Archive

Category Archives for "Networking"

Worth Reading: The digital age produces binary outcomes

The digital age produces binary outcomes. Winners tend to win overwhelmingly—in war as well as in business. The Soviet Union crumbled in the late 1980s when American technology bested Soviet military spending, then estimated at a quarter of GDP. The enormous Russian bet on military power lost and Communism fell. America emerged from the Cold War with a degree of military superiority greater than any country in modern history. It also emerged with a technologically driven economy that had no real competitor, with Russia close to ruin after the collapse of Communism and China in an early stage of economic development. —American Affairs

The post Worth Reading: The digital age produces binary outcomes appeared first on 'net work.

HackerOne offers bug bounty service for free to open-source projects

HackerOne, the company behind one of the most popular vulnerability coordination and bug bounty platforms, has decided to make its professional service available to open-source projects for free."Here at HackerOne, open source runs through our veins," the company's representatives said in a blog post. "Our company, product, and approach is built on, inspired by, and driven by open source and a culture of collaborative software development. As such, we want to give something back."HackerOne is a platform that makes it easier for companies to interact with security researchers, triage their reports, and reward them. Very few companies have the necessary resources to build and maintain bug bounty programs on their own with all the logistics that such efforts involve, much less so open-source projects that are mostly funded through donations.To read this article in full or to leave a comment, please click here

HackerOne offers bug bounty service for free to open-source projects

HackerOne, the company behind one of the most popular vulnerability coordination and bug bounty platforms, has decided to make its professional service available to open-source projects for free."Here at HackerOne, open source runs through our veins," the company's representatives said in a blog post. "Our company, product, and approach is built on, inspired by, and driven by open source and a culture of collaborative software development. As such, we want to give something back."HackerOne is a platform that makes it easier for companies to interact with security researchers, triage their reports, and reward them. Very few companies have the necessary resources to build and maintain bug bounty programs on their own with all the logistics that such efforts involve, much less so open-source projects that are mostly funded through donations.To read this article in full or to leave a comment, please click here

Sen. Durbin accuses Trump of breaking his H-1B promise

In November, President Donald Trump said on his first day in office he would order an investigation of H-1B abuses.That never happened, though critics held their tongues. After all, Trump had repeatedly campaigned for H-1B reforms, even inviting laid-off Disney IT workers to speak at his campaign rallies. Even so, patience is ending.[ Discuss this story. Join our H-1B/Outsourcing group on Facebook. ] Sen. Dick Durbin (D-Ill), a long-time critic of the H-1B visa program and co-sponsor of a reform bill with Sen. Chuck Grassley (R-Iowa), accused Trump today of failing "to put American workers first by cracking down on H-1B visa abuse.To read this article in full or to leave a comment, please click here

Windows 10 Creators Update allows indefinite postponing of reboots

When it launched, Windows 10 had a really bad habit of spontaneously rebooting to install updates. Updates were coming fast and furious in its early months, which was to be expected during an OS launch. A restart without warning was not expected or appreciated, and this earned Redmond some anger.Eventually they tamed that beast, giving people options when to reboot and warning them that one was needed. Now Microsoft is promising even more control over when you reboot, including the option to indefinitely postpone it, as documented in a new blog post. To read this article in full or to leave a comment, please click here

Security alert overload threatens to bury security teams

When it comes to incident detection and response, enterprise organizations are collecting, processing and analyzing more security data through an assortment of new analytics tools—endpoint detection and response (EDR) tools, network analytics tools, threat intelligence platforms (TIPs), etc.When each of threat management or security analytics tools sees something suspicious, it generates a security alert, and therein lies the problem: Enterprise organizations are getting buried by an avalanche of security alerts. According to ESG research: When asked to identify their top incident response challenges, 36 percent of the cybersecurity professionals surveyed said, “keeping up with the volume of security alerts.” Forty-two percent of cybersecurity professionals say their organization ignores a significant number of security alerts because they can’t keep up with the volume.  When asked to estimate the percentage of security alerts ignored at their organization, 34 percent say between 26 percent and 50 percent, 20 percent of cybersecurity professionals say their organization ignores between 50 percent and 75 percent of security alerts, and 11 percent say their organization ignores more than 75 percent of security alerts. Mama Mia, that’s a lot of security alerts left on the cutting room floor.  All told, the ESG data indicates Continue reading

Security alert overload threatens to bury security teams

When it comes to incident detection and response, enterprise organizations are collecting, processing and analyzing more security data through an assortment of new analytics tools—endpoint detection and response (EDR) tools, network analytics tools, threat intelligence platforms (TIPs), etc.When each of threat management or security analytics tools sees something suspicious, it generates a security alert, and therein lies the problem: Enterprise organizations are getting buried by an avalanche of security alerts. According to ESG research: When asked to identify their top incident response challenges, 36 percent of the cybersecurity professionals surveyed said, “keeping up with the volume of security alerts.” Forty-two percent of cybersecurity professionals say their organization ignores a significant number of security alerts because they can’t keep up with the volume.  When asked to estimate the percentage of security alerts ignored at their organization, 34 percent say between 26 percent and 50 percent, 20 percent of cybersecurity professionals say their organization ignores between 50 percent and 75 percent of security alerts, and 11 percent say their organization ignores more than 75 percent of security alerts. Mama Mia, that’s a lot of security alerts left on the cutting room floor.  All told, the ESG data indicates Continue reading

MWC protest asks about the fate of 4 million recalled Note7 batteries

The question of how the electronics industry recycles or disposes of old batteries came up again due to a Greenpeace protest of Samsung at Mobile World Congress this week.Greenpeace protestors appeared at a Samsung press event in Barcelona on Sunday carrying and erecting banners outside the venue; the group urged reuse and recycling of old batteries.Greenpeace said in a statement that it was demanding Samsung reuse and recycle the 4.3 million Galaxy Note7 batteries that were recalled last year after reports that some of the lithium ion batteries overheated and caught fire.To read this article in full or to leave a comment, please click here

The 10 essential Reddits for security pros

Going viralImage by IDGReddit isn’t just about viral news stories and viral memes or heated thread debates, although there is always plenty of that on the sharing and social media site. For security professionals, as well as those interested in pursuing the field of cybersecurity, there is a wealth of advice, content, and conversation from deep and dirty forensics work to the latest on cyberlaw and everything in-between — if you know where to look.To read this article in full or to leave a comment, please click here

The 10 essential Reddits for security pros

Going viralImage by IDGReddit isn’t just about viral news stories and viral memes or heated thread debates, although there is always plenty of that on the sharing and social media site. For security professionals, as well as those interested in pursuing the field of cybersecurity, there is a wealth of advice, content, and conversation from deep and dirty forensics work to the latest on cyberlaw and everything in-between — if you know where to look.To read this article in full or to leave a comment, please click here

Safari browser sheds users, mimicking IE

Apple's Safari browser, like rival Internet Explorer (IE), has lost a significant number of users in the last two years, data published Wednesday showed.The most likely destination of Safari defectors: Google's Chrome.According to California-based analytics vendor Net Applications, in March 2015, an estimated 69% of all Mac owners used Safari to go online. But by last month, that number had dropped to 56%, a drop of 13 percentage points -- representing a decline of nearly a fifth of the share of two years prior.It was possible to peg the percentage of Mac users who ran Safari only because that browser works solely on macOS, the Apple operating system formerly labeled OS X. The same single-OS characteristic of IE and Edge has made it possible in the past to determine the percentage of Windows users who run those browsers.To read this article in full or to leave a comment, please click here

U.S. Marshals warn against dual phone scams

The U.S Marshals are warning the public not to respond to two recent scams involving people fraudulently posing as Marshals making calls across the country.The first is a warning about a scam where the fraudster calls members of the public and alleging they, or their family members, have an active federal arrest warrant and demanding payment of fines.+More on Network World: Avaya wants out of S.F. stadium suite, not too impressed with 49ers on-field performance either+“Recently, there were reported attempts of a fraudulent caller who identified himself as a Deputy United States Marshal. This phony law enforcement officer informed the potential victims that warrants were being issued for them or their family member due to being absent from a federal grand jury they were previously summoned to appear before. The potential victims were then informed they could avoid arrest by paying a fine by electronic fund transfer or cashier’s check. The Marshals Service became aware of the scam after receiving information from several calls from alert citizens,” the service wrote.To read this article in full or to leave a comment, please click here

U.S. Marshals warn against dual phone scams

The U.S Marshals are warning the public not to respond to two recent scams involving people fraudulently posing as Marshals making calls across the country.The first is a warning about a scam where the fraudster calls members of the public and alleging they, or their family members, have an active federal arrest warrant and demanding payment of fines.+More on Network World: Avaya wants out of S.F. stadium suite, not too impressed with 49ers on-field performance either+“Recently, there were reported attempts of a fraudulent caller who identified himself as a Deputy United States Marshal. This phony law enforcement officer informed the potential victims that warrants were being issued for them or their family member due to being absent from a federal grand jury they were previously summoned to appear before. The potential victims were then informed they could avoid arrest by paying a fine by electronic fund transfer or cashier’s check. The Marshals Service became aware of the scam after receiving information from several calls from alert citizens,” the service wrote.To read this article in full or to leave a comment, please click here

Fileless Powershell malware uses DNS as covert communication channel

Targeted attacks are moving away from traditional malware to stealthier techniques that involve abusing standard system tools and protocols, some of which are not always monitored.The latest example is an attack dubbed DNSMessenger, which was analyzed by researchers from Cisco Systems' Talos team. The attack starts with a malicious Microsoft Word document distributed through an email phishing campaign.When opened, the file masquerades as a "protected document" secured by McAfee, an antivirus brand now owned by Intel Security. The user is asked to click on the enable content button in order to view the document's content, but doing so will actually execute malicious scripting embedded within.To read this article in full or to leave a comment, please click here

Fileless Powershell malware uses DNS as covert communication channel

Targeted attacks are moving away from traditional malware to stealthier techniques that involve abusing standard system tools and protocols, some of which are not always monitored.The latest example is an attack dubbed DNSMessenger, which was analyzed by researchers from Cisco Systems' Talos team. The attack starts with a malicious Microsoft Word document distributed through an email phishing campaign.When opened, the file masquerades as a "protected document" secured by McAfee, an antivirus brand now owned by Intel Security. The user is asked to click on the enable content button in order to view the document's content, but doing so will actually execute malicious scripting embedded within.To read this article in full or to leave a comment, please click here

1 1,864 1,865 1,866 1,867 1,868 3,354