Rapid7 discloses multiple vulnerabilities in telepresence robot

You know the telepresence robots that roll around offices with a camera, microphone and iPad attached in order to give remote users a way to participate “face-to-face” in meetings? It would be trippy if an attacker were able to take control of such a robot, but also entirely possible. Today, Rapid7 revealed three security flaws it discovered in the mobile conferencing device Double Telepresence Robot. Rapid7 researcher Deral Heiland discovered three vulnerabilities: unauthenticated access to data, static user session management, and weak Bluetooth pairing. Two of three vulnerabilities disclosed to Double Robotics were patched in January, a really quick response considering the fixes were deployed about a week after the flaws were disclosed to the company.To read this article in full or to leave a comment, please click here

Old nemesis spam becoming significant way for attackers to subvert data

Spam is once again raising its ugly head as a chief way for attackers to grab protected data.IBM’s X-Force Threat Intelligence group said today that one of the key findings from its forthcoming Threat Intelligence Index for 2017 is that spam volume grew dramatically throughout 2016, bringing with its host of new malicious attachments harboring banking Trojans and ransomware.+More on Network World: IBM technology moves even closer to human speech recognition parity+“Attackers are not limited to a single set of tools, however. The ongoing expansion of domain name choices has added another instrument to the spammer’s toolbox: enticing recipients to click through to malicious sites, ultimately allowing attackers to infiltrate their networks,” wrote Ralf Iffert, Manager, X-Force Content Security in a blog about the spam findings. “More than 35% of the URLs found in spam sent in 2016 used traditional, generic top-level domains (gTLD) .com and .info. Surprisingly, over 20% of the URLs used the .ru country code top-level domain (ccTLD), helped mainly by the large number of spam emails containing the .ru ccTLD.”To read this article in full or to leave a comment, please click here

Old nemesis spam becoming significant way for attackers to subvert data

Spam is once again raising its ugly head as a chief way for attackers to grab protected data.IBM’s X-Force Threat Intelligence group said today that one of the key findings from its forthcoming Threat Intelligence Index for 2017 is that spam volume grew dramatically throughout 2016, bringing with its host of new malicious attachments harboring banking Trojans and ransomware.+More on Network World: IBM technology moves even closer to human speech recognition parity+“Attackers are not limited to a single set of tools, however. The ongoing expansion of domain name choices has added another instrument to the spammer’s toolbox: enticing recipients to click through to malicious sites, ultimately allowing attackers to infiltrate their networks,” wrote Ralf Iffert, Manager, X-Force Content Security in a blog about the spam findings. “More than 35% of the URLs found in spam sent in 2016 used traditional, generic top-level domains (gTLD) .com and .info. Surprisingly, over 20% of the URLs used the .ru country code top-level domain (ccTLD), helped mainly by the large number of spam emails containing the .ru ccTLD.”To read this article in full or to leave a comment, please click here

How much are vendor security assurances worth after the CIA leaks?

Following the recent revelations about the U.S. Central Intelligence Agency's cyberespionage arsenal, software vendors reiterated their commitments to fix vulnerabilities in a timely manner and told users that many of the flaws described in the agency's leaked documents have been fixed.While these assurances are understandable from a public relations perspective, they don't really change anything, especially for companies and users that are the target of state-sponsored hackers. The software they use is not less safe, nor better protected, than it was before WikiLeaks published the 8,700-plus CIA documents last Tuesday.To read this article in full or to leave a comment, please click here

How much are vendor security assurances worth after the CIA leaks?

Following the recent revelations about the U.S. Central Intelligence Agency's cyberespionage arsenal, software vendors reiterated their commitments to fix vulnerabilities in a timely manner and told users that many of the flaws described in the agency's leaked documents have been fixed.While these assurances are understandable from a public relations perspective, they don't really change anything, especially for companies and users that are the target of state-sponsored hackers. The software they use is not less safe, nor better protected, than it was before WikiLeaks published the 8,700-plus CIA documents last Tuesday.To read this article in full or to leave a comment, please click here

Today Only 48% off Omron 10 Series Bluetooth Wireless Blood Pressure Monitor – Deal Alert

The Omron 10 series wireless blood pressure monitor averages 4.5 out of 5 stars on Amazon from over 4,450 customers (read reviews). With a regular list price of $99.99, this 48% off deal puts it at just $51.99.  The bluetooth monitor is compatible with Omron's free iOS and Android apps. It features multi-color indicator lights which show if your readings is in the normal (green) or hypertension (orange) range. BP level bar displays how your reading compares to normal home blood pressure levels. An Easy-Wrap ComFit Cuff inflates around your entire arm to avoid incorrect cuff positioning. It automatically takes 3 consecutive readings one minute apart and displays the average, following guidelines set by the American Heart Association. An easy-to-read display with extra-large digits & backlight make results easier to read. The unit stores 200 readings in device or 100 each for 2 users, and operates with an included AC Adapter or 4 AA batteries. See the discounted Omron 10 series bluetooth blood pressure monitor on Amazon now.To read this article in full or to leave a comment, please click here

Fears arise that Trump has dropped ball on H-1B reform

President Donald Trump's administration has signaled that it has no immediate plans to change the H-1B program. Critics are roiled. They wanted Trump to act before April 1, the day the U.S. accepts visa applications for the new year.But no one knows for sure. New rumors circulate that Trump will act, maybe next week, but the White House won't say.The IEEE-USA said Friday that Trump's inaction on the H-1B visa "will cost American jobs." The group now believes that action before April is unlikely, and that may be because of something Sean Spicer, the press secretary, said this week.Spicer was asked at a press briefing Wednesday if there was any plan to "revamp the H-1B program by April 1." Spicer said the president was focused on border security.To read this article in full or to leave a comment, please click here

BrandPost: Three Automation Mistakes You Should Avoid

There has never been a more pressing need to automate data center operations—including the network, storage, compute, and apps. End-to-end data center automation might be the fastest route to delivering the on-demand IT services needed in today’s digital economy. As such, no organization can afford to stumble as it develops and deploys comprehensive automation strategies. Let’s take a look at three of the most common mistakes organizations make as they seek to automate their environments: taking on too much, focusing too heavily on a specific tool, and letting a vendor dictate their strategy.Mistake 1: Trying to boil the ocean. Trying to do too much, too soon, is often a recipe for disaster. When it comes to automation, this approach frequently results in unmet expectations as well as management’s diminished confidence in IT’s ability to deliver.To read this article in full or to leave a comment, please click here

Disaster recovery: How is your business set up to survive an outage?

Asynchronous vs synchronous. Dark disaster recovery vs. active architecture. Active/active vs. active/passive. No setup is objectively better or worse than another. The best one for you primarily depends on your level of tolerance for what happens when the server goes down.Security experts say how individual companies choose to save their data in anticipation of an outage depends on how long they can survive before the “lights” are turned back on. What level of availability does your company need? Is the face of your company an ecommerce site where even a few minutes offline can cost an astronomical sum? Will the cost of an active-active system outweigh the potential loss of business from an outage?To read this article in full or to leave a comment, please click here

Disaster recovery: How is your business set up to survive an outage?

Asynchronous vs synchronous. Dark disaster recovery vs. active architecture. Active/active vs. active/passive. No setup is objectively better or worse than another. The best one for you primarily depends on your level of tolerance for what happens when the server goes down.Security experts say how individual companies choose to save their data in anticipation of an outage depends on how long they can survive before the “lights” are turned back on. What level of availability does your company need? Is the face of your company an ecommerce site where even a few minutes offline can cost an astronomical sum? Will the cost of an active-active system outweigh the potential loss of business from an outage?To read this article in full or to leave a comment, please click here

Discover the power of Bash on Windows

Microsoft Windows may be the dominant player on the desktop, but the rapidly increasing open source software market—especially for admin and dev tools—clearly favors Linux. Not to mention the mobile market, where Android uses Linux variants. If you’re a developer on Windows, the drumbeat to get hip to Linux capabilities keeps getting louder.Over the years, Microsoft has introduced various workarounds for using Linux capabilities on Windows, such as PowerShell with SSH and Cygwin and MSYS. Running Linux inside a virtual machine is another option. But VMs consume a significant amount of resources and don’t provide a first-class Linux experience, as you can’t edit local files or get full access to local drives, for example.To read this article in full or to leave a comment, please click here

Pivotal, Google team up for Kubernetes cloud management

Pivotal and Google have launched Project Kubo to apply Pivotal's Bosh tool for deploying and managing cloud software to Google's Kubernetes container orchestration platform.Currently in an alpha release stage, Kubo instantiates, deploys, and manages Kubernetes clusters on any cloud. Pivotal has been working on the project with members of the Google Cloud platform team.[ To the cloud! Real-world container migrations. | Dig into the the red-hot open source framework in InfoWorld's beginner's guide to Docker. ] Kubo can be used with existing production applications written in specific languages, and it can access platform primitives. Bosh, featured as part of Cloud Foundry, provides an open source tool chain for managing large-scale distributed services. It offers a combination of a virtual machine build tool, configuration and health management, and logging. Bosh has been used to build consistent, self-healing environments with zero downtime, Seroter said.To read this article in full or to leave a comment, please click here

Switching from Mac to PC: Choosing a laptop

I’m committed to switching from a Mac to a PC, and the next step is to start shopping. When you haven’t used anything but Macs for close to two decades, the sheer quantity and variety of Windows choices poses a challenge. So, while I researched which new Windows laptop would be a good fit for me, I spent some time experimenting with the first Windows computer I could get my hands on: my Mac.Easing into Windows via Bootcamp Most modern Apple computers come with Boot Camp Assistant—a program designed to help you turn your Apple computer into a machine that can dual-boot into Windows. A copy of Windows 10 Home can be had for $120 (or downloaded and used for free with limited options,) so using the OS with Boot Camp is a great way to see what Microsoft has to offer before you invest in a PC.To read this article in full or to leave a comment, please click here

How to remove ransomware: Use this battle plan to fight back

Ransomware doesn’t sneak into your PC like ordinary malware. It bursts in, points a gun at your data, and screams for cash—or else. And if you don’t learn to defend yourself, it could happen again and again.Armed gangs of digital thieves roaming the information superhighway sounds like an overwrought action movie, but the numbers say it’s true: Ransomware attacks rose from 3.8 million in 2015 to 638 million in 2016, an increase of 167 times year over year, according to Sonicwall—even as the number of malware attacks declined. Why steal data when you can simply demand cash?To read this article in full or to leave a comment, please click here

How to remove ransomware: Use this battle plan to fight back

Ransomware doesn’t sneak into your PC like ordinary malware. It bursts in, points a gun at your data, and screams for cash—or else. And if you don’t learn to defend yourself, it could happen again and again.Armed gangs of digital thieves roaming the information superhighway sounds like an overwrought action movie, but the numbers say it’s true: Ransomware attacks rose from 3.8 million in 2015 to 638 million in 2016, an increase of 167 times year over year, according to Sonicwall—even as the number of malware attacks declined. Why steal data when you can simply demand cash?To read this article in full or to leave a comment, please click here

Why GE is winning the war for tech talent

Hiring enough tech talent to facilitate digital transformations typically tops the list of challenges CIOs face. They could do worse than follow the blueprint crafted by 125-year-old General Electric.The company has lured top tech executives from Apple, Google and Microsoft by underscoring the huge role GE plans to play in the so-called Fourth Industrial Revolution, an era defined more by software platforms and APIs than heavy metal. It has also overhauled a talent recruitment practice that was more suited for the industrial giant of yore by bringing in technical recruiters who offer the kind compensation packages pitched by Silicon Valley titans.To read this article in full or to leave a comment, please click here

IDG Contributor Network: How to avoid falling for the W-2 phishing scam

While this blog is nominally mine, I don’t come up with ideas in a vacuum. This article on W-2 scams sprung from a conversation I had with my colleague Steve Williams, who ended up being my co-author. Check out more about him at the end of this piece.Multiple times each year, LinkedIn feeds and information security forums light up with examples of the latest and greatest versions of phishing attacks. Most recently the hot stories have been about a simple targeted request that avoids links, attachments, and malware, plays friendly with email filters, and appears extremely urgent to the recipient. This form of phishing is known as the W-2 scam.To read this article in full or to leave a comment, please click here

1 2,237 2,238 2,239 2,240 2,241 3,844