What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2016-12-16 14:25:00 | Obama vows to punish Russia over election-related hacks (lien direct) | U.S. President Barack Obama pledged to punish Russia for hacking of Democratic groups and figures during the election season with actions that'll occur in secret and others that'll be made public. “Our goal continues to be to send a clear message to Russia or others not to do this to us because we can do stuff to you,†Obama said in a press conference. The President stopped short of explicitly blaming Russian president Vladimir Putin for directing the alleged hacks, but said that, “not much happens in Russia without Vladimir Putin.†Obama met Putin during a summit in China in September and told him to "cut it out" and or else "there would be some serious consequences if he didn't," he said. After that meeting, the hacking attempts stopped but Wikileaks had already been given copies of stolen documents.To read this article in full or to leave a comment, please click here | |||
|
2016-12-16 09:45:00 | New Research Reveals Cybersecurity Skills Shortage Impact (lien direct) | When it comes to the cybersecurity skills shortage, I am somewhat of a “Chicken Little†as I've been screaming about this issue for the last 5 years or so. As an example, ESG research conducted in early 2016 indicated that 46% of organizations indicate that they have a problematic shortage of cybersecurity skills today (note: I am an ESG employee).So, ESG and other researchers have indicated that there aren't enough infosec bodies to go around but what about those that have jobs? How is the cybersecurity skills shortage affecting them and the organizations they work for?Earlier this week, ESG and the Information Systems Security Association (ISSA) published the second report in a two-part research report series investigating these issues. This new report titled, Through the Eyes of Cyber Security Professionals, uncovers a lot more about just how deep the cybersecurity skills shortage cuts.  For example:To read this article in full or to leave a comment, please click here | |||
|
2016-12-16 08:59:00 | Corero says its always-on DDoS defense system automatically safeguards service providers  (lien direct) | This column is available in a weekly newsletter called IT Best Practices.  Click here to subscribe.  The massive DDoS attack that was aimed in stages at DNS provider Dyn in October 2016 did more than grab headlines. It also served as a wake-up call to companies that provide the global Internet infrastructure, as well as downstream operators and service providers. Many experts fear this attack could prove to be a tipping point in the battle to maintain stability and availability across the Internet. Research shows the attack originated from an Internet of Things (IoT) botnet that involved an estimated 100,000 devices. Dyn experienced packet flow bursts 40 to 50 times higher than normal, and unverified reports put the magnitude of the attack in the 1.2Tbps range. The attack used multiple vectors and required a variety of techniques to fight off.To read this article in full or to leave a comment, please click here | |||
|
2016-12-16 07:21:51 | Apple\'s macOS file encryption easily bypassed without the latest fixes (lien direct) | Without the macOS update released this week, Apple's disk encryption can be easily defeated by connecting a specially crafted device to a locked Macbook.The attack is possible because devices connected over Thunderbolt can access the computer's RAM directly before the OS is started through the direct memory access (DMA) feature. The DMA mechanism is typically used by disk drive controllers, graphics cards, network cards, and sound cards because accessing the memory through the CPU would otherwise keep the processor busy and unavailable for other tasks.Apple's macOS has DMA protections, but they only kick in when the OS is running. However, the EFI (Extensible Firmware Interface) -- the modern BIOS -- initializes Thunderbolt devices at an early stage in the boot process and this enables them to use DMA before the OS is started, security researcher Ulf Frisk said in a blog post.To read this article in full or to leave a comment, please click here | |||
|
2016-12-16 05:04:00 | 4 historic security events of 2016 and what they teach us [Infographic] (lien direct) | What is it they say about failing to learn the lessons of history and being doomed to repeat it? However the famous saying goes, I think we can agree that the events of 2016 can be very instructive if we choose to pay attention.Just yesterday, for example, Yahoo disclosed a breach from 2013 involving more than 1 billion user accounts - and those are unrelated to the 2014 breach disclosed in September involving over 500 million user accounts.Among the lessons from the Yahoo breaches is that hackers are very good at what they do and are getting increasingly sophisticated. What can you do to prevent an email-based attack from happening in your organization? Above all, pay attention to the human element.To read this article in full or to leave a comment, please click here | Yahoo | ||
|
2016-12-16 04:59:00 | Don\'t put this holiday spam in you shopping cart (lien direct) | A gift Scam artists see the holidays as an opportunity to rip people off. This year is no different. PhishMe's Chief Threat Scientist Gary Warner has caught a few to share.Paypal: Suspicious activity Image by PhishMeTo read this article in full or to leave a comment, please click here |
|||
|
2016-12-16 04:57:00 | HTTP/2 promises better performance -- but with security caveats (lien direct) | The new Internet communication protocol, HTTP/2, is now being used by 11 percent of websites -- up from just 2.3 percent a year ago, according to W3Techs.The new protocol does offer better performance, but there is no particular rush to upgrade, and it's backwards-compatible with the previous protocol, HTTP/1.1.No security problems have been found in the protocol itself, but there are vulnerabilities in some implementations and the possibility of lower visibility into internet traffic, so it's worth waiting for everything to shake out.The pressure to switch is likely to come from lines of business, said Graham Ahearne, director of product management at security firm Corvil.To read this article in full or to leave a comment, please click here | |||
|
2016-12-16 04:43:00 | 49% off CyberPower Surge Protector 3-AC Outlet with 2 USB (2.1A) Charging Ports - Deal Alert (lien direct) | The Professional Surge Protector CSP300WUR1 safeguards common home and office devices, such as computers and electronics, by absorbing spikes in energy caused by storms and electrical power surges. Designed for convenience, the portable CSP300WUR1 is ideal for travelers. It provides 600 joules of protection, has three surge-protected outlets, and a folding wall tap plug. Two USB ports (2.1 Amp shared) charge personal electronics, including smartphones, digital cameras, MP3 players, and other devices. A Limited-Lifetime Warranty ensures that this surge suppressor has passed high quality standards in design, assembly, material or workmanship and further protection is offered by a $50,000 Connected Equipment Guarantee. It currently averages 4 out of 5 stars on Amazon, where its typical list price of $22 has been reduced 49% to just $11.27. See the discounted CSP300WUR1 on Amazon.To read this article in full or to leave a comment, please click here | |||
|
2016-12-16 04:30:41 | BlackBerry hands its brand to TCL, maker of its last smartphones (lien direct) | The BlackBerry smartphone is dead: Long live the BlackBerry smartphone.A week after it officially pulled out of the smartphone market, BlackBerry has agreed to license its brand to handset manufacturer TCL.The Chinese company will make and market future BlackBerry handsets worldwide except for India, Indonesia, Bangladesh, Sri Lanka and Nepal, where BlackBerry has already struck local licensing deals.This is hardly new territory for TCL, which manufactured BlackBerry's last two handsets, the Android-based DTEK50 and DTEK60.To read this article in full or to leave a comment, please click here | |||
|
2016-12-15 22:47:06 | Evernote backs off from privacy policy changes, says it \'messed up\' (lien direct) | Evernote has reversed proposed changes to its privacy policy that would allow employees to read user notes to help train machine learning algorithms.CEO Chris O'Neill said the company had “messed up, in no uncertain terms.â€The move by the note-taking app follows protests from users, some of whom have threatened to drop the service after the company announced that its policy would change to improve its machine learning capabilities by letting a select number of employees, who would assist with the training of the algorithms, view the private information of its users. The company claims 200 million users around the world. To read this article in full or to leave a comment, please click here | |||
|
2016-12-15 17:34:45 | Hacker allegedly stole logins from a US election agency (lien direct) | A Russian-speaking hacker has been found selling stolen login credentials for a U.S. agency that tests and certifies voting equipment, according to a security firm.The hacker was attempting to sell more than 100 allegedly compromised login credentials belonging to the U.S. Election Assistance Commission (EAC), the security firm Record Future said in a Thursday blog post. The company said it discovered online chatter about the breach on Dec. 1.Some of these credentials included the highest administrative privileges. With such access, an intruder could steal sensitive information from the commission, which the hacker claimed to have done, Recorded Future said.To read this article in full or to leave a comment, please click here | |||
|
2016-12-15 14:25:00 | Non-malware attacks are on the rise (lien direct) | Security pros need to pay attention to malicious activities that don't rely on actual malware to succeed, according to a study by Carbon Black.Attacks that exploited applications and processes legitimately running on systems – non-malware incidents – have risen from representing about 3% of all attacks in January to about 13% in November, the company's “Non-malware attacks and ransomware take center stage in 2016†report says.“Non-malware attacks are at the highest levels we have seen and should be a major focus for security defenders during the coming year,†it says.The research included data from more than 1,000 Carbon Black customers that represent 2.5 million-plus endpoints. For measuring the non-malware attacks, the authors considered the malicious use of PowerShell and Windows Management Instrumentation were considered.To read this article in full or to leave a comment, please click here | |||
|
2016-12-15 12:29:00 | IDG Contributor Network: Five ways cybersecurity is nothing like the way Hollywood portrays it (lien direct) | According to pop culture's portrayal of cybersecurity, the industry is hot property. Hacks and breaches not only dominate the real-world media, but they can be seen everywhere in TV and movies today.Granted, there have been some early examples of security issues playing a role in pop culture plot lines, such as the 1980s cult-classic Tron. But in recent years, Hollywood seems to have really picked up the mantle when it comes to cybersecurity. If the bright lights of TV and movies are to be believed, hackers are simultaneously the coolest and scariest people on the planet.Let's take a look at five of the most common cybersecurity misperceptions as portrayed in TV shows and movies:To read this article in full or to leave a comment, please click here | |||
|
2016-12-15 10:57:22 | Ransomware fighting coalition adds new members and decryption tools (lien direct) | The No More Ransom project, a coalition of law enforcement and security companies, has expanded with 30 new members and added 32 new decryption tools for various ransomware variants.The project, which consists of a website dedicated to fighting ransomware, was originally launched by Europol's European Cybercrime Centre in partnership with the National High Tech Crime Unit of the Netherlands police, Kaspersky Lab, and Intel Security.The website has a tool that allows users to determine which type of ransomware has affected their files but also contains general information about ransomware, prevention advice, and instruction on reporting incidents to law enforcement.To read this article in full or to leave a comment, please click here | |||
|
2016-12-15 06:46:00 | Citrix is building your workspace of the future (lien direct) | Citrix is a bit like the pachyderm in the proverb about the blind men and the elephant. How customers describe the company depends a lot on which of Citrix's diverse products they touch. It's a desktop and app virtualization company. It's a networking company. A secure file sharing company, a mobility management firm. Yes, Citrix is all of those and more, and CEO Kirill Tatarinov – one year after taking over from long-time leader Mark Templeton – is working to show how all those pieces play together in making Citrix the focal point of the 'workspace of the future' for nimble enterprises. To read this article in full or to leave a comment, please click here | Guideline | ||
|
2016-12-15 06:29:16 | 5 things you should do following the Yahoo breach (lien direct) | Internet giant Yahoo announced a massive data breach Wednesday that affected over one billion accounts, making it by far the largest data breach in history. This follows the disclosure in September of a different breach that affected more than 500 million of the company's customers.What stands out with this new security compromise is that it occurred over three years ago, in August 2013, and that hackers walked away with password hashes that can be easily cracked.To read this article in full or to leave a comment, please click here | Yahoo | ||
|
2016-12-15 05:40:00 | Trump, tech leaders avoided encryption and surveillance talk at summit (lien direct) | A Wednesday summit between some of the most powerful people in technology and U.S. president-elect Donald Trump covered a wide ground but avoided discussion on two of the biggest issues facing the industry: the use of encryption and government surveillance.Trump's team called the meeting the start of "a conversation and partnership in order to spark innovation and create more jobs in the U.S." and said it could be repeated as often as once a quarter once he assumes the presidency.Many in Silicon Valley had been vocal opponents of Trump prior to the election, but in meeting executives of the region's biggest companies on Wednesday, Trump sought to gain their support. In particular, he asked them for "specific innovative solutions that have been blocked by narrow thinking in Washington," his team said in a statement.To read this article in full or to leave a comment, please click here | Guideline | ||
|
2016-12-15 05:10:00 | 14 eyebrow-raising things Google knows about you (lien direct) | Google may know more about me than I know about myself.I'm not just saying that, either: I recently started poking around in Google's personal data repositories and realized that, between my wide-reaching use of the company's services and my own brain's inability to remember anything for more than seven seconds, Google may actually have the upper hand when it comes to knowledge about my life.From face-tagged photos of my past adventures (what year did I go to Nashville, again -- and who went with me to that Eddie Vedder show?) to the minute-by-minute play-by-play of my not-so-adventuresome days (wait, you mean I really only left the house once last Wednesday -- and just to get a freakin' sandwich?!), Google's got all sorts of goods on me. Heck, even my hopes and dreams (which may or may not involve sandwiches) are probably catalogued somewhere in its systems.To read this article in full or to leave a comment, please click here | |||
|
2016-12-15 05:07:00 | How to maintain security while employees are out of the office for the holidays (lien direct) | Ho-ho, whoa Image by ThinkstockThe downtime created by the holiday season is a fan favorite for enterprise employees and hackers alike. As workers are enjoying time away from the office for vacations or working remotely, hackers are viewing this slow down as an optimal time to attack corporate systems. To avoid having your organization turn into this holiday's victim, security professionals provide tips for IT managers to protect corporate data, as well as share recommendations for using the slower cycles to test security systems. To read this article in full or to leave a comment, please click here |
|||
|
2016-12-15 05:06:00 | Protecting more than privacy in schools (lien direct) | Larger enterprises have the resources to not only afford the technology needed to grow in the digital age, but they also have the budget and manpower to build security into their overall ecosystems.Does the K-12 education sector have the means to do the same? As the use of technology becomes more prevalent in public schools, will collecting more data potentially increase the cybersecurity risks for the K-12 sector?Earlier this fall, the Center for Data Innovation released a report, Building a Data-Driven Education System in the United States, in which they said 93 percent of teachers are regularly using digital tools to assist classroom instruction in some capacity.To read this article in full or to leave a comment, please click here | |||
|
2016-12-15 05:00:03 | Privacy protections for wearable devices are weak, study says (lien direct) | The rapidly expanding wearable device market raises serious privacy concerns, as some device makers collect a massive amount of personal data and share it with other companies, according to a new study.Existing health privacy laws don't generally apply to wearable makers, the study says. While consumers are embracing fitness trackers, smart watches, and smart clothing, a "weak and fragmented" health privacy regulatory system in the U.S. fails to give consumers the privacy protections they may expect, said the study, released Thursday by the Center for Digital Democracy and the School of Communication at American University.To read this article in full or to leave a comment, please click here | |||
|
2016-12-14 19:08:43 | Yahoo breach means hackers had three years to abuse user accounts (lien direct) | Security researchers are disturbed it took Yahoo three years to discover that details of over 1 billion user accounts had been stolen back in 2013.It means that someone -- possibly a state-sponsored actor -- had access to one of the largest email user bases in the world, without anyone knowing. The stolen database may have even included information on email ids of U.S. government and military employees.“It is extremely alarming that Yahoo didn't know about this,†said Alex Holden, chief information security officer with Hold Security.Yahoo said back in November it first learned about the breach when law enforcement began sharing with the company stolen data that had been provided by a hacker. At the time, the company was already dealing with a separate data breach, reported in September, involving 500 million user accounts.To read this article in full or to leave a comment, please click here | Yahoo | ||
|
2016-12-14 16:36:52 | Here\'s some questions Congress should ask about the election-related hacks (lien direct) | Members of congress are demanding answers over claims that Russia attempted to influence the U.S. presidential election with several high-profile hacks. U.S. intelligence agencies are confident that the Kremlin was involved, but incoming president Donald Trump remains skeptical.  As they prepare to investigate, here's some questions lawmakers should be asking to help them understand and respond to these hacks.  What evidence do we have proving Russia's involvement? Attribution in any hack can be incredibly difficult, as Trump noted in a tweet, but cybersecurity experts say they have technical evidence showing that Democratic groups and figures were at the very least hacked with spear phishing emails and hard-to-detect malware from two suspected Russian hacking teams.To read this article in full or to leave a comment, please click here | |||
|
2016-12-14 14:41:00 | Yahoo reports massive data breach involving 1 billion accounts (lien direct) | In what is likely the largest data breach ever, Yahoo is reporting that data associated with more than 1 billion user accounts was stolen in August 2013.The incident is separate from a breach Yahoo reported in September involving at least 500 million users that originally occurred in late 2014 and shook public trust in the company.FREAKIN' OUT? DON'T CARE? Discuss on our Facebook pageStolen user data from this new breach involves names, email addresses, telephone numbers, dates of birth, and hashed passwords using an aging algorithm known as MD5 that can be cracked.To read this article in full or to leave a comment, please click here | Yahoo | ||
|
2016-12-14 13:33:27 | Bye, privacy: Evernote will let its employees read your notes (lien direct) | Evernote is changing its privacy policy to let employees read its customers' notes, and they can't opt out. Users have until Jan. 23 to move their notes out of the company's system and delete their accounts if they want to avoid the sanctioned snooping. Companies using Evernote Business can have their administrators opt out, but users won't have individual control over it.The change a push by the company to enhance its machine learning capabilities by letting a select number of employees view the private information of its users to help with the training of algorithms."While our computer systems do a pretty good job, sometimes a limited amount of human review is simply unavoidable in order to make sure everything is working exactly as it should," the company said in a support bulletin.To read this article in full or to leave a comment, please click here | |||
|
2016-12-14 13:14:00 | IDG Contributor Network: 5 cybersecurity trends to watch for 2017 (lien direct) | As 2016 draws to a close, we can reflect on a year where cybersecurity has played a major role. Even presidential campaigns haven't been free from hacking scandals and data leaks. The average cost of a data breach for companies grew from $3.8 million last year to $4 million in 2016, according to the Ponemon Institute.Companies of all sizes have embraced the cloud and open source has become the standard for infrastructure software. Both pose their own blend of benefit and risk. A major datacenter attack or failure could be problematic for many companies, and we can certainly expect an increase in the number of cyber-attacks based on open source vulnerabilities.To read this article in full or to leave a comment, please click here | |||
|
2016-12-14 12:39:00 | 10 game changing networking acquisitions of 2016 (lien direct) | Game changers? Image by ThinkstockIn the networking industry, it seems that every year there's a flurry of mergers and acquisitions. Turns out that 2016 was no different. Here are 10 that have the most game changing potential, since they have the potential to move the acquiring company into an entirely new market.To read this article in full or to leave a comment, please click here |
Guideline | ||
|
2016-12-14 12:13:00 | UNH InterOperability Lab fostering even more IoT togetherness (lien direct) | While the Internet of Things has started to become useful, many are still freaked out about devices not working well together and becoming security liabilities. The University of New Hampshire InterOperability Laboratory (UNH-IOL) will attempt to address both of those concerns via its new IoT Testing Services. Test services will apply to devices for homes, industrial networks, smart cities and connected cars, according to UNH-IOL. What's more, testing will be offered for the IPv6 Forum's IPv6 Ready IoT Logo in the spring. MORE: Beware the ticking Internet of Things security time bombTo read this article in full or to leave a comment, please click here | |||
|
2016-12-14 12:02:00 | A hefty fine is just part of penalties for the Ashley Madison adultery site (lien direct) | A hefty judgement against Ashley Madison, the dating site for adulterers, is just the tip of the iceberg when it comes to penalties the company must pay as a result of the theft and public posting of its customers' data when the company was hacked last year.Ruby Corp., the parent company of Ashley Madison agreed to pay $8.75 million fine to the Federal Trade Commission and another $8.75 million to 13 states that also filed complaints. It will wind up paying just $1.6 million because it is strapped for assets.To read this article in full or to leave a comment, please click here | |||
|
2016-12-14 11:12:46 | Ashley Madison to pay $1.6M settlement related to data breach (lien direct) | The company behind Ashley Madison, the adultery enabling website, has agreed to pay a US$1.6 million settlement related to a major data breach last year that exposed account details of 36 million users.Ashley Madison's operator, Toronto-based Ruby, is making the settlement for failing to protect the account information and for creating fake user profiles to lure in prospective customers, the U.S. Federal Trade Commission said on Wednesday.In July 2015, a hacking group called Impact Team managed to steal the account details and then post them online a month later -- potentially damaging the reputation of the customers using the adultery website.To read this article in full or to leave a comment, please click here | |||
|
2016-12-14 07:41:00 | Lessons learned from the 7 major cyber security incidents of 2016 (lien direct) | Cyber incidents dominated headlines this year, from Russia's hacking of Democrat emails to internet cameras and DVRs launching DDoS attacks, leaving the impression among many that nothing should be entrusted to the internet. These incidents reveal technical flaws that can be addressed and failure to employ best practices that might have prevented some of them from happening. +More on Network World: Gartner Top 10 technology trends you should know for 2017+To read this article in full or to leave a comment, please click here | |||
|
2016-12-14 07:40:00 | Know your (cyber) enemy (lien direct) | Picture this: Your company's network is facing a DDoS attack, but you have no idea who is responsible or what their motivation might be. Without this knowledge, you can't tell if they want money in exchange for stopping the attack or if the attack is a diversion to occupy your security team while your network is being penetrated and commercial secrets are stolen.In the aftermath of a network breach it can also be incredibly useful to know some information about the likely attackers. That's because knowing who they were - or just where they were from - can help you carry out a more accurate damage assessment exercise. This knowledge can guide you where to look for signs of data compromise, and what other specifics (such as exploit kits or Trojans that may have been left behind) to search for.To read this article in full or to leave a comment, please click here | |||
|
2016-12-14 07:35:20 | Adobe fixes actively exploited critical vulnerability in Flash Player (lien direct) | Adobe Systems has released security updates for several products, including one for Flash Player that fixes a critical vulnerability that's already known and exploited by attackers.The Flash Player update fixes 17 vulnerabilities, 16 of which are critical and can be exploited to execute malicious code on affected systems. One of those vulnerabilities, tracked as CVE-2016-7892 in the Common Vulnerabilities and Exposures (CVE) catalogue, is already being used by hackers."Adobe is aware of a report that an exploit for CVE-2016-7892 exists in the wild, and is being used in limited, targeted attacks against users running Internet Explorer (32-bit) on Windows," the company said in a security advisory.To read this article in full or to leave a comment, please click here | |||
|
2016-12-14 05:41:00 | List of remotely exploitable Netgear routers grows as beta firmware fix is released (lien direct) | Netgear stepped up by publishing a list of routers which are vulnerable to attack as well as releasing beta firmware to patch some of those models.The company confirmed the existence of the flaw which US-CERT believed was dangerous enough to advise users to stop using vulnerable routers. In addition to the originally announced vulnerable Netgear routers models R6400, R7000, R8000, Netgear warned that nine other router models are also vulnerable.To read this article in full or to leave a comment, please click here | |||
|
2016-12-14 05:35:00 | Tech Forecast 2017: 5 key technologies to double down on now (lien direct) | With digital transformation dominating the business agenda, IT pros are under pressure to create a modern-day tech foundation sturdy enough to drive that change as they head into 2017. What milestones are they aiming for in the year ahead? Where should they direct their limited resources?According to Computerworld's Forecast 2017 survey, IT professionals will prioritize security, analytics, XaaS or "as a service" technology, virtualization and mobile apps in the coming year. If you're thinking of adding those technologies to your own 2017 to-do list, read on for findings from our survey, along with real-world advice from other IT leaders.To read this article in full or to leave a comment, please click here | Guideline | ||
|
2016-12-14 05:33:00 | Top 15 security predictions for 2017 (lien direct) | Looking into the crystal ball Image by ThinkstockIt is once again, as the song doesn't quite say, “the most predictive time of the year.†Not that anybody knows for sure what will be happening even a month from now, never mind six months to a year.But that does not, and should not, stop organizations from trying. The way to get ahead and stay ahead, especially in online security, is to look ahead.To read this article in full or to leave a comment, please click here |
|||
|
2016-12-13 23:36:06 | John McAfee asks court to block Intel\'s security spin-out (lien direct) | Intel's plan to spin out its security business under the McAfee name could run into rough weather with security expert John McAfee asking a court in New York to order an injunction on the deal until a dispute over the use of his personal name for another company is resolved.In a court filing on Tuesday, John McAfee and MGT Capital Investments claimed that there is a high likelihood that Intel intends to sell the rights to the use of his full name to the new venture. “Should the sale go forward any judgment awarded to Plaintiffs will be ineffectual,†it added.John McAfee and MGT informed the court that they will be seeking a preliminary injunction that would prevent Intel from “selling, trading, assigning, leasing or otherwise transferring any alleged rights, in whole or in part, relating to any marks, names, trade names, or entities containing the word 'McAfee'†until the resolution of the dispute.To read this article in full or to leave a comment, please click here | |||
|
2016-12-13 17:01:59 | Google publishes national security letters for the first time (lien direct) | Google is providing for the first time a look into the world of national security letters -- demands from the Federal Bureau of Investigation to hand over details about account holders and keep quiet about it.The letters are a part of business for Google and other major internet companies, but traditionally they have been barred from acknowledging the letters' existence. That changed in 2013 when, in light of revelations about Internet surveillance by U.S. intelligence agencies, Google and others started fighting to disclose more about the demands.That led to the creation of Google's "transparency report," which revealed the company receives thousands of requests for user data each month from law enforcement agencies around the globe. The national security letters remained secret, but on Tuesday, Google published a handful that are no longer covered by nondisclosure rules.To read this article in full or to leave a comment, please click here | |||
|
2016-12-13 13:54:37 | Don\'t like Russian cyberspies? Tips to stop state-sponsored hackers (lien direct) | Be wary around random, but legitimate-looking emails popping up in your inbox. A foreign government may be using them to try to hack you.That may sound far-fetched, but Russian cyberspies allegedly stole sensitive files from Democratic groups and figures using this very tactic. In some cases, the spoofed emails pretended to be from Google and managed to trick victims into giving up their login details, paving the way for a series of high-profile hacks that rocked this year's presidential election.But even as the presidential race is over, cybersecurity experts warn that state-sponsored hackers remain a dangerous threat. Political organizations, businesses, and universities all should be on guard -- you're probably already in their crosshairs.To read this article in full or to leave a comment, please click here | |||
|
2016-12-13 12:31:00 | Google\'s taking Brillo into smart homes with Android Things (lien direct) | Android is headed to the internet of things in the form of Android Things, an operating system that grew out of Project Brillo and will be able to get updates directly from Google. With the home IoT industry still emerging from the hobbyist realm to mass market, Android's traction in the smartphone realm could make it a popular platform for devices like lights, locks, thermostats, and household appliances that consumers want to manage through their phones. On Tuesday, Google announced a developer preview of Android Things, which will be able to run on the Raspberry Pi 3, Intel Edison, and NXP Pico hardware platforms. It will be easy for developers to scale their prototypes up to large production runs using custom versions of those boards, Google says.To read this article in full or to leave a comment, please click here | |||
|
2016-12-13 11:33:00 | The Ring Stick Up Cam. Don\'t bother. (lien direct) | Just over a year ago I reviewed the Ring ($199), a security camera that replaces your conventional doorbell and lets you not only see who's ringing your doorbell but also talk with them. The Ring doorbell provides movement detection with optional cloud video recording for a monthly fee ($3 per month).While I liked the product conceptually, the startup lag (the time between detecting movement and when recording begins, usually a delay of a few seconds) is long enough that fast moving people like the Fedex guy can come and go before the device starts recording and the so-so video quality led me to give it a Gearhead rating of 3.5 out of 5.To read this article in full or to leave a comment, please click here | FedEx | ||
|
2016-12-13 11:16:00 | Dec. 2016 Patch Tuesday: Microsoft releases 12 security bulletins, 6 rated critical (lien direct) | For the last Patch Tuesday of 2016, Microsoft issued 12 security bulletins, half of which are rated critical due to remote code execution vulnerabilities. Get ready for restarts. Please do not delay deploying patches since three do address vulnerabilities which had been publicly disclosed.Rated criticalMS16-144 pertains to patching a plethora of bugs in Internet Explorer: two scripting engine memory corruption vulnerabilities, two memory corruption vulnerabilities, a security feature bypass bug, and two information disclosure flaws and one Windows hyperlink object library information disclosure vulnerability.To read this article in full or to leave a comment, please click here | |||
|
2016-12-13 09:43:36 | Facebook helps companies detect rogue SSL certificates for domains (lien direct) | Facebook has launched a tool that allows domain name owners to discover TLS/SSL certificates that were issued without their knowledge.The tool uses data collected from the many Certificate Transparency logs that are publicly accessible. Certificate Transparency (CT) is a new open standard requiring certificate authorities to disclose the certificate that they issue.Until a few years ago, there was no way of tracking the certificates issued by every certificate authority (CA). At best, researchers could scan the entire web and collect those certificates being used on public servers. This made it very hard to discover cases where CAs issued certificates for domain names without the approval of those domains' owners.To read this article in full or to leave a comment, please click here | |||
|
2016-12-13 09:33:00 | U.S. DOT advances mandate for vehicle-to-vehicle communications technology (lien direct) | Looking to put a high-tech solution to a deadly problem the U.S. Department of Transportation has issued a proposed rule to standardize the development and implementation of vehicle communications technologies in cars and trucks. The idea is to enable a multitude of new crash-avoidance applications that could save lives by preventing “hundreds of thousands of crashes every year by helping vehicles “talk†to each other,†the DOT stated.+More on Network World: Six key challenges loom over car communication technology+To read this article in full or to leave a comment, please click here | |||
|
2016-12-13 06:57:00 | Zen and the art of security (lien direct) | I'm a Zen heretic, and so also is my sense of systems security.A very cogent citation describes the folly of it all. The people who install toolbars, click on random stuff and feel like they won something when they downloaded the free app are too plentiful, and security is too tough to understand-even PGP. Bringing up the bottom is as important as extending the top. We don't ritualize security because that would be too tough, to impolite to do. Your mother did not teach you to use complex passwords and to change them as frequently as your underwear. Given some people I know, it's a wonder they passed the “p@55w0rd†rubric they were trained to use.To read this article in full or to leave a comment, please click here | |||
|
2016-12-13 06:29:03 | Netgear starts patching routers affected by a critical flaw (lien direct) | Networking device manufacturer Netgear released firmware updates for several router models in order to patch a critical vulnerability that's publicly known and could be exploited by hackers.The vulnerability was disclosed by a researcher Friday and affects multiple Netgear router models, many from the company's Nighthawk series. The company initially confirmed the flaw in three models -- R6400, R7000, R8000 -- but it has since expanded the list to include five more.The models confirmed to be affected so far are: R6250, R6400, R6700, R7000, R7100LG, R7300, R7900 and R8000. This list might not be complete as Netgear continues to analyze the flaw's impact to its entire router portfolio.To read this article in full or to leave a comment, please click here | |||
|
2016-12-13 06:00:03 | AirMap, DigiCert to issue digital certificates for drones (lien direct) | Drones will start getting digital identification certificates under a new service being launched on Tuesday that hopes to bring trust and verification to the skies.The Drone IDs will be SSL/TLS certificates from DigiCert issued through AirMap, a provider of drone flight information data, and will first be available to users of Intel's Aero drone platform.Under the system, drone owners receive the digital ID in the form of an SSL/TLS certificate when they register for AirMap services. The ID is different from the identification number issued to drone owners by the U.S. Federal Aviation Administration and isn't part of any government scheme.To read this article in full or to leave a comment, please click here | |||
|
2016-12-13 05:54:00 | Cybersecurity skills aren\'t taught in college (lien direct) | Cybersecurity is a growing concern across the globe and businesses are eager to build secure products and keep corporate data safe. The only problem is that cybersecurity is a relatively new skill, and there just aren't enough qualified candidates to go around.When Intel and the Center for Strategic and International Studies (CSIS) surveyed 775 IT decision makers, 82 percent expressed a concern for the cybersecurity skills shortage. It's reached a point where the government has created the National Initiative for Cybersecurity and Studies (NICS) to help address the growing need for cybersecurity professionals, starting by getting kids introduced to cybersecurity as early as middle school.To read this article in full or to leave a comment, please click here | |||
|
2016-12-13 05:53:00 | 5 tips to stay ahead of ransomware threats (lien direct) | The incidents of ransomware -- especially crypto-ransomware, in which cybercriminals hack vulnerable systems, encrypt the data and hold it for ransom -- saw a huge spike in 2016, and the practice shows no signs of slowing down.According to Symantec's 2016 Internet Security Threat Report (ISTR), there were more than 4,000 ransomware attacks per day since Jan 1, 2016, a 300-percent increase over 2015, which saw an average 1,000 attacks per day, according to the ISTR.While organizations can't ever be completely protected, there are a number of steps you can take to minimize the risk and potential fallout from a ransomware attack, says Scott Millis, CTO at mobile security and secure device management platform Cyber adAPT.To read this article in full or to leave a comment, please click here | |||
|
2016-12-13 05:49:00 | 8 ways companies can manage risks brought on by the SaaS Tsunami (lien direct) | Shadow IT Image by ThinkstockEvery employee is on a mission to find the next SaaS application that will make their job easier. With nothing more than a credit card and an expense report, anyone within the organization can sign-up for a new application in minutes.The problem is that employees are signing-up for SaaS apps without the knowledge or permission of their IT administrator. According to Gartner and Cisco, IT pros only know about 7% of the apps in use. Meaning, within any given organization, there are hundreds of unsecured SaaS apps, each a potential entry point for hackers to access your corporate data.To read this article in full or to leave a comment, please click here |
To see everything:
Our RSS (filtrered)
