What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2017-01-25 07:05:00 | Russia\'s FSB arrests Kaspersky\'s top cybercrime investigator for treason (lien direct) | A top-notch cybercrime investigator, who heads up the Kaspersky Lab team that investigates hacks, has been arrested by Russian law enforcement for possible treason.An unnamed source close to Russia's Federal Security Service (FSB) told the newspaper Kommersant that Ruslan Stoyanov may be linked to an investigation into Sergei Mikhailov, a deputy chief of the FSB's Center for Information Security. Both men were arrested in December.Kaspersky Lab confirmed the report of Stoyanov's arrest in Kommersant, then tweeted the following statement: “The case against this employee does not involve Kaspersky Lab. The employee, who is Head of the Computer Incidents Teams, is under investigation for a period predating his employment at Kaspersky Lab. We do not possess details of the investigation.â€To read this article in full or to leave a comment, please click here | |||
|
2017-01-25 05:08:00 | Four lesser-known Wi-Fi security threats and how to defend against them (lien direct) | It's common knowledge that the best way to protect your home Wi-Fi network is by using a strong password. This will keep uninvited guests away and protect your network so eavesdroppers can't intercept your communications. And we've known for more than a decade now that the old Wired Equivalent Privacy (WEP) is so insecure that cracking it is practically child's play.ALSO ON NETWORK WORLD: 9 tips for speeding up your business Wi-Fi Once you've protected your network with Wi-Fi Protected Access 2 (WPA2), here are four other vulnerability scenarios you should guard against.To read this article in full or to leave a comment, please click here | |||
|
2017-01-25 05:06:00 | That online job candidate may be carrying a virus (lien direct) | January is the month when employees are most likely to think about changing jobs, according to a survey by Glassdoor. Almost one in five jobseekers cited January as the most popular month to make a move, which means that resumes, cover letters and reference contacts are eagerly shared through social media, email and company websites.Cyber thieves are eager to take advantage of the busy hiring season, too, and they've come up with several ways to infiltrate corporate systems. Security pros offer their tips on what to watch out for, and how to stop them.Cyber criminals use LinkedIn and other social media sites to bypass company defenses LinkedIn and other social networks are becoming targets for threat actors since they know it's a great way to bypass company's defenses, according to cybersecurity firm Cylance. LinkedIn is typically a site that is not blocked by network filters to allow HR departments the freedom to communicate with prospective job candidates.To read this article in full or to leave a comment, please click here | |||
|
2017-01-25 05:01:00 | Cisco scrambling to fix a remote-code-execution problem in WebEx (lien direct) | Cisco's Webex Browser Extension contain a critical bug that can open up customers' entire computers to remote code execution attacks if the browsers visit websites containing specially crafted malicious code.The company says it is in the process of correcting the problem, and has apparently made a few initial steps toward a permanent fix. It says there is no workaround available.+More on Network World: 10 of the latest craziest and scariest things the TSA found on your fellow travelers+To read this article in full or to leave a comment, please click here | |||
|
2017-01-24 16:12:38 | Cyber criminals avoid fraud within their own ranks with new site (lien direct) | Sometimes it's not easy being a cyber criminal. In addition to law enforcement and private security companies, cyber thieves have to battle fraudsters out to beat them at their own game, but a web site offers to help.Ripper.cc has been maintaining a database of known “rippers†or scammers since June last year and security firm Digital Shadows, which has been investigating it, says it may help online black markets flourish.Fraud is a nagging problem in the cyber criminal world, according to Digital Shadows. Although some hackers believe in honor amongst thieves, others are peddling bogus goods, such as stolen credit card numbers or user credentials that turn out to be fake.To read this article in full or to leave a comment, please click here | |||
|
2017-01-24 13:30:32 | GPG Suite updated for secure email on OSX Sierra (lien direct) | GPG Suite, an application that brings encrypted email to Mac OS, is now available in public beta for Sierra.The software package had been compatible up to El Capitan but wasn't working with Sierra, which was released by Apple in September. The new software can now be downloaded from the GPG Tools website.It adds support for the OpenPGP encryption standard, which is an open-source version of the PGP encryption package first developed in 1991.Four software apps are contained in the package:-- GPG Mail is a plugin for Apple Mail that allows users to encrypt, decrypt, sign, and verify mails sent using OpenPGP.To read this article in full or to leave a comment, please click here | |||
|
2017-01-24 10:25:00 | Severe vulnerability in Cisco\'s WebEx extension for Chrome leaves PCs open to easy attack (lien direct) | Anyone who uses the popular Cisco WebEx extension for Chrome should update to the latest version pronto. Google security researcher Tavis Ormandy recently discovered a serious vulnerability in the Chrome extension that leaves PCs wide open to attack.In older versions of the extension (before version 1.0.3) malicious actors could add a “magic string†to a web address or file hosted on a website. The magic string was designed to remotely activate the WebEx browser extension. Once the extension was activated the bad guys could execute malicious code on the target machine. To read this article in full or to leave a comment, please click here | |||
|
2017-01-24 08:53:00 | Saudi Arabia again hit with disk-wiping malware Shamoon 2 (lien direct) | The disk-wiping Shamoon malware, which was used in attacks that destroyed data on 35,000 computers at Saudi Aramco in 2012, is back; the Shamoon variant prompted Saudi Arabia to issue a warning on Monday.An alert from the telecoms authority, seen by Reuters, warned all organizations to be on the lookout for the variant Shamoon 2. CrowdStrike VP Adam Meyers told Reuters, “The Shamoon hackers were likely working on behalf of the Iranian government in the 2012 campaign and the more-recent attacks. It's likely they will continue.â€To read this article in full or to leave a comment, please click here | |||
|
2017-01-24 07:52:59 | Court denies US government appeal in Microsoft overseas email case (lien direct) | A U.S. appeals court will not reconsider its groundbreaking decision denying Department of Justice efforts to force Microsoft to turn over customer emails stored outside the country.The U.S. Court of Appeals for the Second Circuit, in a 4-4 decision Tuesday, declined to rehear its July decision that denied the DOJ access to the email of a drug trafficking suspect stored on a Microsoft server in Ireland. Microsoft has been fighting DOJ requests for the email since 2013.To read this article in full or to leave a comment, please click here | |||
|
2017-01-24 06:47:00 | 6 tips to protect your home network (lien direct) | Best practices Image by ThinkstockThe rise of malware targeting unsecured IoT endpoints, like the Mirai strain used as part of October's DDoS attack on Dyn, mean it's more important than ever to make security a priority. Remote workers who use their home office as their primary office are arguably at even more of a risk since they may be exposing corporate assets as well as personal assets. Untangle recommends the following best practices to secure your home network.To read this article in full or to leave a comment, please click here |
|||
|
2017-01-24 06:40:00 | Why you need a data protection officer (lien direct) | With enforcement of the European Union's General Data Protection Regulation (GDPR) set to begin on May 25, 2018, organizations that handle any personal data relating to EU residents must begin preparing now, if they haven't already.Most organizations will need to designate a data protection officer (DPO), says Steve Durbin, managing director of the Information Security Forum (ISF), a global, independent information security body that focuses on cyber security and information risk management."The GDPR is putting data protection practices at the forefront of business agendas worldwide," Durbin said in a statement earlier this month. "Its scope is unmatched by any other international law, and we estimate that more than 98 percent of ISF members will be affected by its requirements because they process the personal data of EU residents, or are based in the EU. For most organizations, the next 18 months will be a critical time for their data protection regimes as they determine the applicability of the GDPR and the controls and capabilities they will need to manage their compliance and risk obligations."To read this article in full or to leave a comment, please click here | |||
|
2017-01-24 06:38:00 | Study: 62% of security pros don\'t know where their sensitive data is (lien direct) | Ask organizations today about the value of data and you're likely to hear it measured in terms of competitive advantage, customer experience and revenue generation. As Dante Disparte and Daniel Wagner put it in a December 2016 HBR article, data is “becoming a centerpiece of corporate value creation.â€â€œToday most organizations are data-driven to one degree or another. Data contributes not only to brand equity, but to what constitutes product and service delivery in globally connected and hyper-competitive markets,†the pair wrote.But the value of data security is still largely defined “in terms of risk, cost, and regulatory compliance,†notes Forrester Research in the executive summary of a new report commissioned by data protection software provider Varonis Systems.To read this article in full or to leave a comment, please click here | |||
|
2017-01-23 23:35:24 | Pompeo sworn in as CIA chief amid opposition from surveillance critics (lien direct) | Mike Pompeo was sworn in late Monday by U.S. Vice President Michael Pence as the new director of the Central Intelligence Agency, amid protests from surveillance critics who worry about his conflicting views on a number of key issues.The oath of office was administered to him after the Senate voted in favor of his confirmation in a 66-32 vote.Critics of Pompeo, a Republican representative from Kansas, are concerned that he may weigh in with the government on a rollback of many privacy reforms, including restrictions on the collection of bulk telephone metadata from Americans by the National Security Agency under the USA Freedom Act. There are also concerns that the new director may try to introduce curbs on the use of encryption and bring in measures to monitor the social media accounts of people.To read this article in full or to leave a comment, please click here | |||
|
2017-01-23 15:17:14 | Yahoo pushes back timing of Verizon deal after breaches (lien direct) | Verizon's planned acquisition of Yahoo will take longer than expected and won't close until this year's second quarter, the internet company said on Monday.The $4.8 billion deal was originally slated to close in the first quarter, but that was before Yahoo reported two massive data breaches that analysts say may scrap the entire deal.Although Yahoo continues to work to close the acquisition, there's still work required to meet closing the deal's closing conditions, the company said in an earnings statement, without elaborating.Verizon has suggested that the data breaches, and the resulting blow to Yahoo's reputation, might cause it to halt or renegotiate the deal.To read this article in full or to leave a comment, please click here | Yahoo | ||
|
2017-01-23 14:35:00 | Open-source oriented RISELab emerges at UC Berkeley to make apps smarter & more secure (lien direct) | UC Berkeley on Monday launched a five-year research collaborative dubbed RISELab that will focus on enabling apps and machines that can interact with the environment around them securely and in real-time.The RISELab (Real-time Intelligence with Secure Execution) is backed by a slew of big name tech and financial firms: Amazon Web Services, Ant Financial, Capital One, Ericsson, GE Digital, Google, Huawei, Intel, IBM, Microsoft and VMWare. MORE: 7 really cool networking & IT research projectsTo read this article in full or to leave a comment, please click here | |||
|
2017-01-23 14:17:00 | 10 of the latest craziest and scariest things the TSA found on your fellow travelers (lien direct) | When it comes to our annual look at what wacky things the TSA pulls out of travelers' carryon luggage, every year the crazy seems to get a little crazier and the scary, well you know where we are going with this. Interestingly the TSA finds some amusement or amazement in these finding as it now posts its own Top 10 Most Unusual Finds which outlines the most “dangerous and often times wacky items†it has kept off commercial airliners. To start, we need to look at guns. The number of guns that traverse or try to traverse the skies in the United States continues to grow at an astounding rate. There was a 28% increase in firearm discoveries from 2015's total of 2,653. The TSA says that in 2016, 3,391 firearms were discovered in carry-ons --averaging more than nine firearms per day.To read this article in full or to leave a comment, please click here | |||
|
2017-01-23 13:08:00 | China goes after unauthorized VPN access from local ISPs (lien direct) | China is going after unauthorized internet connections, including tools known as VPNs (virtual private networks) that can bypass China's efforts to control the web.The crackdown is part of 14-month campaign from China's Ministry of Industry and Information Technology that's meant to clean up the country's internet service provider marketUnless authorized, internet service providers are forbidden from operating any “cross-border†channel business, including VPNs, the ministry said in a Sunday notice.  The announcement is a bit of rarity. The country has usually withheld from openly campaigning against VPN use, even as government censors have intermittently tried to squelch access to them in the past.  To read this article in full or to leave a comment, please click here | |||
|
2017-01-23 12:43:00 | The latest database attacks: Tips of the icebergs (lien direct) | MongoDB wasn't the first database hit by ransomware, just a rich target for attacks. Now, ElasticSearch and Hadoop have become ransomware targets. They won't be the last. Were these three database products insanely simple to secure? Yes. Were they secured by their installers? Statistics and BitCoin sales would indicate otherwise. And no, they won't be the last. Every hour of every day, websites get pounded with probes. A few are for actual research. When the probe is a fake logon, like the dozens of hourly WordPress admin fails I get on my various websites, you have some idea that the sender isn't friendly.To read this article in full or to leave a comment, please click here | |||
|
2017-01-23 10:55:00 | The essential guide to anti-malware tools (lien direct) | It's a sad fact of life in IT nowadays that some form of preparation for dealing with malware is part and parcel of what systems and network administrators must do. This goes above and beyond normal due diligence in warding off malware. It includes a proper appreciation of the work and risks involved in handling malware infections, and acquiring a toolkit of repair and cleanup tools to complement protective measures involved in exercising due diligence. It should also include at least two forms of insurance – one literal, the other metaphorical – that can help avert or cover an organization against costs and liabilities that malware could otherwise force the organization to incur.To read this article in full or to leave a comment, please click here | |||
|
2017-01-23 09:27:00 | IBM Security to buy risk-visualization firm Agile 3 Solutions (lien direct) | IBM Security plans to buy San Francisco-based Agile 3 Solutions, which makes software for visualizing data risk for analysis by senior executives.The deal is expected to close within weeks, but the financial terms were not released. It will include the purchase of Ravy Technologies, an Agile 3 subcontractor based in India.Agile 3's software identifies risks to business programs and assets, and enables actions to head off possible exploits that could affect business processes. It provides a dashboard for measuring compliance with regulations and legislation.NEWSLETTERS: Get the latest tech news sent directly to your in-box IBM Security customers will be able to buy Agile 3 technology as a service through IBM Data Security Services or as features rolled into IBM Guardian, the company's data-protection software. The company says the addition of the software will help identify and protect critical data.To read this article in full or to leave a comment, please click here | |||
|
2017-01-23 08:57:00 | Top 25 worst-of-the-worst, most common passwords used in 2016 (lien direct) | For the sixth year, SplashData has released its list of worst passwords.According to SplashData, the list is based on over 5 million leaked passwords used by users in North America and Western Europe that were posted for sale online.I thought it might be interesting to compare SplashData's newest list with the top 25 most common password list released last week by rival firm Keeper Security. According to the two companies, these were the top 25 worst passwords people used in 2016:To read this article in full or to leave a comment, please click here | |||
|
2017-01-23 08:14:00 | IDG Contributor Network: Public vs. private cloud: Why the public cloud is a real threat to security (lien direct) | The debate on public versus private cloud is a fierce one with advocates on both sides. Security experts, however, consistently fall in the pro-private camp. As a compliance and security expert, I have to agree.First, let's be clear on the definitions.The public cloud is available to the public-in a free or pay-per-use capacity-and is accessible via the web. Some examples include Google Apps, Office 365, file sharing applications such as Box or Dropbox, and so on. The private cloud, on the other hand, is the same service, but it sits behind your firewall and limits access to your internal departments, employees, customers, etc. in your organization. The private cloud is either run by your IT department or your data center. To read this article in full or to leave a comment, please click here | |||
|
2017-01-23 07:20:00 | Many Organizations Still Opt for “Good Enough†Cybersecurity (lien direct) | Late last year, ESG published a research report titled, Through the Eyes of Cyber Security Professionals, in collaboration with the Information Systems Security Association (ISSA). As part of this report, 437 cybersecurity professionals and ISSA members were asked if they'd experienced a number of types of security incidents. The research revealed that: 39% of organizations experienced one or several security incidents resulting in the need to reimage one or several endpoints or servers. 27% of organizations experienced one or several incidents of ransomware. 20% of organizations experienced one or several incidents resulting in the disruption of a business application. 19% of organizations experienced one or several incidents resulting in the disruption of a business process. It should be noted that between 23% and 30% of the survey population responded “don't know†or “prefer not to say†when asked about different types of security incidents so the percentages represented above are likely much higher.To read this article in full or to leave a comment, please click here | |||
|
2017-01-23 06:24:00 | IDG Contributor Network: New game, new rules: 3 steps to secure your bank in the digital age (lien direct) | Banks all around the world are re-imagining their businesses to put customer demands front and center. They are undergoing massive digital transformation processes to do so; however, these transformations, coupled with an always-connected, digitally savvy customer and an emerging “hacker industry,†create new and heightened security risks that banks must deal with immediately.This is a new normal for banks, as evidenced by recent attacks such as the SWIFT hack, and maintaining the security of their systems and customer data will require them to follow new rules and regulations.To read this article in full or to leave a comment, please click here | |||
|
2017-01-23 05:46:00 | How to keep branch offices as secure as corporate HQ (lien direct) | Rickety branches Image by PexelsYour gleaming corporate headquarters, filled with brand-new computers, may be what's on the front page of the company website, but we all know that in many large organizations, much of the day-to-day work happens in local branch offices, often small, poorly equipped, and understaffed. And of course, many companies and workers are embracing the flexibility offered by the internet to work at home full time. But these satellite worksites can end up causing big headaches for tech pros tasked with keeping company assets secure. We talked to a number of tech pros to find out more about the dangers-and the solutions.To read this article in full or to leave a comment, please click here |
|||
|
2017-01-23 03:26:00 | (Déjà vu) New products of the week 1.23.17 (lien direct) | New products of the week Image by SonusOur roundup of intriguing new products. Read how to submit an entry to Network World's products of the week slideshow.Backblaze Business Groups Image by BackblazeTo read this article in full or to leave a comment, please click here |
|||
|
2017-01-23 03:00:00 | REVIEW: Home security cameras fall short on security (lien direct) | How secure are IP-based “security cameras� Based on our review of seven home security cameras, the answer is: Not very. While these devices may get high marks for features and ease of use, security is another story. Our tests turned up results like these: One camera allows plaintext logins as the root user, with no password. That's horrifying in this day and age. The same camera uses an outdated version of SSL that allows data leakage. A firmware update fixes both issues, but the upgrade is optional and many users skip it. Another camera leaks its private API structure in plaintext even though it uses TLS to encrypt traffic. This potentially allows attackers to change video streams and possibly other device parameters. Yet another camera can run a hacked firmware image that disables some services and enables others. Two more cameras present SSL certificates that not only claim to be a different host, but also come from a certificate authority with a record of issuing bogus credentials. It's not all bad news. One camera, the CAN100USWT from Canary Connect, stood head and shoulders over the field in baking security into its product design. The Canary camera runs no services onboard, removing a whole class of attacks in which intruders try connecting to the device. And users cannot disable its automatic firmware upgrades, something we'd like to see in every device.To read this article in full or to leave a comment, please click here | |||
|
2017-01-23 03:00:00 | 6 steps to secure a home security camera (lien direct) | No device is 100 percent immune from vulnerabilities, but there are some simple, common-sense steps you can take to protect IP-based cameras:1. Don't put cameras on the public internet. Given the wide availability of free scanning and vulnerability detection tools, it makes sense to avoid using routable IP addresses for IP cameras if at all possible. The recent DDoS attacks on core DNS infrastructure used botnets of public cameras, and all the attackers had to do was find the cameras.Instead, put cameras behind a firewall and run network address translation (NAT). While NAT is not itself a security mechanism, and has a long and well-deserved history of derision for breaking the Internet's core principle of end-to-end connectivity, it will at least offer some protection from probes by scanning tools.To read this article in full or to leave a comment, please click here | |||
|
2017-01-22 10:22:00 | Admin of anonymous, Tor-friendly email service has electronics seized at US border (lien direct) | If you don't live in the US and run an anonymous, Tor-friendly email service – such as one used by 4chan and 8chan – sadly, it's a pretty decent bet that you would experience some drama when entering the US. At least that was the case for Vincent Canfield as he was detained by US Customs and Border Protection and had all of his electronics seized by the agency. He is originally from the US, but currently resides in Romania.Canfield, the admin of the cock.li e-mail hosting service, came to vacation in the US after attending the 33rd Chaos Communication Congress held in Germany during December. He claims CBP detained him for over three hours, asking “lots of strange†and “some offensive questions†about his personal life. He refused to comply and instead gave them his attorney's contact information. Agents allegedly demanded that he decrypt his phone so they could “make sure there isn't any bad stuff on there.†Again he refused, so CPB seized the 14 electronic devices that Canfield had with him.To read this article in full or to leave a comment, please click here | |||
|
2017-01-20 18:04:28 | Lavabit developer has a new encrypted, end-to-end email protocol (lien direct) | The developer behind Lavabit, an email service that noted leaker Edward Snowden used, is releasing source code for an open-source end-to-end encrypted email standard that promises surveillance-proof messaging. The code for the Dark Internet Mail Environment (DIME) standard will become available on Github, along with an associated mail server program, said its developer Ladar Levison on Friday. DIME will work across different service providers and perhaps crucially will be "flexible enough to allow users to continue using their email without a Ph.D. in cryptology," said Levison. To coincide with its launch, Levison is also reviving Lavabit. The encrypted email service shut down in 2013 when federal agents investigating Snowden demanded access to email messages of his 410,000 customers, including their private encryption keys.To read this article in full or to leave a comment, please click here | |||
|
2017-01-20 13:46:18 | Researchers propose a way to use your heartbeat as a password (lien direct) | Researchers at Binghamton State University in New York think your heart could be the key to your personal data. By measuring the electrical activity of the heart, researchers say they can encrypt patients' health records. Â The fundamental idea is this: In the future, all patients will be outfitted with a wearable device, which will continuously collect physiological data and transmit it to the patients' doctors. Because electrocardiogram (ECG) signals are already collected for clinical diagnosis, the system would simply reuse the data during transmission, thus reducing the cost and computational power needed to create an encryption key from scratch.To read this article in full or to leave a comment, please click here | |||
|
2017-01-20 11:24:00 | The CSO guide to top security conferences (lien direct) | There is nothing like attending a face-to-face event for career networking and knowledge gathering, and we don't have to tell you how helpful it can be to get a hands-on demo of a new tool or to have your questions answered by experts.Fortunately, there are plenty of great conferences coming up in the months ahead.If keeping abreast of security trends and evolving threats is critical to your job - and we know it is - then attending some top-notch security conferences is on your must-do list for 2017.From major events to those that are more narrowly focused, this list from the editors of CSO, will help you find the security conferences that matter the most to you.To read this article in full or to leave a comment, please click here | |||
|
2017-01-20 11:23:00 | Trump nominee suggests IRS cybersecurity and staffing boosts (lien direct) | Cybersecurity and staffing upgrades at the Internal Revenue Service appear to be in store, assuming Steven Mnuchin is confirmed as Treasury Secretary in the new Trump Administration.Mnuchin, a former CIO and executive vice president for Goldman Sachs, told senators in a five-hour confirmation hearing on Thursday that he is "very concerned about the lack of first-rate technology at the IRS" as well as staff cuts in recent years. Mnuchin is expected to be confirmed, and would likely work with Trump to pick the next IRS director.To read this article in full or to leave a comment, please click here | |||
|
2017-01-20 11:03:09 | Spanish police nab suspected hacker behind Neverquest banking malware (lien direct) | Spanish police have arrested a Russian programmer suspected of developing the Neverquest banking Trojan, a malware targeting financial institutions across the world.The 32-year-old Russian citizen known as Lisov SV was arrested at the Barcelona airport, Spain's law enforcement agency Guardia Civil said on Friday.The FBI had been working with Spanish authorities to track down the suspect through an international arrest warrant, according to a statement from the agency. The FBI, however, declined to comment on the man's arrest.Neverquest is designed to steal username and password information from banking customers. Once it infects a PC, the malware can do this by injecting fake online forms into legitimate banking websites to log any information typed in. It can also take screenshots and video from the PC's desktop and steal any passwords stored locally.To read this article in full or to leave a comment, please click here | |||
|
2017-01-20 07:51:38 | Google pushed developers to fix security flaws in 275,000 Android apps (lien direct) | Over the past two years, Google has pressured developers to patch security issues in more than 275,000 Android apps hosted on its official app store. In many cases this was done under the threat of blocking future updates to the insecure apps.Since 2014, Google has been scanning apps published on Google Play for known vulnerabilities as part of its App Security Improvement (ASI) program. Whenever a known security issue is found in an application, the developer receives an alert via email and through the Google Play Developer Console.When it started, the program only scanned apps for embedded Amazon Web Services (AWS) credentials, which was a common problem at the time. The exposure of AWS credentials can lead to serious compromises of the cloud servers used by apps to store user data and content.To read this article in full or to leave a comment, please click here | Guideline | ||
|
2017-01-20 05:14:00 | How to wake the enterprise from IoT security nightmares (lien direct) | The IoT security market will reach a valuation of $36.95 billion by 2021, says data from a Marketsandmarkets.com analyst report. Where the cyber security mayhem grows, so flows the security market money. In 2017, experts predict that gaping IoT security holes will lead to the destruction of critical infrastructure and increases in competitive intelligence gathering and intellectual property theft. 2017 will see more DDoS attacks of the magnitude that brought down the Dyn Domain Name System service and many high-profile web domains with it.To read this article in full or to leave a comment, please click here | Guideline | ||
|
2017-01-20 05:12:00 | How fortified is your SAP against security breaches? (lien direct) | Fortified Image by CrisCan you even tell if a breach has occurred? Have you inventoried its vulnerabilities - and taken steps to prevent, for example, a $22 million per minute loss due to a SAP breach as experienced by one Fortune 100 company? Or have you concluded that the scale of SAP ERP implementations makes it just too big to manage? Ask yourself these 10 questions - compiled by David Binny, vice president of product management at Panaya, and gleaned from its analysis of thousands of SAP landscapes - to find out if your SAP is safe.To read this article in full or to leave a comment, please click here |
|||
|
2017-01-19 23:29:44 | Microsoft\'s standing to sue over secret US data requests in question (lien direct) | Microsoft's lawsuit objecting to the indiscriminate use by U.S. law enforcement of orders that demand user data without the opportunity to inform the customer may run into questions about the software giant's standing to raise the issue on behalf of its customers.A government motion to dismiss Microsoft's complaint comes up for oral arguments Monday and significantly the judge said on Thursday that the issue of whether Fourth Amendment rights are personal or can be “vicariously†asserted by third-parties on behalf of their customers would have to be addressed by both sides. The Fourth Amendment to the U.S. Constitution prohibits unreasonable searches and seizure of property.To read this article in full or to leave a comment, please click here | |||
|
2017-01-19 14:06:31 | Assange seeks to discuss his US extradition with the feds (lien direct) | WikiLeaks founder Julian Assange said he stands by an earlier pledge to face trial in the U.S., but he is first urging federal investigators to name the exact charges against him."I stand by what I said," Assange stated during a webcast on Thursday. "We look forward to having a conversation with the DOJ (U.S. Department of Justice) about what the correct way forward is."Assange previously made his pledge on the condition that President Barack Obama grant clemency to Chelsea Manning, a former U.S. soldier who was jailed for disclosing sensitive documents to WikiLeaks back in 2010.To read this article in full or to leave a comment, please click here | |||
|
2017-01-19 12:38:00 | Air Force goes after cyber deception technology (lien direct) | A little cyber-trickery is a good thing when it comes to battling network adversaries.The Air Force Research Lab (AFRL) tapped into that notion today as it awarded a $750,000 grant to security systems developer Galios to develop a cyber deception system that will “dramatically reduce the capabilities of an attacker that has gained a foothold on a network.â€Specifically, Galios will develop its Prattle system for the Air Force. Galios describes Prattle as a system that generates traffic that misleads an attacker that has penetrated a network: making them doubt what they have learned, or to cause them to make mistakes that increase their likelihood of being detected sooner.To read this article in full or to leave a comment, please click here | Guideline | ||
|
2017-01-19 11:17:05 | Encrypted email service ProtonMail is now accessible over Tor (lien direct) | The creators of encrypted email service ProtonMail have set up a server that's only accessible over the Tor anonymity network as a way to fight possible censorship attempts in some countries.ProtonMail was created by computer engineers who met while working at the European Organization for Nuclear Research (CERN). The service provides end-to-end encrypted email through a web-based interface and mobile apps, but the encryption is performed on the client side, and the ProtonMail servers never have access to plaintext messages or encryption keys.On Thursday, Proton Technologies, the Geneva-based company that runs ProtonMail, announced that it has set up a Tor hidden service, or onion site, to allow users to access the service directly inside the Tor anonymity network.To read this article in full or to leave a comment, please click here | |||
|
2017-01-19 09:24:00 | Secdo automates alert investigation with preemptive incident response  (lien direct) | This column is available in a weekly newsletter called IT Best Practices.  Click here to subscribe.  “We don't receive enough alerts in our security operations center,†said no security analyst ever. The fact is, most SOC teams are overwhelmed with security alerts and they must prioritize which ones to investigate. Many alerts are simply ignored for lack of resources, yet quite often after a data breach it turns out there was an alert pointing at the breach early on. In the case of one prominent breach at a major retailer a few years ago, many sources report that a FireEye tool generated an alert confirming that malicious software showed up on a company system. Because so many of those particular alerts were false positives, it was ignored, which subsequently led to one of the largest and most costly retail data breaches in history.To read this article in full or to leave a comment, please click here | |||
|
2017-01-19 08:05:00 | IDG Contributor Network: Data protection and security: What\'s in store for 2017? (lien direct) | Every second, new updates occur in the world of technology. Information is easier to access, online searches load faster, and mobile and web payments are now simplified and common. Consumers and companies want the ability to do everything online-store documents, make payments, brainstorm ideas for expansion and growth-using remote servers and cloud-storing software.On the flip side, this demand for instant access and connectivity means ample opportunities for hackers to score. In response, technology developers are working at record speeds to keep data secure.+ Also on Network World:Â 2017 breach predictions: The big one is inevitable + But it isn't an easy task. Consumers want the feeling of added security, but they don't want to deal with extra steps to protect themselves. Case in point, you have passwords for apps and logins to bank accounts, credit cards, Starbucks, and more on your phone. Now, with Apple's Touch ID, you can set up access with a single login method-your fingerprint. Is that more or less secure? Or is it simply preferred because of its ease of use? All a hacker needs to do is replicate your fingerprint and they have instant access.To read this article in full or to leave a comment, please click here | |||
|
2017-01-19 07:17:55 | Attackers start wiping data from CouchDB and Hadoop databases (lien direct) | It was only a matter of time until ransomware groups that wiped data from thousands of MongoDB databases and Elasticsearch clusters started targeting other data storage technologies. Researchers are now observing similar destructive attacks hitting openly accessible Hadoop and CouchDB deployments.Security researchers Victor Gevers and Niall Merrigan, who monitored the MongoDB and Elasticsearch attacks so far, have also started keeping track of the new Hadoop and CouchDB victims. The two have put together spreadsheets on Google Docs where they document the different attack signatures and messages left behind after data gets wiped from databases.To read this article in full or to leave a comment, please click here | |||
|
2017-01-19 06:06:00 | Is antivirus getting worse? (lien direct) | Is anti-virus software getting worse at detecting both known and new threats?Earlier this week, Stu Sjouwerman, CEO of security awareness training company KnowBe4, looked at the data published by the Virus Bulletin, a site that tracks anti-virus detection rates. And the numbers didn't look good.Average detection rates for known malware went down a couple of percentage points slightly from 2015 to 2016, he said, while detection rates for zero-days dropped in a big way - from an average of 80 percent down to 70 percent or lower.To read this article in full or to leave a comment, please click here | |||
|
2017-01-19 06:00:00 | 7 (more) security TED Talks you can\'t miss (lien direct) | Second edition Image by Thomas XuThe first list 10 security Ted Talks you can't miss was so popular we decided to serve another. So here is another batch of must see security and privacy videos. In this selection you'll find speakers taking on some of the most pressing, and persistent, security and privacy challenges of our time, from how society can fight the war on terror while maintaining the social values we cherish to Bruce Schneier's talk on how challenging it is for us to evaluate and understand risk. It's a must-see talk. Well, we think they all are, so enjoy.To read this article in full or to leave a comment, please click here |
|||
|
2017-01-18 23:38:38 | CIA updates rules for collecting and retaining info on US people (lien direct) | The U.S. Central Intelligence Agency on Wednesday updated rules relating to the collection, retention and dissemination of information of U.S. persons, including putting a limit of five years on holding certain sensitive data and introducing restrictions for querying the data.The announcement by the spy agency comes a couple of days before a new administration under President-elect Donald Trump takes charge, and could address to an extent concerns expressed by civil rights groups about the collection and handling of information of U.S. persons in the course of overseas surveillance. Such information is collected by the CIA under Executive Order 12333.To read this article in full or to leave a comment, please click here | |||
|
2017-01-18 14:37:33 | Mac malware is found targeting biomedical research (lien direct) | A Mac malware that's been spying on biomedical research centers may have been circulating undetected for years, according to new research.Antivirus vendor Malwarebytes uncovered the malicious code, after an IT administrator spotted unusual network traffic coming from an infected Mac.The malware, which Apple calls Fruitfly, is designed to take screen captures, access the Mac's webcam, and simulate mouse clicks and key presses, allowing for remote control by a hacker,  Malwarebytes said in a blog post on Wednesday.The security firm said that neither it nor Apple have identified how the malware has been spreading. But whoever designed it relied on “ancient†coding functions, dating back before the Mac OS X operating system launch in 2001, said Malwarebytes researcher Thomas Reed in the blog post.To read this article in full or to leave a comment, please click here | |||
|
2017-01-18 14:30:00 | 10 Cool Security Startups Vying for Glory at RSA Conference (lien direct) | Hot topics at this year's RSA Conference in February will include cloud security, Internet of Things security and encryption -- and all of those issues unsurprisingly are represented among the 10 finalists announced for the event's annual Innovation Sandbox Contest for startups.I ran the company descriptions provided in the RSA Conference press release about the contest through a Wordcloud generator and produced the spectacular graphic above that put "data" protection at the heart of what these newcomers are addressing. The biggest shock for me was that machine learning didn't get mentioned in each description...but it did make the cut in three of the 10.To read this article in full or to leave a comment, please click here | |||
|
2017-01-18 13:15:00 | Fraud for online holiday sales spikes by 31% (lien direct) | Fraud attempts on digital retail sales jumped 31% from Thanksgiving to Dec. 31 over the previous year, according to a survey of purchasing data from ACI Worldwide.The fraud increase was based on hundreds of millions of online transactions with major merchants globally. Also, the number of e-commerce transactions grew by 16% for the same period, ACI said.Some of the fraud attempts came from the use of credit card numbers purchased in underground chat channels, ACI said.“Given the consistent and alarming uptick in fraudulent activity on key dates, merchants must be proactive in their efforts to identify weak spots and define short and long-term strategies for improved security and enhanced customer experience,†said Markus Rinderer, senior vice president of platform solutions at ACI.To read this article in full or to leave a comment, please click here |
To see everything:
Our RSS (filtrered)
