During its testimony on security weaknesses among federal agencies this week, the Government Accountability Office detailed a number of critical elements that make up effective protection systems.Among the systems the watchdog agency detailed was the key components in access control which is typically the technology an enterprise uses to regulate who has access to what resources.+ More on Network World: Watchdogs detail Federal security tribulations +To read this article in full or to leave a comment, please click here
During a Black Hat Europe talk about (In)Security of Backend-as-a-Service, researchers warned that thousands of popular mobile apps have hard-coded backend credentials which could allow anyone to access millions of sensitive records. “Attacks are free, effortless, and simple,” they warned.Siegfried Rasthofer and Steven Arzt, PhD students at TU Darmstadt in Germany, focused on apps that use Backend-as-a-Service (BaaS) frameworks from the providers Amazon Web Services, CloudMine and Parse.com, which is owned by Facebook. This is the “first comprehensive security evaluation of several popular BaaS providers and APIs as well as their use in real-world Android and iOS applications.”To read this article in full or to leave a comment, please click here
Companies' haphazard processes for managing administrative or other privileged accounts are putting them at risk of security breaches, according to a new global security survey.MORE ON NETWORK WORLD: 6 simple tricks for protecting your passwords
The survey, conducted by Dimensional Research and sponsored by Dell, found that 83 percent of respondents face numerous challenges with managed privileged accounts and administrative passwords. That's not to say they lack procedure for securing them — nearly 80 percent say they have a defined process for managing them — but they're not diligent about it.To read this article in full or to leave a comment, please click here
Microsoft is putting a lot of effort and money into building a holistic security platform that combines the attack protection, detection and response features built into Windows 10, Office 365, Azure and the Microsoft Enterprise Mobility Suite to help companies safeguard their data regardless of where it resides.Talking at the Microsoft Government Cloud Forum in Washington, D.C., Tuesday, Microsoft CEO Satya Nadella said that the company is spending more than $1 billion a year in research and development to build security into its products, because "security has to be core to the operational systems used by enterprises."To read this article in full or to leave a comment, please click here
Microsoft on Tuesday unveiled tools that protect not only cloud-based workloads in the company's Azure IaaS public cloud, but those on customers’ premises and even in competing clouds, such as those from Amazon Web Services.Microsoft CEO Satya Nadella gave a keynote address at a Government Cloud Forum in Washington, D.C. this morning in which he talked about his company’s broad security efforts. Microsoft spends $1 billion annually in research and development to improve security across the company’s three major products: Windows 10, Office 365 and Azure. “We don’t think of security as being a separate piece of technology,” Nadella said. “It has to be core to the operational systems that you use, where your data resides, where your most critical application usage is.”To read this article in full or to leave a comment, please click here
Security issues continue to confound many Federal agencies keeping tons of sensitive information at risk of unauthorized disclosure, modification, or destruction.That was one of the main conclusions of yet another Government Accountability security assessment, which focused on the Department of Education but included information about other agencies, to congress this week. Since fiscal year 2006, the number of reported information security incidents affecting federal systems has steadily increased, rising from about 5,500 in fiscal year 2006 to almost 67,200 in fiscal year 2014, the GAO noted.To read this article in full or to leave a comment, please click here
A partnership announced by Dell on Tuesday shows how cybersecurity defenses are evolving, which could have wide-ranging effects on vendors like Symantec, McAfee and Trend Micro.The PC giant has partnered with Cylance, an Irvine, California-based company that specializes in detecting and blocking attacks on endpoint computers.Early next year, Dell will wrap Cylance's Protect product in its Data Protection Endpoint Security Suite, said Brett Hansen, Dell's executive director of data security solutions. The suite is an integrated package with encryption capabilities, authentication features and malware detection.To read this article in full or to leave a comment, please click here
The U.S. Federal Aviation Administration hasn't revealed its plans for drone registration yet, but that hasn't stopped at least one company from trying to make a buck from confusion about the rules.In early November, the FAA and Department of Transportation said they intend to set up a registry that will likely cover many small consumer drones, but it's yet to happen. A task force established to propose registration rules is due to deliver its findings on Friday, but even then the FAA will have to come up with formal rules and propose them.MORE ON NETWORK WORLD: 6 simple tricks for protecting your passwords
"Owners should wait until additional details about the forthcoming drone registration system are announced later this month before paying anyone to do the work for them," the FAA said on Monday.To read this article in full or to leave a comment, please click here
Security vendor Kasperky Lab yesterday issued this reminder as part of its “fact or fiction” series: No matter what you may have read on Facebook, entering your bank PIN in reverse will not summon the police.From the Kaspersky post:
This urban legend is over a decade old and consistently makes it’s rounds on the Internet. Surprisingly, a lot of social media users care so much about this topic that they continually share this old tale with their friends, urging them to READ IT RIGHT AWAY!As it goes with all urban legends, there is a grain of truth in this myth. The idea of ’emergency code’ for ATMs had been hatched some time ago and is obviously where the myth originated.To read this article in full or to leave a comment, please click here
Holberton School is a project-based alternative to college for the next generation of software engineers. Using project-based learning and peer learning, Holberton School's mission is to train the best software engineers of their generation. Unlike the normal models, at Holberton School, there are no formal teachers and no formal courses. Instead, everything is project-centered. The school gives students increasingly difficult programming challenges to solve, with minimal initial directions on how to solve them. As a consequence, students naturally look for the theory and tools they need, understand them, use them, work together, and help each other.To read this article in full or to leave a comment, please click here
Mobile Network Operators (MNOs) are partnering with Big Data marketers and are actively selling, or at least getting ready to sell, data that connects consumer demographics with locations, according to an article in Advertising Age.The data lists phone subscriber location along with websites visited on mobile browsers, neighborhoods where subscribers go, and so on.Telco data-as-service
This kind of telco data-as-service (TDaaS) business is currently worth $24 billion a year and will be a $79 billion business by 2020, according to 451 Research, whose numbers are quoted in the Ad Age article.To read this article in full or to leave a comment, please click here
SolidarityImage by REUTERS/Philippe WojazerIn the hours and days following the tragic terror attacks in Paris, the Internet became a primary vehicle for not only disseminating information but also for individuals and companies to show their solidarity with the French. Check out the various ways the Internet responded to the French terror attacks.To read this article in full or to leave a comment, please click here
In the wake of the horrific attacks in Paris, military operations against ISIS terrorist strongholds have increased. When someone hits you, it’s natural to hit back. But can you win by killing an enemy that seeks death — and when those who are killed inspire desperate others to replace them?Along with the news that the French had launched air strikes against ISIS positions came the word that the cyber-revenge group calling itself Anonymous has declared war on ISIS. I never thought I would say this, but Anonymous might be our savior. Attacking ISIS militarily is necessary, but the group has always exerted its influence through social media, using it for both fundraising and recruitment. Both activities are essential to ISIS’ continuing existence and effectiveness. The weaponry it uses in its terror campaign is expensive, and when every successful operation ends in death or the arrest of all participants, recruitment is critical.To read this article in full or to leave a comment, please click here
Although Conficker is old, it’s still around as cleaning up botnets takes years to complete. In a new twist, iPower Technologies reported receiving multiple police body cams that came preloaded with the Conficker worm.The body cams were Martel Electronics Frontline Cameras with GPS, which are “sold and marketed as a body camera for official police department use.” Martel said of its “elite video cameras” meant for police departments:To read this article in full or to leave a comment, please click here
Thousands of mobile applications, including popular ones, implement cloud-based, back-end services in a way that lets anyone access millions of sensitive records created by users, according to a recent study.The analysis was performed by researchers from the Technical University and the Fraunhofer Institute for Secure Information Technology in Darmstadt, Germany, and the results were presented Friday at the Black Hat Europe security conference in Amsterdam. It targeted applications that use Backend-as-a-Service (BaaS) frameworks from providers like Facebook-owned Parse, CloudMine or Amazon Web Services.To read this article in full or to leave a comment, please click here
A new report sheds some light on how terrorists, particularly those with the Islamic State (ISIS) involved in last week's deadly attacks in Paris, manage to communicate in an age when most communications tools are susceptible to government surveillance.The most interesting is how the group can use video game platforms, specifically Sony's PlayStation 4, to relay messages between members. A Buzzfeed News report quoted Belgium's federal home affairs minister Jan Jambon, who had explained at an event prior to the Paris attacks that communications on a device like the PlayStation 4 could be more difficult to monitor than those on encrypted messaging apps, such as WhatsApp.To read this article in full or to leave a comment, please click here
Ted Koppel, anchor of ABC TV’s “Nightline” for 25 years, from 1980-2005, is the author of “Lights Out,” which argues that not only is the nation’s critical infrastructure at grave risk of a catastrophic cyber attack that could leave as much as a third of the nation without electricity for months or even a year, but that there is no government plan to respond to such an attack.[ ALSO ON CSO: Read our review of the book and if the industry agrees with Koppel ]Koppel spoke briefly with CSO earlier last week about those issues:What kind of feedback on your book are you getting from information security professionals? Do they think you’ve overstated the risk or not?To read this article in full or to leave a comment, please click here
Turkey timeJust in time for Thanksgiving, here’s our annual rundown of the tech industry’s “turkeys” for the year.Looking back: Top tech turkeys 2014Top tech turkeys 2013To read this article in full or to leave a comment, please click here
All this year I’ve been researching the burgeoning cyber insurance market. Admittedly, this is a bit of a detour from covering endpoint security, network security, and security analytics, but cyber insurance is becoming an increasingly important puzzle piece in any organization’s risk mitigation strategy, so it’s worth paying attention to. Given all of the highly visible data breaches over the past few years, it shouldn’t be surprising that cyber insurance is on fire. Between 30% and 40% of companies have some type of cyber insurance today, and the market is growing at 35% or more on an annual basis. It is estimated that the U.S. market for cyber insurance is around $2.5 billion today with about 50 insurance companies competing for business. PWC estimates that this market will grow to over $7.5 billion by 2020.To read this article in full or to leave a comment, please click here
Web analytics and tracking cookies play a vital role in online advertising, but they can also help attackers discover potential targets and their weaknesses, a new report shows.Security researchers from FireEye have discovered an attack campaign that has injected computer profiling and tracking scripts into over 100 websites visited by business executives, diplomats, government officials and academic researchers.The researchers believe the compromised websites attract visitors involved in international business travel, diplomacy, energy production and policy, international economics and official government work. They include sites belonging to embassies, educational and research institutions, governments, visa services, energy companies, media organizations and non-profit organizations.To read this article in full or to leave a comment, please click here