What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2017-01-12 07:33:00 | 43% off Microsoft Wireless Desktop 900 Keyboard and Mouse Bundle - Deal Alert (lien direct) | The Wireless Desktop 900 keyboard from Microsoft has quiet-touch keys and customizable buttons for access to the Windows features you use most. The full-size ambidextrous mouse provides comfortable, precise navigation. The Wireless Desktop 900 also includes Advanced Encryption Standard to help protect your information by encrypting your keystrokes. Both the keyboard and the mouse have an average battery life of 2-years. The typical list price of $50 has been reduced to $28.28, making this a good deal on Amazon where it averages 4.5 out of 5 stars (read recent reviews) from over 140 reviewers. Â See it now on Amazon.To read this article in full or to leave a comment, please click here | |||
|
2017-01-12 06:00:00 | IDG Contributor Network: Nyotron launches to \'secure the world.\' Simple, eh? (lien direct) | Nyotron today launched its cybersecurity product in the U.S. Nothing too exciting about that, but the history of the company's founder might pique your interest.Nir Gaist is the sort of over-achiever that one either worries hugely about or admires greatly (or probably both in equal measure). Nyotron's CEO and founder, Gaist started programing at the age of six. (Which leads me to ask, what took him so long?) In 2008, he and his brother Ofer Gaist, now COO, started Nyotron as a penetration testing company. Before founding the company, and as a departure from his buddies who were probably playing Candy Crush or something, Nir hacked an Israeli service provider, which was so impressed with his skills it ended up hiring him. From there, he went on to test telephone systems, online banking protocols, ATMs and more for the largest banks in Israel. To read this article in full or to leave a comment, please click here | Guideline | ||
|
2017-01-12 05:50:00 | South African bank tells its tale of battling ransom attacks (lien direct) | In November of 2015, First National Bank of South Africa received a ransom email from the Armada Collective, which was quickly followed by a teaser flood attack that the bank proactively mitigated. Sort of a shot across the bow to make sure the bank knew the criminals were serious.Bank officials didn't flinch. According to a verbatim in Radware's recently released Global Application & Security survey, the bank detected and mitigated the teaser flood attack before officials discovered the email, which had been sent to an unattended mailbox while the company was closed. With a hybrid DDoS mitigation solution in place, the flood attack had no impact and was immediately diverted to a scrubbing center for cleanup.To read this article in full or to leave a comment, please click here | |||
|
2017-01-12 05:46:00 | How much is a data breach going to cost you? (lien direct) | It is going to cost ya Image by ThinkstockA recent IBM study found that the average cost of a data breach has hit $4 million-up from $3.8 million in 2015. There are countless factors that could affect the cost of a data breach in your organization, and it's virtually impossible to predict the exact cost. You might be able to estimate a range with the help of a data breach calculator, but no single tool is perfect.To read this article in full or to leave a comment, please click here |
|||
|
2017-01-11 18:00:34 | Trump\'s push for cyber defense is sorely needed, experts say (lien direct) | President-elect Donald Trump plans to consult "the greatest computer minds†for input on bolstering U.S. hacking defenses, as experts say an overhaul to the country's cybersecurity is badly needed.“We're going to put those minds together, and we're going to form a defense,†Trump said in a Wednesday press conference.Trump made the statement as he said Russia, China and other parties continue to launch cyber attacks against the U.S. In recent weeks, he's also been confronting claims that the Kremlin used hacks and online propaganda in a covert campaign to tilt the election in his favor.To read this article in full or to leave a comment, please click here | |||
|
2017-01-11 14:52:00 | Trump doc claims Russia has cracked Telegram messaging service (lien direct) | The raw intelligence document published this week that contains salacious stories about Donald Trump also offers up a glimpse into how Russia goes about its cyber spying – including the tidbit that it has cracked Telegram's encrypted instant messaging service.While none of the 35-page document is substantiated, it is detailed, and at least some of it is considered credible enough by U.S. intelligence agencies for them to have briefed Trump and President Barack Obama on it.According to the documents prepared by a former British spy, a “cyber operative†for the Russian Federal Security Service (FSB) told him that Telegram no longer posed an issue for the government. “His/her understanding was that the FSB now successfully had cracked this communication software and therefore it was no longer secure to use,†the document says.To read this article in full or to leave a comment, please click here | |||
|
2017-01-11 13:19:00 | Security tops app services priority list (lien direct) | Security, not availability, is now the number one priority driving the adoption of application services, according to a new report by F5 Networks.Applications are becoming core to the digital economy, and organizations are increasingly turning to application services to keep them humming. In its third annual State of Application Delivery report, F5 Networks found that the average number of app services used by organizations increased from 11 in 2016 to 14 today. Sangeeta Anand, senior vice president of product management and marketing at F5 Networks, adds that the average organization plans to deploy 17 app services in the next 12 months.To read this article in full or to leave a comment, please click here | |||
|
2017-01-11 13:18:00 | DHS should have a cybersecurity unit, says panel chairman (lien direct) |
WASHINGTON -- The chairman of the U.S. House Committee on Homeland Security said Wednesday his top priority in 2017 will be to push for creation of a cybersecurity agency within the Department of Homeland Security.
“DHS needs focus and resources, and they are doing a decent job, but could be doing a lot better with the help of Congress,†said U.S. Rep. Michael McCaul (R-Texas) in comments to reporters at the National Press Club. “It's not a Republican or Democratic issue.â€ Ed Schipul
U.S. Rep. Michael McCaul (R-Texas)To read this article in full or to leave a comment, please click here |
|||
|
2017-01-11 11:18:00 | \'Found a nasty bug in my (Cisco) ASA this morning\' (lien direct) | The above headline on a post to Reddit piqued my interest this afternoon because it was in that site's section devoted to system administration and those people know a bug when they encounter one.The Redditor elaborates: “I found a bug in my ASA today. Eth 0/2 was totally unusable and seemed 'blocked.' These Cisco bugs are really getting out of hand. I'm just glad I didn't open this port up to the web.â€Scare quotes around blocked? Gratuitous mention of the web. I smelled a ruse before even opening the first of three pictures.No. 1, labeled “checking layer 1:â€To read this article in full or to leave a comment, please click here | |||
|
2017-01-11 10:14:15 | Professionally designed ransomware Spora might be the next big thing (lien direct) | Security researchers have found a new ransomware program dubbed Spora that can perform strong offline file encryption and brings several innovations to the ransom payment model.The malware has targeted Russian-speaking users so far, but its authors have also created an English version of their decryption portal, suggesting they will likely expand their attacks to other countries soon.Spora stands out because it can encrypt files without having to contact a command-and-control (CnC) server and does so in a way still allows for every victim to have a unique decryption key.Traditional ransomware programs generate an AES (Advanced Encryption Standard) key for every encrypted file and then encrypts these keys with an RSA public key generated by a CnC server.To read this article in full or to leave a comment, please click here | |||
|
2017-01-11 10:12:00 | Your Windows 10 PC may soon lock itself when you walk away (lien direct) | Windows 10 Insider previews are sometimes just full of surprises. An unmentioned feature in Build 15002 was recently uncovered by Windows Central that appears to be a complementary feature to Windows Hello, the biometric login system that automatically unlocks your PC when you sit in front of it.Dubbed Dynamic Lock, this newly discovered feature is designed to automatically lock down your computer when Windows detects that you're away. It's not clear if the feature is working yet and Microsoft has yet to discuss it publicly. For that reason it's unknown what Dynamic Lock actually does. Though Windows Central says Microsoft's internal name for the feature is “Windows Goodbye,†which indeed suggests a close relationship with Windows Hello.To read this article in full or to leave a comment, please click here | |||
|
2017-01-11 09:36:42 | Trump: It was probably Russia that hacked the DNC, Clinton campaign (lien direct) | Russia was likely behind the hacks of the Democratic National Committee and Hillary Clinton's presidential campaign, U.S. President-elect Donald Trump has finally acknowledged. In his first news conference in about six months, Trump also said Wednesday that cybersecurity will be a top priority for his administration. He wants proposals on new hacking defenses within 90 days. "We get hacked by everybody," he said. Trump's new found belief that Russia was responsible for cyberattacks during the presidential campaign comes after months of doubting U.S. intelligence reports that blamed Russia. But Trump also suggested U.S. intelligence may have leaked a 35-page dossier that accuses his campaign of working with Russian intelligence.To read this article in full or to leave a comment, please click here | |||
|
2017-01-11 08:59:00 | IDG Contributor Network: Security fatigue-or how I learned to overcome laziness and use a password manager (lien direct) | I admit it: I sometimes suffer from “security fatigue,†and I bet you do, too.If you've ever reused a password for a new site login, thinking the site isn't that important, you suffer from it. If you've clicked on a tempting email offer or social media request, even if it looked sketchy, you've got it. And if you've sent a business document to your private email so you can keep working on it at home, you've definitely got it.+ Also on Network World: The CSO password management survival guide + You're not alone. Security fatigue is a bug the majority of us have. A NIST study recently reported that most people don't do the right thing when it comes to cybersecurity because they are too lazy, too hurried, or not convinced that they are a target for cybercrime.To read this article in full or to leave a comment, please click here | |||
|
2017-01-11 07:40:00 | Pentagon tested world\'s largest swarm of autonomous micro-drones (lien direct) | Have you ever seen a starling murmuration as the flock twists and turns in fantastic aerial acrobatics as if the mass shares one brain? Next time you think you see one, look again. It might not be a swarm of birds, but a swarm of 3D-printed, autonomous micro-drones.The U.S. Department of Defense announced a successful test of 103 Perdix drones. Granted, the drones are not a beautiful product of nature like starlings, but the swarm does act like a “collective organism†that shares a single brain for decision making.To read this article in full or to leave a comment, please click here | |||
|
2017-01-11 07:28:00 | Best Buy responds to Geek Squad snooping case (lien direct) | Best Buy offered its response to claims its Geek Squad repair technicians snoop through PCs brought in for repair, making a claim that is fairly obvious, given its situation. It stems from my last blog post, "Why you shouldn't trust Geek Squad ever again," which in turn was inspired by an Orange County Weekly article that claimed the FBI was paying Geek Squad staffers a $500 reward for any incriminating evidence they find in a device brought in for repair.To read this article in full or to leave a comment, please click here | |||
|
2017-01-11 07:23:00 | Geeky ways to celebrate Friday the 13th (lien direct) | You're in luck We've cobbled together a slew of things for the geeky among you to do on Jan. 13 -- Friday the 13th that isth. And we suggest you do it up because you won't get another chance until Oct. 13, 2017.Don't miss the day! Mobile apps exist solely for the purpose of reminding you when Friday the 13th is coming up. Pocketkai's free iOS app will remind you of the one to three Friday the 13ths coming up each year for the next 50 years. The Bogeyman's Android app will do likewise, for the next 10 Friday the 13ths.To read this article in full or to leave a comment, please click here |
|||
|
2017-01-11 07:10:00 | DARPA developing secure data sharing wireless technology (lien direct) | The researchers at the Defense Advanced Research Projects Agency will later this month discuss a new software system that would let multiple levels of classified data traverse current commercial and military wireless networks while preserving the security of sensitive information. +More on Network World: The weirdest, wackiest and coolest sci/tech stories of 2016+ The agency's Secure Handhelds on Assured Resilient networks at the tactical Edge (SHARE) program will “secure tactical mobile handheld devices to support distributed multilevel information sharing without the need for reaching back to large-scale fixed infrastructure, create new networks based on resilient and secure architectures that work in challenging environments, and develop software that rapidly configures security across the network,†DARPA says.To read this article in full or to leave a comment, please click here | |||
|
2017-01-11 06:41:00 | How White Hat hackers do bad things for good reasons (lien direct) | Imagine you are the receptionist at the front desk of a bank around Valentine's Day. There are countless bouquets of flowers and boxes of chocolate being dropped off for delivery to employees. You just set them aside and alert the employee upon arrival.But what about that one box with no name on it that just says “To my love.†Taped to the box is a DVD. The delivery person says he doesn't know who it is for, he tells the receptionist that he just delivers the packages. The receptionist wants the romantic package to make it to the intended target, so she puts the DVD into her computer in hopes it can give her a clue.A video animation pops up on her screen of a bunny saying “I love you.†However behind the scenes an executable is placed on the computer. And now the criminal is inside the company's network.To read this article in full or to leave a comment, please click here | |||
|
2017-01-11 06:38:00 | IBM Watson, FDA to explore blockchain for secure patient data exchange (lien direct) | IBM's Watson Health artificial intelligence unit has signed a two-year joint-development agreement with the U.S. Food and Drug Administration (FDA) to explore using blockchain technology to securely share patient data for medical research and other purposes.IBM Watson Health and the FDA will explore the exchange of patient-level data from several sources, including electronic medical records (EMRs), clinical trials, genomic data, and health data from mobile devices, wearables and the "Internet of Things." The initial focus will be on oncology-related information."The healthcare industry is undergoing significant changes due to the vast amounts of disparate data being generated. Blockchain technology provides a highly secure, decentralized framework for data sharing that will accelerate innovation throughout the industry," IBM Watson Health Chief Science Officer Shahram Ebadollahi said in a statement.To read this article in full or to leave a comment, please click here | |||
|
2017-01-11 06:30:00 | As authentication options blossom, startup tries to simplify deployment, maintain flexibility (lien direct) |
A startup with a strong pedigree is trying to address the problem that businesses have keeping up with the ever-increasing options for authentication.Transmit Security is shipping a server platform that off-loads the authentication chores that would otherwise reside within applications, making it simpler to roll out authentication in the first place and to upgrade it later without ever touching the applications themselves. Rakesh Loonkar
Rakesh LoonkarTo read this article in full or to leave a comment, please click here |
|||
|
2017-01-11 06:07:00 | No honor among thieves: Crooks seeking ransom for MongoDB data someone else stole (lien direct) | It took less than a week for criminals to drain virtually all publicly exposed MongoDB servers of their data, and now a second tier of opportunistic thieves is trying to walk off with the ransom.When attackers initially deleted the data, sometimes terabytes at a time, they left ransom notes demanding payments in bitcoin.+ ALSO ON NETWORK WORLD Be careful not to fall for these ransomware situations +To read this article in full or to leave a comment, please click here | |||
|
2017-01-10 23:55:05 | Trump allegedly backed compromise of DNC emails, say leaked docs (lien direct) | U.S. President-elect Donald Trump and senior members of his campaign team allegedly knew and supported the leak of emails of the Democratic National Committee, according to unsubstantiated documents leaked by a news outlet on Tuesday.The dossier of memos, published by BuzzFeed, quotes an unnamed "Source E," described as an ethnic Russian and close associate of Trump, as acknowledging that the Russian regime had been behind the leak of e-mail messages originating from the Democratic National Committee (DNC) to the WikiLeaks whistleblowing site. The Trump team in return agreed to "sideline Russian intervention in Ukraine as a campaign issue,†and raise certain issues that would deflect attention from Ukraine.To read this article in full or to leave a comment, please click here | |||
|
2017-01-10 16:36:00 | US Intel report: Russia allegedly obtained \'compromising\' info on Trump (lien direct) | A classified intelligence report on the Kremlin's suspected efforts to meddle with the U.S. election reportedly includes a bombshell allegation: that Russian operatives have compromising personal and financial information about President-elect Donald Trump. According to CNN, the allegation was presented to Trump last week in a meeting with U.S. intelligence chiefs to discuss claims of Russia's role in sponsoring hacks that influenced last year's election. Trump had questioned Russia's role in the hacking of the Democratic National Committee before the meeting, but afterwards changed his tune and conceded Russia could have played a role.To read this article in full or to leave a comment, please click here | |||
|
2017-01-10 14:22:52 | Adobe patches critical flaws in Flash Player, Reader and Acrobat (lien direct) | Adobe Systems released security updates for its Flash Player, Adobe Reader and Acrobat products fixing critical vulnerabilities that could allow attackers to install malware on computers.The Flash Player update fixes 13 vulnerabilities, 12 that can lead to remote code execution and one that allows attackers to bypass a security restriction and disclose information. Adobe is not aware of any exploit for these flaws existing in the wild.Users are advised to upgrade to Flash Player version 24.0.0.194 on Windows, Mac and Linux. The Flash Player plug-in bundled with Google Chrome, Microsoft Edge and Internet Explorer will be automatically upgraded through those browsers' respective update mechanisms.To read this article in full or to leave a comment, please click here | Guideline | ||
|
2017-01-10 13:36:00 | US Intel: Russia hacked Republican groups during election (lien direct) | Democratic groups and figures weren't the only ones targeted in Russia's suspected campaign to influence last year's U.S. election. Russian cyberspies also targeted computers from state-level Republican groups and stole information from local voter registration records, FBI director James Comey said. "There were successful penetrations of some groups and campaigns, particularly at the state-level on the Republican side," Comey said during a senate committee hearing on Tuesday. He and three U.S. intelligence chiefs spoke at the hearing, following their Friday report accused the Kremlin of ordering a covert campaign that helped boost incoming President Donald Trump's election chances.To read this article in full or to leave a comment, please click here | |||
|
2017-01-10 12:53:10 | Microsoft releases one of its smallest monthly security patch bundles (lien direct) | Microsoft has released its first batch of patches for this year, and it's one of the smallest ever for the company, with only three vulnerabilities fixed across its entire product portfolio.The patches are covered in four security bulletins, but one is dedicated to Flash Player, for which Microsoft distributed patches through Windows update.The only security bulletin rated as critical is the one for Microsoft Office and Office Services and Web Apps. It covers a memory corruption vulnerability that can be exploited by tricking users to open specially crafted files and can lead to remote code execution.To read this article in full or to leave a comment, please click here | Guideline | ||
|
2017-01-10 10:54:00 | Microsoft releases only 4 security bulletins, 2 critical, on first 2017 Patch Tuesday (lien direct) | For the first Patch Tuesday of 2017, Microsoft is easing us into it by releasing only four security bulletins, half are of which are rated as critical for remote code execution flaws. In reality, only three of those are for Windows systems!This is the lightest load I can recall Microsoft handing us. It almost feels like this surely can't be right, but hey – you didn't want to work hard today anyhow, did you?CriticalMS17-002 resolves a remote code execution flaw in Microsoft Office. Microsoft Word 2016 32-bit and 64-bit editions and Microsoft SharePoint Enterprise Server 2016 are listed as the only affected software versions. The RCE bug is a result of Office software failing to properly handle objects in memory. If an attacker successfully exploited the flaw, and the user had admin rights, the attacker could take control of the box.To read this article in full or to leave a comment, please click here | |||
|
2017-01-10 09:22:14 | Disk-wiping malware Shamoon targets virtual desktop infrastructure (lien direct) | A cybersabotage program that wiped data from 30,000 computers at Saudi Arabia's national oil company in 2012 has returned and is able to target server-hosted virtual desktops.The malware, known as Shamoon or Disttrack, is part of a family of destructive programs known as disk wipers. Similar tools were used in 2014 against Sony Pictures Entertainment in the U.S. and in 2013 against several banks and broadcasting organizations in South Korea.Shamoon was first observed during the 2012 cyberattack against Saudi Aramco. It spreads to other computers on a local network by using stolen credentials and activates its disk-wiping functionality on a preconfigured date.To read this article in full or to leave a comment, please click here | |||
|
2017-01-10 07:57:00 | Fortinet embraces Cisco, HPE, Nokia (lien direct) | Fortinet is adding Cisco, HPE and Nokia to its stable of partners whose security gear can share information with Fortinet products to improve overall security.The company is announcing at its Accelerate 2017 customer conference this week that equipment made by these new partners will integrate into the Fortinet Security Fabric via an API to tighten security in core networks, remote devices and the cloud.The amount of sharing that goes on depends on the individual third-parties' APIs.Fortigate Security Fabric is woven from Fortinet products that can communicate among each other to find and analyze threats and let admins see their input in a single window. That's an upgrade from the initial fabric in which IT teams had to switch among the dashboards for the Fortinet products involved.To read this article in full or to leave a comment, please click here | |||
|
2017-01-10 07:27:00 | Mayer: not so much leaving Yahoo, as taking it with her? (lien direct) | Marissa Mayer is getting ready to say goodbye to Yahoo's board, but not necessarily to the Yahoo brand. The company said in a U.S. Securities and Exchange Commission filing Monday that it will shed almost everything that makes it Yahoo, including its name, when its deal with Verizon closes. If you're a Yahoo shareholder, you might notice the difference, but for Yahoo users, the consequences of Monday's filing are minimal. Yahoo the company has two major assets: a worldwide network of internet portals, and a 15 percent stake in Chinese internet giant Alibaba worth many times that. When a plan to sell off the Alibaba stake ran into tax complications, the company pivoted, instead striking a deal to sell its portals, its brand -- almost everything but the Alibaba stake, in fact -- to Verizon.To read this article in full or to leave a comment, please click here | Yahoo | ||
|
2017-01-10 07:08:00 | Why you shouldn\'t trust Geek Squad ever again (lien direct) | Best Buy has quite a support service in Geek Squad. It's the only national tech service center, and it makes house calls. I had a tech come to calibrate my HDTV set, and the difference was night and day. In 2014, Geek Squad brought in $1.8 billion in revenue, which was a drop from the previous year, but still accounted for 5 percent of Best Buy revenue. So, it's not insignificant. And it seems the geeks are making a few extra bucks. The Orange County Weekly reports that the company's repair technicians routinely search devices brought in for repair for files that could earn them $500 reward as FBI informants. To read this article in full or to leave a comment, please click here | |||
|
2017-01-10 05:53:00 | Former DHS head urges Trump to see economic dangers from cyberattacks (lien direct) | Last week's U.S. intelligence report tracing Russia's cyber-meddling with the 2016 presidential election is a timely reminder of the cybersecurity risks that the government and private companies face, said Tom Ridge, the nation's first secretary of Homeland Security."President-elect Trump is entering into a world fraught with hazards as never before," Ridge said in a telephone interview on Monday. "Russia is a reminder that cyberattacks are a permanent risk to individuals and countries and companies, and you must do all you can to understand the risk. It's a reminder of how serious and permanent the risk is. The risk continues to get deeper."To read this article in full or to leave a comment, please click here | |||
|
2017-01-10 05:51:00 | How U.S. intelligence agencies envision the world in 2035 (lien direct) | By 2035, developers will have learned to automate many jobs. Investments in artificial intelligence (A.I.) and robotics will surge, displacing workers. And a more connected world will increase -- not reduce -- differences, increasing nationalism and populism, according to a new government intelligence assessment prepared just in time for President-elect Donald Trump's administration.The "Global Trends" report, unveiled Monday, is produced every four years by the National Intelligence Council. It is released just before the inauguration of a new or returning president. The council is tasked with helping to shape U.S. strategic thinking.To read this article in full or to leave a comment, please click here | |||
|
2017-01-10 05:49:00 | Protecting your data, protecting yourself: A first installment (lien direct) | Let's say-for whatever reason-you're concerned about keeping your communications safe from government prying. Assuming you aren't a high-profile target to warrant direct hacking (the United Arab Emirates allegedly tried to breach the digital defenses of human-rights activist Ahmed Mansoor on three occasions, for example), there are reasonable measures you can take to live a normal life and continue to have private thoughts and private conversations.Note that I'm not singling out any government or administration. Politics aside, we should all think like dissidents, because the tide ebbs and flows from freedom to dictatorship and from left to right all around the world. The common thread is taking smart measures.To read this article in full or to leave a comment, please click here | |||
|
2017-01-09 21:55:08 | Privacy legislation reintroduced for mail older than 180 days (lien direct) | A bill has been reintroduced in the U.S. House of Representatives that would require that law enforcement agencies get a warrant before they poke around users' emails and other communications in the cloud that are older than 180 days.The Email Privacy Act, reintroduced on Monday, aims to fix a loophole in the Electronic Communications Privacy Act that allowed the government to search without warrant email and other electronic communications older than 180 days, stored on servers of third-party service providers such as Google and Yahoo.“Thanks to the wording in a more than 30-year-old law, the papers in your desk are better protected than the emails in your inbox,†digital rights organization, Electronic Frontier Foundation said in a blog post Monday.To read this article in full or to leave a comment, please click here | Yahoo | ||
|
2017-01-09 18:35:54 | Stock-tanking in St. Jude Medical security disclosure might have legs (lien direct) | For better or worse, a security firm's attempt to cash in on software bugs -- by shorting a company's stock and then publicizing the flaws -- might have pioneered a new approach to vulnerability disclosure.Last August, security company MedSec revealed it had found flaws in pacemakers and other healthcare products from St. Jude Medical, potentially putting patients at risk.However, the controversy came over how MedSec sought to cash in on those bugs: it did so, by partnering with an investment firm to bet against St. Jude's stock. Since then, the two parties have been locked in a legal battle over the suspected vulnerabilities. But on Monday, MedSec claimed some vindication.To read this article in full or to leave a comment, please click here | |||
|
2017-01-09 11:34:00 | Cybersecurity pros to Trump: Critical infrastructure very vulnerable to cyber attack (lien direct) | Last week, President-elect Donald Trump received a comprehensive briefing on Russian hacking related to the 2016 Presidential election. In response, Trump released a statement that included the following: "Whether it is our government, organizations, associations or business, we need to aggressively combat and stop cyberattacks. I will appoint a team to give me a plan within 90 days of taking office.â€Â These “teams†tend to be made up of a combination of Washington insiders with intelligence and/or military experience, as well as an assortment of industry folks. For example, President Obama's recent Commission on Enhancing National Cybersecurity, included former NSA director Keith Alexander, former IBM CEO Sam Palmisano, etc.To read this article in full or to leave a comment, please click here | |||
|
2017-01-09 10:01:00 | Russia: US fueling \'witch hunt\' with election hacking claims (lien direct) | Russia dismissed an intel report claiming that the Kremlin meddled with the U.S. presidential election, saying the accusations were "amateurishly emotional"Â and driving a "witch-hunt." "There was nothing in this report that deserved to be read in detail," said Kremlin spokesman Dmitry Peskov on Monday, according to the Russian news agency TASS. The U.S. intel report, published on Friday, accused Russian President Vladimir Putin of personally ordering a secret campaign meant to influence last year's presidential election.To read this article in full or to leave a comment, please click here | |||
|
2017-01-09 08:53:00 | Turks point to U.S. as source of cyberattacks, but don\'t level blame (lien direct) | Figuring out who's behind cyberattacks is always difficult, and responsible security analysts are reluctant to point fingers without a smoking gun, which seems to be the case with recent disruptions of the power system in Turkey.News sources here and here say the Turkish Energy Ministry blames storms and sabotage of underground power lines for outages around the country. It also says coordinated cyberattacks originating in the United States have been thwarted but also been keeping security teams busy. It doesn't like the outages directly to the cyberattacks, the sources say.To read this article in full or to leave a comment, please click here | |||
|
2017-01-09 07:17:20 | This tool can help weed out hard-coded keys from software projects (lien direct) | A security researcher has developed a tool that can automatically detect sensitive access keys that have been hard-coded inside software projects.The Truffle Hog tool was created by U.S.-based researcher Dylan Ayrey and is written in Python. It searches for hard-coded access keys by scanning deep inside git code repositories for strings that are 20 or more characters and which have a high entropy. A high Shannon entropy, named after American mathematician Claude E. Shannon, would suggest a level of randomness that makes it a candidate for a cryptographic secret, like an access token.Hard-coding access tokens for various services in software projects is considered a security risk because those tokens can be extracted without much effort by hackers. Unfortunately this practice is very common.To read this article in full or to leave a comment, please click here | |||
|
2017-01-09 06:56:00 | Huge spike in ransomed MongoDB installs, doubled to over 27,000 in a day (lien direct) |
In the span of a day, the number of MongoDB installations that were erased and replaced with ransom notes has more than doubled, spiking to 27,000 as more cyber thugs jump on the ransom bandwagon. Niall Merrigan
It started last week when security researcher Victor Gevers discovered that about 200 MongoDB databases had been erased and held for ransom. By Tuesday, 2,000 databases were effected; the number climbed to 10,500 by Friday and kept climbing. Then the ransomed databases jumped from 12,000 to 27,000, according to security researcher Niall Merrigan.To read this article in full or to leave a comment, please click here |
|||
|
2017-01-09 05:15:00 | How to close up the holes in your network (lien direct) | The cloud is now a mainstream IT platform. Through its unlimited economies of scale and its ability to deliver IT resources dynamically whenever users need them, the cloud's popularity permeates through businesses of all sizes and industries.While they enjoy cloud benefits, many in IT still feel challenged to fully secure the new platform. There might be one or more cloud services linking to your corporate and partner network, all being accessed by both mobile and traditional users. How can you enforce internal policies and industry compliance mandates when there's no longer an identifiable network perimeter?Ganesh Kirti, CTO and co-founder of Palerra, shows a few related issues worrying chief information security officers (CISO) when it comes to securing the cloud:To read this article in full or to leave a comment, please click here | |||
|
2017-01-09 05:00:00 | How to recover your system from a Ransomware attack (lien direct) | After infecting a system with Locky Ransomware, CSO attempted to recover it using basic tools and backups | |||
|
2017-01-09 05:00:00 | What a Locky Ransomware attack looks like (lien direct) | CSO Online's Steve Ragan infects a laptop with Locky Ransomware | |||
|
2017-01-09 03:28:00 | (Déjà vu) New products of the week 1.9.17 (lien direct) | New products of the week Image by invrisionOur roundup of intriguing new products. Read how to submit an entry to Network World's products of the week slideshow.Comodo Internet Security 10 Image by ComodoTo read this article in full or to leave a comment, please click here |
|||
|
2017-01-08 09:13:00 | TV news anchor triggers Alexa to attempt ordering dollhouses (lien direct) | Last year, I was gifted an Amazon Echo; stunned, I stared at the gifter and thought to myself, have you ever met me…do you know me at all? The side of the Echo box listed features, starting with “fair-field voice control, with 7-microphone array and beam-forming technology to hear you from across the room.†Echo didn't leave the box for six months.When I finally did open Echo, I was interested in comparing functions of Echo against those of ZOE; the latter smart home assistant was developed by Protonet with privacy in mind – nothing goes to the cloud so it couldn't be turned into a surveillance device.To read this article in full or to leave a comment, please click here | |||
|
2017-01-06 17:41:00 | The FTC\'s IoT security case against D-Link will test its power (lien direct) | A Federal Trade Commission attempt to rein in a poorly secured IoT device is raising questions over whether the U.S. regulator has the power to crack down on vendors suspected of shoddy practices.On Thursday, the FTC filed a complaint against Taiwanese manufacturer D-Link Systems that charged the company's internet routers and web cameras can easily be hacked, putting consumers at risk.But the FTC's complaint doesn't cite evidence that the products have been breached, only the potential for harm to consumers.That's among the reasons D-Link is contesting the complaint. “Notably, the complaint does not allege any breach of a D-Link Systems device,†it said in a statement. To read this article in full or to leave a comment, please click here | |||
|
2017-01-06 15:47:02 | US: Putin ordered cyber-meddling to favor Trump (lien direct) | A highly anticipated U.S. intelligence report claims that Russian President Vladimir Putin ordered a campaign to covertly influence last year's presidential election in favor for Donald Trump.However, the report – or at least the declassified version – offered no new evidence or sources to prove the Kremlin's role in sponsoring the effort, which included hacks and online propaganda.The U.S. government published the 25-page document on Friday amid skepticism from incoming President-elect Trump over whether Russia was really involved.Outgoing President Barack Obama has nevertheless ordered sanctions against Russia and threatened covert action in retaliation for the cyber-meddling.To read this article in full or to leave a comment, please click here | |||
|
2017-01-06 12:54:06 | Trump mum on Russia blame after US intelligence briefing (lien direct) | After meeting with U.S. intelligence leaders on Friday, President-elect Donald Trump withheld any direct endorsement of their findings that Russia tried to meddle with the recent election.Rather, he focused on whether the hacking efforts -- from any country -- had an effect on the election's outcome. In his view, there was “absolutely†none."While Russia, China, other countries, outside groups and people are consistently trying to break through the cyber infrastructure of our governmental institutions, businesses and organizations including the Democrat National Committee, there was absolutely no effect on the outcome of the election," Trump said in a statement. To read this article in full or to leave a comment, please click here | Guideline | ||
|
2017-01-06 09:35:43 | More than 10,000 exposed MongoDB databases deleted by ransomware groups (lien direct) | Groups of attackers have adopted a new tactic that involves deleting publicly exposed MongoDB databases and asking for money to restore them. In a matter of days, the number of affected databases has risen from hundreds to more than 10,000.The issue of misconfigured MongoDB installations, allowing anyone on the internet to access sensitive data, is not new. Researchers have been finding such open databases for years, and the latest estimate puts their number at more than 99,000.On Monday, security researcher Victor Gevers from the GDI Foundation reported that he found almost 200 instances of publicly exposed MongoDB databases that had been wiped and held to ransom by an attacker or a group of attackers named Harak1r1.To read this article in full or to leave a comment, please click here |
To see everything:
Our RSS (filtrered)
