What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2018-05-17 08:35:05 | MY TAKE: Why DDoS attacks continue to escalate - and how businesses need to respond (lien direct) | Law enforcement's big win last month dismantling 'Webstresser,' an online shopping plaza set up to cater to anyone wishing to purchase commoditized DDoS attack services, was a stark reminder of the ever present threat posed by Distributed Denial of Service attacks. Related video: How DDoS attacks leverage the Internet’s DNA The threat actors running Webstresser […] | |||
|
2018-05-16 08:53:02 | MY TAKE: Why the unfolding SIEMs renaissance fits hand-in-glove with \'digital transformation\' (lien direct) | SIEM systems have been on the comeback trail for a few years now. And now SIEMs could be on the verge of a full-blown renaissance. Related article: Freeing SOC analysts from tedious tasks I spoke with several vendors who are contributing to this at RSA Conference 2018. One of them was Securonix, a supplier advanced […] | |||
|
2018-05-09 08:42:03 | LW\'s NEWS WRAP: \'Spectre-NG\' - the latest family of chip vulnerabilities; expect more to come (lien direct) | Last Watchdog’s News Wrap Vol. 1, No. 7. Google and Microsoft don't team up very often. But the software rivals, to their credit, have been moving in unison to help the business community get ahead of a new class of hardware-level security flaws that affect most of the networks now in service. Researchers at Google’s […] | |||
|
2018-05-07 09:07:01 | NEW TECH: Acalvio weaponizes deception to help companies turn the tables on malicious hackers (lien direct) | Differentiating itself in a forest of cybersecurity vendors has not been a problem for start-up Acalvio Technologies. While hundreds of other security companies tout endless types and styles of intrusion detection and prevention systems, Acalvio has staked out turf in a promising new sub-segment: deception-based security systems. Related article: Hunting for exposed data Launched in […] | |||
|
2018-05-04 15:19:05 | How \'identity governance\' addresses new attack vectors opened by \'digital transformation\' (lien direct) | Mark McClain and Kevin Cunningham didn't rest for very long on their laurels, back in late 2003, after they had completed the sale of Waveset Technologies to Sun Microsystems. Waveset at the time was an early innovator in the then-nascent identity and access management (IAM) field. The longtime business partners immediately stepped up planning for […] | |||
|
2018-05-03 15:53:03 | (Déjà vu) PODCAST: Netsparker advances penetration testing 2.0 – automated web app vulnerability scanning (lien direct) | A dozen years ago, or so, Ferruh Mavituna was doing very well as a lead penetration tester at a prominent cybersecurity consultancy when his frustration level began to spike. Mavituna had access to the best tools available to hunt down latent vulnerabilities in web applications. And yet, all too often for Mavituna's tastes, the tools […] | Guideline | ||
|
2018-05-03 15:53:03 | PODCAST: NetSparker advances penetration testing 2.0 – automated web app vulnerability scanning (lien direct) | A dozen years ago, or so, Ferruh Mavituna was doing very well as a lead penetration tester at a prominent cybersecurity consultancy when his frustration level began to spike. Mavituna had access to the best tools available to hunt down latent vulnerabilities in web applications. And yet, all too often for Mavituna's tastes, the tools […] | Guideline | ||
|
2018-04-30 09:31:02 | PODCAST: Can \'gamification\' of cyber training help shrink the human attack vector? (lien direct) | The human attack vector remains the most pervasively probed path for malicious hackers looking to gain a foothold inside a company's firewall. And yet, somehow, cyber awareness training has not kept pace. Circadence hopes to change that. The Boulder, Colo.-based company got its start in the gaming industry 20 years ago, shifted to supplying cyber […] | |||
|
2018-04-27 08:29:02 | PODCAST: How managing \'privileged accounts\' can help make \'digital transformation\' more secure (lien direct) | One of the most basic things a company can do to dramatically improve their security posture is to keep very close track of who has what access to which privileged accounts inside the company firewall. This is a best practice of privileged account management, which is a burgeoning sector of the identity and access management […] | |||
|
2018-04-26 09:19:03 | PODCAST: That crumbling sound you hear is obsolescence creeping into legacy security systems (lien direct) | For more than 20 years companies have, by and large, bought into the notion that they must take a “defense in depth” approach to network security. The best way to curtail network breaches, companies were told, was to erect strong perimeter firewalls, and then pile on dozens of layers of defenses on endpoint devices, databases, […] | |||
|
2018-04-25 08:56:03 | PODCAST: How freeing security analysts from repetitive tasks can turbo boost SOCs (lien direct) | It wasn’t too long ago that security start-up Demisto was merely a notion bantered over at a coffee break. While working at McAfee, Slavik Markovich and Rishi Bhargava would sip espresso and discuss the challenges companies faced getting more effective protection from their Security Operation Centers, or SOCs. Related article: How MSSPs can help small […] | |||
|
2018-04-20 07:08:00 | MY TAKE: Oracle aims to topple Amazon in cloud services - by going database-deep with security (lien direct) | Ahoy, Jeff Bezos and Amazon. Watch out! Larry Ellison and Oracle are coming after you. The ever feisty Ellison, 73, founder of Oracle and an America's Cup sailing champion, recently tacted the good ship Oracle onto a new course. Last October, Ellison announced the launch of a pioneering set of automated cloud services, and boasted […] | |||
|
2018-04-16 21:49:00 | GUEST ESSAY: Rising workplace surveillance is here to stay; here\'s how it can be done responsibly (lien direct) | People often recite the cynical phrase that 'privacy is dead.' I enthusiastically disagree and believe, instead, that anonymity is dead. One area where this is being increasingly demonstrated is in the workplace. Employee surveillance has been rising steadily in the digital age. And because it's difficult, if not impossible, to keep ones digital work life […] | |||
|
2018-04-11 07:00:00 | Q&A: How to prepare for Spectre, Meltdown exploits - and next-gen \'microcode\' attacks (lien direct) | If you think the cyber threat landscape today is nasty, just wait until the battle front drops to the processor chip level. Related artilce: A primer on microcode vulnerabilities It's coming, just around the corner. The disclosure in early January of Spectre and Meltdown, critical vulnerabilities that exist in just about all modern computer processing […] | |||
|
2018-04-10 07:01:02 | PODCAST: Why companies need a strategy to manage compliance, now more than ever (lien direct) | Businesses are embracing the public cloud at an accelerated pace — and for good reason. By tapping hosted services, companies of all sizes and in all verticals are finding fresh, dynamic ways to engage with employees, suppliers, partners and customers. Related articles: 5 things to do to prep for GDPR However, as companies race to […] | |||
|
2018-04-10 00:32:04 | MY TAKE: A breakdown of why Spectre, Meltdown signal a coming wave of \'microcode\' attacks (lien direct) | Hundreds of cybersecurity vendors are making final preparations to put their best foot forward at the RSA Conference at San Francisco's sprawling Moscone Center next week. This will be my 15th RSA, and I can say that there is a distinctively dark undertone simmering under this year's event. It has to do with a somewhat […] | |||
|
2018-04-05 09:44:02 | GUEST ESSAY: How Orbitz\'s poor execution of a systems upgrade left data exposed (lien direct) | In case you thought it had been a suspiciously long time since a massive data breach was announced, well, here you go. Just a couple of days ago, Orbitz (part of the massive travel conglomerate Expedia) revealed that during the second part of last year, the personal data of many of their users was breached. And […] | |||
|
2018-04-02 09:42:02 | MY TAKE: How behavior monitoring can reduce workplace violence, protect sensitive data (lien direct) | In Minority Report police use three mutated humans, called Precogs, who can previsualize crimes, to stop murders before they take place, reducing the Washington D.C. murder rate to zero. The Phillip K. Dick novella ( brought to the big screen by Tom Cruise) is set in 2054. Yet here we are in 2018 with large […] | |||
|
2018-03-29 00:15:03 | MY TAKE: Why Google\'s move to label non-HTTPS sites \'not secure\' is a good thing (lien direct) | San Francisco-based Cloudflare has traversed an interesting path to becoming a leading cybersecurity vendor. Back in 2004, Matthew Prince and Lee Holloway concocted something called Project Honey Pot to detect and deter email spammers. Prince's Harvard Business School classmate, Michelle Zatlyn, joined them in 2009, and together they elevated Project Honey Pot into a company […] | Guideline | ||
|
2018-03-27 09:36:05 | Q&A: What all companies should know about their exposure to \'open-source\' vulnerabilities (lien direct) | Hackers were able to ransack Equifax last year and steal personal data for some 144 million citizens by exploiting a vulnerability in an open source component, which the credit bureau failed to lock down. Related article: Beware of open-source vulnerabilities lurking all through your network The hackers leveraged a vulnerability in something called Apache Struts2, […] | Equifax | ||
|
2018-03-20 20:05:05 | Q&A: How crypto jackers drain computing power from business networks (lien direct) | Messaging security firm Proofpoint has been tracking botnet activity as closely as security vendor. One recent development is the deployment of botnets for hire, such as Necurs, towards illicit crypto mining, or crypto-jacking. Related article: Crypto jacking spreading faster than ransomware This silent stealing of corporate computing resources may seem somewhat benign compared to ransomware […] | |||
|
2018-03-19 22:53:00 | MY TAKE: Why \'crypto-jacking\' is spreading faster than ransomware - and may be more insidious (lien direct) | Has there ever been anything more tailor made for hackers than crypto currency? Is anyone surprised that hackers are innovating ways to crack into digital wallets and currency exchanges? In January, hackers absconded with some 58 billion Japanese yen worth of the XEM cryptocurrency from Tokyo-based Coincheck Exchange. That's a cool $533 million in U.S. […] | |||
|
2018-03-14 07:10:01 | MY TAKE: Why the SEC\'s reporting guidance, Yahoo\'s $80M payout will shake up board rooms (lien direct) | The most encouraging thing about the U.S. Securities and Exchange Commission formally issuing cybersecurity reporting “guidance” for public companies last month was, ironically, commissioner Kara Stein's disappointment that her colleagues did not go much further. Related video: Howard Schmidt’s 2015 observations on board involvement Stein said she would have liked to have seen the commission […] | Yahoo | ||
|
2018-03-12 07:58:02 | MY TAKE: Why Google is labeling websites \'unsafe\' - what publishers need to do about it (lien direct) | One of the things Google's security honchos have long championed – for the most part out of the public spotlight — is to make HTTPS Transport Layer Security (TLS) the de facto standard for preserving the integrity of commercial websites. TLS and its predecessor, Secure Sockets Layer, (SSL), rely on digital certificates to validate that […] | |||
|
2018-03-08 07:17:02 | GUEST ESSAY: Surveillance cam hack shows potential for ransomware collateral damage (lien direct) | The recent charges, and subsequent arrest, of two Romanians alleged to be responsible for a widespread hack of surveillance cameras in our nation's capitol raises a number of intriguing questions. Why hack surveillance cameras? What nefarious activity might escape law enforcement's notice while these particular cameras went dark? Related articles: Surveillance cams are trivial to […] | |||
|
2018-03-05 07:42:05 | MY TAKE: Necurs vs. Mirai – what \'classic\' and \'IoT\' botnets reveal about evolving cyber threats (lien direct) | I've written about how botnets arose as the engine of cybercrime, and then evolved into the Swiss Army Knife of cybercrime. It dawned on me very recently that botnets have now become the bellwether of cybercrime. This epiphany came after checking in with top experts at Proofpoint, Forcepoint, Cloudflare and Corero — leading vendors that […] | Guideline | ||
|
2018-03-04 02:56:02 | NEWS WRAP-UP: Crypto miners tap hacked websites, achieve monetization breakthrough (lien direct) | Week ending March 3, 2018. Cyber criminals have discovered a new pathway to monetization that's as trouble free as anthything they could have dreamed up: crypto mining on the back of hacked websites. Security vendor Cyren put out results of a study this week showing a 725% spike in the number of websites hosting cryptocurrency […] | |||
|
2018-02-26 07:25:01 | MY TAKE: A closer look at why \'carpet bombing\' of phishing email endures (lien direct) | Occasionally, examining something in microcosm can be more instructive than trying to absorb a macro view that overwhelms. Such is the case with the flurry of cyber attack reports that come out this time of year, analyzing and dissecting what transpired in the threat landscape the previous year. Last week, for instance, Fortinet and Cisco […] | |||
|
2018-02-20 07:04:02 | GUEST ESSAY: U.S. \'chip\' adoption reduces card scams - but drives up new account fraud (lien direct) | Identity theft and fraud hit an all-time high in 2017, according to the 2018 Identity Fraud Study released last week by Javelin Strategy & Research. Among Javelin's key findings fraudsters claimed 1.3 million more victims in 2017, with $16.8 billion stolen. That's a record high since 2003 when the firm first began tracking identity theft […] | |||
|
2018-02-19 07:05:01 | MY TAKE: Turning a blind eye: 73% of companies are ill-prepared to defend cyber attacks (lien direct) | Have we truly reached the point where a multiple-year run of nightmarish cyber attacks has become mere white noise to the business community? I cannot think of any other way to explain the findings of a new report starkly showing that fully 73% of companies in five Western nations miserably failed a cyber security readiness […] | |||
|
2018-02-12 09:25:13 | MY TAKE: Here\'s how the U.S. economy would lose $15 billion from a 3-day cloud outage (lien direct) | Cyber attack scenarios have become fairly common. It doesn't take too much imagination to conjure plausible assumptions and project Armageddon-scale damages attributable to crippling cyber attacks. One prime example is the Herjavec Group's 2017 cybercrime report which suggests damage caused by cyber criminals is climbing towards a whopping $6 trillion in annual global encomic damage […] | |||
|
2018-02-09 20:05:14 | NEWS WRAP-UP: Meltdown, Spectre discovered in the wild – live hardware attacks one step closer (lien direct) | Week ending Feb. 9, 2018. We're now one step closer to witnessing cyber criminals exploiting a new class of vulnerability that exists in the hardware level of virtually every computing device in active use. Nearly 140 samples of malware that exploit the Meltdown and Spectre vulnerabilities have been discovered by AV-TEST. Most of these are […] | |||
|
2018-02-05 07:49:02 | MY TAKE: Epiphany strikes Amazon, Google, Microsoft about who bears burden for cloud security (lien direct) | Amazon and Google last week very quietly made some moves that signal they've been hit by the identical epiphany: they each need to do a helluva lot more to secure cloud computing. Microsoft was hit by this lightning bolt about a year ago. The Redmond giant all through 2017 took pronounced steps to relieve users […] | |||
|
2018-02-02 21:29:09 | NEWS WRAP-UP: Dutch spies corroborate Russia\'s meddling in U.S. election - and 19 EU nations (lien direct) | Week ending Feb. 2, 2018. Even more substantive corroborating evidence of Russia's proactive interference in the 2016 U.S. presidential election comes from the Netherlands. European news reports detail how a Dutch intelligence agency secretly hacked into the Kremlin's most notorious hacking group, Cozy Bear, and tracked Cozy Bear's election tampering activities. Dutch spies passed all […] | APT 29 | ||
|
2018-02-01 07:43:56 | GUEST ESSAY: How children using illegal streaming devices get targeted by malicious actors (lien direct) | It is good to see pressure from advertisers prompting a tech titan to clean up its digital neighborhood. I refer to steps being taken recently by Alphabet, the parent conglomerate of Google and YouTube. Alphabet announced a new plan to keep ads from premium brands off YouTube pages with videos pushing dangerous, illegal, and/or illicit […] | |||
|
2018-01-26 21:31:22 | NEWS WRAP-UP: Russian bots conduct social media blitz to discredit Trump-Russia probe (lien direct) | Week ending Jan. 26, 2017. The use of Russian bots and trolls in social media  propaganda blitzes continues. Counter terrorism expert Malcolm Nance minced no words in lambasting the latest deployment of Russian botnets to influence American politics. Related article: Trump is top bait used in spam campaigns Nance appeared on the Stephanie Miller radio […] | |||
|
2018-01-19 17:16:42 | NEWS WRAP-UP: Mirai botnet variants take Internet-of-Things hacking to higher levels (lien direct) | Week ending Jan. 19, 2018. Don't look now but the weaponization of the Internet of Things just kicked into high gear. The Mirai botnet, which I first wrote about in December 2016, is back — in two potent variants. Mirai Okiru targets ARC processors – the chips embedded autos, mobile devices, smart TVs, surveillance cameras […] | |||
|
2018-01-18 22:26:29 | Q&A: What CyberX is doing to help address the hackable state of industrial control systems (lien direct) | Finally, the profoundly hackable state of industrial control systems (ICS) is being elevated as an issue of substantive concern and beginning to get the level of global attention it deserves. Nation-state backed hackers knocking out power grids and discombobulating other critical infrastructure – the cyber Pearl Harbor scenario – has been discussed for years in […] | |||
|
2018-01-16 20:06:53 | MY TAKE: Rising hacks on energy plants suggest ongoing global cyber war has commenced (lien direct) | We all fret over the smorgasbord of cultural and geopolitical controversies complicating our daily lives. That being the case, not enough public attention is being paid to the increasingly plausible scenario of an ongoing global cyber war. I say this because in recent months there has been a series of public disclosures about progressively more […] | |||
|
2018-01-16 11:08:08 | GUEST ESSAY: Why cyber attacks represent a clear and present danger - and what you can do about it (lien direct) | As we begin a new year, cyber attacks may actually pose a more profound threat to mankind than the specter of nuclear warfare. So says billionaire investor Warrant Buffet, and I tend to agree with him. Cyber attacks are growing in prominence every day – from influencing major elections to crippling businesses overnight, the role […] | |||
|
2018-01-12 19:35:45 | NEWS WRAP-UP: The other scary foreign hacking threat Trump is ignoring (lien direct) | Week ending Jan. 12th. Fast Company is reporting that meddling in the U.S. presidential election isn’t the whole story; Russia continues to try to hack into U.S. critical infrastructure. Meanwhile, Trump may be keeping Americans in the dark. Journalist Sarah Kendzior recounts how Sen. John McCain (R-AZ) last summer grilled Attorney General Jeff Sessions about […] | |||
|
2018-01-04 23:58:35 | MY TAKE: Why \'Meltdown\' and \'Spectre\' portend a banner year for malicious hackers (lien direct) | So you think 2017 was a bad year for cyber exposures? It is clear to me that we are about to commence an extended run of cyber incursions of unprecedented scale and sophistication. Four days into 2018 and the world must deal with the disclosure of an all-new class of vulnerability built into the processors […] | |||
|
2017-12-28 20:56:59 | MY TAKE: How a \'gift card\' thief spoiled my Christmas (lien direct) | Upon returning from a holiday trip this week, we received unsettling news. There has been a rash of mail theft emanating from our local post office. Our box of held mail seemed lighter than it should have been. And one envelope was slashed open; the gift card sent to us, missing. Our experience fell in […] | |||
|
2017-12-26 19:42:13 | GUEST ESSAY: Google study details how 9 million account logons get stolen every 24 hours (lien direct) | Google should be applauded for spending a year studying how cybercriminals highjack account login credentials and expose them in the cyberspace. The search giant's findings are astounding and instructive. Stolen passwords get channeled into the dark web in two main ways: one at a time, via phishing campaigns, or en masse, via data breaches, such […] | |||
|
2017-12-10 17:04:28 | MY TAKE: What the Uber hack tells us about fresh attack vectors created by the rise of DevOps (lien direct) | Dissecting the root cause of Uber's catastrophic data breach is a worthwhile exercise. Diving one level deeper into the scenario that led up to the popular ride-hailing service losing personal data for 50 million passengers and seven million drivers shows us why this particular type of hack is likely to recur many more times in […] | Uber | ||
|
2017-12-06 19:56:17 | PODCAST: The case for rethinking security - starting with smarter management of privileged access logons (lien direct) | Two cybersecurity trend lines have moved unremittingly up the same curve over the past two decades — and that's not a good thing. Year-in and year-out, organizations have steadily increased spending to defend their networks — and they continue to do so, with no end in sight. Research firm MarketsandMarkets estimates that the global cybersecurity […] | |||
|
2017-12-05 23:23:34 | VIDEO: Law enforcement\'s view of cyber criminals - and what it takes to stop them (lien direct) | Law enforcement officials play a vital role tracking down and neutralizing cyber criminals. Theirs is a complex, often thankless, mission. Here are some insights shared by two current, and one former, high-level officials from U.S. law enforcement, who spoke at the NetEvents Global Press & Analyst Summit, in San Jose, Calif., in late September. Based […] | |||
|
2017-12-01 16:26:56 | MY TAKE: Once upon a time, circa 2003-2004, botnets emerged as the engine of cybercrime (lien direct) | Betty Carty figured she ought to be in the digital fast lane. Last Christmas, Carty purchased a Dell desktop computer, then signed up for a Comcast high-speed Internet connection. But her new Windows XP machine crashed frequently and would only plod across the Internet. (Editor’s note: This 2,200 word article was originally published, Sept. 8, […] | |||
|
2017-11-28 22:25:21 | GUEST ESSAY: What \'Fight Club\' taught me about protecting my online personas (lien direct) | Dissociative identity disorder, AKA multiple personality disorder, is a human condition by which the victim's personality becomes fragmented into two or more distinctive states. DID has long been a rich topic for Hollywood screen writers. The movie Fight Club, in which Edward Norton and Brad Pitt portray polar opposite personalities of the main protagonist, is […] | ★★★ | ||
|
2017-11-27 21:50:47 | MY TAKE: Why Uber\'s flaunting of disclosure laws should ignite security regulations (lien direct) | Think it was a mere coincidence that Uber disclosed its catastrophic data breach on the Tuesday before Thanksgiving? Fat chance. Uber's new CEO Dara Khosrowshahi almost certainly calculated the diminished notoriety to be gained by announcing the hack on the eve of the year's most distraction-packed, four-day weekend. Related article: The implications of Deloitte breach […] | Deloitte Uber |
To see everything:
Our RSS (filtrered)
