Microsoft released MS17-005 to patch critical flaws in Adobe Flash Player, but that’s it. Microsoft didn’t release the fix for the two zero days disclosed this month.After the company said patches would be delayed in February, it clarified that security updates would instead be released on Patch Tuesday in March. Yet InfoWorld’s Woody Leonhard reported that Microsoft emailed its largest customers on Monday with a heads-up about the Flash patches for Internet Explorer and Edge.To read this article in full or to leave a comment, please click here
After deciding to postpone its February patches for a month, Microsoft released one critical security update for Windows on Tuesday that contains Flash Player patches released by Adobe Systems last week.The new security bulletin, identified as MS17-005, is rated critical for Windows 8.1, Windows RT 8.1, Windows 10 and Windows Server 2016, and moderate for Windows Server 2012 and Windows Server 2012 R2. On these Windows versions, Flash Player is bundled by default with Internet Explorer 11 and Microsoft Edge, so Microsoft delivers patches for it through Windows Update.This month's Flash Player patches were released by Adobe on February 14 and address 13 vulnerabilities that could lead to remote code execution. Typically Adobe releases patches on the same day as Microsoft, a day known in the industry as Patch Tuesday. This month, though, Microsoft postponed its updates at the last minute due to an unspecified issue that, it said, could have affected customers.To read this article in full or to leave a comment, please click here
No one wants to believe they'd fall for a phishing scam. Yet, according to Verizon's 2016 Data Breach Investigations Report, 30 percent of phishing emails get opened. Yes, that's right -- 30 percent. That incredible click-through rate explains why these attacks remain so popular: it just works.Phishing works because cybercriminals take great pains to camouflage their "bait" as legitimate email communication, hoping to convince targets to reveal login and password information and/or download malware, but there are still a number of ways to identify phishing emails. Here are five of the most common elements to look for.To read this article in full or to leave a comment, please click here
Google’s Go language was recently chosen as Tiobe’s programming language of 2016, based on its rapid growth in popularity over the year, more than twice that of runners-up Dart and Perl. Tiobe’s language index is based on the “number of skilled engineers worldwide, courses, and third-party vendors,” using the results of multiple search engines.To read this article in full or to leave a comment, please click here(Insider Story)
To keep private Wi-Fi networks secure, encryption is a must-have -- and using strong passwords or passphrases is necessary to prevent the encryption from being cracked. But don’t stop there! Many other settings, features and situations can make your Wi-Fi network as much or even more insecure as when you use a weak password. Make sure you’re not leaving your network vulnerable by doing any of the following.To read this article in full or to leave a comment, please click here(Insider Story)
The U.S. Food and Drug Administration (FDA) has, for the second time in two years, issued recommendations to improve the security of connected medical devices. Not mandates – recommendations.Which immediately raises the question: Will anything that is non-binding put enough pressure on manufacturers to spend the time and money it will take to improve device security?That, as is frequently said, remains to be seen.The FDA issued what it called “guidance” on the “postmarket management of cybersecurity for medical devices,” at the end of last year.To read this article in full or to leave a comment, please click here
Just what the world needs, another Linux distro. But does the fact it came from a top anti-malware vendor give it a competitive edge in the quest for security?Eugene Kaspersky, CEO of the antivirus company that bears his name, took to his blog to announce KasperskyOS, a project that has been in the works for 14 years. Talk about slow development time. KasperskyOS is available for both x86 and ARM processors. It takes concepts from the Flux Advanced Security Kernel (FLASK) architecture, which was used in SELinux and SEBSD, but builds a new OS from scratch with security in mind, enabling what he calls "global Default Deny at the process level." To read this article in full or to leave a comment, please click here
Microsoft has launched Project Sangam, a cloud service integrated with LinkedIn that will help train and generate employment for middle and low-skilled workers.The professional network that was acquired by Microsoft in December has been generally associated with educated urban professionals but the company is now planning to extend its reach to semi-skilled people in India.Having connected white-collared professionals around the world with the right job opportunities and training through LinkedIn Learning, the platform is now developing a new set of products that extends this service to low- and semi-skilled workers, said Microsoft CEO Satya Nadella at an event on digital transformation in Mumbai on Wednesday.To read this article in full or to leave a comment, please click here
With all eyes understandably focused on Apple's iPhone 8 unveiling, an event that will presumably take place this coming September, it appears we won't have to wait seven more months before being able to feast our eyes on a slew of new Apple hardware.According to a fresh report from MacOtakara, Apple in March will not only unveil a slew of new iPad hardware, but some new iPhone models as well.Starting with Apple's upcoming iPhone products, the report relays that Apple in March will roll out a revamped iPhone SE. If history is any indication, the new iPhone SE will incorporate all of the same specs as the iPhone 7, albeit in the iPhone 5s' smaller form factor. A 128GB model is also said to be in the works. A revamped iPhone SE is certainly intriguing because there remains a large contingent of users who simply find the larger-screened iPhone models a bit too unwieldy.To read this article in full or to leave a comment, please click here
Microsoft today announced that the open source Kubernetes container management platform is now generally available to control clusters of containers in the Azure public cloud.Increasingly developers are, or want to, use containers when writing new applications. It’s a way of packaging the code that makes up an application into a container, which can then be run in the cloud, on a developer’s laptop or wherever the container runtime is supported.+MORE AT NETWORK WORLD: How Philips is turning toothbrushes and MRI machines into IoT devices +To read this article in full or to leave a comment, please click here
One of the many whiz-bang features promised in 5G is a new way of connecting millions of small, low-powered IoT devices. But there's no need to wait: Two forms of LTE tuned for IoT have entered a market that's already heating up with rapidly expanding specialist networks.The new standards, LTE-M and NB-IoT, were completed last year and will share the spotlight at Mobile World Congress next week with an array of network miracles envisioned for the next generation of cellular, due for commercial launches in 2020.As major carriers now upgrade LTE to serve IoT applications, more companies are likely to find available LPWANs (low-power, wide-area networks) in the areas where they want to deploy IoT. The new technologies add to a list of options some enterprises can already buy. They're here just in time for enterprises to start comparing networks.To read this article in full or to leave a comment, please click here
A homeowner reports a robbery. His IoT-enabled pacemaker doesn’t indicate any change in heart rate during the robbery? Can investigators obtain that information from the service provider? Should they?+ Also on Network World: Cops use pacemaker data to charge homeowner with arson, insurance fraud +
Issues of privacy increase as IoT sensors collect more information about us. What rights do individuals have over the information collected about them? Can the accuracy of sensor data be trusted?To read this article in full or to leave a comment, please click here
With every new generation of smartphone, LTE connections get faster. That's because the devices have faster modems that can transfer data at unprecedented download speeds.The top modem providers are Intel and Qualcomm, whose cellular chips are used in the iPhone. On Tuesday they both announced modems that will push LTE connections to speeds well over those of regular home internet connections.Qualcomm unveiled the X20 LTE chipset, which can transfer data at speeds of up to 1.2Gbps. Intel announced the XMM 7560 LTE modem, which can download data at speeds of up to 1Gbps.However, cellular networks aren't yet designed to handle such fast speeds. One exception is Telstra, an Australian telecommunications company, which has launched a gigabit LTE service for commercial use in that country.To read this article in full or to leave a comment, please click here
Chip designer ARM has a new strategy for the internet of things: to offer complete solutions "from application software to antenna."ARM has typically left it to licensees of its microprocessor designs to add their own wide-area radio modems and other circuitry essential for the chips at the heart of smartphones and other connected devices. That's the case with Qualcomm, for example, which packages ARM's processor core with its own LTE modems to deliver the chips at the heart of Apple's iPhones.But now ARM wants to deliver the whole stack itself, at least for low-power, low-bandwidth devices, ARM wireless business general manager Paul Williamson said in a blog post Tuesday.To read this article in full or to leave a comment, please click here
I get a lot of questions on how to perform various tasks from a Linux shell/terminal. In the interest of making a simple cheat sheet—something I can point people to that will help them get rolling with terminal powers—what follows are my recommendations for how to perform various types of communication from your shell. I’m talking about the normal sort of communication most people perform via a web browser (or a handful of graphical applications) nowadays: Email, instant messaging, that sort of thing. Except, you know, running them entirely in a terminal—which you can run just about anywhere: in an SSH session on a remote server, on a handheld device, or even on your Android phone/tablet. To read this article in full or to leave a comment, please click here
While the cybersecurity industry was knee-deep in vision, rhetoric, and endless cocktail parties at the RSA Conference, the State of New York introduced new cybersecurity regulations for the financial services industry. The DFS regulations (23 NYCRR 500) go into effect next week on March 1, 2017. Here’s a link to a pdf document describing the regulations. Anyone who has reviewed similar cybersecurity regulations will find requirements in 23 NYCRR 500, so while the regulations are somewhat broader than other similar stipulations, there are obvious common threads. In reviewing the document however, section 500.10 caught my eye. Here is the text from this section:To read this article in full or to leave a comment, please click here
While the cybersecurity industry was knee-deep in vision, rhetoric and endless cocktail parties at the RSA Conference, the State of New York introduced new cybersecurity regulations for the financial services industry. The Department of Financial Services (DFS) rules (23 NYCRR 500) go into effect next week on March 1, 2017.Anyone who has reviewed similar cybersecurity regulations will find requirements in 23 NYCRR 500, so while the regulations are somewhat broader than other similar stipulations, there are obvious common threads. In reviewing the document, however, section 500.10 caught my eye. Here is the text from this section:To read this article in full or to leave a comment, please click here
“When you go online you reveal a tremendous amount of private information about yourself,” wrote the EFF. “What you browse, what you purchase, who you communicate with—all reveal something personal about you.” These are examples of what your ISP knows about you.But it’s more than that for people with smart connected devices. Think about a smart refrigerator. As former FCC Chairman Tom Wheeler asked, “Who would have ever imagined that what you have in your refrigerator would be information available to AT&T, Comcast, or whoever your network provider is?” Who would have thought they could sell that type of information?The FCC did something about that last year by putting privacy protections in place for when you use your broadband provider.To read this article in full or to leave a comment, please click here
“When you go online you reveal a tremendous amount of private information about yourself,” wrote the Electronics Frontier Foundation (EFF). “What you browse, what you purchase, who you communicate with—all reveal something personal about you.” These are examples of what your ISP knows about you.But it’s more than that for people with smart connected devices. Think about a smart refrigerator. As former FCC Chairman Tom Wheeler asked, “Who would have ever imagined that what you have in your refrigerator would be information available to AT&T, Comcast, or whoever your network provider is?” Who would have thought they could sell that type of information?To read this article in full or to leave a comment, please click here
For many in the cybersecurity space, the world revolves around the attack vector. Many security vendors narrowly focus on their version of the prevent, defend and respond paradigm—focusing on their purported supremacy and on making their case to get a piece of the enterprise security budget pie.At the recent RSA Conference in San Francisco, however, there were some hopeful signs that this narrow view and myopic perspective is evolving—at least for some.“Don't draw lines that separate different fields. Draw connections that bring them together,” implored RSA CTO Dr. Zulfikar Ramzan in the opening keynote as he called for business-driven security. “In my experience, today's security professionals must also draw connections between security details and business objectives.”To read this article in full or to leave a comment, please click here