malware most attackers either receive help from bank insiders or buy service keys that can be used to open the front panels of ATMs and access their communications ports.To read this article in full or to leave a comment, please click here | |||
|
2017-01-27 11:17:45 | Trump, May agree to take on ISIS in cyberspace (lien direct) | The U.K. and U.S. are planning to work more closely to combat the spread of extreme Islamist ideology in cyberspace, British Prime Minister Theresa May said on Friday.May was speaking at a White House news conference, alongside U.S. President Donald Trump, held to outline the results of talks between the two leaders. May is in Washington as the first foreign head of state to meet Trump.She noted the conventional military fight against ISIS is working and the group is losing territory but noted the two countries "need to redouble our efforts.""Today we're discussing how we can do this by deepening intelligence and security cooperation and critically, by stepping up our efforts to counter Daesh in cyberspace," she said, using an alternate name for the terrorist group.To read this article in full or to leave a comment, please click here | Guideline | ||
|
2017-01-27 10:27:00 | Intelligence agency opens $325,000 advanced, automated fingerprint gathering competition (lien direct) | Researchers at the Intelligence Advanced Research Projects Activity (IARPA) are looking to the public to build a next-generation, automated fingerprint recognition system.The idea behind the competition, called the “Nail to Nail (N2N) Fingerprint Challenge†– which offers $325,000 worth of prizes – is to develop a system that allows for more distinguishing data to be collected from fingerprint biometrics but also eliminates the time and cost associated with using human operators, IARPA said. N2N fingerprints capture the entire fingerprint from the edge of one finger nail bed to the other.To read this article in full or to leave a comment, please click here | |||
|
2017-01-27 09:21:00 | Compliance focus, too much security expertise hurts awareness programs (lien direct) | Security awareness teams aren't getting the support they need to be successful, according to the SANS Institute. But some unexpected factors can cause programs to fail as well, including a focus on compliance -- and too much security expertise on the team."Most organizations actually have a security awareness program," said Lance Spitzner, director of the Securing the Human Program at the SANS Institute, looking back at what the industry learned in 2016. "Yet we continue to have problems."To read this article in full or to leave a comment, please click here | |||
|
2017-01-27 09:20:00 | Trump\'s executive order won\'t destroy Privacy Shield, says EU (lien direct) | Fears that U.S. President Trump has destroyed the Privacy Shield Transatlantic data transfer agreement with one of the many executive orders he has signed this week are unfounded, the European Commission said Friday.On Wednesday, Trump signed an executive order entitled "Enhancing Public Safety in the Interior of the U.S.," one of several he has issued since taking office on Jan. 20. Such executive orders are used by U.S presidents to manage the operations of the federal government.To read this article in full or to leave a comment, please click here | |||
|
2017-01-27 07:59:00 | Cisco starts patching critical flaw in WebEx browser extension (lien direct) | Cisco Systems has started to patch a critical vulnerability in its WebEx collaboration and conferencing browser extension that could allow attackers to remotely execute malicious code on computers. The company released a patched version of the extension -- 1.0.7 -- for Google Chrome on Thursday and is working on similar patches for the Internet Explorer and Mozilla Firefox versions. The vulnerability was found by Google security researcher Tavis Ormandy and stemmed from the fact that the WebEx extension exposed functionality to any website that had "cwcsf-nativemsg-iframe-43c85c0d-d633-af5e-c056-32dc7efc570b.html" in its URL or inside an iframe. Some of that WebEx functionality allowed for the execution of arbitrary code on computers.To read this article in full or to leave a comment, please click here | |||
|
2017-01-27 06:00:24 | AI-based typing biometrics might be authentication\'s next big thing (lien direct) | Identifying or authenticating people based on how they type is not a new idea, but thanks to advances in artificial intelligence it can now be done with a very high level of accuracy, making it a viable replacement for other forms of biometrics.Research in the field of keystroke dynamics, also known as keyboard or typing biometrics, spans back over 20 years. The technique has already been used for various applications that need to differentiate among computer users, but its widespread adoption as a method of authentication has been held back by insufficient levels of accuracy.Keystroke dynamics relies on unique patterns derived from the timing between key presses and releases during a person's normal keyboard use. The accuracy for matching such typing-based "fingerprints" to individual persons by using traditional statistical analysis and mathematical equations varies around 60 percent to 70 percent, according to Raul Popa, CEO and data scientist at Romanian startup firm TypingDNA.To read this article in full or to leave a comment, please click here | |||
|
2017-01-27 05:51:00 | Are you a Reckless Rebel or a Nervous Nellie when it comes to online privacy? (lien direct) | In an era of constant likes and shares, where is the privacy line drawn? Are you someone who worries about being watched as you purchase an item online? Or do you consider loss of privacy the price you pay for having the world at your fingertips.Forrester recently released a report that reveals the characteristics of users and the factors that go into how much – or how little – each category of user shares. “We frequently hear that Millennials don't care about privacy - just look at everything they share on social media! But this ignores the fact that Millennials actually manage their online identities quite aggressively.""While it may appear that they overshare online, they use privacy settings, ephemeral messaging, and browser plug-ins to control who sees what about them. This is exactly how most of us behave in the physical world: Our willingness to share personal information with specific people changes depending on our relationship with them.â€To read this article in full or to leave a comment, please click here | |||
|
2017-01-27 05:50:00 | How to protect your data, your vehicles, and your people against automotive cyber threats? (lien direct) | Modern vehicles increasingly connect to the rest of the world via short range wireless technologies such as Wi-Fi and Bluetooth, wired interfaces such as OBD-II and USB, long range wireless communications such as 4G and the coming 5G for internet, and services such as OnStar, LoJack, and Automatic, to name only some. That world includes your enterprise and the criminal hackers and cyber carjackers who want to undo your data, your corporate fleets, and your people.The costs of their attacks include exposure of personal identifiable information and private data, and exposure or destruction of valuable intellectual property, according to Eric Friedberg, co-president at Stroz Friedberg. Loss of life in the midst of vehicle destruction/collision weighs heavily as a potential personal, professional, and corporate cost, as well.To read this article in full or to leave a comment, please click here | |||
|
2017-01-27 05:46:00 | That Hearbleed problem may be more pervasive than you think (lien direct) | Â That lingering Hearbleed flaw recently discovered in 200,000 devices is more insidious than that number indicates.According to a report posted by Shodan, the Heartbleed vulnerability first exposed in April 2014 was still found in 199,594 internet-accessible devices during a scan it performed last weekend.But according to open-source security firm Black Duck, about 11% of more than 200 applications it audited between Oct. 2015 and March 2016 contained the flaw, which enables a buffer overread that endangers data from clients and servers running affected versions of OpenSSL.To read this article in full or to leave a comment, please click here | |||
|
2017-01-26 17:57:42 | Trump administration is giving us a good lesson on Twitter security (lien direct) | Several recent incidents involving U.S. President Donald Trump's administration can teach users something about IT security -- particularly about Twitter and what not to do with it.It turns out that several White House-related Twitter accounts -- including the president's official account, @POTUS -- until recently were revealing sensitive information that hackers might be able to exploit.The problem revolves around the service's password reset function. If the account holder doesn't take certain steps to secure it, Twitter exposes information that anyone with the right skills can use to uncover what email address -- in redacted form -- was used to secure a Twitter account.To read this article in full or to leave a comment, please click here | |||
|
2017-01-26 13:58:00 | U.S. companies spending millions to satisfy Europe\'s GDPR (lien direct) | Ninety-two percent of U.S. multinational companies cited compliance with the looming General Data Protection Regulation (GDPR) as a top data protection priority, according to new research from PwC. Sixty-eight percent are earmarking between $1 million and $10 million on GDPR readiness and compliance efforts, with 9 percent expecting to spend over $10 million, says Jay Cline, PwC's U.S. privacy leader.Cline says PwC 'slatest survey showed that fear remains the biggest motivator for U.S. CIOs, who are “connecting the dots†after watching data breaches lead to lost revenues, regulatory fines and the erosion of consumer trust. “U.S. companies see the connection between doing privacy well and greater revenues and consumer trust,†says Cline, who surveyed 200 CIOs, CISOs and other C-suite executives.To read this article in full or to leave a comment, please click here | Guideline | ||
|
2017-01-26 11:59:44 | Gmail will block JavaScript attachments, a common source of malware (lien direct) | Starting Feb. 13, Google will no longer allow JavaScript attachments on its Gmail service, killing one of the main methods of malware distribution over the past two years.Users will no longer be able to attach .JS files to emails in Gmail, regardless of whether they attach them directly or they include them in archives like .gz, .bz2, .zip or .tgz. For those rare cases when such files need to be shared via email, users can upload them to a storage service like Google Drive and then share the link.The .JS file extension will be added an existing list of other banned file attachments that includes: .ADE, .ADP, .BAT, .CHM, .CMD, .COM, .CPL, .EXE, .HTA, .INS, .ISP, .JAR, .JSE, .LIB, .LNK, .MDE, .MSC, .MSP, .MST, .PIF, .SCR, .SCT, .SHB, .SYS, .VB, .VBE, .VBS, .VXD, .WSC, .WSF and .WSH. Most of these file types have long been abused by cybercriminals to send malware via email.To read this article in full or to leave a comment, please click here | |||
|
2017-01-26 10:25:00 | Commuting Chelsea Manning\'s sentence was just and proper (lien direct) | Before leaving office, President Barack Obama commuted the sentence of former Army soldier Chelsea (Bradley) Manning. At the time, Manning was serving a sentence of 35 years for leaking classified material to WikiLeaks in 2010. This material was subsequently published by WikiLeaks, embarrassing the U.S. government and exposing several previously undocumented war crimes that took place in Afghanistan and Iraq.  The President's decision to commute Manning's sentence was extremely controversial. The verdict was made over the objection of Secretary of Defense Ashton Carter, while other military and government officials quickly criticized Obama's pronouncement.  Just today, President Trump on Twitter referred to Manning as an “ungrateful traitor†who should have never been released from prison.To read this article in full or to leave a comment, please click here | |||
|
2017-01-26 09:33:00 | Chrome, Firefox start warning users when websites use insecure HTTP logins (lien direct) | The war on insecure webpages has begun, and Mozilla fired the first shot.Recently, Mozilla rolled out Firefox 51 to its mainstream user base. With the new release comes an insecure warning on any page that offers a login form over an HTTP connection instead of HTTPS. Chrome plans to follow suit with version 56, expected to be released to mainstream users on Tuesday, January 31, as Ars Technica first pointed out.MORE ON NETWORK WORLD: 6 simple tricks for protecting your passwords HTTP uses an open, unencrypted connection between you and the website you're visiting that could be intercepted by anyone monitoring traffic between you and the site. For that reason, it's never a good idea to share login or credit card information over an HTTP connection. Most major sites offer the encrypted version-HTTPS-but every now and then you'll come across a site that doesn't.To read this article in full or to leave a comment, please click here | |||
|
2017-01-26 09:30:00 | Face-off: Oracle vs. CA for identity management (lien direct) | Employees come and go, or switch departments, so IT managers seek an automated way to give (or deny) them access privileges to corporate systems. Two of the top software products for identity and access management (IAM) are Oracle Identity Manager and CA Identity Manager, according to IT Central Station, an online community where IT professionals review enterprise products.Both products have their fans who say the sophisticated software helps them handle routine access tasks … without paperwork. But users also note that there are areas where the products have room for improvement - areas such as the user interface, initial setup and vendor tech support, according to reviews at IT Central Station. Plus, several users said the vendors need to migrate these products to the cloud.To read this article in full or to leave a comment, please click here | |||
|
2017-01-26 09:00:00 | IDG Contributor Network: Thales Data Threat Report: Security spending up, but so are breaches (lien direct) | It's interesting seeing how much money technology vendors spend on surveys that (at least most often) justify their own existence. It would be easy to be cynical about them, but beyond the self-serving aspects of it all, the data these surveys generate is interesting as a general “state of the nation†assessment.A good case in point is Thales' new Data Threat Report (pdf). Thales is a huge vendor that employs over 60,000 people across 56 countries. With multibillion euro revenue, it makes sense for the company to increase the perception that it is a thought leader in its field. And Thales' field is a big one. It is a systems integrator, equipment supplier and service provider in the aerospace, transport, defense and security markets. A major part of the company's offering lies around cybersecurity. This report is, therefore, very much in its wheelhouse.To read this article in full or to leave a comment, please click here | Guideline | ||
|
2017-01-26 05:32:00 | Top data breach trends in 2016 - Phishing, skimming rise; hacking holds ground (lien direct) | When news broke in December of a massive data breach at Yahoo, it was met with a collective “This, again? Didn't they just report a breach?†The company had, in fact, reported a record-breaking breach of 500 million user accounts three months earlier, but it was dwarfed by the December breach, which impacted over 1 billion records.That pair of record breaking breaches was a fitting way to cap off a year marked by massive data breaches. As security intelligence provider Risk Based Security (RBS) points out in its newly-released 2016 Data Breach Trends report, “six 2016 breaches have taken their place on the Top 10 List of All Time Largest Breaches.â€To read this article in full or to leave a comment, please click here | Yahoo | ||
|
2017-01-26 05:26:00 | Self-protection is key to Linux kernel security (lien direct) | Linux has quietly taken over the world. The operating system now powers the large datacenters that make all our cloud applications and services possible, along with billions of Android devices and internet-connected gadgets that comprise the internet of things (IoT). Even the systems that handle the day-to-day operations on the International Space Station run Linux.The fact that Linux is everywhere makes kernel security the highest priority. An issue in the kernel can easily create ripples that are felt by practically everyone. Finding and fixing vulnerabilities in the kernel is only one aspect of Linux security; enabling the kernel to withstand attacks is even more vital.To read this article in full or to leave a comment, please click here | |||
|
2017-01-26 05:18:00 | A new service for the less techie criminals (lien direct) | Sketchy characters Image by ThinkstockYou've heard of big business owners like Jeff Bezos, Larry Page and Warren Buffet. However, did you know there's a long list of business owners, all of who have access to millions of dollars at their fingertips, that you'll never hear about. These people are the owners of crimeware-as-a-service (CaaS) businesses. For underground cybercriminals, CaaS provides a new dimension to cybercrime by making it more organized, automated and accessible to criminals with limited technical skills. Today, cybercriminals can develop, advertise and sell anything from a botnet to a browser exploit pack or DDoS attack toolkits. Aditya K Sood, director of security and cloud threat labs at Blue Coat Systems, a part of Symantec, details how cybercriminals can obtain sensitive data, like credit card numbers, names and addresses, with just a couple of clicks and a payment.To read this article in full or to leave a comment, please click here |
|||
|
2017-01-25 18:28:59 | Password-free security uses voice, user behavior to verify identity (lien direct) | Tired of conventional passwords? So is Nuance Communications, a tech firm that is promoting the human voice as a way to secure user accounts.The company's voice biometric product is among the technologies that promise to replace traditional -- and often vulnerable -- password authentication systems, which can be easy to hack. That isn't the case with Nuance's solution, the company claims.   “To determine if it's you or not, we are looking at over 100 different characteristics of your voice,†said Brett Beranek, Nuance's director of product strategy.The problem with passwords The need to move beyond passwords hasn't been more urgent, given that hackers are routinely finding ways to steal them. Last year, Yahoo, LinkedIn and Dropbox all reported major data breaches involving account details such as email addresses and hashed passwords.  To read this article in full or to leave a comment, please click here | Yahoo | ||
|
2017-01-25 18:12:00 | Get 72% off NordVPN Virtual Private Network Service For a Limited Time - Deal Alert (lien direct) | NordVPN gives you a private and fast path through the public Internet. All of your data is protected every step of the way using revolutionary 2048-bit SSL encryption even a supercomputer can't crack. Access Hulu, Netflix, BBC, ITV, Sky, RaiTV and much more from anywhere in the world. Unmetered access for 6 simultaneous devices. You're sure to find dozens of good uses for a VPN. Take advantage of the current 72% off deal that makes all of this available to you for just $3.29/month (access deal here). This is a special deal available for a limited time.To read this article in full or to leave a comment, please click here | |||
|
2017-01-25 14:48:00 | Trump fence-sitting on encryption backdoors can\'t last (lien direct) | It looks like the Donald Trump administration is interested in encryption backdoors, but, like his predecessor's, so far it has fallen short of coming out for them or against them. Trump himself famously urged a boycott of Apple for refusing to help the FBI crack an iPhone used by the terrorist who attacked in San Bernardino, Calif., which indicated he favored backdoors. But that was last year. The latest comes from Sen. Jeff Sessions, Trump's nominee for attorney general, who says he favors strong encryption but also favors law enforcement being able to “overcome encryption†when necessary.To read this article in full or to leave a comment, please click here | |||
|
2017-01-25 12:02:19 | US Park Service tweets were result of old Twitter passwords (lien direct) | Two instances of tweets from U.S. National Park Service accounts that became political hot potatoes in the last few days were the result of bad password management, according to officials.The first incident took place on inauguration day when the main National Park Service account retweeted images from a CNN reporter that compared unfavorably the crowd size at President Donald Trump's inauguration with that of President Barack Obama's in 2009.When Trump began to openly dispute the images and smaller crowd sizes, the National Park Service deleted the retweet and apologized."We regret the mistaken RTs from our account yesterday and look forward to continuing to share the beauty and history of our parks with you," it said on Saturday.To read this article in full or to leave a comment, please click here | |||
|
2017-01-25 10:02:00 | What to ask IDaaS vendors before you buy (lien direct) | Identity as a service (IDaaS), also known as identity and access management as a service, uses a cloud infrastructure for securely managing user identities and access enforcement. At its most basic level, IDaaS enables single sign-on (SSO) for systems in the cloud or on-premises, but it goes well beyond that to include access provisioning and deprovisioning, governance and analytics.Leading vendors in the IDaaS field in 2016 (per Gartner) included Okta, Microsoft and Centrify, with OneLogin, Ping Identity, SailPoint, Covisint, Salesforce, Lighthouse Security (IBM) and EMC/RSA figuring prominently as well. Although each company offers IDaaS, differences in feature sets and capabilities can make one solution preferable over the others for a particular organization.To read this article in full or to leave a comment, please click here | Guideline | ||
|
2017-01-25 10:00:00 | Ransomware makes California nursing school feel ill (lien direct) | About three months ago, an instructor at Gurnick Academy, a California-based nursing school, had his biggest fear come alive. When he tried to access his lectures, the files were encrypted. The teacher was literally locked out of his classroom.If it wasn't for a quick acting IT department, the entire school might have been in the same situation. They noticed the incident at the early stage and managed to prevent the encryption from spreading by disconnecting the infected device from the corporate network.Val Paschenko, IT department manager at the school, said the instructor was met with a ransomware note demanding 1 bitcoin or $740 in exchange for the files to be decrypted. The instructor called support and requested to get his files back, but it was already too late. He lost some recently created files, and he needed to redo some of his work. It took a few hours to reinstall the OS and configure everything; obviously during that time he was not able to work on his PC. To read this article in full or to leave a comment, please click here | |||
|
2017-01-25 07:54:00 | 41% off Netgear Arlo Security System Wireless HD Camera, Indoor/Outdoor, Night Vision - Deal Alert (lien direct) | The Arlo camera is a 100 Percent Wire-Free, completely wireless, HD smart home security camera – so you can get exactly the shot you need – inside or out. The Arlo camera is weatherproof and includes motion detection, night vision, and apps. It can capture clips and send you alerts whether you're at home or away for round-the-clock peace of mind.  These motion activated cameras initiate automatic recording and alert you via email or app notifications. Free apps enable remote monitoring from anywhere and with the built-in night vision you'll even see in dark.  This security camera currently averages 4 out of 5 stars on Amazon from almost 10,000 customers (read reviews) and its list price of $219.99 is currently discounted 41% to $129.99.To read this article in full or to leave a comment, please click here | |||
|
2017-01-25 07:10:20 | Kaspersky Lab employee reportedly arrested in Russia on treason charges (lien direct) | One of the leading cybercrime investigators at antivirus vendor Kaspersky Lab was reportedly arrested in Russia as part of a probe into activities that could represent high treason. According to Russian newspaper Kommersant, Ruslan Stoyanov, the head of the computer incidents investigation team at Kaspersky, was arrested in December as part of an investigation that also targeted Sergei Mikhailov, the deputy head of the Information Security Center at the FSB, Russia's internal security service. Russian authorities are investigating Mikhailov in connection to the receipt of money from a foreign organization, an unnamed source close to the FSB reportedly told the newspaper.To read this article in full or to leave a comment, please click here | Guideline |
To see everything:
Our RSS (filtrered)
