Security Now - Security challenges come in many forms


ABTV Application Cloud Endpoint Infrastructure IoT/Embedded Mobile Network Operational Security Management
Sign up for our weekly newsletter! REGISTER NOW

News & Views Here it Comes – Internet Privacy Regulation Larry Loeb Author, \| 2/22/2019 The US Government Accountability Office (GAO), which provides auditing, evaluation and investigative services for Congress, has issued a report on Internet data privacy. Two years in the making, the report suggests that "Comprehensive Internet privacy legislation that establishes specific standards and includes traditional notice-and-comment rulemaking ... Post a Comment \| READ () Supply Chain Attacks Increase 78% Larry Loeb Author, \| 2/21/2019 Symantec has released their new Internet Security Threat Report (ISTR) for 2019, and attacks are in bloom. Post a Comment \| READ () Russia – Fastest State Threat in the World Larry Loeb Author, \| 2/20/2019 CrowdStrike, the US security firm, has this week issued the "2019 CrowdStrike Global Threat Report." Post a Comment \| READ () Digital Transformation With Cloud: Answering Risks With Algorithms Joe Stanganelli Managing Director, Blackwood King LC, \| 2/20/2019 Digital transformation almost always demands cloud transformation. Even in 2019, however, cloud initiatives carry security risks that can't be ignored; cloud is simply too big for mere humans to tend to. Post a Comment \| READ (1 Comment) Latest comment: <It's not for lack of trying [or] laziness; it's just the fact that they are... Take White Hats Seriously to Staunch the Flow of Zero-Days Joe Stanganelli Managing Director, Blackwood King LC, \| 2/19/2019 When it comes to the rising zero-day threat, IT-security organizations may have no one to blame but themselves and their poor attitudes toward data stewardship. Post a Comment \| READ (1 Comment) Latest comment: <An iPhone vulnerability, for example, can literally fetch millions of dollars --... Container Vulnerability: Still a Reality Larry Loeb Author, \| 2/18/2019 A security problem with runC that could allow attackers to escape Linux containers and obtain unauthorized, root- level access to the host operating system is on the move. Post a Comment \| READ (1 Comment) Latest comment: <The researchers that originally found the problem (Adam Iwaniuk and Borys Popławski)... Increased Cryptomining: a Toehold for Attackers Larry Loeb Author, \| 2/15/2019 Cisco Umbrella is said by the company to protect users from connecting to malicious sites on the Internet and analyzes over 175 billion domain name system (DNS) requests daily. Post a Comment \| READ (4 comments) Latest comment: @Larry Nice analogy! Some these hackers seem quite capable of building their own... Lessons Learned From 2018 Security Breaches Marzena Fuller Chief Security Officer, SignalFx, \| 2/14/2019 The top five security breaches discovered in 2018 affected over 2 billion users' records (Aadhar -- 1.1B, Marriot -- 500M, Exactis -- 340M, Twitter -- 330M, MyFitnessPal -- 150M) and included highly sensitive data -- from names and DOBs to credit card and passport numbers. So what have we learned about the categories of companies targeted, the data ... Post a Comment \| READ (19 comments) Latest comment: I would say sometimes knowing about others mistakes and how they resolved would... The Rise of 'Fileless' Malware Larry Loeb Author, \| 2/14/2019 Malware has typically used files that it makes resident on a target machine to carry out an attack. But another class of malware called "fileless" does the opposite. The attack that the malware causes does not touch the disk of the target, loading the malware instructions only into memory. Post a Comment \| READ (2 comments) Latest comment: @Ariella Flash sucks dead bunnies through a straw, in the words of Jerry Pournelle. It... Google Moves to Control More of the Internet Larry Loeb Author, \| 2/13/2019 Domain name systems (DNS) are one of the Internet's core technologies, but they are invisible to most users. They are a system that takes a URL like "www.foo.com" and turns it into the identifying numerical IP address that is needed to actually allow data transfer. Post a Comment \| READ (3 comments) Latest comment: @Larry ha, it's all about what you call it. What You Need to Know About Arbitrary Code Execution Vulnerabilities Alan Zeichick Principal Analyst, Camden Associates, \| 2/12/2019 They're serious. Notices about arbitrary code execution (ACE) vulnerabilities appear just about every week in alerts from US-CERT - the United States Computer Emergency Readiness Team, a part of the Dept. of Homeland Security. And despite their rather innocuous name, ACE can appear in just about any software. Post a Comment \| READ (1 Comment) Latest comment: The pic doesn't appear in the article itself, though it does on the link to it.... Six Large Data Dumps Add Fuel to Collection #1's Fire Joe Stanganelli Managing Director, Blackwood King LC, \| 2/12/2019 Last month, security researcher Troy Hunt reported on finding "Collection #1" -- a set of 12,000 files containing stolen email and password combinations, uploaded to New Zealand's MEGA cloud hosting service. Despite setting a record for the largest collection of personal data found, however, Collection #1 -- as its name implies -- turned out to be just ... Post a Comment \| READ () Load More Articles + All Articles All Video All Slide Shows All Articles discussion board ms.akkineni, 2/22/2019 7:43:50 AM Lessons Learned From 2018 Security Breaches Re: Re: Executive Attention & Support I would say sometimes knowing about others mistakes and how they resolved would become very helpful. Post Your Reply ms.akkineni, 2/22/2019 7:40:48 AM Lessons Learned From 2018 Security Breaches Re: Re: Executive Attention & Support Yes, i believe Google uses predictive analysis in coming up with suggestions based on browsing history. Post Your Reply ms.akkineni, 2/22/2019 7:37:31 AM Lessons Learned From 2018 Security Breaches Re: Re: Executive Attention & Support Interesting, makes sense.. Gym doesn't need to know real dob. If you think there are handful of situations where you must provide true information. Post Your Reply ms.akkineni, 2/22/2019 7:34:59 AM Lessons Learned From 2018 Security Breaches Re: Re: Executive Attention & Support I hear you. Also it is true that none of the networking sites check if that is real dob or even if one uses real names etc. But they do track your browsing history trends and often come up with suggestions. Post Your Reply Susan Fourtané , 2/22/2019 2:52:50 AM Lessons Learned From 2018 Security Breaches Re: Re: Executive Attention & Support Ms. A: What's more, not even my gym has my dob. They have whatever I felt like it the day I was signing up. Why? Because I don't think it's relevant and it was something I was doing online. You always have the power over your privacy and what... Post Your Reply Susan Fourtané , 2/22/2019 2:47:46 AM Lessons Learned From 2018 Security Breaches Re: Re: Executive Attention & Support Ms akkineni -- Social networks don't point a gun on your head when they ask for dob or any other personal data. They are not the police and they are not any official entity that requires accurate information. You are always in charge of deciding... Post Your Reply Susan Fourtané , 2/22/2019 2:40:33 AM Lessons Learned From 2018 Security Breaches Re: Re: Executive Attention & Support Ariella -- I think any machine learning would have real trouble trying to figure out my dob just by collecting data from my social media accounts. I have several different dobs around the Web. None of them real. The logic behind that is, for... Post Your Reply Susan Fourtané , 2/22/2019 2:32:36 AM Lessons Learned From 2018 Security Breaches Re: Re: Executive Attention & Support Ariella -- I think it's difficult to learn lessons from other people's mistakes. As you say, even sometimes from our own we don't learn. But I think it's better to go through own experience because experiences differ from one to another. &n... Post Your Reply batye, 2/21/2019 1:41:00 PM Lessons Learned From 2018 Security Breaches Re: Re: Executive Attention & Support @ms.akkineni yes this days nothing private anymore... even things in the head coul be figure it out by Google and relevant adds started poping up as per - you think you searched and what you thinking could be predicted... Post Your Reply ms.akkineni, 2/21/2019 7:28:40 AM Microsoft Looks to Squash Bugs in its Azure DevOps Product Re: Re: bounty Agree... Post Your Reply ms.akkineni, 2/21/2019 7:25:31 AM Lessons Learned From 2018 Security Breaches Re: Re: Executive Attention & Support Agree with you. Social network sites hardly lets you keep things confidential. Yes getting DOB is pretty easy these days. Post Your Reply ms.akkineni, 2/21/2019 7:22:19 AM Lessons Learned From 2018 Security Breaches Re: Re: Executive Attention & Support Yes, identifying bottleneck is the first step. Acknowledge and get into next steps to address that are the essential next steps to be taken. Post Your Reply Next 5 messages + All messages All messages Chat 8/31/2017 3:54:21 PM Voice of Security Radio: A Security Partnership with Machine Learning: Thank you! klogan453 Keeper 8/31/2017 3:51:19 PM Voice of Security Radio: A Security Partnership with Machine Learning: Well, it seems like Steve and I managed to answer everyone's questions in our conversation. So I'll say thanks once again to Steve Grobman, CTO of McAfee, for being such a wonderful guest here on Voice of Security Radio! Curt Franklin Keeper 8/31/2017 3:47:35 PM Voice of Security Radio: A Security Partnership with Machine Learning: Thanks. Sr.Contr61262 Keeper 8/31/2017 3:47:19 PM Voice of Security Radio: A Security Partnership with Machine Learning: Thanks for helping out, Daren! Curt Franklin Keeper 8/31/2017 3:45:59 PM Voice of Security Radio: A Security Partnership with Machine Learning: (On behalf of Steve Grobman) - Data science and computer science expertise is definately in high demand by the cyber security technology industry as well as many other industries that are using similar capabilities daren Keeper 8/31/2017 3:44:38 PM Voice of Security Radio: A Security Partnership with Machine Learning: (On behalf of Steve Grobman) - There is not a formal certificatio process.. most users don't need to understand the nuance of the technology which is generally built by technology product providers daren Keeper 8/31/2017 3:42:40 PM Voice of Security Radio: A Security Partnership with Machine Learning: And how are mainline security pros/machine learning pros certified, i.e. how do you lknow that the person you're hiring to help you knows what they're dcoing? Sr.Contr61262 Keeper 8/31/2017 3:39:20 PM Voice of Security Radio: A Security Partnership with Machine Learning: Steve, one question we didn't get to is that of skilled practitioners. I know that mainline security pros are in short supply and high demand: Is it even worse when it comes to machine learning pros in the security space? Curt Franklin Keeper 8/31/2017 3:37:01 PM Voice of Security Radio: A Security Partnership with Machine Learning: Since I was late - and again - really sorry, I don't even know what to ask. Feel free to ask a question or my behalf. Sr.Contr61262 Keeper 8/31/2017 3:33:59 PM Voice of Security Radio: A Security Partnership with Machine Learning: Well folks, now's the time to ask any questions we didn't get to in the audio interview. Steve will be here in just a moment -- what would you like to know? Curt Franklin Keeper Next 5 chats +		Information Resources • 5 Security Imperatives When Considering Network Modernization and SD-WAN • ThreatConnect SIEM + Threat Intelligence Quickly Identify the Threats that Matter to You • Security Now Special Report - IoT Security: Securing the Network & Protecting the Consumer • SD-WAN Adoption Is Accelerating to Reduce Security Risk: A Global Survey of Network Professionals • Futuriom SD-WAN Growth Report 2018 • Versa Networks Enterprise Solution Brief • Protect Your Branch Office Network from Cyber-Criminals • Top 10 Ransomware • Next Generation Firewall Test Report – NSS Labs • ESG Lab Review - SD-WAN Integration with Amazon Web Services – Versa Networks All resources upcoming Webinars ARCHIVED Leveraging a Risk-Based Approach to Vulnerability Management to Unify Security and Operations Wednesday, February 20, 2019 11:00 am New York / 4:00 pm London More Webinars Webinar Archives Analysts Corner Ovum Resources • Ovum 2018 Trends to Watch: IT & Cybersecurity • Ovum IoT Security: Technology Strategies & Vendor Profiles • Ovum 2018 Trends to Watch: Managed Security Services • Ovum's Mini-Guide to GDPR Analysts Corner archive Flash Poll All polls Video In a wide-ranging interview, Cisco security boss Gee Rittenhouse talks about how machine learning, AI, blockchain and other emerging technologies ... CloudPassage's new technology, called Container Secure, involves a five-step process to ensure seamless security in container deployments from the ... You can't so much as go to a coffee shop today without hearing the word 'blockchain.' Hearing about a useful blockchain is less common, but ... Last year, 60 million companies changed owners worldwide. That turnover makes it incredibly difficult to avoid doing business with entities (e.g., ... Keith Furst of Data Derivatives interviews Daniel Wagner, author of a new book, Virtual Terror: 21st Century Cyber Warfare. They discuss the ways ... All Videos Sponsored Video Sage Wagner, senior security pre-sales engineer with RiskSense, provides a demo of the company's latest technology 'RiskSense Solution,' a ... Janus Technologies is launching a line of products that protect against the many threats to enterprises' sensitive data. David Schultz, vice ... This new video will inspire companies to reimagine their business for success in a world where connectivity is more than a commodity. Sponsored Video All Videos Radio Shows ARCHIVED \| August 31, 2017, 3pm EDT Voice of Security Radio: A Security Partnership with Machine Learning An interview with Steve Grobman, CTO of McAfee ARCHIVED SHOWS DOWNLOAD TO CALENDAR Slideshows Top 10 Security Stories of 2018 Slideshow archive Twitter Feed Tweets by Security_Now_ like us on facebook