What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2016-12-22 11:51:45 | The group that hacked the DNC infiltrated Ukrainian artillery units (lien direct) | The cyberespionage group blamed for hacking into the U.S. Democratic National Committee (DNC) earlier this year has also infiltrated the Ukrainian military through a trojanized Android application used by its artillery units.The group, which is known in the security industry under different names, including Fancy Bear, Pawn Storm, and APT28, has been operating for almost a decade. It is believed to be the sole user and likely developer of a Trojan program called Sofacy or X-Agent that has variants for Windows, Android, and iOS.Fancy Bear has been responsible for many cyberespionage operations around the world over the years, and its selection of targets has frequently reflected Russia's geopolitical interests. Researchers from security firm CrowdStrike believe the group is likely tied to the Russian Military Intelligence Service (GRU).To read this article in full or to leave a comment, please click here | APT 28 | ||
|
2016-12-22 10:45:00 | Looking Back to Look Forward on Cybersecurity (lien direct) | By now, everyone in our industry has provided 2017 cybersecurity predictions and I'm no exception. I participated in a 2017 infosec forecast webcast with industry guru Bruce Schneier, and ESG also published a video where I exchanged cybersecurity prophecies with my colleague Doug Cahill (note: I am an ESG employee).Yup, prognosticating about the future of cybersecurity has become a mainstream activity, but rather than simply guess at what will happen next year, I think it is useful to review what actually happened over the past few years and extrapolate from there.To read this article in full or to leave a comment, please click here | |||
|
2016-12-22 07:06:00 | Encrypted messaging app Signal uses Google to bypass censorship (lien direct) | Developers of the popular Signal secure messaging app have started to use Google's domain as a front to hide traffic to their service and to sidestep blocking attempts.Bypassing online censorship in countries where internet access is controlled by the government can be very hard for users. It typically requires the use of virtual private networking (VPN) services or complex solutions like Tor, which can be banned too.Open Whisper Systems, the company that develops Signal -- a free, open-source app -- faced this problem recently when access to its service started being censored in Egypt and the United Arab Emirates. Some users reported that VPNs, Apple's FaceTime and other voice-over-IP apps were also being blocked.To read this article in full or to leave a comment, please click here | |||
|
2016-12-22 05:31:00 | What the infosec jobs sector will look like in 2017 (lien direct) | Shortage still? Image by EthanMany reports touted the fact that there are not enough workers with the proper cybersecurity skills necessary to fill all the vacant jobs. Forrester suggests looking to external expertise and automation for a quarter of the work. The complexity curve facing enterprises hasn't reached its peak yet, which leaves security stuck solving problems of capacity and capability with limited resources already burdened with too many technologies, too many alerts, and too much to do. This combined spending will include security outsourcing, managed security services, security consultants and integrators, and security automation technologies.To read this article in full or to leave a comment, please click here |
|||
|
2016-12-22 05:30:00 | Free security tools to support cyber security efforts (lien direct) | There are more free information security tools out there than you can highlight with a fist full of whiteboard pointers. While many are trial ware-based enticements designed to lure decision makers to purchase the pricey premium counterparts of these freebies, many are full-blown utilities. A few important categories include threat intelligence tools, tools to build security in during the development stage, penetration testers, and forensics tools.Threat intelligence tools include AlienVault's Open Threat Exchange, which collects and shares online threat intelligence as well as the Hailataxii and Cymon.io threat exchanges. There are a variety of SAST (Static Application Security Testing) tools for security testing software applications that developers write using different languages whether C/C++, Ruby on Rails, or Python. For penetration testing, we present the Nmap Security Scanner and the broadly useful Wireshark network protocol analyzer. Specific forensics products include the GRR remote forensic framework, and Autopsy and SleuthKit, which analyze hard drives and smartphones, and the Volatility Foundation's open source framework for memory analysis/forensics.To read this article in full or to leave a comment, please click here | |||
|
2016-12-22 05:28:00 | Experts split on how soon quantum computing is coming, but say we should start preparing now (lien direct) | Whether quantum computing is 10 years away -- or is already here -- it promises to make current encryption methods obsolete, so enterprises need to start laying the groundwork for new encryption methods.A quantum computer uses qubits instead of bits. A bit can be a zero or a one, but a qubit can be both simultaneously, which is weird and hard to program but once folks get it working, it has the potential to be significantly more powerful than any of today's computers.And it will make many of today's public key algorithms obsolete, said Kevin Curran, IEEE senior member and a professor at the University of Ulster, where he heads up the Ambient Intelligence Research Group.To read this article in full or to leave a comment, please click here | |||
|
2016-12-22 05:26:00 | Top 5 VPN services for personal privacy and security (lien direct) | Virtual private networks (VPNs) encrypt internet connections between two points, to secure them from casual snoopers and hackers. These VPN services are particularly useful when accessing the internet from an untrusted location, such as a hotel, café or coworking space.A plethora of modern VPN services, with dedicated connectivity apps, have put an end to the maddening manual configuration VPNs once required. No two VPN offerings are alike, however, and it can be a challenge to find the right VPN. Here's a look at some of the top VPNs for privacy and security.To read this article in full or to leave a comment, please click here | |||
|
2016-12-22 04:30:00 | IDG Contributor Network: Don\'t make risk and compliance the enemy of financial services innovation and reinvention (lien direct) | The financial services industry lives with a mixed blessing. On the one hand, it is at the heart of everything from economic health and growth to the daily reality of how consumers pay for housing, transportation or even a coffee on the go to start their day.Because our world is powered by transactions, both consumers and businesses alike look to the financial services industry to constantly innovate. That's the good part of the mixed blessing: the opportunity to improve and reinvent. + Also on Network World: Financial services firm adopts agile for digital development + On the other hand, there is a constant challenge around juggling changes. In an era when financial institutions are more highly regulated than ever before, risk and compliance mandates add an entirely new level of complexity.To read this article in full or to leave a comment, please click here | |||
|
2016-12-21 13:55:00 | IoT product development is broken – 6 ways developers and manufacturers can fix it (lien direct) | This contributed piece has been edited and approved by Network World editorsInternet of Things (IoT) technologies have been advancing exponentially over the last several years, with new solutions emerging and being adopted at an unprecedented rate. Gartner estimates that over 4 billion IoT devices will be installed by the end of 2016, with that number rising to 20 billion by 2020. In a market where connected devices or “things†in the enterprise will drive spending to more than $868 billion in this year alone, the impact – and risks – of IoT adoption are already becoming apparent.To read this article in full or to leave a comment, please click here | |||
|
2016-12-21 10:06:00 | Nmap security scanner gets new scripts, performance boosts (lien direct) | The Nmap Project just released the Holiday Edition of its open source cross-platform security scanner and network mapper, with several important improvements and bug fixes.New features in Nmap 7.40Â include Npcap 0.78r5, for adding driver signing updates to work with Windows 10 Anniversary Update; faster brute-force authentication cracking; and new scripts for Nmap Script Engine, the project's maintainer Fyodor wrote on the Nmap mailing list.[ Give yourself a technology career advantage with InfoWorld's Deep Dive technology reports and Computerworld's career trends reports. GET A 15% DISCOUNT through Jan.15, 2017: Use code 8TIISZ4Z. ] The de facto standard network mapping and port scanning tool, Nmap (Network Mapper) Security Scanner is widely used by IT and security administrators for network mapping, port-scanning, and network vulnerability testing. Administrators can run Nmap against the network to find open ports, determine what hosts are available on the network, identify what services those hosts are offering, and detect any network information leaked, such as the type of packet filters and firewalls in use.To read this article in full or to leave a comment, please click here | |||
|
2016-12-21 09:19:00 | Protect your privacy with surveillance-defeating sunglasses (lien direct) | Have you done something for yourself lately? If you end up with holiday money to spare, you might consider buying yourself a cool pair of shades that would help protect your privacy while you are out in public.I saw Reflectacles on Kickstarter a few weeks ago, but since this is likely my last article of 2016, I wanted to make sure you know about these surveillance-defeating glasses as well.The glasses are the brainchild of Scott Urban who claims that wearing Reflectables ensures "you're noticed and anonymous at the same time.†The anonymous portion is due to light-reflecting frames that can end up looking like a big, shiny blur when captured by CCTV. Since the wearer's face can't be seen in any detail behind the bright glare of the glasses, it renders facial recognition tech useless.To read this article in full or to leave a comment, please click here | |||
|
2016-12-21 09:14:00 | IDG Contributor Network: Lax IoT device security threatens to pollute the internet (lien direct) | DVRs, IP cameras and other smart products could become the next wave of pollutants that threaten how we live if the security issues around Internet of Things (IoT) devices aren't addressed.We've already seen that too much IoT pollution can wreck our computing environment. The October DDoS attack that brought down Twitter, Netflix and other major websites for a large portion of the U.S. was launched by a botnet comprised of Web cameras, printers and other IoT devices.+ Also on Network World:Â 2017 security predictions + And while having those sites offline was an inconvenience, the results of that attack weren't devastating. But future DDoS attacks that throw terabits of data at servers could have more disastrous results. Instead of going after an internet traffic management company, the attackers could target a hospital or a utility provider. Not being able to binge-watch Netflix shows pales in seriousness when compared to cities not having electricity or a doctor being unable to access electronic medical records.To read this article in full or to leave a comment, please click here | |||
|
2016-12-21 08:01:40 | VMware removes hard-coded root access key from vSphere Data Protection (lien direct) | VMware has released a hotfix for vSphere Data Protection (VDP) to change a hard-coded SSH key that could allow remote attackers to gain root access to the virtual appliance.VDP is a disk-based backup and recovery product that runs as an open virtual appliance (OVA). It integrates with the VMware vCenter Server and provides centralized management of backup jobs for up to 100 virtual machines.According to a VMware support article, the vSphere Data Protection (VDP) appliance contains a static SSH private key with a known password. This key allows interoperability with EMC Avamar, a deduplication backup and recovery software solution, and is pre-configured on the VDP as an AuthorizedKey.To read this article in full or to leave a comment, please click here | |||
|
2016-12-21 04:42:00 | How to improve your security grade in 2017 (lien direct) | The City of San Diego seems to have all the building blocks in place to make the smart city an exceptionally safe one when it comes to cyber attacks. Deputy director and CISO Gary Hayslip has built out the city's security operations center, he's partnering with innovative security vendors and startups, and conferring with law enforcement to keep up with the latest threats. He has the backing of the mayor and city executives, with plenty of funding, and he's hiring more staff.Yet when asked how he would grade his organization's ability to detect and mitigate cyber threats, he offered a sobering assessment.“I would probably say about a C+,†Hayslip says. “I'm realistic. There's a lot of risk out there. We're dealing with about a million attacks a day on our networks. I've got 40 departments, 24 networks and 40,000 endpoints†to protect. As the smart city adds more IoT devices connecting streetlights, stoplights and HVAC systems to the network, the threat surface will only grow.To read this article in full or to leave a comment, please click here | |||
|
2016-12-21 03:30:00 | To beat cyber extortionists, enterprises need to punch above their weight class (lien direct) | There are only two types of enterprises it seems. Enterprises who have paid cyber extortionists to recover data, and those that have not yet paid.The outlook is bad and getting worse According to IBM Security's report on Ransomware (pdf – sign in required): “Almost one in two executives (46 percent) has some experience with ransomware attacks in the workplace, and 70 percent of that 46 percent have paid to get data back."To read this article in full or to leave a comment, please click here | |||
|
2016-12-21 03:00:06 | Tech companies like Privacy Shield but worry about legal challenges (lien direct) | Privacy Shield, the new international framework allowing companies to transfer customer data between the EU and the U.S., is getting good reviews so far, but some companies aren't betting on it for the long term.Companies using Privacy Shield worry that it may face the same fate as long-used predecessor the Safe Harbor Framework, which was overturned by the European Court of Justice in October 2015 after revelations of mass surveillance by the U.S National Security Agency. Digital Rights Ireland and French civil liberties group La Quadrature du Net have also challenged Privacy Shield in court, saying the new framework doesn't adequately protect Europeans' privacy.To read this article in full or to leave a comment, please click here | |||
|
2016-12-21 03:00:00 | IDG Editors predict tech trends for 2017 (lien direct) | Top editors from IDG Enterprise brands Computerworld, Network World, CIO and CSO chime in with their thoughts and predictions for enterprise technology trends in the upcoming year. From Apple to VR, we've got thoughts on what will be hot in 2017. | |||
|
2016-12-20 16:55:05 | Congressional report sides with Apple on encryption debate (lien direct) | The U.S. is better off supporting strong encryption that trying to weaken it, according to a new congressional report that stands at odds with the FBI's push to install backdoors into tech products.On Tuesday, a bipartisan congressional panel published a year-end report, advising the U.S. to explore other solutions to the encryption debate.“Any measure that weakens encryption works against the national interest,†the report said.The congressional panel formed back in March, amid the FBI's public battle with Apple over trying to gain access to a locked iPhone belonging to the San Bernardino shooter.To read this article in full or to leave a comment, please click here | |||
|
2016-12-20 12:47:00 | The 15 best job markets for IT security specialists (lien direct) | Security jobs Image by ThinkstockInformation technology budgets are not expected to grow substantially in the New Year, but one area where organizations continue to invest is in information security. That's a good thing, when you consider that virtually every organization can now expect to experience a security incident of some kind, says nearly every recent study.To read this article in full or to leave a comment, please click here |
|||
|
2016-12-20 11:30:47 | Google researchers help developers test cryptographic implementations (lien direct) | Security experts from Google have developed a test suite that allows developers to find weaknesses in their cryptographic libraries and implementations.The company's Project Wycheproof, which was released on GitHub, contains more than 80 test cases for widely used cryptographic algorithms, including RSA, AES-GCM, AES-EAX, Diffie-Hellman, Elliptic Curve Diffie-Hellman (ECDH), and the digital signature algorithm (DSA).Google's researchers have developed these tests by implementing some of the most common cryptographic attacks. So far, the tests have helped them uncover more than 40 security bugs in cryptographic libraries, and they have been reported to affected vendors.To read this article in full or to leave a comment, please click here | |||
|
2016-12-20 11:16:00 | Use virtual containers to isolate ransomware (lien direct) | This vendor-written tech primer has been edited by Network World to eliminate product promotion, but readers should note it will likely favor the submitter's approach.Keeping internal networks safe from the ravages of the Internet is increasingly hard, but virtual container solutions allow users to function normally while preventing the “deplorables†of the Internet– malware, exploits, and other negative phenomena – from reaching files and sensitive data.Keeping suspicious files and connections in a separate container – a virtual space isolated from the rest of the network – is a savvy strategy that can save you a great deal of trouble and expense.To read this article in full or to leave a comment, please click here | |||
|
2016-12-20 10:11:00 | High-demand cybersecurity skills in 2017 (lien direct) | As I've written many times, the cybersecurity skills shortage is the biggest cybersecurity issue we face today. Not only are there too few bodies to fill the cybersecurity jobs, but a recent series of research reports from ESG and the Information Systems Security Association (ISSA) indicates that many currently employed cybersecurity professionals are overworked, not managing their careers proactively, and not receiving the proper amount of training to stay ahead of increasingly dangerous threats. Yikes!So, the skills deficit is clear, but which types of cybersecurity skills are in the highest demand? In the recently published ESG/ISSA research report, Through the Eyes of Cybersecurity Professionals, 371 cybersecurity professionals were asked to identify areas where the organizations they worked for had the biggest skills gaps. The results are as follows:To read this article in full or to leave a comment, please click here | |||
|
2016-12-20 08:16:49 | BlackBerry counts on cars to reverse decline in revenue (lien direct) | BlackBerry reported another quarter of losses and declining revenue on Tuesday, but CEO John Chen forecast that the company will break even next quarter, its first since quitting the smartphone business.The company signaled its departure from the smartphone hardware business last week, licensing its brand to TCL, the Chinese manufacturer that built the last two BlackBerry handsets.Chen's break-even forecast had a caveat: It didn't include restructuring charges, stock compensation expenses, fair-value adjustments and a host of other things, so the company will still make a loss, but a smaller one.With smartphones out of its product mix, BlackBerry is looking to a different kind of mobility to drive its future growth: the automotive industry, the major source of revenue for its QNX embedded software platform.To read this article in full or to leave a comment, please click here | |||
|
2016-12-20 07:18:00 | No porn for you, South Carolina, if newly proposed bill becomes law (lien direct) | If two state representatives get their way and their newly proposed law moves forward, then people in South Carolina will be blocked from accessing online porn after purchasing a new device.There are many missing pieces to fully explain how porn blocking would work under the Human Trafficking Prevent Act, and reading the bill doesn't make it any clearer. However, the bill sponsors-Reps. Bill Chumley (R-Spartanburg) and Mike Burns (R-Greenville)-wrote that porn is a “public health hazard†and viewing porn online has impacted the “demand for human trafficking and prostitution.â€To read this article in full or to leave a comment, please click here | |||
|
2016-12-20 07:17:00 | 5 technologies that will shake things up in 2017 (lien direct) | If you thought 2016 was a fun time to be in IT, wait until 2017 hits. Network World presents an overview of five technologies and trends that will "shake things up" in the world of enterprise networking for the new year. | |||
|
2016-12-20 06:53:03 | The year ransomware became one of the top threats to enterprises (lien direct) | On Feb. 5, employees at Hollywood Presbyterian Medical Center in Los Angeles, California, started having network access problems that prevented electronic communications. Over the next few days, they learned that the hospital was the victim of a ransomware attack that encrypted files on multiple computers.After several days during which staff had to resort to pen and paper for some record keeping, the hospital decided to pay the $17,000 ransom -- the equivalent of 40 bitcoins that the attackers had requested. It was deemed to be the fastest way to restore the affected files and systems.This was to be the first in a string of ransomware attacks that affected multiple healthcare organizations in the U.S. over the following months, including the Chino Valley Medical Center, the Desert Valley Hospital and Methodist Hospital in Henderson, Kentucky.To read this article in full or to leave a comment, please click here | |||
|
2016-12-20 06:36:00 | Identity verification: The New Turing Test (lien direct) | This vendor-written tech primer has been edited by Network World to eliminate product promotion, but readers should note it will likely favor the submitter's approach.Have you seen the movie Ex-Machina? It's a fascinating journey through the life of a reclusive Silicon Valley billionaire, and examines artificial intelligence (“AIâ€) as manifested in a very engaging robot. The plot explores the 1950 Turing Test, in which Alan Turing – the father of modern computing –proposed that real AI will have been achieved when a human cannot detect they are talking to an AI bot; that is, in conversation, the AI bot passes as a real human partner in dialogue.To read this article in full or to leave a comment, please click here | |||
|
2016-12-20 06:24:30 | Cyberattack suspected in Ukraine power outage (lien direct) | Security experts are investigating whether a power outage that affected parts of the Ukrainian capital, Kiev, and the surrounding region this weekend was the result of a cyberattack. If confirmed, it would be the second blackout caused by hackers in Ukraine.The incident affected the automation control systems at the northern power substation near Novi Petrivtsi, a village near Kiev, close to midnight between Saturday and Sunday. This resulted in complete power loss for the northern part of Kiev on the right bank of the Dnieper river and the surrounding region.Engineers from Ukrenergo, Ukraine's national power company, switched the equipment to manual control mode and started restoring power within 30 minutes, said Vsevolod Kovalchuk, acting director of Ukrenergo, in a post on Facebook. Full power was restored to all affected areas in about an hour and 15 minutes.To read this article in full or to leave a comment, please click here | |||
|
2016-12-20 06:00:00 | Fraud detection firm outs $1b Russian ad-fraud gang and its robo-browsing Methbot (lien direct) | A $1 billion Russia-based criminal gang has been bilking online advertisers by impersonating high-profile Web sites like ESPN, Vogue, CBS Sports, Fox News and the Huffington Post and selling phony ad slots, but that's about to end.Online fraud-prevention firm White Ops is releasing data today that will enable online advertisers and ad marketplaces to block the efforts of the group, which is cashing in on its intimate knowledge of the automated infrastructure that controls the buying and selling of video ads.The group has been ramping up its activities since October so that it now reaps roughly $3 million to $5 million per day from unsuspecting advertisers and gives them nothing in return, says White Ops, which discovered the first hints of the scam in September.To read this article in full or to leave a comment, please click here | |||
|
2016-12-20 05:33:00 | Google open-sources test suite to find crypto bugs (lien direct) | Working with cryptographic libraries is hard, and a single implementation mistake can result in serious security problems. To help developers check their code for implementation errors and find weaknesses in cryptographic software libraries, Google has released a test suite as part of Project Wycheproof."In cryptography, subtle mistakes can have catastrophic consequences, and mistakes in open source cryptographic software libraries repeat too often and remain undiscovered for too long," Google security engineers Daniel Bleichenbacher and Thai Duong, wrote in a post announcing the project on the Google Security blog.To read this article in full or to leave a comment, please click here | |||
|
2016-12-20 04:00:00 | IDG Contributor Network: IoT could be our downfall (lien direct) | The internet of things (IoT) is all about connecting devices to the internet so that they can talk to each other and to us, to make life more convenient. That might mean turning on the lights when we get up, or allowing us to use our phones to see who's at the front door, even when we're at the office. The potential applications are endless. There are already more than 6 billion connected "things," and that's set to rise to more than 20 billion by 2020, according to Gartner. But the enthusiasm for all things IoT has blinded us to the potential risks. Too many companies, keen to gain a foothold in the market, have rushed out products that lack basic security protocols. The risks here are enormous.To read this article in full or to leave a comment, please click here | |||
|
2016-12-20 03:37:00 | How to get more from your security budget (lien direct) | Infosec budgets. They are small, they largely come from IT, and CISOs/CSOs often complain they are not nearly big enough.It's a constant subject of debate and rightly so; a security budget will indirectly influence how well a CISO protects their business and its assets - and frankly, how well they do their job (which, in turn, will determine how long they stay in it).This isn't meant to be all doom and gloom however; clever CISOs/CSOs and CIOs understand they have to resource more carefully in today's economically challenging times. For CISOs, that involves using money effectively, and making do with solutions they already have, in order to protect the assets they truly care about. It can also involve upskilling staff, and rolling out cost effective security awareness campaigns.To read this article in full or to leave a comment, please click here | |||
|
2016-12-19 22:24:15 | Privacy groups complain to FTC over Google\'s \'deceptive\' policy change (lien direct) | Privacy groups have complained to the Federal Trade Commission that Google is encroaching on user privacy through a policy change in June that allows it to combine personally-identifiable information with browsing data collected by its DoubleClick digital advertising service.The complaint by Consumer Watchdog and Privacy Rights Clearing House alleged that Google has created “super-profiles†as it can track user activity on Android mobile phones, with an 88 percent market share of smartphones worldwide, "and from any website that uses Google Analytics, hosts YouTube videos, or displays ads served by DoubleClick or AdSense."To read this article in full or to leave a comment, please click here | |||
|
2016-12-19 13:12:19 | Stingray use could be unconstitutional, finds House report (lien direct) | Use of cellphone spying technology has become widespread among U.S. law enforcement agencies and should be better regulated, according to a new congressional report.Not only is the FBI deploying the technology, commonly called "Stingray" after one product made by Harris Corp., but so are state and local police. And there are concerns that some law enforcement agencies have used Stingrays without securing search warrants, said the report from House Committee on Oversight and Reform, published on Monday.“Absent proper oversight and safeguards, the domestic use of (Stingrays) may well infringe upon the constitutional rights of citizens to be free from unreasonable searches and seizures,†it said.To read this article in full or to leave a comment, please click here | |||
|
2016-12-19 12:10:00 | Cisco execs foretell key 2017 enterprise networking trends (lien direct) | Interesting posts this week from a few Cisco executives taking a look forward into what should be a very interesting networking world in 2017.+More on Network World: 5 enterprise technologies that will shake things up in 2017+First up was Cisco's Jeff Reed, Senior Vice President Enterprise Infrastructure and Solutions Group who had a blog on the top 10 list for future 2017 network trends. It reads as follow:To read this article in full or to leave a comment, please click here | |||
|
2016-12-19 10:54:00 | On being a 24/7 organization and the 2016 leap second (lien direct) | If the cloud is real, software important, and system reliability paramount, then non-stop computing, computing across time zones, and invisibly short repair times ought to be mandatory, wouldn't you think? Of many requirements lain in litigation, regulatory compliance, and other “best practices,†there is one that doesn't seem to make the checklists. Let me lay it out for you: Can you get support 24/7/365.25?You get bonus points for knowing leap seconds are coming. Why? Because among other things, Kerberos time synchronization mandates pretty accurate timing. We're about to insert a leap second into your life on western New Year's Day. You may have zones that celebrate other years, but to be in sync with the time standards in the United States, there will be an extra second. The earth is slowing down. To read this article in full or to leave a comment, please click here | |||
|
2016-12-19 10:04:00 | Medical data: Accessible and irresistible for cyber criminals (lien direct) | How valuable is personal healthcare data?Apparently it depends. Based on at least some price comparisons on the Dark Web – the underground online marketplace for cyber criminals – electronic health records (EHR) are not even close to premium goods.McAfee, now a division of Intel Security, reported recently that the price for an individual medical record ranges from a fraction of a cent to $2.50, while a so-called “fullz†record – name, Social Security number plus financial account information from a credit or debit card can fetch $14 to $25.To read this article in full or to leave a comment, please click here | |||
|
2016-12-19 09:51:04 | Mobile banking trojans adopt ransomware features (lien direct) | Cybercriminals are adding file-encrypting features to traditional mobile banking trojans, creating hybrid threats that can steal sensitive information and lock user files at the same time.One such trojan is called Faketoken and its primary functionality is to generate fake login screens for more than 2,000 financial applications in order to steal login credentials. The malicious app also displays phishing pages to steal credit card information, and it can read and send text messages.Faketoken's creators have added the ability to encrypt user files stored on the phone's SD card sometime in July and have since released thousands of builds with this functionality, according to researchers from Kaspersky Lab.To read this article in full or to leave a comment, please click here | |||
|
2016-12-19 08:30:00 | IDG Contributor Network: 5 most common data privacy misconceptions (lien direct) | Average internet users are starting to realize they should be protecting their personal information better. But do they understand why?Protecting private data is more important than many people realize, and also quite simple. I'd like to unpack the top five most common misconceptions of cybersecurity to demonstrate why you should learn how to protect yourself and your data. 1. I have nothing to hide. Why do I need my data to be encrypted?No skeletons in your closet? No searches you'd prefer didn't surface? That's fine, but what about your credit card information, passwords and Social Security number? Just because you don't have dirty laundry to air doesn't mean your personal data isn't worth protecting.To read this article in full or to leave a comment, please click here | |||
|
2016-12-19 07:44:00 | Senators call for special committee to investigate Russian election hacking (lien direct) | The election is well over, but the storm is still brewing with no end in sight when it comes to trying to figure out what to do about Russian hacks aimed at influencing the election.On Sunday Dec. 11, US Senators John McCain, Chuck Schumer, Lindsey Graham and Jack Reed urged Majority Leader Mitch McConnell not to allow an investigation into Russian interference of the election to become a partisan issue. It's an issue which “should alarm every American.â€That same day, President-elect Donald Trump blew off the idea that the intelligence community had a clue as to whom was behind the hacks. His transition team later added, “These are the same people that said Saddam Hussein had weapons of mass destruction.â€To read this article in full or to leave a comment, please click here | Guideline | ||
|
2016-12-19 06:59:00 | Cisco ONE simplifies security purchasing (lien direct) | 'Tis the season to be jolly, they say, which is true unless you're involved with enterprise security. For those individuals, tis the season to be wary as the number of highly publicized breaches continues to grow, as does the complexity of trying adequately secure the business. One of the biggest challenges is the vendor landscape has exploded with hundreds of point products. In fact, the 2016 ZK Research Security Survey found that large enterprises have an average of 32 security vendors deployed. + Also on Network World: What to expect from Cisco in 2017 + More security vendors doesn't make companies more secure. It just makes things more complex. Despite the number of point products, finding a breach still takes well over 100 days. Think of the damage that can happen in over three months. A persistent threat can make its way around the company network, map out the whole environment and provide a blueprint for hackers to take whatever data they want. To read this article in full or to leave a comment, please click here | |||
|
2016-12-19 06:34:00 | The new rulers of the cybersecurity realm: Automation, Analytics Artificial Intelligence (lien direct) | It may be a brave new world in 2017 but it's also a darn scary one for IT security professionals.READ MORE ON NETWORK WORLD: 5 enterprise technologies that will shake things up in 2017+Just take a look at some recent Gartner assessments of the security situation: By 2020, 60% of digital businesses will suffer major service failures, due to the inability of IT security teams to manage digital risk. By 2020, 60% of enterprise information security budgets will be allocated for rapid detection and response approaches, which is an increase from less than 30% in 2016. By 2018, 25% of corporate data traffic will flow directly from mobile devices to the cloud, bypassing enterprise security controls. Through 2018, over 50% of IoT device manufacturers will not be able to address threats from weak authentication practices. So what technologies are going to change this scenario back in favor of IT? The new security AAA: Automation, analytics and artificial intelligence say proponents.To read this article in full or to leave a comment, please click here | |||
|
2016-12-19 06:00:00 | (Déjà vu) New products of the week 12.19.16 (lien direct) | New products of the week Image by Cybereason.Our roundup of intriguing new products. Read how to submit an entry to Network World's products of the week slideshow.Cloud Foundry Training Platform Image by altorosTo read this article in full or to leave a comment, please click here |
|||
|
2016-12-19 04:57:00 | Ransomware: at your service (lien direct) | RaaS Image by ThinkstockRansomware is on track to net organized cybercrime more than $1 billion in 2016, not taking downtime and other costs associated with it into account. And according to KnowBe4's 2016 Ransomware Report, 93 percent of IT professionals surveyed are worried ransomware will continue to grow. To read this article in full or to leave a comment, please click here |
|||
|
2016-12-19 03:13:00 | 10 biggest hacks of user data in 2016 (lien direct) | You take great pains to come up with a strong password when registering for an account on a website -- only to see your efforts go for naught when that site gets hacked. Several sites had their databases of user accounts not only breached but stolen this year, which include the necessary information for logins (i.e. username, password). The following sites are ranked starting at the fewest number of user accounts with passwords that were taken.Also, these hacks were reported to have been executed during 2016. So this list does not feature Myspace (427 million user accounts stolen) or Yahoo! (a cool billion). Both were hacked supposedly before 2016, but were only reported this year. This list also does not include reports of user records that were exposed due to poor security, but where there is no evidence they were actually stolen.To read this article in full or to leave a comment, please click here | Yahoo | ||
|
2016-12-19 03:00:00 | Inside 3 top threat hunting tools (lien direct) | Taking down the threat Image by ThinkstockAdvanced Persistent Threats (APT) are able to slip past even the most cutting-edge security defenses thanks to a diabolically clever strategy. Hackers may try to breach your defenses thousands of times until they finally get in. Once a network is breached, most APTs go into stealth mode. They move slowly, laterally compromising other systems and inching toward their goals. But what if you could hunt down these active, but hidden threats before they can do real damage? For this review, we tested threat hunting systems from Sqrrl, Endgame and Infocyte. Read the full review as well.To read this article in full or to leave a comment, please click here |
|||
|
2016-12-19 03:00:00 | Review: Threat hunting turns the tables on attackers (lien direct) | Advanced Persistent Threats are able to slip past even the most cutting-edge security defenses thanks in large part to a diabolically clever strategy. The threat actors behind successful APTs research the employees, practices and defenses of the organizations they want to attack. They may try to breach the defenses hundreds or thousands of times, then learn from their mistakes, modify their behavior, and finally find a way to get in undetected.Once a network is breached, most APTs go into a stealth mode. They move slowly, laterally compromising other systems and inching toward their goals. Post-mortems from successful attacks often show that the time an APT breached a system to the time it was detected could be anywhere from six months to a year or more. And, they are often only detected after making that final big move where there is a huge exfiltration of critical data.To read this article in full or to leave a comment, please click here | |||
|
2016-12-19 02:38:00 | 5 enterprise technologies that will shake things up in 2017 (lien direct) |
You think you have your hands full as an IT pro now? Just wait until blockchain, IoT, augmented and virtual reality, and these other technologies really start to take hold in 2017. Thinkstock
The Internet of Things – for real
Yes, yes, we know – it's one of those long-standing tech industry jokes, like “the year of the Linux desktop†and “Java security.†But 2017 really could be the year that all the hub-bub and hype around the Internet of Things comes home to roost.To read this article in full or to leave a comment, please click here |
|||
|
2016-12-18 21:24:50 | LinkedIn skill learning unit Lynda.com hit by database breach (lien direct) | Lynda.com, the online learning unit of LinkedIn, has reset passwords for some of its users after it discovered recently that an unauthorized external party had accessed a database containing user data.The passwords of close to 55,000 affected users were reset as a precautionary measure and they have been notified of the issue, LinkedIn said in a statement over the weekend.The professional network is also notifying about 9.5 million Lynda.com users who “had learner data, but no protected password information,†in the breached database. “We have no evidence that any of this data has been made publicly available and we have taken additional steps to secure Lynda.com accounts,†according to the statement.To read this article in full or to leave a comment, please click here | |||
|
2016-12-18 10:18:00 | The Grugq, Hacker House and \'Boceffus Cleetus\' weigh in on the latest ShadowBroker dump (lien direct) | If you enjoy good security-related reads, then you might like to check out a couple different takes on the latest ShadowBrokers' NSA-linked Equation Group auction files. One comes from “the grugq,†a security researcher who is well-respected for his infosec and counterintelligence knowledge, and the other is by the cybersecurity researchers at Hacker House out of the UK.The Grugq published a three-part commentary series on the great cyber game – part 1, part 2, part 3. His deep analysis is his contribution since not many are capable of it. He said that the latest by the ShadowBrokers, dropped on Dec. 14, is a “massive†and valuable drop in terms of revealing to the NSA what the Russians know and have obtained.To read this article in full or to leave a comment, please click here |
To see everything:
Our RSS (filtrered)
