Security Now - Security challenges come in many forms


ABTV Application Cloud Endpoint Infrastructure IoT/Embedded Mobile Network Operational Security Management
Sign up for our weekly newsletter! REGISTER NOW

News & Views Does 'Client Hints' Leave Fingerprints? Larry Loeb Author, \| 5/21/2019 A new proposed web standard, Client Hints, is a new standard for HTTP communication. It has separate aspects that are dealt with in different Internet standards bodies (i.e. the IETF and W3C respectively.) Post a Comment \| READ (5 comments) Latest comment: @Larry Too true! It's at best not yet public or, pershaps I should say "passively... Monster Breaches Do Monstrous Damage Larry Loeb Author, \| 5/21/2019 Bitglass has looked at the top three data breaches of the last three years, and found that a drop in the victim's stock price post-infection was one of the effects. Post a Comment \| READ () DevSecOps Enables Security to Finally Move at the Speed of the Business Tim Woods Vice President, Technology Alliances, FireMon, \| 5/20/2019 Until recently, security was a "bolt-on" or an afterthought -- if a thought at all -- in the DevOps process. It's easy to understand why. Application development has dramatically improved in speed and quality through the adoption of DevOps, agile development and continuous deployment initiatives, while security still relies on manual processes that just ... Post a Comment \| READ () How to Stop Insider Breaches From Becoming the Norm Mark Bower General Manager for North America, Egress, \| 5/17/2019 The average data breach now costs a company $3.86 million, up 6.4% since 2017. Unfortunately, data breaches are now so common we rarely go a day without hearing about the latest one. When these breaches are the result of employee actions, for example, accidental data leakage or clicking on a malicious link in an email, it can often be difficult for ... Post a Comment \| READ () Cisco All at Sea Over Trust Anchor Module Vulnerability Larry Loeb Author, \| 5/15/2019 Cisco has issued a high-level security advisory about a "Secure Boot Hardware Tampering Vulnerability." This advisory affects almost all Cisco products since 2013 that support the Trust Anchor module (TAm). Post a Comment \| READ (3 comments) Latest comment: @Larry do you thin they'll pull it off? SharePoint Problem Returns. Be Afraid. Larry Loeb Author, \| 5/14/2019 CVE-2019-0604, the SharePoint problem that became semi-famous because Microsoft had to reissue the patch for it after they had already put one out, has been seen in the wild. Post a Comment \| READ (3 comments) Latest comment: @Larry QUITE SO. Study Digs the Dirt on US Cyber Hygiene Larry Loeb Author, \| 5/13/2019 Wakefield Research has published its Webroot-sponsored report, The Cyber Hygiene Risk Index, in which they make evaluations about Americans and their habits. Post a Comment \| READ (3 comments) Latest comment: @Larry yes, and specifics that relate to particular businesse -- particulalry those... LightNeuron Sneaks In Through the Exchange Backdoor Larry Loeb Author, \| 5/9/2019 Turla is a Soviet-backed threat actor that has been in action over the last decade. Those behind it have also been called Waterbug, Snake, WhiteBear, VENOMOUS BEAR, and Kypton. Post a Comment \| READ () 'MegaCortex' Ransomware Hunts 'Big Game' Enterprise Larry Loeb Author, \| 5/8/2019 Recently, ransomware aimed at individuals has receded from last year's high levels. But that doesn't mean that it has gone away. Post a Comment \| READ (1 Comment) Latest comment: > "The ransom note is non-specific, trying rather to set up an introductory appointment..." That... Serverless Computing: A New World of Security Risks Joe Vadakkan Global Practice Leader, Cloud Security, Optiv, \| 5/8/2019 Serverless computing, or function-as-a-service (FaaS), is a new cloud paradigm gaining significant momentum in the developer world. At a high-level, serverless computing gives developers the ability to write code for a particular function and then deploy it in the cloud on platforms such as AWS Lambda and Microsoft Azure Functions. It brings the cloud ... Post a Comment \| READ (1 Comment) Latest comment: > "What can be done about code-level threats?" I would think that it should... Enterprise Resilience: It's the Ecosystem, Stupid Larry Loeb Author, \| 5/7/2019 Accenture realizes that all enterprises are interconnected. It's not all that sure that you realize it, however. On page 68 of its Technology Vision 2019 report, it has a pull quote designed to attract a reader's attention. The top of that page says, "87% of business and IT executives believe that to be truly resilient, organizations must rethink their ... Post a Comment \| READ (2 comments) Latest comment: Every supplier in the chain should maintain security standards that are in sync... Security Workforce 2019: Closing the Gap Builds a Bridge to the Future Steve Durbin Managing Director, Information Security Forum, \| 5/7/2019 The recent government shutdown in the US brought worries about the shortage of cybersecurity workers into stark relief. Post a Comment \| READ (1 Comment) Latest comment: > " information security is perceived as deeply technical (and let's be... Load More Articles + All Articles All Video All Slide Shows All Articles discussion board Ariella, 5/21/2019 11:40:12 AM Does 'Client Hints' Leave Fingerprints? Re: Re: riks/benefit @Larry Too true! It's at best not yet public or, pershaps I should say "passively shared." Post Your Reply LarryLoeb, 5/21/2019 10:24:52 AM Does 'Client Hints' Leave Fingerprints? Re: Re: riks/benefit @Ariella That's their business model you be speaking about. People don't have privacy. Just unharvested data. Post Your Reply Ariella, 5/21/2019 10:05:21 AM Does 'Client Hints' Leave Fingerprints? Re: Re: riks/benefit @Larry agrreed, Google certainly sems to think any benefit to it is worth individual loss of privacy. Post Your Reply Ariella, 5/21/2019 10:01:57 AM Study Digs the Dirt on US Cyber Hygiene Re: Re: questions @Larry yes, and specifics that relate to particular businesse -- particulalry those that are subject to additional regulations due to the industry or relations with the EU -- can be added on. Post Your Reply LarryLoeb, 5/21/2019 9:48:29 AM Study Digs the Dirt on US Cyber Hygiene Re: Re: questions @Ariella Covers the big stuff, doesn't it? Post Your Reply Ariella, 5/21/2019 9:48:26 AM SharePoint Problem Returns. Be Afraid. Re: Re: a lot @Larry QUITE SO. Post Your Reply LarryLoeb, 5/21/2019 9:47:34 AM SharePoint Problem Returns. Be Afraid. Re: Re: a lot @Ariella Indeed he did. The emphasis is well-deserved here. Post Your Reply LarryLoeb, 5/21/2019 9:46:00 AM Does 'Client Hints' Leave Fingerprints? Re: Re: riks/benefit @Ariella It seems a lot like Google is trying an endrun around notracking extensions. Post Your Reply Ariella, 5/21/2019 9:41:01 AM Study Digs the Dirt on US Cyber Hygiene Re: questions That's a good list for every business and organization to use to check on its own cyber hygiene. Post Your Reply Ariella, 5/21/2019 9:35:07 AM SharePoint Problem Returns. Be Afraid. Re: a lot <It would own a lot of enterprises. Like, a LOT."> So really a lot? Did he speak this or write it out all in caps? Post Your Reply Ariella, 5/21/2019 9:34:17 AM Does 'Client Hints' Leave Fingerprints? Re: riks/benefit <they "do not think the potential performance improvements in the proposal are worth the risk to Web privacy."> I'm glad someone is thinking in these terms Post Your Reply Ariella, 5/21/2019 9:33:34 AM Cisco All at Sea Over Trust Anchor Module Vulnerability Re: Re: Cisco vulnerability @Larry do you thin they'll pull it off? Post Your Reply Next 5 messages + All messages All messages Chat 8/31/2017 3:54:21 PM Voice of Security Radio: A Security Partnership with Machine Learning: Thank you! klogan453 Keeper 8/31/2017 3:51:19 PM Voice of Security Radio: A Security Partnership with Machine Learning: Well, it seems like Steve and I managed to answer everyone's questions in our conversation. So I'll say thanks once again to Steve Grobman, CTO of McAfee, for being such a wonderful guest here on Voice of Security Radio! Curt Franklin Keeper 8/31/2017 3:47:35 PM Voice of Security Radio: A Security Partnership with Machine Learning: Thanks. Sr.Contr61262 Keeper 8/31/2017 3:47:19 PM Voice of Security Radio: A Security Partnership with Machine Learning: Thanks for helping out, Daren! Curt Franklin Keeper 8/31/2017 3:45:59 PM Voice of Security Radio: A Security Partnership with Machine Learning: (On behalf of Steve Grobman) - Data science and computer science expertise is definately in high demand by the cyber security technology industry as well as many other industries that are using similar capabilities daren Keeper 8/31/2017 3:44:38 PM Voice of Security Radio: A Security Partnership with Machine Learning: (On behalf of Steve Grobman) - There is not a formal certificatio process.. most users don't need to understand the nuance of the technology which is generally built by technology product providers daren Keeper 8/31/2017 3:42:40 PM Voice of Security Radio: A Security Partnership with Machine Learning: And how are mainline security pros/machine learning pros certified, i.e. how do you lknow that the person you're hiring to help you knows what they're dcoing? Sr.Contr61262 Keeper 8/31/2017 3:39:20 PM Voice of Security Radio: A Security Partnership with Machine Learning: Steve, one question we didn't get to is that of skilled practitioners. I know that mainline security pros are in short supply and high demand: Is it even worse when it comes to machine learning pros in the security space? Curt Franklin Keeper 8/31/2017 3:37:01 PM Voice of Security Radio: A Security Partnership with Machine Learning: Since I was late - and again - really sorry, I don't even know what to ask. Feel free to ask a question or my behalf. Sr.Contr61262 Keeper 8/31/2017 3:33:59 PM Voice of Security Radio: A Security Partnership with Machine Learning: Well folks, now's the time to ask any questions we didn't get to in the audio interview. Steve will be here in just a moment -- what would you like to know? Curt Franklin Keeper Next 5 chats +		Information Resources • Versa SD-WAN – Simple, Secure and Reliable Branch to Multi-Cloud Connectivity • Fortifying Your Branch Security • The Essential Guide to Understanding Risk and Quantification • 7 Experts on Threat and Vulnerability Management • A CISO’S Guide to Hybrid Cloud Security • Endpoint EcoSystems E-Book: Collaborating To Conquer Security Threats • (Sans) Understanding the (True) Cost of Endpoint Management Survey • Forrester Research - The Total Economic Impact of IBM BigFix Patch And BigFix Compliance • CISOs Investigate: Endpoint Security Peer-authored Research • Understanding the True Cost of Endpoint Management Webinar All resources upcoming Webinars ARCHIVED Risk Buy-Down: Why Data Security is a Must Tuesday, April 23, 2019 11:00 am New York / 4:00 pm London More Webinars Webinar Archives Analysts Corner Ovum Resources • Ovum 2018 Trends to Watch: IT & Cybersecurity • Ovum IoT Security: Technology Strategies & Vendor Profiles • Ovum 2018 Trends to Watch: Managed Security Services • Ovum's Mini-Guide to GDPR Analysts Corner archive Flash Poll All polls Video In a wide-ranging interview, Cisco security boss Gee Rittenhouse talks about how machine learning, AI, blockchain and other emerging technologies ... CloudPassage's new technology, called Container Secure, involves a five-step process to ensure seamless security in container deployments from the ... You can't so much as go to a coffee shop today without hearing the word 'blockchain.' Hearing about a useful blockchain is less common, but ... Last year, 60 million companies changed owners worldwide. That turnover makes it incredibly difficult to avoid doing business with entities (e.g., ... Keith Furst of Data Derivatives interviews Daniel Wagner, author of a new book, Virtual Terror: 21st Century Cyber Warfare. They discuss the ways ... All Videos Sponsored Video Sage Wagner, senior security pre-sales engineer with RiskSense, provides a demo of the company's latest technology 'RiskSense Solution,' a ... Janus Technologies is launching a line of products that protect against the many threats to enterprises' sensitive data. David Schultz, vice ... This new video will inspire companies to reimagine their business for success in a world where connectivity is more than a commodity. Sponsored Video All Videos Radio Shows ARCHIVED \| August 31, 2017, 3pm EDT Voice of Security Radio: A Security Partnership with Machine Learning An interview with Steve Grobman, CTO of McAfee ARCHIVED SHOWS DOWNLOAD TO CALENDAR Slideshows Top 10 Security Stories of 2018 Slideshow archive Twitter Feed Tweets by Security_Now_ like us on facebook