What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2019-12-09 10:15:54 | MY TAKE: Why it\'s now crucial to preserve PKI, digital certificates as the core of Internet security (lien direct) | For decades, the cornerstone of IT security has been Public Key Infrastructure, or PKI, a system that allows you to encrypt and sign data, issuing digital certificates that authenticate the identity of users. Related: How PKI could secure the Internet of Things If that sounds too complicated to grasp, take a look at the web […] | |||
|
2019-12-06 19:25:11 | GUEST ESSAY: Addressing DNS, domain names and Certificates to improve security postures (lien direct) | In 2019, we've seen a surge in domain name service (DNS) hijacking attempts and have relayed warnings from the U.S. Cybersecurity and Infrastructure Agency, U.K.'s Cybersecurity Centre, ICANN, and other notable security experts. Although, the topic has gained popularity amongst CIOs and CISOs, most companies are still overlooking important security blind spots when it comes […] | |||
|
2019-12-05 15:38:35 | Last Watchdog\'s IoT and \'zero trust\' coverage win MVP awards from Information Management Today (lien direct) | I'm privileged to share news that two Last Watchdog articles were recognized in the 2019 Information Management Today MVP Awards. My primer on the going forward privacy and security implications of IoT — What Everyone Should Know About the Promise and Pitfalls of the Internet of Things — won second place in the contest’s IoT […] | |||
|
2019-11-20 17:10:12 | SHARED INTEL: How \'memory attacks\' and \'firmware spoilage\' circumvent perimeter defenses (lien direct) | What does Chinese tech giant Huawei have in common with the precocious kid next door who knows how to hack his favorite video game? Related: Ransomware remains a scourge The former has been accused of placing hidden backdoors in the firmware of equipment distributed to smaller telecom companies all across the U.S. The latter knows […] | Ransomware Hack | ||
|
2019-11-18 09:09:53 | BEST PRACTICES: Resurgence of encrypted thumb drives shows value of offline backups - in the field (lien direct) | Encrypted flash drives, essentially secure storage on a stick, are a proven technology that has been readily available for at least 15 years. A few years back, it seemed like they would fade into obsolescence, swept aside by the wave of streaming services and cloud storage. Related: Can Europe's GDPR restore data privacy? And yet […] | |||
|
2019-11-12 09:10:30 | SHARED INTEL: What can be done - today - to keep quantum computing from killing encryption (lien direct) | There's little doubt that the shift to quantum computing will open new horizons of digital commerce. But it's also plain as day that the mainstreaming of quantum processing power will profoundly exacerbate cybersecurity exposures. Related: The ‘post quantum crytpo’ race is on This isn't coming as any surprise to IT department heads. In fact, there's […] | |||
|
2019-11-06 16:30:30 | NEW TECH: Silverfort deploys \'multi-factor authentication\' to lock down \'machine identities\' (lien direct) | From the start, two-factor authentication, or 2FA, established itself as a simple, effective way to verify identities with more certainty. Related: A primer on IoT security risks The big hitch with 2FA, and what it evolved into – multi-factor authentication, or MFA – has always been balancing user convenience and security. That seminal tension still […] | |||
|
2019-11-04 18:32:48 | MY TAKE: How blockchain technology came to seed the next great techno-industrial revolution (lien direct) | Some 20 years ago, the founders of Amazon and Google essentially set the course for how the internet would come to dominate the way we live. Jeff Bezos of Amazon, and Larry Page and Sergey Brin of Google did more than anyone else to actualize digital commerce as we're experiencing it today – including its […] | |||
|
2019-11-04 09:47:39 | NEW TECH: Can an \'operational system of record\' alleviate rising knowledge worker frustrations? (lien direct) | An undercurrent of discontent is spreading amongst knowledge workers in enterprises across the United States and Europe. Related: Phishing-proof busy employees White collar employees today have amazingly capable communications and collaboration tools at their beck and call. Yet the majority feel unsatisfied with narrow daily assignments and increasingly disconnected from the strategic goals of their […] | |||
|
2019-10-29 15:17:36 | SHARED INTEL: APIs hook up new web and mobile apps - and break attack vectors wide open (lien direct) | If your daily screen time is split between a laptop browser and a smartphone, you may have noticed that a few browser web pages are beginning to match the slickness of their mobile apps. Related: The case for a microservices firewall Netflix and Airbnb are prime examples of companies moving to single-page applications, or SPAs, […] | |||
|
2019-10-16 12:30:43 | SHARING INTEL: Why full \'digital transformation\' requires locking down \'machine identities\' (lien direct) | Digital commerce has come to revolve around two types of identities: human and machine. Great effort has gone into protecting the former, and yet human identities continue to get widely abused by cyber criminals. By comparison, scant effort has gone into securing the latter. This is so in spite of the fact that machine identities […] | |||
|
2019-10-16 09:50:51 | MY TAKE: How \'credential stuffing\' and \'account takeovers\' are leveraging Big Data, automation (lien direct) | A pair of malicious activities have become a stunning example of digital transformation – unfortunately on the darknet. Related: Cyber risks spinning out of IoT Credential stuffing and account takeovers – which take full advantage of Big Data, high-velocity software, and automation – inundated the internet in massive surges in 2018 and the first half […] | ★★★★ | ||
|
2019-10-15 18:14:59 | NEW TECH: \'Passwordless authentication\' takes us closer to eliminating passwords as the weak link (lien direct) | If there ever was such a thing as a cybersecurity silver bullet it would do one thing really well: eliminate passwords. Threat actors have proven to be endlessly clever at abusing and misusing passwords. Compromised logins continue to facilitate cyber attacks at all levels, from phishing ruses to credential stuffing to enabling hackers to probe […] | Threat | ||
|
2019-10-14 09:42:03 | SHARED INTEL: How NTA/NDR systems get to \'ground truth\' of cyber attacks, unauthorized traffic (lien direct) | The digital footprints of U.S. consumers' have long been up for grabs. No one stops the tech giants, media conglomerates and online advertisers from intensively monetizing consumers' online behaviors, largely without meaningful disclosure. Related: The state of ransomware Who knew that much the same thing routinely happens to enterprises? A recent report by network detection […] | Ransomware | ||
|
2019-10-10 13:53:21 | MY TAKE: CASBs help companies meet \'shared responsibility\' for complex, rising cloud risks (lien direct) | Cloud Access Security Brokers – aka “caz-bees” — have come a long way in a short time. CASBs, a term coined by tech industry consultancy Gartner, first cropped about seven years ago to help organizations enforce security and governance policies as they commenced, in earnest, their march into the cloud. Related: Implications of huge Capital […] | |||
|
2019-10-09 16:57:38 | SHARED INTEL: What it takes to preserve business continuity, recover quickly from a cyber disaster (lien direct) | To pay or not to pay? That's the dilemma hundreds of organizations caught in the continuing surge of crippling ransomware attacks have faced. Related: How ransomware became such a scourge The FBI discourages it, as you might have guessed. What's more, the U.S. Conference of Mayors this summer even passed a resolution declaring paying hackers […] | Ransomware | ||
|
2019-10-07 15:32:57 | NEW TECH: Human operatives maintain personas, prowl the Dark Net for intel to help companies (lien direct) | It seems like any discussion of cybersecurity these days invariably circles back to automation. Our growing fixation with leveraging artificial intelligence to extract profits from Big Data – for both constructive and criminal ends-is the order of the day. Related: Why Cyber Pearl Harbor is upon us Vigilante is a cybersecurity startup that cuts against […] | |||
|
2019-10-04 08:47:23 | MY TAKE: The case for assessing, quantifying risks as the first step to defending network breaches (lien direct) | It's clear that managed security services providers (MSSPs) have a ripe opportunity to step into the gap and help small- to medium-sized businesses (SMBs) and small- to medium-sized enterprises (SMEs) meet the daunting challenge of preserving the privacy and security of sensitive data. Related: The case for automated threat feeds analysis Dallas-based Critical Start is […] | Threat | ||
|
2019-10-03 17:00:01 | SHARED INTEL: Threat actors add a human touch to boost effectiveness of automated attacks (lien direct) | Trends in fashion and entertainment come and go. The same holds true for the cyber underground. Related: Leveraging botnets to scale attacks For a long while now, criminal hackers have relied on leveraging low-cost botnet services to blast out cyber attacks as far and wide as they could, indiscriminately. Over the past 18 months or […] | Threat | ||
|
2019-10-03 14:57:08 | MY TAKE: Peerlyst shares infosec intel; recognizes Last Watchdog as a top cybersecurity influencer (lien direct) | Sharing intelligence for the greater good is an essential component of making Internet-centric commerce as safe and as private as it needs to be. Related: Automating threat feed analysis Peerlyst is another step in that direction. Started by infosec professionals, Peerlyst takes the characteristics of B2B communications we've become accustomed to on Twitter and LinkedIn […] | Threat | ||
|
2019-09-30 15:33:58 | NEW TECH: Breakthrough \'homomorphic-like\' encryption protects data in-use, without penalties (lien direct) | Homomorphic encryption has long been something of a Holy Grail in cryptography. Related: Post-quantum cryptography on the horizon For decades, some of our smartest mathematicians and computer scientists have struggled to derive a third way to keep data encrypted — not just the two classical ways, at rest and in transit. The truly astounding feat, […] | ★★ | ||
|
2019-09-27 14:58:19 | MY TAKE: \'Perimeter-less\' computing requires cyber defenses to extend deeper, further forward (lien direct) | Threat actors are opportunistic, well-funded, highly-motivated and endlessly clever. Therefore cybersecurity innovations must take hold both deeper inside and at the leading edges of modern business networks. Related: Lessons learned from Capitol One breach Most of the promising new technologies I've had the chance to preview this year validate this notion. The best and brightest […] | Threat Guideline | ||
|
2019-09-24 14:43:54 | SHARED INTEL: Here\'s one way to better leverage actionable intel from the profusion of threat feeds (lien direct) | Keeping track of badness on the Internet has become a thriving cottage industry unto itself. Related: ‘Cyber Pearl Harbor’ is upon us There are dozens technology giants, cybersecurity vendors, government agencies and industry consortiums that identify and blacklist IP addresses and web page URLs that are obviously being used maliciously; and hundreds more independent white […] | Threat | ||
|
2019-09-23 08:46:59 | NEW TECH: How \'cryptographic splitting\' bakes-in security at a \'protect-the-data-itself\' level (lien direct) | How can it be that marquee enterprises like Capital One, Marriott, Facebook, Yahoo, HBO, Equifax, Uber and countless others continue to lose sensitive information in massive data breaches? Related: Breakdown of Capital One breach The simple answer is that any organization that sustains a massive data breach clearly did not do quite enough to protect […] | Data Breach | Equifax Yahoo Uber | |
|
2019-09-20 08:40:15 | MY TAKE: SMBs can do much more to repel ransomware, dilute disinformation campaigns (lien direct) | Local government agencies remain acutely exposed to being hacked. That's long been true. However, at this moment in history, two particularly worrisome types of cyber attacks are cycling up and hitting local government entities hard: ransomware sieges and election tampering. Related: Free tools that can help protect elections I had a deep discussion about this […] | Ransomware | ||
|
2019-09-19 21:47:33 | MY TAKE: Poll shows senior execs, board members grasp strategic importance of cybersecurity (lien direct) | A singular topic has risen to the top of the agenda in executive suites and board rooms all across the planet: cybersecurity. Related: Security, privacy fallout of IoT A recent survey by Infosys, a tech consulting and IT services giant based in Bangalore, India, quantifies the degree to which the spotlight has landed on cybersecurity […] | |||
|
2019-09-19 15:29:03 | MY TAKE: What everyone should know about the promise and pitfalls of the Internet of Things (lien direct) | The city of Portland, Ore. has set out to fully leverage the Internet of Things and emerge as a model “smart” city. Related: Coming soon – driverless cars Portland recently shelled out $1 million to launch its Traffic Sensor Safety Project, which tracks cyclists as they traverse the Rose City's innumerable bike paths. That's just […] | |||
|
2019-09-16 15:30:18 | SHARED INTEL: How digital certificates could supply secure identities for enterprise blockchains (lien direct) | Blockchain gave rise to Bitcoin. But blockchain is much more than just the mechanism behind the cryptocurrency speculation mania. Related: The case for ‘zero trust’ There's no disputing that blockchain technology holds the potential to massively disrupt business, politics and culture over the next couple of decades, much the way the Internet dramatically altered the […] | |||
|
2019-09-11 13:59:04 | NEW TECH: LogicHub introduces \'virtualized\' security analysts to help elevate SOAR (lien direct) | One of the promising cybersecurity trends that I've been keeping an eye on is this: SOAR continues to steadily mature. Security orchestration, automation and response, or SOAR, is a fledgling security technology stack that first entered the cybersecurity lexicon about six years ago. Related: Here’s how Capital One lost 100 million customer records SOAR holds […] | |||
|
2019-09-10 15:53:04 | NEW TECH: Baffin Bay Networks takes a \'cloud-first\' approach to securing web applications (lien direct) | Hear about the smart toaster that got attacked three times within an hour after its IP address first appeared on the Internet? That experiment conducted by a reporter for The Atlantic crystalizes the seemingly intractable security challenge businesses face today. Related: How 5G will escalate DDoS attacks Caught in the pull of digital transformation, companies […] | |||
|
2019-09-06 16:56:00 | MY TAKE: How advanced automation of threat intel sharing has quickened incident response (lien direct) | Threat intelligence sharing is such a simple concept that holds so much promise for stopping threat actors in their tracks. So why hasn't it made more of an impact stopping network breaches? Related: Ground zero for cybersecurity research Having covered the cybersecurity industry for the past 15 years, it's clear to me that there are […] | Threat | ||
|
2019-09-04 19:58:04 | SHARED INTEL: Mobile apps are riddled with security flaws, many of which go unremediated (lien direct) | The convergence of DevOps and SecOps is steadily gaining traction in the global marketplace. Some fresh evidence of this encouraging trend comes to us by way of shared intelligence from WhiteHat Security. Related: The tie between DevOps and SecOps. Organizations that are all-in leveraging microservices to speed-up application development, on the DevOps side of the […] | |||
|
2019-08-29 18:54:03 | MY TAKE: Six-figure GDPR privacy fines reinforce business case for advanced SIEM, UEBA tools (lien direct) | Europe came down hard this summer on British Airways and Marriott for failing to safeguard their customers' personal data. The EU slammed the UK airline with a $230 million fine, and then hammered the US hotel chain with a $125 million penalty – the first major fines under the EU's toughened General Data Protection Regulation, […] | |||
|
2019-08-26 15:26:04 | (Déjà vu) NEW TECH: ICS zero-day flaws uncovered by Nozomi Networks\' analysis of anomalous behaviors (lien direct) | Andrea Carcano's journey to co-founding a security company in the vanguard of defending critical infrastructure began at a tender age. Related: Why the Golden Age of cyber spying is here Carcano hacked a computer screen at age 14, and that got him intrigued by software controls. He went on to earn a masters degree in cybersecurity, […] | |||
|
2019-08-26 14:40:04 | NEW TECH: Nozomi Networks tracks anomalous behaviors, finds zero-day ICS vulnerabilities (lien direct) | Andrea Carcano's journey to co-founding a security company in the vanguard of defending critical infrastructure began at a tender age. Related: Why the Golden Age of cyber spying is here Carcano hacked a computer screen at age 14, and that got him intrigued by software controls. He went on to earn a masters degree in cybersecurity, […] | |||
|
2019-08-22 17:11:00 | MY TAKE: Coping with security risks, compliance issues spun up by \'digital transformation\' (lien direct) | A core security challenge confronts just about every company today. Related: Can serverless computing plus GitOps lock down DX? Companies are being compelled to embrace digital transformation, or DX, if for no other reason than the fear of being left behind as competitors leverage microservices, containers and cloud infrastructure to spin-up software innovation at high […] | |||
|
2019-08-21 08:57:00 | MY TAKE: Here\'s how \'bulletproof proxies\' help criminals put compromised IoT devices to work (lien direct) | Between Q1 2019 and Q2 2019, malicious communications emanating from residential IP addresses in the U.S. – namely smart refrigerators, garage doors, home routers and the like – nearly quadrupled for the retail and financial services sectors. Related: How botnets gave Trump 6 million faked followers To put it plainly, this represented a spike in […] | |||
|
2019-08-20 09:43:05 | SHARED INTEL: Malware-ridden counterfeit phones place consumers, companies in harm\'s way (lien direct) | A faked Rolex or Prada handbag is easy enough to acquire on the street in certain cities, and you can certainly hunt one down online. Now add high-end counterfeit smartphones to the list of luxury consumer items that are being aggressively marketed to bargain-hungry consumers. Related: Most companies ignorant about rising mobile attacks While it […] | |||
|
2019-08-19 08:59:05 | MY TAKE: Can embedding security deep inside mobile apps point the way to securing IoT? (lien direct) | The full blossoming of the Internet of Things is on the near horizon – or is it? Enterprises across the planet are revving up their IoT business models, and yet there is a sense of foreboding about a rising wave of IoT-related security exposures. Related: The security and privacy implications of driverless vehicles Some 25 percent […] | |||
|
2019-08-15 13:24:04 | MY TAKE: A primer on how ransomware arose to the become an enduring scourge (lien direct) | “All we know is MONEY! Hurry up! Tik Tak, Tik Tak, Tik Tak!” This is an excerpt from a chilling ransom note Baltimore IT officials received from hackers who managed to lock up most of the city's servers in May. The attackers demanded $76,000, paid in Bitcoin, for a decryption key. Baltimore refused to pay […] | Ransomware | ||
|
2019-08-14 12:40:05 | NEW TECH: Trend Micro inserts \'X\' factor into \'EDR\' – endpoint detection and response (lien direct) | With all the talk of escalating cyber warfare, the spread of counterfeit smartphones and new forms of self-replicating malware, I came away from Black Hat USA 2019 (my 15th) marveling, once more, at the panache of modern cyber criminals. Related: Lessons learned from Capital One breach Yet, I also had the chance to speak one-on-one […] | |||
|
2019-08-12 13:00:01 | GUEST ESSAY: Why the next round of cyber attacks could put many SMBs out of business (lien direct) | In the last year, the news media has been full of stories about vicious cyber breaches on municipal governments. From Atlanta to Baltimore to school districts in Louisiana, cyber criminals have launched a wave of ransomware attacks on governments across the country. Related: SMBs struggle to mitigate cyber attacks As city governments struggle to recover […] | Ransomware | ||
|
2019-08-01 08:40:05 | ROUNDTABLE: Huge Capital One breach shows too little is being done to preserve data privacy (lien direct) | Company officials at Capital One Financial Corp ought to have a crystal clear idea of what to expect next — after admitting to have allowed a gargantuan data breach. Capital One's mea culpa coincided with the FBI's early morning raid of a Seattle residence to arrest Paige Thompson. Authorities charged the 33-year-old former Amazon software […] | |||
|
2019-07-25 22:32:01 | MY TAKE: How state-backed cyber ops have placed the world in a constant-state \'Cyber Pearl Harbor\' (lien direct) | Cyber espionage turned a corner this spring when Israeli fighter jets eradicated a building in the Gaza Strip believed to house Hamas cyber operatives carrying out attacks on Israel's digital systems. Related: The Golden Age of cyber spying is upon us. That May 10th air strike by the Israel Defense Force marked the first use […] | |||
|
2019-07-22 08:29:02 | NEW TECH: Early adopters find smart \'Zero Trust\' access improves security without stifling innovation (lien direct) | As we approach the close of the second decade of the 21st century, it's stunning, though perhaps not terribly surprising, that abused logon credentials continue to fuel the never-ending escalation of cyber attacks. Related: Third-party risks exacerbated by the ‘gig economy’ Dare we anticipate a slowing — and ultimately the reversal – of this trend? […] | |||
|
2019-07-15 12:19:02 | GUEST ESSAY: 6 unexpected ways that a cyber attack can negatively impact your business (lien direct) | Cyber crime can be extremely financially damaging to businesses. However, if you believe that money is the only thing that a cyber-attack costs your organization, you would be wrong. In fact, a recent academic analysis identified 57 specific individual negative factors that result from a cyber-attack against a business. Here are six ways, worth considering, […] | |||
|
2019-07-01 19:13:04 | NEW TECH: A couple of tools that deserve wide use - to preserve the integrity of U.S. elections (lien direct) | As the presidential debate season ramps up, the specter of nation-state sponsored hackers wreaking havoc, once more, with U.S. elections, looms all too large. It's easy to get discouraged by developments such as Sen. McConnell recently blocking a bi-partisan bill to fund better election security, as well as the disclosure that his wife, Transportation Security […] | |||
|
2019-06-26 08:43:01 | MY TAKE: Let\'s not lose sight of why Iran is pushing back with military, cyber strikes (lien direct) | It is not often that I hear details about the cyber ops capabilities of the USA or UK discussed at the cybersecurity conferences I attend. Related: We’re in the golden age of cyber spying Despite the hush-hush nature of Western cyber ops, it is axiomatic in technology and intelligence circles that the USA and UK […] | APT 17 | ||
|
2019-06-24 16:27:02 | BEST PRACTICES: Do you know the last time you were socially engineered? (lien direct) | This spring marked the 20th anniversary of the Melissa email virus, which spread around the globe, setting the stage for social engineering to become what it is today. The Melissa malware arrived embedded in a Word doc attached to an email message that enticingly asserted, “Here's the document you requested . . . don't show […] | Malware | ||
|
2019-06-10 08:49:05 | MY TAKE: Why locking down \'firmware\' has now become the next big cybersecurity challenge (lien direct) | Locking down firmware. This is fast becoming a profound new security challenge for all companies – one that can't be pushed to a side burner. Related: The rise of ‘memory attacks’ I'm making this assertion as federal authorities have just commenced steps to remove and replace switching gear supplied, on the cheap, to smaller U.S. […] |
To see everything:
Our RSS (filtrered)
