Security Now - Security challenges come in many forms


ABTV Application Cloud Endpoint Infrastructure IoT/Embedded Mobile Network Operational Security Management
Sign up for our weekly newsletter! REGISTER NOW

News & Views Electrical Grid Attack via IoT Devices Successfully Simulated Larry Loeb Author, \| 8/21/2018 The electrical power grid of the US has been a hot topic in security circles as of late. The Department of Homeland Security, along with the FBI, has even issued an alert about Russian hacking of energy sector industrial control systems. Post a Comment \| READ () Busting the Open Source Security Myth Carol Wilson Editor-at-large, \| 8/20/2018 An IT training expert is sounding the alarm on attitudes toward the security of open source software, saying too many developers are assuming open source is inherently secure and that could produce major security problems. Post a Comment \| READ () Foreshadow-NG Vulnerability Sets Tech Giants Scrambling Larry Loeb Author, \| 8/20/2018 In early January, the Spectre and Meltdown vulnerabilities were disclosed to the computer world, which promptly lost its shirt for a period. This was a new class of attacks that depended on the way that modern processors shoved data in and out of the CPU, a process that was never thought to be problematic. Post a Comment \| READ () Congressional Campaign Websites Vulnerable to Attack, Say Researchers Jeffrey Burt Freelance Editor & Journ, \| 8/17/2018 The security of the US election system and of candidates' campaigns has been front and center in a national discussion that began with the Russian interference in the 2016 presidential campaign, and continues as the country gets closer to fast-approaching 2018 midterms in November. Such security was a focus in the recent Black Hat and DEF CON events in ... Post a Comment \| READ (1 Comment) Latest comment: It's pretty crazy how insecure the US voting process is. Random volunteers help... Check Point: Fax Machines, Networks Vulnerable to Attack Jeffrey Burt Freelance Editor & Journ, \| 8/17/2018 The fax machine might seem like a relic of the past in this age of instant communication, but fax systems are still in millions of offices as part of connected all-in-one printers, and that connectivity makes these systems another pathway for hackers to get into corporate and consumer networks. Researchers at Check Point put that threat into focus when ... Post a Comment \| READ (1 Comment) Latest comment: Facinating find! I'm glad researchers are looking into such things. Finding vulnerabilities... IAM Heads to the Mobile Cloud Joe Stanganelli Principal, Beacon Hill Law, \| 8/16/2018 Johan Lidros, the president of the Eminere Group, gave a recent presentation concerning how inappropriate access and shared accounts top the very long list of common findings of identity and access management (IAM) audits. Post a Comment \| READ () IETF Makes Transport Layer Security Version 1.3 Official Larry Loeb Author, \| 8/15/2018 The Internet Engineering Task Force (IETF) made version 1.3 of Transport Layer Security official on August 10. This is now the industry standard for secure Internet connections via HTTPS. After heated discussions for the last two years, TLS 1.3 is now finally supported in both the Chrome and Firefox browsers, and in Facebook. Post a Comment \| READ (7 comments) Latest comment: @LarryLoeb well, that is something. Stakeholders also less prone to hype than marketing... Summertime Security Blues: Why Threats Heat Up on Vacation Paul Martini CEO & co-founder of iboss, \| 8/15/2018 Most modern organizations take advantage of a decentralized workforce, and for good reason: When employees have the flexibility to work outside of the main office, they're more readily available to address issues in real time, making them "always on" without feelings of unnecessary strain. Post a Comment \| READ () DHS: Millions of Smartphones Infected With Severe Embedded Vulnerabilities Joe Stanganelli Principal, Beacon Hill Law, \| 8/14/2018 Is it possible for a remote actor on the other side of the world to completely take over your smartphone and everything on it? If this month's announcements in US government-backed research on mobile-device security are any fair indication, the answer could well be yes. Post a Comment \| READ () Microsoft Cortana Vulnerability Can Unlock a Locked Windows PC Larry Loeb Author, \| 8/13/2018 During last week's Black Hat conference in Las Vegas, researchers showed how Microsoft's Cortana virtual assistant could be used to bypass the Windows lock screen. The vulnerability affects Windows 10 machines and Windows 10 Servers. Post a Comment \| READ (3 comments) Latest comment: @LarryLoweb LOL, you should copyright that and sell it on bumper stickers, T-shirts,... Artificial Malevolence: Bad Actors Know Computer Science, Too Alan Zeichick Principal Analyst, Camden Associates, \| 8/13/2018 LAS VEGAS -- The cybersecurity industry has embraced artificial intelligence and machine learning. Seemingly every exhibitor at this year's Black Hat conference is touting AI, whether it's for scanning email attachments for malware, detecting patterns in network access patterns, filtering alerts for rapid incident triage or finding anomalies in user ... Post a Comment \| READ () Smart Cities Need to Get Smarter About Cybersecurity Larry Loeb Author, \| 8/10/2018 As the widespread networking of computers in the last few decades gave rise to new kinds of security problems, the trend to make cities networked is starting to show how attackers may be able to cause disruption in them. Post a Comment \| READ (1 Comment) Latest comment: <some of the most common security issues, such as default passwords, authentication... Load More Articles + All Articles All Video All Slide Shows All Articles discussion board Ariella, 8/21/2018 9:45:19 AM Over 100K Drupal Sites Still Exposed to Critical RCE Vulnerability Re: Re: sites exposed @DavidHamilton Companies do hire people to test the sytem. See https://www.cbsnews.com/news/companies-hire-hackers-to-break-into-their-systems/ Companies are hiring hackers to test their systems for security flaws, CBS News'... Post Your Reply DavidHamilton, 8/21/2018 12:29:33 AM Over 100K Drupal Sites Still Exposed to Critical RCE Vulnerability Re: Re: sites exposed isn't it scary that we can only respond when we find a problem? I mean, what are the chances that companies are spending millions of dollars to test their own systems to make sure that everything is ok. It would seem quite stupid to hire analysts... Post Your Reply Ariella, 8/20/2018 12:39:51 PM IETF Makes Transport Layer Security Version 1.3 Official Re: Re: 1.3 @LarryLoeb well, that is something. Stakeholders also less prone to hype than marketing folks. Post Your Reply LarryLoeb, 8/20/2018 8:49:56 AM IETF Makes Transport Layer Security Version 1.3 Official Re: Re: 1.3 @Ariella Well, there was a blowback on what to change. Financials (as I said) liked being able to monitor all transactions, for example. IETF doesn't have a marketing department, it has stakeholders. A lot like herding cats. It seems they... Post Your Reply RituGupta, 8/19/2018 11:25:25 PM What Security Threat Keeps You Up at Night? Re: Re: Criminal hackers don't sleep What worries me the most would have to be security issues concerning my finances. Everyone has savings and for me, those are my lifetime savings for daily usage and for the rainy days. Should anyone be able to breach the security of the bank... Post Your Reply Ariella, 8/19/2018 7:33:46 PM IETF Makes Transport Layer Security Version 1.3 Official Re: Re: 1.3 @batye that is a possibility. Marketing departments do like to hype things to get attention. Post Your Reply Ariella, 8/19/2018 7:32:55 PM IETF Makes Transport Layer Security Version 1.3 Official Re: Re: 1.3 @Loeb is that normal in the industry, or are they slower than averaage? Post Your Reply batye, 8/18/2018 7:00:37 PM IETF Makes Transport Layer Security Version 1.3 Official Re: Re: 1.3 @Ariella it coul be also marketing, strategy to create or maybe hide something... or it could be something else in mind/idea of the marketing department... Post Your Reply Susan Fourtané , 8/18/2018 6:40:42 PM Spam at 40: Still a Robust Security Threat in Middle Age Re: Re: Will Messaging Apps Ever Take Over? Yes, I believe the same. Perhaps that was part of the parents' idea. Post Your Reply Michelle, 8/18/2018 3:07:05 PM Check Point: Fax Machines, Networks Vulnerable to Attack Re: No answer Facinating find! I'm glad researchers are looking into such things. Finding vulnerabilities in such widely-used machines should certainly impact future security implementations. Post Your Reply Michelle, 8/18/2018 3:00:19 PM Spam at 40: Still a Robust Security Threat in Middle Age Re: Re: Will Messaging Apps Ever Take Over? @Susan Thanks for the link. I hadn't seen that yet. I suppose he'll be known as Clark Kent alone from not on! ;) Post Your Reply LarryLoeb, 8/18/2018 8:42:44 AM IETF Makes Transport Layer Security Version 1.3 Official Re: Re: 1.3 @Ariella The basic approach remains the same in 1.3; just the methods they use to achieve it (the crypto) changes. Only took them 10 years. Post Your Reply Next 5 messages + All messages All messages Chat 8/31/2017 3:54:21 PM Voice of Security Radio: A Security Partnership with Machine Learning: Thank you! klogan453 Keeper 8/31/2017 3:51:19 PM Voice of Security Radio: A Security Partnership with Machine Learning: Well, it seems like Steve and I managed to answer everyone's questions in our conversation. So I'll say thanks once again to Steve Grobman, CTO of McAfee, for being such a wonderful guest here on Voice of Security Radio! Curt Franklin Keeper 8/31/2017 3:47:35 PM Voice of Security Radio: A Security Partnership with Machine Learning: Thanks. Sr.Contr61262 Keeper 8/31/2017 3:47:19 PM Voice of Security Radio: A Security Partnership with Machine Learning: Thanks for helping out, Daren! Curt Franklin Keeper 8/31/2017 3:45:59 PM Voice of Security Radio: A Security Partnership with Machine Learning: (On behalf of Steve Grobman) - Data science and computer science expertise is definately in high demand by the cyber security technology industry as well as many other industries that are using similar capabilities daren Keeper 8/31/2017 3:44:38 PM Voice of Security Radio: A Security Partnership with Machine Learning: (On behalf of Steve Grobman) - There is not a formal certificatio process.. most users don't need to understand the nuance of the technology which is generally built by technology product providers daren Keeper 8/31/2017 3:42:40 PM Voice of Security Radio: A Security Partnership with Machine Learning: And how are mainline security pros/machine learning pros certified, i.e. how do you lknow that the person you're hiring to help you knows what they're dcoing? Sr.Contr61262 Keeper 8/31/2017 3:39:20 PM Voice of Security Radio: A Security Partnership with Machine Learning: Steve, one question we didn't get to is that of skilled practitioners. I know that mainline security pros are in short supply and high demand: Is it even worse when it comes to machine learning pros in the security space? Curt Franklin Keeper 8/31/2017 3:37:01 PM Voice of Security Radio: A Security Partnership with Machine Learning: Since I was late - and again - really sorry, I don't even know what to ask. Feel free to ask a question or my behalf. Sr.Contr61262 Keeper 8/31/2017 3:33:59 PM Voice of Security Radio: A Security Partnership with Machine Learning: Well folks, now's the time to ask any questions we didn't get to in the audio interview. Steve will be here in just a moment -- what would you like to know? Curt Franklin Keeper Next 5 chats +		Information Resources • You Cannot Secure What You Cannot See: How to make your hybrid cloud environment visible and secure • Security Now Special Report – Security Automation: Risks & Rewards for Your Security Program • Security Now Special Report – Backup & Recovery • Cisco Umbrella + Cloudlock: Simple, effective cloud security • MSSP Data Sheet • Ransomware for Dummies • Easy Protect Data Sheet • Security Now Special Report - GDPR: Making Sure Your Enterprise Is Prepared & Secure • DDoS Protection Mastery Starts Here • The Cloud Migration Guide All resources upcoming Webinars ARCHIVED What You Can Do To Strengthen Security Over Your Clouds Tuesday, June 26, 2018 1:00 p.m New York/ 6:00 p.m. London More Webinars Webinar Archives Analysts Corner Ovum Resources • Ovum 2018 Trends to Watch: IT & Cybersecurity • Ovum IoT Security: Technology Strategies & Vendor Profiles • Ovum 2018 Trends to Watch: Managed Security Services • Ovum's Mini-Guide to GDPR Analysts Corner archive Flash Poll All polls Video CloudPassage's new technology, called Container Secure, involves a five-step process to ensure seamless security in container deployments from the ... You can't so much as go to a coffee shop today without hearing the word 'blockchain.' Hearing about a useful blockchain is less common, but ... Last year, 60 million companies changed owners worldwide. That turnover makes it incredibly difficult to avoid doing business with entities (e.g., ... Keith Furst of Data Derivatives interviews Daniel Wagner, author of a new book, Virtual Terror: 21st Century Cyber Warfare. They discuss the ways ... Facebook has introduced new measures that will enable users to secure access to their accounts using a physical 'key' application. All Videos Sponsored Video Sage Wagner, senior security pre-sales engineer with RiskSense, provides a demo of the company's latest technology 'RiskSense Solution,' a ... Janus Technologies is launching a line of products that protect against the many threats to enterprises' sensitive data. David Schultz, vice ... This new video will inspire companies to reimagine their business for success in a world where connectivity is more than a commodity. Sponsored Video All Videos Radio Shows ARCHIVED \| August 31, 2017, 3pm EDT Voice of Security Radio: A Security Partnership with Machine Learning An interview with Steve Grobman, CTO of McAfee ARCHIVED SHOWS DOWNLOAD TO CALENDAR Twitter Feed Tweets by Security_Now_ like us on facebook