What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2017-04-28 12:21:56 | Google\'s Chrome will soon start warning you more about HTTP pages (lien direct) | A Google effort to push websites to implement encryption is expanding. Starting in October, the company will roll out new warnings to flag HTTP connections as insecure in its Chrome browser.For users, it means Chrome will display the words “not secure†in the browser's address bar whenever they type any data into web pages that connect over HTTP.However, for users who like to browse through Chrome's privacy-enhancing Incognito mode, the warnings will appear by default on all HTTP pages visited, not only when the user enters information onto the page.To read this article in full or to leave a comment, please click here | |||
|
2017-04-28 11:39:00 | TSA: “As you can imagine, live anti-tank rounds are strictly prohibited altogether.†(lien direct) |
I have detailed the crazy things that the TSA has found in airline travelers checked bags over the past few years but…every once and awhile, something new and cracked turns up. TSA/22MM tank round LAX
Recently the agency's agents reported that a live 22 MM anti-tank round was discovered by TSA agents in a checked bag at Los Angeles (LAX) airport.To read this article in full or to leave a comment, please click here |
|||
|
2017-04-28 09:21:00 | Sift Science uses machine learning to help businesses reduce fraud while enhancing the user experience​ (lien direct) | This column is available in a weekly newsletter called IT Best Practices.  Click here to subscribe.  Companies that provide online transactional services to consumers or other businesses have to be concerned about fraud. Whether it is renting hotel rooms to travelers, selling books to avid readers, arranging shipping services for hard goods, or any of the thousands of other types of sales and services transacted online, the entity behind the online business needs to know if the end user and transaction can be trusted.The credit reporting company Experian says that e-commerce fraud attack rates spiked 33% in 2016 compared to 2015. Experian attributes this increase to the recent switch to EMV (those chip-based credit cards), which drove fraudsters to online card-not-present fraud, and to the vast number of data breaches in which users' online credentials were stolen. The Federal Trade Commission says the number of consumers who reported their stolen data was used for credit card fraud increased from 16% in 2015 to 32% in 2016.To read this article in full or to leave a comment, please click here | |||
|
2017-04-28 08:17:14 | Network management vulnerability exposes cable modems to hacking (lien direct) | Hundreds of thousands of internet gateway devices around the world, primarily residential cable modems, are vulnerable to hacking because of a serious weakness in their Simple Network Management Protocol implementation.SNMP is used for automated network device identification, monitoring and remote configuration. It is supported and enabled by default in many devices, including servers, printers, networking hubs, switches and routers.Independent researchers Ezequiel Fernandez and Bertin Bervis recently found a way to bypass SNMP authentication on 78 models of cable modems that ISPs from around the world have provided to their customers.Their internet scans revealed hundreds of thousands of devices whose configurations could be changed remotely through the SNMP weakness that they found and dubbed StringBleed.To read this article in full or to leave a comment, please click here | |||
|
2017-04-28 05:09:00 | Users have little confidence their company can protect their mobile device (lien direct) | A survey sponsored by Check Point Software Technologies Ltd. found that 64 percent of respondents are doubtful that their organization can prevent a mobile cyberattack, leaving employees' personal information vulnerable to theft.Alvaro Hoyos, chief information security officer at OneLogin, said that number does not surprise him. He said the employees might not know the ins and outs of their company's security controls. IT departments typically don't go out of the way to communicate all the security controls that they are relying on to secure your IT environment.He said companies should use their security awareness training to help users understand what risks you their employers are addressing with technology.To read this article in full or to leave a comment, please click here | |||
|
2017-04-27 11:02:29 | Cloudflare wants to secure IoT connections to the internet (lien direct) | Many people are worried about putting smart internet-connected devices in their homes or offices because of flaws that could allow attackers into their private networks.Web optimization and security firm Cloudflare is trying to alleviate those fears with a new service that could allow internet-of-things manufacturers to protect devices from attacks and deploy patches much quicker.Cloudflare's content delivery network is used by millions of people and companies to increase the performance of their websites and to protect them from malicious traffic. The company's servers work as invisible proxies between websites and visitors, providing on-the-fly encryption and firewall protection.To read this article in full or to leave a comment, please click here | |||
|
2017-04-27 10:42:00 | (Déjà vu) Advances in multifactor authentication (MFA) technologies (lien direct) | Enterprises authenticate users based on their knowledge, possession, or inherence of some evidence that they are the party with the given right of access. Some experts see the context of the user's authentication such as the time, their network IP and device, and their location as the fourth factor of authentication.Stephen Cobb, senior security researcher at ESET says you can assure greater security with each additional factor of authentication that you add.MFA is more important than ever as attackers are increasingly breaking into accounts that use single-factor authentication and sometimes even those with two factors. In one example, attackers tried to get the second factor by using phishing texts that asked users to send over their tokens.To read this article in full or to leave a comment, please click here | |||
|
2017-04-27 10:41:00 | (Déjà vu) 9 essential tools for the security-conscious mobile worker (lien direct) | Have security gadgets, will travel Image by Kensington, Anonabox, Yubikey The highly digitized and hyper-connected world that we live in today has heightened the security stakes for us all. But if work frequently takes you away from the home office, you have some particular security and privacy concerns.To read this article in full or to leave a comment, please click here |
|||
|
2017-04-27 10:40:00 | Sensitive data often follows former employees out the door (lien direct) | There is an old cliché that says a company's most valuable assets walk out the door at the end of the day. However, according to a recent security report, some other valuable assets are walking out the door as well, and they're not coming back.In a survey from Osterman Research, 69 percent of organizations polled say that they have suffered significant data or knowledge loss resulting from employees who took information resources with them when they left the business.Any form of data loss is a threat to a business, but the report notes that problems can arise both from employees actually taking data with them when they leave, and when departing employees have parked corporate information in locations like cloud storage services that are unknown or inaccessible to their former employer.To read this article in full or to leave a comment, please click here | |||
|
2017-04-27 10:38:00 | Failure to communicate helps ransomware prosper (lien direct) | At least one of the major reasons for the ongoing exponential increase in ransomware as a criminal business model could be summed up with the iconic line from the prison boss in 1967's “Cool Hand Lukeâ€: “What we got here is a failure to communicate.â€That was a recurring theme from those on a “Ransomware Panel†Thursday at SOURCE Boston 2017, moderated by Paul Roberts, founder and editor in chief of The Security Ledger.The communication breakdown occurs at all levels, the panelists said, starting with victims. â– MORE FROM SOURCE Boston: Cyber infrastructure: Too big to fail, and failing Frank McLaughlin, a Boston Police detective, said when a business gets hit with ransomware, “the police are the last people they want to call, for obvious reasons. It becomes a public record.â€To read this article in full or to leave a comment, please click here | |||
|
2017-04-27 09:59:00 | U.S. military wants white-hat hackers to target its cyber security systems (lien direct) | The U.S. military, which continues its interest in bug bounty programs as a way to improve cybersecurity, is launching a new contest next month.Called “Hack the Air Force,†the new program will put certain of the branch's Web sites up as targets for a set of international hackers who have been vetted by HackerOne, which is running the program.+More on Network World: IBM: Financial services industry bombarded by malware, security threats+To read this article in full or to leave a comment, please click here | |||
|
2017-04-27 07:14:00 | Enterprise security technology consolidation (lien direct) | Look around the cybersecurity infrastructure at any enterprise organization, and here's what you'll see-dozens and dozens of cybersecurity tools from just as many vendors. Now this situation wasn't planned; it just happened. Over the past 15 years, bad guys developed new cyber weapons to exploit IT vulnerabilities. And large organizations reacted to these new threats by purchasing and deploying new security controls and monitoring systems. This pattern continued over time, leading to today's patchwork of security point tools. + Also on Network World: Is your company spending on the right security technologies? + So, what's the problem? Point tools aren't really designed to talk with one another, leaving human beings to bridge the communications, intelligence and technology gaps between them. Furthermore, each individual tool requires training, deployment, configuration and ongoing operational support. More tools, more needs.To read this article in full or to leave a comment, please click here | Guideline | ||
|
2017-04-27 06:48:00 | IBM: Financial services industry bombarded by malware, security threats (lien direct) | The financial services industry is the target of a whopping 65% more targeted cyber-attacks than the average business, according to security watchers at IBM's X Force.The number of financial services records breached skyrocketed 937% in 2016 to more than 200 million. Financial institutions were forced to defend against a 29 percent increase in the number of attacks from 2015, IBM stated.+More on Network World: Â IBM: Tax-related spam up 6,000% since Dec.; Darkweb tactics net billions+To read this article in full or to leave a comment, please click here | |||
|
2017-04-27 06:31:00 | Next-gen IoT botnet Hajime nearly 300K strong (lien direct) | The Hajime botnet is nearly 300,000 strong, making it a latent threat nearly as powerful as the notorious Mirai botnet that devastated high-profile websites last fall, leading some to think the internet had been broken.Researchers at Kaspersky Lab lured devices infected with the Hajime worm to announce themselves to a Kaspersky honeypot, checked out whether they were actually infected and added them up. They came up with the number 297,499, says Igor Soumenkov, principal researcher at Kaspersky Lab.An earlier estimate by Symantec put the size at tens of thousands. Estimates of the number of infected devices in Mirai botnets have put it about 400,000, but the number of devices that might be infected with the Hajime worm is 1.5 million, says Dale Drew, the CSO of Level 3, which has been building a profile of behavioral classifiers to identify it so it can be blocked.To read this article in full or to leave a comment, please click here | Guideline | ||
|
2017-04-27 05:36:00 | (Déjà vu) Foiled! 15 tricks to hold off the hackers (lien direct) | Malicious hackers have outsize reputations. They are über-geniuses who can guess any password in seconds, hack any system, and cause widespread havoc across multiple, unrelated networks with a single keystroke-or so Hollywood says. Those of us who fight hackers every day know the good guys are usually far smarter. Hackers simply have to be persistent.Each year, a few hackers do something truly new. But for the most part, hackers repeat the tried and true. It doesn't take a supergenius to check for missing patches or craft a social engineering attack. Hacking by and large is tradework: Once you learn a few tricks and tools, the rest becomes routine. The truly inspired work is that of security defenders, those who successfully hack the hackers.To read this article in full or to leave a comment, please click here | |||
|
2017-04-27 05:31:00 | (Déjà vu) 10 ways to achieve ROI on a network solution (lien direct) | Measuring ROI Image by ThinkstockWith the advent of Bring Your Own Device (BYOD), WLAN network access to customers and visitors and virtualized systems, the demand for IP addresses has exploded. Small companies might have to manage more than 1,000 IP addresses and it is not unusual for larger companies to have 10,000 or more spread across many locations. Setting up and protecting the network infrastructure is a major challenge and needs to be even more sophisticated and dynamic than ever before.To read this article in full or to leave a comment, please click here |
|||
|
2017-04-27 05:29:00 | Latest OWASP Top 10 looks at APIs, web apps (lien direct) | The new release of the OWASP Top 10 list is out for public comment from the Open Web Application Security Project, and while most of it remains the same there are a couple of new additions, focusing on protections for web applications and APIs.To make room for the new items, a couple of older ones were either removed or merged into new items.The fact that the list hasn't changed much since its first release in 2003 is both good and bad, said Jeff Williams, CTO and co-founder at Contrast Security.To read this article in full or to leave a comment, please click here | |||
|
2017-04-27 03:05:01 | BlackBerry KeyOne to launch in US and Canada in late May (lien direct) | The BlackBerry KeyOne, an Android-based smartphone with a hardware keyboard, will be available in the U.S. and Canada from May 31, the phone's maker said Thursday.TCL Communications, the Chinese company that acquired rights to produce BlackBerry-brand handsets, originally had said the phone would go on sale in April, so the delay may disappoint potential users. This could be a bad time to test the patience of potential buyers, as Samsung and LG are both heavily promoting their new flagship handsets, the S8 and G6.To read this article in full or to leave a comment, please click here | |||
|
2017-04-26 14:29:00 | Juniper finds its head in the clouds; security is another story (lien direct) | In announcing its Q1 earnings yesterday Juniper company executives were delighted about the company's returns on its cloud computing directions.In the results conference call Juniper CEO Rami Rahim said cloud computing sales grew 25% year-over-year and noted that four of the company's top 10 accounts were cloud-related. Specifically, the cloud vertical earned $331.6 million in the first quarter, over $264.8 million a year ago.“As the industry evolves, cloud architectures are no longer the exclusive domain of the cloud providers. Customers across all verticals are developing strategies for moving to cloud service delivery models and this aligns with our strategy to power the cloud transformation,†Rahim said [Seeking Alpha has a full transcript of the call here]. “The cloud is a massive paradigm shift that is reshaping all industries, and I'm excited about the opportunity we have in front of us.â€To read this article in full or to leave a comment, please click here | |||
|
2017-04-26 13:58:00 | Ransomware attacks are taking a greater toll on victim\'s wallets (lien direct) | The hackers spreading ransomware are getting greedier. In 2016, the average ransom demand to free computers hit with the infection rose to US$1,077, up from $294 the year before, according to security firm Symantec.“Attackers clearly think that there's more to be squeezed from victims,†Symantec said in a Wednesday report.In addition, the security firm has been detecting more ransomware infection attempts. In 2016, the figure jumped by 36 percent from the year prior.  That doesn't bode well for the public. Ransomware is notorious for taking over computers, and essentially holding them hostage. To do so, the malicious coding encrypts all the data inside, and then demands a fee, usually in bitcoin, in exchange for releasing the machine.To read this article in full or to leave a comment, please click here | |||
|
2017-04-26 12:09:21 | Companion mobile app exposed Hyundai cars to potential hijacking (lien direct) | The mobile application that accompanies many Hyundai cars exposed sensitive information that could have allowed attackers to remotely locate, unlock, and start vehicles.The vulnerability was patched in the latest version of the mobile app released in March but was publicly disclosed on Tuesday. It is the latest in a string of flaws found over the past few years in the "smart" features added by vehicle manufacturers to their cars.The Hyundai issue was discovered by independent researchers William Hatzer and Arjun Kumar when analyzing the MyHyundai with Blue Link mobile app.Blue Link is a subscription-based technology that's available for many Hyundai car models released after 2012. It allows car owners to remotely locate their vehicles in case of theft, to remotely unlock them if they lose or misplace their keys, and even to remotely start or stop their engine when they're parked and locked.To read this article in full or to leave a comment, please click here | |||
|
2017-04-26 10:36:00 | IDG Contributor Network: MasterCard puts a finger on fraud (lien direct) | Most credit card verification systems only verify whether the card is valid and not if the presenter is the authorized cardholder. MasterCard intends to address that with its newly introduced card with a built-in fingerprint sensor.This new MasterCard gives customers the option of using a single digit rather than a PIN. It's a very impressive development, particularly since it works with existing chip readers.+ Also on Network World: Google's Trust API: Bye-bye passwords, hello biometrics? + The card gives new meaning to the title “cardholder†as the customer must physically hold the card during the transaction. There's a fingerprint sensor on the face of the card that syphons enough power from the chip reader to read and validate a fingerprint. If dirt, sweat or other factors prevent validation, the transaction can be completed with a PIN.To read this article in full or to leave a comment, please click here | |||
|
2017-04-26 10:14:00 | McAfee: Wave of Shamoon cyberattacks being coordinated by a single group (lien direct) | The waves of cyberattacks that have rocked Saudi Arabia over the past few months are linked to the earlier Shamoon attacks. However, the initial 2012 attack was the work of a single group, whereas the latest attacks have been carried out by different groups of varying skills and expertise, all following instructions provided by one malicious actor, McAfee researchers have found.Researchers at McAfee Strategic Intelligence believe the 2012 Shamoon attacks against Saudi Arabia's state-run oil company Saudi Aramco and Qatari natural gas company RasGas, the attacks last November against Saudi organizations, and these latest attacks are all the work of hacker groups supported and coordinated by a single actor, and not the efforts of multiple gangs operating independently, said McAfee principal engineer Christiaan Beek and McAfee chief scientist Raj Samani. To read this article in full or to leave a comment, please click here | |||
|
2017-04-26 10:13:00 | Security-as-a-service model gains traction (lien direct) | With mid-market companies feeling an increasing need to devote time and resources to network security, the security-as-a-service model is gaining traction, according to new research released yesterday by 451 Research."The security challenge for mid-tier businesses is multi-dimensional," Daniel Cummins, analyst at 451 Research, said in a statement. "For these businesses, everything seems to be increasing - attack frequency, compliance requirements, complexity, costs and the number of security products that need to be managed. Cloud-based security-as-a-service offers potentially significant advantages in terms of simplicity and access to security that may prove to be less complex and expensive than traditional approaches."To read this article in full or to leave a comment, please click here | |||
|
2017-04-26 10:13:00 | Report: Top 25 IT security products (lien direct) | Nothing beats hearing from your peers about which IT security products have been successful in the enterprise. IT Central Station, which collects reviews from verified enterprise IT product users, has compiled a report that identifies 25 top-rated products in security categories such as cloud security, firewalls, security information and event management (SIEM), application security and internet of things (IoT) security.IT Central Station selected the product leaders in each security category. The report uses a scoring methodology based on a combination of buyer interest, the number of reviews (at least 10), and the average rating in those reviews.To read this article in full or to leave a comment, please click here | Guideline | ||
|
2017-04-26 07:14:00 | IDG Contributor Network: Cyber crime as a service forces changes in information security (lien direct) | Cyber crime has been commercialized. Infecting computers with ransomware or using an advanced persistent threat to pilfer intellectual property no longer requires deep technical knowledge. Just use Google to learn how to access the Dark Web, and you can find hackers who, for a price, are more than happy to write malware, create highly effective spear phishing campaigns and develop bogus websites for harvesting login credentials.+ Also on Network World:Â DDoS-for-hire services thrive despite closure of major marketplace + Major companies (think Fortune 500 organizations) understand that cyber crime as a service has changed how they handle defense. But for organizations still maturing their defensive measures, here's what the transformation of cyber crime into an industry means for how you approach information security. Â To read this article in full or to leave a comment, please click here | |||
|
2017-04-26 06:57:00 | Drunken man arrested for assaulting 300-lb. K5 security robot (lien direct) | So, you toss back a few drinks and decide now is the best time to “test†a 5-foot tall, 300-pound, egg-shaped security robot that is patrolling a Mountain View, California, parking lot. Although it might seem like a good idea when you are drunk, it probably isn't the best plan, considering it resulted in the arrest of 41-year-old man when he tried it.After Jason Sylvain assaulted Knightscope's K5 Autonomous Data Machine in a parking lot, he was arrested and stands accused of “prowling and public intoxication.â€Knightscope told ABC7, “It's a testament to the technology that police caught the aggressor and booked in him jail.â€To read this article in full or to leave a comment, please click here | Prowli | ||
|
2017-04-25 17:54:20 | Russian hackers use OAuth, fake Google apps to phish users (lien direct) | The Russian hacking group blamed for targeting U.S. and European elections has been breaking into email accounts, not only by tricking victims into giving up passwords, but by stealing access tokens too. It's sneaky hack that's particularly worrisome, because it can circumvent Google's 2-step verification, according to security firm Trend Micro. The group, known as Fancy Bear or Pawn Storm, has been carrying out the attack with its favored tactic of sending out phishing emails, Trend Micro said in a report Tuesday. To read this article in full or to leave a comment, please click here | APT 28 | ||
|
2017-04-25 16:11:50 | Old Windows Server machines can still fend off hacks. Here\'s how (lien direct) | If you're running a Windows Server 2003 machine, you have a problem. Your already-vulnerable computer is now at severe risk of being hacked.That's due to the internet release earlier this month of a batch of updates that paint a bulls-eye on computers running Windows Server 2003, according to security researchers.“I can teach my mom how to use some of these exploits,†said Jake Williams, founder of Rendition Infosec, a security provider. “They are not very complicated at all.â€Experts are urging affected businesses to upgrade to the latest Windows OSes, which offer security patches that can address the threat.To read this article in full or to leave a comment, please click here | |||
|
2017-04-25 11:50:00 | Security certificates gone wrong (lien direct) | Security certificates are designed to authenticate hosts. Browsers have become pretty good about understanding chains of authorities, and making users accept the risk when websites can't prove the chain of authorities needed to verify they are who they say they are.Sites masquerading as legitimate sites, however, employ sad little tricks, such as “punycodeâ€-URL links embedded in otherwise official-looking phishing emails. These tricks are malicious. There are also sites that should be well-administrated but are not.Then there are sites, important sites, that botch their own security with certificates ostensibly granted by places such as the U.S. Department of Homeland Security (DHS).To read this article in full or to leave a comment, please click here | |||
|
2017-04-25 10:17:00 | How your company needs to train workers in cybersecurity (lien direct) | With workplace cyberattacks on the rise, industry experts are pressing businesses to train their workers to be more vigilant than ever to protect passwords and sensitive data and to recognize threats.“It is imperative for organizations of all sizes to instill among employees the critical role they play in keeping their workplace safe and secure,†said Michael Kaiser, executive director of the National Cyber Security Alliance, a group that promotes education on the safe and secure use of the internet. The group's members include such major technology companies as Cisco, Facebook, Google, Intel and Microsoft.To read this article in full or to leave a comment, please click here | |||
|
2017-04-25 09:26:00 | Cisco switch taps into Time Sensitive Ethernet; software bolsters industrial network mgmt. (lien direct) | Cisco this week took the wraps off three products aimed at increasing the speed of communications while controlling and analyzing the substantial data stream of the factory floor.The products build on Cisco's Connected Factory portfolio which offers a variety of technologies from networking and security to analytics the company says will help customers quickly and more securely integrate industrial automation and control with business systems while improving industrial and manufacturing operational costs and efficiency.+More on Network World: Ethernet: Are there worlds left to conquer?+To read this article in full or to leave a comment, please click here | |||
|
2017-04-25 07:52:00 | Cybersecurity skills shortage impact on technology innovation (lien direct) | The global cybersecurity skills shortage continues to be a critical issue. For example, ESG research found 45% of organizations report a “problematic shortage†of cybersecurity skills today, more than any other area within IT.Want more? Here are a few tidbits from last year's research project done in conjunction with the Information Systems Security Association (ISSA). In a survey of 437 cybersecurity professionals and ISSA members: 29% of cybersecurity professionals said the global cybersecurity skills shortage has had a significant impact on their organization. Another 40% said the global cybersecurity skills shortage has impacted their organization “somewhat.†When asked to identify the impact of the cybersecurity skills shortage: 54% said it increased the cybersecurity staff's workload 35% said their organization had to hire and train junior staff rather than hire people with the appropriate level of experience necessary 35% said the cybersecurity skills shortage has created a situation whereby the infosec team hasn't had time to learn or use its security technologies to their full potential While the cybersecurity skills shortage endures, the industry itself remains white hot. According to a recent Bloomberg business article, the cybersecurity industry is expected to grow about 7% a year through 2019 to reach $46 billion in valuation.To read this article in full or to leave a comment, please click here | |||
|
2017-04-25 07:50:00 | Respond to ransomware in three steps: secure, assess, recover (lien direct) | This vendor-written tech primer has been edited by Network World to eliminate product promotion, but readers should note it will likely favor the submitter's approach.Your help desk email and phones start lighting up. Your CIO is in your office looking stressed and staring at you. Quickly, you learn your company is the latest target of a ransomware attack.Logically, you shouldn't be in this position. The latest detection software and data protection tactics are commonplace at your organization, intending to keep you out of this mess. Also, you have followed all best practices to ensure maximum data availability, so it's likely your backups and disaster recovery sites were impacted as well. At this point, all that matters is that your data has been kidnapped, and you need to restore operations as soon as possible.To read this article in full or to leave a comment, please click here | |||
|
2017-04-25 07:19:01 | Webroot deletes Windows files and causes serious problems for users (lien direct) | Users of Webroot's endpoint security product, consumers and businesses alike, had a nasty surprise Monday when the program started flagging Windows files as malicious.The reports quickly popped up on Twitter and continued on the Webroot community forum -- 14 pages and counting. The company came up with a manual fix to address the issue, but many users still had problems recovering their affected systems.The problem is what's known in the antivirus industry as a "false positive" -- a case where a clean file is flagged as malicious and is blocked or deleted. False positive incidents can range in impact from merely annoying -- for example, when a program cannot run anymore -- to crippling, where the OS itself is affected and no longer boots.To read this article in full or to leave a comment, please click here | |||
|
2017-04-25 07:19:00 | Chaos for customers: Webroot flags Windows as malware and Facebook as phishing site (lien direct) | A Webroot antivirus signature update, which was supposedly live for only 13 minutes yesterday afternoon, flagged crucial Windows system files as malicious, causing chaos and 15 pages of customer complaints so far.The havoc began after Webroot flagged some Windows system files as the malware Win32.Trojan.Gen and moved key system files to quarantine. As legit files were shuffled around, thousands upon thousands of Webroot customers experienced OS errors or crashed Windows systems.To read this article in full or to leave a comment, please click here | |||
|
2017-04-25 07:03:00 | Systemic cybersecurity crisis looms (lien direct) | The number of large-scale, highly damaging data breaches over the past few years has led some to believe the market is on its way to another systemic crisis, similar to the Great Recession.Corporate greed, lax risk management procedures and insufficient oversight by regulators contributed to the 2008 financial crisis. Likewise, the perception that cybersecurity is just another cost center coupled with organizations' tendencies to implement bare minimum security measures could be paving the way for a systemic cybersecurity crisis. + Also on Network World: How CISOs should address their boards about security + There is a widespread notion that cybersecurity is one more hurdle for executives to deal with that drains company resources. Cisco surveyed more than 1,000 executives, and 74 percent of participants said the main purpose of cybersecurity is to reduce risk rather than enable growth. This ideology that cybersecurity is costly, hinders productivity and is maintained based on a company decision maker's level of paranoia is not just inaccurate, it is harmful. As a result, many organizations underinvest in their cybersecurity programs, implementing minimal security measures that may be obsolete in a few short years as cyber threats evolve and new attack vectors emerge.To read this article in full or to leave a comment, please click here | |||
|
2017-04-25 06:00:00 | IDG Contributor Network: Twistlock leverages the container opportunity to score big funding (lien direct) | The open source Docker initiative has been nothing if not entertaining. Epic levels of intrigue, dastardly deeds and positioning seems to be the order of the day.Of particular interest is what the Docker ecosystem is doing, particularly how the third-party solution players deftly promise loyalty to Docker Inc. but also position themselves for survival in the increasingly likely eventuality that Docker (the company) will, in Silicon Valley parlance, eat their lunch.+ Also on Network World:Â Finding and protecting the crown jewels + One interesting area is that of security as it relates to containerized applications. One vendor doing good work in the space is Twistlock. Twistlock describes itself as the industry's first enterprise security suite for containers. Twistlock's technology addresses risks on the host and within the application of the container. In doing so, it gives enterprises the ability to consistently enforce security policies, monitor and audit activity, and identify and isolate threats in a container or cluster of containers. Twistlock's stated mission is to provide a full, enterprise-grade security stack for containers so organizations can confidently adopt and maximize the benefits of containers in their production environment.To read this article in full or to leave a comment, please click here | |||
|
2017-04-25 05:09:00 | IDG Contributor Network: How CISOs should address their boards about security (lien direct) | There are two times you might have to talk to your organization's board of directors about security: before a breach and after. Be sure you've had the former before you need to have the latter.The board of directors, whose duty it is to run the company in the long-term interest of the owners, needs to know you've taken prudent steps to protect the organization's digital assets. That should mean the board wants to talk with you, the CISO, to learn firsthand what your department is doing to mitigate information security threats.+ Also on Network World:Â How to survive in the CISO hot seat + Board members want a high-level picture of the threat landscape and a checklist of the measures you've taken and policies you've adopted to protect the organization. Your job is to provide the board with perspective and not necessarily details. A scorecard or checklist can be an effective visual and a good starting point for a discussion of the organization's security measures. It lets you provide a high-level overview, and it gives you a road map for diving into details if the board asks for more information.To read this article in full or to leave a comment, please click here | |||
|
2017-04-25 04:27:00 | (Déjà vu) What to ask when selecting application security solutions (lien direct) | Buying decisions Image by ThinkstockThere are many factors to consider when making an application security purchasing decision, and the pressure is on organizations now more than ever to improve their security risk management preparedness. In fact, more than 80 percent of security attacks target software applications, with application vulnerabilities as the No.1 cyber-attack target. Organizations need a comprehensive application security toolkit to stay secure throughout the product lifecycle, and need to address key questions that can help them determine the right tools to address security risks.To read this article in full or to leave a comment, please click here |
|||
|
2017-04-25 04:26:00 | How CISOs find their perfect job (lien direct) | It's a good time to be a CISO. In a market where analysts say there are over 1 million unfilled job openings, and with demand expected to rise to 6 million globally by 2019 -- according to the Palo Alto Research Center, if you do a good job other opportunities are sure to follow.Indeed, such is the market, that - as we reported last year, even poor performing CISOs, dismissed from previous jobs, get handed new opportunities time and time again.To read this article in full or to leave a comment, please click here | |||
|
2017-04-24 18:08:20 | Hipchat resets user passwords after possible breach (lien direct) | HipChat has reset all its users' passwords after what it called a security incident that may have exposed their names, email addresses and hashed password information.In some cases, attackers may have accessed messages and content in chat rooms, HipChat said in a Monday blog post. But this happened in no more than 0.05 percent of the cases, each of which involved a domain URL, such as company.hipchat.com.HipChat didn't say how many users may have been affected by the incident. The passwords that may have been exposed would also be difficult to crack, the company said. The data is hashed, or obscured, with the bcrypt algorithm, which transforms the passwords into a set of random-looking characters. For added security, HipChat "salted" each password with a random value before hashing it.To read this article in full or to leave a comment, please click here | |||
|
2017-04-24 14:57:00 | Customers roast Microsoft over security bulletins\' demise (lien direct) | When Microsoft asked customers last week for feedback on the portal that just replaced the decades-long practice of delivering detailed security bulletins, it got an earful from unhappy users."Hate hate hate the new security bulletin format. HATE," emphasized Janelle 322 in a support forum where Microsoft urged customers to post thoughts on the change. "I now have to manually transcribe this information to my spreadsheet to disseminate to my customers. You have just added 8 hours to my workload. Thanks for nothing."To read this article in full or to leave a comment, please click here | |||
|
2017-04-24 13:59:00 | 7 patch management practices guaranteed to help protect your data (lien direct) | This vendor-written tech primer has been edited by Network World to eliminate product promotion, but readers should note it will likely favor the submitter's approach.We're in an era in which pre-packaged exploit services make it possible for the average Joe, with no technological experience or prowess, to launch intricate attacks on our environments. So, what can be done? Patching operating systems and applications is a surefire way to block some attacks.  But you need to do more than blast out auto updates.Here are seven patch management best practices that take your organization's cybersecurity to the next level:#1 Use a proper discovery service You can't secure what you don't know about. The only way to know if a breach or vulnerability exists is to employ broad discovery capabilities. A proper discovery service entails a combination of active and passive discovery features and the ability to identify physical, virtual and on and off premise systems that access your network. Developing this current inventory of production systems, including everything from IP addresses, OS types and versions and physical locations, helps keep your patch management efforts up to date, and it's important to inventory your network on a regular basis. If one computer in the environment misses a patch, it can threaten the stability of them all, even curbing normal functionality.To read this article in full or to leave a comment, please click here | |||
|
2017-04-24 07:50:00 | More Windows PCs infected with NSA backdoor DoublePulsar (lien direct) | The number of Windows computers infected with NSA backdoor malware continues to rise since Shadow Brokers leaked the hacking tools on April 14.DoublePulsar infection rate climbing Two different sets of researchers scanning for the DoublePulsar implant saw a significant bump in the number of infected Windows PCs over the weekend.For example, Dan Tentler, CEO of the Phobos Group, suggested that Monday would not be a good day for many people, as his newest scan showed about 25 percent of all vulnerable and publicly exposed SMB machines are infected.To read this article in full or to leave a comment, please click here | |||
|
2017-04-24 07:37:00 | Bring Your Own Authentication is upending online security practices (lien direct) | This vendor-written tech primer has been edited by Network World to eliminate product promotion, but readers should note it will likely favor the submitter's approach.Seeing the success of the Bring Your Own Device movement, a cadre of leading companies are starting to explore if a similar approach can be used to address the authentication challenge. If BYOD essentially makes the device a proxy for the work environment, can that same device serve as a proxy for customers online?This new movement, known as Bring Your Own Authentication (BYOA), holds the same promise of reimagining the way we think of authentication, putting the consumer (and device) front and center in the interaction, and relegating passwords to the background or eliminating them completely. But there are challenges to overcome in order for mass adoption.To read this article in full or to leave a comment, please click here | Guideline | ||
|
2017-04-24 06:44:16 | Russian man receives longest-ever prison sentence in the US for hacking (lien direct) | A 32-year-old Russian hacker was sentenced to 27 years in prison in the U.S. for stealing millions of payment card details from businesses by infecting their point-of-sale systems with malware.The sentence is the longest ever handed out in the U.S. for computer crimes, surpassing the 20-year jail term imposed on American hacker and former U.S. Secret Service informant Albert Gonzalez in 2010 for similar credit card theft activities.Roman Valeryevich Seleznev, a Russian citizen from Vladivostok, was sentenced Friday in the Western District of Washington after he was found guilty in August of 10 counts of wire fraud, eight counts of intentional damage to a protected computer, nine counts of obtaining information from a protected computer, nine counts of possession of 15 or more unauthorized access devices and two counts of aggravated identity theft.To read this article in full or to leave a comment, please click here | |||
|
2017-04-24 04:54:00 | 11 technologies developers should explore now (lien direct) | New and evolving technologies are rapidly reshaping how we work-offering creative opportunities for developers who are willing to pivot and adopt new skills. We took a look at 11 tech trends experts say are likely to disrupt current IT approaches and create demand for engineers with an eye on the future.It isn't all about The Next Big Thing. Future opportunities for developers are emerging from a confluence of cutting-edge technologies, such as AI, VR. augmented reality, IoT, and cloud technology ... and, of course, dealing with the security issues that are evolving from these convergences.[ Find out how to get ahead with our career development guide for developers. | The art of programming is changing rapidly. We help you navigate what's hot in programming and what's going cold. | Keep up with hot topics in programming with InfoWorld's App Dev Report newsletter. ] If you're interested in expanding your developer's toolkit, check out these trending domains-and our tips on how to get ahead by getting started with them.To read this article in full or to leave a comment, please click here | |||
|
2017-04-24 04:50:00 | FAQ: What is blockchain and how can it help business? (lien direct) | Blockchain sounds like a way to keep boats anchored, which isn't a bad analogy, considering what the technology purports to do.While some IT experts herald it as a groundbreaking way of creating a distributed, unchangeable record of transactions, others question the nascent technology's usefulness in the enterprise, which has traditionally relied on centrally-administered databases to secure digital records.Even so, companies are moving fast to try and figure out how they can use it to save time and money. And IT vendors are responding to customers calls for info, with some already looking to include it as part of their services.To read this article in full or to leave a comment, please click here | |||
|
2017-04-24 04:45:00 | Healthcare records for sale on Dark Web (lien direct) | Last August a Baltimore substance abuse treatment facility had its database hacked. Patient records subsequently found their way onto the Dark Web, according to DataBreaches.net. The group noticed such things as dates of admission, whether the patients are on methadone, their doctors and counselors, and dosing information.In the DataBreaches.net blog, the hacker “Return,†who they think is Russian, described how he compromised the Man Alive clinic: “With the help of the social engineer, applied to one of the employees. Word file with malicious code was downloaded.â€To read this article in full or to leave a comment, please click here |
To see everything:
Our RSS (filtrered)
