What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2016-12-13 05:47:00 | Nearly half of all websites pose security risks (lien direct) | According to a new study of the top one million domains, 46 percent are running vulnerable software, are known phishing sites, or have had a security breach in the past twelve months.The big problem is that even when a website is managed by a careful company, it will often load content from other sites, said Kowsik Guruswamy, CTO at Menlo Park, Calif.-based Menlo Security, which sponsored the report, which was released this morning.For example, news sites -- 50 percent of which were risky -- typically run ads from third-party advertising networks.To read this article in full or to leave a comment, please click here | |||
|
2016-12-13 05:38:00 | The latest ransomware is pure evil genius (lien direct) | Ransomware is always nasty business, but the latest variant discovered by the MalwareHunterTeam takes the nastiness to a whole 'nother level.Turning victims into criminals Apparently, the latest Popcorn Time ransomware adds a new twist to the standard M.O. of demanding payment from their victims or permanently lose access to their files. In what seems like a brilliant if seriously messed up maneuver, if victims don't want to pay the Bitcoin ransom “the fast and easy way,†the program gives victims the option of paying up “the nasty wayâ€-by sending the ransomware link on to others. To read this article in full or to leave a comment, please click here | |||
|
2016-12-12 23:18:40 | Trump\'s margin up after Wisconsin recount over voting machine security (lien direct) | President-elect Donald Trump added 131 votes to his winning margin in a recount in Wisconsin of ballots cast in the state for the recent U.S. presidential elections, but a significant part of the recount was not by hand.The recount was asked for by Green Party candidate Jill Stein after doubts were raised that the voting systems can be hacked. Wisconsin uses both the optical scan and direct-recording electronic types of voting machines, which are both susceptible to compromise, Stein said in a petition to the Wisconsin Elections Commission.To read this article in full or to leave a comment, please click here | |||
|
2016-12-12 16:47:32 | Dozens arrested in international DDoS-for-hire crackdown (lien direct) | Law enforcement agencies arrested 34 suspects in 13 countries, including the U.K and the U.S., as part of a crackdown last week on DDoS (distributed denial-of-service) attacks.The arrests targeted buyers of DDoS-for-hire services, which get paid to flood websites or internet-connected systems with traffic, forcing them to go offline.In addition to the 34 arrests, law enforcement agencies interviewed and warned another 101 individuals. Many of the suspects were under the age of 20, the European Union police agency Europol said in a Monday statement.To read this article in full or to leave a comment, please click here | |||
|
2016-12-12 14:08:00 | 5 core topics Trump needs to address in Silicon Valley leaders meeting (lien direct) | As some of the tech sector's heaviest hitters prep for a meeting this week with president-elect Donald Trump, they need to make sure they get answers to critical questions about issues that could affect not only their businesses but the U.S. economy in general.While the meeting has been called by Trump, the Silicon Valley executives should be prepared to set some of it themselves so they aren't blindsided by policy shifts that can affect their success. Items of interest range from encryption to China policy.Here are some of the issues important to Trump and that are important to the interests of technology vendors and service providers.Where does Trump stand on encryption?To read this article in full or to leave a comment, please click here | Guideline | ||
|
2016-12-12 13:33:51 | Politics bog down US response to election hacks (lien direct) | U.S. efforts to get to the bottom about Russia's role in hacking this year's presidential election may very well end up mired in politics, hampering any response.On Monday, Senate Majority Leader Mitch McConnell, a Kentucky Republican, was the latest U.S. lawmaker to call for an investigation into Russia's possible involvement. “This simply cannot be a partisan issue,†he said during a press conference.A growing number of lawmakers, in addition to U.S. intelligence agencies, also assert that Russia was behind the high-profile hacks that were intended to influence this year's election. Among the targets were Democratic groups and figures whose emails were stolen and later leaked online.To read this article in full or to leave a comment, please click here | Guideline | ||
|
2016-12-12 13:15:22 | The top 10 tech stories of 2016: Post-PC, post-reality (lien direct) | Evolution inevitably involves the creation of new problems, and the big tech stories of the year show that this goes for IT just like anything else. While the internet has brought the world closer together, it also paved the way for fake news and new forms of espionage. The rise of AI has humans worried about being replaced. Chip makers are consolidating and scrambling to retool to meet the demands of virtual reality and the internet of things. And while Apple removed legacy ports on its new devices, a lot of users are grumbling about needing adapters for their favorite headphones and other peripherals. It's been a big year for trade-offs like this. Here are the IDG News Service's picks for the top 10 tech stories of the year.To read this article in full or to leave a comment, please click here | |||
|
2016-12-12 10:22:00 | Survey: Despite costly attacks, 85% of business leaders confident in preparedness (lien direct) | Eighty-five percent of organizations believe they have the right controls in place to protect against such attacks. Yet, 40 percent of them have been victims of cyber attacks within the last six months.That's the finding of a recent survey sponsored by BAE Systems.Why the disconnect?[Related: 3 ingredients of a successful attack] It's one thing to believe you have the right protections in place; it's another thing to test those beliefs. The survey of 600 business leaders across five countries found that “only 29% of organizations tested their attack response in the last month. On average, organizations last tested their cyber attack response 5 months ago.â€To read this article in full or to leave a comment, please click here | Guideline | ||
|
2016-12-12 09:44:00 | Should journalists be worried about the Countering Disinformation and Propaganda Act? (lien direct) | With previous anti-First Amendment statements by President-elect Donald Trump, there has been some worry by journalists that writing something the soon-to-be President doesn't like may result in unpleasant consequences. Yet that is not the same thing as reporting “fake†news or spreading disinformation.To read this article in full or to leave a comment, please click here | |||
|
2016-12-12 06:26:13 | An unpatched vulnerability exposes Netgear routers to hacking (lien direct) | Several models of Netgear routers are affected by a publicly disclosed vulnerability that could allow hackers to take them over.An exploit for the vulnerability was published Friday by a researcher who uses the online handle Acew0rm. He claims that he reported the flaw to Netgear in August, but didn't hear back.The issue stems from improper input sanitization in a form in the router's web-based management interface and allows the injection and execution of arbitrary shell commands on an affected device.The U.S. CERT Coordination Center (CERT/CC) at Carnegie Mellon University rated the flaw as critical, assigning it a score of 9.3 out of 10 in the Common Vulnerability Scoring System (CVSS).To read this article in full or to leave a comment, please click here | |||
|
2016-12-12 05:59:00 | Security Sessions: Ransomware as a service on the rise (lien direct) | In this episode of Security Sessions, CSO Editor-in-Chief Joan Goodchild chats with Stu Sjouwerman, CEO of KnowBe4, about how cybercriminals are using the cloud model for ransomware development. | |||
|
2016-12-12 05:53:00 | Tech predictions for 2017: What I expect to happen, and what I hope will happen (lien direct) | Yes, it's that time of the year again. Where does the time go? Anyway, it's time for us in the news business to make our annual predictions for the coming year. Unlike some, I own up to my misfires by leading off with the predictions made a year ago and admitting what came true and what didn't. So let's get into that. How good were my 2016 predictions? 1. IBM becomes a major cloud player.Not really. The most recent numbers, which covered Q2 of this year, put IBM at under 10 percent share. It's still an Amazon and Microsoft world. The good news is IBM grew 57 percent year over year, so it is making up for lost ground. To read this article in full or to leave a comment, please click here | Guideline | ||
|
2016-12-12 04:48:00 | Singapore\'s \'city brain\' project is groundbreaking -- but what about privacy? (lien direct) | You've read about cities installing smart parking meters and noise- and air-quality sensors, but are you ready to embrace the idea of a city brain?The residents of Singapore are on track to do just that.Creating a centralized dashboard view of sensors deployed across a distributed network is nothing new, but it takes on a bigger -- perhaps ominous -- meaning when deployed across a major city.To read this article in full or to leave a comment, please click here | |||
|
2016-12-12 02:27:00 | (Déjà vu) New products of the week 12.12.16 (lien direct) | New products of the week Image by BrocadeOur roundup of intriguing new products. Read how to submit an entry to Network World's products of the week slideshow.BlueData EPIC on AWS Image by Blue DataTo read this article in full or to leave a comment, please click here |
|||
|
2016-12-11 21:46:41 | Trump, tech executives may try to untangle relationship (lien direct) | U.S. president-elect Donald Trump is meeting this week in New York with top tech executives, including Oracle CEO Safra Catz, Apple CEO Tim Cook, Microsoft CEO Satya Nadella, Alphabet CEO Larry Page and Facebook COO Sheryl Sandberg, according to news reports.Invitations to the meeting were signed by Trump's son-in-law and adviser Jared Kushner, chief of staff Reince Priebus, and billionaire tech investor Peter Thiel, a Silicon Valley figure who came out openly early on in favor of Trump.The relationship between Trump and Silicon Valley companies has been difficult with some senior tech executives openly backing his Democratic rival Hillary Clinton in the run-up to the presidential elections. The president-elect and tech companies also appear to have differing views on issues such as immigration, outsourcing abroad, clean energy, net neutrality, encryption, surveillance and on restoring lost manufacturing jobs in the U.S.To read this article in full or to leave a comment, please click here | |||
|
2016-12-11 08:15:00 | US-CERT: Stop using your remotely exploitable Netgear routers (lien direct) | Netgear router owners, I hope you have a spare router – at least those of you with remotely exploitable models, since US-CERT recommended discontinuing use of router models which are vulnerable to arbitrary command injection.Which models? Right now it looks like Netgear R7000, R6400 and R8000 routers, but there may be more models that are vulnerable. Should you really take this seriously and unplug your router? You betcha, since US-CERT said it is “trivial†to exploit this vulnerability. Visit a booby-trapped page and whammo! An attacker would be saying hello to root privileges on your router.An exploit, which was released on Exploit Database, was published on Dec. 7. Netgear has yet to issue new firmware to patch the flaw in its vulnerable routers. There is a way to test if your router is vulnerable and even a non-official temporary fix you can try if tossing out your router is not an option.To read this article in full or to leave a comment, please click here | |||
|
2016-12-09 18:56:00 | Cisco dents Arista again with patent infringement ruling (lien direct) | A US trade judge ruled today that Arista Networks infringed on two Cisco switch patents – the second important victory the networking giant has won against Arista in their ongoing legal confrontation since it began in 2014.U.S. International Trade Commission Judge MaryJoan McNamara issued the so-called “initial determination†on the case which now must be reviewed by the ITC. In the end should the ITC find against Arista its switches could once again be banned from import into the US. The ITC you may recall ruled against Arista in another part of this case and between June and August the company could not import those products. In November Arista announced that US Customs has given it permission to resume importing its networking gear in the United States.To read this article in full or to leave a comment, please click here | |||
|
2016-12-09 11:05:00 | Why CISOs succeed and why they leave (lien direct) | Earlier this year, ESG and the Information Systems Security Association (ISSA) published a research report titled, The State of Cyber Security Careers. The report was based on a survey of 437 cybersecurity professionals, the clear majority of which were ISSA members.Two-thirds of these cybersecurity professionals worked at an organization that employed a CSO or CISO. These individuals were then asked to identify the most important qualities that make a successful CISO. Here is a sample of the results: 50% of respondents said strong leadership skills were most important 47% of respondents said strong communication skills were most important 30% of respondents said a strong relationship with business executives was most important 29% of respondents said a strong relationship with the CIO and other members of the IT leadership team was most important 23% of respondents said strong management skills were most important Based upon this list, it's clear that successful CISOs need to be strong business people who can work with business and IT executives. This is an important consideration since many security professionals are deeply rooted in the technology rather than the business aspects of infosec.To read this article in full or to leave a comment, please click here | Guideline | ||
|
2016-12-09 10:46:41 | Obama orders review of election hacks as Trump doubts Russia\'s role (lien direct) | President Barack Obama has ordered U.S. intelligence agencies to conduct a full review of the cyberattacks that allegedly tried to disrupt this year's election, as his successor Donald Trump casts doubt over Russia's possible involvement. Obama's homeland security advisor Lisa Monaco first mentioned the need for the review while speaking to reporters on Friday morning, according to Politico."We may be crossed into a new threshold, and it is incumbent upon us to take stock of that, to review, to conduct some after-action, to understand what this means, and to impart those lessons learned," Monaco reportedly said.To read this article in full or to leave a comment, please click here | |||
|
2016-12-09 09:43:13 | Ransomware attacks against businesses increased threefold in 2016 (lien direct) | The number of ransomware attacks targeting companies increased threefold from January to September, affecting one in every five businesses worldwide.According to a new report from security company Kaspersky Lab, the rate of ransomware attacks against businesses increased from one every two minutes to one every 40 seconds during that period. For consumers it was even worse, with the rate reaching one attack every 10 seconds in September.During the third quarter of the year, there were 32,091 new ransomware variations detected by Kaspersky Lab compared to only 2,900 during the first quarter. Overall, 62 new ransomware families appeared this year, the company said.To read this article in full or to leave a comment, please click here | |||
|
2016-12-09 08:33:00 | Looking to 2017: It\'s not just enterprise security (lien direct) | IoT, rotten home AP firmware, freaking Wi-Fi cameras: They're all eating your lunch. Here's an Advanced Persistent Threat notice: EVERYTHING AROUND YOU can give you a miserable day. It's now entirely myopic, and hence irresponsible, to think there is such a topic as enterprise security because sadly video cams in Macedonia can give your hosting environment a DDoS headache. Poor TLS handshakes crack browsers open like an egg. Your router vendor had all of the hardening of a “fairy tap.†Remember those when you were a kid? A fairy tap was a gentle touch, designed to invade your space but do no damage. Now the damage is pOwn1ng your infrastructure. Or you business partner's infrastructure. To read this article in full or to leave a comment, please click here | |||
|
2016-12-09 07:58:04 | Attackers use hacked home routers to hit Russia\'s 5 largest banks (lien direct) | Botnets made up of hacked home routers were used to launch distributed denial-of-service attacks against the five largest financial organizations in Russia.The attacks occurred on Monday, Dec. 5, and were detected and mitigated by Rostelecom, Russia's state-owned telecommunications company. The attacks peaked at 3.2 million packets per second (Mpps) and the longest attack lasted for over two hours, Rostelecom reported Friday.The company did not provide a bandwidth measurement for the attacks, but 3.2Mpps is not that much. DDoS mitigation providers regularly see attacks that exceed 100 Mpps and a very large September attack against the website of cybersecurity blogger Brian Krebs peaked at 665Gbps and 143Mpps.To read this article in full or to leave a comment, please click here | |||
|
2016-12-09 05:02:00 | The IoT: Gateway for enterprise hackers (lien direct) | A very merry Christmas could give way to a not-so-happy New Year security hangover for enterprises, once a few million more Internet of Things (IoT) devices are unwrapped and migrate from homes into the workplace.So, a webinar this week hosted by The Security Ledger titled: “Who Let the IoT in?: Finding and securing wireless devices in your environment,†was designed to offer some advance advice on how to cope with it.Paul Roberts, founder and editor in chief of The Security Ledger, who moderated the event, began by framing part of the problem: Although the IoT is now well established, many of the legacy tools enterprises still use to identify and manage vulnerable devices were, “designed for the 'Internet of Computers' rather than the IoT.To read this article in full or to leave a comment, please click here | |||
|
2016-12-09 05:01:00 | 10 essential PowerShell security scripts for Windows administrators (lien direct) | PowerShell is an enormous addition to the Windows toolbox that gives Windows admins the ability to automate all sorts of tasks, such as rotating logs, deploying patches, and managing users. Whether it's specific Windows administration jobs or security-related tasks such as managing certificates and looking for attack activity, there is a way to do it in PowerShell.Speaking of security, there's a good chance someone has already created a PowerShell script or a module to handle the job. Microsoft hosts a gallery of community-contributed scripts that handle a variety of security chores, such as penetration testing, certificate management, and network forensics, to name a few.To read this article in full or to leave a comment, please click here | |||
|
2016-12-09 04:59:00 | How this analyst targeted a phisher (lien direct) | Not unlike any other threat analyst, Marc Laliberte's email inbox fills up minute by minute. Some of which has made its way past the spam filter. The WatchGuard employee decided to finally act upon a certain phishing attempt in hopes of teaching the bad guys a lesson. Â Spear phishing is a type of phishing attack in which the perpetrator customizes their attack to a particular individual or group of individuals. The attacker gathers information on the victim and then tailors the attack to be more likely to fool the target. The would-be attack arrived as an email appearing to come from the finance employee's manager, requesting an urgent wire transfer.To read this article in full or to leave a comment, please click here | |||
|
2016-12-08 17:30:10 | Georgia says it\'s traced an attempted voter hack to DHS (lien direct) | Georgia's secretary of state says the state was hit with an attempted hack of its voter registration database from an IP address linked to the federal Department of Homeland Security. The allegation by Georgia Secretary of State Brian Kemp is one of the more bizarre charges to come up in the recent spate of alarms about voting-system hacks. He said in a Facebook post on Thursday that he had been made aware of the failed attempt to breach the firewall protecting Georgia's voter registration database. The attack was traced to an Internet Protocol address associated with DHS, he said.To read this article in full or to leave a comment, please click here | |||
|
2016-12-08 12:30:00 | Cisco Talos: Zeus spawn “Floki bot†malware gaining use, cyber-underworld notoriety (lien direct) | Cisco's Talos security group this week warned that a variant of trojan monster Zeus has begun to garner a following in the cyber-underworld as a hard-to-detect attack mechanism.“[Floki bot] is based on the same codebase that was used by the infamous Zeus trojan, the source code of which was leaked in 2011. Rather than simply copying the features that were present within the Zeus trojan 'as-is', Floki Bot claims to feature several new capabilities making it an attractive tool for criminals,†Talos wrote.+More on Network World: 20 years ago: Hot sci/tech images from 1996+To read this article in full or to leave a comment, please click here | |||
|
2016-12-08 11:35:57 | Russian cyberspies likely behind DNC breach move on to German election (lien direct) | A group of suspected Russian cyberspies blamed for interfering in the U.S. election is also attempting to influence the upcoming vote in Germany, according to the country's domestic intelligence agency.The Russian hacking group known as Fancy Bear or APT 28 has been targeting political parties in the country, Germany's Federal Office for the Protection of the Constitution (BfV) intelligence agency said in a statement Thursday posted online by Politico.The hacking activities have led to a surge in spear-phishing email attacks directed at German politicians, the agency said.  To read this article in full or to leave a comment, please click here | APT 28 | ||
|
2016-12-08 11:02:00 | 7 ways to tighten enterprise social media security (lien direct) | Thumbs up Image by Umberto NURSSocial media has become the new cyber battleground. Not only is this landscape growing rapidly, but it also represents one of the most dynamic, unstructured and unregulated datasets anywhere in the digital world. In the wake of the social media revolution, cybercriminals exploit businesses and their customers at a massive scale.To read this article in full or to leave a comment, please click here |
|||
|
2016-12-08 08:45:58 | Cyberspies stole secrets from industrial giant ThyssenKrupp (lien direct) | Germany-based industrial conglomerate ThyssenKrupp was hit by a cyberespionage attack earlier this year that resulted in data being stolen from its industrial solutions and steel producing units.An investigation revealed that the attack was carried out by a professional group of hackers from Southeast Asia and targeted technological know-how and research, according to the group,While hackers managed to steal some information, its exact nature is not clear, with the exception of certain project data from an engineering company, ThyssenKrupp said in an emailed statement Thursday. As a result, at this time there's no reliable estimation of the damage to the company's intellectual property.To read this article in full or to leave a comment, please click here | |||
|
2016-12-08 08:45:00 | November 2016: The month in hacks and breaches (lien direct) | On November 13, the breach notification site LeakedSource disclosed that FriendFinder Networks, Inc., which operates such websites as Adultfriendfinder.com and Penthouse.com, had been hacked and over 400 million customer accounts were compromised.In addition to being the largest leak of 2016 (the 360 million records from leaked from MySpace in May comes in second), this data breach also marked the second time in 2 years that FriendFinder users had their account information compromised.To read this article in full or to leave a comment, please click here | |||
|
2016-12-08 08:44:00 | Fighting ransomware: A fresh look at Windows Server approaches (lien direct) | Ransomware is evil, and it continues to prey upon thousands of businesses every year. Most infections are fairly quiet affairs: A small business gets infected, almost always by some employee opening an email attachment he or she mistakes as legitimate but that really contains the payload of a virus. Then several undetected hours later, all of the business' files -- at least those the employee had access to, which in a lot of businesses without good security and permissions policies is all of the files -- are encrypted, and demands for payment of a ransom in Bitcoin are made in exchange for the decryption key.Of course, secure email use and employee behavior is a problem in businesses of all sizes, and there have been some high-profile ransomware infections. Most recently in the news was the attack on the San Francisco Municipal Transportation Agency (SFMTA), or Muni as it is known by Bay Area residents. Muni had to give free trips to all comers over the Thanksgiving weekend while it worked to restore access to its machines. The hacker who infected the utility also claims to have access to 30GB of stolen Muni data; the utility disputes this claim, but it is certainly possible.To read this article in full or to leave a comment, please click here | |||
|
2016-12-08 08:31:00 | The Trump effect on cybersecurity: Tough to tell (lien direct) | Donald Trump's effect on cybersecurity after he's sworn in as president next month will likely be toward military uses of cyber weapons and stronger tools for law enforcement to crack encryption, but the impact is hard to predict due to the vagueness of his proposals so far.The most detailed Trump cyber plan is just 175 words long and includes some initiatives that sound like what's already in place.On the campaign trail and during debates he occasionally hit the topic, but again with little detail and perhaps little understanding of how the internet works. For example, he called for Microsoft founder Bill Gates to find a way to shut off parts of the internet to ISIS as a way to halt its recruitment efforts.To read this article in full or to leave a comment, please click here | |||
|
2016-12-08 06:09:14 | OpenVPN will be audited for security flaws (lien direct) | The next major version of OpenVPN, one of the most widely used virtual private networking technologies, will be audited by a well-known cryptography expert.The audit will be fully funded by Private Internet Access (PIA), a popular VPN service provider that uses OpenVPN for its business. The company has contracted cryptography engineering expert Matthew Green, a professor at Johns Hopkins University in Baltimore, to carry out the evaluation with the goal of identifying any vulnerabilities in the code.Green has experience in auditing encryption software, being one of the founders of the Open Crypto Audit Project, which organized a detailed analysis of TrueCrypt, a popular open-source full-disk encryption application. TrueCrypt has been abandoned by its original developers in 2014, but its code has since been forked and improved as part of other projects.To read this article in full or to leave a comment, please click here | |||
|
2016-12-08 04:17:29 | U.S. and U.K. spy agencies have been intercepting in-flight phone calls for years (lien direct) | U.S. and U.K. spy agencies have been monitoring in-flight mobile phone users for years, according to new revelations from the trove of documents leaked by former NSA contractor Edward Snowden.As early as 2012 the U.K. Government Communications Headquarters (GCHQ) was intercepting voice and data communications from commercial aircraft using the OnAir service to carry 2G mobile services over the Inmarsat satellite communications network. At the time, GCHQ did not have access to a rival in-flight mobile service provider, Aeromobile, French newspaper Le Monde reported Wednesday.To read this article in full or to leave a comment, please click here | |||
|
2016-12-07 17:25:06 | A Turkish hacker is giving out prizes for DDoS attacks (lien direct) | A hacker in Turkey has been trying to encourage distributed denial-of-attacks by making it into a game, featuring points and prizes for attempting to shut down political websites. The DDoS platform, translated as Surface Defense in English, has been prompting other hackers in Turkey to sign up and score points, according to security firm Forcepoint which uncovered it. Users that participate will be given a tool known as Balyoz, the Turkish word for Sledgehammer, that can be used to launch DDoS attacks against a select number of websites. For every ten minutes they attack a website, the users will be awarded a point, which can then be used to obtain rewards. These prizes include a more powerful DDoS attacking tool, access to bots designed to generate revenue from click fraud, Â and a prank program that can infect a computer and scare the victim with sounds and images.To read this article in full or to leave a comment, please click here | |||
|
2016-12-07 12:50:00 | Democrats unveil bill to probe Russia\'s role in alleged election hacks (lien direct) | U.S. lawmakers are pushing for a government probe into whether Russia may have interfered with the presidential election by hacking high-profile political targets.  On Wednesday, two Democratic representatives unveiled legislation that proposes to form a 12-member bipartisan commission to investigate the electronic means Russia may have used to influence the U.S. election. "Regardless of whether you voted for Donald Trump, Hillary Clinton, or anyone else, Russia's attacks on our election are an attempt to degrade our democracy," said Representative Elijah Cummings of Maryland, one of the sponsors of the bill.To read this article in full or to leave a comment, please click here | |||
|
2016-12-07 10:59:00 | Cisco whacks its Secure Access Control System (lien direct) | Cisco this week this week announced the death of its Secure Access Control System – a package customers use to manage access to network resources. Cisco said the last day customers can order the system is August 30, 2017. For customers with active and paid service and support contracts, support will be available under the terms and conditions of customers' service contract the company said. The last date that Cisco Engineering will release any final software maintenance releases or bug fixes is Aug. 30, 2018. After this date, Cisco Engineering will no longer develop, repair, maintain, or test the product software, the company said.To read this article in full or to leave a comment, please click here | |||
|
2016-12-07 09:58:00 | EPIC takes aim at IoT toys Cayla and i-Que that spy on kids, files complaint with FTC (lien direct) | The Electronic Privacy Information Center (EPIC) is calling upon the Federal Trade Commission (FTC) to take action against “toys that spy†and violate federal privacy law. In particular, EPIC has issues with My Friend Cayla dolls and i-Que Robots which “subject young children to ongoing surveillance.â€EPIC – along with Campaign for Commercial Free Childhood, the Center for Digital Democracy, and the Consumers Union – are working “to ban these toys from the marketplace.â€To read this article in full or to leave a comment, please click here | |||
|
2016-12-07 08:51:00 | IDG Contributor Network: The silver lining on a ransomware attack (lien direct) | I wouldn't wish a ransomware attack on anyone. A particularly destructive form of malware, ransomware has made a name for itself this year as one of the internet's top threats. A recent survey revealed that half of companies had responded to a ransomware attack, with 85 percent reporting three or more. If it locks down your personal computer, it's a royal pain. But if it gets onto a network drive at your work, that pain is multiplied by the number of employees and more.Systematically locking down every computer on the network, ransomware puts your entire workforce out of work and sends your IT guys to the mats trying to find the money to pay the ransom or the backups to bring the network back online. Long story short: Ransomware is bad news!To read this article in full or to leave a comment, please click here | |||
|
2016-12-07 07:59:29 | Latest Android security update fixes Dirty COW, GPS vulnerabilities (lien direct) | The monthly Android security update released this week fixes the serious Dirty COW privilege escalation attack that can allow malicious apps to take full control of devices.Dirty COW (copy-on-write) is a privilege escalation vulnerability that has existed in the Linux kernel for the past nine years and is already being exploited in the wild. It affects Android because the mobile OS is based on Linux, but it was initially believed that the SELinux security policies enforced by default in Android provided some mitigation against the attack.To read this article in full or to leave a comment, please click here | |||
|
2016-12-07 06:29:00 | Aruba flexes some IoT muscle (lien direct) | The Internet of Things (IoT) is heating up and will be a hot trend in 2017. And Aruba, a Hewlett Packard Enterprise Company, plans to be a part of it. The company has been active in the IoT industry by providing Wi-Fi connectivity to IoT endpoints and security through its ClearPass product. However, it has never put together a comprehensive IoT story that spans its portfolio.Last week at the HPE Discover Conference, though, Aruba announced several new products to position itself as a strong IoT enabler. The new solutions include security tools, wired switches and new partnerships.To read this article in full or to leave a comment, please click here | |||
|
2016-12-07 05:37:00 | Playing cyber defense is not enough to win (lien direct) | While the San Francisco 49ers are leading the NFL in defense, the New Orleans Saints currently hold the number one slot for total offense. In the overall league rankings, though, neither of those two teams rank in the top 10. What's the takeaway? Winning isn't strictly about strong offense or impenetrable defense. NFL league leaders advance to the top because they know how to balance the two; they know how to play the game.To address the growing number of attacks on the US government and private sector systems, President-elect Donald Trump's cybersecurity plan aims to, "Develop the offensive cyber capabilities we need to deter attacks by both state and non-state actors and, if necessary, to respond appropriately."To read this article in full or to leave a comment, please click here | Guideline | ||
|
2016-12-06 18:49:14 | Malicious online ads expose millions to possible hack (lien direct) | Since October, millions of internet users have been exposed to malicious code served from the pixels in tainted banner ads meant to install Trojans and spyware, according to security firm ESET.The attack campaign, called Stegano, has been spreading from malicious ads in a “number of reputable news websites,†ESET said in a Tuesday blog post. It's been preying on Internet Explorer users by scanning for vulnerabilities in Adobe Flash and then exploiting them.The attack is designed to infect victims with malware that can steal email password credentials through its keylogging and screenshot grabbing features, among others.To read this article in full or to leave a comment, please click here | |||
|
2016-12-06 12:58:00 | Big Switch adds security perimeter around SDN data center (lien direct) | Big Switch Networks today unraveled a wide-ranging group of products aimed at mitigating security attacks, scrutinizing cloud and container environments and improving its existing SDN-based monitoring software. In the security realm Big Switch rolled out its BigSecure Architecture, a high-performance cyber-defense platform that the company says will help enterprises protect against Terabit-speed attack. +More on Network World: 20 years ago: Hot sci/tech images from 1996+ “What we are seeing is network attack by thousands of IoT devices [like the recent Dyn DNS attack that hit 1.2Tbps] using massive speed and bandwidth to take down resources. To mitigate against that kind of attack can be cost prohibitive but what we have implemented in BigSecure can help mitigate those attacks,†said Prashant Gandhi, vice president and chief product officer.To read this article in full or to leave a comment, please click here | |||
|
2016-12-06 11:54:00 | Say goodbye to MS-DOS command prompt (lien direct) | My very first technology article, back in 1987, was about MS-DOS 3.30. Almost 30 years later, I'm still writing, but the last bit of MS-DOS, cmd.exe - the command prompt - is on its way out the door. It's quite possible that you have been using Microsoft Windows for years - decades, even - without realizing that there's a direct line to Microsoft's earliest operating system or that an MS-DOS underpinning has carried over from one Windows version to another - less extensive with every revision, but still there nonetheless. Now we're about to say goodbye to all of that. Interestingly, though, there was not always an MS-DOS from Microsoft, and it wasn't even dubbed that at birth. The history is worth reviewing now that the end is nigh.To read this article in full or to leave a comment, please click here | |||
|
2016-12-06 10:51:36 | Backdoor accounts found in 80 Sony IP security camera models (lien direct) | Many network security cameras made by Sony could be taken over by hackers and infected with botnet malware if their firmware is not updated to the latest version.Researchers from SEC Consult have found two backdoor accounts that exist in 80 models of professional Sony security cameras, mainly used by companies and government agencies given their high price.One set of hard-coded credentials is in the Web interface and allows a remote attacker to send requests that would enable the Telnet service on the camera, the SEC Consult researchers said in an advisory Tuesday.To read this article in full or to leave a comment, please click here | |||
|
2016-12-06 10:27:00 | Getting started with blockchain smart contracts (lien direct) | Few managers look forward to negotiating contracts. In large companies, there are many stakeholders to consult and it's easy to make a misstep. And then there's the expense involved in working with lawyers.Smart contract technology promises to simplify the contract process and provide greater transparency.[ Also on CIO.com: Blockchain: You've got questions; we've got answers ]What are smart contracts? Early approaches to smart contracts included some that were merely “augmented by technology,†says Houman B. Shadab, professor of law at New York Law School. “In a sense, you could view contract signing and management services like DocuSign as an example of [smart contracts].†Other approaches automated the production of traditional contracts using templates.To read this article in full or to leave a comment, please click here | Guideline | ||
|
2016-12-06 08:13:14 | App developers not ready for iOS transport security requirements (lien direct) | A month before Apple is expected to enforce stricter security requirements for app communications in iOS, enterprise developers don't seem ready to embrace them, a new study shows.The study was performed by security firm Appthority on the most common 200 apps installed on iOS devices in enterprise environments. The researchers looked at how well these apps conform to Apple's App Transport Security (ATS) requirements.ATS was first introduced and was enabled by default in iOS 9. It forces all apps to communicate with Internet servers using encrypted HTTPS (HTTP over SSL/TLS) connections and ensures that only industry-standard encryption protocols and ciphers without known weaknesses are used. For example, SSL version 3 is not allowed and neither is the RC4 stream cipher, due to known vulnerabilities.To read this article in full or to leave a comment, please click here | |||
|
2016-12-06 06:56:00 | Trump Cybersecurity Do\'s and Don\'ts (Part 2) (lien direct) | Given recent cybersecurity incidents like the Google Android data breach, the DDoS attack on Dyn and the data breach of the DNC, President-elect Donald Trump will find cybersecurity policy a top priority when he takes office in January.What should Mr. Trump do and what should he avoid? In my last blog, I presented some recommendations for the “do†column. Alternatively, here is a list of things President Trump should eschew in his administration's cybersecurity agenda. The “don't†column includes the following: Don't obsess over cybersecurity intelligence sharing path. Public/private partnerships for cybersecurity cooperation have roots that go back to the Clinton administration's original PDD-63 for critical infrastructure protection. In more recent times, congress struggled with CISPA then CISA as stand-alone bills before sneaking CISA into a federal spending bill in late 2015. Intelligence sharing is a good step but it's been beaten to death and most large organizations have figured this out on their own. What's needed is a concerted effort on best practices and sharing threat intelligence with small businesses. Yes, these things should happen but the feds should do so as part of CISA and not spin up another distracting effort. Remember that threat intelligence sharing is a means to an end (i.e. better cybersecurity visibility and analysis) and not an end in itself. Don't propose yet another blue-ribbon cybersecurity panel. If Mr. Trump's goal is to shake up Washington, the last thing he should do is appoint another blue-ribbon panel to study cybersecurity issues and provide recommendations – this action is on page one of every Beltway politician's playbook. As an alternative, Mr. Trump should appoint high-level cybersecurity experts to go through President Obama's cybersecurity commission's findings and suggestions (as well as other historical similar reports), tailor them to his political agenda, and push forward the appropriate actions with congress as soon as possible.   Don't even think about giving national cybersecurity oversight to the military. The few cybersecurity plans Mr. Trump camp talks about tend to include a military and intelligence component to them. This is fine when it comes to offensive operations and U.S. Cyber Command but it gets a little scary with regard to civilian agencies and the private sector. There are those at the Pentagon that will push for this by equating cybersecurity with national security but with all due respect to the military, Mr. Trump must absolutely follow the lead of past President's and draw a clear line between military and civilian cybersecurity involvement. In truth, ANY military, law enforcement, or intelligence involvement in private sector and consumer cybersecurity programs will turn into an all-consuming political and technology civil war with Republicans and Democrats alike will pushing back.  This unnecessary fight must be avoided as it could halt federal cybersecurity progress for months or years. Don't push for a new federal cybersecurity agency. Since the military can't be involved in private sector cybersecurity, many responsibilities fall to DHS, a massive bureaucracy that hasn't had a strong record of success with its cybersecurity programs. Some in Washington see this as a reason to create yet another civilian agency, a department of national cybersecurity. While it may be tempting to consolidate cybersecurity responsibilities, it would be extremely difficult to unwind cybersecurity from DHS and every other nook and cranny in the greater DC area. This shouldn't mean however that the | Guideline |
To see everything:
Our RSS (filtrered)
