What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2016-11-07 06:35:17 | UK bank suspends online payments after fraud hits 20,000 accounts (lien direct) | The banking arm of U.K. supermarket chain Tesco has suspended online payments for its 136,000 checking account customers following a spate of fraudulent transactions.The bank suspended its payment service for all checking account customers after 40,000 experienced suspicious transactions, bank CEO Benny Higgins told BBC Radio 4 on Monday."Around half of them had money taken from the account," he said.The bank will bear any losses as a result of the fraudulent activity and customers are not at financial risk, he said.But they might be inconvenienced until the bank has secured its systems.To read this article in full or to leave a comment, please click here | |||
|
2016-11-07 06:17:00 | How to protect your ecommerce site from fraud, hacking and copycats (lien direct) | Setting up an ecommerce site is easy these days. Keeping your site safe from hacking, fraud and copycats, not so much. And as small business owners know all too well, one major breach – or too many charge backs or someone stealing your business name or copying your products – could mean the end of your business.[ Related: 8 keys to ecommerce success ]Here are seven ways small ecommerce business owners can protect their online stores from hacking, fraud and/or copycats.1. Trademark your company name and logo “The most important tip for business owners to protect their site and brand is to ensure [their] name is clear for use as a trademark,†says Sonia Lakhany, trademark attorney, Lakhany Law. “Too many entrepreneurs mistakenly think that because a domain name is available or that they were able to form an LLC or corporation with their local Secretary of State that their business name or brand is available as a trademark.â€To read this article in full or to leave a comment, please click here | |||
|
2016-11-07 03:45:00 | IDG Contributor Network: Arbor Networks adapts missile defense strategy for DDoS protection (lien direct) | Missile defense is hard.Attacks can come from anywhere. There are seconds to respond. Multiple incoming missiles can overwhelm defenses. Mistakes result in huge damage.There is no margin for error. Military strategists have refined missile defense systems over decades. Early attack visibility and fast countermeasures are essential.When it comes to distributed denial of service (DDoS) attacks, Arbor Networks has found the lessons from missile defense apply. Missile defense The Department of Defense describes missile defense protection :To read this article in full or to leave a comment, please click here | |||
|
2016-11-07 03:11:00 | New products of the week 11.7.16 (lien direct) | New products of the week Our roundup of intriguing new products. Read how to submit an entry to Network World's products of the week slideshow.Ruckus Cloudpath ES 5.0 Pricing: based on total number of users and is available in 1/3/5 year subscriptions ranging from: $1.50/user for Education on-prem subscription; $1.70/user for Education cloud subscription; $5.00/user for Education on-prem subscription; $5.80/user for Education cloud subscriptionTo read this article in full or to leave a comment, please click here |
|||
|
2016-11-06 23:04:21 | China passes controversial cybersecurity law (lien direct) | China has passed a new cybersecurity law that gives it greater control over the internet, including by requiring local storage of certain data.Human rights groups and trade associations in the U.S. and other countries have warned of the implications of the law both for internet businesses and human rights in the country.The National People's Congress Standing Committee passed the new cybersecurity law Monday, according to reports.“Despite widespread international concern from corporations and rights advocates for more than a year, Chinese authorities pressed ahead with this restrictive law without making meaningful changes,†said Sophie Richardson, China director of Human Rights Watch in a statement over the weekend.To read this article in full or to leave a comment, please click here | |||
|
2016-11-06 18:02:49 | FBI sticks to earlier view not to charge Clinton over email server (lien direct) | FBI Director James Comey said new emails that had been found had not changed the agency's July decision not to recommend charges against Democratic presidential candidate Hillary Clinton over her use of a private email server.In a letter Sunday to lawmakers, Comey wrote that based on the FBI's review of the emails, the agency had not changed the conclusion it had expressed in July with regard to Clinton's use of a personal email server when she was secretary of state from 2009 to 2013.The letter from Comey comes ahead of U.S. presidential elections on Tuesday and will likely blunt criticism that Clinton used the email server for confidential government communications.To read this article in full or to leave a comment, please click here | |||
|
2016-11-06 07:59:00 | Microsoft to protect World Chess Champion Magnus Carlsen from Russian hackers (lien direct) | If you were the World Chess Champion and you were about to defend your title in a 12-round match against a Russian grandmaster, should you be worried about being hacked? Apparently so, since current World Chess Champion Magus Carlsen has asked Microsoft to protect him from attacks by Russian hackers.It's not like Carlsen, who became a grandmaster at age 13, practices by playing against a computer. In fact, grandmaster and author Andrew Soltis told NPR that “Carlsen won't even play his computer. He uses it to train, to recommend moves for future competition. But he won't play it, because he just loses all the time and there's nothing more depressing than losing without even being in the game.â€To read this article in full or to leave a comment, please click here | |||
|
2016-11-04 16:36:47 | Update your Belkin WeMo devices before they become botnet zombies (lien direct) | Owners of WeMo home automation devices should upgrade them to the latest firmware version, which was released this week to fix a critical vulnerability that could allow hackers to fully compromise them.The vulnerability was discovered by researchers from security firm Invincea in the Belkin WeMo Switch, a smart plug that allows users to remotely turn their electronics on or off by using their smartphones. They confirmed the same flaw in a WeMo-enabled smart slow cooker from Crock-Pot, and they think it's probably present in other WeMo products, too.WeMo devices like the WeMo Switch can be controlled via a smartphone app that communicates with them over a local Wi-Fi network or over the Internet through a cloud service run by Belkin, the creator of the WeMo home automation platform.To read this article in full or to leave a comment, please click here | |||
|
2016-11-04 16:29:00 | Cybersecurity: A Priority for Next POTUS (lien direct) | When the two major presidential candidates haven't been focused on each other's personal behavior or legal imbroglios, they've tended to discuss a few major issues such as health care, immigration reform, or battling terrorism. Yes, these are critical topics but what about cybersecurity? After all, this very campaign has featured nation state hacking, email theft, and embarrassing email disclosures from egomaniac Julian Assange and WikiLeaks. Alas, each candidate has been relatively silent about cybersecurity threats, national vulnerabilities, or what they plan to do to bridge this gap. Secretary Clinton's policies look a lot like President Obama's Cybersecurity National Action Plan (CNAP) but add a national security component due to her personal experience with state sponsored hacks of the DNC and John Podesta. Donald Trump seemed completely ignorant about cybersecurity issues (remember “the cyber†comments and his rant about his 10-year-old son's computer skills?), but has since come up with some pedestrian cybersecurity policy objectives. To read this article in full or to leave a comment, please click here | |||
|
2016-11-04 14:10:10 | DNC hacker calls on brethren to monitor US election (lien direct) | The hacker who claims to have breached the Democratic National Committee isn't done trying to influence this year's election. On Friday, Guccifer 2.0 warned that Democrats might try to rig the vote next Tuesday.Guccifer 2.0 wrote the statement in a new blog post as U.S. federal agencies are reportedly bracing for cyber attacks on election day.The U.S. has already blamed Russia for allegedly meddling with the upcoming election by hacking into political targets, including the DNC, and then leaking the sensitive documents to the public.To read this article in full or to leave a comment, please click here | |||
|
2016-11-04 13:27:00 | What about the personal data on those millions of recalled Note7s? (lien direct) | The users of millions of faulty Samsung Galaxy Note7s, already turned in, face a bigger potential dilemma than whether the devices might blow up: The fate of their personal data on the devices.Many of the users of some 3 million Note7 devices sold were told by Samsung and government officials to immediately stop using the devices. They most likely didn't have time to thoroughly wipe sensitive personal data like credit card numbers or medical information.Samsung hasn't divulged what it plans to do with the Note7s that were turned in, and didn't respond this week to a query about how it plans to ensure customer data is kept confidential.The company said earlier this week that it is reviewing options for environmentally disposing of the Note7 phones after Greenpeace demanded Samsung find ways to reuse rare materials in the phones, such as gold and tungsten.To read this article in full or to leave a comment, please click here | |||
|
2016-11-04 12:39:00 | Phishing scheme crimps El Paso for $3.2 million (lien direct) | If you ever wonder why phishing scammers continue to try myriad ways of ripping people off you need look no further than this.The El Paso Times this week reported that the city had been scammed out of $3.2 million through a phishing scheme that targeted municipality's street car development program.+More on Network World: FBI snags group that allegedly pinched 23,000 or $6.7 million worth of iPhonesTo read this article in full or to leave a comment, please click here | |||
|
2016-11-04 11:20:00 | Intel launches 500 drones for nighttime light show (lien direct) | Could hundreds or thousands of drones in the sky ever replicate the thrill we get from watching a fireworks display?Intel is hoping to reproduce a little of that magic with its Shooting Star drones. They're equipped with lights to provide a show in the night sky, and Intel is offering a whole fleet of them as a service to theme parks, entertainment companies, and cities.Last year, the company managed to get 100 of them flying in formation to produce patterns and, of course, the Intel logo. Now it's managed to synchronize 500 of the devices to display more ambitious and complex patterns (and yes, a better Intel logo).+ ALSO ON NETWORK WORLD Infographic: Commercial drones by the numbers +To read this article in full or to leave a comment, please click here | |||
|
2016-11-04 10:39:00 | Democracy has died of dysentery: The Voter Suppression Trail (lien direct) | Despite a number of potential digital threats, voter fraud remains a mostly imaginary problem in this country, a specter raised by politicians seeking to justify ever-more stringent rules designed to suppress voter turnout in areas unfavorable to them.But in a largely post-truth political discourse, simply pointing out that this is a fact doesn't seem to be enough. What is needed – and what the New York Times Op-Docs project has collaborated with the satirists at GOP Arcade to produce – is a video game.+ CAN THE ELECTIONS BE HACKED? Find out with Network World's package of stories +To read this article in full or to leave a comment, please click here | |||
|
2016-11-04 08:42:00 | 25% to 30% of users struggle with identifying phishing threats, study says (lien direct) | This column is available in a weekly newsletter called IT Best Practices. Â Click here to subscribe. Â Humans are often the weak link in any cybersecurity defense. People behave unpredictably because we are sometimes driven by emotion and by an innate desire to trust and please other people. Also, we tend to take the path of least resistance, even if that path inadvertently creates a cybersecurity risk. Attackers understand these human traits, which is why they are frequently successful in exploiting people to get around more predictable machine-based defenses. As an example, consider phishing. It's estimated that globally, 8 million phishing email messages are opened every day, and of those, 800,000 recipients of the malicious messages click on the embedded links. Ten percent of the people who click on a link actually give their information, such as login credentials for personal applications or their employer's applications.To read this article in full or to leave a comment, please click here | |||
|
2016-11-04 05:00:00 | How to approach your first day as CSO (lien direct) | The situation often dictates how to approach a new job. Did the company just have a humiliating experience with a data breach? Did they not have a CSO previously and that is why they are looking for security help to lock down their network?If during the job interview, there was a blunt plea for help then most new hires would come in guns a blazin' to get things under control quickly. But in most scenarios, CSOs interviewed said there is a general time period to examine the culture of the company to help in getting a grasp of what needs to be done.To read this article in full or to leave a comment, please click here | |||
|
2016-11-03 13:53:29 | DDoS attack from Mirai malware \'killing business\' in Liberia (lien direct) | The malware behind last month's massive internet disruption in the U.S. is targeting Liberia with financially devastating results.This week, a botnet powered by the Mirai malware has been launching distributed denial-of-service (DDoS) attacks on IP addresses in the African country, according to security researchers.  These attacks are the same kind that briefly disrupted internet access across the U.S. almost two weeks ago. They work by flooding internet connections with too much traffic, effectively forcing the services offline.To read this article in full or to leave a comment, please click here | |||
|
2016-11-03 11:01:33 | Mobile subscriber identity numbers can be exposed over Wi-Fi (lien direct) | For a long time, law enforcement agencies and hackers have been able to track the identity and location of mobile users by setting up fake cellular network towers and tricking their devices to connect to them. Researchers have now found that the same thing can be done much more cheaply with a simple Wi-Fi hotspot.The devices that pose as cell towers are known in the industry as IMSI catchers, with the IMSI (international mobile subscriber identity) being a unique number tied to a mobile subscriber and stored on a SIM card. IMSI catchers can be used for tracking and in some cases, for intercepting calls, but commercial solutions, such as the Stingray used by the FBI, are expensive.To read this article in full or to leave a comment, please click here | |||
|
2016-11-03 10:48:01 | Flaw in Wix website builder risked computer worm (lien direct) | Wix, the provider of a widely used cloud-based web development platform, appears to have had a significant bug on its hands that could have paved the way for a computer worm to do serious damage to websites around world.The problem was related to an XSS (cross-site scripting) vulnerability that was found in websites built with Wix, according to Matt Austin, a researcher with Contrast Security.Though Wix says it has fixed the issue, it illustrates how a few lines of bad code can potentially do widespread damage.XSS vulnerabilities are common, and result from flaws in websites' coding. Hackers can take advantage of them to trick users' browsers into running malicious scripts that, for example, could download a computer virus or expose the internet cookies that are on their machines. Austin found the same kind of problem in websites from Wix, which builds websites and has 87 million users in Europe, Latin America, Asia.To read this article in full or to leave a comment, please click here | Yahoo | ||
|
2016-11-03 09:03:00 | Ixia\'s Flex Tap Secure+ protects against injection breaches (lien direct) | We've probably all used the phrase “too much of anything is a bad thing.†Too much ice cream makes you fat, too many cats and you get called crazy, and too much NFL football on Sunday gets you banned to the doghouse by your wife. + Also on Network World: Network World annual State of the Network survey results + In IT, too much network traffic is certainly a bad thing. We need networks and rely on them to access cloud applications, call people on via videoconferencing and do a whole bunch of other tasks. However, too much traffic and the network becomes unusable and a source of frustration for workers. To read this article in full or to leave a comment, please click here | |||
|
2016-11-03 05:23:00 | 10 AWS security blunders and how to avoid them (lien direct) | The cloud has made it dead simple to quickly spin up a new server without waiting for IT. But the ease of deploying new servers -- and the democratic nature of cloud management -- can be a security nightmare, as a simple configuration error or administrative mistake can compromise the security of your organization's entire cloud environment.With sensitive data increasingly heading to the cloud, how your organization secures its instances and overall cloud infrastructure is of paramount importance. Cloud providers, like Amazon, secure the server hardware your instances run on, but the security of the cloud infrastructure your organization sets up on that infrastructure is all on you. A broad array of built-in security services and third-party tools are available to secure practically any workload, but you have to know how to use them. And it all starts with proper configuration.To read this article in full or to leave a comment, please click here | |||
|
2016-11-03 05:20:00 | Ex-Facebook, Dropbox engineers offer debugging as a service (lien direct) | A group of former Facebook and Dropbox engineers is developing a service for debugging complex systems and answering ad hoc questions in real time.Honeycomb, currently in an open beta cycle, is a SaaS platform that reduces MTTR (mean time to repair) for outages and degraded services, identifies bugs and performance regressions, isolates contributing factors to failures, and reproduces user bug reports.[ Find out how to get ahead with our career development guide for developers. | The art of programming is changing rapidly. We help you navigate what's hot in programming and what's going cold. | Keep up with hot topics in programming with InfoWorld's Application Development newsletter. ] The collective debugging skills of teams would be captured and preserved, according to the project website. Rather than relying on a dashboard, Honeycomb is for interactive debugging.To read this article in full or to leave a comment, please click here | |||
|
2016-11-03 05:18:00 | How secure are home robots? (lien direct) | They have blinking lights and tend to chirp constantly. One of them can vacuum your living room carpet on a schedule. Another can play games with the kids using artificial intelligence.Yet, for homeowners (and security professionals) there's a question about whether home robots could become an attack vector for hackers. Tapping into a live webcam feed and recording it? Stealing Wi-Fi information from an unprotected signal so you can transmit illegal wares? What makes a home robot such an ingenious ploy is that few of us think a vacuum could possibly become anything remotely viable for criminal use. Yet, that's exactly the danger.“Homeowners never change the default passwords or use simple passwords which can be broken thus allowing hackers to leverage their way onto a home network and use the robot as a pivot point for further exfiltration of sensitive data or plant malware,†says Kevin Curran, a senior lecturer in computer science at the University of Ulster and IEEE member.To read this article in full or to leave a comment, please click here | |||
|
2016-11-03 05:14:00 | Flood of threat intelligence overwhelming for many firms (lien direct) | Three years after Target missed alerts warning them about a massive data breach, the amount of threat information coming in from security systems is still overwhelming for many companies, according to new reports, due to a lack of expertise and integration issues.Seventy percent of security pros said that their companies have problems taking actions based on threat intelligence because there is too much of it, or it is too complex, according to a report by Ponemon Research released on Monday. In particular, 69 percent said that their companies lacked staff expertise. As a result, only 46 percent said that incident responders used threat data when deciding how to respond to threats, and only 27 percent said that they were effective in using the data.To read this article in full or to leave a comment, please click here | |||
|
2016-11-03 03:30:00 | IDG Contributor Network: The day the 911 network stood still (lien direct) | In the early morning hours of Wednesday, Oct. 26, 2016, an apparent Telephony Denial of Service (TDoS) attack was brought against several cities that brought 911 to a grinding halt.The incident triggered a response from the Department of Homeland Security's National Cybersecurity & Communications Integration Center National Coordinating Center for Communications (NCIC/NCC) and a Watch Advisory for a TDoS attack on public-safety answering points (PSAP) was issued just after lunch.Investigators were led to a web page created by 18-year-old, Phoenix-based Meetkumar Hiteshbhai Desai. Desai said he was merely looking for bugs in Apple's iOS in an attempt to capture a reward from Apple as part of its bug bounty program. Apple launched this long-awaited program in September, and the company is offering five different categories of reward prizes:To read this article in full or to leave a comment, please click here | |||
|
2016-11-02 14:25:00 | Black Hat Europe: IoT devices can hack phones (lien direct) | The Internet of things (IoT) has already been used to launch the biggest DDoS attacks ever, but now it represents a potential path for attackers to compromise cell phones.Flaws in Belkin WeMo devices - electrical switches, cameras, light bulbs, coffee makers, air purifiers, etc. – enabled Invincea Labs researchers to not only hack into the devices, but to use that access to attack an Android phone running the app that controls the WeMo devices.“This is the first instance we've seen of IoT hacking something else,†says researcher Scott Tenaglia, who pledges to look for other vulnerable devices that might be abused to carry out similar attacks.To read this article in full or to leave a comment, please click here | |||
|
2016-11-02 14:05:00 | 29% off Litom Solar Outdoor Motion Sensor Security Lights, 2 Pack - Deal Alert (lien direct) | This Amazon #1 best selling solar security light is super bright and easy to install wherever you need it. It features 3 modes: (1) Always on, (2) Dim until motion is detected, and (3) Off until motion is detected. It's designed with a large sensor that will detect motion over a larger distance, and 20 LED lights that the company claims are larger and more powerful than the competition offers. Being weatherproof, this is a light you can mount anywhere you need it outdoors. The Liton outdoor motion sensing light averages 4 out of 5 stars from over 1,100 people (see reviews), and a 2-pack is currently being offered at $35.29, a 29% discount over its typical list price of $50. See it now on Amazon.To read this article in full or to leave a comment, please click here | |||
|
2016-11-02 12:36:00 | Microsoft to patch Windows bug that Google revealed (lien direct) | Microsoft on Tuesday said it would patch a Windows vulnerability next week that Google publicly revealed just 10 days after notifying Microsoft.Microsoft also identified the attackers, asserting that they were the same who had been accused by authorities of hacking the Democratic National Committee (DNC)."All versions of Windows are now being tested ... and we plan to release [the patches] publicly on the next Update Tuesday, Nov. 8," wrote Terry Myerson, the head of the Windows and devices group, in a post to a company blog.To read this article in full or to leave a comment, please click here | |||
|
2016-11-02 12:33:00 | ExtraHop package captures files before ransomware encrypts them (lien direct) | The best defense against ransomware has been comprehensive backup, but ExtraHop is introducing a way to capture files just before ransomware encrypts them, making it possible to restore them but without relying on the backups.+More on Network World: Cisco: Potent ransomware is targeting the enterprise at a scary rate+A software upgrade to ExtraHop's Ransomware Detection bundle picks up on precursors to ransomware encrypting files and captures them before the malware has the chance to encrypt.To read this article in full or to leave a comment, please click here | |||
|
2016-11-02 10:50:00 | Brace yourselves, commercial drones are coming (lien direct) | Las Vegas Commercial UAV Expo  Image by Magdalena Petrova Now in its second year, the Commercial UAV Expo in Las Vegas attracts companies who what to integrate drones into their workflows. Industries range from security, to construction, to surveying and mapping. Let's check out some of the drones that darted across our radar. To read this article in full or to leave a comment, please click here |
|||
|
2016-11-02 09:04:00 | Cisco seeks faster time to discovery for breaches, compromises (lien direct) | Cisco has announced security upgrades to cut the time compromises go unnoticed on endpoints, giving attackers less time to do damage if they get past preventive security measures.Unveiled at the Cisco Partner Summit this week, the new AMP for Endpoints comes with a lightweight agent to gather data that is analyzed in the Cisco AMP cloud. This lifts the processing burden from customers' infrastructure.And the platform now includes an agentless feature for devices that can't take an agent, such as visitors' laptops.In addition to the cloud version, the analytics part of the platform can also be purchased for deployment on customer premises in their own private clouds. Detection, analysis and recommended response are handled in the cloud and pushed to the endpoints.To read this article in full or to leave a comment, please click here | |||
|
2016-11-02 08:16:00 | NASA: Asteroid mission starts with a marriage of rocks, styrofoam and plywood (lien direct) | Robotically grabbing hunks of asteroid in deep space is no trivial task so it would be nice to practice the mission beforehand.That's the goal with a mock-up asteroid NASA and the University of West Virginia recently built from rock, styrofoam, plywood and an aluminum endoskeleton. The mock-up is in preparation for NASA's Asteroid Redirect Mission (ARM) which will send a spacecraft to rendezvous with a target asteroid, land a robotic spacecraft on the surface, grab a 4 meter or so sized boulder and begin a six-year journey to redirect the boulder into orbit around the moon for exploration by astronauts.+More on network World: How to protect Earth from asteroid destruction; Quick look: NASA's ambitious asteroid grabbing mission+To read this article in full or to leave a comment, please click here | |||
|
2016-11-02 07:55:00 | Do smartphone trade-ins threaten corporate security? (lien direct) | As the holiday season approaches (OK, it may already be here), workers in your company will likely be acquiring new smartphones. In fact, a recent survey by Blancco Technology Group says a whopping 68 percent of mobile users plan to purchase a new smartphone for the holidays. That number seems high to me, but come January, you can be pretty sure there will be a lot of shiny new iPhones, Galaxies and Pixels connecting to your corporate network. But that's not what this post is about. No, this post is about what happens to all those no-longer-shiny BYOD smartphones that used to connect to your corporate network and work with your corporate data, but have now been replaced with something new. To read this article in full or to leave a comment, please click here | |||
|
2016-11-02 07:01:00 | Trump and Clinton should answer these 10 cybersecurity questions (lien direct) | Cybersecurity getting little attention Image by REUTERS/Jim YoungThis election has been more about style than substance, more about the candidates' pasts than their plans, more personal attacks than policy proposals. Even the debates, where the moderators attempt to discuss issues in need of decisions and actions, have been more notable for the ferocity of attacks than the shrewdness of the strategies.To read this article in full or to leave a comment, please click here |
|||
|
2016-11-02 07:00:00 | Fixing the communications issues between IT security and the board and c-suite (lien direct) | In the months before an unexpected crisis, IT security requests specific tools, training, and additional staff to keep enterprise data safe, but does not substantiate the need in terms the business can understand. The c-suite denies the requests, pointing to the investments they have already made in security technologies. Suddenly, hackers strike with a massive cyber attack.Suffering financial losses and brand damage, the c-suite asks IT security what happened. Security responds that they need specific tools, training, and staff to mitigate these concerns. But again, security does not make a business case in language the c-suite can appreciate. The leadership turns to existing vendors, who sell them their latest security products.To read this article in full or to leave a comment, please click here | Guideline | ||
|
2016-11-02 06:41:00 | Microsoft: Windows 0-day exposed by Google is being exploited by Russian DNC hackers (lien direct) | Microsoft issued a warning about the APT group most commonly known as “Fancy Bear,†or APT 28, and how it is exploiting the zero-day disclosed by Google on Halloween.Microsoft agreed that the zero-day is being actively exploited and pointed a finger of blame at a hacking group that is believed to be tied to the Russian government; the same group is believed to be responsible for hacks which resulted in data breaches at the Democratic National Committee and the Clinton campaign.Microsoft does not call the APT group “Fancy Bear†as its codename for the threat group is STRONTIUM. Terry Myerson, executive VP of Microsoft's Windows and Devices Group, wrote:To read this article in full or to leave a comment, please click here | APT 28 | ||
|
2016-11-01 21:02:06 | Cisco says it\'ll make IoT safe because it owns the network (lien direct) | Cisco Systems is making a play for the fundamental process of putting IoT devices online, promising greater ease of use and security as enterprises prepare to deploy potentially millions of connected objects.Thanks to a dominant position in Internet Protocol networks, Cisco can do what no other company can: Change networks that were not designed for IoT in order to pave the way for a proliferation of devices, said Rowan Trollope, senior vice president and general manager of the IoT & Applications Group.“The internet as we know it today, and the network that you operate, will not work for the internet of things,†Trollope said in a keynote presentation at the Cisco Partner Summit in San Francisco on Tuesday. “We can solve that problem because we own the network.â€To read this article in full or to leave a comment, please click here | |||
|
2016-11-01 17:32:47 | Police across the globe crackdown on darknet marketplaces (lien direct) | Law enforcement agencies across the globe staged a crackdown on so-called darknet web sites last week, targeting marchants and thousands of customers who were looking to obtain illegal drugs and goods.From Oct.22 to the 28th, the agencies took action against merchants and customers that used these sites for illicit items, U.S. Immigration and Customs Enforcement said in a statement on Monday.Unlike other websites, these underground marketplaces reside within the darknet -- a sort of parallel internet accessible to visitors via anonymizing software like Tor. While the software has legitimate uses, such as safeguarding communications in authoritarian countries, it has been adopted for more illicit means.To read this article in full or to leave a comment, please click here | |||
|
2016-11-01 14:05:00 | 20% off Ring Wi-Fi Enabled Video Doorbell - Deal Alert (lien direct) | The Ring Video Doorbell is the world's first battery-operated, Wi-Fi enabled, HD video doorbell. The device enables homeowners to see and speak with visitors from anywhere in the world by streaming live audio and video of a home's front doorstep directly to the free iOS or Android app. The doorbell's built-in motion sensors detect movement up to 30 feet, and HD video recording stores all recorded footage to the cloud which can be accessed via the Ring app. The Ring Doorbell is quick and easy to set up as it mounts and syncs in minutes and has a built in battery, however, it can also be powered through your existing doorbell wires.  Over 11,000 people have reviewed the Ring Video Doorbell on Amazon (read reviews) and have given it an average of 4 out of 5 stars. Right now its list price of $199 has been reduced to $160. See it now on Amazon.To read this article in full or to leave a comment, please click here | |||
|
2016-11-01 12:11:00 | 11 cool high-tech aerial headquarters photos (lien direct) | High above Image by Reuters/Noah BergerApple's “Spaceship†headquarters building, which is under construction but will soon be completed, gets a lot of attention but there are other high-tech headquarters that look good – especially from above. Here we take a look at just a few of them.To read this article in full or to leave a comment, please click here |
|||
|
2016-11-01 11:51:24 | Researchers build undetectable rootkit for programmable logic controllers (lien direct) | Researchers have devised a new malware attack against industrial programmable logic controllers (PLCs) that takes advantage of architectural shortcomings in microprocessors and bypasses current detection mechanisms.The attack changes the configuration of the input/output pins that make up the interface used by PLCs to communicate with other devices such as sensors, valves, and motors. PLCs are specialized embedded computers used to control and monitor physical processes in factories, power stations, gas refineries, public utilities, and other industrial installations.The attack, which will be presented at the Black Hat Europe security conference in London on Thursday, was developed by Ali Abbasi, a doctoral candidate in the distributed and embedded system security group at the University of Twente in the Netherlands, and Majid Hashemi, a research and development engineer at Quarkslab, a Paris-based cybersecurity company.To read this article in full or to leave a comment, please click here | |||
|
2016-11-01 10:27:00 | Gartner: Despite the DDoS attacks, don\'t give up on Dyn or DNS service providers (lien direct) | The DDoS attacks that flooded Dyn last month and knocked some high-profile Web sites offline don't mean businesses should abandon it or other DNS service providers, Gartner says.In fact, the best way to go is to make sure critical Web sites are backed by more than one DNS provider, says Gartner analyst Bob Gill.+More on Network World: Gartner Top 10 technology trends you should know for 2017+To read this article in full or to leave a comment, please click here | |||
|
2016-11-01 08:54:00 | That\'s just wrong: Accusing granny of pirating zombie game (lien direct) | Releasing 60 million genetically modified mosquitoes a week sounds just wrong, but in theory the mutant mosquitoes will mate with normal mosquitos so the offspring will have a genetic flaw that causes them to die quickly. There is no mention of whether or not the millions of mutant mosquitoes to be released weekly will feed on the people of Brazil. If that's not just wrong, then the three examples below surely are.Saddam Hussein…really Apple?Apple refused to issue a male customer a refund for an iPhone 7 unless he could prove he was not Saddam Hussein – you know, the Iraqi dictator executed by hanging in 2006 – basically a decade ago. Apparently, someone working for Apple was unaware of that fact.To read this article in full or to leave a comment, please click here | |||
|
2016-11-01 07:54:50 | UK government to spend $2.3 billion to bolster cybersecurity (lien direct) | The U.K. government will spend £1.9 billion (US $2.3 billion) over the next five years to pump up its cybersecurity defenses and pay for new research, Chancellor of the Exchequer Philip Hammond said. The goal of the spending, part of a new national cybersecurity strategy, is to make the U.K. one of the "safest places in the world to do business," with a world-class cybersecurity industry and workforce, Hammond said Tuesday.To read this article in full or to leave a comment, please click here | |||
|
2016-11-01 07:04:58 | Google to untrust WoSign and StartCom certificates (lien direct) | Following similar decisions by Mozilla and Apple, Google plans to reject new digital certificates issued by two certificate authorities because they violated industry rules and best practices.The ban will go into effect in Chrome version 56, which is currently in the dev release channel, and will apply to all certificates issued by certificate authorities WoSign and StartCom after October 21. Browsers rely on digital certificates to verify the identity of websites and to establish encrypted connections with them.Certificates issued before October 21 will continue to be trusted as long as they're published to the public Certificate Transparency logs or have been issued to a limited set of domains owned by known WoSign and StartCom customers.To read this article in full or to leave a comment, please click here | |||
|
2016-11-01 06:38:00 | 10 ways to make sure your remote workers are being safe (lien direct) | Safeguards Image by PexelsWith an ever-expanding mobile workforce, infosec teams are increasingly tasked with extending cybersecurity safeguards beyond the physical and virtual walls of their organizations. With endpoints not only increasing but on the move, the challenge is real. In addition to implementing the appropriate technical defenses, there is an important aspect to protecting corporate data and systems: Asking end users to get involved.To read this article in full or to leave a comment, please click here |
|||
|
2016-11-01 06:34:00 | Unencrypted pagers a security risk for hospitals, power plants (lien direct) | For most of us, pagers went out when cell phones came in, but some companies are still using them and when the messages are sent without encryption, attackers can listen in and even interfere with the communications.According to two new reports by Trend Micro, pagers are still in use in hospital settings and in industrial plants.Stephen Hilt, Trend Micro's lead researcher on the project, said they don't have a concrete percentage on the number of encrypted messages.To read this article in full or to leave a comment, please click here | Guideline | ||
|
2016-11-01 06:14:11 | Here\'s how businesses can prevent point-of-sale attacks (lien direct) | Retailers, hotels and restaurants have all been victimized through the same Achilles' heel that cybercriminals continue to attack: the point-of-sale system, where customers' payment data is routinely processed. Â These digital cash registers are often the target of malware designed to steal credit card numbers in the thousands or even millions. This year, fast food vendor Wendy's, clothing retailer Eddie Bauer and Kimpton Hotels have all reported data breaches stemming from such attacks.Security experts, however, are encouraging a variety of approaches to keep businesses secure from point-of-sale-related intrusions. Here are a few to consider:To read this article in full or to leave a comment, please click here | |||
|
2016-10-31 17:27:21 | Google clashes with Microsoft over Windows flaw disclosure (lien direct) | Google and Microsoft are butting heads over the disclosure of vulnerabilities. On Monday, Google revealed a critical flaw in Windows after it gave Microsoft a ten-day window to warn the public about it.Google posted about the zero-day vulnerability on its security blog, saying Microsoft had yet to publish a fix or issue an advisory about the software flaw."This vulnerability is particularly serious because we know it is being actively exploited," Google said. It lets hackers exploit a bug in the Windows kernel, via a win32k.sys system call, to bypass the security sandbox.To read this article in full or to leave a comment, please click here | |||
|
2016-10-31 13:39:00 | Improve IT security: Start with these 10 topics (lien direct) | You want to be more responsible about IT security in your organization, but where do you start? May I suggest your first step be understanding these topics more thoroughly. This is list isn't exhaustive. It's only a beginning:1. DNS and DNSSEC: The biggest games in cyber war are hitting DNS providers. DNS can be compromised in many simple ways, but Domain Name System Security Extensions (DNSSEC) thwarts these-at the cost of understanding how it works, how to deploy it and how it's maintained. There are ways to understand if your own organization is threatened with DDoS attacks. Study them. To read this article in full or to leave a comment, please click here |
To see everything:
Our RSS (filtrered)
