2017 security predictions

From W-2 scams to WordPress vulnerabilities, ransomware, business email compromises, DDos attacks and allegations of a hacked presidential election -- 2016's been a hell of a year in cybersecurity, and it's not over yet.There's no reason to believe 2017 will be any better. If anything, it could be even worse as cybercriminals continue to push social engineering, find new ways to deliver malware, crack vulnerable databases and leverage mobile technology to find ways to get inside corporate defenses and target individuals.To read this article in full or to leave a comment, please click here

2017 security predictions

From W-2 scams to WordPress vulnerabilities, ransomware, business email compromises, DDos attacks and allegations of a hacked presidential election -- 2016's been a hell of a year in cybersecurity, and it's not over yet.There's no reason to believe 2017 will be any better. If anything, it could be even worse as cybercriminals continue to push social engineering, find new ways to deliver malware, crack vulnerable databases and leverage mobile technology to find ways to get inside corporate defenses and target individuals.To read this article in full or to leave a comment, please click here

Report: Most cybercriminals earn $1,000 to $3,000 a month

Most cybercriminals make between $1,000 and $3,000 a month, but 20 percent earn $20,000 a month or more, according to a recent report.The data is based on a survey conducted by a closed underground community, said report author Andrei Barysevich, director of advanced collection at cybersecurity firm Recorded Future."We actually saw criminals who made way more than that, $50,000 to $200,000 a month," he said. "This is what they keep, this is not revenues, but pure profit. This is what they can spend on loose women, fast cars and nice clothes."To read this article in full or to leave a comment, please click here

Report: Most cybercriminals earn $1,000 to $3,000 a month

Most cybercriminals make between $1,000 and $3,000 a month, but 20 percent earn $20,000 a month or more, according to a recent report.The data is based on a survey conducted by a closed underground community, said report author Andrei Barysevich, director of advanced collection at cybersecurity firm Recorded Future."We actually saw criminals who made way more than that, $50,000 to $200,000 a month," he said. "This is what they keep, this is not revenues, but pure profit. This is what they can spend on loose women, fast cars and nice clothes."To read this article in full or to leave a comment, please click here

Liveblog: Automating Cloud Mgmt and Deployment

This is a liveblog of the AWS re:Invent session titled “Automating Cloud Management and Deployment for a Diverse Enterprise Application Portfolio” (DEV319). The speakers for the session are David Lowry and Amul Merchant, both from Infor Global.

Merchant kicks the session off with a brief overview of Infor and its cloud strategy. Infor’s CEO, Charles Phillips, was quoted from AWS re:Invent 2014 as having said, “Friends don’t let friends build data centers.” Merchant spends a pretty fair amount of time (too much time, in my opinion) explaining Infor and Infor’s offerings, with only minimal references to how this affects or is affected by the core topic of the presentation. He makes numerous references to “the DevOps toolset” that Infor uses, but does not provide any details or information on said toolset. Instead, the information shared is far too basic for a 300-level session.

After 15 minutes, Lowry takes the stage to talk about the DevOps toolset. The key principles Infor used in building/selecting tools were:

• Automate end-to-end
• Use AWS services wherever possible (this ties the tools closely to AWS)
• Minimally Viable Product (MVP) first, then expand

Some of the tools Infor uses:

• Faro (more information on that in a Continue reading

5 apps to gamify your personal and work lives

Gamify your personal and work livesImage by ThinkstockIf you're struggling with motivation or productivity at work, the answer might lie in gamification. Gamification turns your boring to-do list, mundane chores or healthy habits into a role-playing (RPG) game where you can earn points, collect badges and level up. If you've ever used a fitness tracker, it's the same concept -- you can earn badges and rewards for your workouts and healthy lifestyle goals to help you stay motivated. PokemonGo, designed as an augmented reality game, even managed to gamify walking for a lot of players, with researchers at Stanford and Microsoft suggesting it helped significantly increase physical activity for users. Gamifying your life might be the answer to staying motivated, productive and to develop new habits; these five apps will help you make your everyday to-do list fun again. <A HREF="https://habitica.com/static/front" TITLE="Habitica website" TARGET="_blank">Habitica</A>Image by HabiticaTo read this article in full or to leave a comment, please click here

SIEMs-as-a-service addresses needs of small, midsize enterprises

The city of Lewiston, in north central Idaho, has a population of around 32,000 and an information systems budget of around $800,000 a year.But it wasn't too small for attackers. For example, the city council meetings, streamed online, were being watched by people in Russia."Why are they watching this?" said Danny Santiago, the city's information systems administrator.Then there were the phishing attempts."We are negotiating a $2 million contract for road work, and we had spearphishing attacks," he said. "Luckily it's a small town, and everyone knows everyone, so people called us."To read this article in full or to leave a comment, please click here

SIEMs-as-a-service addresses needs of small, midsize enterprises

The city of Lewiston, in north central Idaho, has a population of around 32,000 and an information systems budget of around $800,000 a year.But it wasn't too small for attackers. For example, the city council meetings, streamed online, were being watched by people in Russia."Why are they watching this?" said Danny Santiago, the city's information systems administrator.Then there were the phishing attempts."We are negotiating a $2 million contract for road work, and we had spearphishing attacks," he said. "Luckily it's a small town, and everyone knows everyone, so people called us."To read this article in full or to leave a comment, please click here

HPE rolls out products to enable IoT adoption

Hewlett Packard Enterprise on Wednesday announced several software and hardware products to more securely manage the exploding universe of Internet of Things devices.October's Mirai botnet attack on unsecured IoT devices, which halted widespread access to dozens of popular internet sites, dramatizes the value of more comprehensive management and control of IoT, HPE executives said in interviews.Some of HPE's new products are intended for use by virtual cellular network providers, while others are for small and medium-sized enterprises to use in managing their local area network (LAN) operations.To read this article in full or to leave a comment, please click here

HPE rolls out products to enable IoT adoption

Hewlett Packard Enterprise on Wednesday announced several software and hardware products to more securely manage the exploding universe of Internet of Things devices.October's Mirai botnet attack on unsecured IoT devices, which halted widespread access to dozens of popular internet sites, dramatizes the value of more comprehensive management and control of IoT, HPE executives said in interviews.Some of HPE's new products are intended for use by virtual cellular network providers, while others are for small and medium-sized enterprises to use in managing their local area network (LAN) operations.To read this article in full or to leave a comment, please click here

48% off iPhone 7 Secure-Fit Workout Arm Band and Protective Case Bundle – Deal Alert

This lightweight and ultra-comfortable band from Encased is designed to securely fit your iPhone 7 4.7" by simply clipping on & off the included iPhone case (2016 Slimfit edition case, by Encased), so you won't need to place it in and out of another case or sleeve for your workout. The band comes in several different color options, and is fully adjustable to fit all arm sizes up to 14". The highly reflective pattern provides nighttime jogging & running protection, and its unique design maintains full touchscreen and button functionality during your workout with 0% screen obstruction. Its typical list price of $34.99 has been reduced 48% to just $18 for both the band and iPhone 7 case combo. See the discounted workout band on Amazon.To read this article in full or to leave a comment, please click here

Comcast Becomes the First Cable Company to Join ONOS & CORD

It paid $500,000 to join the open source groups.

IDG Contributor Network: SecureAuth introduces another take on multi-factor authentication

SecureAuth is in the business of adaptive access control. What that means in plain (or at least more plain) English is that the company offers security solutions that balance strength with ease of use and that adapt to different use cases.An example of adaptive access control might be requiring a simple username and password for regular access, but requiring a higher level of authentication when the user (for example) logs in from another geography.+ Also on Network World: 5 trends shaking up multi-factor authentication + As data breaches have gained massive prominence in recent years, due in part to some celebrities' dual proclivities for poor password control and a penchant for naked selfies, the public has become increasingly aware of multi-factor authentication (MFA) a process that requires a subsequent authentication entry beyond simply username and password.To read this article in full or to leave a comment, please click here

DNS Analysis Using Wireshark

IDG Contributor Network: SecureAuth introduces another take on multi-factor authentication

SecureAuth is in the business of adaptive access control. What that means in plain (or at least more plain) English is that the company offers security solutions that balance strength with ease of use and that adapt to different use cases.An example of adaptive access control might be requiring a simple username and password for regular access, but requiring a higher level of authentication when the user (for example) logs in from another geography.+ Also on Network World: 5 trends shaking up multi-factor authentication + As data breaches have gained massive prominence in recent years, due in part to some celebrities' dual proclivities for poor password control and a penchant for naked selfies, the public has become increasingly aware of multi-factor authentication (MFA) a process that requires a subsequent authentication entry beyond simply username and password.To read this article in full or to leave a comment, please click here

Robotic Process Automation: Leveraging Robots In The Enterprise

IDG Contributor Network: 8 security tips for retailers and consumers this holiday season

It’s the time of year for holiday cheer. Hot chocolate, cookies, presents and other festivities abound. Shops dress up their windows in exotic displays, and festive lights can be seen everywhere. Yes, it’s the time of year when everything is grander and everyone seems happier.But it’s not always sunshine and roses during the holiday season. Trouble often lurks in the shadows—preying on both retailers and consumers. Criminals take advantage of the spike in spending, and use the opportunity to hide in the crowds and undertake fraud of various kinds.+ Also on Network World: Flash mobs the latest threat this holiday season + Financial fraud is the one that comes to mind first, but identity theft, impersonation and theft of items, among others, are all common. On top of that, every year cyber attackers improve on their techniques to steal information, money and goods.To read this article in full or to leave a comment, please click here

IDG Contributor Network: 8 security tips for retailers and consumers this holiday season

It’s the time of year for holiday cheer. Hot chocolate, cookies, presents and other festivities abound. Shops dress up their windows in exotic displays, and festive lights can be seen everywhere. Yes, it’s the time of year when everything is grander and everyone seems happier.But it’s not always sunshine and roses during the holiday season. Trouble often lurks in the shadows—preying on both retailers and consumers. Criminals take advantage of the spike in spending, and use the opportunity to hide in the crowds and undertake fraud of various kinds.+ Also on Network World: Flash mobs the latest threat this holiday season + Financial fraud is the one that comes to mind first, but identity theft, impersonation and theft of items, among others, are all common. On top of that, every year cyber attackers improve on their techniques to steal information, money and goods.To read this article in full or to leave a comment, please click here

AWS re:Invent 2016 Keynote with Andy Jassy

This is a liveblog of the Wednesday keynote at AWS re:Invent 2016. Today’s keynote is led by Andy Jassy, CEO of Amazon Web Services. The crowd gathered for the keynote is pretty immense, despite the availability of numerous overflow locations spread across the multiple re:Invent venues.

At precisely 9am, the DJ rocking the pre-keynote music leaves the stage and AWS welcomes Andy Jassy, CEO, to the stage. This is only the 5th re:Invent conference, and Jassy confirms that this year’s attendance is 32,000 with another 50,000 listening in via the live stream.

Jassy starts with an update on the AWS business. As of Q3, AWS is a nearly $13B run-rate business with millions of active customers. Jassy says that nearly every industry segment is using AWS in a “meaningful way,” as is the public sector. He also calls out all the various AWS partners and systems integrators that have built practices on top of AWS, and the “thousands” of ISVs that have built (or rebuilt) products to run on AWS. AWS is, according to some statistics provided by Jassy, the fastest-growing enterprise IT technology company.

In 2014, AWS said the cloud was the “new normal.” In 2015, AWS said Continue reading

Study warns of human rights risks from censoring online terror content

Internet companies should not be required to monitor third-party terrorist content that they host or transmit, nor should they face direct or indirect liability from governments for such content, according to a new study. The Global Network Initiative, a group that represents academics, investors, civil society organizations and companies including Facebook, Google and Microsoft, published its study Tuesday. It's the offshoot of a policy discussion it started in July 2015, exploring key issues such as the human rights implications of government efforts to restrict online content with the aim of protecting public safety.To read this article in full or to leave a comment, please click here