Security Now - Security challenges come in many forms


ABTV Application Cloud Endpoint Infrastructure IoT/Embedded Mobile Network Operational Security Management
Sign up for our weekly newsletter! REGISTER NOW

News & Views IoT Botnets Shifting to Exploit Vulnerabilities Jeffrey Burt Freelance Editor & Journ, \| 12/13/2018 Internet of Things devices are being hit with increasingly sophisticated botnet attacks that aim to exploit vulnerabilities and that target the devices sometimes within minutes of coming online, according to researchers with NetScout's threat intelligence group. Post a Comment \| READ () China Suspected of Massive Marriott Data Breach – Report Scott Ferguson Managing Editor, Light Reading, \| 12/13/2018 Cyber spies working for China are suspected of pulling off the massive data breach at Marriott, which involved personal data of 500 million Starwood customers, in an effort to gather intelligence on specific US citizens, according to a published report in the New York Times. Post a Comment \| READ () 'Operation Sharpshooter': Lazarus Revived or False Flag Operation? Scott Ferguson Managing Editor, Light Reading, \| 12/12/2018 McAfee Labs researchers have zeroed in on a new cyber campaign targeting critical infrastructure, including nuclear, defense, energy, and financial facilities in multiple countries including the US, which they are calling "Operation Sharpshooter." Post a Comment \| READ () 'Novidade' Exploit Changes DNS Settings in Home & Small Business Routers Larry Loeb Author, \| 12/12/2018 A new exploit spotted by Trend Micro is designed to target small home and office (SOHO) routers, as well as consumer-grade home routers, by changing their internal domain name service (DNS) setting to one that is determined by the attacker. Post a Comment \| READ () Supermicro: Report Clears Company of Hacking Allegations Scott Ferguson Managing Editor, Light Reading, \| 12/12/2018 In an attempt to clear the company name, Supermicro released the results of an audit that showed hackers did not compromise the firm's hardware by implanting highly specialized chips that would lead to large-scale industrial espionage. Post a Comment \| READ () ESET Researchers Find 12 New Linux Malware Families Larry Loeb Author, \| 12/11/2018 Linux targets tend to get less attention from security researchers than Microsoft Windows since open source is considered a key ingredient to a secure operating system. But that does not mean it is untouchable. Post a Comment \| READ () M2M Protocols Expose IoT Data, Trend Micro Finds Jeffrey Burt Freelance Editor & Journ, \| 12/11/2018 Two of the key machine-to-machine (M2M) protocols that form the underpinnings of the Internet of Things are replete with vulnerabilities, design flaws and implementation issues that can leave enterprises and other organizations open to attacks and data breaches, according to a report by researchers at cybersecurity vendor Trend Micro. Post a Comment \| READ () New Google+ Bug Affects 52M Users, Accelerating Site's Demise Scott Ferguson Managing Editor, Light Reading, \| 12/11/2018 The latest nail in the Google+ social media coffin is a newly discovered API bug. Post a Comment \| READ () SD-WAN Security: Why Zero-Trust Authentication Is Key Alan Zeichick Principal Analyst, Camden Associates, \| 12/10/2018 Internet-based SD-WAN has an authentication problem. In fact, Internet-based SD-WAN is an authentication problem. Let's see what that problem is, and how to overcome it. Post a Comment \| READ () APTs in 2018: A Mix of Old & New Jeffrey Burt Freelance Editor & Journ, \| 12/10/2018 The picture of advanced persistent threats (APTs) in 2018 has been one of established threat groups such as Sofacy and Turla continuing their work, an Olympic Destroyer attack that was among the most sophisticated false flags, the re-emergence of some bad actors that had been absent from the scene, the rise of new players, and a growing effort by ... Post a Comment \| READ () Cloud, Compliance & the Death of the IT Checklist Sanjay Kalra Co-founder and Chief Strategy Officer, Lacework, \| 12/7/2018 For years, compliance frameworks provide guidelines for effective and secure operations. For instance, there's the Health Insurance Portability and Accountability Act (HIPPA) for healthcare and PCI for credit card transactions. Post a Comment \| READ (1 Comment) Latest comment: Hmm. Automation is also the cause of a lot of unforeseen mistakes done over and... Google Chrome 71: Bugs Squashed & News Ways to Block 'Abusive Experiences' Larry Loeb Author, \| 12/7/2018 Google has released the latest version of Chrome 71 -- 71.0.3578.80 -- which has an array of high-severity bug fixes inside of it. The search giant promoted it to the stable channel for Windows, Mac and Linux operating systems, noting that it "roll out over the coming days/weeks." Post a Comment \| READ (6 comments) Latest comment: > "If MSFT ports their browser to MacOS or IOS as they say they are, that gives... Load More Articles + All Articles All Video All Slide Shows All Articles discussion board Susan Fourtané , 12/12/2018 1:26:06 AM Feds Charge 8 in Large-Scale Ad Fraud & Botnet Scheme Re: Re: Three out of eight Glup. The link didn't work for some reason. I searched on Youtube and saw the cop's ear scene. You never know when fiction is taken from reality or when reality is taken from fiction. Tarantino's movies are always quite, well, like that. Post Your Reply Susan Fourtané , 12/10/2018 6:38:19 PM Quora Breach Hits 100M User Accounts Containing Highly Personal Data Re: Re: No "real name" requirement at Quora? Hmmm. Yes. Like telling you now I have this super cool, super strong secret encryption system but I am not telling you how it works. I don't think that not specifying means admitting it's not using strong encryption, though. Hard to tell. Perhaps... Post Your Reply mhhfive, 12/10/2018 1:28:33 PM Google Chrome 71: Bugs Squashed & News Ways to Block 'Abusive Experiences' Re: Re: Webkit, Blink, Gecko or..? > "If MSFT ports their browser to MacOS or IOS as they say they are, that gives developers a way to write once and be on every platform." MSFT is definitely going to port Edge to every device it can... I think that's the whole point in... Post Your Reply LarryLoeb, 12/10/2018 12:01:35 PM Google Chrome 71: Bugs Squashed & News Ways to Block 'Abusive Experiences' Re: Re: Webkit, Blink, Gecko or..? @mhhfive If MSFT ports their browser to MacOS or IOS as they say they are, that gives developers a way to write once and be on every platform. That can't be ignored, even if the results are not quite as good as could be otherwise obtained. Post Your Reply mhhfive, 12/10/2018 11:30:41 AM Google Chrome 71: Bugs Squashed & News Ways to Block 'Abusive Experiences' Re: Re: Webkit, Blink, Gecko or..? > "This may mean the web will supplant desktop apps long term..." Given the state of "app stores" now, I'm not going to hold my breath for web apps. Steve Jobs almost fell into that trap, but then iOS apps did so well that I don't think... Post Your Reply LarryLoeb, 12/10/2018 7:26:59 AM Google Chrome 71: Bugs Squashed & News Ways to Block 'Abusive Experiences' Re: Re: Webkit, Blink, Gecko or..? @mhhfive MSFT lost the browser wars. Open source won. This may mean the web will supplant desktop apps long term. Post Your Reply mhhfive, 12/10/2018 1:56:07 AM Google Chrome 71: Bugs Squashed & News Ways to Block 'Abusive Experiences' Re: Webkit, Blink, Gecko or..? There aren't that many ways to access the internet these days... Even Microsoft is giving up on developing its own browser engine. Post Your Reply mhhfive, 12/10/2018 12:15:39 AM Feds Charge 8 in Large-Scale Ad Fraud & Botnet Scheme Re: Re: Three out of eight Maybe you haven't seen Reservoir Dogs... It's pretty bloody and uses very foul language -- so watch the following clip not at work: https://m.youtube.com/watch?v=4W5KhfJHF_4 Post Your Reply Susan Fourtané , 12/9/2018 9:19:30 PM Feds Charge 8 in Large-Scale Ad Fraud & Botnet Scheme Re: Re: Three out of eight I think I've missed some movies. Who is Mr Pink? Post Your Reply Susan Fourtané , 12/9/2018 9:18:03 PM Feds Charge 8 in Large-Scale Ad Fraud & Botnet Scheme Re: Re: Is it that hard to stay anonymous? Mhh> You really made me laugh. Those criminals and their co-workers! :D True. Satoshi Nakamoto has been quiet. Post Your Reply mhhfive, 12/8/2018 1:54:29 AM Quora Breach Hits 100M User Accounts Containing Highly Personal Data Re: Re: No "real name" requirement at Quora? But Quora could confirm that it salts its password storage and uses strong encryption -- without making it easier for bad hackers to crack encryption... isn't that the point of good encryption schemes? I suppose by not specifying Quora is tacitly... Post Your Reply Susan Fourtané , 12/7/2018 9:20:13 PM Quora Breach Hits 100M User Accounts Containing Highly Personal Data Re: Re: No "real name" requirement at Quora? Releasing information about how it encrypts passwords makes companies way more vulnerable. You wouldn't make public your formula for creating your passwords, would you? That's part of a good security practice. Post Your Reply Next 5 messages + All messages All messages Chat 8/31/2017 3:54:21 PM Voice of Security Radio: A Security Partnership with Machine Learning: Thank you! klogan453 Keeper 8/31/2017 3:51:19 PM Voice of Security Radio: A Security Partnership with Machine Learning: Well, it seems like Steve and I managed to answer everyone's questions in our conversation. So I'll say thanks once again to Steve Grobman, CTO of McAfee, for being such a wonderful guest here on Voice of Security Radio! Curt Franklin Keeper 8/31/2017 3:47:35 PM Voice of Security Radio: A Security Partnership with Machine Learning: Thanks. Sr.Contr61262 Keeper 8/31/2017 3:47:19 PM Voice of Security Radio: A Security Partnership with Machine Learning: Thanks for helping out, Daren! Curt Franklin Keeper 8/31/2017 3:45:59 PM Voice of Security Radio: A Security Partnership with Machine Learning: (On behalf of Steve Grobman) - Data science and computer science expertise is definately in high demand by the cyber security technology industry as well as many other industries that are using similar capabilities daren Keeper 8/31/2017 3:44:38 PM Voice of Security Radio: A Security Partnership with Machine Learning: (On behalf of Steve Grobman) - There is not a formal certificatio process.. most users don't need to understand the nuance of the technology which is generally built by technology product providers daren Keeper 8/31/2017 3:42:40 PM Voice of Security Radio: A Security Partnership with Machine Learning: And how are mainline security pros/machine learning pros certified, i.e. how do you lknow that the person you're hiring to help you knows what they're dcoing? Sr.Contr61262 Keeper 8/31/2017 3:39:20 PM Voice of Security Radio: A Security Partnership with Machine Learning: Steve, one question we didn't get to is that of skilled practitioners. I know that mainline security pros are in short supply and high demand: Is it even worse when it comes to machine learning pros in the security space? Curt Franklin Keeper 8/31/2017 3:37:01 PM Voice of Security Radio: A Security Partnership with Machine Learning: Since I was late - and again - really sorry, I don't even know what to ask. Feel free to ask a question or my behalf. Sr.Contr61262 Keeper 8/31/2017 3:33:59 PM Voice of Security Radio: A Security Partnership with Machine Learning: Well folks, now's the time to ask any questions we didn't get to in the audio interview. Steve will be here in just a moment -- what would you like to know? Curt Franklin Keeper Next 5 chats +		Information Resources • Security Now Special Report - IoT Security: Securing the Network & Protecting the Consumer • SD-WAN Adoption Is Accelerating to Reduce Security Risk: A Global Survey of Network Professionals • Futuriom SD-WAN Growth Report 2018 • Versa Networks Enterprise Solution Brief • Protect Your Branch Office Network from Cyber-Criminals • Top 10 Ransomware • Next Generation Firewall Test Report – NSS Labs • ESG Lab Review - SD-WAN Integration with Amazon Web Services – Versa Networks • Security Now Special Report: Endpoint Ecosystems – Collaborating to Conquer Security Threats • You Cannot Secure What You Cannot See: How to make your hybrid cloud environment visible and secure All resources upcoming Webinars ARCHIVED 12 Ways to Defeat Two-Factor Authentication Tuesday, December 11, 2018 12:00 p.m. New York / 5:00 p.m. London More Webinars Webinar Archives Analysts Corner Ovum Resources • Ovum 2018 Trends to Watch: IT & Cybersecurity • Ovum IoT Security: Technology Strategies & Vendor Profiles • Ovum 2018 Trends to Watch: Managed Security Services • Ovum's Mini-Guide to GDPR Analysts Corner archive Flash Poll All polls Video CloudPassage's new technology, called Container Secure, involves a five-step process to ensure seamless security in container deployments from the ... You can't so much as go to a coffee shop today without hearing the word 'blockchain.' Hearing about a useful blockchain is less common, but ... Last year, 60 million companies changed owners worldwide. That turnover makes it incredibly difficult to avoid doing business with entities (e.g., ... Keith Furst of Data Derivatives interviews Daniel Wagner, author of a new book, Virtual Terror: 21st Century Cyber Warfare. They discuss the ways ... Facebook has introduced new measures that will enable users to secure access to their accounts using a physical 'key' application. All Videos Sponsored Video Sage Wagner, senior security pre-sales engineer with RiskSense, provides a demo of the company's latest technology 'RiskSense Solution,' a ... Janus Technologies is launching a line of products that protect against the many threats to enterprises' sensitive data. David Schultz, vice ... This new video will inspire companies to reimagine their business for success in a world where connectivity is more than a commodity. Sponsored Video All Videos Radio Shows ARCHIVED \| August 31, 2017, 3pm EDT Voice of Security Radio: A Security Partnership with Machine Learning An interview with Steve Grobman, CTO of McAfee ARCHIVED SHOWS DOWNLOAD TO CALENDAR Twitter Feed Tweets by Security_Now_ like us on facebook