Gone Fishin’

Well, not exactly Fishin', but I'll be on a month long vacation starting today. I won't be posting (much) new content, so we'll all have a break. Disappointing, I know. Please use this time for quiet contemplation and other inappropriate activities. See you on down the road...

The Rise of Threat Intelligence Gateways

According to ESG research, enterprise organizations continue to invest in all types of threat intelligence (note: I am an ESG employee).  For example, 60% of organizations have had a threat intelligence program in place for more than 2 years, 69% consume 6 or more open source or commercial threat intelligence feeds as part of cybersecurity analytics efforts, and 72% of enterprises plan on increasing spending on their threat intelligence programs over the next 12 to 18 months.Why is threat intelligence gaining momentum?  Security professionals know that since they can’t block every conceivable cyber-attack, they need to collect, process, and analyze all types of internal and external security data to improve their incident detection and response capabilities.  Many also want to use threat intelligence more proactively for threat prevention.  In fact, 36% of enterprise cybersecurity professionals say that their organizations intend to use threat intelligence feeds to automate remediation actions over the next 24 months.To read this article in full or to leave a comment, please click here

The Rise of Threat Intelligence Gateways

According to ESG research, enterprise organizations continue to invest in all types of threat intelligence (note: I am an ESG employee).  For example, 60% of organizations have had a threat intelligence program in place for more than 2 years, 69% consume 6 or more open source or commercial threat intelligence feeds as part of cybersecurity analytics efforts, and 72% of enterprises plan on increasing spending on their threat intelligence programs over the next 12 to 18 months.Why is threat intelligence gaining momentum?  Security professionals know that since they can’t block every conceivable cyber-attack, they need to collect, process, and analyze all types of internal and external security data to improve their incident detection and response capabilities.  Many also want to use threat intelligence more proactively for threat prevention.  In fact, 36% of enterprise cybersecurity professionals say that their organizations intend to use threat intelligence feeds to automate remediation actions over the next 24 months.To read this article in full or to leave a comment, please click here

SmartThings security flaws revealed

Researchers from the University of Michigan and Microsoft Research took aim at Samsung’s SmartThings and came up with four proof-of-concept attacks that they believe should make SmartThings owners a bit paranoid by thinking about worst-case scenarios in which hackers remotely take control of your home.If a hacker could unlock your door while you are sleeping, then your safety is at risk. If the door is unlocked while you are away, then you might have come home to discover all your cool tech is gone. If a hacker could continually set off your smoke alarm, then your sanity might be tested.None of those examples is out of the realm of possibility, as the researchers exploited SmartThings framework design flaws and developed attacks that included stealing door lock PIN codes, changing the lock code, triggering a fake fire alarm and turning off vacation mode “all without requiring SmartApps to have capabilities to carry out these operations and without physical access to the home.”To read this article in full or to leave a comment, please click here

SmartThings security flaws revealed

Researchers from the University of Michigan and Microsoft Research took aim at Samsung’s SmartThings and came up with four proof-of-concept attacks that they believe should make SmartThings owners a bit paranoid by thinking about worst-case scenarios in which hackers remotely take control of your home.If a hacker could unlock your door while you are sleeping, then your safety is at risk. If the door is unlocked while you are away, then you might have come home to discover all your cool tech is gone. If a hacker could continually set off your smoke alarm, then your sanity might be tested.None of those examples is out of the realm of possibility, as the researchers exploited SmartThings framework design flaws and developed attacks that included stealing door lock PIN codes, changing the lock code, triggering a fake fire alarm and turning off vacation mode “all without requiring SmartApps to have capabilities to carry out these operations and without physical access to the home.”To read this article in full or to leave a comment, please click here

Researchers take aim at SmartThings security, develop 4 proof-of-concept attacks

Researchers from the University of Michigan and Microsoft Research took aim at Samsung’s SmartThings and came up with four proof-of-concept attacks that they believe should make SmartThings owners a bit paranoid by thinking about worst case scenarios in which hackers remotely take control of your home.If a hacker could unlock your door while you are sleeping, then your safety is at risk. If the door is unlocked while you were away, then you might have come home to discover all your cool tech is gone. If a hacker could continually set off your smoke alarm, then your sanity might be tested.None of those examples are out of the realm of possibility as the researchers exploited SmartThings framework design flaws and developed attacks which included stealing door lock PIN codes, changing the lock code, triggering a fake fire alarm and turning off vacation mode “all without requiring SmartApps to have capabilities to carry out these operations and without physical access to the home.”To read this article in full or to leave a comment, please click here

Worth Reading: Cisco Unified Code Base

Cisco had an interesting and very promising presentation at Network Field Day 11 about an effort to unify their codebase for a part of their product line. Jagbir Kang, product manager for enterprise switching, provided an overview of the IOS XE Denali (16.1.1) release which will unify the development trains for the Cat 3850 and 3650 switches with the ASR1000 routing platform. -via Netcraftsmen

LinkedInTwitterGoogle+FacebookPinterest

The post Worth Reading: Cisco Unified Code Base appeared first on 'net work.

Craig Wright claims he is bitcoin inventor Satoshi Nakamoto

Australian entrepreneur Craig Wright is bitcoin creator Satoshi Nakamoto, he claimed on his personal blog and in media interviews on Monday. Within hours, skeptics were pointing to flaws in his claims. Wright was first outed as the developer of the cryptocurrency by Wired magazine in December, but would not confirm the magazine's claims at the time. Days later the magazine said fresh evidence pointed to another possibility it had raised: that Wright may be a sophisticated hoaxer.To read this article in full or to leave a comment, please click here

Microsoft’s IE loses top browser spot to Google’s Chrome

Microsoft's Internet Explorer (IE) last month lost the No. 1 spot to Google's Chrome, marking a major milestone not only in IE's 21-year lifespan, but a dramatic changing of the desktop browser guard.According to U.S. analytics vendor Net Applications, IE and Edge -- which the firm tossed into a single bucket labeled "IE" -- fell 2 percentage points in April, the fifth straight month of a loss greater than a point, and the 16th of any size -- to end at 41.4% of the total global browser user share.Meanwhile, Chrome climbed 2.6 percentage points to take a narrow lead with 41.7%.Previously, Computerworld had forecast -- using long-term trends portrayed by Net Applications' data -- that Chrome would wrestle the No. 1 position from IE by the end of May.To read this article in full or to leave a comment, please click here

Android at work: 38 business-worthy apps

"Android" and "enterprise" are two words that traditionally haven't gone together. But with Google beefing up its Android for Work initiative -- and getting ready to launch more enterprise-friendly features with the upcoming Android "N" release -- the notion of companies considering Android for employees no longer seems far-fetched.To read this article in full or to leave a comment, please click here

Trim your application portfolio for savings

Paul Valente, a Chicago Public Schools systems engineer, jokes that his employer is "a $7 billion organization with a $6 billion budget." Not surprisingly, the underfunded department has a short-staffed IT team, so Valente is always looking for ways to cut costs and streamline operations -- and he feels he has struck gold with an application rationalization scheme.To read this article in full or to leave a comment, please click here(Insider Story)

Microsoft SQL Server 2016 finally gets a release date

Database fans, start your clocks: Microsoft announced Monday that its new version of SQL Server will be out of beta and ready for commercial release on June 1. The news means that companies waiting to pick up SQL Server 2016 until its general availability can start planning their adoption.SQL Server 2016 comes with a suite of new features over its predecessor, including a new Stretch Database function that allows users to store some of their data in a database on-premises and send infrequently used  data to Microsoft's Azure cloud. An application connected to a database using that feature can still see all the data from different sources, though. To read this article in full or to leave a comment, please click here

As CIO, this former CFO’s mission is to empower business partners

Herve Coureil spent more than two decades building a career before landing the top technology spot at Schneider Electric, which specializes in energy management and automation. Nothing unusual there -- except for the fact that Coureil spent most of his 23 years at Schneider outside of IT, in business and financial roles. In fact, he served as chief financial officer in Schneider's Critical Power and Cooling Services unit before becoming CIO in 2009.To read this article in full or to leave a comment, please click here(Insider Story)

Why referrals make the best hires

Looking for a new job but can't seem to land one? Maybe your poor networking skills are to blame? A new national survey reveals that while HR professionals say employee referrals are the best source for finding great candidates, only 7 percent of job seekers are using referrals as part of their job search.The Active Job Seeker Dilemma survey, from Future Workplace, a research firm and workforce management consultancy and Beyond.com, a career and hiring marketplace, polled 4,347 U.S. job seekers and 129 HR professionals. The survey revealed a major disconnect between job seekers and the HR pros who are looking to hire when it comes to how candidates are identified.To read this article in full or to leave a comment, please click here

IT leaders pick productivity over security

Results from two recent studies suggest that cybersecurity needs an overhaul at most companies with root causes of the problem including poor communication, a lack of employee awareness, slowed productivity and a lack of budget.In its 2016 Cybersecurity Confidence Report, Barkly, an endpoint security company, surveyed 350 IT pros to determine the top security concerns for 2016 and gauge how confident IT leaders are when it comes to cybersecurity issues. The survey looked at IT leaders' biggest security concerns, levels of confidence around security, number of breaches in 2015, amount of time spent on security, biggest priorities in IT and the downsides to current security solutions -- and, for the most part, the results were grim.To read this article in full or to leave a comment, please click here

The expanding landscape of exploit kits

Angler, Magnitude, and Nuclear are a few of the most commonly used exploit kits criminals are using to deliver a variety of payloads from botnets to ransomware. Exploit kits are really just a means for malicious actors to get in the door. Once their payloads are installed, the payload is unique to the criminal, and the payload delivered has a profound impact on business operations.The prevalence of exploit kits and the techniques favored by attackers changes quite often. Only a few years ago, Black Hole was the most popular exploit kit until its author, Dmitry “Paunch” Fedotov was arrested. In the years that followed his arrest, the use of Black Hole declined. Despite "Paunch" being sentenced to seven years in prison last month, exploit kit authors remain undeterred and vigilant in their derivatives.To read this article in full or to leave a comment, please click here

1 2,999 3,000 3,001 3,002 3,003 3,841