What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2017-01-06 05:29:00 | Can government really fix the IoT mess? (lien direct) | The private sector often views government as the problem, not the solution. But, in the view of a growing number of experts, the opposite is true when it comes to addressing the rampant and increasing security risks of the Internet of Things (IoT).While it is not a unanimous view, there is general agreement that the blessings the IoT brings to modern life are being undermined by its curses – and that the market will not correct those curses.Its almost magical benefits are well documented and well advertised – self-driving cars and the ability to lock or unlock doors or adjust a home thermostat from hundreds of miles away were fantasies only a few years ago. But its billions of connected devices are so lacking in security that they are putting not only individual users at risk, but public and private infrastructure as well, including the infrastructure of the internet itself.To read this article in full or to leave a comment, please click here | |||
|
2017-01-06 04:30:00 | When anti-malware vendors get into a slap fight, users lose (lien direct) | All is quiet on the Microsoft front, but there are other technology issues to address, which I will be doing in the next few blogs. The first is about a battle between two anti-malware vendors: PC Pitstop and Malwarebytes. --------------------------------------------------------Most software markets tend to consolidate around a handful or even one or two vendors. How many competitors are there for Photoshop, after all? But there are two markets that thrive and have a large number of players: gaming and anti-virus/anti-malware. It started about a month ago. On Dec. 7, PC Pitstop, maker of the PC Matic repair software and those obnoxious TV commercials, posted a ransomware test performed by AV Comparatives that included its PC Matic product and its many competitors, including Malwarebytes, the latter included for the first time. To read this article in full or to leave a comment, please click here | |||
|
2017-01-05 19:28:43 | FBI dispute with DNC over hacked servers may fuel doubt on Russia role (lien direct) | The FBI may have been forced into a misstep when investigating whether Russia hacked the Democratic National Committee -- the agency never directly examined the DNC servers that were breached.Instead, the FBI had to rely on forensic evidence provided by third-party cybersecurity firm CrowdStrike, which the DNC hired to mitigate the breach.“The FBI repeatedly stressed to DNC officials the necessity of obtaining direct access to servers and data, only to be rebuffed,†the agency said on Thursday in a statement.The incident threatens to spark more skepticism over whether the U.S. properly arrived at its conclusion that Russian cyberspies were responsible for the breach.To read this article in full or to leave a comment, please click here | |||
|
2017-01-05 16:19:29 | KillDisk cyber sabotage tool evolves into ransomware (lien direct) | A malicious program called KillDisk that has been used in the past to wipe data from computers during cyberespionage attacks is now encrypting files and asking for an unusually large ransom.KillDisk was one of the components associated with the Black Energy malware that a group of attackers used in December 2015 to hit several Ukrainian power stations, cutting power for thousands of people. A month before that, it was used against a major news agency in Ukraine.Since then, KillDisk has been used in other attacks, most recently against several targets from the shipping sector, according to security researchers from antivirus vendor ESET.However, the latest versions have evolved and now act like ransomware. Instead of wiping the data from the disk, the malware encrypts it and displays a message asking for 222 bitcoins to restore them. That's the equivalent of $216,000, an unusually large sum of money for a ransomware attack.To read this article in full or to leave a comment, please click here | |||
|
2017-01-05 13:02:44 | FTC goes after D-Link for shoddy security in routers, cameras (lien direct) | The U.S. Federal Trade Commission is cracking down on D-Link for selling wireless routers and internet cameras that can easily be hacked, the regulator said Thursday.Thousands of consumers are at risk, the FTC said in a complaint filed against the Taiwanese manufacturer charging D-Link with repeatedly failing to take reasonable measures to secure the products.The action comes as hackers have been hijacking poorly secured internet-connected products to launch massive cyberattacks that can force websites offline. Recently, a notorious malware known as Mirai has been found infecting routers, cameras, and DVRs built with weak default passwords.To read this article in full or to leave a comment, please click here | |||
|
2017-01-05 11:53:00 | FTC takes D-Link to court citing lax product security, privacy perils (lien direct) | The Federal Trade Commission has filed a complaint against network equipment vendor D-Link saying inadequate security in the company's wireless routers and Internet cameras left consumers open to o hackers and privacy violations. +More on Network World: Top 10 Google searches of 2016 in pictures+ The FTC, in a complaint filed in the Northern District of California charged that “D-Link failed to take reasonable steps to secure its routers and Internet Protocol (IP) cameras, potentially compromising sensitive consumer information, including live video and audio feeds from D-Link IP cameras.â€To read this article in full or to leave a comment, please click here | |||
|
2017-01-05 11:48:00 | 7 tips for better security awareness training sessions (lien direct) | Boring training sessions? Image by ThinkstockAt their worst, security awareness training sessions are boring wastes of time, both for employees and the IT people responsible for them. At their best, however, they are interactive, discussion-driven, and genuinely helpful opportunities to raise security issues and lay the groundwork for better habits.To read this article in full or to leave a comment, please click here |
|||
|
2017-01-05 10:39:00 | Plone dismisses claim that flaw in its CMS was used to hack FBI (lien direct) | The security team behind Plone, a content management system that powers many enterprise websites, has dismissed claims that hackers have access to information about an unpatched critical vulnerability.The dismissal comes after a hacker who uses the online alias CyberZeist published a list of log-in credentials and hashed passwords that he claimed were obtained by hacking into the FBI.gov website by using a Plone zero-day exploit.CyberZeist, who claims to act in the name of the Anonymous hacktivist movement, said in a post on Pastebin Monday that he didn't find the Plone vulnerability himself, but he was asked to test it out by the person who did.To read this article in full or to leave a comment, please click here | |||
|
2017-01-05 09:21:00 | Mozilla: \'IoT will be the first big battle of 2017,\' calls for responsible IoT (lien direct) |
You need look no further than some of the stupid IoT devices being shown off at CES 2017 to be reminded that practically anything can be connected to the internet.Nokia's Withings, L'Oreal's innovation lab and Kerastase believe you would be better off by using Hair Coach, the world's first smart hairbrush and companion app. It is just one of the many products that leaves me asking WHY? L'Orea
Screenshot from L'Oreal videoTo read this article in full or to leave a comment, please click here |
|||
|
2017-01-05 08:34:00 | 2017: The year of cybersecurity scale (lien direct) | It's no surprise that lots of pundits and cybersecurity industry insiders claim that 2017 will be a challenging year full of nation state attacks, ransomware, and a continuing wave of data breaches. I concur with this common wisdom, but I also believe 2017 will be remembered as the year where cybersecurity analytics and operations encountered a wave of unprecedented scale. Now, I know that the need for security scalability is nothing new. Leading SIEM vendors can all talk about how they've had to rearchitect their products over the past few years to scale from thousands to millions of events per second (EPS) and somehow make sense of all this activity. To read this article in full or to leave a comment, please click here | Guideline | ||
|
2017-01-05 08:30:00 | Spy chief: US should use all tools to counter Russian hacking (lien direct) | The U.S. government should consider a broad range of retaliations against Russia for its attempts to interfere with November's presidential election, the outgoing director of national intelligence recommended. The default response to cyberattacks shouldn't necessarily be a cyber one, intelligence director James Clapper said Thursday. "We should consider all instruments of national power," he told a Senate committee. "We currently cannot put a lot of stock ... in cyber deterrence. Unlike nuclear weapons, cyber capabilities are difficult to see and evaluate and are ephemeral."To read this article in full or to leave a comment, please click here | |||
|
2017-01-05 04:45:00 | Why companies offer a hacking bounty (lien direct) | Want to make a cool $20,000?All you have to do is hack the Nintendo 3DS, a handheld console that's been out for a few years already. A listing on HackerOne spells everything out: Hackers will receive a cash payment for discovering a vulnerability in the system, which does let gamers make purchases and stores private information like your age and gender. There's a range for this, of course -- some discoveries will pay $100. Also, anyone who files a report must follow the exact template.It makes you wonder -- why would a major Japanese corporation offer a reward like this? Why is it even worth the expense, especially when you know they have internal security researchers?To read this article in full or to leave a comment, please click here | |||
|
2017-01-05 04:43:00 | Ransomware took in $1 billion in 2016--improved defenses may not be enough to stem the tide (lien direct) | Increased user awareness of phishing threats, better antivirus technology, more industry-wide information sharing and cross-border efforts by law enforcement authorities will combine to turn the tide against ransomware this year, according to some security experts, but others expect the attacks to continue to increase.According to a security expert who requested anonymity, ransomware cybercriminals took in about $1 billion last year, based on money coming into ransomware-related Bitcoin wallets.That includes more than $50 million each for three wallets associated with the Locky ransomware, and a fourth one that processed close to $70 million. Cryptowall brought in close to $100 million before it was shut down this year. CryptXXX gathered in $73 million during the second half of 2016, and Cerber took in $54 million, the expert said.To read this article in full or to leave a comment, please click here | Guideline | ||
|
2017-01-04 12:58:19 | DDoS-for-hire services thrive despite closure of major marketplace (lien direct) | The closure of a major online marketplace for paid distributed denial-of-service attacks appears to have done little to slow down the illegal activity.In late October, HackForums.net shut down its "Server Stress Testing" section, amid concerns that hackers were peddling DDoS-for-hire services through the site for as little as US$10 a month.According to security experts, the section was the largest open marketplace for paid DDoS attacks -- a notorious hacking technique that can disrupt access to internet services or websites. But since the section's closure, the attacks remain rampant.To read this article in full or to leave a comment, please click here | |||
|
2017-01-04 09:01:18 | HTTPS scanning in Kaspersky antivirus exposed users to MITM attacks (lien direct) | Security vendor Kaspersky Lab has updated its antivirus products to fix an issue that exposed users to traffic interception attacks.The problem was found by Google vulnerability researcher Tavis Ormandy in the SSL/TLS traffic inspection feature that Kaspersky Anti-Virus uses to detect potential threats hidden inside encrypted connections.Like other endpoint security products, Kaspersky Anti-Virus installs a self-signed root CA certificate on computers and uses it to issue "leaf," or interception, certificates for all HTTPS-enabled websites accessed by users. This allows the product to decrypt and then re-encrypt connections between local browsers and remote servers.To read this article in full or to leave a comment, please click here | |||
|
2017-01-04 08:15:01 | TCL targets Apple, Samsung with new BlackBerry handset (lien direct) | TCL Communication has big plans for BlackBerry, even though it's a brand that's been written off by many.The China-based electronics company recently acquired rights to design, manufacture and sell smartphones under the BlackBerry name with BlackBerry's security and service software installed. The deal puts TCL in the driver's seat on hardware and the first phone under the new deal was previewed on Wednesday.While still in the final stages of development, the new handset sports the physical keyboard that propelled BlackBerry to the top of the smartphone market in the 2000s and is the first to combine that keyboard with the Android operating system.To read this article in full or to leave a comment, please click here | |||
|
2017-01-04 08:00:00 | \'I will eliminate passwords\' in 2017 (lien direct) | Sticking with your promises Image by ThinkstockLike anyone else, security experts set up resolutions they hope to conquer in the new year. Now the question will remain, will they be able to follow through on them or -- like that diet people promised to hold to – will they go back to the same old habits.To read this article in full or to leave a comment, please click here |
|||
|
2017-01-04 07:03:00 | Hacker wiping unprotected MongoDB installs and holding data for ransom (lien direct) | How many years have we been hearing about the dangers of leaving MongoDB instances unprotected? In December 2015, Shodan creator John Matherly warned that there were 684.8 TB of data exposed due to publicly accessible MongoDB instances. Yet there are still people don't who bother to learn how to lock it down and so now a hacker is targeting and erasing those MongoDB installations, replacing the data with a ransom demand.Security researcher Victor Gevers, aka @0xDUDE and co-founder of the GDI Foundation, has personally been notifying owners of exposed MongoDB for years. But near the end of 2016, he came across an open MongoDB server that had the database contents replaced with a ransom note.To read this article in full or to leave a comment, please click here | |||
|
2017-01-04 04:51:00 | FTC sets $25,000 prize for automatic IoT patching (lien direct) | The U.S. Federal Trade Commission is scheduled to announce Wednesday a "prize competition" for a tool that can be used against security vulnerabilities in internet of things systems.The prize pot is up to $25,000, with $3,000 available for each honorable mention. The winners will be announced in July. The announcement is scheduled to be published Wednesday in the Federal Register.The tool, at a minimum, will "help protect consumers from security vulnerabilities caused by out-of-date software," said the FTC.The government's call for help cites the use of internet-enabled cameras as a platform for a distributed denial of service (DDoS) attack last October. Weak default passwords were blamed.To read this article in full or to leave a comment, please click here | |||
|
2017-01-03 20:07:58 | Uncertainty clouds debate on Russia\'s suspected role in election hacks (lien direct) | How do you prove Russia meddled with the presidential election?That's a question the U.S. government is facing, but may never fully answer, at least not publicly. Last week, the U.S. punished Russia, claiming the country's cyberspies hacked Democratic groups and figures during the election season.However, missing from last week's announcement was any new evidence -- or a smoking gun -- proving the Kremlin's involvement. This isn't sitting well with everyone in the security industry, especially since identifying the culprit of any cyberattack is no easy matter.“Maybe Russia did do it, but until we have sufficient evidence, it's a mistake to move forward,†said Jeffrey Carr, a cybersecurity consultant.   To read this article in full or to leave a comment, please click here | |||
|
2017-01-03 12:09:00 | Top 10 Ethical Dilemmas & Policy Issues in Science & Tech (lien direct) | You think you have problems? Sure you do, but pity those in science and technology tasked with advancing artificial intelligence, drones and healthcare methods that are fraught with peril despite potentially huge benefits.The University of Notre Dame's John J. Reilly Center for Science, Technology and Values has issued its fourth annual list of emerging ethical dilemmas and policy issues in science and technology, and it contains some doozies. It might have seemed tough to top some of 2016's issues, from lethal cyberweapons to bone conduction for marketing, but no sweat. Of course the Notre Dame center's researchers hope to be able help address some of these new concerns.To read this article in full or to leave a comment, please click here | |||
|
2017-01-03 11:25:00 | IDG Contributor Network: How mainframes prevent data breaches (lien direct) | 2016 was a strange year marked by everything from election surprises to a seemingly endless spate of celebrity deaths. But when historians look back at this mirum anno-weird year-it may end up being known as the year of the data breach. Of course, this sort of thing isn't restricted to 2016, but its impact on the world was hard to ignore. Among government organizations, the IRS and FBI suffered data breaches, and corporate victims included LinkedIn, Target, Verizon and Yahoo. Literally millions of people had their private information exposed to black hats, thieves and other ne'er-do-wells of the digital world. This epidemic of data theft calls upon security experts to get serious about creating new solutions.To read this article in full or to leave a comment, please click here | Yahoo | ||
|
2017-01-03 09:48:00 | Review: Microsoft Windows Defender comes up short (lien direct) | Microsoft's latest version of its anti-malware tool, Windows Defender, is a frustrating product to evaluate. Yes, it is perhaps the best antivirus tool to come from Microsoft, with a series of noteworthy improvements. Yes, it provides good enough protection for your family's PCs. And yes, it could be your PC's sole antivirus utility, if you are willing to accept its limitations.However, once you examine the product in more detail, you will see why we cannot recommend it for enterprise use. And that is the frustration of this product: Microsoft is trying to do the right thing and offers a tempting feast, but ultimately offers an incomplete meal that is tough to digest.To read this article in full or to leave a comment, please click here | |||
|
2017-01-03 09:29:00 | Security data growth drives SOAPA (lien direct) | Happy new year, cybersecurity community! I hope you are well rested; it's bound to be an eventful year.Way back when at the end of November 2016, I wrote a blog post about an evolutionary trend I see happening around cybersecurity analytics and operations technology. Historically, large enterprises have relied on SIEM products to anchor their security operations centers (SOCs). This will continue, but I see SIEM becoming part of a more global cybersecurity software architecture called SOAPA (security operations and analytics platform architecture). To read this article in full or to leave a comment, please click here | |||
|
2017-01-03 08:50:02 | Ransomware on smart TVs is here and removing it can be a pain (lien direct) | It took a year from proof of concept to in-the-wild attack, but ransomware for Android-based smart TVs is now here. As one victim discovered this Christmas, figuring out how to clean such an infection can be quite difficult. Ransomware for Android phones has already been around for several years and security experts have warned in the past that it's only a matter of time until such malicious programs start affecting smart TVs, especially since some of them also run Android. In November 2015, a Symantec researcher named Candid Wueest even went as far as to infect his own TV with an Android ransomware application to highlight the threat. While that infection was just a demonstration, this Christmas, the owner of an LG Electronics TV experienced the real deal.To read this article in full or to leave a comment, please click here | |||
|
2017-01-03 08:33:00 | Security Without Borders: Free security help for dissidents (lien direct) | Security researcher Claudio Guarnieri has experience working with journalists and human rights organizations that have exercised freedom of speech, reported on some form of corruption and wound up becoming targets because of it. Their computers may be compromised with spying malware such as those in the hands of the Hacking Team, FinFisher or NSA to name but a few. Their electronic communications also may be intercepted, and their messaging programs may be blocked.All of that may be because the journalists and human rights organizations in our modern connected society were standing up for what is right, being the voice of dissent, getting out the news about injustice.To read this article in full or to leave a comment, please click here | |||
|
2017-01-03 08:05:00 | Cisco talks 2017 SD-WAN predictions (lien direct) | There certainly was a ton of hype in Software Defined-WAN arena in 2016 but to be fair there was a lot of actual deployment of technology and services as well.In December Gartner wrote that spending on SD-WAN products will rise from $129 million in 2016 to $1.24 billion in 2020. “While WAN architectures and technologies tend to evolve at a very slow pace - perhaps a new generation every 10 to 15 years - the disruptions caused by the transformation to digital business models are driving adoption of SD-WAN at a pace that is unheard of in wide-area networking,†Gartner wrote.To read this article in full or to leave a comment, please click here | |||
|
2017-01-02 10:00:08 | Donald Trump offers cybersecurity warning: \'No computer is safe\' (lien direct) | Donald Trump showed off his IT security credentials at a New Year's Eve party, suggesting that the best way to keep secrets from hackers is a huge air gap."No computer is safe," he told journalists gathered at his Mar-A-Lago resort in Florida, a warning many computer security professionals would probably endorse.Trump also shared his advice on managing data security risks. Forget switching to TLS or quantum key exchange: "If you have something really important, write it out and have it delivered by courier," he said, according to a report from Associated Press.Trump's suggestion -- echoing his July 29 infosec advice for military commanders -- would put the biggest of airgaps around secret communications, ensuring that they could not be hacked into from afar. If he were to apply it to government communications, though, it would leave officials needing a veritable army of trustworthy little hands to carry messages.To read this article in full or to leave a comment, please click here | |||
|
2017-01-02 06:24:00 | Cops to increasingly use digital footprints from IoT devices for investigations (lien direct) | If Mark Stokes, Scotland Yard's head of digital, cyber and communications forensics unit, is correct, then IoT devices will play an increasingly important role in crime scene investigations. “The crime scene of tomorrow is going to be the internet of things,†Stokes told the Times.The police are being trained to look for “digital footprints†– IoT gadgets that “track or record activities†which might prove or disprove alibis and witness statements as well as record what occurred during a murder victim's final moments.Cops will be relying on evidence from smart devices which spy on you – such as internet connected refrigerators, light bulbs, washing machines, vacuum cleaners, coffee makers and voice-controlled robotic assistants.To read this article in full or to leave a comment, please click here | |||
|
2017-01-02 04:32:00 | How to handle business continuity in a crisis (lien direct) | Keeping the lights on Image by ThinkstockMost businesses are critically reliant upon their IT systems. If these systems go down due to a natural disaster, temporary power outage, loss of data center, ransomware or hacker attack, lost or corrupted files, or an application failure due to a software virus, the results can inflict significant financial harm. In the worst case, the business will be unable to continue functioning.To read this article in full or to leave a comment, please click here |
|||
|
2016-12-30 04:45:00 | 4 information security threats that will dominate 2017 (lien direct) | As with previous years, 2016 saw no shortage of data breaches. Looking ahead to 2017, the Information Security Forum (ISF), a global, independent information security body that focuses on cyber security and information risk management, forecasts businesses will face four key global security threats in 2017."2016 certainly lived up to expectations," says Steve Durbin, managing director of the ISF. "We saw all sorts of breaches that just seemed to get bigger and bigger. We lurched from one to another. We always anticipate some level of it, but we never anticipate the full extent. I don't think anybody would have anticipated some of the stuff we've seen of late in terms of the Russians getting involved in the recent elections."To read this article in full or to leave a comment, please click here | |||
|
2016-12-30 04:37:00 | Tech outages of 2016 and how to prevent them in 2017 (lien direct) | Downtime Image by Thinkstock2016 has seen major downtime events lead to lost revenue for a number of highly-recognizable brands and caused a severe knock to their reputation and consumer confidence. One of the most common causes of outages is unplanned configuration changes to a system, often when an immediate fix for a bug or potential system vulnerability unintentionally creates a much larger problem.To read this article in full or to leave a comment, please click here |
Guideline | ||
|
2016-12-29 13:53:56 | The US has sanctioned Russia over election hacking (lien direct) | The U.S. government has sanctioned Russia's main two intelligence agencies, four military intelligence officers and is kicking out 35 Russian diplomats over what it says was aggressive harassment of U.S. officials and cyber operations around the 2016 presidential election. The move follows up on a pledge made by President Obama to retaliate against Russia for hacks of the Democratic National Committee and other political targets. The U.S. also released a detailed assessment by the Federal Bureau of Investigation (FBI) and Department of Homeland Security (DHS)Â of the cyber attacks.To read this article in full or to leave a comment, please click here | |||
|
2016-12-29 10:19:00 | New year\'s resolution for IoT vendors: Start treating LANs as hostile (lien direct) | In November, researchers from cybersecurity firm Invincea reported a vulnerability that could have allowed hackers to infect Belkin WeMo smart plugs with malware. The flaw was located in a configuration protocol that worked over the local area network and didn't require any authentication.In 2015, when researchers from vulnerability intelligence firm Rapid7 analyzed nine Internet-connected baby monitors, they found hardcoded credentials in four of them. Those backdoor accounts provided administrative access to the devices over the local network.To read this article in full or to leave a comment, please click here | |||
|
2016-12-29 10:13:50 | It\'s 2017 and changing other people\'s flight bookings is incredibly easy (lien direct) | The travel booking systems used by millions of people every day are woefully insecure and lack modern authentication methods. This allows attackers to easily modify other people's reservations, cancel their flights and even use the refunds to book tickets for themselves, according a team of researchers who analyzed this online ecosystem. Karsten Nohl and Nemanja Nikodijevic from Berlin-based consultancy Security Research Labs have spent months investigating the security employed by the Global Distribution Systems (GDSs) that are used by travel agencies, airlines, hotels and car rental companies. They presented their findings Tuesday at the 33rd Chaos Communications Congress in Hamburg.To read this article in full or to leave a comment, please click here | |||
|
2016-12-29 04:36:00 | 5 signs we\'re finally getting our act together on security (lien direct) | The high-water line in information security gets higher each year. Just as we think we've finally figured out how to defend against attacks, then attackers come up with something new and we are right back to trying to figure out what to do next.For example, ransomware has surged in the last year. Although that kind of malware has been around for years, the current model of encrypting user files to hold data hostage came about just recently. Infections quadrupled in 2016, with the FBI estimating an average of 4,000 attacks a day. A recent IBM survey of 600 business leaders in the United States found that one in two had experienced a ransomware attack in the workplace, and that companies paid the ransom 70 percent of the time. As a result, criminals are on track to make nearly $1 billion this year from ransomware, IBM X-Force said.To read this article in full or to leave a comment, please click here | Guideline | ||
|
2016-12-29 04:29:00 | What to do if your data is taken hostage (lien direct) | Getting duped online by a cybercriminal is infuriating. You let your guard down for a minute and the thieves find their way in to your machine.And then the “fun†begins if ransomware is involved. Hopefully you have your data backed up, but if not now starts the dance with those who have ultimately taken you hostage. Ransomware is obviously analogous to kidnapping, and dealing with the perpetrators can feel much like negotiating with a jumper standing on the edge of high-rise roof.Look no further for help than the Institute for Critical Infrastructure Technology report that in part describes how to deal with criminals when they are holding your data hostage. The report talks of what to do once a breach has been found.To read this article in full or to leave a comment, please click here | |||
|
2016-12-28 07:55:40 | Critical flaw in PHPMailer library puts millions of websites at risk (lien direct) | A critical remote code execution vulnerability in PHPMailer, one of the most widely used PHP email sending libraries, could put millions of websites at risk of hacking.The flaw was found by a security researcher named Dawid Golunski and an initial fix was included in PHPMailer 5.2.18, which was released Saturday. However, it turns out that the patch was incomplete and can be bypassed.To read this article in full or to leave a comment, please click here | |||
|
2016-12-28 04:49:00 | Thwarting cybersecurity threats with behavioral analytics in 2017 (lien direct) | Companies are investing more money in emerging technologies that can help anticipate and detect a variety of threats, including phishing scams and advanced persistent threats, both of which are weighing heavily on the minds' of corporate board members. For 2017 CIOs are eyeing tools that use anomaly-detecting analytics and machine learning algorithms to protect their companies' data.“Our level of investments is increasing because of the increasing capabilities of the threat actors,†says Bob Worrall, CIO of Juniper Networks, who spent 12 percent more on cybersecurity tools in 2016 that he spent in 2015. His budget will increase more in 2017 as he purchases tools to shield Juniper's corporate data and intellectual property. “As the bad guys get smarter we have to as well.â€To read this article in full or to leave a comment, please click here | |||
|
2016-12-28 04:46:00 | 9 technologies that IT needed but didn\'t get in 2016 (lien direct) | Despite some significant arrivals, 2016 also failed to deliver some long-awaited technologies. And some of what we eagerly ripped the wrapping paper off proved to be a letdown.Here's a rundown of the gifts IT didn't get in 2016.Professional-grade 3D printing If you want to print out a stand for your phone or a model for a new product, you can easily find a 3D printer for the office that can do that - as long as you want to print them out in plastic. You can spend more and get a 3D printer that can UV cure resin and make small objects like custom-fit earplugs in about 10 minutes (I watched my ACS Custom in-ear monitor headphones get printed from digital scans of my ear canals earlier this year). Even HP's $140,000 Multi Jet Fusion printers - promised for this year and offering multi-color printing - only just went on sale, and they still only print nylon. You can prototype a (plastic) circuit board with conductive ink circuits with the Voxel8 Developer Kit, as long as you pause the printing and add the chips by hand.To read this article in full or to leave a comment, please click here | |||
|
2016-12-28 04:42:00 | Encryption in 2016: Small victories add up (lien direct) | Technology development seems to gallop a little faster each year. But there's always one laggard: encryption. Why the deliberate pace? Because a single, small mistake can cut off communications or shut down businesses.Yet there are times when you take stock-only to discover the encryption landscape seems to have transformed overnight. Now is that time. Although the changes have been incremental over several years, the net effect is dramatic.[ Give yourself a technology career advantage with InfoWorld's Deep Dive technology reports and Computerworld's career trends reports. GET A 15% DISCOUNT through Jan.15, 2017: Use code 8TIISZ4Z. ] Some of those changes began shortly after Edward Snowden's disclosures of the U.S. government's extensive surveillance apparatus. Others are the natural result of cryptographic ideas reaching the marketplace, says Brent Waters, an associate professor at the University of Texas at Austin and the recipient of the Association for Computing Machinery's 2015 Grace Murray Hopper Award.To read this article in full or to leave a comment, please click here | |||
|
2016-12-27 04:39:00 | Ransomworm: the next level of cybersecurity nastiness (lien direct) | As if holding your data hostage and seeking cash payment weren't harsh enough, security experts foresee the next stage of ransomware to be even worse.Scott Millis, CTO at mobile security company Cyber adAPT, expects ransomware to spin out of control in the year ahead. That is an astounding statement when you consider that there were more than 4,000 ransomware attacks daily in 2016, according to Symantec's Security Response group (Report).Corey Nachreiner, CTO at WatchGuard Technologies, predicts that 2017 will see the first ever ransomworm, causing ransomware to spread even faster.To read this article in full or to leave a comment, please click here | |||
|
2016-12-27 04:20:00 | IDG Contributor Network: Will networks and security converge in 2017? (lien direct) | Bold predictions are in order at this time of year. Zeus Kerravala looked into his crystal bowl for the networking space, and Taylor Armeriding did the same for security. We went rummaging through our fortune cookies and came up with this Yoda-like one for 2017:Security shall networking become.What did that really mean? Our Yoda translator was of no help. Could networking replace security (or vice versa) in 2017? Should CIOs and CISOs prepare themselves for the inevitable assimilation (head nod to you aging Trekies)? How should, then, security and networking personnel prepare themselves for the inevitable onslaught?To read this article in full or to leave a comment, please click here | |||
|
2016-12-27 01:59:00 | Using big data for security only provides insight, not protection (lien direct) | This vendor-written tech primer has been edited by Network World to eliminate product promotion, but readers should note it will likely favor the submitter's approach.Cybersecurity experts are excited about big data because it is the “crime scene investigator†of data science. If your organization is hacked and customer information compromised, your use of big data to collect massive amounts of information on your systems, users and customers makes it possible for data analysts to provide insight into what went wrong.But while big data can help solve the crime after it occurred, it doesn't help prevent it in the first place. You're still left cleaning up the mess left behind by the breach: angry customers, possible compliance issues with data privacy standards like HIPAA and PCI DSS, maybe even government fines and class-action lawsuits.To read this article in full or to leave a comment, please click here | |||
|
2016-12-26 06:00:00 | (Déjà vu) New products of the week 12.26.16 (lien direct) | New products of the week Image by DabkicksOur roundup of intriguing new products. Read how to submit an entry to Network World's products of the week slideshow.Cumulus Linux 3.2 Image by Cumulus NetworksTo read this article in full or to leave a comment, please click here |
|||
|
2016-12-26 04:51:00 | Corporate boards aren\'t prepared for cyberattacks (lien direct) | Major cyberattacks against organizations of all sizes seem to happen almost weekly. On Dec. 14, Yahoo announced the largest-ever data breach, involving more than 1 billion customer accounts.Despite the scale and potential harm from such attacks, there's wide recognition that corporate leaders, especially boards of directors, aren't taking the necessary actions to defend their companies against such attacks. It's not just a problem of finding the right cyber-defense tools and services, but also one of management awareness and security acumen at the highest level, namely corporate boards.To read this article in full or to leave a comment, please click here | Guideline | Yahoo | |
|
2016-12-23 10:48:00 | What fake news means for IT-and how IT security can help fight it (lien direct) | When the story broke a week before the election about Macedonian teenagers creating fake pro-Trump news stories in order to harvest ad clicks, it triggered a serious feeling of déjà vu among those who work in cybersecurity.Scrappy bands of shady Eastern Europeans entrepreneurs taking advantages of weaknesses in our tech infrastructure to make a buck, and maybe fulfill sinister more designs? The debate over fake news is roiling the political world, but elements of it look very familiar to tech veterans-and represent a potentially new attack vector that IT needs to worry about.To read this article in full or to leave a comment, please click here | |||
|
2016-12-23 05:25:11 | Apple gives iOS app developers more time to encrypt communications (lien direct) | Apple has backtracked on a plan to force iOS developers to encrypt their app communications by the end of the year.The company had previously announced at its Worldwide Developers' Conference in June that all apps submitted to the App Store will need support the App Transport Security (ATS) feature starting January 1st, 2017. It has not yet set a new deadline.ATS is a feature first introduced in iOS 9 that forces apps to communicate with internet servers using encrypted HTTPS (HTTP over SSL/TLS) connections. It's an improvement over the third-party frameworks that developers previously used to implement HTTPS because it ensures that only industry-standard encryption protocols and ciphers are used.To read this article in full or to leave a comment, please click here | |||
|
2016-12-22 21:34:39 | US collects social media handles from select visitors (lien direct) | Visitors to the U.S. under a visa waiver program are being asked by the Department of Homeland Security for information on their social media accounts, a plan that had drawn criticism from civil rights groups for its potential encroachment on privacy.The U.S. Customs and Border Protection unit of the DHS asked for written comments earlier this year on its proposal that would add to the Electronic System for Travel Authorization (ESTA) and to a form called I-94W the following entry: “Please enter information associated with your online presence-Provider/Platform-Social media identifier,†which visitors can fill optionally.To read this article in full or to leave a comment, please click here | |||
|
2016-12-22 13:16:00 | Black market medical record prices drop to under $10, criminals switch to ransomware (lien direct) | The black market value of stolen medical records dropped dramatically this year, and criminals shifted their efforts from stealing data to spreading ransom ware, according to a report released this morning.Hackers are now offering stolen records at between $1.50 and $10 each, said Anthony James, CMO at San Mateo, Calif.-based security firm TrapX, the company that produced the report.That down a bit since this summer, when a hacker offered 10 million patient records for about $820,000 -- or about $12 per record -- and even a bigger drop from 2012, when the World Privacy Forum put the street value of medical records at around $50 each.To read this article in full or to leave a comment, please click here |
To see everything:
Our RSS (filtrered)
