What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2016-11-14 08:00:00 | 37% of IT pros to look for new jobs in 2017 (lien direct) | If your IT department isn't already worried about staff retention, some new stats might change that. A new poll finds 37% of IT pros plan to begin searching for a new employer in 2017, and 26% plan to accept a new job.Many factors are driving people's desire for a job change, according to Spiceworks' 2017 Tech Career Outlook. The most frequently cited reasons are: to advance my IT skills (cited by 69%); to get a more competitive salary (64%); to work at a company that makes IT more of a priority (40%); I'm burnt out at my current job (40%); to find a better work-life balance (38%); to get better benefits (401k, healthcare) (33%); to work with a more talented IT team (26%); to get better work-from-home options (24%); to get a better job title (22%).To read this article in full or to leave a comment, please click here | |||
|
2016-11-14 07:55:00 | Blockchain adoption in banks coming, but slower than expected (lien direct) | Recent headlines suggest that blockchain technology is revolutionizing financial services. JP Morgan Chase, Barclays, Commonwealth Bank, Wells Fargo and several other leading banks are using the digital ledger technology to conduct equity swaps, cross-border trades, and other transactions.You might think that blockchain has gone mainstream. Not so fast, says former UBS CIO Oliver Bussmann, who claims it may take banks two years to run blockchain in production due to regulatory hurdles, a lack of standards and other stumbling blocks. “This is real, this will come but in a very regulated environment. We will go through a lot of validation,†says Bussmann, who jumpstarted blockchain efforts when he was leading IT at the Swiss bank last year.To read this article in full or to leave a comment, please click here | Guideline | ||
|
2016-11-14 07:32:31 | DoS technique lets a single laptop take down an enterprise firewall (lien direct) | At a time when the size of distributed denial-of-service attacks has reached unprecedented levels, researchers have found a new attack technique in the wild that allows a single laptop to take down high-bandwidth enterprise firewalls.The attack, dubbed BlackNurse, involves sending Internet Control Message Protocol (ICMP) packets of a particular type and code. ICMP is commonly used for the ping network diagnostic utility, and attacks that try to overload a system with ping messages -- known as ping floods -- use ICMP Type 8 Code 0 packets.BlackNurse uses ICMP Type 3 (Destination Unreachable) Code 3 (Port Unreachable) packets instead and some firewalls consume a lot of CPU resources when processing them.To read this article in full or to leave a comment, please click here | |||
|
2016-11-14 06:01:00 | Security Sessions: How to prepare for a data breach (lien direct) | In the latest episode of Security Sessions, CSO Editor-in-Chief Joan Goodchild chats with Michel Bruemmer from Experian Data Breach Resolution about its annual data breach response guide. The guide offers tips and process improvements for companies putting together a plan of attack when breaches occur. | |||
|
2016-11-14 05:00:00 | New products of the week 11.14.16 (lien direct) | New products of the week Our roundup of intriguing new products. Read how to submit an entry to Network World's products of the week slideshow.NetCrunch 9.3 Key features: Version 9.3 of the NetCrunch network monitoring system introduces an overhauled GUI, live up/down traffic on physical segments, new views for smaller networks, and integration with JIRA, ConnectWise and more. More info.To read this article in full or to leave a comment, please click here |
|||
|
2016-11-13 21:51:40 | 412 million FriendFinder Network accounts said to be exposed in hack (lien direct) | Over 412 million accounts on dating and entertainment network FriendFinder Networks have reportedly been exposed, the second time that the network has been breached in two years, according to a popular breach notification website.The websites that have been breached include adultfriendfinder.com, described as the "world's largest sex and swinger community," which accounted for over 339.7 million of the 412 million accounts exposed, LeakedSource said Sunday.Other network sites that had user accounts exposed were cams.com with 62.6 million exposed, penthouse.com with 7 million, stripshow.com with 1.4 million, icams.com with about 1 million and an unidentified website adding 35,372 users whose accounts were exposed.To read this article in full or to leave a comment, please click here | |||
|
2016-11-13 08:25:00 | BlackNurse attack: 1 laptop can DoS some firewalls, bring down big servers (lien direct) | An attacker doesn't need an IoT botnet or massive resources for a denial of service attack to knock large servers offline; researchers warned that all it takes is one laptop for a “BlackNurse†attack to bring vulnerable Cisco, SonicWall, Palo Alto and Zyxel firewalls to their knees.Danish researchers at the Security Operations Center of telecom operator TDC described BlackNurse as a low bandwidth Internet Control Message Protocol (ICMP) attack that “is capable of doing a denial of service to well-known firewalls.â€In their report (pdf), the researchers wrote:To read this article in full or to leave a comment, please click here | |||
|
2016-11-11 07:15:00 | Election Data Models Lesson for Cybersecurity (lien direct) | If you are like me, you were pretty convinced that Secretary Clinton was poised to be the President elect. Confidence in this opinion was based on reviewing numerous big data analytics models from the fivethirtyeight.com, the New York Times, Princeton, etc. The lowest percentage gave Mrs. Clinton roughly a 65% chance of winning on November 8. So, what happened?  Every database jockey recognizes the old maxim of garbage in/garbage out. In other words, killer algorithms and all the processing power in the world are rather useless if your model is built on the back of crappy data. Obviously, all the brainiacs building these models made a critical mistake in not gathering data from disenfranchised white voters in rural areas. The result? A stunning election result and lots of eggs on ivy league elitist faces.To read this article in full or to leave a comment, please click here | |||
|
2016-11-10 14:05:00 | Ethernet consortia trio want to unlock a more time-sensitive network (lien direct) | The demand from Internet of Things, automotive networking and video applications are driving changes to Ethernet technology that will make it more time-sensitive.Key to those changes are a number of developing standards but also a push this week from the University of New Hampshire InterOperability Laboratory to set up three new industry specific Ethernet Time-Sensitive Networking (TSN) consortiums – Automotive Networking, Industrial Networking, and ProAV Networking aimed at developing deterministic performance within standard Ethernet for real-time, mission critical applications.+More on Network World: IEEE sets new Ethernet standard that brings 5X the speed without disruptive cable changes+To read this article in full or to leave a comment, please click here | |||
|
2016-11-10 11:46:16 | Suspected Russian hackers target US think tanks after election (lien direct) | Hours after Donald Trump won the presidential election, a suspected Russian cyberespionage team was blamed for targeting several U.S. think tanks with phishing emails designed to fool victims into installing malware.On Wednesday, the phishing emails landed in the inboxes of dozens of targets associated with U.S. think tanks and non-governmental organizations, said security firm Volexity.A hacking group called APT 29 or Cozy Bear was behind the attack, according to Veloxity. This is one of the same groups that security experts say was also responsible for hacking the Democratic National Committee and is allegedly tied to the Russian government.To read this article in full or to leave a comment, please click here | APT 29 | ||
|
2016-11-10 11:03:00 | Google punishes web backsliders in Chrome (lien direct) | Google said it will deal with website recidivists that have dodged the company's punishments for spreading malware and spawning email scams.When Google flags sites for hosting malicious code or unwanted software, or running some kind of scam, users see warnings in Chrome and other browsers. The alerts appear as long as Google believes the site poses a threat.But after making changes to align their sites with Google's "Safe Browsing" terms, webmasters may ask Google to lift the virtual embargo.Not surprisingly, some took advantage of the mechanism for lifting the warnings. Sites would cease their illicit practices, but only long enough to get back into Google's good graces. Once Google gave the all-clear, the once-dirty-then-clean site would have a serious relapse and again distribute malware or spew phishing emails.To read this article in full or to leave a comment, please click here | APT 19 | ||
|
2016-11-10 11:00:00 | How to maintain data and document security with a mobile workforce (lien direct) | Pragmatic approach Image by ThinkstockData and document security with today's mobile workforce can be a difficult challenge. This is not a “one-size-fits-all†problem; one needs to weigh the risks to ensure that you are operating within a tolerable risk level or the opposite in which you put significant controls around devices, hamper productivity for no benefit. Take a pragmatic approach – you want the ability to clearly and justly answer the organization's question of, “Why is this security measure necessary?†As security leaders, we want to allow your teams to move as fast as possible and not deploy a policy or technology because someone touts it as the best way to do something. Security vendor Conga provides these tips for that healthy balance.To read this article in full or to leave a comment, please click here |
Guideline | ||
|
2016-11-10 09:37:12 | Hacker shows how easy it is to take over a city\'s public Wi-Fi network (lien direct) | In a perfect example of how public wireless networks can be dangerous for privacy and security, an Israeli hacker showed that he could have taken over the free Wi-Fi network of an entire city.On his way home from work one day, Amihai Neiderman, the head of research at Israeli cybersecurity firm Equus Technologies, spotted a wireless hotspot that he hadn't seen before. What made it unusual was that it was in an area with no buildings.It turned out that the hotspot he saw, advertised as "FREE_TLV," was part of the citywide free Wi-Fi network set up by the local administration of Tel Aviv, Israel. This made Neiderman wonder: How secure is it?To read this article in full or to leave a comment, please click here | |||
|
2016-11-10 08:41:33 | Tech groups push policy priorities for the Trump administration (lien direct) | Technology trade groups are already pushing out their policy priorities for President-elect Donald Trump's administration, even though his campaign rarely touched on IT issues.With Silicon Valley largely opposed to Trump during the campaign and his tech policy agenda paper thin, policy recommendations from tech trade groups may be an exercise in wishful thinking. Still, several tech groups congratulated Trump on his unexpected victory and expressed optimism about this presidency.One point of optimism for the tech industry was the Trump campaign's last-minute addition of telecommunications networks to a long list of infrastructure projects he hopes to fund. Other infrastructure projects on Trump's list include roads, bridges, tunnels, airports, railroads, ports, pipelines, and the electricity grid, and it's unclear how he plans to pay for the plan, given that Trump also has promised large tax cuts, and whether telecommunications networks would be a priority. To read this article in full or to leave a comment, please click here | |||
|
2016-11-10 07:25:55 | European Parliament clears drone regulations for takeoff (lien direct) | Regulations to protect people from falling drones moved a little closer to takeoff at the European Parliament on Thursday.Ensuring drone safety took on a new urgency this week, with GoPro's recall of its Karma drone after unexplained mid-air power failures caused a number of them to drop out of the sky.Under the European Union's proposed regulations, drones will have to be registered so that their owners can be identified. While that won't in itself stop drones from falling, it could lead pilots to take their responsibilities more seriously, legislators hope.A 1-kilogram drone like the Karma falling from as little as 11 meters (around three stories) could kill even someone wearing a safety helmet, according to a calculator developed by the Dropped Object Prevention Scheme, which promotes safety in the oil and gas industry.To read this article in full or to leave a comment, please click here | Guideline | ||
|
2016-11-10 05:58:00 | Cisco/Ericsson: Assessing the mega-deal a year later (lien direct) | When it was announced a year ago, the Cisco/Ericsson partnership was hailed as “the right move for us right now,†according to Cisco CEO Chuck Robbins to create the networks of the future.While the partnership has done well – the companies say they have closed 60 deals together -- Ericsson is being battered financially this year and the impact that will have on the partnership could change it in the future.+More on Network World: Cisco CEO Robbins: Wait til you see what's in our innovation pipeline+To read this article in full or to leave a comment, please click here | |||
|
2016-11-10 05:44:00 | Need for \'smart\' regulation of IoT security is as obvious as is it unlikely (lien direct) | Security expert Bruce Schneier has a new essay out that makes this case: The only way to prevent the exploitation of insecure internet of things devices from causing catastrophic damage is government regulation, noting “our choice is between smarter government involvement and stupider government involvement.â€His premise would appear unassailable. The problem is we don't necessarily get to choose; sometimes the difference between smarter and stupider is foisted upon us.Schneier writes of the growing IoT threat: It's a form of invisible pollution. … And, like pollution, the only solution is to regulate. The government could impose minimum security standards on IoT manufacturers, forcing them to make their devices secure even though their customers don't care. They could impose liabilities on manufacturers, allowing companies like Dyn to sue them if their devices are used in DDoS attacks. The details would need to be carefully scoped, but either of these options would raise the cost of insecurity and give companies incentives to spend money making their devices secure. …To read this article in full or to leave a comment, please click here | |||
|
2016-11-10 04:00:00 | IDG Contributor Network: Major cloud is infested with malware, researchers say (lien direct) | Cloud repositories are actively supplying malware, according to computer experts. And problematically, it's insidious and hard to find.Hundreds of buckets have been undermined, says Xiaojing Liao, a graduate student at Georgia Tech who's the lead author on a study that's looking into the problem. Buckets are chunks of storage used in cloud operations.It's “challenging to find,†Georgia Tech writes in an article on its website. The problem being that the resulting malware is quick to “assemble from stored components that individually may not appear to be malicious.â€To read this article in full or to leave a comment, please click here | Guideline | ||
|
2016-11-10 03:30:00 | Down the rabbit hole, part 5: Secure and private instant messaging (lien direct) | Instant messaging is hard.There are untold numbers of instant messaging networks (not even taking SMS into consideration)-with companies like Google having, all by themselves, created a half dozen competing applications and networks. And, if you want those messages to be secure? Well, things get even more difficult-there simply aren't many options. In my ongoing quest to make my life as secure and private as possible, I've found three instant messaging networks that are worth talking about. They're not perfect, but they are significant improvements over using the many, astoundingly insecure platforms out there (such as Google's Hangouts or Apple's iMessage). Let's go over those here, with their benefits and pitfalls. To read this article in full or to leave a comment, please click here | |||
|
2016-11-09 20:41:36 | Yahoo investigating if insiders knew of hack (lien direct) | Yahoo said investigators into the late 2014 theft of information of at least 500 million user accounts are looking into the possibility that some people within the company knew about the security incident at the time.Law enforcement authorities on Monday also “began sharing certain data that they indicated was provided by a hacker who claimed the information was Yahoo user account data,â€Â the company said in a regulatory filing to the U.S. Securities and Exchange Commission. Yahoo said it would “analyze and investigate the hacker's claim.†It isn't clear if this data is from the 2014 hack or from another breach.To read this article in full or to leave a comment, please click here | Yahoo | ||
|
2016-11-09 16:37:00 | Worries and uncertainty cloud outlook for digital privacy under President Trump (lien direct) | When President-elect Donald Trump officially takes office, he'll inherit a powerful U.S. surveillance apparatus, including the National Security Agency, that's already been accused of trampling over privacy rights. This has some legal experts worried, but like almost every other aspect of a Trump presidency, there are more questions than clarity over what exactly he plans to do. Over the course of his presidential campaign, Trump has only offered snapshots on his views about various U.S. privacy matters, but they suggest a pro-government surveillance stance. For instance, Trump showed support for the NSA's bulk telephone data collection, which ended last year. “I err on the side of security,†he said at the time. And on Apple's refusal to provide the FBI access to an iPhone used by the San Bernardino shooter: the public should boycott the company until it complies, he said.To read this article in full or to leave a comment, please click here | |||
|
2016-11-09 13:07:14 | President Trump: An uncertain future for tech industry, digital rights (lien direct) | U.S. President-elect Donald Trump's vision for the country's economy-driving technology industry is largely a blank canvas, and when he's dipped his toe into IT issues, he's made people nervous. Trump's campaign was dominated by debates over illegal immigration, lost manufacturing jobs, and character issues. Silicon Valley firms largely opposed Trump, and one of his signature issues, rewriting free trade deals between the U.S. and other nations, likely will hurt U.S tech companies' ability to sell products overseas. Meanwhile, digital rights groups say they expect Trump to call for expanded government surveillance programs to fight terrorism and fewer protections for privacy. And a Trump administration will likely work to gut net neutrality rules that the Federal Communications Commission passed only last year, although repealing the rules won't be easy.To read this article in full or to leave a comment, please click here | |||
|
2016-11-09 11:23:00 | Ransomware hammers Madison County, Indiana (lien direct) | Madison County, Indiana, population of about 130,000, was the victim of a ransomware attack last week. Government workers without working computers were thrown back into the past to pen and paper, confusion abounds, and county commissioners unanimously voted to pay the ransom.Indiana State Police Capt. Dave Bursten told WTHR, “It's like when I came on in the 80s - we're doing everything with pencil and paper.â€â€œWe cannot query old information to bring up prior reports or prior court records,†Madison County Sheriff Scott Mellinger told Fox59. “If we want to bring somebody's record up for something in the future, let's say for somebody that has been arrested or somebody who is even in jail then we cannot look up information that would help us at a hearing. On the sheriff's office side, we cannot book people into jail using the computers. We are using pencil and paper like the old days.â€To read this article in full or to leave a comment, please click here | |||
|
2016-11-09 08:43:00 | IBM package brings Watson smarts to everything IoT (lien direct) | IBM has released an experimental program developers can use to embed Watson cognitive intelligence features in all manner of IoT systems from robots and drones to sensors and avatars.IBM says the platform, called Project Intu lets Project Intu offers developers easily build cognitive or basically machine learning skills into a wide variety of operating systems – from Raspberry PI to MacOS, Windows to Linux devices. Devices using Intu can “interact more naturally with users, triggering different emotions and behaviors and creating more meaningful and immersive experience for users.  Developers can simplify and integrate Watson services, such as Conversation, speech-to-text, Language and Visual Recognition, with the capabilities of the “device†to, in essence, act out the interaction with the user,†IBM stated.To read this article in full or to leave a comment, please click here | |||
|
2016-11-09 07:48:00 | The scary state of the cybersecurity profession (lien direct) | Most discussions about cybersecurity tend to go right to technology, and these days they usually start with the words “next generation†as in next-generation firewalls, IPS, endpoint security, etc. I get it, since innovative technology is sexy, but it's important to realize that skilled cybersecurity professionals anchor cybersecurity best practices. We depend on actual people to configure controls, sort through data minutiae to detect problems, and remediate issues in a timely manner.+ Also on Network World: Recruiting and retaining cybersecurity talent + Since these folks protect all our digital assets daily, it's only natural that we'd be curious as to how they are doing. To measure these feelings, ESG teamed up with the Information Systems Security Association (ISSA) and conducted a survey of 437 global cybersecurity professionals. This project resulted in a recently published research report. To read this article in full or to leave a comment, please click here | |||
|
2016-11-09 05:01:00 | Los Angeles: Warm weather, movie stars -- and 100 million monthly cyber attacks (lien direct) | Los Angeles is famous for its warm weather and movie stars. But what may not be as well known is that it's also one of the largest targets for cyber attacks in the world.The city's infrastructure in highways, water and power -- and all the data behind it -- supports 4 million residents in the nation's second largest city. The city also collects data about Los Angeles International Airport as well as about the largest shipping port in the western hemisphere, where 43% of imported goods enter the U.S. The city government is even responsible for data related to elections, including yesterday's national election.It's not difficult to see the enormity of the city's security challenge, which includes protecting the personal data of city workers and residents.To read this article in full or to leave a comment, please click here | |||
|
2016-11-09 04:59:00 | Robots present a cyber risk (lien direct) | The prospect of an army of robots marching in unison to launch an attack on an unsuspecting city belongs in the realm of science fiction-as do most images of menacing autonomous machines wreaking all kinds of havoc on civilization.That's not to say robotics is free from security and safety threats, however. In fact, experts say the growing use of robots by companies such as manufacturers, retailers, healthcare institutions and other businesses can present a number of cyber risks.There are two primary issues related to security and robotics, says Michael Overly, a partner and information security attorney at law firm Foley & Lardner.First, these machines are generally integral to assembly line operations and other similar activities, Overly says. “An attack could literally bring a manufacturing or assembly plant to its knees,†he says. “We have seen this very outcome in a ransomware attack targeted at robotic assemblers in a plant in Mexico.†In that case, the ransomware locked up the specifications files from which the robots drew their operating parameters, he says.To read this article in full or to leave a comment, please click here | |||
|
2016-11-09 04:49:00 | There\'s a war on for cybersecurity talent (lien direct) | Filling cybersecurity jobs is getting so hard managers need to think outside the box if they hope to fill critical positions, experts say.That means redefining jobs, training human resources departments to screen resumes differently, seeking latent talent already inside the organization, and hiring bright, motivated people who can grow into critical roles, according to an expert panel speaking at the recent Advanced Cyber Security Center conference in Boston.+More on Network World: Phishing scheme crimps El Paso for $3.2 million+To read this article in full or to leave a comment, please click here | |||
|
2016-11-08 15:59:18 | Microsoft patches 68 vulnerabilities, two actively exploited ones (lien direct) | Microsoft has patched 68 vulnerabilities in Windows, Office, Edge, Internet Explorer and SQL Server, two of which have already been exploited by attackers and three that have been publicly disclosed.The patches are covered in 14 security bulletins, one dedicated to Adobe Flash Player which is upgraded through Windows Update in Windows 10 and 8.1. Six of the bulletins are rated critical and eight are rated important.Administrators should prioritize the Windows patches in the MS16-135 bulletin, because they address a zero-day vulnerability that's already being exploited by a group of attackers known in the security industry as Fancy Bear, APT28 or Strontium.To read this article in full or to leave a comment, please click here | APT 28 | ||
|
2016-11-08 13:52:00 | Microsoft fixes Windows flaw that Google divulged (lien direct) | Microsoft today patched a Windows vulnerability that was disclosed just over a week ago by researchers from Alphabet Inc.'s Google.In one of several security updates -- 14 to be exact -- Microsoft fixed the bug in the Windows kernel drivers that Google security engineers had revealed on Oct. 31, 10 days after notifying Microsoft of the vulnerability.Microsoft credited Neel Mehta and Billy Leonard of Google's Threat Analysis Group for reporting the flaw. Last week, the two said that because the vulnerability was being actively exploited, a disclose-within-seven-days policy applied.To read this article in full or to leave a comment, please click here | |||
|
2016-11-08 13:46:15 | Competing hackers dampen the power of Mirai botnets (lien direct) | The malware behind last month's massive distributed denial-of-service attack in the U.S. appears to be losing its potency. Ironically, hackers are to blame for diluting its power.  The malware known as Mirai -- which is now available on the internet -- has become a bit too popular in the hacking community, according to security firm Flashpoint.Competing hackers have all been trying to take advantage of Mirai to launch new DDoS attacks. To do so, that means infecting the poorly secured internet-connected devices, such as surveillance cameras, baby monitors, and DVRs, that the malware was designed to exploit.To read this article in full or to leave a comment, please click here | |||
|
2016-11-08 11:54:00 | Nov 2016 Patch Tuesday: Microsoft released 14 security updates, 6 rated critical (lien direct) | In addition to releasing 14 security updates on Election Day Patch Tuesday, six of which are rated critical, the Microsoft Security Response Center responded to requests for better access to security update information; Microsoft's solution was to release a preview of its new Security Update Guide, “a single destination for security vulnerability information.â€MSRC added, “Instead of publishing bulletins to describe related vulnerabilities, the new portal lets our customers view and search security vulnerability information in a single online database.â€To read this article in full or to leave a comment, please click here | |||
|
2016-11-08 09:32:25 | Adobe fixes flaws in Flash Player and Adobe Connect (lien direct) | Adobe Systems has released scheduled security patches for its widely used Flash Player software as well as the Adobe Connect web conferencing platform, which is popular in enterprise environments.The Flash Player security updates fix nine critical vulnerabilities that could be exploited remotely to execute malicious code on computers. All of them were privately reported by researchers through Trend Micro's Zero Day Initiative, an exploit acquisition program.Users should upgrade to Flash Player 23.0.0.207 for Windows and Mac and to Flash Player 11.2.202.644 for Linux. The Flash Player builds bundled with Google Chrome, Microsoft Edge and Internet Explorer 11 will be upgraded automatically through those browsers' update mechanisms.To read this article in full or to leave a comment, please click here | |||
|
2016-11-08 08:25:00 | Carnegie Mellon researchers visualize way to fend off DDoS attacks (lien direct) | Following the massive DDoS attack that last month that targeted DNS provider Dyn and temporarily knocked Twitter, Netflix and other big names off the Internet, we were bombarded with pitches from vendors begging to offer their expert opinions on the matter while extolling the virtues of their solutions that naturally would have safeguarded organizations.Now, a couple of weeks later, Carnegie Mellon's CyLab Security and Privacy Institute too is touting research that it says shows that the tools really needed to stymie such attacks are on the way. Somehow, this seems more believable than some of the all-to-eager vendor claims, though it doesn't appear the tools will quite be ready to fly for imminent DDoS attack candidates, such as 2016 U.S. Presidential Election-related sites and Black Friday 2016 websites.To read this article in full or to leave a comment, please click here | |||
|
2016-11-08 06:46:40 | Android patches fix Drammer RAM attack, but not Dirty Cow exploit (lien direct) | Google released a new monthly batch of security patches for Android, fixing a dozen critical vulnerabilities that could allow attackers to compromise devices. One of the mitigated issues is a bit-flipping attack against memory chips that could lead to privilege escalation, but a more widespread rooting vulnerability in the Linux kernel remains unpatched.While Google releases firmware updates for its Nexus and Pixel devices on the first Monday of every month, the security patches are shared with third-party device manufacturers one month in advance and are also contributed later to the Android Open Source Project to benefit the entire ecosystem.To read this article in full or to leave a comment, please click here | Guideline | ||
|
2016-11-08 05:51:31 | French plan for biometric database of 60 million people sparks outcry (lien direct) | When the French government quietly announced, in the middle of a holiday weekend, the merging of two files to create a megadatabase holding the biometrics of almost 60 million French citizens, it was clearly hoping to avoid an outcry. It failed. Among those lining up to criticize the government's move are its own minister of state for the Digital Sector and Innovation, and the National Digital Council, a body created by the government to provide independent recommendations on all matters relating to the effect of digital technologies on society and the economy. Minister of State Axelle Lemaire told French journalists the megadatabase used 10-year-old technology and had real security problems.To read this article in full or to leave a comment, please click here | |||
|
2016-11-08 04:50:00 | Make your emails more trusted with DKIM (lien direct) | The war against spam has been a long one. Just as we get better filtering, spammers and phishers turn to more sophisticated techniques. We are even seeing ransomware attacks like Cryptolocker and Cryptowall become commonly spread over email. There must be a technical way to stop some of this, right?There is an Internet authentication system -- DomainKeys, and its successor, DKIM -- that tries to mitigate some of the risk of trusting that emails are actually from who they say they are from. Strangely, though, this technology has not made its way into Microsoft Exchange. In this piece, I want to open the curtains on DomainKeys and DKIM, show how they work and why what they do is important, and then demonstrate how to use a free utility to set up DKIM on your on-premises Exchange servers.To read this article in full or to leave a comment, please click here | |||
|
2016-11-08 04:46:00 | AI makes security systems more flexible (lien direct) | Advances in machine learning are making security systems easier to train and more flexible in dealing with changing conditions, but not all use cases are benefitting at the same rate.Machine learning, and artificial intelligence, has been getting a lot of attention lately and there's a lot of justified excitement about the technology.One of the side effects is that pretty much everything is now being relabeled as "machine learning," making the term extremely difficult to pin down. Just as the word "cloud" has come to mean pretty much anything that happens online, so "artificial intelligence" is rapidly moving to the point where almost anything involving a computer is getting that label slapped on it.To read this article in full or to leave a comment, please click here | |||
|
2016-11-08 04:44:00 | 7 steps to start a bug bounty program (lien direct) | A new approach Image by ThinkstockVulnerability assessment and identification strategies have evolved to include the concept of crowd sourced security testing through bug bounty programs. While bug bounty programs have been used for over 20 years, widespread adoption by enterprise organizations has just begun to take off within the last few. The bug bounty path, paved by tech giants, is widening, enabling security teams of all sizes to create and manage robust security assessment programs, get ahead of adversaries, and level the cybersecurity playing field. As we are clearly still in the early- to mid-adopter phase of this new market, Paul Ross, senior vice preside of marketing at Bugcrowd, breaks down how to get started with a bug bounty program, and how to prepare your organization for this new approach to vulnerability testing.To read this article in full or to leave a comment, please click here |
|||
|
2016-11-07 17:52:30 | China\'s vague cybersecurity law has foreign businesses guessing (lien direct) | The most disturbing thing for foreign businesses facing China's new cybersecurity law may just be how vague and broad it is. Under the new law, adopted on Monday and taking effect next June, it's possible that any major company working in the country might be subject to "security reviews" from the Chinese government. Any company involved in telecommunications, information services, finance or any sector "where the loss of data can harm the country's security" is subject to a possible review. But what these security reviews actually entail isn't clear in the law.To read this article in full or to leave a comment, please click here | |||
|
2016-11-07 14:28:48 | Carriers are going virtual to give enterprises more freedom (lien direct) | Starting carrier services like routing and security is getting faster and easier thanks to a new way of deploying them that doesn't require specialized equipment at customer's sites.The new approach, called virtualized business services, lets various carrier services run on standard infrastructure at either customer sites or service-provider facilities. Because the services are virtual, companies can order and change them quickly, and they won't get locked into whatever capabilities come with a particular device.On Monday, Orange Business Services launched its virtualized network services program, called Easy Go Network. It joins AT&T, Verizon and other operators that are selling or developing such programs. Easy Go Network is available as a month-to-month subscription and its launch follows a year-long customer trial. Orange Business Services claims more than 3,000 multinational organizations as customers.To read this article in full or to leave a comment, please click here | |||
|
2016-11-07 13:07:00 | Apple just removed hundreds of fake shopping apps from the App Store (lien direct) | Just in time for the holiday shopping season, the iOS App Store is seeing a deluge of fake shopping apps branding themselves with designer names in hopes of trapping gullible buyers. Apple is now stepping in to remove the counterfeit apps, which are sneaking in by changing the content after Apple's approval or by resubmitting apps under different names and credentials after being outed as fraudulent.After reports of apps using reputable companies' names to shill their fake wares in the App Store surfaced in the New York Times and New York Post, Apple removed hundreds of offenders. But hucksters keep coming back: The Times found that an app called Overstock Inc. was trying to convince shoppers that it was Overstock.com by selling clothes and Ugg boots. Apple killed the app, only to see it return the next day, because sketchy developers are finding new ways to bypass the company's traditionally tough app review process.To read this article in full or to leave a comment, please click here | |||
|
2016-11-07 13:06:00 | Microsoft postpones Windows anti-exploit tool\'s retirement (lien direct) | Microsoft last week announced that it would support the Enterprise Mitigation Experience Toolkit (EMET) through July 2018, a year-and-a-half extension for the anti-exploit utility.At the same time, the Redmond, Wash. company dismissed EMET as a behind-the-times tool, and again urged customers to upgrade to Windows 10, arguing that the new operating system is much more secure than previous editions when supplemented by EMET."EMET hasn't kept pace," wrote Jeffrey Sutherland, a Microsoft principal program manager lead, in a post to a company blog Nov. 3. "Its effectiveness against modern exploit kits has not been demonstrated, especially in comparison to the many security innovations built into Windows 10."To read this article in full or to leave a comment, please click here | Guideline | ||
|
2016-11-07 11:21:00 | When DR fails (lien direct) | Someone hacked into my main server. I have a small organization, and the server was an old Apple Xserve 10.6.7 chosen because it's not the usual host. Now it's time to scratch security through obscurity off the list.So let's do a rudimentary recover. Forensics will have to wait.I went to a hosting company to spin up httpd and mail. They're already my registrar. Pretty big organization.And they don't have 24/7 support.Since this happened on a Saturday, I was already in trouble. I chose one of their hosting plans. It costs a rudimentary $60 for a web server plus mail. It uses the famous CPanel hosting.To read this article in full or to leave a comment, please click here | |||
|
2016-11-07 10:01:00 | US election day faces specter of cyberattacks (lien direct) | Don't be surprised if hackers make their presence felt on U.S. Election Day. Distributed denial-of-service attacks and high-profile leaks are among the tactics they might use if they try to influence Tuesday's vote. Cybersecurity experts stress it would be incredibly difficult to hack the U.S. election. The system itself is distributed across the country over thousands of voting jurisdictions, making it hard to tamper with on a wide scale.    But hackers could still attempt to sow chaos on Election Day in other ways. The tools and infrastructure to do so are already in place.To read this article in full or to leave a comment, please click here | |||
|
2016-11-07 09:58:28 | Hackers can abuse LTE protocols to knock phones off networks (lien direct) | When you travel between countries, the mobile operators that temporarily provide service to your phone need to communicate with your operator back home. This is done over a global interconnection network where most traffic still uses an ageing protocol, called SS7, that's known to be vulnerable to location tracking, eavesdropping, fraud, denial of service (DoS), SMS interception and other attacks.With the advance of Long-Term Evolution (LTE) networks, some roaming traffic is switching to a newer protocol, called Diameter, that's more secure than SS7 in theory, but which still allows for attacks if it's not deployed with additional security mechanisms.To read this article in full or to leave a comment, please click here | |||
|
2016-11-07 09:31:00 | IDG Contributor Network: Tesco Bank breach causes 20,000 customers to lose money (lien direct) | The fine details are still murky, but news surfaced in the last day or two that Tesco Bank, a U.K.-based bank owned by the Tesco supermarket chain, suffered some sort of widespread fraud. The bank's CEO, Benny Higgins, told Radio 4 that around 40,000 of the bank's 7 million accounts had seen “some sort of suspicious transactions.†Of those, around 20,000 customers have actually lost money from their bank accounts. In the interview, the CEO told the BBC he was “very hopeful†that customers would be refunded the lost funds. What he didn't say is that I am sure he is also “very hopeful†that once this all washes up he and his IT team will still have jobs.To read this article in full or to leave a comment, please click here | |||
|
2016-11-07 08:47:00 | Security vendor demonstrates hack of US e-voting machine (lien direct) | A hacker armed with a US$25 PCMCIA card can, within a few minutes, change the vote totals on an aging electronic voting machine that is now in limited use in 13 U.S. states, a cybersecurity vendor has demonstrated.The hack by security vendor Cylance, which released a video of it Friday, caught the attention of noted National Security Agency leaker Edward Snowden, but other critics of e-voting security dismissed the vulnerability as nothing new.The Cylance hack demonstrated a theoretical vulnerability described in research going back a decade, the company noted.To read this article in full or to leave a comment, please click here | |||
|
2016-11-07 08:17:48 | 5 things you need to know about virtual private networks (lien direct) | A virtual private network is a secure tunnel between two or more computers on the internet, allowing them to access each other as if on a local network. In the past, VPNs were mainly used by companies to securely link remote branches together or connect roaming employees to the office network, but today they're an important service for consumers too, protecting them from attacks when they connect to public wireless networks. Given their importance, here's what you need to know about VPNs:VPNs are good for your privacy and securityOpen wireless networks pose a serious risk to users, because attackers sitting on the same networks can use various techniques to sniff web traffic and even hijack accounts on websites that don't use the HTTPS security protocol. In addition, some Wi-Fi network operators intentionally inject ads into web traffic, and these could lead to unwanted tracking.To read this article in full or to leave a comment, please click here | Guideline | ||
|
2016-11-07 06:42:00 | Adobe\'s \'Photoshop for audio\' tweaks voice recordings to say words speaker didn\'t say (lien direct) | Photoshop trolls can manipulate photos, but in the future we may have a new type of troll … trolls which can easily manipulate spoken words just by typing text into an audio editing program.Last week at the Adobe Max Creativity Conference, Adobe developer Zeyu Jin mentioned that people “having been making weird stuff online†with photo editing software, before adding, now “let's do something to human speech.â€Jin gave a sneak peek of software which is like Photoshop for audio, demonstrating Project VoCo, for voice conversion, by altering a voice clip of comedian Keegan-Michael Key. The voice clip was something Key said after being nominated for an award.To read this article in full or to leave a comment, please click here |
To see everything:
Our RSS (filtrered)
