This is the RSS 2.0 feed from www.secnews.physaphae.fr. IT's a simple agragated flow of multiple articles soruces. Liste of sources, can be found on www.secnews.physaphae.fr. 2024-05-16T17:48:29+00:00 www.secnews.physaphae.fr CSO - CSO Daily Dashboard never been more important.The risk of financial and reputational damage caused by a data breach has led to greater demand for security engineers, and a growing skills gap.A Global Information Security Workforce Study cited by former Chancellor George Osborne in a speech in November predicts a 1.5 million employee shortage in the sector by 2020. "We will never succeed in keeping Britain safe in cyberspace unless we have more people with the cyber skills that we need," Osborne told the Government Communications Headquarters (GCHQ).To read this article in full or to leave a comment, please click here]]> 2016-08-25T07:18:00+00:00 http://www.csoonline.com/article/3112674/security/how-to-get-a-job-as-a-security-engineer.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=8769 False None None None CSO - CSO Daily Dashboard 2016-08-25T03:46:00+00:00 http://www.csoonline.com/article/3110436/it-careers/10-tips-for-retaining-top-it-talent.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=8722 False None None None CSO - CSO Daily Dashboard To read this article in full or to leave a comment, please click here]]> 2016-08-25T03:10:00+00:00 http://www.csoonline.com/article/3110573/storage/data-lakes-security-could-use-a-life-preserver.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=8723 False None None None CSO - CSO Daily Dashboard dead”. Passwords are “dead”. Using text messaging for two-factor authentication should be killed off. Biometric scanners on phones are “broken”. But does this really mean that these technologies should be abandoned? In my opinion, they should not. And by waxing hyperbolic about their demise, we're decreasing security overall.To read this article in full or to leave a comment, please click here]]> 2016-08-24T11:42:00+00:00 http://www.csoonline.com/article/3111987/security/in-defense-of-good-enough-security.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=8628 False Guideline None None CSO - CSO Daily Dashboard To read this article in full or to leave a comment, please click here]]> 2016-08-24T11:12:00+00:00 http://www.csoonline.com/article/3112008/security/how-can-we-improve-awareness-training.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=8629 False None None None CSO - CSO Daily Dashboard To read this article in full or to leave a comment, please click here]]> 2016-08-24T10:45:00+00:00 http://www.csoonline.com/article/3111974/security/uh-oh-the-bad-guys-love-the-cloud-just-as-much-as-we-do.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=8607 False None None None CSO - CSO Daily Dashboard allowed LeakedSource to add 25,133,805 accounts to their database on Wednesday. At the time of notification, they had managed to crack 12,463,300 passwords.The compromised mail.ru accounts were exposed recently (August 2016) and are from the gaming side of the company. CFire, Parapa, and Tanks accounts were all exposed. The Parapa forums were also compromised.To read this article in full or to leave a comment, please click here]]> 2016-08-24T08:08:00+00:00 http://www.csoonline.com/article/3112005/security/vbulletin-vulnerabilities-expose-27-million-accounts-including-gamers-on-mail-ru.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=8582 False None None None CSO - CSO Daily Dashboard Biscom's national study around data in the workplace revealed that more than one in four employees leave their job with company data. The study spotlights employees as a big security vulnerability to business data. To help prevent this, Bill Ho, CEO of Biscom, offers a few tips to minimize this threat.1. Establish clear employee policies on handling company data and informationTo read this article in full or to leave a comment, please click here]]> 2016-08-24T07:26:00+00:00 http://www.csoonline.com/article/3112004/data-protection/what-you-need-to-do-to-stop-data-from-leaving-with-exiting-employees.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=8565 False None None None CSO - CSO Daily Dashboard Zika and paid little attention to the headlines about it.“I don't really respond to dramatization and felt that things were possibly being blown out of proportion,” said Stephens. “I'm a statistician at heart and only listen to numbers, so when my quant-minded OB-GYN shared the figures with me, this threat became a lot more real."To read this article in full or to leave a comment, please click here]]> 2016-08-24T04:15:00+00:00 http://www.csoonline.com/article/3111924/disaster-recovery/as-zika-looms-a-question-arises-who-gets-to-telecommute.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=8533 False None None None CSO - CSO Daily Dashboard recent report from AT&T surveyed the data risks – and the physical threats – that compromised IoT systems could pose. Few of those risk scenarios are more frightening than that of a hacker taking over the controls of an in-flight plane.That scenario seemed to be playing out just over a year ago, in April 2015, when a passenger onboard a flight tweeted that he had tapped into the plane's operational systems by hacking the in-flight entertainment system. A subsequent FBI investigation found that the hacker claimed to have made a plane climb and move sideways on an earlier flight. Many experts soon disputed these claims, but they were enough to shine a spotlight on the growing dependency of modern aircraft on digital controls and multiple networks.To read this article in full or to leave a comment, please click here]]> 2016-08-23T14:34:00+00:00 http://www.csoonline.com/article/3111448/internet-of-things/securing-the-skies-cybersecurity-in-aviation.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=8503 False None None None CSO - CSO Daily Dashboard Peninsula Press project of the Stanford University Journalism Program determined that more than 209,000 cybersecurity jobs in the U.S. were unfilled, with vacancies up 74% over the past five years. A recent Enterprise Strategy Group survey found that 46% of organizations say they have a “problematic shortage” of cybersecurity skills.To read this article in full or to leave a comment, please click here]]> 2016-08-23T14:20:00+00:00 http://www.csoonline.com/article/3111408/data-protection/where-are-the-cybersecurity-experts.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=8504 False None None None CSO - CSO Daily Dashboard To read this article in full or to leave a comment, please click here]]> 2016-08-23T14:11:00+00:00 http://www.csoonline.com/article/3111406/security/journalists-are-easy-targets-for-hackers-and-that-shouldnt-surprise-anyone.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=8505 False None None None CSO - CSO Daily Dashboard reported that its internet forums had been compromised. The leaked data includes email addresses and hashed passwords taken from legacy forums at Infinity Blade, previous Unreal Tournament games, and an archived Gears of War forum.Epic Games declined to explain how the leak occurred, but a website that stores information on data breaches said hackers were responsible and that 808,000 users are affected.The anonymous attackers targeted the vBulletin forum software on Aug. 11, according to the website Leaked Source, which has been in contact with the hackers.  To read this article in full or to leave a comment, please click here]]> 2016-08-23T12:28:00+00:00 http://www.csoonline.com/article/3111445/data-breach/epic-games-forum-hack-underscores-the-need-to-install-security-patches.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=8349 False None None None CSO - CSO Daily Dashboard To read this article in full or to leave a comment, please click here]]> 2016-08-22T22:20:00+00:00 http://www.csoonline.com/article/3110787/data-protection/when-tactics-get-in-the-way-of-strategy.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=8311 False None None None CSO - CSO Daily Dashboard MORE ON CSO: How to spot a phishing email The general answer is no, according to many analysts, but that's not necessarily because the latest software is considered ineffective.To read this article in full or to leave a comment, please click here]]> 2016-08-22T13:05:00+00:00 http://www.csoonline.com/article/3109838/security/despite-billions-spent-on-cybersecurity-companies-arent-truly-safe-from-hacks.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=8290 False None None None CSO - CSO Daily Dashboard 2016 Cyber Weapons Report security startup LightCyber used network analysis to understand what tools hackers use "to expand their footprint," that is, the tools they use to communicate with command and control servers, gain access privileges, and access new hosts.To read this article in full or to leave a comment, please click here]]> 2016-08-19T13:49:00+00:00 http://www.csoonline.com/article/3109892/network-security/how-cyber-attacks-work-infographic.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=8206 False None None None CSO - CSO Daily Dashboard To read this article in full or to leave a comment, please click here]]> 2016-08-19T03:00:00+00:00 http://www.csoonline.com/article/3109242/security/eddie-bauer-is-latest-retailer-to-be-hit-by-point-of-sale-malware.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=8172 False None None None CSO - CSO Daily Dashboard quick to sling buzzwords and jargon, but do the terms used accurately reflect their product's abilities? Sometimes the marketing is correct, but most of the time the pitches are full of FUD and sensationalized with hype.Earlier this month, security vendors from all over the globe flooded Las Vegas to showcase their products and meet with potential buyers during Black Hat. Like the RSA conference, which is held at the start of the year, vendors spend a good deal of money and time getting out to Las Vegas in order to attend the business side of what's affectionately called hacker summer camp.To read this article in full or to leave a comment, please click here]]> 2016-08-18T04:00:00+00:00 http://www.csoonline.com/article/3109319/techology-business/hype-and-buzzwords-lead-to-confusion-as-vendors-leverage-the-halo-effect.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=8122 False Guideline None None CSO - CSO Daily Dashboard Android for Work. Here's a breakdown of some of the most notable security improvements in Nougat, for Android users and IT administrators.To read this article in full or to leave a comment, please click here]]> 2016-08-16T13:38:00+00:00 http://www.csoonline.com/article/3108483/android/google-details-security-features-in-android-7-0-nougat.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=8056 False None None None CSO - CSO Daily Dashboard In a series of tweets, Snowden spelled out his interpretation of what's behind the auction of hacking tools allegedly stolen from the NSA, and he concludes that Russia is trying to demonstrate it has ammunition to strike back if the U.S. exacts penalties for the DNC breach.To read this article in full or to leave a comment, please click here]]> 2016-08-16T13:36:00+00:00 http://www.csoonline.com/article/3108423/security/snowden-auction-of-stolen-nsa-malware-likely-political.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=8057 False None None None CSO - CSO Daily Dashboard Equation Group, a top cyberespionage team that may have links to the NSA.The Equation Group is known to use some of the most advanced malware and probably helped develop the infamous Stuxnet computer worm, according to security firm Kaspersky Lab.To read this article in full or to leave a comment, please click here]]> 2016-08-15T13:38:00+00:00 http://www.csoonline.com/article/3107965/security/nsa-hacked-top-cyber-weapons-allegedly-go-up-for-auction.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=8007 False None None None CSO - CSO Daily Dashboard air-gapped” systems, or computers that have been sectioned off from the Internet. The researchers at Ben-Gurion University of the Negev in Israel have been studying how to use sound to extract information from air-gapped computers. In June, they showed that even a PC's cooling fans can be controlled to secretly transmit data, including passwords and encryption keys.To read this article in full or to leave a comment, please click here]]> 2016-08-15T02:30:00+00:00 http://www.csoonline.com/article/3107236/security/sounds-from-your-hard-disk-drive-can-even-be-used-to-steal-a-pcs-data.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=7986 False None None None CSO - CSO Daily Dashboard Accudata Systems, an IT consulting and integration firm based in Houston, to learn more about the attack techniques he encounters and what he advises clients do to fight back. Josh Berry, Senior Technology Manager, Accudata SystemsTo read this article in full or to leave a comment, please click here]]> 2016-08-11T09:57:00+00:00 http://www.csoonline.com/article/3106805/social-engineering/how-well-does-social-engineering-work-one-test-returned-150.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=7878 False None None None CSO - CSO Daily Dashboard Edward Snowden and Andrew “bunnie” Huang apparently think they can revive it a bit, at least if you own an iPhone 6.Their goal, they say in a white paper titled, “Against the Law – Countering Lawful Abuses of Digital Surveillance,” is to create an add-on hardware component that will protect “front-line journalists” in repressive regimes where governments have demonstrated the capability to track people through their smartphones even if the devices are set to “Airplane Mode.”To read this article in full or to leave a comment, please click here]]> 2016-08-11T09:53:00+00:00 http://www.csoonline.com/article/3106261/mobile-security/snowden-and-huang-hope-to-help-smartphones-go-dark.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=7880 False None None None CSO - CSO Daily Dashboard To read this article in full or to leave a comment, please click here]]> 2016-08-11T05:03:00+00:00 http://www.csoonline.com/article/3106457/security/use-the-internet-this-linux-flaw-could-open-you-up-to-attack.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=7881 False None None None CSO - CSO Daily Dashboard To read this article in full or to leave a comment, please click here]]> 2016-08-11T04:59:00+00:00 http://www.csoonline.com/article/3106744/security/want-secure-code-give-devs-the-right-tools.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=7883 False None None None CSO - CSO Daily Dashboard CanBusHack.For a few years, the auto industry has been under fire, motivating manufacturers to focus more on security. That's one reason why connected car vulnerabilities has been a notable event at major conferences. In its endeavors to build stronger security, the industry at large has invested extensive resources into researching and educating practitioners. To read this article in full or to leave a comment, please click here]]> 2016-08-11T04:57:00+00:00 http://www.csoonline.com/article/3105642/application-development/presentations-show-the-auto-industry-needs-to-shore-up-cars-security.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=7884 False None None None CSO - CSO Daily Dashboard Mobile phishing – same attacks – different hooks Mobile pharming – same attacks – different seeds Now I've turned my focus to mobile malware. Like phishing and pharming, malware has shown considerable staying power on traditional devices and evolved to work with mobile devices. The theory of malware, or self-reproducing code at least, can actually be traced back to 1949 with early experimental code and exploits in the 1970s. Today malware like CryptoLocker, Zeus and of course Stuxnet are part of our shared industry vernacular. To read this article in full or to leave a comment, please click here]]> 2016-08-11T00:00:00+00:00 http://www.csoonline.com/article/3105608/mobile-security/mobile-malware-same-attacks-different-pathogens.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=7887 False None None None CSO - CSO Daily Dashboard blockbuster International 2016 tournament plays out on the front page of Dota 2's website, more sinister machinations are grinding away in the background. Overnight, breach notification site Leaked Source revealed that a hacker has allegedly pilfered sensitive information about nearly two million user accounts on the official Dota 2 message board.“This data set contains 1,923,972 records. Each record contains an email address, IP address, username, user identifier, and one password,” Leaked Source reports. The attack allegedly occurred one month ago, on July 10, via an SQL injection vulnerability in the old vBulletin forum software used by the site, according to ZDNet.To read this article in full or to leave a comment, please click here]]> 2016-08-10T11:22:00+00:00 http://www.csoonline.com/article/3106169/data-breach/official-dota-2-forum-hack-leaks-2-million-user-passwords.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=7889 False None None 2.0000000000000000 CSO - CSO Daily Dashboard bug bounty just days after it was announced.On Tuesday, Texas-based Exodus Intelligence said it will give between $5,000 and $500,000 for zero-day vulnerabilities relating to iOS version 9.3 and higher.These zero-days are software flaws that have gone undetected by Apple, making them potentially very valuable, especially for cyber criminals who can use them to hack iPhones. [ ALSO ON CSO: Why bug bounty hunters love the thrill of the chase ]To read this article in full or to leave a comment, please click here]]> 2016-08-10T11:18:00+00:00 http://www.csoonline.com/article/3106075/security/a-new-500000-ios-bug-bounty-beats-apples-offer.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=7891 False None None 5.0000000000000000 CSO - CSO Daily Dashboard nine security bulletins, five of which are rated critical and the rest important, making this Microsoft patch bundle one of the lightest this year in terms of the number of patches.All of the issues resolved this month are in desktop deployments, but Windows servers might also be affected depending on their configuration."For example, Windows servers running Terminal Services tend to act as both desktop and server environments," said Tod Beardsley, security research manager at Rapid7, via email. However, the majority of Windows server admins out there can roll out patches at a fairly leisurely pace, he said.To read this article in full or to leave a comment, please click here]]> 2016-08-10T06:58:00+00:00 http://www.csoonline.com/article/3106053/security/microsoft-patches-27-flaws-in-windows-office-ie-and-edge.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=7893 False None None 4.0000000000000000 CSO - CSO Daily Dashboard IronScales, says the way to cut off the phishers food supply is to first go to the core of the issue: employee awareness. The CEO notes that cybercriminals by nature are lazy. “If your organization is a tough nut to crack, they will move on to find more low-hanging fruit,” Benishti says.According to the Verizon data breach investigation report published earlier this year, phishing remains a major data breach weapon of choice. Trend Micro added that ransomware is expected to be one of the biggest threats in 2016 and that a single ransom demand will go much higher, reaching seven figures.To read this article in full or to leave a comment, please click here]]> 2016-08-10T06:48:00+00:00 http://www.csoonline.com/article/3105890/security/how-to-block-phishers-when-they-come-a-knockin.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=7894 False None None None CSO - CSO Daily Dashboard ALSO ON CSO: The 15 worst data security breaches of the 21st century “Probably when many people had finished their dinner and were sitting down to use the online census form we had a fourth attack where we took the precaution of closing down the system to ensure the integrity of the data,” ABS chief David Kalisch told ABC Radio's AM programme this morning.To read this article in full or to leave a comment, please click here]]> 2016-08-10T04:50:00+00:00 http://www.csoonline.com/article/3105671/data-breach/census-outage-was-caused-by-dos-attacks-says-australian-statistics-agency.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=7895 False None None None CSO - CSO Daily Dashboard IOActive report , "Commonalities in Vehicle Vulnerabilities", authored by senior security consultant Corey Thuen, "39 percent of vulnerabilities are related to the network. This is a general category that includes all network traffic, such as Ethernet or web."Using security best practices publications to design connected cars can mitigate up to 45 percent of vulnerabilities, yet OBD2 adapters, telematics systems and other embedded devices remain security problems in the modern vehicle.To read this article in full or to leave a comment, please click here]]> 2016-08-10T04:49:00+00:00 http://www.csoonline.com/article/3105615/security/does-entertainment-trump-security-in-connected-cars.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=7896 False None None None CSO - CSO Daily Dashboard To read this article in full or to leave a comment, please click here]]> 2016-08-09T12:54:00+00:00 http://www.csoonline.com/article/3101866/security/maturity-models-can-compel-your-leadership-to-action.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=7898 False Guideline None None CSO - CSO Daily Dashboard available on GitHub; the presentation was first reported by Tom's Guide.To read this article in full or to leave a comment, please click here]]> 2016-08-09T09:44:00+00:00 http://www.csoonline.com/article/3105640/security/many-bluetooth-smart-locks-open-easily-for-attackers.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=7900 False None None None CSO - CSO Daily Dashboard To read this article in full or to leave a comment, please click here]]> 2016-08-09T09:43:00+00:00 http://www.csoonline.com/article/3105610/cloud-computing/whats-happening-with-email.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=7901 False None None None CSO - CSO Daily Dashboard To read this article in full or to leave a comment, please click here]]> 2016-08-09T07:51:00+00:00 http://www.csoonline.com/article/3105488/cyber-attacks-espionage/pokmon-gos-strategy-could-thwart-cybersecurity-threats.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=7902 False None None None CSO - CSO Daily Dashboard predicts the SDDC market will grow at a compound annual rate of 28.8% over the next four years to surpass $77 billion in 2020.To read this article in full or to leave a comment, please click here]]> 2016-08-09T00:05:00+00:00 http://www.csoonline.com/article/3092428/security/the-early-adopter-s-guide-to-securing-the-software-defined-data-center.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=7903 False None None None CSO - CSO Daily Dashboard Mobile phishing – same attacks – different hooks. There was so much feedback that I've decided to a write a few more posts around mobile security differences. Since I've already talked about phishing, let's take a closer look at pharming.Like phishing, pharming has been around for a long time and also like phishing, that's because it simply works.  In the most general sense, pharming works by having a victim's web traffic redirected to a fake, malicious site. This can happen via a compromise on the victim's system that redirects their system's traffic or another mechanism like a compromised DNS server (DNS Spoofing or DNS Cache Poisoning) that redirects many systems to fake, malicious sites.To read this article in full or to leave a comment, please click here]]> 2016-08-09T00:00:00+00:00 http://www.csoonline.com/article/3104925/mobile-security/mobile-pharming-same-attacks-different-seeds.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=7904 False None None None