What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2016-12-06 05:59:00 | Expedia IT tech made $330K by secretly accessing execs\' files for insider trading (lien direct) | Lots of IT techs have access to network credentials to access company files and emails, but it wouldn't cross the minds of most to abuse that knowledge for a “get-rich-scheme†in the flavor of insider trading. Yet that doesn't apply to everyone, since a 28-year-old admitted to exploiting his position in order to gain insider knowledge and illegally trade and profit from those secrets.Jonathan Ly, a former IT tech for Expedia, pleaded guilty to securities fraud – something FBI Special Agent in Charge Jay S. Tabb, Jr. called, “Particularly egregious because Mr. Ly abused his special access privileges as an IT administrator. On top of violating the trust of the public and his company, he violated the privacy of fellow employees by surreptitiously accessing their files.â€To read this article in full or to leave a comment, please click here | Guideline | ||
|
2016-12-06 05:47:00 | IBM amps-up Watson cybersecurity experiences (lien direct) | Watson has gone through school and ready for first internship. IBM today said its Watson cognitive computing system continues its path to become part of a full-fledged cybersecurity service by announcing 40 customers have begun beta testing the technology as an enterprise protection tool.+More on Network World: IBM Watson/ XPrize open $5 million AI competition for world-changing applications+Watson has recruited enterprises from auto, banking and insurance realms -- including Sun Life Financial, University of Rochester Medical Center, SCANA Corporation, Sumitomo Mitsui Financial Group, California Polytechnic State University, University of New Brunswick, Avnet and Smarttech – to help research and develop new security applications that will use the systems natural language and machine learning techniques.To read this article in full or to leave a comment, please click here | |||
|
2016-12-06 05:02:00 | 4 top disaster recovery packages compared (lien direct) | Whether the disaster is a flood, a power outage or human error, IT departments have the critical role of getting business systems working again. And that requires reliable disaster-recovery software.Four of the top disaster-recovery (DR) software suites are Veeam Backup, Altaro VM Backup, Zerto Virtual Replication and VMware's Site Recovery Manager (SRM), according to reviews written by users in the IT Central Station community.[ Also on CSO: Lessons from high-profile IT failures ] But what do enterprise users really think about these tools? Here, users give a shout-out for some of their favorite features, but also give the vendors a little tough love.To read this article in full or to leave a comment, please click here | |||
|
2016-12-06 04:56:00 | Companies increasingly looking for hackers to attack their networks (lien direct) | The U.S. Army ventured into unfamiliar territory last week, the first day of its “Hack the Army†bug bounty program that challenges dozens of invited hackers to infiltrate its computer networks and find vulnerabilities in select, public-facing Army websites."We're not agile enough to keep up with a number of things that are happening in the tech world and in other places outside the Department of Defense," explained Army Secretary Eric Fanning in announcing the plan in mid-November. "We're looking for new ways of doing business," which includes a break from the past when government avoided working with the hacker community.To read this article in full or to leave a comment, please click here | |||
|
2016-12-06 04:50:24 | Tell-tale toys open bedroom door to strangers, consumer groups warn (lien direct) | Internet-connected toys subject children to hidden marketing messages and allow strangers to converse with them from a distance, consumer rights groups say.The groups highlighted breaches of security and basic consumer rights in two toys in particular, the i-Que robot and the My Friend Cayla doll.The toys connect via Bluetooth to smartphone apps that record children speaking and transmit the recordings to a voice recognition service provider in the U.S., Nuance Communications, allowing the toys to appear to converse with the children.But, the consumer groups say, there is no authentication or pairing of the Bluetooth connections, allowing strangers within radio range of the toys to detect them and connect with them to carry on a conversation with the children directly. Furthermore, they say, voice recordings that could contain personal information are transmitted to Nuance without explicit consent, and the toys inject messages into their conversations repeatedly endorsing Disney products.To read this article in full or to leave a comment, please click here | |||
|
2016-12-06 04:50:00 | Common security mistakes in collaboration tools (lien direct) | Working together Image by Rebecca SiegelCollaboration tools have become widely used across organizations today, as people come to rely on these handy tools to work more efficiently. They reduce reliance on email, increase conversation between teams and provide an easy way to share information with colleagues. However, with many workplace applications today, there are so many gaps where security settings can fail, and corporate IT is beginning to take notice. Mike McCamon, president at SpiderOak, recommends staying away from these common security and privacy mistakes.To read this article in full or to leave a comment, please click here |
|||
|
2016-12-05 21:05:02 | Privacy groups urge investigation of \'internet of toys\' (lien direct) | Privacy groups in the U.S. and seven European countries will ask consumer protection agencies to investigate the maker of two internet-connected toys for violations of laws designed to protect children's privacy.The complaints are scheduled to be filed Tuesday against Genesis Toys, maker of the My Friend Cayla and I-Que Intelligence Robot toys, and Nuance Communications, the provider of voice-recognition software for the products.The complaints, to be filed in the U.S., France, Sweden, Greece, Belgium, Ireland, the Netherlands, and Norway, may be only the beginning of actions taken by consumer and privacy groups targeting a lucrative slice of the internet of things market, the so-called internet of toys.To read this article in full or to leave a comment, please click here | |||
|
2016-12-05 20:12:00 | Facebook, Twitter, Microsoft and YouTube will share terror content info (lien direct) | Facebook, Twitter, Microsoft and Google's YouTube have agreed to share with one another identifying digital information of violent terror content that they find on their platforms.When they remove "violent terrorist imagery or terrorist recruitment videos or images" from their platforms, the companies will include in a shared industry database the hashes, or unique digital fingerprints, of the content.Other participants can use the shared hashes to help identify matching content on their hosted consumer platforms, review against their respective policies and definitions, and remove the content when appropriate, according to a statement by the companies on Monday.To read this article in full or to leave a comment, please click here | |||
|
2016-12-05 15:01:55 | Obama\'s cybersecurity plan faces uncertainty with Trump (lien direct) | U.S. consumers could one day see cybersecurity ratings on technology products, much like today's EnergyStar ratings, if the findings of a government-sponsored cybersecurity commission are heeded. Although like much in Washington right now, a lot depends on  incoming U.S. President Donald Trump and his views on cybersecurity are far from clear.The report, published on Friday by the Commission on Enhancing National Cybersecurity, also suggests usernames and passwords are replaced with something more secure and wants 150,000 cybersecurity experts trained over the next four years to help the U.S. defend against hacking threats.  The commission has the support of President Obama and began its work in February this year, with executives at Microsoft, IBM, Uber and former U.S. government officials. However, in releasing its findings, Obama acknowledged it'll be up to the next president and U.S. Congress to more fully implement what the commission has recommended.  To read this article in full or to leave a comment, please click here | Uber | ||
|
2016-12-05 13:08:00 | Behavior analytics tools for cybersecurity move into enterprises (lien direct) | Behavior analytics is one of the more recent buzzwords in enterprise cybersecurity, with more than 35 vendors competing for customers, according to security analysts.Behavior analytics in cybersecurity is roughly defined as using software tools to detect patterns of data transmissions in a network that are out of the norm. The theory is that the analytics tool would detect the anomaly and alert IT managers, who would stop the unusual behavior or cyberattack.Enterprises use behavior analytics to detect intrusions that evade preventive technologies such as firewalls, intrusion-prevention systems and antivirus software. Those conventional tools match fingerprints or signatures identified in prior attacks, while behavior analytics tools study and report anomalies that are judged against a baseline of normal behavior. Among the users of behavior analytics is the National Security Agency, which uses the analytics to detect threats to its private cloud system.To read this article in full or to leave a comment, please click here | |||
|
2016-12-05 10:02:00 | Google launches Trusted Contacts location sharing app (lien direct) | How do you feel about sharing your location with “trusted contactsâ€? From Google's point of view, its new Trusted Contacts app will “help you feel safe and give your friends and family peace of mind.â€The “personal safety app†will work even if your phone is offline.Google software engineer Minh Nguyen explained: Here's how it works: Once you install the Android app, you can assign “trusted†status to your closest friends and family. Your trusted contacts will be able to see your activity status - whether you've moved around recently and are online - to quickly know if you're OK. If you find yourself in a situation where you feel unsafe, you can share your actual location with your trusted contacts. And if your trusted contacts are really worried about you, they can request to see your location. If everything's fine, you can deny the request. But if you're unable to respond within a reasonable time-frame, your location is shared automatically and your loved ones can determine the best way to help you out. Of course, you can stop sharing your location or change your trusted contacts whenever you want.To read this article in full or to leave a comment, please click here | |||
|
2016-12-05 08:45:35 | Chrome bug triggered errors on websites using Symantec SSL certificates (lien direct) | If you've encountered errors over the past month when trying to access HTTPS-enabled websites on your computer or Android phone, it might have been due to a bug in Chrome.The bug affected the validation for some SSL certificates issued by Symantec, one of the world's largest certificate authorities, as well as by GeoTrust and Thawte, two CAs that Symantec also controls.The bug was introduced in Chrome version 53, but also affected the Android WebView component that Android apps use to display Web content, said Rick Andrews, senior technical director at Symantec in a blog post Friday.To read this article in full or to leave a comment, please click here | |||
|
2016-12-05 07:07:00 | Ransomware as a Service fuels explosive growth (lien direct) | Believe it – you too can become a successful cyber criminal! It's easy! It's cheap! It's short hours for big bucks! No need to spend years on boring things like learning how to write code or develop software.Just download our simple ransomware toolkit and we can have you up and running in hours – stealing hundreds or thousands of dollars from people in other countries, all from the comfort of your home office – or your parents' basement. Sit back and watch the Bitcoin roll in!OK, that's not the literal pitch coming from the developers of ransomware. But, given the rise of Ransomware as a Service (RaaS) – a business model in which malware authors enlist “distributors†to spread the infections and then take a cut of the profits – it sounds like it could be a candidate for the kind of “direct-response†TV ads that made the late pitchman Billy Mays famous.To read this article in full or to leave a comment, please click here | |||
|
2016-12-05 07:01:00 | Security pros most worried about clouds, mobile (lien direct) | Companies were least prepared to assess the security risks of cloud and mobile technologies, according to a survey of cybersecurity professionals released this morning.Around 60 percent of companies were able to assess security risks in cloud environments, down 7 points compared to last year. Mobile devices scored at 57 percent, down by 8 percentage points compared to last year.Overall, the confidence levels of security professionals that their cyber defenses were meeting expectations dropped from 76 percent last year to 70 percent in this year's survey, according to the report, which was produced by Annapolis, M.D.-based CyberEdge Group, and sponsored by Tenable.To read this article in full or to leave a comment, please click here | Guideline | ||
|
2016-12-05 04:00:00 | 10 most useful Slack bots (lien direct) | We experimented and tinkered with numerous bots that are available for Slack, the cloud messaging service meant mainly for business. (You can still use Slack for non-work reasons, particularly under the service's free option.) Here are 10 that could be most helpful working alongside your Slack team.1. Ace: Saves your to-do list, and conducts your polls and surveysYou can build a to-do list by sending each task item as a message to this bot; it will store them, and show the list to you upon command. A task can be designated to a channel and assigned to a member in your Slack team, and labeled as prioritized (i.e. more important than others). Ace includes other functionalities: you can create simple polls and number ratings surveys with the bot, for which it will tally and provide a summary of the results of your team members' responses.To read this article in full or to leave a comment, please click here | |||
|
2016-12-05 03:03:00 | (Déjà vu) New products of the week 12.5.16 (lien direct) | New products of the week Our roundup of intriguing new products. Read how to submit an entry to Network World's products of the week slideshow.Wyse 5060 Thin Client Image by DellTo read this article in full or to leave a comment, please click here |
|||
|
2016-12-05 03:00:00 | How to survive the death of Flash (lien direct) | Seven years ago, Steve Jobs launched the once-popular Abode Flash into a long, slow death spiral when he announced that Flash would not be installed on any of his cutting-edge products, particularly the iPad and iPhone. Jobs argued that Flash was slow, cumbersome, battery intensive, incompatible with touch-screens, and had massive security issues.Since then, Flash has fallen out of favor for a number of very good reasons. First, it remains a serious security concern. Second, around five years ago, Adobe announced that Flash would not be available for mobile devices, which is where Internet users were headed. And third, HTML5 emerged in 2014 as an adequate replacement for Flash as a development platform for multimedia applications such as animation and games.To read this article in full or to leave a comment, please click here | |||
|
2016-12-04 09:35:00 | Pastor: Toyota salesman stole wife\'s nude photos from phone, sent pics to swingers\' site (lien direct) | Have you ever handed your phone over to someone you didn't know so that he or she could verify data you have saved in an app? A minister and his wife did and their story is a disturbing cautionary tale as to why you shouldn't hand your phone over to anyone.The following information comes from a lawsuit (pdf) against Toyota and a specific dealership as well as a Dallas Morning News report.Pastor Tim Gautreaux and his wife, Claire, were interested in buying a Prius from Texas Toyota of Grapevine. They had taken the dealership's advice and used an app to get pre-approved for financing via Capital One Financial Corporation. An internet car salesman claimed he needed to show the pre-approved financing information in the app to his manager. The pastor unlocked his phone and handed it over.To read this article in full or to leave a comment, please click here | |||
|
2016-12-02 14:25:47 | Russia claims it foiled a cyber attack from a foreign spy service (lien direct) | The Russian government claims to have foiled a "large-scale" cyber attack from foreign intelligence services meant to destabilize the country's financial system.The government's Federal Security Service made the statement on Friday without blaming a specific country, but said the attack was meant to be carried out on Dec. 5 against a number of major Russian banks.The hack would have also included the use of social media and SMS text messages to circulate posts claiming a crisis in Russia's financial system. Several dozen cities in the country had been targeted, the Federal Security Service claimed, stating it had already neutralized the threat.To read this article in full or to leave a comment, please click here | |||
|
2016-12-02 11:51:00 | The NSA and Skilz: Turning spying on you into a video game (lien direct) | What could possibly be creepier than a government organization (such as the NSA) having nearly unlimited access to your private, personal information (including access to your webcam)? Turns out, the answer is: when it gets turned into a video game. And it appears, they have done this. On Dec. 1, 2016, Wikileaks released a collection of documents relating to the German parliament inquiry of the cooperation between the German foreign intelligence agency (the BND) and the United States' NSA. One particular document (pdf) within that collection caught my attention. It appears to be a report from an official at the European Cryptologic Center (ECC) from April 13, 2012, detailing how they can improve usage of Xkeyscore (XKS) to collect information about people. To read this article in full or to leave a comment, please click here | |||
|
2016-12-02 11:09:00 | IDG Contributor Network: Solution to JIT-ROP cyber attacks: Scramble code quickly (lien direct) | A new software development technique promises to end destructive exploits from hackers. The concept is to continually, and repeatedly, rearrange the program's code while it's running-and do it very quickly. Doing that shuts down the hacker's “window of opportunity†because he doesn't know where to find bugs to hit with his poisonous attack. The scrambling occurs over milliseconds.Code reuse attacks are the kind of harmful exploits that can be stopped dead in their tracks, researchers say in an article on Columbia University's website.To read this article in full or to leave a comment, please click here | |||
|
2016-12-02 10:23:34 | Researchers find a way bypass the iOS activation lock (lien direct) | Two researchers claim to have found a way to bypass the activation lock feature in iOS that's supposed to prevent anyone from using an iPhone or iPad marked as lost by its owner.The first report came Sunday from an Indian security researcher named Hemanth Joseph, who started investigating possible bypasses after being confronted with a locked iPad he acquired from eBay.The activation lock gets enabled automatically when users turn on the Find My iPhone feature via iCloud. It links the device to their Apple IDs and prevents anyone else from accessing the device without entering the associated password.One of the few things allowed from the activation lock screen is connecting the device to a Wi-Fi network, including manually configuring one. Hemanth had the idea of trying to crash the service that enforces the lock screen by entering very long strings of characters in the WPA2-Enterprise username and password fields.To read this article in full or to leave a comment, please click here | |||
|
2016-12-02 08:44:42 | Remote management app exposes millions of Android users to hacking (lien direct) | Poor implementation of encryption in a popular Android remote management application exposes millions of users to data theft and remote code execution attacks.According to researchers from mobile security firm Zimperium, the AirDroid screen sharing and remote control application sends authentication information encrypted with a hard-coded key. This information could allow man-in-the-middle attackers to push out malicious AirDroid add-on updates, which would then gain the permissions of the app itself.AirDroid has access to a device's contacts, location information, text messages, photos, call logs, dialer, camera, microphone and the contents of the SD card. It can also perform in-app purchases, change system settings, disable the screen lock, change network connectivity and much more.To read this article in full or to leave a comment, please click here | |||
|
2016-12-02 08:10:00 | Trump cybersecurity dos and don\'ts (lien direct) | President-elect Donald Trump ran a campaign focused on national security and making America great again through economic reform. Clearly both goals should include policies and programs to bolster the nation's cybersecurity capabilities. This shouldn't be an abstract concept to Mr. Trump after an election cycle featuring Russian hacks and WikiLeaks posts. To reinforce this priority, it is also worth noting that in a pre-election survey by ESG research, 49 percent of cybersecurity professionals said cybersecurity is a critical issue and should be the top national security priority for the next President, while 45 percent said cybersecurity is a very important issue and should be one of the top national security priorities for the next President. If those citizens on the front line see cybersecurity as a major priority, this should speak volumes to the President-elect. To read this article in full or to leave a comment, please click here | |||
|
2016-12-02 07:42:00 | \'Distributed guessing\' attack lets hackers verify Visa card details (lien direct) | Add credit card fraud to the list of things that distributed processing can speed up. An e-commerce site will typically block a credit card number after 10 or 20 failed attempts to enter the corresponding expiry date and CVV (card verification value), making life difficult for fraudsters who don't have a full set of credentials. But there are plenty of e-commerce sites out there, and it's possible to obtain missing account details by submitting slightly different payment requests to hundreds of them in parallel. It takes less than six seconds to perform the "distributed guessing attack," according to the researchers at Newcastle University in the U.K. who figured out how to do it.To read this article in full or to leave a comment, please click here | |||
|
2016-12-02 05:20:00 | How Windows 10 data collection trades privacy for security (lien direct) | Windows 10's aggressive data-collection capabilities may concern users about corporate spying, but enterprises have control that consumer-edition Windows users do not: Administrators can decide how much information gets sent back to Microsoft.But enterprises need to think twice before turning off Windows telemetry to increase corporate privacy. That's because doing so can decrease the effectiveness of Windows 10's security features.[ InfoWorld's deep look: Why (and how) you should manage Windows 10 PCs like iPhones. | The essentials for Windows 10 installation: Download the Windows 10 Installation Superguide today. ] Microsoft isn't merely hoovering up large amounts of data because it can. The company has repeatedly reiterated its stance that Windows 10 does not collect the user's personal data, but rather anonymized file data that is then used to improve overall user experience and Windows functionality.To read this article in full or to leave a comment, please click here | |||
|
2016-12-01 13:06:11 | Major cybercrime network Avalanche dismantled in global takedown (lien direct) | Law enforcement agencies have dismantled a major cybercriminal network responsible for malware-based attacks that have been harassing victims across the globe for years.The network, called Avalanche, operated as many as 500,000 infected computers on a daily basis and was responsible for delivering malware through phishing email attacks. Avalanche has been active since at least 2009, but on Thursday, authorities in the U.S. and Europe announced they had arrested five suspects allegedly involved with it.Avalanche has been found distributing more 20 different malware families including GozNym, a banking Trojan designed to steal user credentials, and Teslacrypt, a notorious ransomware. Europol estimated the network has caused hundreds of millions of dollars in damages across the world.To read this article in full or to leave a comment, please click here | Tesla | ||
|
2016-12-01 11:34:00 | Best practices for lowering cyber insurance costs and cyber risk (lien direct) | Although vendor-written, this contributed piece does not advocate a position that is particular to the author's employer and has been edited and approved by Network World editors.With cybersecurity threats on the rise, companies are increasingly taking advantage of cybersecurity insurance. And while cyber insurance can be worth it, it'll cost you. Last year, U.S. insurers earned $1B in cyber premiums. Â You can minimize your premiums by showing your insurance company you're actively mitigating cyber risks, which is a win-win: lower your risk and secure a more cost-effective insurance plan.To read this article in full or to leave a comment, please click here | |||
|
2016-12-01 11:12:37 | Data-wiping malware strikes Saudi government agencies (lien direct) | Saudi Arabia's government agencies were hit with a cyberattack that security researchers are blaming on a worm-like malware that can wipe computer systems, destroying data.Several government bodies and vital installations suffered the attack, disrupting their servers, the country's Saudi Press Agency said on Thursday. The transportation sector was among the agencies hit by an actor from outside the country, the press agency said.Security firms say the attack involved malware called Shamoon or Disttrack that was previously found targeting a Saudi Arabian oil company four years ago. That attack disabled 30,000 computers. Â To read this article in full or to leave a comment, please click here | |||
|
2016-12-01 10:43:00 | Who\'s responsible for data compliance? 25% of executives don\'t know (lien direct) | According to the 2016 State of Compliance survey conducted by data management and integration provider Liaison Technologies, one-quarter of top executives are unclear who in their organization is responsible for compliance. And nearly half (47 percent) of respondents to the survey of 479 senior and C-level executives said they don't know which compliance standards apply to their organizations.“As leaders in the compliance domain we thought it was important to share our findings on how U.S. companies perceive their regulatory obligations-and examine ways to help improve their compliance postures,†Hmong Vang, chief trust officer with Liaison, said in a statement. “What we found was rather concerning."To read this article in full or to leave a comment, please click here | Guideline | ||
|
2016-12-01 10:23:00 | AWS tries to protect its customers from DDoS attacks with new service (lien direct) | One of the big stories in security over the past year has been the rise of devastating distributed denial of service (DDoS) attacks that have hit sites and organizations like DNS provider Dyn, the BBCÂ and the website of security journalist Brian Krebs.Amazon Web Services is trying to help protect its customers with a new service aimed at mitigating DDoS impacts. It's called Shield, and the free entry-level tier is enabled by default for all web applications running on AWS, starting on Wednesday.To read this article in full or to leave a comment, please click here | |||
|
2016-12-01 10:00:00 | DARPA gamification plan to get deep-thinkers, game-changers to collaborate (lien direct) | Got innovation?The Defense Advanced Research Projects Agency this week announced a program it hopes will get the world's deep-thinkers to collaborate and explore emerging science and technology for advanced applications.+More on Network World: 20 years ago: Hot sci/tech images from 1996+The agency is proposing an online community known as Gamifying the Search for Strategic Surprise (GS3) that would “apply a unique combination of online game and social media technologies and techniques to engage a large number of experts and deep thinkers in a shared analytic process to rapidly identify, understand, and expand upon the potential implications and applications of emerging science and technology. The program will also develop a mechanism to identify and quickly fund research opportunities that emerge from this collaborative process,†DARPA stated.To read this article in full or to leave a comment, please click here | |||
|
2016-12-01 08:45:00 | IDG Contributor Network: How to architect the network so IoT devices are secure (lien direct) | Just as the internet changed everything, a new revolution known as the Internet of Things (IoT) promises to produce even greater disruption. Â Primarily because IoT sensors will be utilized everywhere-in hospitals to monitor medical devices, in factories to supervise operations, in buildings for controlling temperature and lighting, etc. Â Data from these sensors will be used for operations management, predictive maintenance and much more. Meanwhile, all of these applications are typically integrated with an enterprise's IT infrastructure. As such, they are introducing a variety of new security challenges.+ Also on Network World:Â DDoS attacks using IoT devices follow The Manchurian Candidate model + Just like in current IT environments, there is no security silver bullet that can protect IoT devices from every possible cyber threat.To read this article in full or to leave a comment, please click here | |||
|
2016-12-01 07:52:00 | TopSpin Security deploys realistic deceptions to lure and trap attackers (lien direct) | This column is available in a weekly newsletter called IT Best Practices. Click here to subscribe. Every CISO knows it's not enough to just use prevention tools to try to keep attackers out of the network. CISOs must have the mindset of “they will get in†and plan accordingly with detection tools.According to Gartner, the average time before a breach is detected is more than 200 days, and too often the breach is detected by an outside organization such as a credit card processor or a law enforcement agency. These facts are simply indefensible when a CISO is called before the Board of Directors to discuss preparedness for cyber incidents.To read this article in full or to leave a comment, please click here | |||
|
2016-12-01 07:26:05 | Implantable medical devices can be hacked to harm patients (lien direct) | It's possible to transmit life-threatening signals to implanted medical devices with no prior knowledge of how the devices work, researchers in Belgium and the U.K. have demonstrated.By intercepting and reverse-engineering the signals exchanged between a heart pacemaker-defibrillator and its programmer, the researchers found they could steal patient information, flatten the device's battery, or send malicious messages to the pacemaker. The attacks they developed can be performed from up to five meters away using standard equipment -- but more sophisticated antennas could increase this distance by tens or hundreds of times, they said."The consequences of these attacks can be fatal for patients as these messages can contain commands to deliver a shock or to disable a therapy," the researchers wrote in a new paper examining the security of implantable cardioverter defibrillators (ICDs), which monitor heart rhythm and can deliver either low-power electrical signals to the heart, like a pacemaker, or stronger ones, like a defibrillator, to shock the heart back to a normal rhythm. They will present their findings at the Annual Computer Security Applications Conference (ACSAC) in Los Angeles next week.To read this article in full or to leave a comment, please click here | |||
|
2016-12-01 05:14:00 | Scholars, infosec experts call for action on Russian hacking (lien direct) | In the wake of reports about Russian involvement in fake news and hacks against political targets leading up to the recent presidential election, scholars and security experts are calling for federal action.As of Sunday, 158 scholars have signed an open letter calling for a congressional investigation."Our country needs a thorough, public Congressional investigation into the role that foreign powers played in the months leading up to November," the letter said.Democrats in Congress have also called for an investigation, and were recently joined by Republican Sen. Lindsey Graham.To read this article in full or to leave a comment, please click here | Guideline | ||
|
2016-12-01 05:00:00 | Security Sessions: Lessons learned from the Dyn DNS attacks (lien direct) | In the latest episode of Security Sessions, CSO Editor-in-Chief Joan Goodchild chats with Stephen Boyer, CTO and co-founder of BitSight, about the recent DNS attacks against Dyn, and how CSOs can prepare their systems against future attacks. | |||
|
2016-11-30 14:06:00 | IBM warns of rising VoIP cyber-attacks (lien direct) | Cyber-attacks using the VoIP protocol Session Initiation Protocol (SIP) have been growing this year accounting for over 51% of the security event activity analyzed in the last 12 months, according to a report from IBM's Security Intelligence group this week.“SIP is one of the most commonly used application layer protocols in VoIP technology… we found that there has been an upward trend in attacks targeting the SIP protocol, with the most notable uptick occurring in the second half of 2016,†IBM wrote. “In actual attacks on VoIP communications, we note various types of disruption. Spikes in July and September were mostly the result of specially crafted SIP messages that were terminated incorrectly. Persistent, invalid messages are known to cause vulnerable servers and equipment to fail. The spike in October 2016 was largely influenced by SIP messages with invalid characters in the SIP “To†field. These could be reflective of suspicious activity, necessitating further investigation.â€To read this article in full or to leave a comment, please click here | |||
|
2016-11-30 12:15:00 | 10% off Nest Cam Indoor Security Camera - Deal Alert (lien direct) | Look after your home 24/7 in crisp 1080p HD. With Nest Cam Indoor, you can check in, even when you're out, and even at night with its built-in high-quality night vision. Nest Cam features a versatile magnetic stand that lets you put it anywhere. See who's there, listen in and speak up to get their attention. With Nest Aware, you can get a special alert if Nest Cam sees a person, and save 10 or 30 days of continuous video history in the cloud. Then speed through it in seconds and quickly find the moment you're looking for in Sightline. Nest's indoor camera is a best-seller on Amazon with 4 out of 5 stars from over 4,300 people (read reviews). Its typical list price of $199 has been reduced 10% to $179.97 on Amazon.To read this article in full or to leave a comment, please click here | |||
|
2016-11-30 09:53:14 | Android malware steals access to more than 1 million Google accounts (lien direct) | A new Android malware has managed to steal access to more than 1 million Google accounts, and it continues to infect new devices, according to security firm Checkpoint.“We believe that it is the largest Google account breach to date,†the security firm said in Wednesday blog post.The malware, called Gooligan, has been preying on devices running older versions of Android, from 4.1 to 5.1, which are still used widely, especially in Asia.Gooligan masquerades as legitimate-looking Android apps. Checkpoint has found 86 titles, many of which are offered on third-party app stores, that contain the malicious coding.To read this article in full or to leave a comment, please click here | |||
|
2016-11-30 09:44:16 | Senators fail to stop new rules allowing US law-enforcement hacking (lien direct) | Three senators' efforts to stop a major expansion of U.S. law enforcement agencies' hacking powers has failed for now.Proposed changes to Rule 41, the search-and-seizure provision in the Federal Rules of Criminal Procedure, will go into effect Thursday barring any last-minute action in Congress. The rules change will give U.S. law enforcement agencies the authority to cross jurisdictional lines and hack computers anywhere in the world during criminal investigations. Until now, the rules, in most cases, prohibited federal judges from issuing a search warrant outside their jurisdictions. To read this article in full or to leave a comment, please click here | |||
|
2016-11-30 09:42:00 | What\'s in store for tech in 2017 (lien direct) | Top tech predictions for 2017 It's the time of year for tech predictions. We've rounded up a slew of ideas from industry watchers who track IT budgets, cybersecurity, hiring, infrastructure management, IoT, virtual reality and more. Here are their predictions, projections and prognostications.IT spending set to rise 2.9% Growth in software and IT services revenue will drive an increase in worldwide IT spending, which Gartner forecasts will climb 2.9% to $3.5 trillion in 2017. Software spending is projected to grow 6% in 2016, and it will grow another 7.2% in 2017 to total $357 billion, according to Gartner. IT services spending, which is on pace to grow 3.9% in 2016, will increase 4.8% in 2017 to reach $943 billion.To read this article in full or to leave a comment, please click here |
|||
|
2016-11-30 09:33:00 | Security products among the most vulnerable software (lien direct) | Why do you spend the big bucks for security products? For protection, right? But many of the top security vendors utilize open-source or third-party components and libraries that are seemingly packed with vulnerabilities.While this is something you already know, a new report found that security products are some of the most vulnerable software. Flexera Software, which acquired Secunia in 2015, noted that between August and October of 2016, 46 products made it to the top 20 most vulnerable products. Eleven of those software products overflowing with vulnerabilities were security-related products.To read this article in full or to leave a comment, please click here | |||
|
2016-11-30 06:40:00 | Who\'s on your IT security dream team? (lien direct) | Getting the gang together Image by ThinkstockLast month, I presented you a chamber of horrors-the worst people you meet doing IT security, many of them your friends and, sadly, co-workers. But I don't like to dwell on the negative! So I asked a slew of IT pros about the best people, the ones they want on their side when facing down the toughest security challenges. There are a number of important roles to fill, and I'm not just talking about job titles: I mean attitudes, and abilities that verge on superpowers. IT security is a team sport, so who do you want on your team?To read this article in full or to leave a comment, please click here |
Guideline | ||
|
2016-11-30 06:39:00 | 8 tech startup trends to watch in 2017 (lien direct) | According to a set of intelligent humans interviewed for this story, artificial intelligence (AI) and machine learning are going to help drive the tech economy in 2017.When CIO.com posted a query on Help a Reporter Out, a site designed to help journalists connect with sources, asking about startup trends to watch in 2017, the overwhelming majority of respondents pointed to AI. This coming year and beyond, AI will help companies "disrupt sectors that haven't been fully disrupted," says Anthony Glomski, principal of AG Asset Advisory, a financial advisory firm. "AI is in its beginning stages with massive potential impact."To read this article in full or to leave a comment, please click here | |||
|
2016-11-30 06:36:00 | 2017 security predictions (lien direct) | From W-2 scams to WordPress vulnerabilities, ransomware, business email compromises, DDos attacks and allegations of a hacked presidential election -- 2016's been a hell of a year in cybersecurity, and it's not over yet.There's no reason to believe 2017 will be any better. If anything, it could be even worse as cybercriminals continue to push social engineering, find new ways to deliver malware, crack vulnerable databases and leverage mobile technology to find ways to get inside corporate defenses and target individuals.To read this article in full or to leave a comment, please click here | |||
|
2016-11-30 06:31:00 | Report: Most cybercriminals earn $1,000 to $3,000 a month (lien direct) | Most cybercriminals make between $1,000 and $3,000 a month, but 20 percent earn $20,000 a month or more, according to a recent report.The data is based on a survey conducted by a closed underground community, said report author Andrei Barysevich, director of advanced collection at cybersecurity firm Recorded Future."We actually saw criminals who made way more than that, $50,000 to $200,000 a month," he said. "This is what they keep, this is not revenues, but pure profit. This is what they can spend on loose women, fast cars and nice clothes."To read this article in full or to leave a comment, please click here | |||
|
2016-11-30 06:27:00 | SIEMs-as-a-service addresses needs of small, midsize enterprises (lien direct) | The city of Lewiston, in north central Idaho, has a population of around 32,000 and an information systems budget of around $800,000 a year.But it wasn't too small for attackers. For example, the city council meetings, streamed online, were being watched by people in Russia."Why are they watching this?" said Danny Santiago, the city's information systems administrator.Then there were the phishing attempts."We are negotiating a $2 million contract for road work, and we had spearphishing attacks," he said. "Luckily it's a small town, and everyone knows everyone, so people called us."To read this article in full or to leave a comment, please click here | |||
|
2016-11-30 06:24:00 | HPE rolls out products to enable IoT adoption (lien direct) | Hewlett Packard Enterprise on Wednesday announced several software and hardware products to more securely manage the exploding universe of Internet of Things devices.October's Mirai botnet attack on unsecured IoT devices, which halted widespread access to dozens of popular internet sites, dramatizes the value of more comprehensive management and control of IoT, HPE executives said in interviews.Some of HPE's new products are intended for use by virtual cellular network providers, while others are for small and medium-sized enterprises to use in managing their local area network (LAN) operations.To read this article in full or to leave a comment, please click here | |||
|
2016-11-30 05:00:00 | IDG Contributor Network: SecureAuth introduces another take on multi-factor authentication (lien direct) | SecureAuth is in the business of adaptive access control. What that means in plain (or at least more plain) English is that the company offers security solutions that balance strength with ease of use and that adapt to different use cases.An example of adaptive access control might be requiring a simple username and password for regular access, but requiring a higher level of authentication when the user (for example) logs in from another geography.+ Also on Network World:Â 5 trends shaking up multi-factor authentication + As data breaches have gained massive prominence in recent years, due in part to some celebrities' dual proclivities for poor password control and a penchant for naked selfies, the public has become increasingly aware of multi-factor authentication (MFA) a process that requires a subsequent authentication entry beyond simply username and password.To read this article in full or to leave a comment, please click here |
To see everything:
Our RSS (filtrered)
