What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2020-02-04 09:24:00 | The problem with mobile and app voting (lien direct) | It's the day after the 2020 Iowa caucuses, and the Iowa Democratic Party has yet to announce the winner. The app that precinct leaders were supposed to use to report final tallies recorded inconsistent results. Party leaders blamed a "coding issue" within the app, not a hack or attack. Computerworld's Lucas Mearian joins Juliet to discuss the problem with mobile voting and how this snafu may affect the reputation of app voting in the future. | Hack Guideline | ||
|
2019-02-27 07:39:00 | Protecting the IoT: 3 things you must include in an IoT security plan (lien direct) | With many IT projects, security is often an afterthought, but that approach puts the business at significant risk. The rise of IoT adds orders of magnitude more devices to a network, which creates many more entry points for threat actors to breach. A bigger problem is that many IoT devices are easier to hack than traditional IT devices, making them the endpoint of choice for the bad guys.IoT is widely deployed in a few industries, but it is in the early innings still for most businesses. For those just starting out, IT and security leaders should be laying out their security plans for their implementations now. However, the landscape of security is wide and confusing so how to secure an IoT deployment may not be obvious. Below are three things you must consider when creating an IoT security plan. | Hack Threat Guideline | ||
|
2019-01-28 09:11:00 | Build security into your IoT plan or risk attack (lien direct) | The Internet of Things (IoT) is no longer some futuristic thing that's years off from being something IT leaders need to be concerned with. The IoT era has arrived. In fact, Gartner forecasts there will be 20.4 billion connected devices globally by 2020.An alternative proof point is the fact that when I talk with people about their company's IoT plans, they don't look at me like a deer in headlights as they did a few years ago. In fact, often the term “IoT” doesn't even come up. Businesses are connecting more “things” to create new processes, improve efficiency, or improve customer service.As they do, though, new security challenges arise. One of which is there's no “easy button.” IT professionals can't just deploy some kind of black box and have everything be protected. Securing the IoT is a multi-faceted problem with many factors to consider, and it must be built into any IoT plan. | Guideline | ||
|
2017-08-24 07:33:00 | This Linux tool could improve the security of IoT devices (lien direct) | The first rule of building a secure and feature-rich ecosystem is software management - push and pull software updates and software discovery through an app store mechanism from a trusted source.In the go-to-market IoT race, though, that often doesn't happen. Many Internet of Things (IoT) product developers have ignored the traumatic early history of Microsoft Windows, Android and web platforms, and expoits of IoT devices - because software updates have not been designed in - are regularly reported.+ Also on Network World: How to improve IoT security + Those earlier platforms have been hardened, updates have been automated, and the app discovery and installation have been made trustworthy. IoT developers need to follow their lead. To read this article in full or to leave a comment, please click here | Guideline | ||
|
2017-05-23 09:35:00 | IDG Contributor Network: Educating the public about security – are we doing it all wrong? (lien direct) | In 2016 consumers were exposed to a larger number of high profile data breaches than any year previously. According to the Breach Level Index, 1,792 data breaches led to almost 1.4 million data records being compromised worldwide, an increase of 86% compared to 2015. Identity theft was the leading type of data breach last year, accounting for 59% of all data breaches. These numbers have helped raise public awareness around the serious threats to personal data that exist in the modern era, and awareness is also growing for some of the solutions that businesses and individuals can use to minimize the risks from data breaches. But is it enough?To read this article in full or to leave a comment, please click here | Guideline | ||
|
2017-05-01 12:45:00 | IDG Contributor Network: Data breaches: It\'s still personal (lien direct) | In a blog post last September, I highlighted how data breaches for the first half of 2016 shifted from stolen credit card data and financial information to the theft of something much more personal-identities. Unsurprisingly, this trend continued throughout the remainder of the year.According to the recently released Breach Level Index, 1,792 data breaches led to almost 1.4 million data records being compromised worldwide, an increase of 86 percent compared to 2015. Once again, identity theft was the leading type of data breach last year, accounting for 59 percent of all data breaches. To read this article in full or to leave a comment, please click here | Guideline | ||
|
2017-04-27 07:14:00 | Enterprise security technology consolidation (lien direct) | Look around the cybersecurity infrastructure at any enterprise organization, and here's what you'll see-dozens and dozens of cybersecurity tools from just as many vendors. Now this situation wasn't planned; it just happened. Over the past 15 years, bad guys developed new cyber weapons to exploit IT vulnerabilities. And large organizations reacted to these new threats by purchasing and deploying new security controls and monitoring systems. This pattern continued over time, leading to today's patchwork of security point tools. + Also on Network World: Is your company spending on the right security technologies? + So, what's the problem? Point tools aren't really designed to talk with one another, leaving human beings to bridge the communications, intelligence and technology gaps between them. Furthermore, each individual tool requires training, deployment, configuration and ongoing operational support. More tools, more needs.To read this article in full or to leave a comment, please click here | Guideline | ||
|
2017-04-27 06:31:00 | Next-gen IoT botnet Hajime nearly 300K strong (lien direct) | The Hajime botnet is nearly 300,000 strong, making it a latent threat nearly as powerful as the notorious Mirai botnet that devastated high-profile websites last fall, leading some to think the internet had been broken.Researchers at Kaspersky Lab lured devices infected with the Hajime worm to announce themselves to a Kaspersky honeypot, checked out whether they were actually infected and added them up. They came up with the number 297,499, says Igor Soumenkov, principal researcher at Kaspersky Lab.An earlier estimate by Symantec put the size at tens of thousands. Estimates of the number of infected devices in Mirai botnets have put it about 400,000, but the number of devices that might be infected with the Hajime worm is 1.5 million, says Dale Drew, the CSO of Level 3, which has been building a profile of behavioral classifiers to identify it so it can be blocked.To read this article in full or to leave a comment, please click here | Guideline | ||
|
2017-04-26 10:13:00 | Report: Top 25 IT security products (lien direct) | Nothing beats hearing from your peers about which IT security products have been successful in the enterprise. IT Central Station, which collects reviews from verified enterprise IT product users, has compiled a report that identifies 25 top-rated products in security categories such as cloud security, firewalls, security information and event management (SIEM), application security and internet of things (IoT) security.IT Central Station selected the product leaders in each security category. The report uses a scoring methodology based on a combination of buyer interest, the number of reviews (at least 10), and the average rating in those reviews.To read this article in full or to leave a comment, please click here | Guideline | ||
|
2017-04-24 07:37:00 | Bring Your Own Authentication is upending online security practices (lien direct) | This vendor-written tech primer has been edited by Network World to eliminate product promotion, but readers should note it will likely favor the submitter's approach.Seeing the success of the Bring Your Own Device movement, a cadre of leading companies are starting to explore if a similar approach can be used to address the authentication challenge. If BYOD essentially makes the device a proxy for the work environment, can that same device serve as a proxy for customers online?This new movement, known as Bring Your Own Authentication (BYOA), holds the same promise of reimagining the way we think of authentication, putting the consumer (and device) front and center in the interaction, and relegating passwords to the background or eliminating them completely. But there are challenges to overcome in order for mass adoption.To read this article in full or to leave a comment, please click here | Guideline | ||
|
2017-04-24 04:44:00 | Securing risky network ports (lien direct) | Data packets travel to and from numbered network ports associated with particular IP addresses and endpoints, using the TCP or UDP transport layer protocols. All ports are potentially at risk of attack. No port is natively secure.“Each port and underlying service has its risks. The risk comes from the version of the service, whether someone has configured it correctly, and, if there are passwords for the service, whether these are strong? There are many more factors that determine whether a port or service is safe,†explains Kurt Muhl, lead security consultant at RedTeam Security. Other factors include whether the port is simply one that attackers have selected to slip their attacks and malware through and whether you leave the port open.To read this article in full or to leave a comment, please click here | Guideline | ||
|
2017-04-20 14:09:50 | Drupal fixes critical access bypass vulnerability (lien direct) | The Drupal project has released a patch to fix a critical access bypass vulnerability that could put websites at risk of hacking.The vulnerability does not have the highest severity level based on Drupal's rating system, but is serious enough that the platform's developers decided to also release a patch for a version of the content management system that's no longer officially supported.Successful exploitation of the vulnerability can lead to a complete compromise of data confidentiality and website integrity, but only Drupal-based websites with certain configurations are affected.To be vulnerable, a website needs to have the RESTful Web Services enabled and to allow PATCH requests. Furthermore, the attacker needs to be able to register a new account on the website or to gain access to an existing one, regardless of its privileges.To read this article in full or to leave a comment, please click here | Guideline | ||
|
2017-04-19 13:10:00 | Humans are (still) the weakest cybersecurity link (lien direct) |
Humans remain the weak link in corporate data protection, but you might be surprised hat it isn't only rank-and-file employees duped by phishing scams who pose risks. Some companies are lulled into a false sense of cybersecurity by vendors. You read that right:Some enterprises believe the shiny new technologies they've acquired will protect them from anything.Just ask Theodore Kobus, leader of BakerHostetler's Privacy and Data Protection team. BakerHostetler
Theodore Kobus, BakerHostetler's Privacy and Data Protection team.To read this article in full or to leave a comment, please click here |
Guideline | ||
|
2017-04-19 08:17:55 | Surveys show high hopes, deep concerns about IoT (lien direct) | Industrial IoT's big future is starting to become a reality, but many companies still don't think they're ready for it.Those are some of the findings in surveys released on Tuesday by the Business Performance Innovation Network and the Eclipse IoT Working Group. They reflect the views of hundreds of executives and developers from a range of industries.More than half of the executives think their industries are already adopting IoT through either pilots or large-scale deployments, and 57 percent are at least in the planning stages themselves, BPI Network said. About 350 executives from around the world responded to the survey by BPI Network, an organization of business leaders.To read this article in full or to leave a comment, please click here | Guideline | ||
|
2017-04-14 05:59:29 | How will future cars stay up-to-date? Make them open like a PC (lien direct) | The future seems bright for the automobile. A whole host of technologies -- including self-driving systems – is set to reinvent the auto industry, making cars more computerized than ever.But not everyone shares a rosy outlook.  “I know what is going to happen in the future and I don't like it,†said Bruce Perens, a leading open source advocate.  “And I would like to guide it in a somewhat different direction.â€His fear is that consumers who buy next-generation cars will face obstacles to modifying or repairing them -- like purchasing a smartphone, only far more expensive, with manufacturers in sole control over the tech upgrades.To read this article in full or to leave a comment, please click here | Guideline | ||
|
2017-04-12 11:01:00 | 6 vulnerabilities to watch for on the factory floor (lien direct) |
 Industrial control systems (ICS) that run the valves and switches in factories may suffer from inherent weaknesses that cropped up only after they were installed and the networks they were attached to became more widely connected. FireEye iSIGHT Intelligence
Sean McBride
The problems are as far ranging as hard-coded passwords that are publicly available to vulnerabilities in Windows operating systems that are no longer supported but are necessary to run the aging gear, says Sean McBride, attack-synthesis lead analyst at FireEye iSIGHT Intelligence and author of “What About the Plant Floor? Six subversive concerns for industrial environments.â€To read this article in full or to leave a comment, please click here |
Guideline | ||
|
2017-04-12 06:19:00 | Can AI and ML slay the healthcare ransomware dragon? (lien direct) | It's common knowledge that healthcare organizations are prime – and relatively easy – targets for ransomware attacks. So it is no surprise that those attacks have become rampant in the past several years. The term “low-hanging fruit†is frequently invoked.But according to at least one report, and some experts, it doesn't have to be that way. ICIT – the Institute for Critical Infrastructure Technology – contends in a recent whitepaper that the power of artificial intelligence and machine learning (AI/ML) can “crush the health sector's ransomware pandemic.â€To read this article in full or to leave a comment, please click here | Guideline | ||
|
2017-04-05 06:25:00 | IBM: Tax-related spam up 6,000% since Dec.; Darkweb tactics net billions (lien direct) | Tis' the season for tax villains. The notion that spam has been increasing lately has been obvious recently and for more evidence of that nasty trends you need look no further than this fact: From Dec 2016 to Feb 2017, IBM X-Force researchers saw a 6,000% increase in tax-related spam emails.And that's just one of a number of tax season scams and frauds IBM X-Force security researchers have been tracking in a report “Cybercrime Riding Tax Season Tides: Trending Spam and Dark Web Findings†issued today.+More on Network World: IRS Dirty Dozen: Phishing, phone cons and identity theft lead scam list for 2017+To read this article in full or to leave a comment, please click here | Guideline | ||
|
2017-04-04 13:12:00 | IT leaders share how they quell cybersecurity attacks (lien direct) | Ask CIOs and CISOs what cybersecurity fears keep them up at night and you'll hear a range of responses -- from social engineering hacks such as phishing, as well as malware that enables perpetrators to hijack users' websites -- the dreaded ransomware -- and denial-of-service attacks. Depending on their business you might hear them say "all of the above."These threats are driving increased spending on cybersecurity tools intended to protect corporate data from nation-state actors, lone wolf attackers and other malcontents who are seeking access to corporate data. IT leaders know that it takes only one well-placed exploit to infiltrate a corporate network, but they also acknowledge that the best approach is to shrink their attack surface and be ready to respond to an incident in the event of an attack.To read this article in full or to leave a comment, please click here | Guideline | ||
|
2017-04-03 07:15:00 | Android now the world\'s most popular operating system (lien direct) |
Move over, Microsoft Windows. Thanks to mobile, Google's Android is now king, as it has become the world's most popular operating system for getting online.Web analytics firm StatCounter reported that, for the first time ever, Android topped the worldwide OS internet usage market share. In March, looking at combined usage across desktop, laptop, tablet and mobile, Android usage hit 37.93 percent. That was enough to narrowly overtake Windows' 37.91 percent. StatCounter
“This is a milestone in technology history and the end of an era,†said StatCounter CEO Aodhan Cullen. “It marks the end of Microsoft's leadership worldwide of the OS market, which it has held since the 1980s. It also represents a major breakthrough for Android, which held just 2.4 percent of global internet usage share only five years ago.â€To read this article in full or to leave a comment, please click here |
Guideline | ||
|
2017-04-03 04:05:00 | IDG Contributor Network: Information security in an insecure world (lien direct) | If I could give only one piece advice for CTOs and IT teams, it would be this: Data security is not just an IT task-it comes down to people and processes. As a startup CTO, you're often going to lead the charge when it comes to information security for your firm. Â According to the Identity Theft Resource Center, U.S. companies and government agencies suffered a record 1,093 data breaches in 2016-a 40 percent increase over 2015. We've all seen the headlines and the high-profile victims, but attackers don't discriminate when it comes to security breaches. Any company can become a victim, leading to losses of your data, your customers' data, financial information, proprietary product information, and, ultimately, a loss of goodwill in the market. As more processes move online and into the cloud, companies increasingly feel this burden of staying secure.To read this article in full or to leave a comment, please click here | Guideline | ||
|
2017-03-30 12:56:04 | Senator: Russia used \'thousands\' of internet trolls during US election (lien direct) | The Russian government used "thousands" of internet trolls and bots to spread fake news, in addition to hacking into political campaigns leading up to the 2016 U.S. election, according to one lawmaker.Disinformation spread on social media was designed to raise doubts about the U.S. election and the campaign of Democratic presidential candidate Hillary Clinton, said Senator Mark Warner, a Virginia Democrat."This Russian propaganda on steroids was designed to poison the national conversation in America," Warner said Thursday during a Senate hearing on Russian election hacking. The Russian government used "thousands of paid internet trolls" and bots to spread disinformation on social media.To read this article in full or to leave a comment, please click here | Guideline | ||
|
2017-03-29 14:18:00 | How to fend off cyberattacks and data breaches (lien direct) | According to research conducted by Symantec, the number of cyberattacks against small businesses (companies with fewer than 250 employees) has been steadily growing over the last six years, with hackers specifically targeting employees (phishing). And while distributed denial of service, or DDoS, attacks are still a leading form of cyber warfare, ransomware and malware attacks, targeting users of smartphones and internet of things (IoT) devices, as well as PCs and systems running on Macs and Linux, are also a big threat to small businesses.To read this article in full or to leave a comment, please click here | Guideline | ||
|
2017-03-29 05:51:00 | Expert: NY breach report highlights third-party risk (lien direct) | New York reported a record high number of breaches last year, just after a new set of cybersecurity regulations went into effect in the state."In 2016, New Yorkers were the victims of one of the highest data exposure rates in our state's history," said Attorney General Eric Schneiderman in a statement released last week. "The total annual number of reported security breaches increased by 60% and the number of exposed personal records tripled."According to the report, the stolen data consisted overwhelmingly of Social Security numbers and financial account information, and hacking was the leading cause of the breaches. The 1,300 breaches involved the private data of 1.6 million state residents, and 81 percent of the breaches involved the loss of Social Security numbers or financial information.To read this article in full or to leave a comment, please click here | Guideline | ||
|
2017-03-27 07:21:00 | Fortinet CISO on securing critical infrastructure: \'We can no longer bring a knife to a gunfight\' (lien direct) | Earlier this year Fortinet hired its first chief information security officer (CISO). The timing makes sense, as the company has grown into a leading security vendor with an integrated, security fabric vision that few competitors can match.As Fortinet continues to expand its presence in the federal and critical infrastructure markets, CISO Philip Quade brings the credentials and background needed to help lead the strategy. Prior to joining Fortinet, Quade was the NSA director's special assistant for cyber and chief of the NSA Cyber Task Force. Before that, he was chief operating officer of the Information Assurance Directorate at the NSA.I recently talked with Quade regarding his new role and the challenges the United States and businesses in general face with respect to security.To read this article in full or to leave a comment, please click here | Guideline | ||
|
2017-03-23 10:10:00 | Snowden\'s ex-boss offers tips on stopping insider threats (lien direct) | Steven Bay, a former defense contractor, knows a thing or two about insider threats. For a brief period, he was the boss of Edward Snowden, the famous leaker who stole sensitive files from the U.S. National Security Agency. Recalling the day he learned Snowden had been behind the NSA leaks back in June 2013, Bay said he received texts about the breaking news while in a leadership meeting at a church. The first text said "Sorry man, looks like your worst nightmare came true."To read this article in full or to leave a comment, please click here | Guideline | ||
|
2017-03-23 08:25:00 | Now WikiLeaks threatens to disclose software vulnerabilities (lien direct) | Earlier this month, the notorious info leaker WikiLeaks published a batch of documents from the CIA detailing how the CIA has developed several tools to crack, break into or infect all kinds of devices-from PCs to Smart TVs-even if they are not connected to the internet. At the time, WikiLeaks leader Julian Assange promised that the site would work with the affected tech companies to give them exclusive access to the technical details of those exploits and would not go public with the exploits and back doors. However, it wasn't until this week that WikiLeaks got in contact with the listed tech companies, such as Microsoft, Apple and Google, according to Motherboard, the tech site run by Vice. Citing unnamed sources familiar with the matter, Motherboard said WikiLeaks has made demands on the initial contact with firms but didn't share any of the alleged CIA codes. To read this article in full or to leave a comment, please click here | Guideline | ||
|
2017-03-23 06:06:00 | Experts: US needs a federal CISO (lien direct) | Last week, the Trump administration announced the appointment of a White House cybersecurity coordinator. That's a good first step, security experts say, but the government also needs to have a federal CISO."It's a big leadership vacancy," said Sanjay Beri, CEO and co-founder at cloud security vendor Netskope.The job of a federal CISO is very new -- it was only created last year and filled in September with the appointment of retired brigadier general Gregory Touhill. He was previously the deputy assistant secretary for cybersecurity and communications at the Department of Homeland Security.To read this article in full or to leave a comment, please click here | Guideline | ||
|
2017-03-22 12:32:00 | Cisco: IOS security update includes denial of service and code execution warnings (lien direct) | Cisco is warning IOS and IOS EXE users of five security vulnerabilities it rates as “High†that could lead to denial of service attacks or allow an invader to execute arbitrary code on an particular system.The warnings – which include Cisco's DHCP client, L2TP, Zero Touch Provisioning, HTTP server and Web user interface -- are part of what Cisco says are a twice-yearly bundle of IOS security advisories it issues to keep those users up-to-date on current IOS security issues.To read this article in full or to leave a comment, please click here | Guideline | ||
|
2017-03-17 05:46:00 | Do you have an incident response plan in place? (lien direct) | Details matter when developing an incident response (IR) plan. But, even the most successful IR plans can lack critical information, impeding how quickly normal business operations are restored.This guide from Cybereason takes a closer look at nine of the often forgotten, but important steps that you should incorporate into your IR plan.Preparation across the entire companyGood security leaders should be able to get people from across the company to help develop the IR plan. While CISOs will most likely manage the team that handles the threat, dealing with the fallout from a breach requires the efforts of the entire company.To read this article in full or to leave a comment, please click here | Guideline | ||
|
2017-03-17 05:43:00 | Experts divided on value of Cyber National Guard (lien direct) | This past weekend at SXSW, two Congressmen suggested that the U.S. create a cybersecurity reserves system, similar to the National Guard, but the idea has received a mixed welcome from the cybersecurity community.According to House Rep. Will Hurd, a Republican from Texas, a national cybersecurity reserve could help strengthen national security and bring in a diversity of experience. Hurd, who has a degree in computer science from Texas A&M, has served as an undercover CIA officer and has worked as a partner at cybersecurity firm FusionX.He has been pitching the idea of a Cyber National Guard for a while, and has suggested that the government could forgive student loan debt for those who serve. It would also help ensure a cross-pollination of experience between government and industry.To read this article in full or to leave a comment, please click here | Guideline | ||
|
2017-03-16 06:01:00 | Smackdown: Office 365 vs. G Suite management (lien direct) | When you choose a productivity platform like Microsoft's Office 365 or Google's G Suite, the main focus is on the platform's functionality: Does it do the job you need?That's of course critical, but once you choose a platform, you have to manage it. That's why management capabilities should be part of your evaluation of a productivity and collaboration platform, not only its user-facing functionality.You've come to the right place for that aspect of choosing between Office 365 and Google G Suite.[ InfoWorld's deep look: Why (and how) you should manage Windows 10 PCs like iPhones. | The essentials for Windows 10 installation: Download the Windows 10 Installation Superguide today. ] Admin console UI. Both the Office 365 and G Suite admin consoles are well designed, providing clean separation of management functions and clear settings labels, so you can quickly move to the settings you want and apply them.To read this article in full or to leave a comment, please click here | Guideline | ||
|
2017-03-15 09:07:14 | Four charged, including Russian gov\'t agents, for massive Yahoo hack (lien direct) | The U.S. Federal Bureau of Investigation has charged four people, including two Russian state intelligence agents, for their involvement in a massive hack of Yahoo that affected half a billion accounts.In September, Yahoo said hackers had managed to steal personal data on more than 500 million users during an attack in late 2014. The stolen data included names, email addresses, telephone numbers and hashed passwords. Blame for the attack was put on a "state-sponsored" group.On Wednesday, the FBI said that group was the Russian Federal Security Service, the FSB, and it identified agents Dmitry Dokuchaev and Igor Sushchin as leaders of the attack.To read this article in full or to leave a comment, please click here | Guideline | Yahoo | |
|
2017-03-14 08:55:41 | The NSA\'s foreign surveillance: 5 things to know (lien direct) | A contentious piece of U.S. law giving the National Security Agency broad authority to spy on people overseas expires at the end of the year. Expect heated debate about the scope of U.S. surveillance law leading up to Dec. 31.One major issue to watch involves the way the surveillance treats communications from U.S. residents. Critics say U.S. emails, texts, and chat logs -- potentially millions of them -- are caught up in surveillance authorized by Section 702 of the Foreign Intelligence Surveillance Act (FISA).U.S. residents who communicate with foreign targets of the NSA surveillance have their data swept up in what the NSA calls "incidental" collection. The FBI can then search those communications, but it's unclear how often that happens.To read this article in full or to leave a comment, please click here | Guideline | ||
|
2017-03-10 05:34:00 | Google tries to beat AWS at cloud security (lien direct) | Google knows that if enterprises are going to move their critical services to its cloud, then it has to offer something that AWS doesn't. At Google Cloud Next, the company's leadership made the case that Google Cloud was the most secure cloud.At the conference this week, Google unveiled tools that would let IT teams provide granular access to applications, better manage encryption keys, and enforce stronger authentication mechanisms for applications running on Google Cloud. While Google is just playing catch-up to Amazon with the Key Management System for GCP, it is stepping into uncharted territory with Data Leak Prevention API by giving administrators tools that go beyond the infrastructure to protect individual applications. Google is tackling the identity access management challenge differently from Amazon, and it will be up to enterprises to decide which approach they prefer.To read this article in full or to leave a comment, please click here | Guideline | ||
|
2017-03-08 08:48:00 | Juniper product development chief resigns, company resets engineering makeup (lien direct) | Juniper is reshaping some of its top executive roles as Jonathan Davidson, executive VP and general manager of the firm's Development and Innovation group resigned from the company.Davidson, a former Cisco executive in charge products such as the Cisco 7200 and Enterprise ASR 1000 product management team joined Juniper in 2010 to lead the company's Security, Switching and Solutions Business Unit. He ultimately became executive vice president and general manager of the Juniper Development and Innovation group, where he replaced Rami Rahim who is now the company's CEO.To read this article in full or to leave a comment, please click here | Guideline | ||
|
2017-03-07 07:40:00 | Android gets patches for critical OpenSSL, media server and kernel driver flaws (lien direct) | A five-month-old flaw in Android's SSL cryptographic libraries is among the 35 critical vulnerabilities Google fixed in its March security patches for the mobile OS.The first set of patches, known as patch level 2017-03-01, is common to all patched phones and contains fixes for 36 vulnerabilities, 11 of which are rated critical and 15 high. Android vulnerabilities rated critical are those that can be exploited to execute malicious code in the context of a privileged process or the kernel, potentially leading to a full device compromise.One of the patched vulnerabilities is located in the OpenSSL cryptographic library and also affects Google's newer BoringSSL library, which is based on OpenSSL. What's interesting is that the flaw, identified as CVE-2016-2182, was patched in OpenSSL back in September. It can be exploited by forcing the library to process an overly large certificate or certificate revocation list from an untrusted source.To read this article in full or to leave a comment, please click here | Guideline | ||
|
2017-03-06 09:54:00 | Microsoft paying a bug bounty of $30,000 (lien direct) | First off, I have to issue something of a correction regarding last week's blog post on Intel price cuts. As it turns out, I have been informed that Intel didn't cut the prices, Micro Center cut them as a loss leader, something it frequently does. It doesn't change the bargain prices, just the motivation. So, I wanted to set the record straight on that. Onward. Microsoft is looking for a few good bugs. And people who will keep it quiet. OK, so I have no evidence of direct causality, but it seems convenient. Over the past few weeks, Google has embarrassed Microsoft twice by publicly disclosing security vulnerabilities in Windows 10 that still have not been patched after 90 days. Google has no mercy with its Zero Day disclosures and plays no favorites. Any company that does not fix a bug by 90 days after Google informs them of it will be hung out to dry. To read this article in full or to leave a comment, please click here | Guideline | ||
|
2017-03-01 08:28:00 | IDG Contributor Network: To improve information security, enterprises and government must share information (lien direct) | Information security is forever weaved into our daily lives. From the massive data breaches impacting Target, Yahoo and Anthem to IoT-powered DDoS attacks that take down substantial portions of the internet for extended periods of time, information security impacts everyone.The reality is providing protection in this kind of environment is so challenging that no single entity, whether it's a company or a government agency, can accomplish this task alone. There needs to be some kind of cooperation between the private and public sectors. This leads to the questions of what kind of relationship should the government and companies have, how can they work together and what's preventing this process from happening?To read this article in full or to leave a comment, please click here | Guideline | Yahoo | |
|
2017-02-28 14:30:00 | Microsoft may owe you $100 if you bought from the Microsoft Store (lien direct) | Microsoft has settled a class-action lawsuit regarding sales at its Microsoft Store outlets. And if you made a purchase at one of those stores, you might be owed as much as $100.The lawsuit alleged that Microsoft Store receipts contained too much information. The lead plaintiff's receipt listed the buyer's name, the name of the salesperson and the first six and last four digits of the buyer's payment card number-more than half the numbers on the card. According to the 2003 U.S. Fair and Accurate Credit Transactions Act (FACTA), retailers may print only the last five numbers of a payment card on the receipt. Retailers had until 2006 to comply with this restriction, and the Microsoft Stores are much newer than that. To read this article in full or to leave a comment, please click here | Guideline | ||
|
2017-02-28 13:36:00 | Google reveals Microsoft bug affecting IE and Edge (lien direct) | Google is pretty strict about its Project Zero rules when it comes to disclosure: a company has 90 days to fix the bug after it is informed by Google, after which it is announced to the public. Google did it last week with the announcement of two unpatched bugs, and now it's doing it again. A security flaw in Microsoft Edge and Internet Explorer was first reported to Microsoft Nov. 25, 2016. Microsoft was offered the standard 90-day lead to patch the issue before Google announced it to the world. With the cancellation of this month's Patch Tuesday, Microsoft failed to issue a fix, and now the bug is out there for the whole world to see. To read this article in full or to leave a comment, please click here | Guideline | ||
|
2017-02-27 02:15:00 | Oldies but goodies make presence felt amid glitzy startups at RSAC (lien direct) | SAN FRANCISCO -- The sprawling show floor at this year's RSA Conference featured hundreds of shiny, new companies, from Acalvio to ZingBox. It seemed like every vendor in the hall managed to incorporate into its marketing pitches at least one of the 2017 hot buzzwords – Advanced Threat Protection, machine learning, AI, threat intelligence, IoT.But three of the original anti-virus vendors – Symantec, McAfee and Trend Micro – were out in full force at the show as well, scoffing at the unproven point products of the startups and touting their own reorganizations, renewed focus and broad product portfolios. According to Gartner, the Big 3 lead the way in endpoint security market share, with Symantec, at $3.6 billion in annual revenue, out front, McAfee second, followed by Trend Micro.To read this article in full or to leave a comment, please click here | Guideline | ||
|
2017-02-24 06:03:00 | IDG Contributor Network: 3 security analytics approaches that don\'t work (but could) - Part 2 (lien direct) | A security analytics approach that exploits the unique strengths of Bayesian networks, machine learning and rules-based systems-while also compensating for or eliminating their individual weaknesses-leads to powerful solutions that are effective across a wide array of security missions. Despite the drawbacks of security analytics approaches I described in part 1 of this series, it's possible to build such solutions today, giving users a way to rapidly identify their highest-priority security threats at very large scale without being deluged with false-positive alerts or being forced to hire an army of extra analysts.To read this article in full or to leave a comment, please click here | Guideline | ||
|
2017-02-23 12:15:00 | How to assess security automation tools (lien direct) | This column is available in a weekly newsletter called IT Best Practices. Â Click here to subscribe. Â During my recent trip to Tel Aviv to attend CyberTech 2017, I had a one-on-one conversation with Barak Klinghofer, co-founder and CTO of Hexadite. He gave me a preview of an educational presentation he was to give two weeks later at the RSA Conference. His insight is worth repeating for anyone looking to add automation tools to their security toolset.As I saw at CyberTech, and I'm sure was the case at RSA, the hottest topics were security automation, automated incident response and security orchestration. These can be confusing terms, as every vendor describes them a little bit differently.To read this article in full or to leave a comment, please click here | Guideline | ||
|
2017-02-23 07:11:33 | Eleven-year-old root flaw found and patched in the Linux kernel (lien direct) | Linux system administrators should be on the watch for kernel updates because they fix a local privilege escalation flaw that could lead to a full system compromise.The vulnerability, tracked as CVE-2017-6074, is over 11 years old and was likely introduced in 2005 when the Linux kernel gained support for the Datagram Congestion Control Protocol (DCCP). It was discovered last week and was patched by the kernel developers on Friday.The flaw can be exploited locally by using heap spraying techniques to execute arbitrary code inside the kernel, the most privileged part of the OS. Andrey Konovalov, the Google researcher who found the vulnerability, plans to publish an exploit for it a few days.To read this article in full or to leave a comment, please click here | Guideline | ||
|
2017-02-22 10:55:00 | How the DOT discovered its network was compromised by shadow IT (lien direct) | When Richard McKinney set out to migrate the Department of Transportation (DOT) to Microsoft Office 365, he got a valuable lesson in shadow IT, one that could serve as a cautionary tale for other government leaders as they look to upgrade and consolidate their systems.McKinney, who only recently stepped down as CIO at DOT, had been leading a turnaround mission at the department since his arrival, but when it came time for the Office 365 rollout, he quickly discovered how chaotic the situation was, with hundreds of unauthorized devices running undetected on the sprawling network.To read this article in full or to leave a comment, please click here | Guideline | ||
|
2017-02-22 05:38:22 | Microsoft pushes out critical Flash Player patches with one week delay (lien direct) | After deciding to postpone its February patches for a month, Microsoft released one critical security update for Windows on Tuesday that contains Flash Player patches released by Adobe Systems last week.The new security bulletin, identified as MS17-005, is rated critical for Windows 8.1, Windows RT 8.1, Windows 10 and Windows Server 2016, and moderate for Windows Server 2012 and Windows Server 2012 R2. On these Windows versions, Flash Player is bundled by default with Internet Explorer 11 and Microsoft Edge, so Microsoft delivers patches for it through Windows Update.This month's Flash Player patches were released by Adobe on February 14 and address 13 vulnerabilities that could lead to remote code execution. Typically Adobe releases patches on the same day as Microsoft, a day known in the industry as Patch Tuesday. This month, though, Microsoft postponed its updates at the last minute due to an unspecified issue that, it said, could have affected customers.To read this article in full or to leave a comment, please click here | Guideline | ||
|
2017-02-21 09:40:00 | IDG Contributor Network: Cisco Rapid Threat Containment quickly detects, removes infected end points (lien direct) | Many of the readers of this blog are aware that ever since Cisco acquired SourceFire, and cybersecurity industry legends such as Marty Roesch took leadership roles within the company, Cisco's initiative is for all security products to be open and to interoperate with other products.Another very large acquisition was OpenDNS, and the CEO from OpenDNS now leads all of the security business at Cisco. The culture is all about Cisco products, as well as non-Cisco products, working better together. + Also on Network World: Cisco ONE simplifies security purchasing + For many, it's shocking to think about Cisco as a vendor pushing for openness and standards. I'm not sure why because Cisco has spent its life creating networking protocols and then helping them to become standards available to all. But I digress.To read this article in full or to leave a comment, please click here | Guideline | ||
|
2017-02-21 06:12:00 | 5 open source security tools too good to ignore (lien direct) | Open source is a wonderful thing. A significant chunk of today's enterprise IT and personal technology depends on open source software. But even while open source software is widely used in networking, operating systems, and virtualization, enterprise security platforms still tend to be proprietary and vendor-locked. Fortunately, that's changing. If you haven't been looking to open source to help address your security needs, it's a shame-you're missing out on a growing number of freely available tools for protecting your networks, hosts, and data. The best part is, many of these tools come from active projects backed by well-known sources you can trust, such as leading security companies and major cloud operators. And many have been tested in the biggest and most challenging environments you can imagine. To read this article in full or to leave a comment, please click here | Guideline | ||
|
2017-02-17 11:09:00 | IRS Dirty Dozen: Phishing, phone cons and identity theft lead scam list for 2017 (lien direct) | The Internal Revenue Service rounded up some of the usual suspects in its annual look at the Dirty Dozen scams you need to watch out for this year. It should come as no surprise that the IRS saw a big spike in phishing and malware incidents during the 2016 tax season because the agency has been very public about its battle with this scourge. Just this month the IRS issued another warning about what it called a dangerous, evolving W-2 scams that are targeting corporations, school districts and other public and private concerns.To read this article in full or to leave a comment, please click here | Guideline |
To see everything:
Our RSS (filtrered)
