Real-life examples test whether you are prepared for a cyberattack

Are you ready?While 83 percent of respondents say cyberattacks are among the top three threats facing organizations, only 38 percent say they are prepared to experience one, according to ISACA’s 2015 Global Cybersecurity Status Report.Incident response is still largely a human response. Multiply an outdated response plan by the many human errors that can innocently occur during response and you have a recipe for potentially cataclysmic results in the threat event aftermath.Use the following tabletop exercises based on today’s most disconcerting threats to update your response plan for live action.To read this article in full or to leave a comment, please click here(Insider Story)

Privacy Shield data transfer agreement now shelters 200 companies

There are now 200 companies standing behind Privacy Shield, the framework agreement allowing businesses to process the personal information of European Union citizens on servers in the U.S.Companies must register with the International Trade Administration of the U.S. Department of Commerce to be covered. It's a self-certification process, so the ITA is only checking that the forms are filled in correctly, not that companies are necessarily complying with all 13,894 words of the rules. The Privacy Shield rules are needed to ensure that EU citizens' personal information is afforded the same legal protection in the U.S. as required under EU law.To read this article in full or to leave a comment, please click here

Privacy Shield data transfer agreement now shelters 200 companies

There are now 200 companies standing behind Privacy Shield, the framework agreement allowing businesses to process the personal information of European Union citizens on servers in the U.S.Companies must register with the International Trade Administration of the U.S. Department of Commerce to be covered. It's a self-certification process, so the ITA is only checking that the forms are filled in correctly, not that companies are necessarily complying with all 13,894 words of the rules. The Privacy Shield rules are needed to ensure that EU citizens' personal information is afforded the same legal protection in the U.S. as required under EU law.To read this article in full or to leave a comment, please click here

How checkout woes sabotage mobile commerce

Mobile commerce shows no signs of slowing its furious pace of growth, as consumers get comfortable using their smartphones and tablets to shop anytime and anywhere they want: In a report titled “U.S. Mobile Phone and Tablet Commerce Forecast, 2015 to 2020,” Forrester Research estimates that mobile commerce sales will reach $142 billion this year, up from $115 billion last year.To read this article in full or to leave a comment, please click here(Insider Story)

Automating the provisioning and configuration of Red Hat Mobile Application Platform

Red-Hat-Mobile-Blog.png

The Red Hat Services blog shared a demo on how to automate the provisioning and configuration of Red Hat Mobile Application Platform using Ansible and OpenShift Enterprise Container Platform.

The video contains great information on the creation of MBaaS on OSE3, Set up of RHMAP, and using a Jenkins Pipeline and a demonstration of deployed components.

To view the original Red Hat Services post and read related resources, click here.

Red Hat CEO: Open-source innovation is always user-led

According to Red Hat CEO Jim Whitehurst, the prevailing narrative about the growth and spread of Linux is only half-true.The idea that a doughty community of coding geniuses, led by an irascible commissar in Linus Torvalds, quietly created a technological asset that eventually spread to the biggest users in the land is actually a little misleading, he told Network World at LinuxCon North America 2016 in Toronto.+ALSO ON NETWORK WORLD: Linux at 25: A retrospective + Linux at 25: Linus Torvalds on the evolution and future of LinuxTo read this article in full or to leave a comment, please click here

The discerning nerd’s guide to Raspberry Pi hardware (2016 mid-year edition)

HardwareImage by Mark GibbsIn my "Ultimate Guide to Raspberry Pi Operating Systems" (Part 1, Part 2, and Part 3) I listed pretty much every noteworthy operating system and OS variant available for the Raspberry Pi family of single board computers. But what of the hardware all this OS goodness runs on? It's not like there's just one Raspberry Pi board. So, if you don't know your Model A from your Zero from your generation 3 Model B, this is the guide for you.To read this article in full or to leave a comment, please click here

Dropbox prompts certain users to change their passwords

Dropbox is asking users who signed up before mid-2012 to change their passwords if they haven’t done so since then.The cloud storage service said it was asking users to change their passwords as a preventive measure, and not because there is any indication that their accounts were improperly accessed.Dropbox said it was taking the measure because its security teams learned about an old set of Dropbox user credentials, consisting of email addresses and hashed and salted passwords, which it believes were obtained in 2012 and could be linked to an incident the company reported around the time.In July 2012, Dropbox said its investigation found that usernames and passwords recently stolen from other websites were used to sign in to a small number of of Dropbox accounts. It said it had contacted the users affected to help them protect their accounts.To read this article in full or to leave a comment, please click here

Dropbox prompts certain users to change their passwords

Dropbox is asking users who signed up before mid-2012 to change their passwords if they haven’t done so since then. The cloud storage service said it was asking users to change their passwords as a preventive measure, and not because there is any indication that their accounts were improperly accessed. Dropbox said it was taking the measure because its security teams learned about an old set of Dropbox user credentials, consisting of email addresses and hashed and salted passwords, which it believes were obtained in 2012 and could be linked to an incident the company reported around the time. In July 2012, Dropbox said its investigation found that usernames and passwords recently stolen from other websites were used to sign in to a small number of of Dropbox accounts. It said it had contacted the users affected to help them protect their accounts.To read this article in full or to leave a comment, please click here

U.S. convicts Russian hacker in credit card theft scheme

Jurors in a U.S. federal court have convicted a Russian hacker of stealing and selling more than 2 million credit card numbers.On Thursday, the jury in Seattle found Roman Valerevich Seleznev guilty of charges related to his hacking of point-of-sale systems.Seleznev was arrested in 2014 after U.S. authorities accused him of installing malicious software on point-of-sale systems in U.S. restaurants .From 2009 to 2013, Seleznev used this scheme to steal credit card data from businesses and send it back to his servers in Ukraine and McLean, Virginia. The stolen data was then sold on the black market, with Seleznev promising that buyers could make fraudulent purchases with them.To read this article in full or to leave a comment, please click here

U.S. convicts Russian hacker in credit card theft scheme

Jurors in a U.S. federal court have convicted a Russian hacker of stealing and selling more than 2 million credit card numbers.On Thursday, the jury in Seattle found Roman Valerevich Seleznev guilty of charges related to his hacking of point-of-sale systems.Seleznev was arrested in 2014 after U.S. authorities accused him of installing malicious software on point-of-sale systems in U.S. restaurants .From 2009 to 2013, Seleznev used this scheme to steal credit card data from businesses and send it back to his servers in Ukraine and McLean, Virginia. The stolen data was then sold on the black market, with Seleznev promising that buyers could make fraudulent purchases with them.To read this article in full or to leave a comment, please click here

Notes on the Apple/NSO Trident 0days

I thought I'd write up some comments on today's news of the NSO malware using 0days to infect human rights activist phones. For full reference, you want to read the Citizen's Lab report and the Lookout report.


Press: it's news to you, it's not news to us

I'm seeing breathless news articles appear. I dread the next time that I talk to my mom that she's going to ask about it (including "were you involved"). I suppose it is new to those outside the cybersec community, but for those of us insiders, it's not particularly newsworthy. It's just more government malware going after activists. It's just one more set of 0days.

I point this out in case press wants to contact for some awesome sounding quote about how exciting/important this is. I'll have the opposite quote.


Don't panic: all patches fix 0days

We should pay attention to context: all patches (for iPhone, Windows, etc.) fix 0days that hackers can use to break into devices. Normally these 0days are discovered by the company itself or by outside researchers intending to fix (and not exploit) the problem. What's different here is that where most 0days are just a theoretical danger, these Continue reading

12 tips to help SMBs select and manage vendors

Picking good suppliers and partners is critical to your company’s success, especially a smaller, growing business. Pick a vendor that is difficult to work with, doesn’t provide a service as promised, isn’t there when you need help and/or hits you with hidden fees, and your company could be in serious trouble. So what steps can you take to help ensure you don’t wind up in a bad business relationship? Here are 12 strategies for selecting the right business partners and suppliers. 1. Make a list of your requirements and expectations. “One of the most important parts of creating and maintaining vendor/partner relationships is to have very clearly spelled out expectations at the onset,” says Diane Helbig of Seize This Day. “Establish an understanding of what each party will bring to the relationship, when and how. That gives you something to measure the relationship against and let’s your partner/vendor know not only what you want from them, but what you will be bringing to the relationship.”To read this article in full or to leave a comment, please click here

Windows 10 troubleshooting and fixes revisited

Long before the Windows 10 Anniversary Update appeared, it was obvious that Microsoft was putting more energy and effort into its troubleshooting tools. These are readily available by typing "trouble" into Cortana (or the search box, if you prefer) and then selecting the Troubleshooting (Control panel) result. What I didn't know at the time was that the future of Windows 10 didn't include fix-its.To read this article in full or to leave a comment, please click here(Insider Story)

Apple patches iOS security flaws found in spyware targeting activist

To spy on a human rights activist, hackers allegedly connected to a Middle Eastern government used three previously unknown vulnerabilities in Apple’s iOS.The claims -- from research at Toronto-based Citizen Lab and mobile security firm Lookout -- focus on spyware that targeted Ahmed Mansoor, an activist in the United Arab Emirates.Earlier this month, Mansoor received an SMS text message on his iPhone claiming to offer “new secrets” about tortured detainees in his country. However, inside the message was a link that, once clicked, can infect an iPhone with spyware, using three zero-day exploits of iOS, the research found.To read this article in full or to leave a comment, please click here

Apple patches iOS security flaws found in spyware targeting activist

To spy on a human rights activist, hackers allegedly connected to a Middle Eastern government used three previously unknown vulnerabilities in Apple’s iOS.The claims -- from research at Toronto-based Citizen Lab and mobile security firm Lookout -- focus on spyware that targeted Ahmed Mansoor, an activist in the United Arab Emirates.Earlier this month, Mansoor received an SMS text message on his iPhone claiming to offer “new secrets” about tortured detainees in his country. However, inside the message was a link that, once clicked, can infect an iPhone with spyware, using three zero-day exploits of iOS, the research found.To read this article in full or to leave a comment, please click here

1 2,641 2,642 2,643 2,644 2,645 3,766