Amazon’s AWS S3 outage yesterday impacted Apple’s services

Yesterday afternoon, Amazon Web Services (AWS) experienced a significant and prolonged outage that brought a number of popular websites and services down. While Amazon is more readily known for its online retail business, the company's cloud services division has quickly become a huge money maker for the Jeff Bezos led company. What's more, AWS provides the backbone for many well known sites, including Netflix and Quora."We are investigating increased error rates for Amazon S3 requests in the US-EAST-1 Region,” Amazon said yesterday amidst a flurry of confusion and frustration.The problem was eventually resolved, but not before a number of services from Apple were affected. For a brief while yesterday, iOS users experienced difficulties accessing the App Store, Apple Music, iCloud backups, iWork and other cloud-based services.To read this article in full or to leave a comment, please click here

Amazon’s AWS S3 outage impacted Apple’s services

Yesterday afternoon, Amazon Web Services (AWS) experienced a significant and prolonged outage that brought a number of popular websites and services down. While Amazon is more readily known for its online retail business, the company's cloud services division has quickly become a huge money maker for the Jeff Bezos-led company. What's more, AWS provides the backbone for many well-known sites, including Netflix and Quora."We are investigating increased error rates for Amazon S3 requests in the US-EAST-1 Region,” Amazon said yesterday amidst a flurry of confusion and frustration.The problem was eventually resolved, but not before a number of services from Apple were affected. For a brief while yesterday, iOS users experienced difficulties accessing the App Store, Apple Music, iCloud backups, iWork and other cloud-based services.To read this article in full or to leave a comment, please click here

Google slams the brakes on Pixel Chromebooks

Google is pressing pause on its efforts to build Pixel laptops, leaving the in-house premium brand to tablets and phones.The company’s hardware chief, Rick Osterloh, recently told reporters during Mobile World Congress in Spain that Google had “no plans” to create a new Chromebook Pixel, according to TechCrunch. For now, Google is leaving it up to third-party Chromebook makers like Asus, Acer, HP, and Samsung to fill in the gaps.To read this article in full or to leave a comment, please click here

50% off Star Wars Battlefront Ultimate Edition For Xbox One – Deal Alert

The Star Wars Battlefront Ultimate Edition has everything fans need to live out their Star Wars battle fantasies, including Star Wars Battlefront and Star Wars Battlefront Season Pass. Rebels and Imperials alike will be able to expand their galaxy, with 4 epic expansion packs, including Star Wars Rogue One: Scarif. In addition, players can enjoy 30+ maps, 14 heroes and 14 game modes. The list price on the game has just dropped sharply down to just $19.99 on Amazon.  See the discounted Star Wars Battlefront Ultimate Edition for Xbox One now on Amazon.To read this article in full or to leave a comment, please click here

February 2017: The month in hacks and breaches

On February 5, an anonymous hacker kicked off February’s breaches, taking down a dark web hosting service that the hacker claimed was hosting child pornography sites. In the process, the hacker showed just how easily the dark web can be compromised.To read this article in full or to leave a comment, please click here(Insider Story)

February 2017: The month in hacks and breaches

On February 5, an anonymous hacker kicked off February’s breaches, taking down a dark web hosting service that the hacker claimed was hosting child pornography sites. In the process, the hacker showed just how easily the dark web can be compromised.Then, on February 10, as many as 20 hackers (or groups of hackers) exploited a recently patched REST API vulnerability to deface over 1.5 million web pages across about 40,000 WordPress websites. “The flaw was fixed in WordPress 4.7.2, released on Jan. 26, but the WordPress team did not publicly disclose the vulnerability's existence until a week later,” Lucian Constantin reported.To read this article in full or to leave a comment, please click here(Insider Story)

Palo Alto Stock Down 22% After Earnings

Competition from the likes of Cisco and Check Point is rising.

Azure Stack’s third technical preview arrives

Azure Stack, Microsoft’s hybrid cloud system, is getting close to release. On Wednesday, the tech giant unveiled the third major public beta for customers that want to test it out.The new release brings a handful of additional capabilities for users to test, like support for Azure D-Series virtual machine sizes and deployment with ADFS (Active Directory Federation Services) to support systems that don’t have constant connections to Azure. Technical Preview 3, as this release is known in Microsoft parlance, will get a handful of other features over the coming months, including support for Azure Functions and Active Directory multi-tenancy.To read this article in full or to leave a comment, please click here

Cisco warns of NetFlow appliance vulnerability

Cisco today issued a security warning about a potential vulnerability in its NetFlow traffic monitoring device that could cause the system to lock-up. +More on Network World: Cisco tries to squash Smart Install security abuse+ Specifically, Cisco wrote: “A vulnerability in the Stream Control Transmission Protocol (SCTP) decoder of the Cisco NetFlow Generation Appliance (NGA) could allow an unauthenticated, remote attacker to cause the device to hang or unexpectedly reload, causing a denial of service (DoS) condition. The vulnerability is due to incomplete validation of SCTP packets being monitored on the NGA data ports. An attacker could exploit this vulnerability by sending malformed SCTP packets on a network that is monitored by an NGA data port. SCTP packets addressed to the IP address of the NGA itself will not trigger this vulnerability. An exploit could allow the attacker to cause the appliance to become unresponsive or reload, causing a DoS condition. User interaction could be needed to recover the device using the reboot command from the CLI.”To read this article in full or to leave a comment, please click here

Cisco warns of NetFlow appliance vulnerability

Cisco today issued a security warning about a potential vulnerability in its NetFlow traffic monitoring device that could cause the system to lock-up. +More on Network World: Cisco tries to squash Smart Install security abuse+ Specifically, Cisco wrote: “A vulnerability in the Stream Control Transmission Protocol (SCTP) decoder of the Cisco NetFlow Generation Appliance (NGA) could allow an unauthenticated, remote attacker to cause the device to hang or unexpectedly reload, causing a denial of service (DoS) condition. The vulnerability is due to incomplete validation of SCTP packets being monitored on the NGA data ports. An attacker could exploit this vulnerability by sending malformed SCTP packets on a network that is monitored by an NGA data port. SCTP packets addressed to the IP address of the NGA itself will not trigger this vulnerability. An exploit could allow the attacker to cause the appliance to become unresponsive or reload, causing a DoS condition. User interaction could be needed to recover the device using the reboot command from the CLI.”To read this article in full or to leave a comment, please click here

Cisco warns of NetFlow appliance vulnerability

Cisco today issued a security warning about a potential vulnerability in its NetFlow traffic monitoring device that could cause the system to lock-up. +More on Network World: Cisco tries to squash Smart Install security abuse+ Specifically, Cisco wrote: “A vulnerability in the Stream Control Transmission Protocol (SCTP) decoder of the Cisco NetFlow Generation Appliance (NGA) could allow an unauthenticated, remote attacker to cause the device to hang or unexpectedly reload, causing a denial of service (DoS) condition. The vulnerability is due to incomplete validation of SCTP packets being monitored on the NGA data ports. An attacker could exploit this vulnerability by sending malformed SCTP packets on a network that is monitored by an NGA data port. SCTP packets addressed to the IP address of the NGA itself will not trigger this vulnerability. An exploit could allow the attacker to cause the appliance to become unresponsive or reload, causing a DoS condition. User interaction could be needed to recover the device using the reboot command from the CLI.”To read this article in full or to leave a comment, please click here

IDG Contributor Network: SD-WAN facilitates security on the WAN

With RSA San Francisco—one of, if not the biggest security show of the year—behind us, it’s a good time to revisit security and SD-WANs. I know, we already lived through Yoda’s prognostications about the future of networking and security. In that blog post, we spoke about vendor approaches to securing the new Internet connections created by SD-WAN. There’s another dimension, though, to SD-WAN security that we didn’t discuss and that’s about the WAN.The WAN: Risk and reward for today’s attackers For a lot of SD-WAN vendors, security integration means inspecting incoming and outgoing Internet traffic. But while services, such as Zscaler, may inspect HTTP traffic bound for the internet, they do nothing for traffic bound to other locations. And that’s a problem because increasingly site-to-site traffic requires its own inspection and protection.To read this article in full or to leave a comment, please click here

IDG Contributor Network: SD-WAN facilitates security on the WAN

With RSA San Francisco—one of, if not the biggest security show of the year—behind us, it’s a good time to revisit security and SD-WANs. I know, we already lived through Yoda’s prognostications about the future of networking and security. In that blog post, we spoke about vendor approaches to securing the new Internet connections created by SD-WAN. There’s another dimension, though, to SD-WAN security that we didn’t discuss and that’s about the WAN.The WAN: Risk and reward for today’s attackers For a lot of SD-WAN vendors, security integration means inspecting incoming and outgoing Internet traffic. But while services, such as Zscaler, may inspect HTTP traffic bound for the internet, they do nothing for traffic bound to other locations. And that’s a problem because increasingly site-to-site traffic requires its own inspection and protection.To read this article in full or to leave a comment, please click here

Worth Reading: How to bury a breach notification

Amid the hustle and bustle of the RSA Security Conference in San Francisco last week, researchers at RSA released a startling report that received very little press coverage relative to its overall importance. The report detailed a malware campaign that piggybacked on a popular piece of software used by system administrators at some of the nation’s largest companies. Incredibly, the report did not name the affected software, and the vendor in question has apparently chosen to bury its breach disclosure. This post is an attempt to remedy that. —Krebs on Security

The post Worth Reading: How to bury a breach notification appeared first on 'net work.

IDG Contributor Network: To improve information security, enterprises and government must share information

Information security is forever weaved into our daily lives. From the massive data breaches impacting Target, Yahoo and Anthem to IoT-powered DDoS attacks that take down substantial portions of the internet for extended periods of time, information security impacts everyone.The reality is providing protection in this kind of environment is so challenging that no single entity, whether it’s a company or a government agency, can accomplish this task alone. There needs to be some kind of cooperation between the private and public sectors. This leads to the questions of what kind of relationship should the government and companies have, how can they work together and what’s preventing this process from happening?To read this article in full or to leave a comment, please click here

IDG Contributor Network: To improve information security, enterprises and government must share information

Information security is forever weaved into our daily lives. From the massive data breaches impacting Target, Yahoo and Anthem to IoT-powered DDoS attacks that take down substantial portions of the internet for extended periods of time, information security impacts everyone.The reality is providing protection in this kind of environment is so challenging that no single entity, whether it’s a company or a government agency, can accomplish this task alone. There needs to be some kind of cooperation between the private and public sectors. This leads to the questions of what kind of relationship should the government and companies have, how can they work together and what’s preventing this process from happening?To read this article in full or to leave a comment, please click here

IT experience can be beneficial for a cybersecurity career

Given my interest in cybersecurity skills and training, I’m contacted by academic institutions, professional organizations and training companies with news about some type of cybersecurity education curriculum. This isn’t surprising given the global shortage of cybersecurity skills. In fact, new ESG research discloses that 45% of organizations report a “problematic shortage” of cybersecurity skills in 2017.Clearly we need more smart and well-prepared people to enter the cybersecurity ranks, but it’s important to note that most cybersecurity professionals don’t enter the workforce directly from college or training programs. According to research conducted in 2016 by ESG and the Information Systems Security Association (ISSA), 78% of cybersecurity professionals follow a more indirect route. These folks start their careers as IT professionals and make their way into cybersecurity as their careers progress.To read this article in full or to leave a comment, please click here

IT experience can be beneficial for a cybersecurity career

Given my interest in cybersecurity skills and training, I’m contacted by academic institutions, professional organizations and training companies with news about some type of cybersecurity education curriculum. This isn’t surprising given the global shortage of cybersecurity skills. In fact, new ESG research discloses that 45% of organizations report a “problematic shortage” of cybersecurity skills in 2017.Clearly we need more smart and well-prepared people to enter the cybersecurity ranks, but it’s important to note that most cybersecurity professionals don’t enter the workforce directly from college or training programs. According to research conducted in 2016 by ESG and the Information Systems Security Association (ISSA), 78% of cybersecurity professionals follow a more indirect route. These folks start their careers as IT professionals and make their way into cybersecurity as their careers progress.To read this article in full or to leave a comment, please click here

IT Experience Can Be Beneficial for a Cybersecurity Career

Given my interest in cybersecurity skills and training, I’m contacted by academic institutions, professional organizations, and training companies with news about some type of cybersecurity education curriculum.  This isn’t surprising given the global shortage of cybersecurity skills.  New ESG research discloses that 45% of organizations report a “problematic shortage” of cybersecurity skills in 2017 (note: I am an ESG employee).Clearly we need more smart and well-prepared people to enter the cybersecurity ranks but it’s important to note that most cybersecurity professionals don’t enter the workforce directly from college or training programs.  According to research conducted in 2016 by ESG and the Information Systems Security Association (ISSA), 78% of cybersecurity professionals follow a more indirect route.  These folks start their careers as IT professionals and make their way into cybersecurity as their careers progress.  (Note:  The two ESG/ISSA research reports are available for free download here).To read this article in full or to leave a comment, please click here

Palo Alto Networks pays $105M for LightCyber to better detect network attacks

Palo Alto Networks has bought LightCyber for its behavioral analytics platform that can speed the time to detect intrusions that have already breached networks and are looking around for ways to carry out exploits.The $105 million cash deal brings LightCyber’s ability to analyze behavior of devices to discover reconnaissance by malware inside networks and lateral movements as it seeks to compromise vulnerable systems.Based on machine learning, LightCyber absorbs the behaviors of individuals and devices, sets a normal level for them and finds anomalies that could indicate attacks underway.To read this article in full or to leave a comment, please click here