Nigerian scammers buy exploit kits to defraud Asian businesses

A small group of Nigerian scammers is using more sophisticated methods to defraud mostly Asian businesses, including buying exploit kits and malware from experienced coders, according to a new report from FireEye.The security company said the group performs deep reconnaissance of its potential victims, jumping inside financial transactions in order to try to divert payments to their own accounts.The schemes are much more complex than so-called 419 or advance fee fraud scams, where random victims are induced to send funds in order to get a non-existent but much larger payoff.To read this article in full or to leave a comment, please click here

New Apt and Yum Repos

written by Jessie Frazelle, Core Maintainer at Docker, Inc. TLDR; UPDATE your Docker apt repo source list if you want to be able to get the latest Docker We have a yum repo FINALLY for rpms EVERYONE GETS A DYNAMIC … Continued

Microsoft follows Google to crack down on revenge porn

Microsoft will make it easier for people to request the removal of links to intimate images or videos from the company's Bing search engine if such content was posted online without their consent. This move comes in response to an increasingly prevalent phenomenon dubbed "revenge porn," where jilted former partners or extortionists upload sexually explicit content depicting the victims in an embarrassing light. "Unfortunately, revenge porn is on the rise across the globe," said Jacqueline Beauchere, Microsoft's chief online safety officer, in a blog post. "It can damage nearly every aspect of a victim's life: relationships, career, social activities. In the most severe and tragic cases, it has even led to suicide."To read this article in full or to leave a comment, please click here

Startup launches big data-as-a-service

For many enterprises, big data is hard and slow. Procurement and deployment of data infrastructure can be both expensive and difficult to scale at the pace that data volumes can grow. A startup founded by former Netezza executives says that the answer to these data engineering woes is the cloud. The startup, Cazena, came out of stealth today after two years of development with an enterprise big data-as-a-service offering intended to simplify and automate securely moving and optimizing big data processing in the cloud. It's a managed service platform that founder and CEO Prat Moghe — who served as senior vice president of strategy, products and marketing at Netezza — says addresses the security and complexity challenges that have kept many enterprises from migrating their big data workloads to the cloud.To read this article in full or to leave a comment, please click here

IBM woos cloud developers

IBM is stepping up its efforts to atract cloud developers. Big Blue today announced a three-pronged approach that includes a new collaborative platform to help developers stay on top of open source technologies, the release of 50 tools and services to the open source community and partnerships with 200 academic institutions across 36 countries. The new platform, developerWorks Open, is a cloud-based environment through which developers can download code and access blogs, videos, tools and techniques. The goal is to accelerate their ability to build and deploy open source apps.To read this article in full or to leave a comment, please click here

How to check if you’ve been attacked by Hacking Team intrusion malware

Hacking Team malware has been attacking computers and smartphones --- and you may be infected without knowing it. Here's how to find out if you're infected. Hacking Team is an Italian-based company that sells surveillance and intrusion software to government agencies and law enforcement groups across the world. Earlier this month its systems were broken into and the Hacking Team's intrusion software was released to the world. That means that hackers could grab hold of it for their own purposes and attack computers and smartphone. Since then, Microsoft has released a patch for Windows designed to close a security hole that could be exploited by Hacking Team Software. Adobe has released a patch for Flash Player, which is vulnerable as well.To read this article in full or to leave a comment, please click here

US court says ‘pocket-dialed’ calls are not private

A federal appeals court in Ohio has ruled that a person who accidentally “pocket dials” someone shouldn’t expect any overheard conversation to be considered private.The case involves the chairman of the Airport Board in Kenton, Kentucky, which oversees the Cincinnati/Northern Kentucky International Airport. The chairman, James Huff, was on a business trip in Italy with his wife and a colleague when he accidentally pocket-dialed the secretary of the airport’s CEO back in the U.S.The secretary, Carol Spaw, said “hello” a few times and soon figured out the call wasn’t meant for her. But she overheard Huff and his colleague talking about personnel matters, including the possibility that the airport’s CEO—Spaw’s boss—might be replaced. The inadvertent call continued after Huff got back to his hotel room with his wife.To read this article in full or to leave a comment, please click here

Qualcomm plans cuts, may spin off assets

Qualcomm will cut costs by about $1.4 billion per year and study the possible sale of assets as part of a company realignment.The mobile technology juggernaut is also shaking up its board of directors as part of an agreement with investment company Jana Partners. Jana, which owns a chunk of Qualcomm’s stock, has pressured the company to spin off its chip division from its patent licensing business.The realignment was announced as Qualcomm reported its profit fell by nearly half in the April-to-June quarter on revenue that declined by 14 percent from a year earlier.“The changes we are announcing today are designed to enable us to right-size our cost structure and reposition Qualcomm for improved financial and operating performance,” CEO Steve Mollenkopf said in a statement.To read this article in full or to leave a comment, please click here

Infosec’s inability to quantify risk

Infosec isn't a real profession. Among the things missing is proper "risk analysis". Instead of quantifying risk, we treat it as an absolute. Risk is binary, either there is risk or there isn't. We respond to risk emotionally rather than rationally, claiming all risk needs to be removed. This is why nobody listens to us. Business leaders quantify and prioritize risk, but we don't, so our useless advice is ignored.

An example of this is the car hacking stunt by Charlie Miller and Chris Valasek, where they turned off the engine at freeway speeds. This has lead to an outcry of criticism in our community from people who haven't quantified the risk. Any rational measure of the risk of that stunt is that it's pretty small -- while the benefits are very large.

In college, I owned a poorly maintained VW bug that would occasionally lose power on the freeway, such as from an electrical connection falling off from vibration. I caused more risk by not maintaining my car than these security researchers did.

Indeed, cars losing power on the freeway is a rather common occurrence. We often see cars on the side of the road. Few accidents are caused Continue reading

Open Container Format Progress Report

Follow Up from Open Container Initiative (formerly Project) Announcement of 6/22 written by Michael Crosby, Chief Maintainer of Docker, Inc. Approximately one month ago, we announced the creation of the Open Container Initiative*, under the auspices of the Linux Foundation … Continued

CCIE Podcast Pilot Episode 1

Original content from Roger's CCIE Blog Tracking the journey towards getting the ultimate Cisco Certification. The Routing & Switching Lab Exam
This is the pilot episode of the CCIE Podcast, a project I started in April 2015 and never completed, but I am now going to test the water. Please note this episode was recorded in April 2015 before my attempt at the exam in May 2015. Sadly I failed and […]

Other pages of interest:

Post taken from CCIE Blog

Original post CCIE Podcast Pilot Episode 1

How to configure a cheap, secure RAID backup system

We usually store our photos, documents, and more on a single hard disk—or, increasingly these days, a solid state drive (SSD)—but there’s always the nagging worry that the disk will fail, taking all your work and memories with it. Backing up using Time Machine, Super Duper!, or CrashPlan, say, is a good way of reducing this risk, but there is another: RAID. RAID can be incredibly complicated, but it’s extremely worthwhile—one of the things it can do is to mirror the contents of one disk completely to another, all the time. While cloning your hard disk using Super Duper!, for example, is something that might happen once a day, with a RAID system, every bit of data that’s written to one disk is simultaneously written to the second, so that if one drive fails, you have a perfect copy of everything it contained on the second. (And optionally, if you replace the failed drive, everything will be mirrored back across to it automatically.)To read this article in full or to leave a comment, please click here

8 most in-demand IT security certifications

In-demand IT security certifications Image by ThinkstockAs high-profile security breaches (e.g., Target, Sony, Adobe and most recently, Ashley Madison) continue to dominate headlines, companies are doubling down on pay to hire the best and the brightest IT security professionals. The most recent IT Skills and Certifications Pay Index (ITSCPI) from research and analysis firm Foote Partners confirms that IT pros holding security certifications can expect premium pay. Market values for 69 information security and cybersecurity certifications in the ITSCPI have been on a slow and steady upward path for two years, up 8 percent in average market value during this time, states co-founder, chief analyst and research officer David Foote in the report.To read this article in full or to leave a comment, please click here

Belgian government phishing test goes off-track

An IT security drill went off the tracks in Belgium, prompting a regional government office to apologize to European high-speed train operator Thalys for involving it without warning.Belgium’s Flemish regional government sent a mock phishing email to about 20,000 of its employees to see how they would react.The email purported to be a booking confirmation from Thalys for a trip from Brussels to Paris, including a stay in a fancy hotel. The cost—almost €20,000 (about US$22,000)—would be charged to the recipient’s credit card unless the person cancelled within three days, the email said. To cancel the trip, the email instructed recipients to send their credit card information to Thalys, Belgian media reported.To read this article in full or to leave a comment, please click here

Belgian government phishing test goes off-track

An IT security drill went off the tracks in Belgium, prompting a regional government office to apologize to European high-speed train operator Thalys for involving it without warning.Belgium’s Flemish regional government sent a mock phishing email to about 20,000 of its employees to see how they would react.SLAPPED! Tech industry's biggest FINE$ of 2015The email purported to be a booking confirmation from Thalys for a trip from Brussels to Paris, including a stay in a fancy hotel. The cost—almost €20,000 (about US$22,000)—would be charged to the recipient’s credit card unless the person cancelled within three days, the email said. To cancel the trip, the email instructed recipients to send their credit card information to Thalys, Belgian media reported.To read this article in full or to leave a comment, please click here

IDG Contributor Network: Druva aims to deliver complete data protection and compliance for the enterprise

With a product announcement this week, data protection company Druva aims to give enterprises assistance with managing the sometimes-conflicting aims of leveraging new technology for greater efficiency, while still remaining safe and secure in terms of data protection. So what has Druva got in the pipeline now?Utilized by more than 3,000 organizations around the world and protecting data on a reported 3 million devices, Druva is all about data protection for the mobile workforce. What that means is that Druva takes care of backup and availability of data, alongside broad governance. Druva's product aims to ensure that specific data remains within the confines of your organization, while other data can be shared externally. Druva then sits in two camps - both the data backup and recovery space and the endpoint security space. These two worlds are increasingly coming together, and Druva is an example of this trend.To read this article in full or to leave a comment, please click here

Plexxi Named A CRN 2015 Emerging Vendor

This week, Plexxi has been named to CRN’s 2015 Emerging Vendors List. The annual list features up-and-coming technology vendors that have introduced innovative new products that generate opportunities for their channel partners to create high-margin, cutting-edge solutions for their customers. This year’s vendors recognized have demonstrated a commitment to developing new technologies to satisfy the shifting IT market and to meet growing industry demands.

Plexxi partners like CloudGov Technologies have been a huge part of the company’s growth and success. Why? Because we have a simple formula: great products, aimed at a game changing opportunity brought to market by partners that are looking to carve a new path in the market.

In addition to today’s Emerging Vendors list, CRN reporter Mark Haranas recently included Plexxi in his list of the “The 10 Coolest Networking Startups Of 2015” on the heels of the launch of our new network switch series. Our CEO, Rich Napolitano spoke exclusively with Haranas just last week about the new Switch 2 Series and his predictions for the next era of IT.

“We are entering the next great era of IT which will transform the datacenter as we know it. We envision an entirely Continue reading

1 3,305 3,306 3,307 3,308 3,309 3,759