Security Now - Security challenges come in many forms


ABTV Application Cloud Endpoint Infrastructure IoT/Embedded Mobile Network Operational Security Management
Sign up for our weekly newsletter! REGISTER NOW

News & Views Microsoft Looks to Squash Bugs in its Azure DevOps Product Larry Loeb Author, \| 1/21/2019 Microsoft has created a Bug Bounty program for its Azure DevOps product. Redmond will offer bounties of up to $20,000 for flaws that are eligible under its guidelines. Post a Comment \| READ (5 comments) Latest comment: @LarryLoeb exactly! I had that response just a couple of weeks ago. And this was... Vulnerability Puts Millions of Fortnite Players at Risk, Check Point Finds Jeffrey Burt Freelance Editor & Journ, \| 1/18/2019 Check Point Software researchers discovered vulnerabilities in the hugely popular online game Fortnite that could have put the sensitive information of the almost 80 million users around the globe at risk. Post a Comment \| READ () Exposed Oklahoma Server Shows On-Premises Data Is Vulnerable, Too Scott Ferguson Managing Editor, Light Reading, \| 1/18/2019 Over the last 12 months, dozens of security stories documented how easily data can leak when enterprises leave business and customer data unsecured in databased hosted by various public cloud services. Post a Comment \| READ (1 Comment) Latest comment: With all the detailed information in those bullet points it could be easy for a... Intel Patching SGX Flaw That Can Lead to Escalation of Privileges Larry Loeb Author, \| 1/18/2019 Intel's Software Guard Extensions (SGX) technology is not looking so hot these days. Post a Comment \| READ (3 comments) Latest comment: @LarryLoeb well, deservedly so. 'Collection #1' Repository Totals 87GB of Stolen Email Addresses & Passwords Scott Ferguson Managing Editor, Light Reading, \| 1/17/2019 There are massive data breaches and then there is "Collection #1." Post a Comment \| READ () A Diverse Security Workforce Is a Stable Security Workforce Scott Ferguson Managing Editor, Light Reading, \| 1/17/2019 When it comes to building an InfoSec team, security executives face a number of challenges, from offering enough pay to keep talent to finding enough people with the technical skills to confront an ever-growing environment of complex threats. Post a Comment \| READ () Fancy Bear's LoJax C&C Servers Still Functioning in the Wild Scott Ferguson Managing Editor, Light Reading, \| 1/17/2019 Last year, security researchers found a new type of malware dubbed LoJax, which could take over the entire firmware of an infected system, making it one of the first known hardware attacks ever spotted in the wild. Post a Comment \| READ () Cyber Attacks, Climate Change Are Top Global Risk for Businesses & Governments Scott Ferguson Managing Editor, Light Reading, \| 1/17/2019 What's keeping the global elite up at night? How about climate change, economic instability, cyber attacks and large-scale data theft, for starters? Post a Comment \| READ () Justice Department Indicts 2 Ukrainian Nationals With Hacking SEC Scott Ferguson Managing Editor, Light Reading, \| 1/16/2019 The US Justice Department has indicted two Ukrainian nationals with attacking the computer networks of the Securities and Exchange Commission (SEC) and accessing thousands of sensitive company documents, and then selling that data to others or trading on this insider information. Post a Comment \| READ () Federal Judge: Police Can't Force Suspects to Unlock Devices Using Biometrics Larry Loeb Author, \| 1/16/2019 A federal judge in the US District Court for the Northern District of California has ruled that police cannot force the unlocking of a mobile device using biometrics. Post a Comment \| READ (1 Comment) Latest comment: I'm in favord of individual rights and freedom. But I do know that if there were... Zix Acquiring AppRiver to Bolster Email Security for SMBs Scott Ferguson Managing Editor, Light Reading, \| 1/16/2019 In a move looking to bolster its portfolio of email, compliance and other security tools for small and midsized businesses, Dallas-based Zix has inked a $275-million deal to acquire AppRiver, a provider of cloud-based cybersecurity services. Post a Comment \| READ () Schneider Electric EV Charging Stations Vulnerable to Attack Scott Ferguson Managing Editor, Light Reading, \| 1/15/2019 As electric vehicles, such as the Tesla, increase in popularity, more businesses are offering drivers access to charging stations to help them fuel their vehicles. However, there's a cybersecurity risk to these structures to consider as well. Post a Comment \| READ (1 Comment) Latest comment: A bug bunty program, in this case, would work great. Electric vehicle companies... Load More Articles + All Articles All Video All Slide Shows All Articles discussion board Ariella, 1/21/2019 2:55:28 PM Microsoft Looks to Squash Bugs in its Azure DevOps Product Re: Re: bounty @LarryLoeb exactly! I had that response just a couple of weeks ago. And this was after sending over selected published articles to prove my area of expertise! I declined the offer to guest-blog and told the guy I only write for free for family... Post Your Reply LarryLoeb, 1/21/2019 2:45:39 PM Microsoft Looks to Squash Bugs in its Azure DevOps Product Re: Re: bounty @Ariella Writers get that kind of apporach all the time. I paid my dues. I don't need your exposure. Post Your Reply Ariella, 1/21/2019 2:42:55 PM Intel Patching SGX Flaw That Can Lead to Escalation of Privileges Re: Re: vulnerability @LarryLoeb well, deservedly so. Post Your Reply Ariella, 1/21/2019 2:42:30 PM Microsoft Looks to Squash Bugs in its Azure DevOps Product Re: Re: bounty @LarryLoeb well, at least they get $500, which is better than being told to work for exposure alone. I recently came across this on FB: Post Your Reply LarryLoeb, 1/21/2019 2:35:18 PM Intel Patching SGX Flaw That Can Lead to Escalation of Privileges Re: Re: vulnerability @Ariella Nope. But it sure boosted his rep, didn't it? Post Your Reply LarryLoeb, 1/21/2019 2:32:15 PM Microsoft Looks to Squash Bugs in its Azure DevOps Product Re: Re: bounty @Ariella Frankly, I doubt it. There probably aren't that many to be a repeatable income stream. I think it's more for bragging rights which may increase their status with other clients. Post Your Reply Ariella, 1/21/2019 2:29:41 PM Intel Patching SGX Flaw That Can Lead to Escalation of Privileges Re: vulnerability So we see bug bounties work. Do you know how much this one paid? Post Your Reply Ariella, 1/21/2019 1:59:46 PM Microsoft Looks to Squash Bugs in its Azure DevOps Product Re: bounty It's quite a range going form $500 to $20K. Are there people who make their whole income off of such bounties? Post Your Reply Susan Fourtané , 1/20/2019 12:50:03 AM Exposed Oklahoma Server Shows On-Premises Data Is Vulnerable, Too Re: On-premise data is vulnerable, too With all the detailed information in those bullet points it could be easy for a criminal to steal an identity. Some people believe that on-premise storage is safer than cloud storage. We see once again that's not true. Data can be at risk anywhere... Post Your Reply batye, 1/18/2019 2:16:56 PM Wi-Fi 6 Bakes in Additional IoT Security Re: Re: streaming @Ariella the way it look to me this days we have much more sellers than buyers... on any market and marketing become very aggresive... it no longer about needs... it more like seven deadly sin's :) Post Your Reply Ariella, 1/17/2019 2:18:09 PM Wi-Fi 6 Bakes in Additional IoT Security Re: Re: streaming Ouch, only a 4.7 rating on that one, not something I had on my watch list back when I was into my old moview phase. I was thining of the 7.2 rated "Lover Come Back" https://www.imdb.com/title/tt0055100/. Thereis no Vip, but that doesn't... Post Your Reply LarryLoeb, 1/17/2019 2:14:01 PM Wi-Fi 6 Bakes in Additional IoT Security Re: Re: streaming @Ariella Was that Russ Meyer's "The Immoral Mr. Teas"? (Look it up in imdb) Post Your Reply Next 5 messages + All messages All messages Chat 8/31/2017 3:54:21 PM Voice of Security Radio: A Security Partnership with Machine Learning: Thank you! klogan453 Keeper 8/31/2017 3:51:19 PM Voice of Security Radio: A Security Partnership with Machine Learning: Well, it seems like Steve and I managed to answer everyone's questions in our conversation. So I'll say thanks once again to Steve Grobman, CTO of McAfee, for being such a wonderful guest here on Voice of Security Radio! Curt Franklin Keeper 8/31/2017 3:47:35 PM Voice of Security Radio: A Security Partnership with Machine Learning: Thanks. Sr.Contr61262 Keeper 8/31/2017 3:47:19 PM Voice of Security Radio: A Security Partnership with Machine Learning: Thanks for helping out, Daren! Curt Franklin Keeper 8/31/2017 3:45:59 PM Voice of Security Radio: A Security Partnership with Machine Learning: (On behalf of Steve Grobman) - Data science and computer science expertise is definately in high demand by the cyber security technology industry as well as many other industries that are using similar capabilities daren Keeper 8/31/2017 3:44:38 PM Voice of Security Radio: A Security Partnership with Machine Learning: (On behalf of Steve Grobman) - There is not a formal certificatio process.. most users don't need to understand the nuance of the technology which is generally built by technology product providers daren Keeper 8/31/2017 3:42:40 PM Voice of Security Radio: A Security Partnership with Machine Learning: And how are mainline security pros/machine learning pros certified, i.e. how do you lknow that the person you're hiring to help you knows what they're dcoing? Sr.Contr61262 Keeper 8/31/2017 3:39:20 PM Voice of Security Radio: A Security Partnership with Machine Learning: Steve, one question we didn't get to is that of skilled practitioners. I know that mainline security pros are in short supply and high demand: Is it even worse when it comes to machine learning pros in the security space? Curt Franklin Keeper 8/31/2017 3:37:01 PM Voice of Security Radio: A Security Partnership with Machine Learning: Since I was late - and again - really sorry, I don't even know what to ask. Feel free to ask a question or my behalf. Sr.Contr61262 Keeper 8/31/2017 3:33:59 PM Voice of Security Radio: A Security Partnership with Machine Learning: Well folks, now's the time to ask any questions we didn't get to in the audio interview. Steve will be here in just a moment -- what would you like to know? Curt Franklin Keeper Next 5 chats +		Information Resources • Security Now Special Report - IoT Security: Securing the Network & Protecting the Consumer • SD-WAN Adoption Is Accelerating to Reduce Security Risk: A Global Survey of Network Professionals • Futuriom SD-WAN Growth Report 2018 • Versa Networks Enterprise Solution Brief • Protect Your Branch Office Network from Cyber-Criminals • Top 10 Ransomware • Next Generation Firewall Test Report – NSS Labs • ESG Lab Review - SD-WAN Integration with Amazon Web Services – Versa Networks • Security Now Special Report: Endpoint Ecosystems – Collaborating to Conquer Security Threats • You Cannot Secure What You Cannot See: How to make your hybrid cloud environment visible and secure All resources upcoming Webinars Machine Learning: Data Protection’s Next Frontier Thursday, January 24, 2019 11:00 am New York / 4:00 pm London 12 Ways to Defeat Two-Factor Authentication Tuesday, February 5, 2019 11:00 am New York / 4:00 pm London More Webinars Webinar Archives Analysts Corner Ovum Resources • Ovum 2018 Trends to Watch: IT & Cybersecurity • Ovum IoT Security: Technology Strategies & Vendor Profiles • Ovum 2018 Trends to Watch: Managed Security Services • Ovum's Mini-Guide to GDPR Analysts Corner archive Flash Poll All polls Video In a wide-ranging interview, Cisco security boss Gee Rittenhouse talks about how machine learning, AI, blockchain and other emerging technologies ... CloudPassage's new technology, called Container Secure, involves a five-step process to ensure seamless security in container deployments from the ... You can't so much as go to a coffee shop today without hearing the word 'blockchain.' Hearing about a useful blockchain is less common, but ... Last year, 60 million companies changed owners worldwide. That turnover makes it incredibly difficult to avoid doing business with entities (e.g., ... Keith Furst of Data Derivatives interviews Daniel Wagner, author of a new book, Virtual Terror: 21st Century Cyber Warfare. They discuss the ways ... All Videos Sponsored Video Sage Wagner, senior security pre-sales engineer with RiskSense, provides a demo of the company's latest technology 'RiskSense Solution,' a ... Janus Technologies is launching a line of products that protect against the many threats to enterprises' sensitive data. David Schultz, vice ... This new video will inspire companies to reimagine their business for success in a world where connectivity is more than a commodity. Sponsored Video All Videos Radio Shows ARCHIVED \| August 31, 2017, 3pm EDT Voice of Security Radio: A Security Partnership with Machine Learning An interview with Steve Grobman, CTO of McAfee ARCHIVED SHOWS DOWNLOAD TO CALENDAR Slideshows Top 10 Security Stories of 2018 Slideshow archive Twitter Feed Tweets by Security_Now_ like us on facebook