What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2016-09-15 11:26:00 | IDG Contributor Network: Security talent management for the digitization era (lien direct) | Stiff competition for talent and a limited pool of security specialists make information security staffing a perennial challenge. Complicating this is the fact that security has not yet adapted to its changing role as organizations digitize. Now more than ever, information security leaders need to understand the new business environment and adapt how they hire, compete for and manage talent for the digital era.+ Also on Network World:Â High-demand cybersecurity skill sets +Digitization is transforming organizations' products, channels and operations. While this change comes with the potential for higher profit margins through enhanced efficiency, it also brings an increase in the number and variety of advanced threats, board oversight and regulatory compliance issues.To read this article in full or to leave a comment, please click here | Guideline | ||
|
2016-09-15 07:18:04 | Tech leaders, activists call for Obama to pardon Snowden (lien direct) | Tech luminaries Steve Wozniak, co-founder of Apple, and Jimmy Wales, founder of Wikipedia, have joined a new campaign pushing for a pardon of National Security Agency leaker Edward Snowden.Other supporters of the PardonSnowden.org campaign, launched Wednesday, are Harvard law professor and tech policy author Lawrence Lessig; tech investor Esther Dyson; noted cryptographer and MIT professor Ron Rivest; and Electronic Frontier Foundation co-founder John Perry Barlow.The campaign, supported by the American Civil Liberties Union, Amnesty International, and Human Rights Watch, asks supporters to sign a letter asking President Barack Obama to pardon the former NSA contractor. "Snowden's actions ... set in motion the most important debate about government surveillance in decades, and brought about reforms that continue to benefit our security and democracy," the letter says.To read this article in full or to leave a comment, please click here | Guideline | ||
|
2016-09-14 09:39:36 | Adobe fixes critical flaws in Flash Player and Digital Editions (lien direct) | Adobe Systems has fixed more than 30 vulnerabilities in its Flash Player and Digital Editions products, most of which could be exploited to remotely install malware on computers.The bulk of the flaws, 26, were patched in Flash Player on all supported platforms: Windows, Mac and Linux.Twenty-three of those vulnerabilities can lead to remote code execution and the remaining three can be used for information disclosure or to bypass security features, Adobe said in an advisory.Adobe advises users to update Flash Player version 23.0.0.162 on Windows and Mac or version 11.2.202.635 on Linux. The new version of the Flash Player extended support release, which only receives security patches, is now 18.0.0.375.To read this article in full or to leave a comment, please click here | Guideline | ||
|
2016-09-08 11:16:00 | Open source algorithm helps spot social media shams (lien direct) | Researchers from Carnegie Mellon University say they have developed an open source algorithm that can help spot social media frauds trying to sway valuable community influence.+More on Network World: Star Trek turns 50!+“Given the rise in popularity of social networks and other web services in recent years, fraudsters have strong incentives to manipulate these services. On several shady websites, anyone can buy fake Facebook page-likes or Twitter followers by the thousands. Yelp, Amazon and TripAdvisor fake reviews are also available for sale, misleading consumers about restaurants, hotels, and other services and products. Detecting and neutralizing these actions is important for companies and consumers alike,†the researchers wrote in a paper outlining their algorithm known as FRAUDAR.To read this article in full or to leave a comment, please click here | Guideline | ||
|
2016-09-08 05:25:00 | (Déjà vu) Rugged devops: Build security into software development (lien direct) | Devops is transforming how developers and operations teams work together to deliver better software faster. At its core, devops is about automation. When several tasks in development, testing, and deployment are automated, developers can make changes to code and deploy to production frequently. Amazon, a leading devops proponent, at one point claimed to have more than 1,000 deployments a day.But such an accelerated workflow has the potential to bypass secure coding practices, which developers often find difficult to incorporate in the first place. If devops is to continue its momentum, developers need to integrate security testing earlier in the software delivery lifecycle.To read this article in full or to leave a comment, please click here | Guideline | ||
|
2016-09-07 15:51:00 | Intel spinout: McAfee is back (lien direct) | Intel is going to spin out its subsidiary Intel Security as a joint venture with investment firm TPG, redubbing the new entity with its old name – McAfee.The deal calls for TPG to make a $1.1 billion equity investment and own 51 percent of the company, with Intel retaining 49%.In a joint statement the companies say the investment will be used to help the spinout gain its feet as a stand-alone business and to drive growth.Intel bought McAfee in 2010 for $7.68 billion with the intent of tying McAfee's security technology with Intel's chips.Since then Intel has incorporated technology in some chips that power features of its security software, and Intel Security' endpoint protection technology is well thought of, consistently ranking among the leaders in Gartner's analysis of that category. It is ranked number two in market share behind Symantec and in front of Trend Micro.To read this article in full or to leave a comment, please click here | Guideline | ||
|
2016-09-07 10:52:00 | IDG Contributor Network: Building an insider threat program that works – Part I (lien direct) | The consequences of failure range from failed security audits and interruptions of service or product deliveries to more significant degradation of ongoing operations, monetary losses and lasting reputational damage. In extreme scenarios, there is even the potential for bodily injury and loss of life.In response, many corporate and government leaders have invested heavily over the past few years in controls designed to mitigate the likelihood and consequences of a damaging insider event. Policy and procedural controls naturally have played a big part in these nascent insider threat programs, but so have a number of emerging technologies grouped under the umbrella of Security Analytics.To read this article in full or to leave a comment, please click here | Guideline | ||
|
2016-09-07 09:35:00 | IDG Contributor Network: HashiCorp slurps up cash to deliver DevOps goodness (lien direct) | Seemingly every company under the sun is now a DevOps leader-even ones that, while purporting to be about a new way of doing things, continue to market legacy, monolithic products and services. So, it's nice to see some genuine players achieve success and recognition in this space. A good example of this is HashiCorp-an important, but little-known DevOps vendor. The company manages a host of open-source tools, all of which tick of different parts of the application and infrastructure lifecycle. + Also on Network World: The shift to DevOps requires a new approach to security +To read this article in full or to leave a comment, please click here | Guideline | ||
|
2016-09-06 10:00:01 | Google\'s 3-level Android patch could cause confusion (lien direct) | Google has released another large monthly batch of security patches for Android, this time fixing 55 vulnerabilities, eight of which are rated critical.The novelty of this release is that the fixes are split into three different "security patch levels" -- date strings that indicate to users how up-to-date their devices are. While this could make it easier for device manufacturers to integrate patches applicable to their devices, it could lead to confusion among regular users.Since August 2015 Google has released security updates for Android according to a monthly schedule. This was intended to add some predictability to Android patches and indeed, some device makers committed to monthly security updates as well.To read this article in full or to leave a comment, please click here | Guideline | ||
|
2016-09-01 10:46:58 | Romanian hacker Guccifer sentenced to 52 months in US prison (lien direct) | A Romanian hacker known as Guccifer has been sentenced to 52 months in prison after breaking into internet accounts of about 100 U.S. citizens, including government officials.The 44-year-old Marcel Lehel Lazar was sentenced on Thursday. He was extradited from Romania and brought to court in the U.S., where he pleaded guilty to the hacking-related charges in May.From Oct. 2012 to Jan. 2014, Lazar targeted the email and social media accounts of his U.S.-based victims, as a way to steal their personal information and email messages. That included hacking a family member of two former U.S. presidents and several former U.S. officials.  “In many instances, Lazar publicly released his victims' private email correspondence, medical and financial information and personal photographs,†the Department of Justice said in a statement.To read this article in full or to leave a comment, please click here | Guideline | ||
|
2016-08-31 06:53:10 | Adobe patches critical vulnerability in ColdFusion application server (lien direct) | Adobe Systems released critical security patches for its ColdFusion application server, which has been a target for hackers in the past.The updates are available for ColdFusion versions 10 and 11 and address a critical security vulnerability that could lead to sensitive information disclosure when parsing specially crafted XML entities.Administrators are advised to upgrade their ColdFusion deployments to version 10 update 21 or version 11 update 10, depending on which branch they're using. The ColdFusion 2016 release is not affected, Adobe said in a security advisory.To read this article in full or to leave a comment, please click here | Guideline | ||
|
2016-08-29 07:19:00 | St Jude calls easily hackable pacemaker claims \'false and misleading\' (lien direct) | After MedSec revealed remotely exploitable flaws in St. Jude pacemakers and defibrillators to financial research firm Muddy Waters, choosing to profit by how far St. Jude stock fell after the report (pdf) was made public instead of taking a “responsible disclosure†path, St. Jude struck back by basically calling Muddy Waters' claims a bunch of lies.To read this article in full or to leave a comment, please click here | Guideline | ||
|
2016-08-25 08:14:00 | (Déjà vu) So your company\'s been hacked: How to handle the aftermath (lien direct) |
After a company has been hacked and the hack has been discovered to be a harmful one, top executives and IT leaders normally huddle in a room to assess the loss.It's usually not a pretty scene.It's not as if heads are exploding. It is more like what some might call a tense "come to Jesus" moment."It's not good," said cyber security expert Tyler Cohen Wood. She's participated in post-hack forensics sessions at companies and has witnessed the faces of panicked executives firsthand. Inspired eLearning
Tyler Cohen Wood is cyber security advisor to elearning company Inspired eLearning, and was previously a Defense Intelligence Agency cyber deputy division chief.To read this article in full or to leave a comment, please click here |
Guideline | ||
|
2016-08-25 06:44:00 | IDG Contributor Network: Hack the vote: How attackers could meddle in November\'s elections (lien direct) | Political action committees aren't the only entities attempting to influence the upcoming U.S. presidential election. Supposedly, Russia wants a say in who should lead the country. At least that's the opinion you could form after reading the many news stories that allege Russia is behind the recent hacks targeting the Democratic National Committee and the Democratic Congressional Campaign Committee.Attack attribution aside (I shared my thoughts on that topic in last month's blog), these data breaches raise the question of whether attackers could actually impact an election's outcome.To read this article in full or to leave a comment, please click here | Guideline | ||
|
2016-08-24 04:34:00 | 19% of shoppers would abandon a retailer that\'s been hacked (lien direct) | Nearly a fifth of shoppers would avoid at a retailer that has been a victim of a cybersecurity hack, according to a survey.The 2016 KPMG Consumer Loss Barometer report surveyed 448 consumers in the U.S. and found that 19% would abandon a retailer entirely over a hack. Another 33% said that fears their personal information would be exposed would keep them from shopping at the breached retailer for more than three months.The study also looked at 100 cybersecurity executives and found that 55% said they haven't spent money on cybersecurity in the past yearand 42% said their company didn't have a leader in charge of information security.To read this article in full or to leave a comment, please click here | Guideline | ||
|
2016-08-17 05:41:00 | Microsoft to end decades-old pick-a-patch practice in Windows 7 (lien direct) | Microsoft yesterday announced that beginning in October it will offer only cumulative security updates for Windows 7 and 8.1, ending the decades-old practice of letting customers choose which patches they apply."Historically, we have released individual patches ... which allowed you to be selective with the updates you deployed," wrote Nathan Mercer, a senior product marketing manager, in a post to a company blog. "[But] this resulted in fragmentation where different PCs could have a different set of updates installed leading to multiple potential problems."To read this article in full or to leave a comment, please click here | Guideline | ||
|
2016-06-02 13:04:00 | How to embrace the benefits of shadow IT (lien direct) | The terms shadow IT conjures up negative images in the minds of most IT organizations. Yet non-IT enterprise functions and lines of business are buying more of their own IT systems than ever before, particularly product, operations and external customer-facing groups and highly dynamic services areas. “As business functions seek to realize the benefits from these non-traditional channels of IT enablement, the shadow IT organizations are growing aggressively in order to help orchestrate and aggregate services into business consumable offerings,†says Craig Wright, managing director of outsourcing and technology consultancy Pace Harmon.[ Related: 4 ways to apply SLAs to shadow IT ]To read this article in full or to leave a comment, please click here | Guideline | ★★ |
To see everything:
Our RSS (filtrered)
