What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2016-11-30 04:00:00 | IDG Contributor Network: 8 security tips for retailers and consumers this holiday season (lien direct) | It's the time of year for holiday cheer. Hot chocolate, cookies, presents and other festivities abound. Shops dress up their windows in exotic displays, and festive lights can be seen everywhere. Yes, it's the time of year when everything is grander and everyone seems happier.But it's not always sunshine and roses during the holiday season. Trouble often lurks in the shadows-preying on both retailers and consumers. Criminals take advantage of the spike in spending, and use the opportunity to hide in the crowds and undertake fraud of various kinds.+ Also on Network World:Â Flash mobs the latest threat this holiday season + Financial fraud is the one that comes to mind first, but identity theft, impersonation and theft of items, among others, are all common. On top of that, every year cyber attackers improve on their techniques to steal information, money and goods.To read this article in full or to leave a comment, please click here | |||
|
2016-11-30 02:05:53 | Study warns of human rights risks from censoring online terror content (lien direct) | Internet companies should not be required to monitor third-party terrorist content that they host or transmit, nor should they face direct or indirect liability from governments for such content, according to a new study. The Global Network Initiative, a group that represents academics, investors, civil society organizations and companies including Facebook, Google and Microsoft, published its study Tuesday. It's the offshoot of a policy discussion it started in July 2015, exploring key issues such as the human rights implications of government efforts to restrict online content with the aim of protecting public safety.To read this article in full or to leave a comment, please click here | |||
|
2016-11-29 23:12:48 | Wisconsin recount over suspected hacking will not be by hand (lien direct) | A judge in Wisconsin has refused to order a recount by hand of ballots cast in the state for the U.S. presidential elections, shooting down a petition by Green Party candidate Jill Stein that the use of automatic tabulating equipment, identified as potential targets of foreign government agents, “risks tainting the recount process.â€The Wisconsin Elections Commission decided Friday to recount the votes in the state, after concerns were raised that the voting systems can be hacked. Democratic party candidate Hillary Clinton also backed the recount, including the hand count.To read this article in full or to leave a comment, please click here | |||
|
2016-11-29 16:28:02 | The new Mirai strain has gone far beyond Deutsche Telekom (lien direct) | The latest strain of Mirai, the malware that's been infecting internet routers from Germany's Deutsche Telekom, has spread to devices in at least 10 other countries, according to security firm Flashpoint.The company has detected the new Mirai strain infecting internet routers and modems across the globe, including in the U.K., Brazil, Iran and Thailand.It's still unclear how many devices have been infected, but Flashpoint estimates that as many as five million devices are vulnerable. “If even a fraction of these vulnerable devices were compromised, they would add considerable power to an existing botnet,†Flashpoint said in a Tuesday blog post.To read this article in full or to leave a comment, please click here | |||
|
2016-11-29 12:14:00 | Isolation technologies create an “air gap†to eliminate the risk of malware (lien direct) | This vendor-written tech primer has been edited by Network World to eliminate product promotion, but readers should note it will likely favor the submitter's approach.Like the threat landscape itself, web gateways have changed over the years. Back in the 1990s, organizations primarily used them to prevent employees from wasting time surfing the web – or worse, from visiting gambling, adult and other unauthorized websites. Today web gateways do much more than enforce regulatory compliance and HR policies. Whether they are implemented on-premise or as cloud-based services, organizations rely on web gateways to thwart Internet-borne threats delivered through users' browsers.To read this article in full or to leave a comment, please click here | |||
|
2016-11-29 11:21:00 | DARPA building space consortium to set standards for safe robotic maneuvers (lien direct) | DARPA next month will talk about a proposed consortium of industry players that will research, develop, and publish standards for safe commercial robotic servicing operations in Earth's orbit.Specifically, DARPA said it wants to create the Consortium for Execution of Rendezvous and Servicing Operations or CONFERS that looks to establish a forum that would use best practices from government and industry to research, develop and publish non-binding, consensus-derived technical and safety standards for on-orbit servicing operations. In doing so, the program would provide a clear technical basis for definitions and expectations of responsible behavior in outer space. In the end the ultimate goal is to provide the technical foundation to shape safe and responsible commercial space operations to preserve the safety of the global commons of space, DARPA stated.To read this article in full or to leave a comment, please click here | |||
|
2016-11-29 09:22:48 | UK\'s internet surveillance law receives royal approval (lien direct) | Britons hoping that a quaint historical tradition might stop a Draconian internet surveillance law in its tracks were disappointed on Tuesday morning, when the Queen gave her approval to the Investigatory Powers Act 2016.In theory, the Queen has the power of veto over all U.K. legislation as bills do not become law until they receive royal assent.In practice, though, it's just a formality: no reigning British monarch has rejected a piece of legislation since 1707. Besides, given the post-Brexit backlash against anyone than Parliament deciding British law, it would have been a daring move for a hereditary head of state.To read this article in full or to leave a comment, please click here | |||
|
2016-11-29 08:31:00 | Goodbye SIEM, hello SOAPA (lien direct) | Security Information and Event Management (SIEM) systems have been around for a dozen years or so. During that timeframe, SIEMs evolved from perimeter security event correlation tools to GRC platforms to security analytics systems. Early vendors such as eSecurity, GuardedNet, Intellitactics and NetForensics are distant memories. Today's SIEM market is now dominated by a few leaders: LogRhythm, McAfee (aka: Nitro Security), HP (aka: ArcSight), IBM (aka: QRadar) and Splunk.Of course, there is a community of innovative upstarts that believe SIEM is a legacy technology. They proclaim that log management and event correlation can't keep up with the pace of cybersecurity today, thus you need new technologies such as artificial intelligence, machine learning algorithms and neural networks to consume, process, and analyze security data in real time. To read this article in full or to leave a comment, please click here | Guideline | ||
|
2016-11-29 07:53:51 | Senators plan last-ditch push to curb US law-enforcement hacking power (lien direct) | Unless Congress takes 11th-hour action, the FBI and other law enforcement agencies will gain new authority this week to hack into remote computers during criminal investigations.Proposed changes to Rule 41, the search and seizure provision in the Federal Rules of Criminal Procedure, would give U.S. law enforcement agencies the authority to cross jurisdictional lines and hack computers anywhere in the world during criminal investigations.The rules, in most cases, now prohibit federal judges from issuing a search warrant outside their jurisdictions. The changes, approved by the U.S. Supreme Court in April at the request of the Department of Justice, go into effect on Thursday unless Congress moves to reverse them.To read this article in full or to leave a comment, please click here | |||
|
2016-11-29 07:03:00 | Amazon employee jumped from building after sending email to co-workers and CEO (lien direct) |
An Amazon employee sent out an email to “hundreds†of his co-workers and even Amazon top dog CEO Jeff Bezos. Then he went to the roof of the building and jumped in what appears to be an attempted suicide.A spokesperson for the Seattle Fire Department told SeattlePI that a man did jump from the “rooftop at an Amazon building at Ninth Avenue North and Thomas Street.â€ Google
Amazon Apollo Building as seen via Google Maps.To read this article in full or to leave a comment, please click here |
|||
|
2016-11-29 05:33:00 | Should InfoSec hire from other industries? (lien direct) | The InfoSec market is predicted to grow from $75 billion in 2015 to $170 billion by 2020, but – like any child star – it finds itself struggling with growing pains.An evolving threat landscape, cyber-crime-as-a-service and cyber espionage are the biggest problems for CISOs and law enforcers today, not to mention the record number of data breaches, but there is a bigger, arguably more basic, problem that stunts the market.Information security has long been suffering from a well-advertised skills gap problem. It's well cited that (ISC)² says that there will be a shortage of 2 million professionals by 2020, with Cisco putting the current global shortage at closer to 1 million. According to 2015 analysis from Bureau of Labor Statistics by Peninsula Press, more than 209,000 cybersecurity jobs in the U.S. are currently unfilled.To read this article in full or to leave a comment, please click here | |||
|
2016-11-29 04:30:00 | 2016: A systems security disaster (lien direct) | This will likely make you angry. It made me livid. It's a report, 34 pages long, from the Identity Theft Resource Center of the known systems breaches just this year. Read it and rage. It does not include the San Francisco Metro Transit Authority (SFMTA) hack from Thanksgiving weekend, where the SFMTA had to let passengers go free through the gates. To read this article in full or to leave a comment, please click here | |||
|
2016-11-28 22:49:55 | San Francisco Muni says server data not accessed in ransomware hit (lien direct) | The San Francisco Municipal Transportation Agency said late Monday that no data had been accessed from its servers in a ransomware attack on the Muni transit system and the agency has never considered paying the ransom asked by the attacker.The statement by the SFMTA follows reports that the alleged attacker has threatened to dump 30GB of data stolen from the agency, if the ransom of the equivalent of about $73,000 in bitcoin was not paid.“The SFMTA network was not breached from the outside, nor did hackers gain entry through our firewalls,†the agency's spokeswoman Kristen Holland wrote in a blog post. She did not mention how the ransomware had got to the SFMTA systems, though there is the possibility that it may have been activated through a link in an email or a web link by an unsuspecting insider.To read this article in full or to leave a comment, please click here | |||
|
2016-11-28 12:18:51 | Upgraded Mirai botnet disrupts Deutsche Telekom by infecting routers (lien direct) | A new version of Mirai -- a malware that's been enslaving poorly secured IoT devices -- has found a new victim: vulnerable internet routers from Germany's Deutsche Telekom.The spread of the new strain of Mirai has caused internet connection problems for close to a million Deutsche Telekom customers, the company reported on Monday.   Deutsche Telekom blamed the disruption on the notorious malware, which has already been found infecting more than 500,000 internet connected devices, including DVRs and surveillance cameras.To read this article in full or to leave a comment, please click here | |||
|
2016-11-28 12:11:00 | Spaceflight training jets, balloons create challenges for FAA (lien direct) | As the commercial space flight industry grows, the need for proper training and certification of support personnel and aircraft – which can include all manner of high-performance jets, balloons and hybrid jet/rocket systems – is going to be regulatory challenge for the Federal Aviation Administration.A recent report from the Government Accountability Office said companies they interviewed had received standard aircraft certification for their space support vehicle, but for others the standard certification process is lengthy and not designed for the type of vehicles they would like to use, such as unique, single-production aircraft or retired military jets.To read this article in full or to leave a comment, please click here | |||
|
2016-11-28 11:38:00 | Google security expert says antivirus apps don\'t work (lien direct) | A senior security engineer at Google told a hacker conference that traditional antivirus apps that use intrusion detection are useless and companies should switch to meaningful methods such as whitelisting applications. At Kiwicon X, the New Zealand equivalent of the Black Hat conference held in the United States, Darren Bilby called many existing tools ineffective "magic" that engineers are forced to install for the sake of compliance but at the expense of real security. "Please no more magic," he said, according to The Register. "We need to stop investing in those things we have shown do not work." To read this article in full or to leave a comment, please click here | Guideline | ||
|
2016-11-28 11:21:00 | Feds provide legal loophole to hacking IoT devices (lien direct) | It was an especially happy Thanksgiving for security researchers, thanks to what they have called long-overdue exemptions to the Digital Millennium Copyright Act (DMCA).Those exemptions, which took effect Oct. 28, provide a two-year window allowing “good-faith†researchers to break into the software that controls most consumer and commercial Internet of Things (IoT) devices – those used in everything from “smart†homes to smartphones, cars, medical devices, voting machines and more – without violating copyright laws.To read this article in full or to leave a comment, please click here | |||
|
2016-11-28 09:07:00 | Researchers exploit app flaw and steal a Tesla Model S (lien direct) | In September, Chinese researchers from Keen Security Lab showed how a Tesla Model S could be remotely hacked while it was being driven. The hack demonstrated by Promon, a Norwegian security company, provided “additional functionality†for cyber thugs to control the vehicle, including enabling “keyless driving functionality,†which could allow a crook to drive away with a Tesla without have a key fob present.To read this article in full or to leave a comment, please click here | Tesla | ||
|
2016-11-28 08:30:31 | One million broadband offline in Germany; \'external influence\' blamed (lien direct) | Almost one million Deutsche Telekom customers have been struggling to get online since Sunday afternoon.There's nothing wrong with the network, the company said, advising customers having trouble connecting to the internet to turn their router off and on again in the hope of solving the problem.Around 900,000 lines were initially hit by the connection problem, although the number affected is falling, Deutsche Telekom said Monday. But that number may be an underestimate: Since some of the affected routers also provide subscribers with telephone service, customers may have no way of letting the company know they are having difficulties.The cause of the outage is unknown, with those affected living in different areas and using different routers models, the comapany said. It dismissed suggestions that the problem was worse in congested areas.To read this article in full or to leave a comment, please click here | |||
|
2016-11-28 06:29:00 | Best practices to fight corporate security risks (lien direct) | Best practices Image by PexelsToday, security education may be part of an organization's onboarding process, but while many people know not to open an email from an unidentified source, or even those from a friend or coworker that have uncharacteristic links or text, individuals inevitably still do.To read this article in full or to leave a comment, please click here |
|||
|
2016-11-28 06:23:00 | Security budgets continue to grow, but is it enough? (lien direct) | Cybersecurity is an increasing concern in the enterprise as the number of high-profile breaches reported only grow each year. In 2015, there were a reported 781 data breaches in the U.S., making it the second highest year for security threats, according to data from the ISACA. And 40 percent of those data breaches happened in the business sector.So it's no surprise that Business Insider Intelligence reports an estimated $655 billion will be invested in cybersecurity initiatives between 2015 and 2020. However, in 2015, worldwide cybersecurity spending reached only $75.4 billion, according to Gartner, jumping to an estimated $2.77 trillion in 2016. Those numbers suggest that businesses are only just catching on to the importance of cybersecurity in the workplace, but are they too late?To read this article in full or to leave a comment, please click here | |||
|
2016-11-28 06:19:00 | Retailers get an IoT wake-up call (lien direct) | The DDoS attack against Dyn on Oct. 21 may not have been anything new or sophisticated to those steeped in cybersecurity, but it should serve as a significant wake-up call to retailers this holiday season and beyond, say experts. The hack - which led to vast consumer trouble loading major websites such as Etsy, AirBnB, Netflix and Twitter - was particularly notable because it appears to have relied on infecting internet of things (IoT) devices such as cameras, monitors and routers with software meant to flood targets with overwhelming traffic.[ Related: DDoS attack shows dangers of IoT 'running rampant' ]To read this article in full or to leave a comment, please click here | |||
|
2016-11-28 06:07:00 | Advice for evading ATM skimmers (lien direct) | I cannot use an ATM these days without wondering if I am getting ripped off by a stealthy skimming device that has been placed inside the machine's card slot. One reason for my concern is that for years now I have been reading with great interest a series of articles on the subject by security expert Brian Krebs, who posted another one just yesterday.This piece includes a couple of videos showing exactly how scammers insert and remove the skimmers from an ATM, as well as practical advice you can use to thwart those efforts:To read this article in full or to leave a comment, please click here | |||
|
2016-11-28 06:00:00 | How to protect the C-suite from spear phishing (lien direct) | CSO Editor-in-Chief Joan Goodchild sits down with Kevin O'Brien, founder and CEO of GreatHorn, to discuss ways that security leaders can fend off spear phishing attempts aimed at the executives at their companies. | Guideline | ||
|
2016-11-28 04:30:00 | IDG Contributor Network: Information security priorities for Trump\'s administration (lien direct) | Cybersecurity needs to be a top priority for the administration of Donald Trump. The first task should be shoring up government IT systems. As recent attacks have shown, adversaries aren't afraid to go after political organizations. There's no reason to suspect they won't continue to target political entities such as the Democratic National Committee or step up attacks on government agencies.Emphasize that information security applies to all agencies Ideally, a cabinet meeting for all new secretaries should be held within three months of the inauguration to underscore that information security is essential for all agencies to complete their missions. Even secretaries whose agencies are not typically associated with either information security or IT need to be included.To read this article in full or to leave a comment, please click here | |||
|
2016-11-28 03:20:00 | IDG Contributor Network: Has IT become too complex to manage? (lien direct) | In the late 1990s, I was responsible for technical operations for a large healthcare organization. We supported more than 5,000 users across 50 locations and supported three distinct lines of business. We were a very progressive organization at the leading edge of technology innovation in healthcare. It was not a simple operation. Well, at least not for 1997. When I compare that environment to what IT leaders face today, however, a shudder of relief washes over me. There is no point in whitewashing this: Managing the function of IT in my day was child's play compared to the incredible diversity of challenges facing the modern IT leader. Is it so complex, in fact, that it cannot truly be managed?To read this article in full or to leave a comment, please click here | Guideline | ||
|
2016-11-28 03:17:45 | Japanese government denies report that its defense forces were hacked (lien direct) | Japanese government officials have denied reports that a secure network used by the country's defense forces was attacked earlier this year.An attacker was able to break into the Ground Self-Defense Force's computer systems, sources at the Japanese Ministry of Defense told Kyodo News on Sunday. The ministry and the Self-Defense Forces discovered the attack in September, said the report, which was also relayed by The Japan Times.Kyodo's sources said the hack was believed to be the work of a nation state, and that information may have been leaked in the attack.To read this article in full or to leave a comment, please click here | |||
|
2016-11-28 02:49:00 | (Déjà vu) New products of the week 11.28.16 (lien direct) | New products of the week Image by CAOur roundup of intriguing new products. Read how to submit an entry to Network World's products of the week slideshow.CSTAR for Google Chrome Image by UpGuard To read this article in full or to leave a comment, please click here |
|||
|
2016-11-27 23:36:42 | San Francisco\'s Muni transit system reportedly hit by ransomware (lien direct) | San Francisco's Muni transit system was reportedly hit by ransomware since Friday, leading to the message “You Hacked, ALL Data Encrypted†being displayed on the computer screens at stations, according to newspaper reports.The message asked that cryptom27 at yandex.com should be contacted for the key to unlock the data.Fare payment machines at stations also displayed that they were “out of service,†and San Francisco's Municipal Railway, widely known as Muni, was allowing free rides on its light-rail vehicles as it was unable to charge customers, according to the Examiner.To read this article in full or to leave a comment, please click here | Guideline | ||
|
2016-11-27 08:50:00 | Trump Tower changed to Dump Tower on Google Maps (lien direct) | The world became a slightly better place when Fidel Castro died. Unlike President Obama who said, “History will record and judge the enormous impact of this singular figure on the people and world around him,†President-elect Donald Trump bluntly called Catro a “brutal dictator†whose “legacy is one of firing squads, theft, unimaginable suffering, poverty and the denial of fundamental human rights.â€Some unknown person with an internet connection also attempted to be blunt, expressing his or her opinion of Donald Trump via Google Maps; the President-elect's transition headquarters was renamed to the Dump Tower on Google Maps.To read this article in full or to leave a comment, please click here | |||
|
2016-11-27 05:54:00 | Amazon Cyber Monday 2016 sales: Ready, Set... (lien direct) | Amazon has kicked off Cyber Monday 2016 with a slew of sales this coming week on its own products, such as the Echo and Fire tablets, as well as on items from others, ranging from Exploding Kittens card sets to Nest thermostats.(Black Friday & Cyber Monday watchers such as BFads and Best Black Friday have been a big help in keeping tabs on deals.)To read this article in full or to leave a comment, please click here | |||
|
2016-11-25 21:56:47 | Wisconsin to recount US presidential election vote after hack concerns (lien direct) | The Wisconsin Elections Commission has decided to recount the votes in the state in the last U.S. presidential elections, after concerns were raised that the voting systems can be hacked.The recount, which was requested by Jill Stein, candidate of the Green Party for the U.S. presidential election, and Rocky Roque De La Fuente, another candidate, is expected to begin late next week, the Elections Commission said.“The Commission is preparing to move forward with a statewide recount of votes for President of the United States, as requested by these candidates,†administrator Michael Haas said in a statement Friday.Citing the hack of the Democratic National Committee of the Democratic Party in the run-up to the election and reports of breaches of voter registration databases in at least two states, Stein in her petition for recount wrote that Wisconsin uses both the optical scan and direct-recording electronic types of electronic voting machines, which are both susceptible to compromise.To read this article in full or to leave a comment, please click here | |||
|
2016-11-25 05:00:10 | Will AI usher in a new era of hacking? (lien direct) | It may take several years or even decades, but hackers won't necessarily always be human. Artificial intelligence -- a technology that also promises to revolutionize cybersecurity -- could one day become the go-to hacking tool.  Organizers of the Cyber Grand Challenge, a contest sponsored by the U.S. defense agency DARPA, gave a glimpse of the power of AI during their August event. Seven supercomputers battled each other to show that machines can indeed find and patch software vulnerabilities.Theoretically, the technology can be used to perfect any coding, ridding it of exploitable flaws. But what if that power was used for malicious purposes? The future of cyberdefense might also pave the way for a new era of hacking.To read this article in full or to leave a comment, please click here | |||
|
2016-11-25 03:00:00 | Linux hardening: a 15-step checklist for a secure Linux server (lien direct) |
Gus Khawaja
Most people assume Linux is secure, and that's a false assumption. Imagine your laptop is stolen without first being hardened. A thief would probably assume your username is “root†and your password is “toor†since that's the default password on Kali and most people continue to use it. Do you? I hope not.The negative career implications of choosing not to harden your Kali Linux host are severe, so I'll share the necessary steps to make your Linux host secure, including how I use penetration testing and Kali Linux to get the job done. It's important to note that, while they are many distributions (AKA distros) of Linux and each one differs from the command line perspective, the logic is the same. Use the following tips to harden your own Linux box.To read this article in full or to leave a comment, please click here |
|||
|
2016-11-24 08:55:40 | Britain\'s wartime codebreaking base could host a national cyber security college (lien direct) | Plans are afoot to build the U.K.'s first National College of Cyber Security at Bletchley Park, the birthplace of the country's wartime codebreaking efforts.It was at Bletchley Park that Colossus, the world's first electronic computer, was built during World War II to crack the Lorenz code used by the German high command. Bletchley is also where Alan Turing developed some of his mathematical theories of computing while working on breaking the enigma code.After the war the site fell into disrepair, but parts of it have been restored and now house the U.K.'s National Museum of Computing.To read this article in full or to leave a comment, please click here | |||
|
2016-11-23 08:20:35 | Voting security experts call on Clinton to demand recount (lien direct) | Hillary Clinton, the apparent loser in the recent U.S. presidential race, should ask for voting recounts in three states, a group of voting security experts and election lawyers have said, and new results could swing the outcome of the election.There are outstanding questions about voting results in Pennsylvania, Wisconsin, and Michigan, where the initial counts have Clinton losing by 1.2 percent or less, the group has told her campaign.The group has so far given no concrete evidence of voting irregularities but is planning to release a report. One news report suggested significant differences in the margins of victory for Trump in Wisconsin in counties using electronic voting machines, compared to counties using paper ballots, but the group has not confirmed those concerns.To read this article in full or to leave a comment, please click here | |||
|
2016-11-23 05:23:00 | U.S. says cybersecurity skills shortage is a myth (lien direct) | The U.S. government has released what it claims is myth-busting data about the shortage of cybersecurity professionals. The data points to its own hiring experience.In October 2015, the U.S. launched a plan to hire 6,500 people with cybersecurity skills by January 2017, according to White House officials. It had hired 3,000 by the first half of this year. As part the ongoing hiring effort, it held a job fair in July.At the Department of Homeland Security (DHS), "We set out to dispel certain myths regarding cybersecurity hiring," wrote Angela Bailey, chief human capital officer at DHS in a blog post Monday.To read this article in full or to leave a comment, please click here | |||
|
2016-11-23 04:46:20 | Make companies pay full cost of breaches to restore trust in the internet, says ISOC (lien direct) | Fake news, online banking thefts and data breaches: It's no wonder that trust in the internet is at an all-time low. But don't worry: The Internet Society has a five-step plan for restoring faith in the network of networks.The first step is to put users first, according to ISOC, which published its 2016 Global Internet Report on Thursday. That involves being more transparent (step two) about risk and the incidence of data breaches and prioritizing data security (step three) to ensure breaches don't happen.ISOC isn't just a talking shop, it is also the organizational home of the Internet Engineering Task Force (IETF), source of many of the protocols and standards on which the internet relies. That adds weight to the more detailed recommendations on how to prioritize security contained in the ISOC report.To read this article in full or to leave a comment, please click here | |||
|
2016-11-22 17:39:04 | How to make home IoT more secure: Assume the worst (lien direct) | Sometimes the truth hurts but you just have to face it. The internet advisory group BITAG lays it on the line for the IoT industry in a new report: No, consumers aren't going to update the software on their devices.“It is safe to assume that most end users will never take action on their own to update software,†the Broadband Internet Technology Advisory Group said. Its recommendation: Build in mechanisms for automatic, secure updates.That bit of human nature is just one of the harsh realities BITAG acknowledges in the report, which came out on Tuesday. It also points out that some consumer IoT devices ship with weak built-in usernames and passwords like “admin†and “password,†can't do authentication or encryption, or can easily be taken over by malware that turns them into bots.To read this article in full or to leave a comment, please click here | |||
|
2016-11-22 14:14:00 | 12 tips for safer Black Friday and Cyber Monday shopping (lien direct) | During Black Friday and Cyber Monday 2016, consumers should watch out for scams that come through spam, insecure public networks and apps that might seem legitimate but could be taking over your phones and computers, experts say.+ RELATED: How to dodge Black Friday schemes +Here are a dozen steps you can take to avoid becoming a victim. Only download or buy apps from legitimate app stores. Suspect apps that ask for too many permissions. Check out the reputation of apps and particularly the app publisher. Only enter credit card info on secure shopping portals. Avoid using simple passwords, and use two-factor authentication if you can. Be alert for poisoned search results when using search engines to find products. Don't install software that sites require before you can shop. Don't use free pubic Wi-Fi to make purchases. Be suspicious of great deals you learn about via social media or emails and don't click the links. Turn off location services while shopping to minimize the potential personal data that could be compromised. Make sure the connection to e-commerce sites is secured (HTTPS). Double check the validity of the SSL certificate for the site. To read this article in full or to leave a comment, please click here | |||
|
2016-11-22 14:12:00 | How to dodge Black Friday and Cyber Monday shopping hackers (lien direct) | Hackers are writing apps, setting up phony Wi-Fi networks and unleashing malware in attempts to turn legitimate Black Friday 2016 and Cyber Monday retailing into profits for themselves, according to security experts.Bad actors are stealing personal information like passwords and credit card numbers, compromising computers and phones, and blackmailing retailers with hopes of lining their pockets, researchers say.For example, researchers at RiskIQ found frequent cases of criminals linking the names of legitimate brands to sketchy applications and Web sites in order to lure unsuspecting shoppers.They looked at five popular e-commerce brands to see how often their names appeared along with the term Black Friday in the titles or descriptions of black-listed applications. The research didn't reveal the names of the retailers, but found that they lined up with bogus apps from 8.4% to 16% of the time.To read this article in full or to leave a comment, please click here | |||
|
2016-11-22 04:56:00 | Who has the most impact in driving security advancement? (lien direct) | Depending on the size of the organization, the person who has the most impact on driving security advancement could be a C-level or board member, but non-executive administrators, and sometimes the one man IT/security show is the person paving the path.Whoever it is, every business needs someone who makes security not only a line item on the budget but also a part of the overall culture. More often than not, though, organizations prioritize security for one of two reasons.Josh Feinblum, vice president of information security at Rapid7 said,"Companies that care about security have either a progressive leadership team that believes it is important, or it is a company that has gone through a major event."To read this article in full or to leave a comment, please click here | Guideline | ||
|
2016-11-22 04:54:00 | Beware of fake apps and bad Wi-Fi hotspots while shopping by mobile phone (lien direct) | Black Friday and Cyber Monday holiday shoppers using smartphones should beware of fake commerce apps and fake Wi-Fi hot spots inside malls, two security firms have warned.Hackers use these fakes to grab account numbers and sensitive personal information."Cyber criminals are increasing our risk of using mobile devices while shopping, whether it is Black Friday or Cyber Monday," warned Brian Duckering, mobility strategist for Skycure, an enterprise security firm, in a blog. "Going to physical stores and connecting to risky Wi-Fi networks, or shopping online both pose increasing risks we should all be aware of."To read this article in full or to leave a comment, please click here | |||
|
2016-11-21 13:30:00 | Best small to midsized cities to land a cybersecurity job (lien direct) | Looking for a change of scenery in 2017?  Image by ThinkstockWhile cybersecurity positions are plentiful in most major cities, thousands of cyber positions at all levels are waiting to be filled in less populated and often more scenic locales – and most offer a lower cost of living.Although larger corporations usually post the most job openings, “you're most likely to find that you're working at a smaller company†in these smaller cities, says Tim Herbert, senior vice president of research and market intelligence at CompTIA, the Computing Technology Industry Association. But the tradeoff will be broader responsibilities and more experience, he adds. “In smaller companies you take on more responsibilities with less specialization than in a large enterprise where roles are very well-defined.â€To read this article in full or to leave a comment, please click here |
|||
|
2016-11-21 13:28:00 | 3 ingredients of a successful attack (lien direct) | The field of computer security has been around since the 1960s, and since then, practitioners have developed "a good understanding of the threat and how to manage it," say the authors of Security in Computing, 5th edition.But over the years the field has also developed a language of its own, which can present a challenge to newcomers.In the preface to the updated edition of this classic text, the authors make plain their intent to demystify the language of computer security. One good place to start: understanding the three things a malicious attacker needs to be successful.To read this article in full or to leave a comment, please click here | |||
|
2016-11-21 12:35:00 | ACM Prize in Computing is the new name of honor for young innovators (lien direct) | The Association for Computing Machinery has changed the name of its annual award recognizing computing professionals for early-to-mid-career innovations from the ACM-Infosys Foundation Award to the ACM Prize in Computing, and boosted the value of the prize by $75K.Good call on the name change, which the ACM figures will raise awareness of the award and be more recognizable. Though not to be confused: the group's more famous AM Turing Award, given annually for major contributions of lasting importance to computing, is known informally as the "Nobel Prize of Computing". (See also: "Crypto dream team of Diffiie & Hellman wins 2016 'Nobel Prize of Computing'")To read this article in full or to leave a comment, please click here | |||
|
2016-11-21 10:22:00 | FireEye\'s iSIGHT threat intelligence exposes security blind spots (lien direct) | What separates a great Major League Baseball hitter like David Ortiz from some run-of-the mill player? Great eyesight and intelligence. Ortiz sees more than others and takes all of the rich information he sees to make an intelligent, actionable decision to swing a baseball or not. While lots of players claim to do this, only a few have the right combination of the two to separate themselves from the field. The same thing can be said for IT security. It takes visibility across the entire attack spectrum, plus analytics and real-world insight, to provide actionable threat intelligence. Many vendors claim to have threat intelligence, but they operate by looking for anomalies in the network to flag something that might be a breach. This can be valuable, but it addresses only part of the security continuum. To read this article in full or to leave a comment, please click here | |||
|
2016-11-21 09:40:00 | CIO confab SIMposium to skip 2017 (lien direct) | The Society for Information Management has announced that is reworking its annual SIMposium conference, which took place last month in Connecticut, and will come back in the spring of 2018 with an event dubbed SIM Connect Live.This year's event attracted hundreds of CIOs and other IT decision makers and business strategists to exchange thoughts on everything from leadership to risk management to the workforce of the future (See also: "CIO Security Lessons -- Dark thinking on IoT & exploding enterprise networks").To read this article in full or to leave a comment, please click here | Guideline | ||
|
2016-11-21 07:35:00 | Which Job-Related Factors Alienate Cybersecurity Pros? (lien direct) | When it comes to cybersecurity jobs, it is truly a seller's market. According to ESG research published early this year, 46% of organizations report a problematic shortage of cybersecurity skills (note: I am an ESG employee). Additionally, a more recent research report from ESG and the Information Systems Security Association (ISSA) indicates that 46% of cybersecurity professionals are solicited by recruiters to consider another job at least once each week!The data indicates that there aren't enough cybersecurity professionals around and those that are employed are in high demand. This puts a lot of pressure on CISOs and human resources people to make sure to keep their existing cybersecurity staff happy so they don't walk out the door when they are barraged by headhunters' calls. To read this article in full or to leave a comment, please click here | |||
|
2016-11-21 06:56:00 | Renowned tech investor Harry Weller of NEA passes away at 46 (lien direct) | There was sad news over the weekend in the venture capital community, as New Enterprise Associate General Partner Harry Weller died in his sleep at the age of 46. Weller, who was not known to have had any illness, is survived by his wife and two sons."A renowned technology investor, champion of innovation and true partner to entrepreneurs, many knew Harry to be bold, brilliant and passionate," NEA says on a tribute to Weller on its website." To those who knew him best, he was equally remarkable for his kind heart and generous spirit. Harry was a deeply devoted father, husband and friend."MORE: Notable deaths in 2016 in technology, science & inventionsTo read this article in full or to leave a comment, please click here |
To see everything:
Our RSS (filtrered)
