Patch Tuesday: Microsoft released 12 patches, 8 rated critical, 1 for a zero-day

Way to go! Congratulations on suffering through another year of deploying security patches. Microsoft released 12 security bulletins for the last Patch Tuesday of 2015, eight of which are rated as critical for remote code execution vulnerabilities. Hopefully none will result in exceedingly uncool changes like Microsoft snuck into Windows 10 last month to reset privacy settings and default programs.Although Microsoft regards MS15-135 only as “important,” it would be wise to jump on this one as it is the fix for a zero-day vulnerability in the Windows kernel that attackers are exploiting to escalate privilege, according to Qualys CTO Wolfgang Kandek. You wouldn’t know it by its Microsoft-rated “important” status, as Redmond’s security team mentioned that it resolves flaws in Windows kernel-mode drivers. Nils Sommer of bytegeist, working with Google Project Zero, is credited with reporting three CVE’s associated with this patch.To read this article in full or to leave a comment, please click here

Juniper Networks adds an edge to its router

Juniper Networks this week upgraded its edge routers with hardware and software designed to boost performance and enable network automation. Juniper Networks Juniper's MX2020 edge router The enhancements to Juniper’s MX series 3D Universal Edge routers are aimed at improving the port density and operational efficiency of the systems as businesses and consumers demand HD video, cloud services and network-based collaboration from their service providers. Larger enterprises building hybrid cloud networks and placing more emphasis on IT as a competitive differentiator are also targets for the upgraded routers.To read this article in full or to leave a comment, please click here

Chrome for Android blocks access to malware and scam websites

If you've ever seen the scary red pages in Google Chrome that prevent you from visiting a dangerous website, and wished you had them on your phone, then you're in luck: Google has extended Safe Browsing, the technology behind those security alerts, to Android.Safe Browsing is now integrated into Google Play Services, starting with version 8.1, and apps are able to use it. Chrome for Android is the first to do so.As in the desktop version of Chrome, Safe Browsing protects against websites that are known to host malware, potentially unwanted programs as well as phishing and other scams.If you've surfed from an Android phone extensively you've probably been bombarded with persistent ads claiming that your phone is not running properly, that your battery drains too fast or that the device is insecure. All of them try to push some application that allegedly solves the made-up problems.To read this article in full or to leave a comment, please click here

Darkode forum is back, but a shadow of its former self

Last summer, law enforcement agencies from 20 countries joined forces to shut down the notorious Darkode hacking forum. Organizers said they would be back, stronger than ever.Security researchers have been keeping an eye out for its resurgence ever since and finally found it last week, but instead of being stronger than ever, it's actually insecure and badly configured.According to Loucif Kharouni, senior threat researcher at Damballa, it feels like a "bad Darkode imitation" that is "just not worth anyone's time."At its peak, Darkode had hundreds of users who were heavy-weights in the cybercriminal world.To read this article in full or to leave a comment, please click here

IBM tapped by US intelligence agency to grow complex quantum computing technology

IBM today got a multi-year grant from the Intelligence Advanced Research Projects Activity (IARPA) to build key components of what it calls a universal quantum computer. +More on Network World: Intelligence agency wants a superconducting, super cool, supercomputer+ You may recall that IARPA operates as part of the Office of the Director of National Intelligence and the Big Blue award was granted under the auspices of the group’s Logical Qubits (LogiQ) program which is looking to develop technologies that overcome the limitations of current quantum systems by building a logical qubit from a number of imperfect physical qubits.To read this article in full or to leave a comment, please click here

IBM tapped by US intelligence agency to grow complex quantum computing technology

IBM today got a multi-year grant from the Intelligence Advanced Research Projects Activity (IARPA) to build key components of what it calls a universal quantum computer. +More on Network World: Intelligence agency wants a superconducting, super cool, supercomputer+ You may recall that IARPA operates as part of the Office of the Director of National Intelligence and the Big Blue award was granted under the auspices of the group’s Logical Qubits (LogiQ) program which is looking to develop technologies that overcome the limitations of current quantum systems by building a logical qubit from a number of imperfect physical qubits.To read this article in full or to leave a comment, please click here

Sponsored Post: StatusPage.io, Redis Labs, Jut.io, SignalFx, InMemory.Net, VividCortex, MemSQL, Scalyr, AiScaler, AppDynamics, ManageEngine, Site24x7

Who's Hiring?

  • Senior Devops Engineer - StatusPage.io is looking for a senior devops engineer to help us in making the internet more transparent around downtime. Your mission: help us create a fast, scalable infrastructure that can be deployed to quickly and reliably.

  • At Scalyr, we're analyzing multi-gigabyte server logs in a fraction of a second. That requires serious innovation in every part of the technology stack, from frontend to backend. Help us push the envelope on low-latency browser applications, high-speed data processing, and reliable distributed systems. Help extract meaningful data from live servers and present it to users in meaningful ways. At Scalyr, you’ll learn new things, and invent a few of your own. Learn more and apply.

  • UI EngineerAppDynamics, founded in 2008 and lead by proven innovators, is looking for a passionate UI Engineer to design, architect, and develop our their user interface using the latest web and mobile technologies. Make the impossible possible and the hard easy. Apply here.

  • Software Engineer - Infrastructure & Big DataAppDynamics, leader in next generation solutions for managing modern, distributed, and extremely complex applications residing in both the cloud and the data center, is Continue reading

Build Slides Are Evil

 

HammerAndSaw

PowerPoint is a necessary evil. No program allows us to convey as much information in a short amount of time. PowerPoint is almost a requirement for speaking in front of groups. Information can be shown in a very effective manner for audiences of five or five hundred. But PowerPoint also allows presenters to do some very silly things that impact our ability to learn.

Not Built In A Day

The biggest offense in the land of PowerPoint is the build slide. Build slides are those that have elements that must be layered together in order to show the complete picture. In some cases, build slides have complex graphic overlays with many different elements. They may have clip art overlays. But build slides can also be simple bullet points that appear one at a time in a list. The key is that all the parts of the slide must progress in series to “build” the whole thing.

Build slides look very awesome. They provide the appearance of motion and give a movie-like quality to a static presentation. And they often take up a large amount of time during the creation process. But they are almost always unnecessary.

When built properly, Continue reading

DDoS attacks increase in number, endanger small organizations

While the power of distributed denial-of-service (DDoS) attacks has decreased in recent months, their number has spiked, a trend that could signal trouble for smaller companies and websites.The number of DDoS attacks recorded in the third quarter of this year has grown by 180 percent compared to Q3 2014, exceeding 1,500, Akamai said in the latest edition of its State of the Internet report published Tuesday.Despite their large number, the attacks were shorter in duration, had lower bandwidth and smaller volumes compared to both the same period last year and the previous quarter.Smaller companies' websites are increasingly at risk due to the rising popularity of DDoS-for-hire services and are also a prime target for attackers that use DDoS as an extortion tool.To read this article in full or to leave a comment, please click here

DDoS attacks increase in number, endanger small organizations

While the power of distributed denial-of-service (DDoS) attacks has decreased in recent months, their number has spiked, a trend that could signal trouble for smaller companies and websites.The number of DDoS attacks recorded in the third quarter of this year has grown by 180 percent compared to Q3 2014, exceeding 1,500, Akamai said in the latest edition of its State of the Internet report published Tuesday.Despite their large number, the attacks were shorter in duration, had lower bandwidth and smaller volumes compared to both the same period last year and the previous quarter.Smaller companies' websites are increasingly at risk due to the rising popularity of DDoS-for-hire services and are also a prime target for attackers that use DDoS as an extortion tool.To read this article in full or to leave a comment, please click here

New technology watch ‘net

A few thoughts on new technology from around the web over the last week. Is data center software defined networks crossing the chasm? According to the Next Platform, for instance, it is —

And the answer is that it is in Gartner’s slope of enlightenment, that it is crossing Moore’s chasm, and that it is in a period where market share is being set month by month. If you follow the assumptions made in the above analysis, then 2015 will represent at most 1 percent to 3 percent of the total revenue that will occur in the datacenter SDN market over the next five years. It is an exciting time to be in datacenter networking.

This still leaves me with a question, however — what does a “software defined network” really mean? From one perspective, I’ve been working on software defined networks since the mid-1990’s. It is the software based centralized and distributed control planes that have defined the network ever since then; the last hardware defined network I worked on was based on inverse multiplexers and physical interconnects to direct and manage traffic. So what do we mean when we say “software defined network” today? It seems the biggest Continue reading

How the NSA uses behavior analytics to detect threats

The National Security Agency has significantly enhanced its capabilities for detecting cyber-threats in the two-plus years since former NSA contractor Edward Snowden pilfered and disclosed classified information. The multi-layered capabilities, which include user behavior analytics, now protect a private cloud that provides storage, computing and operational analytics to the intelligence community, CIO Greg Smithberger tells CIO.com. Greg Smithberger, CIO of the National Security Agency.To read this article in full or to leave a comment, please click here

Attackers are building big data warehouses of stolen credentials and PII

According to McAfee Labs, attackers are linking stolen personally identifiable information (PII) sets together in Big Data warehouses, making the combined records more valuable to cyber-attackers. The coming year will see the development of an even more robust dark market for stolen PII and usernames and passwords, according to McAfee Labs.A new type of criminal is combining warehousing and selling stolen data including access credentials and PII that are targeted to specific markets, industries, companies, and purposes, according to the McAfee Labs 2016 Threat Predictions and McAfee Labs’ Director of Threat Intelligence, Christian Beek. McAfee has seen the hacker underground and dark markets moving in this direction over the past seven months, Beek asserts.To read this article in full or to leave a comment, please click here

Top security stories of 2015

More data breachesImage by Flickr: Chris MarquardtHacking Team, Comcast, Ashley Madison… the list goes on of companies who became just another notch in the belt of cybercriminals. Like in years past, data breaches were top of the list for our year in review story. Here are some stories that made headlines in 2015.To read this article in full or to leave a comment, please click here

CIO seeks ‘disruptive opportunities’

For nearly 150 years, Schindler Group has been moving people. The Lucerne, Switzerland-based company makes, supplies and services elevators, escalators and moving walkways. As it moves toward the future, Schindler is deploying smart equipment capable of sharing information with back-end systems and, among other things, sending alerts about maintenance needs to service personnel.To read this article in full or to leave a comment, please click here(Insider Story)

Akamai: DDoS attacks up thanks to criminal misuse of stress-test services

Criminals are tapping Web-based services that are advertised as tools to stress test customers’ networks but in actuality they are using them to launch DDoS attacks against victims, according to Akamai.The paid sites can make DDoS attacks a viable option for actors looking to shut down targeted servers, the company says in its “State of the Internet/Security Q3 2015” report. “Many of the sites are simply DDoS-for-hire tools in disguise, relying on the use of reflection attacks to generate their traffic,” the report says.+More on Network World: DARPA scheme would let high-tech systems “see” as never before+To read this article in full or to leave a comment, please click here

1 3,240 3,241 3,242 3,243 3,244 3,860