Security Now - Security challenges come in many forms


ABTV Application Cloud Endpoint Infrastructure IoT/Embedded Mobile Network Operational Security Management
Sign up for our weekly newsletter! REGISTER NOW

News & Views New Fix for jQuery Vulnerabilities Larry Loeb Author, \| 4/24/2019 jQuery is an extremely popular fast, small, and feature-rich front-end JavaScript library. It is used by developers to make tasks like HTML document traversal and manipulation, event handling, animation and Ajax much simpler with an easy-to-use API which is functional across a multitude of browsers. Post a Comment \| READ () Networks in Danger as Global BGP Routing Table Reaches Capacity Larry Loeb Author, \| 4/23/2019 In 2014, the Internet came to a shuddering halt because the hardware used in switching packets around the wired networks which connect it all together had no memory left to hold the secret decoder ring it used to handle where those packets were supposed to end up. Post a Comment \| READ (1 Comment) Latest comment: I can't wait to see what happens! The suspense is already building. I don't remember... Over 500 Million Chrome iOS Sessions Hijacked in Massive Malvertising Campaign Larry Loeb Author, \| 4/22/2019 Confiant has spotted the known threat actor eGobbler back in action. This group is well-known for attempting its campaigns around holidays, which is when it assumes there will be increased consumer traffic. Post a Comment \| READ (5 comments) Latest comment: Chrome? Yes. I keep using it even though it's been buggy. stupid technology habi... Russian Hacker Group TA505 Found to Be Attacker of US Financial Firms Larry Loeb Author, \| 4/19/2019 Israeli-based Cyberint has found evidence of remote access Trojans (RATs) being used in attacks on financial entities in the United States as well as worldwide. Post a Comment \| READ (4 comments) Latest comment: Exactly what I was thinking!! I have long suspected general or light computer users... Wipro Gets Phished to Gain Access to Clients Larry Loeb Author, \| 4/18/2019 One of the nicer things that comes along with being a well known security guy like Brian Krebs is that sources leak to you. Sometimes they leak bad information, but other times you get the goods on a situation that might not have otherwise seen the light of day. The latter seems to have happened here. Post a Comment \| READ (1 Comment) Latest comment: Krebs gets some great scoops! I think Wipro staff can take some time off. What can... Servers Discovered With Multiple Malware Families, Staged & Ready to Launch Larry Loeb Author, \| 4/17/2019 You're a wizened cyber criminal, used to buying exploits from dark websites so that you can unleash upon an unsuspecting populace your nefarious schemes and gain untold profits. Post a Comment \| READ (1 Comment) Latest comment: Wow. Was the server taken down or its data retrieved by law enforcement? Warning: VPN Application Vulnerabilities Found Larry Loeb Author, \| 4/16/2019 The Department of Homeland Security's Cybersecurity and Infrastructure Security Agency (CISA) has issued an alert about enterprise-grade virtual private networks that points to a vulnerability note issued by CERT/CC. Post a Comment \| READ (6 comments) Latest comment: Mostly insecure it seems. Who Built the 'Taj Mahal'? Larry Loeb Author, \| 4/15/2019 A new piece of sophisticated malware has been made public by researchers at Kaspersky. While the complexity and the sophistication of the malware suggest that it is the product of a nation-state, it bears none of the code fingerprints of any known nation-state hacker group. Post a Comment \| READ (3 comments) Latest comment: Larry -- That's true. I was thinking about all that effort later after I commented.... IoE: The Internet of Espionage Joe Stanganelli Managing Director, Blackwood King LC, \| 4/12/2019 The Internet of Things has been expanding exponentially over the years. Gartner predicts that within the next five years, there will be approximately 1.7 billion new devices per annum attaching to enterprise networks -- and, accordingly, that the number of endpoint devices that CIOs will be expected to manage will triple in that time. This in and of ... Post a Comment \| READ (1 Comment) Latest comment: Frankly I will tell, I am reading this term first time IoE and its quite interesting.... New Vulnerabilities Found in WP3 WiFi Standard Larry Loeb Author, \| 4/12/2019 One of the researchers who developed the KRACK attack that split open the WPA-2 WiFi protocol is at it again. This time, he and a colleague make mincemeat of the new WPA3 certification. Post a Comment \| READ (2 comments) Latest comment: @Ariella thanks for interesting sumary... this days prices for hacking software... Majority of Enterprise Firms Lack Active Incident Response Plans Larry Loeb Author, \| 4/11/2019 The Ponemon Institute, in the recent IBM Resilient sponsored study titled "The 2019 Study on the Cyber Resilient Organization," found that a majority of organizations remain unprepared to fully respond to cybersecurity incidents. The study defines resilience as an organization's ability to maintain its core purpose and integrity in the face of cyber ... Post a Comment \| READ () Report Finds That Industry 4.0 Will Pose New & Old Risks Larry Loeb Author, \| 4/10/2019 Trend Micro thinks the fourth industrial revolution is upon us. They see it characterized by the use of cyber-physical systems (CPSs) in production processes, where the industrial Internet of Things (IIoT), machine learning, as well as big data and analytics play key roles. Post a Comment \| READ () Load More Articles + All Articles All Video All Slide Shows All Articles discussion board ms.akkineni, 4/24/2019 9:07:38 PM Android Banking Trojan 'Gustuff' Becomes More Dangerous Re: Re: All-in-one Yup, whatever may be the political situation but 2017 election campaign related things certainly as been an eye opener for flaws all around. I am hopeful that all fixes are in progress to fix gaps right now. Post Your Reply Michelle, 4/24/2019 8:55:37 PM Android Banking Trojan 'Gustuff' Becomes More Dangerous Re: Re: All-in-one Pretty awful, all of it. I'm glad the flaws have been exposed. It's too bad they couldn't just store the passwords securely the first time... Post Your Reply ms.akkineni, 4/24/2019 2:07:16 PM Android Banking Trojan 'Gustuff' Becomes More Dangerous Re: Re: All-in-one It was even worse to know that Facebook passwords are not encrypted. Facebook technical team can see all passwords. Post Your Reply Michelle, 4/23/2019 10:04:31 PM Wipro Gets Phished to Gain Access to Clients Re: Email access for some time Krebs gets some great scoops! I think Wipro staff can take some time off. What can do you do without email? I'm really concerned about Wipro clients. Post Your Reply Michelle, 4/23/2019 9:46:16 PM Networks in Danger as Global BGP Routing Table Reaches Capacity Re: Y2019 I can't wait to see what happens! The suspense is already building. I don't remember the great day of delay in 2014. I don't know how I missed, really. Post Your Reply Michelle, 4/23/2019 9:40:16 PM Over 500 Million Chrome iOS Sessions Hijacked in Massive Malvertising Campaign Re: Re: Clock is ticking Chrome? Yes. I keep using it even though it's been buggy. stupid technology habits... Post Your Reply Michelle, 4/23/2019 9:34:19 PM Facebook Exposes Millions of Unencrypted User Passwords Re: Re: password The book is called History of the English Language by Albert C. Baugh. I have a first edition I picked up at a library sale several years ago. Some of my facts may be a little off in my previous comment, but we do use a lot of older forms of... Post Your Reply Ariella, 4/23/2019 6:15:45 PM Over 500 Million Chrome iOS Sessions Hijacked in Massive Malvertising Campaign Re: Re: Clock is ticking @Michelle is that your go-to browser? Post Your Reply Susan Fourtané , 4/23/2019 4:44:32 PM Facebook Exposes Millions of Unencrypted User Passwords Re: Re: password That's actually very interesting. :) What book is that? Post Your Reply Michelle, 4/23/2019 2:18:55 PM Over 500 Million Chrome iOS Sessions Hijacked in Massive Malvertising Campaign Re: Re: Clock is ticking I should definitely click on those links to check them, right? :) I agree Firefox is a good alternative. It's more stable than Chrome on desktop these days. Post Your Reply Michelle, 4/23/2019 2:17:11 PM Warning: VPN Application Vulnerabilities Found Re: Re: patches Mostly insecure it seems. Post Your Reply Michelle, 4/23/2019 2:14:02 PM Evidence Found of Malware Families Collaborating Re: Re: Band of thieves It works for legitimate business so why not, right? I'm a bit surprised because of another adage - there is no honor among theives. How can they trust one another enough to get the job done? Post Your Reply Next 5 messages + All messages All messages Chat 8/31/2017 3:54:21 PM Voice of Security Radio: A Security Partnership with Machine Learning: Thank you! klogan453 Keeper 8/31/2017 3:51:19 PM Voice of Security Radio: A Security Partnership with Machine Learning: Well, it seems like Steve and I managed to answer everyone's questions in our conversation. So I'll say thanks once again to Steve Grobman, CTO of McAfee, for being such a wonderful guest here on Voice of Security Radio! Curt Franklin Keeper 8/31/2017 3:47:35 PM Voice of Security Radio: A Security Partnership with Machine Learning: Thanks. Sr.Contr61262 Keeper 8/31/2017 3:47:19 PM Voice of Security Radio: A Security Partnership with Machine Learning: Thanks for helping out, Daren! Curt Franklin Keeper 8/31/2017 3:45:59 PM Voice of Security Radio: A Security Partnership with Machine Learning: (On behalf of Steve Grobman) - Data science and computer science expertise is definately in high demand by the cyber security technology industry as well as many other industries that are using similar capabilities daren Keeper 8/31/2017 3:44:38 PM Voice of Security Radio: A Security Partnership with Machine Learning: (On behalf of Steve Grobman) - There is not a formal certificatio process.. most users don't need to understand the nuance of the technology which is generally built by technology product providers daren Keeper 8/31/2017 3:42:40 PM Voice of Security Radio: A Security Partnership with Machine Learning: And how are mainline security pros/machine learning pros certified, i.e. how do you lknow that the person you're hiring to help you knows what they're dcoing? Sr.Contr61262 Keeper 8/31/2017 3:39:20 PM Voice of Security Radio: A Security Partnership with Machine Learning: Steve, one question we didn't get to is that of skilled practitioners. I know that mainline security pros are in short supply and high demand: Is it even worse when it comes to machine learning pros in the security space? Curt Franklin Keeper 8/31/2017 3:37:01 PM Voice of Security Radio: A Security Partnership with Machine Learning: Since I was late - and again - really sorry, I don't even know what to ask. Feel free to ask a question or my behalf. Sr.Contr61262 Keeper 8/31/2017 3:33:59 PM Voice of Security Radio: A Security Partnership with Machine Learning: Well folks, now's the time to ask any questions we didn't get to in the audio interview. Steve will be here in just a moment -- what would you like to know? Curt Franklin Keeper Next 5 chats +		Information Resources • A CISO’S Guide to Hybrid Cloud Security • Endpoint EcoSystems E-Book: Collaborating To Conquer Security Threats • (Sans) Understanding the (True) Cost of Endpoint Management Survey • Forrester Research - The Total Economic Impact of IBM BigFix Patch And BigFix Compliance • CISOs Investigate: Endpoint Security Peer-authored Research • Understanding the True Cost of Endpoint Management Webinar • SOAR Platforms: Everything you need to know about security orchestration, automation, and response • Considerations in Selecting the Right SD-WAN Solution • 5 Security Imperatives When Considering Network Modernization and SD-WAN • ThreatConnect SIEM + Threat Intelligence Quickly Identify the Threats that Matter to You All resources upcoming Webinars ARCHIVED Risk Buy-Down: Why Data Security is a Must Tuesday, April 23, 2019 11:00 am New York / 4:00 pm London More Webinars Webinar Archives Analysts Corner Ovum Resources • Ovum 2018 Trends to Watch: IT & Cybersecurity • Ovum IoT Security: Technology Strategies & Vendor Profiles • Ovum 2018 Trends to Watch: Managed Security Services • Ovum's Mini-Guide to GDPR Analysts Corner archive Flash Poll All polls Video In a wide-ranging interview, Cisco security boss Gee Rittenhouse talks about how machine learning, AI, blockchain and other emerging technologies ... CloudPassage's new technology, called Container Secure, involves a five-step process to ensure seamless security in container deployments from the ... You can't so much as go to a coffee shop today without hearing the word 'blockchain.' Hearing about a useful blockchain is less common, but ... Last year, 60 million companies changed owners worldwide. That turnover makes it incredibly difficult to avoid doing business with entities (e.g., ... Keith Furst of Data Derivatives interviews Daniel Wagner, author of a new book, Virtual Terror: 21st Century Cyber Warfare. They discuss the ways ... All Videos Sponsored Video Sage Wagner, senior security pre-sales engineer with RiskSense, provides a demo of the company's latest technology 'RiskSense Solution,' a ... Janus Technologies is launching a line of products that protect against the many threats to enterprises' sensitive data. David Schultz, vice ... This new video will inspire companies to reimagine their business for success in a world where connectivity is more than a commodity. Sponsored Video All Videos Radio Shows ARCHIVED \| August 31, 2017, 3pm EDT Voice of Security Radio: A Security Partnership with Machine Learning An interview with Steve Grobman, CTO of McAfee ARCHIVED SHOWS DOWNLOAD TO CALENDAR Slideshows Top 10 Security Stories of 2018 Slideshow archive Twitter Feed Tweets by Security_Now_ like us on facebook