Security Now - Security challenges come in many forms


ABTV Application Cloud Endpoint Infrastructure IoT/Embedded Mobile Network Operational Security Management
Sign up for our weekly newsletter! REGISTER NOW

News & Views Increased Cryptomining: a Toehold for Attackers Larry Loeb Author, \| 2/15/2019 Cisco Umbrella is said by the company to protect users from connecting to malicious sites on the Internet and analyzes over 175 billion domain name system (DNS) requests daily. Post a Comment \| READ () Lessons Learned From 2018 Security Breaches Marzena Fuller Chief Security Officer, SignalFx, \| 2/14/2019 The top five security breaches discovered in 2018 affected over 2 billion users' records (Aadhar -- 1.1B, Marriot -- 500M, Exactis -- 340M, Twitter -- 330M, MyFitnessPal -- 150M) and included highly sensitive data -- from names and DOBs to credit card and passport numbers. So what have we learned about the categories of companies targeted, the data ... Post a Comment \| READ () The Rise of 'Fileless' Malware Larry Loeb Author, \| 2/14/2019 Malware has typically used files that it makes resident on a target machine to carry out an attack. But another class of malware called "fileless" does the opposite. The attack that the malware causes does not touch the disk of the target, loading the malware instructions only into memory. Post a Comment \| READ () Google Moves to Control More of the Internet Larry Loeb Author, \| 2/13/2019 Domain name systems (DNS) are one of the Internet's core technologies, but they are invisible to most users. They are a system that takes a URL like "www.foo.com" and turns it into the identifying numerical IP address that is needed to actually allow data transfer. Post a Comment \| READ () What You Need to Know About Arbitrary Code Execution Vulnerabilities Alan Zeichick Principal Analyst, Camden Associates, \| 2/12/2019 They're serious. Notices about arbitrary code execution (ACE) vulnerabilities appear just about every week in alerts from US-CERT - the United States Computer Emergency Readiness Team, a part of the Dept. of Homeland Security. And despite their rather innocuous name, ACE can appear in just about any software. Post a Comment \| READ () Six Large Data Dumps Add Fuel to Collection #1's Fire Joe Stanganelli Managing Director, Blackwood King LC, \| 2/12/2019 Last month, security researcher Troy Hunt reported on finding "Collection #1" -- a set of 12,000 files containing stolen email and password combinations, uploaded to New Zealand's MEGA cloud hosting service. Despite setting a record for the largest collection of personal data found, however, Collection #1 -- as its name implies -- turned out to be just ... Post a Comment \| READ () AI & 'Fuzzing' Combination Empowers APT Larry Loeb Author, \| 2/11/2019 Zero-day vulnerabilities -- those flaws that are unknown to those who may be interested in mitigating the vulnerability -- have lately shown an increased presence in the security landscape. Post a Comment \| READ (2 comments) Latest comment: @Ariella I think it will retain the origin connotations. How Secure Is Manufacturing? Larry Loeb Author, \| 2/8/2019 Manufacturing has not attracted a lot of the security glitz afforded to other sectors. Yet prior research has found manufacturing to be the most targeted sector for coordinated cyber espionage. Post a Comment \| READ (4 comments) Latest comment: @Ariella yes for me it interesting to see the way things get played out and... Google's GDPR Fine: What It Means for Jurisdictional Arbitrage Joe Stanganelli Managing Director, Blackwood King LC, \| 2/7/2019 When large organizations decide where to base their operations, a jurisdiction's data-regulation enforcement could become as significant a consideration as its tax treatment, if the EU's first multi-million-Euro GDPR fine is any indication. Post a Comment \| READ (1 Comment) Latest comment: I assumed Google would be hit early with GDPR fines. I wonder if there were any... Email Fraud – New Trends Exposed Larry Loeb Author, \| 2/7/2019 With all the various exploits and malware occurrences that are out in the world, it's easy to forget about one of the most common yet effective security threats facing the enterprise: email. Post a Comment \| READ (2 comments) Latest comment: @Michelle I'm not sure what you meant. Enterprises may not see the value... Modern Enterprise – Stewards of Personal Data Larry Loeb Author, \| 2/6/2019 Privacy has been rising in the mindset of users lately. More than something abstract, it is having demonstrable and direct economic effects. Post a Comment \| READ (3 comments) Latest comment: Agree! I don't know if I've seen any follow up letters from companies who have offered... A Collaborative Approach to Cybersecurity: Beyond ISACs Cody Cornell CEO & Founder, Swimlane, \| 2/5/2019 From Facebook and Marriott's Starwood hotels to Google+ and T-Mobile, 2018 saw data breaches compromise the sensitive personal identifying information (PII) of millions of people around the world. Seemingly every week last year a new company had to notify its customers and the public that their systems had been breached, customer data may have been ... Post a Comment \| READ (1 Comment) Latest comment: > "collaboration is the best solution for preventing successful cyber attacks." However,... Load More Articles + All Articles All Video All Slide Shows All Articles discussion board batye, 2/14/2019 9:43:13 PM How Secure Is Manufacturing? Re: Re: numbers @Ariella yes for me it interesting to see the way things get played out and downplayed... as it same as P.R. the way it look to me... Post Your Reply Ariella, 2/12/2019 10:52:26 AM How Secure Is Manufacturing? Re: Re: numbers @LarryLoeb I do appreciate that. Some journalists just tout percentages without giving the details about how many people were featured in the survey. Either they themselves got the info from a secondary source that didn't include it in the... Post Your Reply LarryLoeb, 2/12/2019 4:49:46 AM How Secure Is Manufacturing? Re: Re: numbers @Ariella Tha't's why I mentioned the size. To their credit they admitted it was a small one. Post Your Reply LarryLoeb, 2/12/2019 4:48:07 AM AI & 'Fuzzing' Combination Empowers APT Re: Re: fuzzing @Ariella I think it will retain the origin connotations. Post Your Reply Ariella, 2/11/2019 7:43:37 PM How Secure Is Manufacturing? Re: numbers Well, the sampling size is better than what we find on most things from professors who only use handy college students for their sample of about 40. But still, it is under 200, so it is rather small. Post Your Reply Ariella, 2/11/2019 7:37:34 PM AI & 'Fuzzing' Combination Empowers APT Re: fuzzing The big question is: will we be applying the term "fuzzy" to discussions of such combinations? It conjures up such a great image! Post Your Reply Susan Fourtané , 2/8/2019 10:03:22 AM Microsoft Looks to Squash Bugs in its Azure DevOps Product Re: Re: bounty Yes, the same concept can be applied to anything else. Post Your Reply LarryLoeb, 2/8/2019 8:58:25 AM Email Fraud – New Trends Exposed Re: Re: more to do @Michelle I'm not sure what you meant. Enterprises may not see the value (direct as in adding to the bottom line) of email security. Post Your Reply Ariella, 2/7/2019 9:44:41 PM Beware of 'TheMoon' – Evolving Botnets Re: Re: technology changing @mhhf1ve in the interest of research, I checked it out on IMDB and got this https://www.imdb.com/list/ls070730997/There are actually 34 Frankenstein titles listed dating from the 30s to 2015. I seem to also recall a live play a few years... Post Your Reply Michelle, 2/7/2019 2:48:33 PM Beware of 'TheMoon' – Evolving Botnets Re: Re: Bad ads... There are many races happening between good and criminal. I wonder if any futurists (long ago) predicted this sort of strain between the two groups as technology grew... Post Your Reply Michelle, 2/7/2019 2:42:08 PM Modern Enterprise – Stewards of Personal Data Re: Re: Don't assume liability? Agree! I don't know if I've seen any follow up letters from companies who have offered free monitoring after a breach. It would have been nice to know they changed things...if they did. Post Your Reply Michelle, 2/7/2019 2:39:02 PM Email Fraud – New Trends Exposed Re: more to do This finding is all that surprising. "many organizations and agencies aren't implementing basic and easily obtainable preventive measures that would prevent malicious emails from every getting to a recipient's mailbox" Post Your Reply Next 5 messages + All messages All messages Chat 8/31/2017 3:54:21 PM Voice of Security Radio: A Security Partnership with Machine Learning: Thank you! klogan453 Keeper 8/31/2017 3:51:19 PM Voice of Security Radio: A Security Partnership with Machine Learning: Well, it seems like Steve and I managed to answer everyone's questions in our conversation. So I'll say thanks once again to Steve Grobman, CTO of McAfee, for being such a wonderful guest here on Voice of Security Radio! Curt Franklin Keeper 8/31/2017 3:47:35 PM Voice of Security Radio: A Security Partnership with Machine Learning: Thanks. Sr.Contr61262 Keeper 8/31/2017 3:47:19 PM Voice of Security Radio: A Security Partnership with Machine Learning: Thanks for helping out, Daren! Curt Franklin Keeper 8/31/2017 3:45:59 PM Voice of Security Radio: A Security Partnership with Machine Learning: (On behalf of Steve Grobman) - Data science and computer science expertise is definately in high demand by the cyber security technology industry as well as many other industries that are using similar capabilities daren Keeper 8/31/2017 3:44:38 PM Voice of Security Radio: A Security Partnership with Machine Learning: (On behalf of Steve Grobman) - There is not a formal certificatio process.. most users don't need to understand the nuance of the technology which is generally built by technology product providers daren Keeper 8/31/2017 3:42:40 PM Voice of Security Radio: A Security Partnership with Machine Learning: And how are mainline security pros/machine learning pros certified, i.e. how do you lknow that the person you're hiring to help you knows what they're dcoing? Sr.Contr61262 Keeper 8/31/2017 3:39:20 PM Voice of Security Radio: A Security Partnership with Machine Learning: Steve, one question we didn't get to is that of skilled practitioners. I know that mainline security pros are in short supply and high demand: Is it even worse when it comes to machine learning pros in the security space? Curt Franklin Keeper 8/31/2017 3:37:01 PM Voice of Security Radio: A Security Partnership with Machine Learning: Since I was late - and again - really sorry, I don't even know what to ask. Feel free to ask a question or my behalf. Sr.Contr61262 Keeper 8/31/2017 3:33:59 PM Voice of Security Radio: A Security Partnership with Machine Learning: Well folks, now's the time to ask any questions we didn't get to in the audio interview. Steve will be here in just a moment -- what would you like to know? Curt Franklin Keeper Next 5 chats +		Information Resources • 5 Security Imperatives When Considering Network Modernization and SD-WAN • ThreatConnect SIEM + Threat Intelligence Quickly Identify the Threats that Matter to You • Security Now Special Report - IoT Security: Securing the Network & Protecting the Consumer • SD-WAN Adoption Is Accelerating to Reduce Security Risk: A Global Survey of Network Professionals • Futuriom SD-WAN Growth Report 2018 • Versa Networks Enterprise Solution Brief • Protect Your Branch Office Network from Cyber-Criminals • Top 10 Ransomware • Next Generation Firewall Test Report – NSS Labs • ESG Lab Review - SD-WAN Integration with Amazon Web Services – Versa Networks All resources upcoming Webinars Leveraging a Risk-Based Approach to Vulnerability Management to Unify Security and Operations Wednesday, February 20, 2019 11:00 am New York / 4:00 pm London More Webinars Webinar Archives Analysts Corner Ovum Resources • Ovum 2018 Trends to Watch: IT & Cybersecurity • Ovum IoT Security: Technology Strategies & Vendor Profiles • Ovum 2018 Trends to Watch: Managed Security Services • Ovum's Mini-Guide to GDPR Analysts Corner archive Flash Poll All polls Video In a wide-ranging interview, Cisco security boss Gee Rittenhouse talks about how machine learning, AI, blockchain and other emerging technologies ... CloudPassage's new technology, called Container Secure, involves a five-step process to ensure seamless security in container deployments from the ... You can't so much as go to a coffee shop today without hearing the word 'blockchain.' Hearing about a useful blockchain is less common, but ... Last year, 60 million companies changed owners worldwide. That turnover makes it incredibly difficult to avoid doing business with entities (e.g., ... Keith Furst of Data Derivatives interviews Daniel Wagner, author of a new book, Virtual Terror: 21st Century Cyber Warfare. They discuss the ways ... All Videos Sponsored Video Sage Wagner, senior security pre-sales engineer with RiskSense, provides a demo of the company's latest technology 'RiskSense Solution,' a ... Janus Technologies is launching a line of products that protect against the many threats to enterprises' sensitive data. David Schultz, vice ... This new video will inspire companies to reimagine their business for success in a world where connectivity is more than a commodity. Sponsored Video All Videos Radio Shows ARCHIVED \| August 31, 2017, 3pm EDT Voice of Security Radio: A Security Partnership with Machine Learning An interview with Steve Grobman, CTO of McAfee ARCHIVED SHOWS DOWNLOAD TO CALENDAR Slideshows Top 10 Security Stories of 2018 Slideshow archive Twitter Feed Tweets by Security_Now_ like us on facebook