Researchers are adding bugs to experimental software code in order to ultimately wind up with programs that have fewer vulnerabilities.The idea is to insert a known quantity of vulnerabilities into code, then see how many of them are discovered by bug-finding tools.By analyzing the reasons bugs escape detection, developers can create more effective bug-finders, according to researchers at New York University in collaboration with others from MIT’s Lincoln Laboratory and Northeastern University.They created large-scale automated vulnerability addition (LAVA), which is a low-cost technique that adds the vulnerabilities. “The only way to evaluate a bug finder is to control the number of bugs in a program, which is exactly what we do with LAVA,” says Brendan Dolan-Gavitt, a computer science and engineering professor at NYU’s Tandon School of Engineering.To read this article in full or to leave a comment, please click here
Researchers are adding bugs to experimental software code in order to ultimately wind up with programs that have fewer vulnerabilities.The idea is to insert a known quantity of vulnerabilities into code, then see how many of them are discovered by bug-finding tools.By analyzing the reasons bugs escape detection, developers can create more effective bug-finders, according to researchers at New York University in collaboration with others from MIT’s Lincoln Laboratory and Northeastern University.They created large-scale automated vulnerability addition (LAVA), which is a low-cost technique that adds the vulnerabilities. “The only way to evaluate a bug finder is to control the number of bugs in a program, which is exactly what we do with LAVA,” says Brendan Dolan-Gavitt, a computer science and engineering professor at NYU’s Tandon School of Engineering.To read this article in full or to leave a comment, please click here
Freshly minted CISOs as well as other mid-career professionals with a need for a broad grounding in cybersecurity can get an advanced degree in the topic through a new program at Brown University.The Executive Master in Cybersecurity set to launch in October is a 16-month program to instruct students in technology, law and policy, human behavior, and leadership-skills development. “What the industry is crying out for is interdisciplinary training,” says Alan Usas, the program director.The idea is to prepare cybersecurity leaders who not only understand the technical needs of protecting data and privacy but who can also talk effectively to the boards of directors about these issues in a way that nets results for security and for business goals, he says.To read this article in full or to leave a comment, please click here
Freshly minted CISOs as well as other mid-career professionals with a need for a broad grounding in cybersecurity can get an advanced degree in the topic through a new program at Brown University.
The Executive Master in Cybersecurity set to launch in October is a 16-month program to instruct students in technology, law and policy, human behavior, and leadership-skills development. “What the industry is crying out for is interdisciplinary training,” says Alan Usas, the program director.
The idea is to prepare cybersecurity leaders who not only understand the technical needs of protecting data and privacy but who can also talk effectively to the boards of directors about these issues in a way that nets results for security and for business goals, he says.To read this article in full or to leave a comment, please click here
Over the past year the number of machines hit by ransomware that encrypts all or part of the hard drive is five-and-a-half times what it was the year before, according to Kaspersky Lab.The number in 2014-2015 was 131,111 compared to 718,536 in 2015-2016, according to the company’s report Ransomware in 2014-2016.+ ALSO ON NETWORK WORLD: Finally reason to hope in fight against ransomware | 5 things to know about ransomware +To read this article in full or to leave a comment, please click here
Over the past year the number of machines hit by ransomware that encrypts all or part of the hard drive is five-and-a-half times what it was the year before, according to Kaspersky Lab.The number in 2014-2015 was 131,111 compared to 718,536 in 2015-2016, according to the company’s report Ransomware in 2014-2016.+ ALSO ON NETWORK WORLD: Finally reason to hope in fight against ransomware | 5 things to know about ransomware +To read this article in full or to leave a comment, please click here
The Department of Homeland Security (DHS) wants to be able to predict what form malware will morph to so it can plan how to block it when it becomes reality.DHS has granted Charles River Analytics in Cambridge, Mass., $500,000 to develop the technology, known as Predictive Malware Defense (PMD).Charles River will use machine learning and statistical models to predict attacks based on new malware as well as create defenses ahead of time. The models will look at features of families of malware and predict how they might evolve.Once it’s developed, PMD will be turned over to admins in private and public organizations – particularly financial organizations - so they can anticipate attacks before they happen, DHS says.To read this article in full or to leave a comment, please click here
The Department of Homeland Security (DHS) wants to be able to predict what form malware will morph to so it can plan how to block it when it becomes reality.DHS has granted Charles River Analytics in Cambridge, Mass., $500,000 to develop the technology, known as Predictive Malware Defense (PMD).Charles River will use machine learning and statistical models to predict attacks based on new malware as well as create defenses ahead of time. The models will look at features of families of malware and predict how they might evolve.Once it’s developed, PMD will be turned over to admins in private and public organizations – particularly financial organizations - so they can anticipate attacks before they happen, DHS says.To read this article in full or to leave a comment, please click here
Forward looking IT security pros need to better address known risks, monitor closely the value of shadow IT devices and solve the inherent weaknesses introduced by the internet of things, Gartner says.The consulting firm has taken a look at five key areas of security concern that businesses face this year and issued predictions on and recommendations about protecting networks and data from threats that will likely arise in each.The areas are threat and vulnerability management, application and data security, network and mobile security, identity and access management, and Internet of Things security. Gartner’s findings were revealed at its recent Security and Risk Management Summit by analyst Earl Perkins.To read this article in full or to leave a comment, please click here
Forward looking IT security pros need to better address known risks, monitor closely the value of shadow IT devices and solve the inherent weaknesses introduced by the internet of things, Gartner says.The consulting firm has taken a look at five key areas of security concern that businesses face this year and issued predictions on and recommendations about protecting networks and data from threats that will likely arise in each.The areas are threat and vulnerability management, application and data security, network and mobile security, identity and access management, and Internet of Things security. Gartner’s findings were revealed at its recent Security and Risk Management Summit by analyst Earl Perkins.To read this article in full or to leave a comment, please click here
Preempt is a startup whose virtual appliance acts as a behavioral firewall that ranks the risk a user or device represents and responds automatically based on policies set by corporate security pros.The platform can spot and block certain attacks without intervention by the security team, which frees up time for them, says Ajit Sancheti, co-founder and CEO of the company.The platform picks up on odd behaviors such as individuals logging in from machines they don’t normally use, which could indicate someone has stolen their credentials. Or it could detect a user who generally uses a certain set of servers suddenly accessing a new set. It can pick up on brute force attacks on passwords and block them.To read this article in full or to leave a comment, please click here
Preempt is a startup whose virtual appliance acts as a behavioral firewall that ranks the risk a user or device represents and responds automatically based on policies set by corporate security pros.The platform can spot and block certain attacks without intervention by the security team, which frees up time for them, says Ajit Sancheti, co-founder and CEO of the company.The platform picks up on odd behaviors such as individuals logging in from machines they don’t normally use, which could indicate someone has stolen their credentials. Or it could detect a user who generally uses a certain set of servers suddenly accessing a new set. It can pick up on brute force attacks on passwords and block them.To read this article in full or to leave a comment, please click here
The United States and China forged an agreement last year not to conduct cyber espionage against corporations, but it seems pretty likely that groups based in China have continued to do so. However, it might not all be the fault of the government there, according to a report from security company FireEye.
Of 72 groups that FireEye suspects of operating in China or in China’s interests, 13 of them compromised corporate networks in the U.S., Europe and Japan between last fall - when the agreement was reached - and this month, according the report, “Redline Drawn: China Recalculates Its Use of Cyber Espionage”.To read this article in full or to leave a comment, please click here
The United States and China forged an agreement last year not to conduct cyber espionage against corporations, but it seems pretty likely that groups based in China have continued to do so. However, it might not all be the fault of the government there, according to a report from security company FireEye.
Of 72 groups that FireEye suspects of operating in China or in China’s interests, 13 of them compromised corporate networks in the U.S., Europe and Japan between last fall - when the agreement was reached - and this month, according the report, “Redline Drawn: China Recalculates Its Use of Cyber Espionage”.To read this article in full or to leave a comment, please click here
Tim Greene
Jie Zhang
NATIONAL HARBOR, Md. -- Jie Zhang says that as a child in China she played a game picking up marbles with chopsticks and performing the delicate task of carrying them to another room without dropping them. That’s what doing business in China is like for Westerners, she told a breakfast gathering today at Gartner’s Security and Risk Management Summit.They have to get used to long-standing customs and practices that violate some basic business principles respected outside of China and some new ones that deal specifically with technology.To read this article in full or to leave a comment, please click here
Tim Greene
Jie Zhang
NATIONAL HARBOR, Md. -- Jie Zhang says that as a child in China she played a game picking up marbles with chopsticks and performing the delicate task of carrying them to another room without dropping them. That’s what doing business in China is like for Westerners, she told a breakfast gathering today at Gartner’s Security and Risk Management Summit.They have to get used to long-standing customs and practices that violate some basic business principles respected outside of China and some new ones that deal specifically with technology.To read this article in full or to leave a comment, please click here
Distributed denial-of-service attacks have been getting bigger and lasting longer, and for the past few years defenses haven’t kept pace, but that seems to be changing, Gartner analysts explained at the firm’s Security and Risk Management Summit.Gartner tracks the progress of new technologies as they pass through five stages from the trigger that gets them started to the final stage where they mature and are productive. The continuum is known as the Hype Cycle. Gartner
Gartner analyst Lawrence OransTo read this article in full or to leave a comment, please click here
Distributed denial-of-service attacks have been getting bigger and lasting longer, and for the past few years defenses haven’t kept pace, but that seems to be changing, Gartner analysts explained at the firm’s Security and Risk Management Summit.Gartner tracks the progress of new technologies as they pass through five stages from the trigger that gets them started to the final stage where they mature and are productive. The continuum is known as the Hype Cycle. Gartner
Gartner analyst Lawrence OransTo read this article in full or to leave a comment, please click here
National Harbor, Md. -- Former Secretary of State Colin Powell acknowledged using insecure email during his tenure at the State Department – but as a way to create more immediate communication among those within and outside the department.During his keynote address at Gartner Security and Risk Management Summit he told the 3,400 in attendance that he had two computers on his desk, one the official secure computer – “clunky and difficult to use” – and the other a laptop with a phone line and modem that he used exclusively for his AOL account.+More on Network World: Gartner: ‘Insider threat is alive and well on the dark Web’+To read this article in full or to leave a comment, please click here
National Harbor, Md. -- Corporate employees who help carry out cyberattacks are increasingly being sought and are seeking criminals to hire them, a Gartner analyst told a group at the consulting firm’s Security and Risk Management Summit.A group of 60 CIOs and CISOs she worked with say this recruitment is more active and becoming a larger concern because of their use of the Dark Web to sell their services, says Gartner analyst Avivah Litan.+More on Network World: National Intelligence office wants to perfect the art of security deception+To read this article in full or to leave a comment, please click here
Tim Greene