What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2018-09-07 17:59:05 | MY TAKE: Can Hollywood\'s highly effective \'source-code\' security tools help make IoT safe? (lien direct) | Over the past couple of decades, some amazing advances in locking down software code have quietly unfolded in, of all places, Hollywood. Related: HBO hack spurs cyber insurance market Makes sense, though. Digital media and entertainment giants like Netflix, Amazon, Hulu, HBO, ESPN, Sony, and Disney are obsessive about protecting their turf. These Tinsel Town […] | Hack | ||
|
2018-09-06 10:24:04 | NEW TECH: Critical Start applies \'zero-trust\' security model to managed security services (lien direct) | All companies today are exposed to intense cyber-attacks. And yet the vast majority simply do not have the capability to effectively defend their networks. That's where managed security services providers, or MSSPs, come in. MSSPs monitor and manage cybersecurity systems as a contracted service. This can include spam filtering, malware detection, firewalls upkeep, vulnerability management […] | Spam Malware Vulnerability | ★★★★★ | |
|
2018-09-05 15:29:01 | MY TAKE: The amazing ways hackers manipulate \'runtime\' to disguise deep network breaches (lien direct) | There is a concept in computing, called runtime, that is so essential and occurs so ubiquitously that it has long been taken for granted. Now cyber criminals have begun to leverage this heretofore innocuous component of computing to insinuate themselves deep inside of company networks. Related: The coming wave of ‘microcode’ attacks They've figured out […] | |||
|
2018-09-04 19:18:05 | Q&A: How emulating attacks in a live environment can more pervasively protect complex networks (lien direct) | Most large enterprises today can point to multi-millions of dollars expended over the past two decades erecting “layered defenses” to protect their digital systems. Yet catastrophic network breaches continue apace. Turns out there's a downside to “defense in depth.” Related: Obsolecense creeps into legacy systems There's no doubt that monitoring and continually updating all parts […] | |||
|
2018-09-02 14:50:02 | NEW TECH: WhiteSource leverages automation to mitigate lurking open-source vulnerabilities (lien direct) | Just like the best sourdough bread derives from a “mother” yeast that gets divided, passed around, and used over and over, open-source software applications get fashioned from a “mother” library of code created and passed around by developers. Related: Equifax hack highlights open source attack vectors In today's world, quick innovations are a necessity, and software […] | Hack | Equifax | |
|
2018-08-30 15:50:02 | GUEST ESSAY: A call for immediate, collective action to stem attacks on industrial control systems (lien direct) | As the Industrial Internet of Things continues to transform the global industrial manufacturing and critical infrastructure industries, the threat of aggressive, innovative and dangerous cyber-attacks has become increasingly concerning. Adopting modern technology has revealed a downside: its interconnectedness. The vast web of connectivity has expanded the number of potential entry points for hackers. Unfortunately, you […] | Threat | ||
|
2018-08-29 16:45:00 | MY TAKE: Can \'Network Traffic Analysis\' cure the security ills of digital transformation? (lien direct) | If digital transformation, or DX, is to reach its full potential, there must be a security breakthrough that goes beyond legacy defenses to address the myriad new ways threat actors can insinuate themselves into complex digital systems. Network traffic analytics, or NTA, just may be that pivotal step forward. NTA refers to using advanced data […] | Threat | ||
|
2018-08-28 10:24:04 | MY TAKE: As phishers take aim at elections, why not train employees to serve as phishing police? (lien direct) | If there is a data breach or some other cybersecurity incident, a phishing attack was probably involved. Over 90 percent of incidents begin with a phishing email. One of the more infamous hacks in recent years, the DNC data breach, was the result of a phishing attack. Related: Carpet bombing of phishing emails endures Phishing […] | Data Breach | ||
|
2018-08-27 10:45:05 | MY TAKE: Here\'s how anyone with $20 can hire an IoT botnet to blast out a week-long DDoS attack (lien direct) | Distributed denial of service (DDoS) attacks continue to erupt all across the Internet showing not the faintest hint of leveling off, much less declining, any time soon. Related video: How DDoS attacks leverage the Internet’s DNA To the contrary, DDoS attacks appear to be scaling up and getting more sophisticated in lock step with digital […] | |||
|
2018-08-23 11:06:01 | Trend Micro takes multi-pronged approach to narrowing the gaping cybersecurity skills gap (lien direct) | Remember the old adage, you can never be too thin or too rich? The software development world has its own take on that dictum-you can never be too fast. Related: Gamification training targets iGens Business demand dictates a frenetic pace for delivering new and better technology. To perfect the process, more organizations are taking a […] | |||
|
2018-08-21 10:55:00 | What companies need to know about \'SecOps\' - the path to making \'digital transformation\' secure (lien direct) | DevOps has been around for a while now, accelerating the creation of leading edge business applications by blending the development side with the operations side. It should come as no surprise that security is being formally added to DevOps, resulting in an emphasis on a process being referred to as SecOps or DevSecOps. Related: How […] | Guideline | ||
|
2018-08-20 09:05:01 | GUEST ESSAY: 6 best practices that will help protect you company\'s digital assets in the cloud (lien direct) | More businesses than ever before are choosing to move their IT infrastructure and systems to cloud solutions such as Amazon Web Services and Microsoft Azure. There are many reasons to choose a cloud solution including increased flexibility and scalability, as well as reduced cost. In fact, a recent study of nearly 200 businesses and entrepreneurs […] | |||
|
2018-08-17 08:43:00 | MY TAKE: The back story on the convergence, continuing evolution of endpoint security (lien direct) | No one in cybersecurity refers to “antivirus” protection any more. The technology that corrals malicious software circulating through desktop PCs, laptops and mobile devices has evolved into a multi-layered security technology referred to as 'endpoint security.' This designation change unfolded a few years back. It was a reflection of attackers moving to take full advantage […] | |||
|
2018-08-15 09:21:02 | Q&A: Here\'s how Google\'s labeling HTTP websites “Not Secure” will strengthen the Internet (lien direct) | In a move to blanket the Internet with encrypted website traffic, Google is moving forward with its insistence that straggling website publishers adopt HTTPS Secure Sockets Layer (SSL). Related: How PKI can secure IoT Google's Chrome web browser commands a 60% market share. So the search giant has been leading the push to get 100% […] | Guideline | ||
|
2018-08-06 15:12:05 | Q&A: How your typing and screen swiping nuances can verify your identity (lien direct) | The recent data breaches at Timehop and Macy's are the latest harbingers of what's in store for companies that fail to vigorously guard access to all of their mission-critical systems. Related podcast: Why identities are the new firewall A common thread to just about every deep network breach these days is the failure of the […] | |||
|
2018-08-03 08:32:02 | Q&A: Crypto jackers redirect illicit mining ops to bigger targets - company servers (lien direct) | Illicit crypto mining is advancing apace. It was easy to see this coming. It began when threat actors began stealthily embedding crypto mining functionality into the web browsers of unwitting individuals. Cryptojacking was born. And now, the next-level shift is underway. Related article: Illicit crypto mining hits cloud services Cybercriminals have shifted their focus to […] | Threat | ||
|
2018-08-02 18:13:02 | National Cybersecurity Alliance advocates \'shared responsibility\' for securing the Internet (lien direct) | The targeting of Sen. Claire McCaskill by Russian intelligency agency hackers, as she runs for re-election, underscores the need for each individual and organization to take online privacy and security as a core part of our everyday lives. Related: Using ‘gamification’ for security training The National Cyber Security Alliance is a non-profit group, underwritten by […] | |||
|
2018-07-30 15:30:04 | NEW TECH: DataLocker introduces encrypted flash drive - with key pad (lien direct) | One sliver of the $90 billion, or so, companies are expected to spend this year on cybersecurity products and services is an estimated $85 million they will shell out for encrypted flash drives. One of more fascinating innovators in this space is 11-year-old DataLocker, based in Overland Park, Kansas. Related: How DataLocker got its starth […] | |||
|
2018-07-30 09:26:02 | GUEST ESSAY: How SIEMS, UEBAs fall short in today\'s turbulent threat landscape (lien direct) | Understanding today's cybersecurity landscape is complex. The amount of threats aimed at enterprises is staggering. More than 230,000 new malware samples are launched every day. The average small and medium-size business experiences a cyber attack 44 times every day. And the cost of damage directly related to cybercrime is adding up, expected to reach $6 […] | Malware Threat | ||
|
2018-07-25 18:02:04 | MY TAKE: Here\'s why identities are the true firewalls, especially as digital transformation unfolds (lien direct) | Was it really that long ago that company networks were comprised of a straightforward cluster of servers, data bases, applications and user devices corralled largely on premises? Related article: Taking a ‘zero-trust’ approach to authentication In today's digitally transformed environment, companies must monitor and defend systems housed on-premises and in overlapping public and private clouds. […] | |||
|
2018-07-23 17:36:00 | MY TAKE: How the lack of API security translates into \'digital transformation\' security holes (lien direct) | If you're not familiar with how Facebook, Twitter and YouTube make it so easy for you and me to easily access cool content they've collected and stored behind their respective firewalls, then you might think “API” is a trendy type of beer. In fact, API stands for Application Programming Interface, the indispensable technology that makes […] | |||
|
2018-07-16 09:37:04 | Companies need CASBs now more than ever - to help secure \'digital transformation\' (lien direct) | When I first wrote about Cloud Access Security Brokers in 2015, so-called CASBs were attracting venture capital by the truckloads — and winning stunning customer testimonials. CASBs (pronounced caz-bees) originally sought to resolve a fast rising security nightmare: Shadow IT. Related podcast: Web gateways emerge as crucial defense layer Striving to be productive, well-intentioned employees […] | |||
|
2018-07-13 08:59:03 | How \'digital transformation\' gave birth to a new breed of criminal: \'machine-identity thieves\' (lien direct) | There's a new breed of identity thief at work plundering consumers and companies. However, these fraudsters don't really care about snatching up your credentials or mine. By now, your personal information and mine has been hacked multiple times and is readily on sale in the Dark Web. This has long been true of the vast […] | |||
|
2018-07-13 00:21:05 | GUEST ESSAY: Theft of MQ-9 Reaper docs highlights need to better protect \'high-value assets\' (lien direct) | The discovery of sensitive U.S. military information for sale on the Dark Web for a nominal sum, in and of itself, is unfortunate and unremarkable. However, details of the underlying hack, ferreted out and shared by researchers of the Insikt Group, an arm of the security research firm Recorded Future, are most welcomed. They help […] | APT 37 | ||
|
2018-07-11 09:04:03 | Q&A: Here\'s why it has become vital for companies to deter \'machine-identity thieves\' (lien direct) | We're undergoing digital transformation, ladies and gentlemen. And we're in a nascent phase where clever advances are blossoming even as unprecedented data breaches arise in parallel. The latest example of this dichotomy comes from Timehop, a service that enables social media users to plug into their past. On Sunday, Timehop shared details about how a […] | |||
|
2018-06-29 00:51:01 | MY TAKE: These 7 nation-state backed hacks have put us on the brink of a global cyber war (lien direct) | Nation-state backed hacking collectives have been around at least as long as the Internet. However, evidence that the 'golden age' of cyber espionage is upon us continues to accumulate as the first half of 2018 comes to a close. Related podcast: Obsolescence is creeping into legacy security systems What's changed is that cyber spies are […] | |||
|
2018-06-28 15:02:01 | As 2-factor authentication falls short, \'adaptive multi-factor authentication\' goes mainstream (lien direct) | The use of an additional form of authentication to protect the accessing of a sensitive digital system has come a long way over the past decade and a half. Most individuals today are nonplussed when required, under certain circumstances, to retrieve a one-time passcode, pushed out in a text message to their smartphone, and then […] | |||
|
2018-06-21 19:14:01 | MY TAKE: Knowing these 5 concepts will protect you from illicit cryptocurrency mining (lien direct) | The cryptocurrency craze rages on, and one unintended consequence is the dramatic rise of illicit cryptocurrency mining. It takes computing power to transform digital calculations into crypto cash, whether it be Bitcoin or one of the many other forms of digital currency. Related podcast: How cryptomining malware is beginning to disrupt cloud services So, quite […] | Malware | ||
|
2018-06-21 09:05:02 | GUEST ESSAY: Here\'s why Tesla has been sabotaged twice in two years - lax network security (lien direct) | The disclosure earlier this week that Tesla CEO Elon Musk reportedly informed all of his employees about a rogue worker conducting “extensive and damaging sabotage” to the company's operations very much deserves the news coverage it has gotten. Related: The 'golden age' of cyber spying is upon us Musk reportedly sent out an internal email […] | Tesla | ||
|
2018-06-20 08:47:03 | Will cryptocurrency mining soon saturate AWS, Microsoft Azure and Google Cloud? (lien direct) | Don't look now but cryptojacking may be about to metastasize into the scourge of cloud services. Cryptojacking, as defined by the Federal Trade Commission, is the use of JavaScript code to capture cryptocurrencies in users’ browsers without asking permission. There’s a temptation to dismiss it as a mere nuisance; companies deep into 'digital transformation,' in […] | |||
|
2018-06-18 12:34:05 | VASCO rebrands as OneSpan, makes acquisition, to support emerging mobile banking services (lien direct) | Bank patrons in their 20s and 30s, who grew up blanketed with digital screens, have little interest in visiting a brick-and-mortar branch, nor interacting with a flesh-and-blood teller. This truism is pushing banks into unchartered territory. They are scrambling to invent and deliver a fresh portfolio of mobile banking services that appeal to millennials. Related […] | |||
|
2018-06-14 15:00:05 | Why big companies ignore SAP security patches - and how that could bite them, big time (lien direct) | Threat actors in the hunt for vulnerable targets often look first to ubiquitous platforms. It makes perfect sense for them to do so. Related article: Triaging open-source exposures Finding a coding or design flaw on Windows OS can point the way to unauthorized to access to a treasure trove of company networks that use Windows. […] | |||
|
2018-06-14 08:46:00 | GUEST ESSAY: 3 key ingredients to stress-free compliance with data handling regulations (lien direct) | The variety of laws and regulations governing how organizations manage and share sensitive information can look like a bowl of alphabet soup: HIPAA, GDPR, SOX, PCI and GLBA. A multinational conglomerate, government contractor, or public university must comply with ten or more, which makes demonstrating regulatory compliance seem like a daunting, even impossible, undertaking. But […] | |||
|
2018-06-13 22:05:01 | Mobile security advances to stopping device exploits - not just detecting malicious apps (lien direct) | The most profound threat to corporate networks isn't the latest, greatest malware. It's carbon-based life forms. Humans tend to be gullible and impatient. With our affiliations and preferences put in play by search engines and social media, we're perfect patsies for social engineering. And because we are slaves to convenience, we have a propensity for […] | |||
|
2018-06-07 15:18:03 | With passwords here to stay, a \'Zero Trust\' approach to authentication makes eminent sense (lien direct) | When I first started writing about technology for USA Today in 2000, reporters were required to use what at the time was a cutting-edge 2-factor authentication device to securely log into the newspaper's editing and publishing network. Related article: The case for rethinking security It was an RSA SecurID token. I attached it to my […] | |||
|
2018-06-06 16:32:04 | Last Watchdog\'s coverage of cybersecurity and privacy earns 4th Top Blog award (lien direct) | Our daily mission here at Last Watchdog is to keep the public usefully informed about emerging cybersecurity and privacy exposures. Related article: The road to a Pulitzer Though we don't spend any time seeking it out, one measure of our success is peer recognition. So I'm happy to let our audience know that Last Watchdog […] | |||
|
2018-06-05 18:23:01 | (Déjà vu) Security start-up deploys advanced AI, aka \'deep learning,\' to detect malware on endpoints (lien direct) | Based in Tel Aviv, Israel, Deep Instinct was one of the more intriguing cybersecurity vendors I had the privilege of spending some time with at RSA Conference 2018. The company lays claims to being the first to apply “deep learning” to a truly innovative protection system that extends machine learning and artificial intelligence down to […] | |||
|
2018-06-02 09:50:02 | (Déjà vu) How advanced AI, aka \'deep learning,\' is being used to detect malware on endpoints (lien direct) | Deep Instinct was one of the more intriguing cybersecurity vendors I had the privilege of spending some time with at RSA Conference 2018. The Tel Aviv, Israel – based company lays claims to being the first to apply “deep learning” to a truly innovative protection system that extends machine learning and artificial intelligence down to […] | |||
|
2018-05-31 20:41:05 | Why the \'golden age\' of cyber espionage is upon us (lien direct) | Researchers at Cisco's Talos intelligence unit have now expressed high confidence that the Russian government is behind VPNFilter, a malware strain designed to usurp control of small office and home routers and network access control devices. If you doubt VPNFilter's capacity to fuel cyber chaos on a global scale, please peruse the FBI's recently issued […] | VPNFilter | ||
|
2018-05-30 08:59:04 | Q&A: How EventTracker breathes new life into SIEMs - by co-managing company systems (lien direct) | Security information and event management systems – aka SIEMs — arrived in the corporate environment some 13 years ago holding much promise. Related article: WannaCry revives self-spreading viruses SIEMs hoovered up anything that might be a security issue in real-time from various event and data sources. Companies could pump in all of the data traffic […] | Wannacry | ||
|
2018-05-29 23:41:05 | Will GDPR usher in a new paradigm for how companies treat consumers\' online privacy? (lien direct) | Back in 2001, Eric Schmidt, then Google's CEO, described the search giant's privacy policy as “getting right up to the creepy line and not crossing it.” Well, Europe has now demarcated the creepy line – and it is well in favor of its individual citizens. The General Data Protection Regulation, or GDPR, elevates the privacy […] | |||
|
2018-05-25 16:23:04 | Preempt stakes out turf as supplier of \'Continuous Adaptive Risk and Trust Assessment\' technology (lien direct) | Defending modern business networks continues to rise in complexity seemingly minute by minute. Perimeter defenses are woefully inadequate, and traditional tactics, like blacklisting and malware detection, are proving to be increasingly ineffective. Protecting business networks today requires a framework of defenses. Leading tech research firm Gartner has even contrived a new buzz phrase for the […] | Guideline | ||
|
2018-05-24 20:12:01 | Q&A: How Deep Instinct uses \'deep learning\' to detect unknown malware on laptops, smartphones (lien direct) | Deep Instinct was one of the more intriguing cybersecurity vendors I had the privilege of spending some time with at RSA Conference 2018. The Tel Aviv, Israel – based company lays claims to being the first to apply “deep learning” to a truly innovative protection system that extends machine learning and artificial intelligence down to […] | |||
|
2018-05-24 04:47:03 | Can Cisco, FBI stop Russia from deploying VPNFilter to interfere with U.S. elections? (lien direct) | KINGSTON, WA – NewsWrap 23May2018. Cisco’s Talos cyber intelligence unit today said that it has high confidence that the Russian government is behind the campaign, dubbed VPNFilter, to launch destructive attacks on Ukraine. Related article: How Russian bots supported Nunes memo Talos researchers disclosed that VPNFilter has : •Infected 500,000 routers and networking devices 54 […] | VPNFilter | ||
|
2018-05-23 09:47:01 | GUEST ESSAY: DHS tackles supply-chain issues over malware-laden smartphones (lien direct) | At the Black Hat security conference last August, researchers from the security firm Kryptowire announced that they'd discovered Amazon's #1-selling unlocked Android phone, the BLU R1 HD, was sending Personally Identifiable Information (PII) to servers in China. The culprit was a piece of firmware update software created by AdUps Technologies, a company based in Shanghai. […] | |||
|
2018-05-22 22:23:00 | Advanced encryption that locks down \'underlying data\' arrives to support \'digital transformation\' (lien direct) | Encrypting data kept in storage (data at rest) as well as data as it is being transported from one server to another (data in transit) has become a standard business practice. Yet there remains a singular security gap in the way companies collect, store, access and analyze business data, both on premises and, especially, in […] | |||
|
2018-05-21 18:05:01 | CyberArk shows how \'shadow admins\' can be created in cloud environments (lien direct) | There's little doubt “digital transformation” is here to stay. And it is equally clear that just about all of the fundamental network vulnerabilities we already know about will escalate, in lockstep, with any benefits accrued. It turns out that speeding up tech innovation cuts both ways. Related article: How safeguarding privileged accounts can lower insurance […] | |||
|
2018-05-21 15:10:04 | GUEST ESSAY: The Facebook factor: Zuckerberg\'s mea culpa reveals intolerable privacy practices (lien direct) | In the words of the Nobel Prize writer Bob Dylan, “The times, they are a-changin.'” Revelations in the press about Facebook's current privacy problems, and a new comprehensive European Union privacy framework that impacts American businesses, may be changing the climate towards more data privacy regulations by United States lawmakers. As technology and uses for […] | |||
|
2018-05-21 08:02:02 | GUEST ESSAY: How data science and cybersecurity will secure \'digital transformation\' (lien direct) | In today's environment of rapid-fire technical innovation, data science and cybersecurity not only share much in common, it can be argued that they have an important symbiotic relationship. A fundamental understanding of the distinctions – and similarities – of these two fields is good to have. Both must flourish separately and together to fuel “digital […] | |||
|
2018-05-18 17:50:01 | Why antivirus has endured as a primary layer of defense - 30 years into the cat vs. mouse chase (lien direct) | Antivirus software, also known as antimalware, has come a long, long way since it was born in the late 1980's to combat then nascent computer viruses during a time when a minority of families had a home computer. One notable company's journey in the space started in 1987 when three young men, Peter Paško, Rudolf […] |
To see everything:
Our RSS (filtrered)
