Xen hypervisor faces third highly critical VM escape bug in 10 months

The Xen Project has fixed three vulnerabilities in its widely used hypervisor that could allow operating systems running inside virtual machines to access the memory of the host systems, breaking the critical security layer among them.Two of the patched vulnerabilities can only be exploited under certain conditions, which limits their use in potential attacks, but one is a highly reliable flaw that poses a serious threat to multitenant data centers where the customers' virtualized servers share the same underlying hardware.The flaws don't yet have CVE tracking numbers, but are covered in three Xen security advisories called XSA-213, XSA-214 and XSA-215.To read this article in full or to leave a comment, please click here

Books that I like

How Does Internet Work - We know what is networking

I was planning for some time now to make a list of books I read recently, here’s the list It should be something like a book reading suggestion list in order to maybe help you pick the right materials in your networking technology learning journey. On the top are the books I used most while studying for my certs but also some of them are the books that I usually carry with me on my Kindle or PDF wherever I go. It is always a good idea to have those books on you so you can have a look at

Books that I like

Join Us at World Press Freedom Day This Week!

Review: Two higher-end peripherals for your notebook lifestyle

The world of smartphones and tablets hasn’t yet completely taken over the world just yet – there are lots of people who still use an old-fashioned notebook (gosh, can’t believe I’m using the term ‘old-fashioned’ and ‘notebook’ in the same sentence) for their work, whether at home, in the office or traveling.But there are still limitations to these devices when it comes to audio and video – especially if you’re looking for some higher-end quality, as well as some portability. I recently tested two such devices – the new Logitech BRIO 4K webcam and the Jabra Speak 710 Bluetooth speaker. Don’t be scared by the higher price tags compared with other webcams and speaker systems – the higher-end quality and style make up for the extra price tag.To read this article in full or to leave a comment, please click here

Security Sessions: Why CSOs should care about machine learning

In the latest episode of Security Sessions, CSO Editor-in-Chief Joan Goodchild speaks via Skype with Michael A. Davis, the CTO of behavioral analytics company CounterTack. The two discuss why machine learning is so important to CSOs and CISOs, even if they themselves are not particularly investing in such technology for their own security systems.

IT Pro Snapshot: Salary, Education, and Mood

29th DNSSEC Root Signing Ceremony

Tier 1 carrier performance: April, 2017 snapshot

The post Tier 1 carrier performance: April, 2017 snapshot appeared first on Noction.

IDG Contributor Network: Healthcare data breaches skyrocket, but is there good news coming?

In 2016, 328 individual healthcare breaches occurred, surpassing the previous record of 268 in 2015, according to Bitglass’ recent Healthcare Breach Report. As a direct result of the breaches, records of approximately 16.6 million Americans were exposed due to hacks, lost or stolen devices, unauthorized disclosure and more.The good news, however, is that the overall number of compromised records has declined for the second year in a row, and early indications suggest that those numbers will continue to decline in 2017.+ Also on Network World: Healthcare records for sale on Dark Web + The report aggregates data from the U.S. Department of Health and Human Services’ Wall of Shame—a database of breach disclosures required as part of the Health Insurance Portability and Accountability Act (HIPAA)—to identify the most common causes of data leakage.To read this article in full or to leave a comment, please click here

IDG Contributor Network: Healthcare data breaches skyrocket, but is there good news coming?

In 2016, 328 individual healthcare breaches occurred, surpassing the previous record of 268 in 2015, according to Bitglass’ recent Healthcare Breach Report. As a direct result of the breaches, records of approximately 16.6 million Americans were exposed due to hacks, lost or stolen devices, unauthorized disclosure and more.The good news, however, is that the overall number of compromised records has declined for the second year in a row, and early indications suggest that those numbers will continue to decline in 2017.+ Also on Network World: Healthcare records for sale on Dark Web + The report aggregates data from the U.S. Department of Health and Human Services’ Wall of Shame—a database of breach disclosures required as part of the Health Insurance Portability and Accountability Act (HIPAA)—to identify the most common causes of data leakage.To read this article in full or to leave a comment, please click here

April 2017: The month in hacks and breaches

April may not have been the busiest month for security breaches, but what it lacks in volume it made up for in variety. The month began loudly when a hacker set off all of Dallas’s 156 emergency tornado alarms for 90 minutes in the wee hours of the morning on the seventh.Then on April 10, London-based Wonga Group revealed that as many as a quarter-million bank accounts may have been compromised. They weren’t alone. On the seventeenth, InterContinental reported that customer data may have been taken at more than 1,000 of its hotels.To read this article in full or to leave a comment, please click here(Insider Story)

April 2017: The month in hacks and breaches

April may not have been the busiest month for security breaches, but what it lacks in volume it made up for in variety. The month began loudly when a hacker set off all of Dallas’s 156 emergency tornado alarms for 90 minutes in the wee hours of the morning on the seventh.To read this article in full or to leave a comment, please click here(Insider Story)

Why online etiquette matters — and why IT leaders should care

It seems that not a week goes by without social media hitting a new high — or, as United Airlines might attest, a new low. Whatever your perspective, there’s no denying that social networks and online connections can shape how we work, think and interact to a dramatic degree.High-tech analyst and consultant Scott Steinberg offers guidance on how to get along in this digital world with his new book, Netiquette Essentials: New Rules for Minding Your Manners in a Digital World, which was released in February. This is Steinberg’s seventh book about business or technology. Here he discusses why manners matter on social media, and why CIOs should care.To read this article in full or to leave a comment, please click here

Review: The 6 best JavaScript IDEs

JavaScript is used for many different kinds of applications today. Most often, JavaScript works with HTML5 and CSS to build web front ends. But JavaScript also helps build mobile applications, and it’s finding an important place on the back end in the form of Node.js servers. Fortunately, JavaScript development tools—both editors and IDEs—are rising to meet the new challenges.Application lifecycle management (ALM) integration in Visual Studio 2017 is very good. I would happily use Visual Studio 2017 as my IDE for JavaScript if I were working primarily on Windows-based computers on projects using Microsoft technologies, especially ones that included Azure deployments and those of enterprise scale.To read this article in full or to leave a comment, please click here(Insider Story)

Making sense of cybersecurity qualifications

IBM’s cybersecurity division has hired nearly 2,000 professionals to its security team since 2015. Leaders recognize that the skills needed to succeed don't always come in the form of a traditional degree, but “the sheer volume of new certifications being created does pose challenges,” says Diana Kelley, global executive security adviser.It’s a growing problem for many employers. Increasingly, hiring companies must sift through resumes that tout cybersecurity-related degrees, certificates, industry certifications, apprenticeship credentials, digital badges, micro master’s degrees, nanodegrees and other credentials – trying to determine what a candidate really knows and how those credentials fit together.To read this article in full or to leave a comment, please click here

False positives still cause threat alert fatigue

It is commonly referred to as information overload. An infosec professional throws out a wide net in hopes of stopping malware before it gets too deep into the network, but like a motion-sensor light, sometimes the alert catches a squirrel instead of a burglar.Rob Kerr, chief technology officer at Haystax Technology, cited the 2013 breach at Target, as an example in which thieves stole some 40 million Target credit cards by accessing data on point of sale (POS) systems. Target later revised that number to include theft of private data for 70 million customers.To read this article in full or to leave a comment, please click here

False positives still cause threat alert fatigue

It is commonly referred to as information overload. An infosec professional throws out a wide net in hopes of stopping malware before it gets too deep into the network, but like a motion-sensor light, sometimes the alert catches a squirrel instead of a burglar.Rob Kerr, chief technology officer at Haystax Technology, cited the 2013 breach at Target, as an example in which thieves stole some 40 million Target credit cards by accessing data on point of sale (POS) systems. Target later revised that number to include theft of private data for 70 million customers.To read this article in full or to leave a comment, please click here

IDG Contributor Network: A glimpse into the future of the IT organization

Welcome to ITSM and Beyond, a new blog inspired by honest conversations with CIOs and the fundamental way they have pursued transformative information technology and IT Service Management (ITSM) strategies.It must be human nature to attempt to be a prognosticator, since it seems we are constantly trying to predict the future. Sometimes it’s something simple and immediate, such as predicting tomorrow’s weather. Other times we look farther into the future, like trying to predict where our careers will take us. Regardless of what we are trying to predict, if we can do so accurately, then we will make good decisions and be successful in meeting our goals and objectives.To read this article in full or to leave a comment, please click here

IDG Contributor Network: A glimpse into the future of the IT organization

Welcome to ITSM and Beyond, a new blog inspired by honest conversations with CIOs and the fundamental way they have pursued transformative information technology and IT Service Management (ITSM) strategies.It must be human nature to attempt to be a prognosticator, since it seems we are constantly trying to predict the future. Sometimes it’s something simple and immediate, such as predicting tomorrow’s weather. Other times we look farther into the future, like trying to predict where our careers will take us. Regardless of what we are trying to predict, if we can do so accurately, then we will make good decisions and be successful in meeting our goals and objectives.To read this article in full or to leave a comment, please click here

IDG Contributor Network: Engineering an entrepreneurial project management environment

To consistently deliver business outcomes in a dynamic digital landscape where priorities, scope and urgency are in constant flux, IT teams need a project management workforce that can rapidly adapt to change. In response, many have made concentrated efforts to identify, attract and develop Entrepreneurial project managers. These Entrepreneurs are nearly twice as effective at delivering business outcomes than their low-performing peers because they possess a set of critical skills, including judgment, stakeholder partnership and learning agility.To read this article in full or to leave a comment, please click here