What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2019-02-26 08:34:00 | GUEST ESSAY: Repelling social engineering attacks requires shoring up the weakest link: humans (lien direct) | The problem with social engineering attacks is that they capitalize on the weakest link on any computer or network system: You! Avoiding social engineering attacks requires you to understand what they are and how they work. Related: Why diversity needs to be part of security training Social engineering takes advantage of human psychology to attack […] | |||
|
2019-02-25 08:25:01 | MY TAKE: Identity \'access\' and \'governance\' tech converge to meet data protection challenges (lien direct) | As companies make more extensive use of evermore capable – and complex — digital systems, what has remained constant is the innumerable paths left wide open for threat actors to waltz through. Related: Applying ‘zero trust’ to managed security services. So why hasn't the corporate sector been more effective at locking down access for users? […] | Threat | ||
|
2019-02-20 16:42:05 | MY TAKE: Here\'s why the Internet Society\'s new Privacy Code of Conduct deserves wide adoption (lien direct) | It's time to encourage businesses to adopt the New Privacy Code of Conduct to protect users When Facebook founder Mark Zuckerberg infamously declared that privacy “is no longer a social norm” in 2010, he was merely parroting a corporate imperative that Google had long since established. That same year, then-Google CEO Eric Schmidt publicly admitted […] | |||
|
2019-02-15 12:52:05 | MY TAKE: What it takes to beat cybercrime in the age of DX and IoT: personal responsibility (lien direct) | Back in 2004, when I co-wrote this USA TODAY cover story about spam-spreading botnets, I recall advising my editor to expect cybersecurity to be a headline-grabbing topic for a year or two more, tops. Related: A primer on machine-identity exposures I was wrong. Each year over the past decade-and-a-half, a cause-and-effect pattern has spread more […] | ★★★★ | ||
|
2019-02-12 09:05:00 | MY TAKE: Can Project Furnace solve DX dilemma by combining serverless computing and GitOps? (lien direct) | Assuring the privacy and security of sensitive data, and then actually monetizing that data, — ethically and efficiently — has turned out to be the defining challenge of digital transformation. Today a very interesting effort to address this complex dilemma is arising from the ferment, out of the UK. It's called Project Furnace, an all-new […] | |||
|
2019-02-12 00:03:01 | GUEST ESSAY: Australia\'s move compelling VPNs to cooperate with law enforcement is all wrong (lien direct) | The moment we've all feared has finally come to pass. When government agencies and international intelligence groups pooled together resources to gather user data, the VPN's encryption seemed like the light at the end of the tunnel. Related: California enacts pioneering privacy law However, it looks like things are starting to break apart now that […] | |||
|
2019-02-06 13:29:04 | MY TAKE: Why Satya Nadella is wise to align with privacy advocates on regulating facial recognition (lien direct) | We're just a month and change into the new year, and already there have been two notable developments underscoring the fact that some big privacy and civil liberties questions need to be addressed before continuing the wide-scale deployment of advanced facial recognition systems. This week civil liberties groups in Europe won the right to challenge […] | |||
|
2019-02-01 09:04:04 | MY TAKE: Why companies should care about 2.2 billion stolen credentials circulating in easy reach (lien direct) | Some chilling hard evidence has surfaced illustrating where stolen personal information ultimately ends up, once it has flowed through the nether reaches of the cyber underground. Wired magazine reported this week on findings by independent security researchers who have been tracking the wide open availability of a massive cache of some 2.2 billion stolen usernames, […] | |||
|
2019-01-31 09:30:02 | MY TAKE: \'Bashe\' attack theorizes a $200 billion ransomware raid using NSA-class cyber weapons (lien direct) | A report co-sponsored by Lloyd's of London paints a chilling scenario for how a worldwide cyberattack could trigger economic losses of some $200 billion for companies and government agencies ill-equipped to deflect a very plausible ransomware attack designed to sweep across the globe. Related: U.S. cyber foes exploit government shutdown The Cyber Risk Management (CyRiM) […] | Ransomware | ||
|
2019-01-30 09:35:00 | NEW TECH: This free tool can help gauge, manage third-party cyber risk; it\'s called \'VRMMM\' (lien direct) | Late last year, Atrium Health disclosed it lost sensitive data for some 2.65 million patients when hackers gained unauthorized access to databases operated by a third-party billing vendor. Turn the corner into 2019 and we find Citigroup, CapitalOne, Wells Fargo and HSBC Life Insurance among a host of firms hitting the crisis button after their […] | Tool | ||
|
2019-01-28 09:09:04 | MY TAKE: 3 privacy and security habits each individual has a responsibility to embrace (lien direct) | Would you back out of a driveway without first buckling up, checking the rear view mirror and glancing behind to double check that the way is clear? Consider that most of us spend more time navigating the Internet on our laptops and smartphones than we do behind the wheel of a car. Yet it's my […] | |||
|
2019-01-24 01:57:04 | MY TAKE: US cyber adversaries take cue from shutdown to accelerate malware deployment (lien direct) | One profound consequence of Donald Trump's shutdown of the federal government, now in day 33, is what a boon it is to US cyber adversaries. And moving forward, the long run ramifications are likely to be dire, indeed. Related: Welcome to the ‘golden age’ of cyber espionage With skeleton IT crews manning government networks, America's […] | Malware | ||
|
2019-01-22 19:10:01 | GUEST POST: Six tangible ways \'SOAR\' can help narrow the cybersecurity skills gap (lien direct) | The cybersecurity talent shortage is here to stay. With an estimated 1.5-2 million unfulfilled cybersecurity positions, organizations are coming to terms with the fact that no amount of creative hiring initiatives will rid them of the need of figuring out how to protect their organizations despite being short staffed. Related: Addressing the cyber skills gap […] | |||
|
2019-01-18 19:42:04 | GUEST ESSAY: Why the hack of South Korea\'s weapons, munitions systems was so predictable (lien direct) | The disclosure that malicious intruders hacked the computer systems of the South Korean government agency that oversees weapons and munitions acquisitions for the country’s military forces is not much of a surprise. The breach of some 30 computers of South Korea’s Defense Acquisition Program Administration (DAPA), which is part of the Ministry of National Defense, […] | Hack | ||
|
2019-01-16 08:30:05 | GUEST ESSAY: What your company should know about addressing Kubernetes security (lien direct) | Kubernetes is one of many key enabling technologies of digital transformation that has tended to remain obscure to non-technical company decision makers. Related podcast: Securing software containers Kubernetes is an administration console — an open source project from Google that makes containerized software applications easy to deploy, scale, and manage. As beneficial as Kubernetes is […] | Uber | ||
|
2019-01-14 08:43:00 | Q&A: Here\'s why robust \'privileged access management\' has never been more vital (lien direct) | Malicious intruders have long recognized that getting their hands on privileged credentials equates to possessing the keys to the kingdom. This is because privileged accounts are widely deployed all across modern business networks — on-premises, in the cloud, across DevOps environments and on endpoints. Related: California enacts pioneering privacy law However, lacking robust protection, privileged accounts, […] | |||
|
2019-01-08 06:05:02 | Q&A: Why emerging IoT platforms require the same leading-edge security as industrial controls (lien direct) | The heyday of traditional corporate IT networks has come and gone. In 2019, and moving ahead, look for legacy IT business networks to increasingly intersect with a new class of networks dedicated to controlling the operations of a IoT-enabled services of all types, including smart buildings, IoT-enabled healthcare services and driverless cars. Related: Why the […] | |||
|
2019-01-07 22:04:02 | Port Covington, MD re-emerges as \'CyberTown, USA\' - ground zero for cybersecurity research (lien direct) | When CyberTown, USA is fully built out, it's backers envision it emerging as the world's premier technology hub for cybersecurity and data science. DataTribe, a Fulton, MD-based cybersecurity startup incubator, has been a key backer of this ambitious urban redevelopment project, which broke ground last October in Port Covington, MD, once a bustling train stop […] | |||
|
2018-12-26 09:53:03 | GUEST ESSAY: The case for engaging in \'threat hunting\' - and how to do it effectively (lien direct) | Modern cyber threats often are not obvious – in fact it is common for them to lurk inside a business' systems for a long time without anyone noticing. This is referred to as 'dwell time', and a recent report from the Ponemon Institute indicates that the average dwell time is 191 days. Related podcast: The […] | |||
|
2018-12-20 08:51:01 | GUEST ESSAY: Top cybersecurity developments that can be expected to fully play out in 2019 (lien direct) | From a certain perspective, 2018 hasn't been as dramatic a cybersecurity year as 2017, in that we haven't seen as many global pandemics like WannaCry. Related: WannaCry signals worse things to come. Still, Ransomware, zero-day exploits, and phishing attacks, were among the biggest threats facing IT security teams this year. 2018 has not been a […] | Wannacry | ||
|
2018-12-17 08:34:00 | GUEST ESSAY: The true cost of complacency, when it comes to protecting data, content (lien direct) | Facebook was lucky when the Information Commissioner's Office (ICO)-the UK's independent authority set up to uphold information rights in the public interest-hit the U.S. social media company with a £500,000 fine. Related: Zuckerberg’s mea culpa rings hollow This penalty was in connection with Facebook harvesting user data, over the course of seven years — between […] | |||
|
2018-12-12 08:06:05 | GUEST ESSAY: Why corporate culture plays such a pivotal role in deterring data breaches (lien direct) | Picture two castles. The first is impeccably built – state of the art, with impenetrable walls, a deep moat, and so many defenses that attacking it is akin to suicide. The second one isn't quite as well-made. The walls are reasonably strong, but there are clear structural weaknesses. And while it does have a moat, […] | |||
|
2018-12-11 16:46:04 | NetSecOPEN names founding members, appoints inaugural board of directors (lien direct) | SAN JOSE, Calif. – Dec. 11, 2018 – NetSecOPEN, the first industry organization focused on the creation of open, transparent network security performance testing standards, today announced that 11 prominent security vendors, test solutions and services vendors, and testing laboratories have joined the organization as founding members. Related podcast: The importance of sharing alliances The […] | |||
|
2018-12-10 08:17:00 | GUEST ESSAY: \'Tis the season - to take proactive measures to improve data governance (lien direct) | The holiday season is upon us and the bright lights and greenery aren't the only indicators that we've reached December. Sadly, data breaches often occur at this time of year. Recently we've seen major news stories about breaches at Starwood Hotels and Quora. Related podcast: The need to lock down unstructured data Last year, at […] | |||
|
2018-12-06 08:22:02 | GUEST ESSAY: 5 security steps all companies should adopt from the Intelligence Community (lien direct) | The United States Intelligence Community, or IC, is a federation of 16 separate U.S. intelligence agencies, plus a 17th administrative office. The IC gathers, stores and processes large amounts of data, from a variety of sources, in order to provide actionable information for key stakeholders. And, in doing so, the IC has developed an effective […] | |||
|
2018-12-05 08:27:01 | GUEST ESSAY: Atrium Health data breach highlights lingering third-party exposures (lien direct) | The healthcare industry has poured vast resources into cybersecurity since 2015, when a surge of major breaches began. While the nature of these breaches has evolved over the last four years, the growth in total healthcare incidents has unfortunately continued unabated. Related: How to get of HIPAA hit list The recent disclosure from Atrium Health […] | Data Breach | ||
|
2018-12-03 08:47:02 | MY TAKE: Massive Marriott breach continues seemingly endless run of successful hacks (lien direct) | I have a Yahoo email account, I've shopped at Home Depot and Target, my father was in the military and had a security clearance, which included a dossier on his family, archived at the U.S. Office of Personnel Management, I've had insurance coverage from Premera Blue Cross and I've stayed at the Marriott Marquis in […] | Yahoo | ||
|
2018-11-30 09:11:02 | MY TAKE: Why security innovations paving the way for driverless cars will make IoT much safer (lien direct) | Intelligent computing systems have been insinuating themselves into our homes and public gathering places for a while now. But smart homes, smart workplaces and smart shopping malls are just the warm-up act. Get ready for smart ground transportation. Related: Michigan’s Cyber Range hubs help narrow talent gap Driverless autos, trucks and military transport vehicles are […] | |||
|
2018-11-28 08:55:03 | MY TAKE: Michigan\'s Cyber Range hubs provide career paths to high-schoolers, underutilized adults (lien direct) | Michigan is cultivating a collection of amazing cybersecurity training facilities, called Cyber Range hubs, that are shining models for what's possible when inspired program leaders are given access to leading-edge resources, wisely supplied by public agencies and private foundations. As a guest of the Michigan Economic Development Corporation, I recently had the chance to tour […] | Guideline | ||
|
2018-11-27 09:05:05 | GUEST ESSAY: 5 anti-phishing training tools that can reduce employees\' susceptibility to scams (lien direct) | The vast majority of cyber attacks against organizations pivot off the weakest security link: employees. The good news is that companies today have ready access to a wide variety of tools that can simulate common types of attacks and boost employee awareness. Here's a guide to five such services. PhishMe This tool, from Cofense, proactively […] | |||
|
2018-11-26 08:51:02 | MY TAKE: Michigan\'s cybersecurity readiness initiatives provide roadmap others should follow (lien direct) | Michigan is known as the Wolverine State in deference to the ornery quadruped that roams its wild country. However, after a recent visit to Detroit, Ann Arbor and Grand Rapids as a guest of the Michigan Economic Development Corp., or MEDC, I'm prepared to rechristen Michigan the Cybersecurity Best Practices State. Related: California’s pioneering privacy […] | |||
|
2018-11-21 08:58:05 | GUEST ESSAY: California pioneers privacy law at state level; VA, VT, CO, NJ take steps to follow (lien direct) | Privacy regulations and legislation are topics that continue to be of concern for consumers and businesses alike. News of data breaches, data vulnerabilities and compromised private information is released almost daily from businesses both small and large. Related: Europe’s GDPR ushers in new privacy era Legislation has recently been proposed for individual states, addressing data […] | |||
|
2018-11-19 08:26:05 | (Déjà vu) GUEST ESSAY: The privacy implications of facial recognition systems rising to the fore (lien direct) | Tech advances are accelerating the use of facial recognition as a reliable and ubiquitous mass surveillance tool, privacy advocates warn. A string of advances in biometric authentication systems has brought facial recognition systems, in particular, to the brink of wide commercial use. Related: Drivers behind facial recognition boom Adoption of facial recognition technology is fast […] | |||
|
2018-11-15 16:48:01 | New DigiCert poll shows companies taking monetary hits due to IoT-related security missteps (lien direct) | Even as enterprises across the globe hustle to get their Internet of Things business models up and running, there is a sense of foreboding about a rising wave of IoT-related security exposures. And, in fact, IoT-related security incidents have already begun taking a toll at ill-prepared companies. Related: How to hire an IoT botnet — […] | |||
|
2018-11-13 08:52:03 | NEW TECH: Cequence Security launches platform to shield apps, APIs from malicious botnets (lien direct) | Cyber criminals are deploying the very latest in automated weaponry, namely botnets, to financially plunder corporate networks. The attackers have a vast, pliable attack surface to bombard: essentially all of the externally-facing web apps, mobile apps and API services that organizations are increasingly embracing, in order to stay in step with digital transformation. Related: The […] | |||
|
2018-11-12 08:43:03 | Q&A: How certifying in-house IT staffers as cyber analysts, pen testers can boost SMB security (lien direct) | A security-first mindset is beginning to seep into the ground floor of the IT departments of small and mid-sized companies across the land. Senior executives at these SMBs are finally acknowledging that a check-box approach to security isn't enough, and that instilling a security mindset pervasively throughout their IT departments has become the ground stakes. […] | |||
|
2018-11-05 09:43:00 | GUEST ESSAY: Did you know these 5 types of digital services are getting rich off your private data? (lien direct) | Now more than ever before, “big data” is a term that is widely used by businesses and consumers alike. Consumers have begun to better understand how their data is being used, but many fail to realize the hidden privacy pitfalls in every day technology. Related: Europe tightens privacy rules From smart phones, to smart TVs, […] | |||
|
2018-11-01 16:18:02 | (Déjà vu) NEW TECH: How \'adaptive multi-factor authentication\' is gaining traction via partnerships (lien direct) | Tel Aviv, Israel-based Silverfort continues to make inroads into proving the efficacy of its innovative approach to multi-factor authentication, or MFA, in corporate settings. Related: Why a ‘zero-trust’ approach to security is necessary One recent validation comes from two long established, and much larger cybersecurity vendors – Check Point and Palo Alto Networks – that […] | |||
|
2018-10-29 08:56:01 | GUEST ESSAY: A guide to implementing best security practices - before the inevitable breach (lien direct) | The United States has experienced the most cybersecurity breaches in the world and the Equifax Breach was one of the first to be considered a “mega breach.” The headlines immediately attempted to lay the blame, in large part, on the fact that Equifax's chief information security officer was a music major and did not have […] | Equifax | ||
|
2018-10-22 08:57:01 | NEW TECH: Silverfort extends \'adapative multi-factor authentication\' via key partnerships (lien direct) | Tel Aviv, Israel-based Silverfort continues to make inroads into proving the efficacy of its innovative approach to multi-factor authentication, or MFA, in corporate settings. Related: Why a ‘zero-trust’ approach to security is necessary One recent validation comes from two long established, and much larger cybersecurity vendors – Checkpoint and Palo Alto Networks – that have […] | |||
|
2018-10-17 09:26:04 | GUEST ESSAY: Pentagon\'s security flaws highlighted in GAO audit - and recent data breach (lien direct) | Being the obvious target that it is, the U.S. Department of Defense presumably has expended vast resources this century on defending its digital assets from perennial cyber attacks. Related: Why carpet bombing email campaigns endure And yet two recent disclosures highlight just how brittle the military's cyber defenses remain in critical areas. By extension these […] | Data Breach | ||
|
2018-10-15 18:57:03 | Guest Essay: Supply chain vulnerabilities play out in latest Pentagon personnel records breach (lien direct) | It is disheartening, but not at all surprising, that hackers continue to pull off successful breaches of well-defended U.S. government strategic systems. Related podcast: Cyber attacks on critical systems have only just begun On Friday, Oct. 12, the Pentagon disclosed that intruders breached Defense Department travel records and compromised the personal information and credit card […] | |||
|
2018-10-08 16:13:05 | MY TAKE: Cyber attacks on industrial controls, operational technology have only just begun (lien direct) | “May you live in interesting times.” The old Chinese proverb–some consider it a blessing and others a curse–certainly describes the modern-day cyber landscape. Related: 7 attacks that put us at the brink of cyber war In today's geopolitical terrain, nation-state backed cyber criminals are widening their targets and starting to zero in on their adversaries' […] | |||
|
2018-09-28 14:49:01 | MY TAKE: The many ways social media is leveraged to spread malware, manipulate elections (lien direct) | Remember how we communicated and formed our world views before Facebook, Twitter, Instagram, Reddit, CNN and Fox News? We met for lunch, spoke on the phone and wrote letters. We got informed, factually, by trusted, honorable sources. Remember Walter Cronkite? Today we're bombarded by cable news and social media. And Uncle Walt has been replaced […] | |||
|
2018-09-24 17:03:01 | Q&A: Reddit breach shows use of \'SMS 2FA\' won\'t stop privileged access pillaging (lien direct) | The recent hack of social media giant Reddit underscores the reality that all too many organizations — even high-visibility ones that ought to know better — are failing to adequately lock down their privileged accounts. Related: 6 best practices for cloud computing An excerpt from Reddit's mea culpa says it all: “On June 19, we […] | Hack | ||
|
2018-09-21 16:21:03 | MY TAKE: Here\'s why we need \'SecOps\' to help secure \'Cloud Native\' companiess (lien direct) | For many start-ups, DevOps has proven to be a magical formula for increasing business velocity. Speed and agility is the name of the game — especially for Software as a Service (SaaS) companies. Related: How DevOps enabled the hacking of Uber DevOps is a process designed to foster intensive collaboration between software developers and the […] | Uber | ||
|
2018-09-18 17:31:05 | MY TAKE: The no. 1 reason ransomware attacks persist: companies overlook \'unstructured data\' (lien direct) | All too many companies lack a full appreciation of how vital it has become to proactively manage and keep secure “unstructured data.” One reason for the enduring waves of ransomware is that unstructured data is easy for hackers to locate and simple for them to encrypt. Related video: Why it’s high time to protect unstructured […] | Ransomware | ||
|
2018-09-17 18:44:03 | Q&A: The troubling implications of normalizing encryption backdoors - for government use (lien direct) | Should law enforcement and military officials have access to a digital backdoor enabling them to bypass any and all types of encryption that exist today? We know how Vladmir Putin, Xi Jinping and Kim Jung-un would answer: “Of course!” Related: Nation-state hacks suggest cyber war is underway The disturbing thing is that in North America […] | |||
|
2018-09-14 20:05:00 | MY TAKE: Poorly protected local government networks cast shadow on midterm elections (lien direct) | In March 2018, the city of Atlanta fell victim to a ransomware attack that shut down its computer network. City agencies were unable to collect payment. Police departments had to handwrite reports. Years of data disappeared. Related: Political propaganda escalates in U.S. The attack also brought cybersecurity to the local level. It's easy to think […] | Ransomware | ||
|
2018-09-13 14:58:01 | MY TAKE: Here\'s how diversity can strengthen cybersecurity - at many levels (lien direct) | Of the many cybersecurity executives I've interviewed, Keenan Skelly's career path may be the most distinctive. Skelly started out as a U.S. Army Explosive Ordnance Disposal (EOD) Technician. “I was on the EOD team that was actually assigned to the White House during 9/11, so I got to see our national response framework from a […] |
To see everything:
Our RSS (filtrered)
