Espionage cited as the US Federal Reserve reports 50-plus breaches from 2011 to 2015

The U.S. Federal Reserve, the nation's central bank, detected more than 50 cybersecurity breaches between 2011 and 2015, including a handful attributed to espionage.The Fed's Washington-based Board of Governors identified 51 information disclosures during the five-year period, according to information obtained through a Freedom of Information Act request by Reuters.The breaches reported include only those at the Fed's Washington location and don't include any at its 12 privately owned regional branches.To read this article in full or to leave a comment, please click here

Credibility and trust: Microsoft blows it

On the surface, Microsoft has yielded to turns in the market more rapidly. But now they’ve blown it, pushing back increased trust and credibility, perhaps years, and for an inane reason: shoving Windows 10 down user’s throats.It’s a fine operating system. It has the madness of near-malware ads now sewn into it, and damnable tracking—with no publicly vetted method of preventing adware malware. Yet it’s more stable than Windows 7, it’s nicer to use than Windows 8-something, and it’s a great price model.That is, it’s a great price model until you get to this point: allowing users to reject it, for whatever reason they want. Foisting it upon them is boorish. Citations of “quit bitching” don’t acknowledge that the current trust for Microsoft is still really tenuous.To read this article in full or to leave a comment, please click here

Office 365 Advanced Security Management brings powerful protection for a price

Enterprises using Microsoft's Office 365 have a new security product that they can use to better lock down their organizations -- for a price. The company introduced a new Advanced Security Management service on Wednesday that gives companies a trio of tools aimed at helping detect security threats, provide granular controls and let IT administrators track if people in their organization are using unauthorized services.It's another part of Microsoft's push to lure businesses over to its subscription-based productivity suite. By providing more advanced security capabilities, Microsoft may be able to convince security-conscious businesses to buy into Office 365, rather than avoid a subscription or choose one of Office's competitors like Google Apps for Work.To read this article in full or to leave a comment, please click here

Office 365 Advanced Security Management brings powerful protection for a price

Enterprises using Microsoft's Office 365 have a new security product that they can use to better lock down their organizations -- for a price. The company introduced a new Advanced Security Management service on Wednesday that gives companies a trio of tools aimed at helping detect security threats, provide granular controls and let IT administrators track if people in their organization are using unauthorized services.It's another part of Microsoft's push to lure businesses over to its subscription-based productivity suite. By providing more advanced security capabilities, Microsoft may be able to convince security-conscious businesses to buy into Office 365, rather than avoid a subscription or choose one of Office's competitors like Google Apps for Work.To read this article in full or to leave a comment, please click here

IDG Contributor Network: Farming off the grid: How IoT helps remote communities grow more with less

An IoT solution isn't the first idea that comes to mind when you're standing in the African heat, thinking of ways to empower a village. But that's exactly what happened.Brandi DeCarli and Scott Thompson had been building a Youth Empowerment Center from a modified shipping container in Kisumu, Kenya, as part of the UN Habitat Program. While doing this work, they realized that the local community lacked basic necessities, such as access to fresh and healthy food. They thought, why not use a modified shipping container to provide a plug-and-play farming unit?To read this article in full or to leave a comment, please click here

Net neutrality may be an unenforceable pipedream. Here’s why.

Net neutrality—the idea that carriers should not be allowed to provide preferential treatment to certain kinds of content—is a heavily politicized topic. With patriotic fervor on both sides of the aisle, last year’s FCC Open Internet rules pleased proponents and enraged opponents of the concept. (Several groups of carriers are suing the FCC over the rules, but the cases have yet to be resolved.)Zero ratings and usage caps But the reality seems to be that clever moves and creative definitions by carriers and content providers are increasingly making the FCC rules moot. While making efforts to avoid technically or obviously breaking the letter of the law, carriers and content providers are combining zero ratings and usage caps—neither expressly outlawed by the FCC—to get around the intent of net neutrality regulations.To read this article in full or to leave a comment, please click here

Your open source security problem is worse than you think

The 200 applications reviewed by Black Duck Software for its "State of Open Source Security in Commercial Applications" report used an average of 105 open source components, comprising 35% of the code. That's twice as much open source as the companies participating in Black Duck's audits were aware they used, according to the report.To read this article in full or to leave a comment, please click here(Insider Story)

Is network fabric heading down the same path as ‘software defined’ and ‘stacking’?

Technology vendors love to grab terms that are hot and then overuse them to the point where no one really understands what it means any more. I understand the desire to catch a market trend and have the “rising tide” lift the vendors along with a number of others. But the overuse of terms tends to confuse buyers while they are trying to figure out what’s what.This is one reason why Gartner’s Hype Cycle has the phases it does. While I think some of the terms are a little silly, the fact is that the first upslope creates vendor overhype and then technology goes into a lull while users do their own research. Gartner If you’ve been around the network industry for a while, you probably remember the days when the term “stacking” became such a term. There’s some debate as to who invented stacking.To read this article in full or to leave a comment, please click here

Is network fabric heading down the same path as ‘software defined’ and ‘stacking’?

Technology vendors love to grab terms that are hot and then overuse them to the point where no one really understands what it means any more. I understand the desire to catch a market trend and have the “rising tide” lift the vendors along with a number of others. But the overuse of terms tends to confuse buyers while they are trying to figure out what’s what.This is one reason why Gartner’s Hype Cycle has the phases it does. While I think some of the terms are a little silly, the fact is that the first upslope creates vendor overhype and then technology goes into a lull while users do their own research. Gartner If you’ve been around the network industry for a while, you probably remember the days when the term “stacking” became such a term. There’s some debate as to who invented stacking.To read this article in full or to leave a comment, please click here

Family-friendly benefits key to attracting top tech talent

Don’t disturb Eric Poirier between 6 p.m. and 8 p.m. -- he’s spending time with his family. Poirier, the CEO of Addepar, a Silicon Valley investment management software startup, makes it a point to block out “Eric time” on the firm’s publicly accessible calendar, and encourages the rest of the company to do the same.It’s one example of a growing trend in Silicon Valley; using family-friendly and work-life balance-focused benefits and perks to attract, retain, engage and motivate the workforce, says Lissa Minkin, Addepar’s vice president of people. As IT talent becomes more difficult to find and even harder to retain, many IT companies are focusing on what’s truly important to their employees, and that means offering more family-friendly benefits instead of flashy perks like free lunch, dry cleaning, massage, ping-pong tables or yoga, according to Minkin.To read this article in full or to leave a comment, please click here

Windows 10 sees its largest surge ever as Microsoft’s forced-upgrade push rolls on

Putting away the carrots and breaking out the sticks appears to be paying off for Microsoft, at least in raw market share.After pushing Windows 10 onto legions of Windows 7 and 8 PCs as a Recommended update, Windows 10 saw its largest-ever surge in month-to-month usage share in May, according to Net Applications. Windows 10’s usage share jumped by 2.09 percent between April and May, to 17.43 percent overall. That may not sound like much, but it’s a huge leap in such a short time. The only other month that even comes close is January, which saw Windows 10 usage spike by 1.89 percent after the holiday season.To read this article in full or to leave a comment, please click here

Software-Defined Perimeter Essentials

I’ve written about Software-Defined Perimeter (SDP) a few times, as I think this model is a strong fit for today’s IT cocktail made up of mobile applications, public cloud infrastructure and pervasive security threats. What is an SDP? The model is really based upon the “black cloud” concept coming out of the Defense Information Systems Agency (DISA) where network access and connections are allowed on a “need-to-know” basis. Similarly, the Cloud Security Alliance (CSA) refers to SDPs as “on-demand, dynamically-provisioned, air gapped networks.”Several vendors, including Cryptzone and Vidder, actively market SDP offerings. In addition, Google’s BeyondCorp is a homegrown SDP project that Google has made public and highly visible. While these efforts clearly fall under the SDP category, I viewed the SDP model a bit more broadly. SDP is clearly associated with numerous innovations and initiatives of the past, including next-generation firewalls, network access control (NAC) and even 802.1X, so there are plenty of SDP-like solutions from vendors such as Cisco, HP (Aruba) and Pulse Secure (formerly part of Juniper). To read this article in full or to leave a comment, please click here

Software-defined Perimeter (SDP) Essentials

I’ve written about SDPs a few times as I think this model is a strong fit today’s IT cocktail made up of mobile applications, public cloud infrastructure, and pervasive security threats. Just what is an SDP anyway?  The model is really based upon the “black cloud” concept coming out of the Defense Information Systems Agency (DISA) where network access and connections are allowed on a “need-to-know” basis.  Similarly, the Cloud Security Alliance (CSA) refers to SDPs as “on-demand, dynamically-provisioned, air gapped networks.”Several vendors, including Cryptzone and Vidder, actively market SDP offerings while Google’s BeyondCorp is a homegrown SDP project that Google has made public and highly-visible.  While these efforts clearly fall under the SDP category, I viewed the SDP model a bit more broadly.  SDP is clearly associated with numerous innovations and initiatives of the past including next-generation firewalls, network access control (NAC), and even 802.1X so there are plenty of SDP-like solutions from vendors like Cisco, HP (Aruba), and Pulse Secure (formerly part of Juniper).  While definitions vary slightly, SDP is also closely aligned with concepts like attribute-based authentication so SaaS providers like Microsoft (Azure AD), Okta, and Continue reading

Cost of a Windows zero-day exploit? This one goes for $90,000

Ever wonder how much an exploit for a previously unknown vulnerability that affects all Windows versions costs on the black market? The answer, according to a recent offer seen on a cybercrime forum, is $90,000.The offer was observed by researchers from security firm Trustwave on an underground market for Russian-speaking cybercriminals, where users hire malware coders, lease exploit kits, buy access to compromised websites or rent botnets.Zero-day exploits -- exploits for unpatched vulnerabilities -- are typically used for cyberespionage. Hackers sell them to governments and large corporations, under strict non-disclosure agreements, often through specialized brokers, so it's uncommon to see them traded on cybercrime forums.To read this article in full or to leave a comment, please click here

Cost of a Windows zero-day exploit? This one goes for $90,000

Ever wonder how much an exploit for a previously unknown vulnerability that affects all Windows versions costs on the black market? The answer, according to a recent offer seen on a cybercrime forum, is $90,000.The offer was observed by researchers from security firm Trustwave on an underground market for Russian-speaking cybercriminals, where users hire malware coders, lease exploit kits, buy access to compromised websites or rent botnets.Zero-day exploits -- exploits for unpatched vulnerabilities -- are typically used for cyberespionage. Hackers sell them to governments and large corporations, under strict non-disclosure agreements, often through specialized brokers, so it's uncommon to see them traded on cybercrime forums.To read this article in full or to leave a comment, please click here

1 2,903 2,904 2,905 2,906 2,907 3,819