What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2017-04-24 04:44:00 | Securing risky network ports (lien direct) | Data packets travel to and from numbered network ports associated with particular IP addresses and endpoints, using the TCP or UDP transport layer protocols. All ports are potentially at risk of attack. No port is natively secure.“Each port and underlying service has its risks. The risk comes from the version of the service, whether someone has configured it correctly, and, if there are passwords for the service, whether these are strong? There are many more factors that determine whether a port or service is safe,†explains Kurt Muhl, lead security consultant at RedTeam Security. Other factors include whether the port is simply one that attackers have selected to slip their attacks and malware through and whether you leave the port open.To read this article in full or to leave a comment, please click here | Guideline | ||
|
2017-04-24 02:46:00 | (Déjà vu) New products of the week 4.24.17 (lien direct) | New products of the week Image by AcalvioOur roundup of intriguing new products. Read how to submit an entry to Network World's products of the week slideshow.To read this article in full or to leave a comment, please click here |
|||
|
2017-04-23 09:03:00 | Trump claimed on Earth Day: \'Rigorous science is critical to my administration\' (lien direct) | If you had been living under a rock, then you might actually believe that President Trump plans to protect the environment and support science.Trump's Earth Day statement began: Our Nation is blessed with abundant natural resources and awe-inspiring beauty. Americans are rightly grateful for these God-given gifts and have an obligation to safeguard them for future generations. My Administration is committed to keeping our air and water clean, to preserving our forests, lakes, and open spaces, and to protecting endangered species.To read this article in full or to leave a comment, please click here | |||
|
2017-04-21 17:47:39 | There\'s now a tool to test for NSA spyware (lien direct) | Has your computer been infected with a suspected NSA spying implant? A security researcher has come up with a free tool that can tell.Luke Jennings of security firm Countercept wrote a script in response to last week's high-profile leak of cyberweapons that some researchers believe are from the U.S. National Security Agency. It's designed to detect an implant called Doublepulsar, which is delivered by many of the Windows-based exploits found in the leak and can be used to load other malware.To read this article in full or to leave a comment, please click here | |||
|
2017-04-21 10:11:43 | Phishing attacks using internationalized domains are hard to block (lien direct) | The latest version of Google Chrome, released earlier this week, restricts how domain names that use non-Latin characters are displayed in the browser. This change is in response to a recently disclosed technique that could allow attackers to create highly credible phishing websites.The ability to register domain names made up of characters like those found in the Arabic, Chinese, Cyrillic, Hebrew and other non-Latin alphabets dates back over a decade. Since 2009, the Internet Corporation for Assigned Names and Numbers (ICANN) has also approved a large number of internationalized top-level domains (TLDs) -- domain extensions -- written with such characters.To read this article in full or to leave a comment, please click here | |||
|
2017-04-21 09:24:00 | DARPA opens massive “Colosseum†to develop radical wireless applications (lien direct) | DARPA today said it the opened unique and massive testbed it will use as a battleground for researchers to build and test autonomous, intelligent and collaborative wireless technologies.Calling it a “magnificent electronic arena†The Colosseum will be primarily used to host the Defense Advanced Research Projects Agency's $3.75 million three-year Spectrum Collaboration Challenge (SC2), which will pit researchers against each other to develop what the agency calls radically new technologies for “using and managing access to the electromagnetic spectrum in both military and civilian domains.â€To read this article in full or to leave a comment, please click here | |||
|
2017-04-21 08:43:00 | Forget signatures for malware detection. SparkCognition says AI is 99% effective  (lien direct) | This column is available in a weekly newsletter called IT Best Practices.  Click here to subscribe.  The notion of detecting malware by looking for malicious file signatures is obsolete. Depending on which source is cited, anywhere from 300,000 to one million new malware files are identified every day.Kaspersky Lab says it finds 323,000 files daily, AV-TEST claims to discover more than 390,000 new malicious programs every day, and Symantec says it uncovers almost a million new threats per day. No matter how you count it, that's a lot of malicious software being unleased into the wild day after day.To read this article in full or to leave a comment, please click here | |||
|
2017-04-21 08:02:00 | IDG Contributor Network: Is your company spending on the right security technologies? (lien direct) | Investing in security technologies is a given for most companies today, and with stories of breaches and hacks making headlines every week, the importance of these tools has risen to prominence.While there's no shortage of security technologies to choose from, the big question that remains is: How does a company choose the right security investments? Many organizations struggle to implement the right tools to manage and mitigate risk, and getting all of these solutions to actually work together often presents an even bigger challenge.With that in mind, here are three considerations that can help companies make the right decisions when it comes to investing in security technology:To read this article in full or to leave a comment, please click here | |||
|
2017-04-21 07:14:00 | IDG Contributor Network: Why banks should stay well clear of blockchain (lien direct) | If the financial services industry is banking on blockchain as the basis for new service innovation, it will be sorely disappointed. Blockchain's design principles are completely at odds with those of the industry, and the technology is fraught with flaws that could be catastrophic for financial institutions.I'll come on to why in a moment. Clearly, there is a lot of hype and momentum around blockchain. WANdisco sees this first hand: We're increasingly being approached by banks that think this is the kind of thing we do (it isn't). And why are they interested? Because senior directors and investors have heard the buzz and concluded that this is something they need-that if they don't seize the opportunity, they'll miss out. They're wrong. Banks need blockchain like a hole in the head.To read this article in full or to leave a comment, please click here | |||
|
2017-04-21 06:52:00 | Cybersecurity skills shortage threatens the mid-market (lien direct) | Each year, respondents ESG's annual global survey of IT and cybersecurity professionals are asked to identify the area where their organizations have a problematic shortage of skills. For the sixth year in a row, cybersecurity skills topped the list-this year, 45% of the 641 respondents said their organization has a problematic shortage of cybersecurity skills. Now, the cybersecurity skill shortage isn't picky; it impacts all organizations across industries, organizational size, geography, etc. Nevertheless, global cybersecurity may be especially problematic for organizations in the mid-market, from 100 to 999 employees.Keep in mind that the skills shortage isn't limited to headcount. Rather, it also includes skills deficiencies-situations where security staff members don't have the right skills to address the dynamic and sophisticated threat landscape. To read this article in full or to leave a comment, please click here | |||
|
2017-04-21 04:06:00 | What\'s in the fine print of your disaster recovery vendor agreement? (lien direct) | Sign on the bottom line Image by ThinkstockDisaster-recovery solutions require several complex, moving parts coordinated between your production site and the recovery site. Service-level agreements are ultimately the most accurate way to determine where responsibility is held for disaster-recovery process and execution. It's important to have SLA documentation around these critical aspects of recovery so that customers have commitments from their vendor. It's also important that a service provider's agreements contain service-credit backed SLAs for additional accountability. When considering DRaaS vendors, ask your potential partner how far they are willing to go in protecting your business and your data, and if these promises will be reimbursable if not met. Bluelock's Brandon Jeffress reviews what is essential to be in an ironclad SLA.To read this article in full or to leave a comment, please click here |
|||
|
2017-04-20 14:09:50 | Drupal fixes critical access bypass vulnerability (lien direct) | The Drupal project has released a patch to fix a critical access bypass vulnerability that could put websites at risk of hacking.The vulnerability does not have the highest severity level based on Drupal's rating system, but is serious enough that the platform's developers decided to also release a patch for a version of the content management system that's no longer officially supported.Successful exploitation of the vulnerability can lead to a complete compromise of data confidentiality and website integrity, but only Drupal-based websites with certain configurations are affected.To be vulnerable, a website needs to have the RESTful Web Services enabled and to allow PATCH requests. Furthermore, the attacker needs to be able to register a new account on the website or to gain access to an existing one, regardless of its privileges.To read this article in full or to leave a comment, please click here | Guideline | ||
|
2017-04-20 13:45:13 | Hackers use old Stuxnet-related bug to carry out attacks (lien direct) | Users that run unpatched software beware. Hackers have been relying on an old software bug tied to the Stuxnet worm to carry out their attacks.Microsoft may have initially patched the flaw in 2010, but it's nevertheless become the most widespread software exploit, according to security firm Kaspersky Lab.On Thursday, Kaspersky posted research examining the use of exploits, or malicious programs designed to take advantage of certain software flaws. Once an exploit goes to work, it can typically pave the way for other malicious programs to install onto a computer.To read this article in full or to leave a comment, please click here | |||
|
2017-04-20 08:12:40 | Flaws let attackers hijack multiple Linksys router models (lien direct) | Two dozen Linksys router models are vulnerable to attacks that could extract sensitive information from their configurations, cause them to become unresponsive and even completely take them over.The vulnerabilities were discovered by senior security consultant Tao Sauvage from IOActive and independent security researcher Antide Petit while working together to analyze the Linksys EA3500 Smart Wi-Fi wireless router.The two researchers found a total of 10 vulnerabilities that affect not only the EA3500, but two dozen different router models from Linksys' Smart Wi-Fi, WRT and Wireless-AC series. Even though these devices are marketed as consumer products, it's not unusual to find them running in small business and home office environments.To read this article in full or to leave a comment, please click here | |||
|
2017-04-20 07:09:00 | Bose accused of spying on users, illegal wiretapping via Bose Connect app (lien direct) | Those high-dollar Bose headphones? A lawsuit filed in Chicago contends Bose has been spying on users via the Bose Connect app, which enables users to remotely control their Bose headphones, and violating their privacy rights by selling the information about what they listen to without permission. Furthermore, Kyle Zak accused Bose of illegal wiretapping.The lawsuit claims the app also has a data miner called Segment.io. Segment, the company behind the data miner, advertises, “Collect all of your customer data and send it anywhere.â€To read this article in full or to leave a comment, please click here | |||
|
2017-04-20 05:57:00 | IDG Contributor Network: Finding and protecting the crown jewels (lien direct) | Visibility and security controls for internet-based applications such as social media, file sharing and email have been widely adopted at the perimeter. As we transition from the legacy perimeter security model to a cloud security model, there is a need to ensure we don't forget the principles we have established. Virtualization has changed how applications are built, deployed and used. It has also created challenges to how security is applied and deployed for these environments. That isn't necessarily a bad thing; the result of these challenges has driven new innovation in the cloud security space.+ Also on Network World: The tricky, personal politics of cloud security + Discovering and mapping application communications and dependencies is one of the first steps in defining and creating security policies for east-west data center traffic. Unfortunately, there is often a lack of understanding about these relationships, making east-west security policies difficult to implement and often prone to misconfiguration. As a result, we still see an abundance of successful attacks and the loss of critical data, even with traditional perimeter security models in place.To read this article in full or to leave a comment, please click here | |||
|
2017-04-20 04:23:00 | Don\'t get bit by zombie cloud data (lien direct) | The internet never forgets, which means data that should have been deleted doesn't always stay deleted. Call it "zombie data," and unless your organization has a complete understanding of how your cloud providers handle file deletion requests, it can come back to haunt you.Ever since the PC revolution, the concept of data deletion has been a bit misunderstood. After all, dragging a file to the Recycle Bin simply removed the pointer to the file, freeing up disk space to write new data. Until then, the original data remained on the disk, rediscoverable using readily accessible data recovery tools. Even when new data was written to that disk space, parts of the file often lingered, and the original file could be reconstructed from the fragments.To read this article in full or to leave a comment, please click here | |||
|
2017-04-20 04:18:00 | Are we ready to bid the SIEM farewell? (lien direct) | At this year's Infiltrate Security Conference in Miami, John Grigg walked the audience through a common target network where a known and commonly used SIEM had been integrated in order to show participants how to exploit onto the SIEM, find intel, and cover their tracks.Though SIEM technologies are supposed to help secure the networks, Grigg said that they are often misconfigured, which creates more vulnerabilities.Even though some of the legacy tools are pretty cool, Grigg said the problem is that no one really knows the platform that well. "The vendor who built it knows it from a design standpoint. Then there's the re-selllers, the guys who install it, the internal IT guys who inherit the systems, but they tend to never really focus on it."Â To read this article in full or to leave a comment, please click here | |||
|
2017-04-19 14:04:00 | Cisco issues 7 “high priority†security advisories; Firepower, IOS and ASA issues among them (lien direct) | Cisco had a pretty large dump of security advisories today – seven “high priority†and one “critical†– impacting a variety of products many with the threat allowing a remote attacker to cause a denial of service.First up this week Cisco said a vulnerability in the Session Initiation Protocol (SIP) UDP throttling process of Cisco Unified Communications Manager (Cisco Unified CM) software could let an unauthenticated, remote attacker cause a denial of service (DoS) attack.+More on Network World: Cisco certifications target business professionals eyeing software roles+To read this article in full or to leave a comment, please click here | |||
|
2017-04-19 13:10:00 | Humans are (still) the weakest cybersecurity link (lien direct) |
Humans remain the weak link in corporate data protection, but you might be surprised hat it isn't only rank-and-file employees duped by phishing scams who pose risks. Some companies are lulled into a false sense of cybersecurity by vendors. You read that right:Some enterprises believe the shiny new technologies they've acquired will protect them from anything.Just ask Theodore Kobus, leader of BakerHostetler's Privacy and Data Protection team. BakerHostetler
Theodore Kobus, BakerHostetler's Privacy and Data Protection team.To read this article in full or to leave a comment, please click here |
Guideline | ||
|
2017-04-19 12:16:17 | A vigilante hacker may have built a computer worm to protect the IoT (lien direct) | Is a vigilante hacker trying to secure your IoT device from malware? The mysterious developer behind a growing computer worm wants people to think so. The worm, known as Hajime, has infected tens of thousands of easy-to-hack products such as DVRs, internet cameras, and routers. However, the program so far hasn't done anything malicious.Instead, the worm has been preventing a notorious malware known as Mirai from infecting the same devices. It's also been carrying a message written from its developer.To read this article in full or to leave a comment, please click here | |||
|
2017-04-19 09:54:00 | 5 ways to keep virtual assistants from sharing your company\'s secrets (lien direct) | Virtual assistants like Apple's Siri, Microsoft's Cortana and Google Now have the potential to make enterprise workers more productive. But do “always listening†assistants pose a serious threat to security and privacy, too?Nineteen percent of organizations are already using intelligent digital assistants, such as Siri and Cortana, for work-related tasks, according to Spiceworks' October 2016 survey of 566 IT professionals in North America, Europe, the Middle East and Africa. The survey also found that 46 percent of organizations plan to adopt intelligent assistants within five years.To read this article in full or to leave a comment, please click here | |||
|
2017-04-19 09:05:00 | DHS warns on immigration spoofing scam (lien direct) | You could probably see this one and others like it coming, given the current immigration quagmire that is the United States immigration environment. Today the U.S. Department of Homeland Security issued a fraud alert saying criminals have been using the agency's Hotline as part of a spoofing scam to steal personal information.+More on Network World: DARPA to eliminate “patch & pray†by baking chips with cybersecurity fortification+The DHS Office of Inspector General (OIG) said perpetrators of the scam represent themselves as employees with “U.S. Immigration†and can alter caller ID systems to make it appear that the call is coming from the DHS OIG Hotline telephone number (1-800-323-8603).To read this article in full or to leave a comment, please click here | |||
|
2017-04-19 08:17:55 | Surveys show high hopes, deep concerns about IoT (lien direct) | Industrial IoT's big future is starting to become a reality, but many companies still don't think they're ready for it.Those are some of the findings in surveys released on Tuesday by the Business Performance Innovation Network and the Eclipse IoT Working Group. They reflect the views of hundreds of executives and developers from a range of industries.More than half of the executives think their industries are already adopting IoT through either pilots or large-scale deployments, and 57 percent are at least in the planning stages themselves, BPI Network said. About 350 executives from around the world responded to the survey by BPI Network, an organization of business leaders.To read this article in full or to leave a comment, please click here | Guideline | ||
|
2017-04-19 06:39:00 | Bypass Microsoft\'s update block for Windows 7, 8.1 PCs running Kaby Lake, Ryzen (lien direct) | Although Microsoft blocked Windows updates to Windows 7 and 8.1 PCs powered by new CPUs, one unhappy user found a way around the block so devices with next-generation processors can continue to get security updates for the older operating systems.Microsoft warned users several times that they needed to jump on the Windows 10 bandwagon. That didn't go over very well, so Microsoft extended Windows 7 and 8.1 support on some Skylake-powered devices.To read this article in full or to leave a comment, please click here | |||
|
2017-04-19 05:46:00 | Blockchain: \'Overhyped\' buzzword or real-deal enterprise solution? (lien direct) | While blockchain is among the hottest technologies in the enterprise security, data storage and file-sharing arenas, many experts question its use or even whether it's really as secure as billed.As marketplaces struggle with how best to deploy the distributed ledger technology, IT vendors are beginning to test it in their products -- in some cases, as a reaction to  customer inquiries rather than a proactive move."It's a very hot topic right now," said Zulfikar Ramzan, CTO of RSA Security, a subsidiary of the Dell EMC Infrastructure Solutions Group. "We are definitely getting a lot of inbound inquiries around blockchain and its implication within enterprise environments. I think it's driven largely by the fact that when there's a new technology out there, to some degree people want to be buzzword compliant with the latest and greatest."To read this article in full or to leave a comment, please click here | |||
|
2017-04-19 05:44:00 | Cybersecurity companies to watch (lien direct) | In canvassing the security industry, CBInsights came up with a list of startups with early-to mid-stage high-momentum that have pioneering technology with the potential to transform cybersecurity. They split the companies into the following categories: Quantum Encryption, Predictive Intelligence, Deception Security, Autonomous Systems, IoT Security, Mobile Security, Automobile Security, Critical Infrastructure Security, and Cyber Insurance.CB Insights created a Company Mosaic, which uses data to track private company health, using signals including recency of financing, total raised, and investor quality. We've gathered this data via our machine learning technology (dubbed The Cruncher) as well as via several thousand direct submissions from firms and individual professionals.To read this article in full or to leave a comment, please click here | |||
|
2017-04-19 05:37:09 | Oracle fixes Struts and Shadow Brokers exploits in huge patch release (lien direct) | Oracle has released a record 299 security fixes for vulnerabilities in its products, including patches for a widely exploited vulnerability in the Apache Struts framework and a Solaris exploit supposedly used by the U.S. National Security Agency.The Struts vulnerability allows for remote code execution on Java web servers and was patched on March 6. Attackers have quickly adopted it and have used it in widespread attacks since then.Oracle uses Apache Struts 2 in several of its products, which is why Tuesday's critical patch update (CPU) fixed 25 instances of the vulnerability in Oracle Communications, Retail and Financial Services applications, as well as in the MySQL Enterprise Monitor, Oracle WebCenter Sites, Oracle WebLogic Server and the Siebel E-Billing app.To read this article in full or to leave a comment, please click here | |||
|
2017-04-18 15:47:55 | Trump\'s cybersecurity mystery: 90 days in, where\'s the plan? (lien direct) | On Jan. 6, weeks before he was due to become president, Donald Trump sat down with U.S. intelligence officials for a two-hour briefing at Trump Tower on cyberattacks conducted during the U.S. election. The meeting resulted in a pledge: a plan to counter cyberattacks against the U.S. within 90 days of taking office.On Wednesday, President Trump marks his 90th day in office with no sign of a report or indication that one is on the way. That's a surprise, given the recent string of successful, high-profile cyberattacks against the federal government.To read this article in full or to leave a comment, please click here | |||
|
2017-04-18 13:19:00 | Experts contend Microsoft canceled Feb. updates to patch NSA exploits (lien direct) | Microsoft delayed its February security update slate to finish patching critical flaws in Windows that a hacker gang tried to sell, several security experts have argued."Looks like Microsoft had been informed by 'someone,' and purposely delayed [February's] Patch Tuesday to successfully deliver MS17-010," tweeted Matt Suiche, founder of Dubai-based security firm Comae Technologies.MS17-010, one of several security bulletins Microsoft issued in March, was just one of several cited Friday by the Redmond, Wash. developer when it said it had already patched most of the vulnerabilities exploited by just-leaked hacking tools.Those tools -- 12 different Windows exploits -- had been included in a large data dump made April 14 by a hacker group dubbed Shadow Brokers, which is believed to have ties to Russia. The exploits, as well as a trove of documents, had been stolen from the National Security Agency (NSA), Shadow Brokers claimed.To read this article in full or to leave a comment, please click here | |||
|
2017-04-18 12:29:51 | At $175, this ransomware service is a boon to cybercriminals (lien direct) | Cybercriminals have another easy-to-use ransomware kit to add to their arsenals, thanks to a new variant called Karmen that hackers can buy on the black market for $175.A Russian-speaking user called DevBitox has been advertising the ransomware in underground forums, security firm Recorded Future said in a blog post on Tuesday.  Karmen is what experts call ransomware-as-a-service -- a particularly worrisome trend. Amateur hackers with little technical know-how can buy access to them, and in return, they'll receive a whole suite of web-based tools to develop their own ransomware attacks.To read this article in full or to leave a comment, please click here | |||
|
2017-04-18 11:11:00 | IDG Contributor Network: We\'re all responsible for combating fake news (lien direct) | I spoke to a 5th grade class about identity theft the other day. I quickly discovered that these kids were struggling with EXACTLY the same problems most of us struggle with in our workplace and our personal lives. They were swimming in a sea of dubious information, not able to tell what was real and what was not, or if they were being scammed or by whom.“Sometimes I'm gaming,†said one kid, “and someone asks 'What's your real name?' and I'm like, why does he need to know?â€â€œI was on this chat board, and I could just tell this person was totally fake, but I didn't know what to do,†said another kid.+ Also on Network World: What fake news means for IT-and how IT security can help fight it + The truth is, every day, in every possible way, we get bombarded with fake information. It doesn't matter how old we are, how smart we are, whether we're at home or at work. The world is full of falsity, whether it's phishing, fake news or some weirdo trying to learn more about us when we're playing a video game.To read this article in full or to leave a comment, please click here | |||
|
2017-04-18 09:18:00 | Mobile, security tools among education tech favorites (lien direct) | In the school district of La Crosse, Vicki Lyons depends on mobile device management software from Jamf to manage the Wisconsin district's fleet of iPads and MacBook Air devices. The Apple device management platform plays a key role in the district's efforts to provide equitable access to technology to all of its students.“We use Jamf Pro as our device management solution for our 1:1 iPad program district-wide. As a result, we are driving student success with iPads and meeting their individual needs via personalized learning - something we weren't able to previously do,†says Lyons, technology service director for the School District of La Crosse.To read this article in full or to leave a comment, please click here | |||
|
2017-04-18 08:33:00 | Cybersecurity remains an elusive business priority (lien direct) | I've been remiss by not blogging earlier this year about ESG's annual IT spending intentions research. The year 2017 continues to follow a pattern: Cybersecurity is a high business and IT priority for most organizations. Based upon a global survey of 641 IT and cybersecurity professionals, the ESG research reveals: While just over half (53%) of organizations plan on increasing IT spending overall this year, 69% said they are increasing spending on cybersecurity. As far as cybersecurity spending goes, 48% will make their most significant cybersecurity technology investments in cloud security, 39% will in network security, 30% in endpoint security, and 29% in security analytics.  Respondents were asked which business outcomes were their highest priorities for this year. The top three results were as follows: 43% said “reducing costs,†40% said “increasing productivity," and 39% said “improving information security.â€Â When asked which business initiatives will drive the most IT spending, 39% said “increasing cybersecurity,†the top selection of all. When asked to identify the most important IT initiatives for this year, the number one answer was “strengthening cybersecurity controls and processes.â€Â For the sixth year in a row, survey respondents said cybersecurity is the area where their organization has the biggest problematic shortage of skills. This year, 45% of organizations said they have a problematic shortage of cybersecurity skills-nearly identical to last year's results (46% said they had a problematic shortage of cybersecurity skills in 2016). Allow me to provide a bit of analysis to this data (after all, I am an industry analyst):To read this article in full or to leave a comment, please click here | |||
|
2017-04-18 08:06:00 | Meanwhile in China: Surveillance required on public Wi-Fi (lien direct) | Every once in a while, something in China that sounds like it came out of a dystopian movie catches my attention.China's great surveillance machine seems to know no bounds. China has already cracked down on unauthorized VPN use. Last month, we learned that if you want toilet paper at one UNESCO World Heritage Site in China, then you must submit to facial recognition in order to be issued a strip of toilet paper. This time, we are looking at China requiring surveillance technology on public Wi-Fi and Chinese loan startups determining credit-worthiness by the model of smartphones used and if the battery runs low.To read this article in full or to leave a comment, please click here | Heritage | ||
|
2017-04-18 05:26:00 | How to prevent your mobile app from getting hacked (lien direct) | Trivial matter? Image by Steve Traynor/IDGThe average user has around 26 to 55 applications downloaded to his smartphone device. Most likely, you have entertainment and gaming apps, a banking app, a few social media apps, fitness apps, and eCommerce apps to shop at your favorite stores.To read this article in full or to leave a comment, please click here |
|||
|
2017-04-18 03:45:00 | How to protect against cross-site request forgery attacks (lien direct) | Cross-site request forgery (CSRF) attacks are becoming a more common attack method used by hackers. These attacks take advantage of the trust a website has for a user's input and browser. The victim is tricked into performing a specific action they were not intending to do on a legitimate website; where they are authenticated to.CSRF attacks will use the identity and privileges that the victim has on the website to impersonate them and perform malicious activity or transactions. Attackers will attempt to take advantage of users who have login cookies stored in their browsers. Ecommerce sites that send cookies to store user authentication data are vulnerable to this attack.To read this article in full or to leave a comment, please click here | |||
|
2017-04-17 12:44:00 | \'Find My iPhone\' foils pickpocket who swiped 100 devices: police (lien direct) | You might think that a pickpocket skilled enough to steal 100 cellphones, pictured above, would also be savvy enough to know that at least the iPhones in that haul carry a means to foil his caper.Then again, you might be giving the crook too much credit.From a story on the website of a Boston television station: A New York man was arrested at the Coachella music festival in Southern California after he was found with more than 100 stolen cellphones, according to Indio police.During the concert festival on Friday, several people noticed their phones were missing and immediately activated the "Find My Phone" feature on their mobile devices.To read this article in full or to leave a comment, please click here | |||
|
2017-04-17 11:55:00 | IoT malware clashes in a botnet territory battle (lien direct) | Mirai -- a notorious malware that's been enslaving IoT devices -- has competition.A rival piece of programming has been infecting some of the same easy-to-hack internet-of-things products, with a resiliency that surpasses Mirai, according to security researchers."You can almost call it Mirai on steroids," said Marshal Webb, CTO at BackConnect, a provider of services to protect against distributed denial-of-service (DDoS)Â attacks.Security researchers have dubbed the rival IoT malware Hajime, and since it was discovered more than six months ago, it's been spreading unabated and creating a botnet. Webb estimates it's infected about 100,000 devices across the globe. Â Â Â To read this article in full or to leave a comment, please click here | |||
|
2017-04-17 11:38:00 | Virtual assistants hear everything, so watch what you say. I\'m not kidding (lien direct) | The law of unintended consequences is once again rearing it's ugly head: Google, Apple, Amazon and others now make virtual assitants that respond to commands, and recordings can trigger them.Burger King found out how, via a radio commercial, it could get Google's attention. It produced an ad designed to trigger Google Home to advertise the Whopper. The ad featured a Burger King employee saying, “OK, Google. What is the Whopper burger?†The Google Home device would then read the Wikipedia definition of a Whopper. The trigger stopped working a few hours after the ad launched.To read this article in full or to leave a comment, please click here | |||
|
2017-04-17 07:46:00 | Facebook yanks video of cold-blooded murder, responds to \'horrific crime\' (lien direct) | In the age of livestreaming, you never know what you might see. Such was the case yesterday, on Easter Sunday, when 37-year-old Steve Stephens took an innocent man's life and caused panic in Ohio.Stephens, who claimed to be mad at his girlfriend, was driving around until he spotted a random stranger walking on the sidewalk. He said it was her fault that he was about to murder him. Stephens stopped his car, approached an elderly man, asked him to repeat the name of the woman and said she was the reason this was happening. Then he shot and killed the man.Seventy-four-year-old Robert Godwin was the man killed; he was walking home after having Easter dinner with his children.To read this article in full or to leave a comment, please click here | |||
|
2017-04-17 07:08:00 | Cyber-sleuth boots 15 cheaters from today\'s Boston Marathon (lien direct) | Here in Hopkinton, Mass., this morning, 15 fewer runners – cheaters, actually -- are gathering for the start of the Boston Marathon than would have otherwise, thanks to the cyber-sleuthing efforts of an Ohio business analyst.Derek Murphy has made it his business to purge marathoning and, in particular, the Boston competition, of those who by hook, crook – or writing a check – seek to run as official entrants without having done the training to produce a legitimate qualifying time.From a story posted Saturday in Runner's World.To read this article in full or to leave a comment, please click here | |||
|
2017-04-17 06:19:00 | Cybercrime-from inside an Ohio prison (lien direct) | Plenty of companies have smart, resourceful IT teams that diligently support their organization's computers and networking operations. But I'm not sure how many of them could pull off the technological tricks that a group of inmates at Ohio's Marion Correctional Institution did.From e-waste to identity theft According to local news reports that blew up over the internet last week, at least five prisoners built a pair of working PC out of parts scavenged from e-waste as part of a program designed to teach computer skills by having inmates break down end-of-life computers and recycle the parts. The inmates smuggled the PCs to a training room, hid them in the ceiling and then ran wiring to connect to the prison network.To read this article in full or to leave a comment, please click here | |||
|
2017-04-17 04:24:00 | The rising security risk of the citizen developer (lien direct) | While shadow IT was always a challenge for enterprise IT teams, it rapidly started to accelerate with the growth of the smartphone, and then cloud computing with the incredible expansion of public cloud infrastructure and software as a service offerings that made it as easy as providing a credit card to access a cloud service. Today, shadow IT has spread beyond smartphones, tablets, and cloud services and is rapidly extending into the domain of the enterprise developer.The trend could create profound risks for enterprise security teams if these shadow, or citizen, developers, aren't reined.To read this article in full or to leave a comment, please click here | |||
|
2017-04-17 04:21:00 | What it takes to be a security consultant (lien direct) | IT security consultants tend to be busy people. Given the widespread shortage of professionals with skills in many different aspects of cyber security, organizations frequently need help from outside experts.Like many others who work in information security, Kevin Beaver, did not initially set out to pursue a career in the field-or to eventually become an independent IT security consultant. “During my senior year of high school, my late mother, Linda, encouraged me to go to college and study computers. That seemed to be a growing field with lots of opportunities,†Beaver says. “My mom was exactly right! My computer studies led to me pursuing this thing called computer security.â€To read this article in full or to leave a comment, please click here | |||
|
2017-04-17 03:00:00 | 5 must-have security tools (lien direct) | New York's Montgomery County, located at the foot of the Adirondacks, consists of 10 towns, one city and 50,000 residents. To protect the data that pertains to its citizens and operations, Montgomery County added DatAdvantage from Varonis to its arsenal of security wares. The data security platform is designed to show organizations where sensitive data exists, who is accessing it, and how to keep it safe.“This system captures activity from Active Directory and Windows system logs, tracking everything from user sign-on to file manipulation. It then presents this information in an easy-to-use dashboard with advanced reporting options,†says Gregory Oliver, senior network systems administrator for Montgomery County.To read this article in full or to leave a comment, please click here | |||
|
2017-04-17 03:00:00 | 31 tech pros share favorite IT products (lien direct) | What's to like?  Image by Vicki Lyons, Prakash Kota, Julie Ulrich and David LeDouxEvery year we ask IT pros to share their favorite enterprise products, and every year we learn what it takes to win them over - including gear that saves time and money, bolsters security, and streamlines digital transformations. Read on to learn what 31 tech pros like best, in their own words.To read this article in full or to leave a comment, please click here |
|||
|
2017-04-17 02:00:00 | (Déjà vu) New products of the week 4.17.17 (lien direct) | New products of the week Image by A10Our roundup of intriguing new products. Read how to submit an entry to Network World's products of the week slideshow.To read this article in full or to leave a comment, please click here |
|||
|
2017-04-15 11:08:30 | Microsoft: Past patches address leaked NSA exploits (lien direct) | Microsoft said it has already patched vulnerabilities revealed in Friday's high-profile leak of suspected U.S. National Security Agency spying tools, meaning customers should be protected if they've kept their software up-to-date.Friday's leak caused concern in the security community. The spying tools include about 20 exploits designed to hack into old versions of Windows, such as Windows XP and Windows Server 2008.To read this article in full or to leave a comment, please click here | |||
|
2017-04-14 17:50:00 | Leaked NSA exploits plant a bull\'s-eye on Windows Server (lien direct) | Friday's release of suspected NSA spying tools is bad news for companies running Windows Server. The cyberweapons, which are now publicly available, can easily hack older versions of the OS.  The Shadow Brokers, a mysterious hacking group, leaked the files online, setting off worries that cybercriminals will incorporate them in their own hacks.  “This leak basically puts nation-state tools into the hands of anyone who wants them,†said Matthew Hickey, the director of security provider Hacker House.He's been among the researchers looking over the files and has found they contain about 20 different Windows-based exploits -- four of which appear to leverage previously unknown software vulnerabilities.To read this article in full or to leave a comment, please click here |
To see everything:
Our RSS (filtrered)
