 |
Microsoft to resume email-based security notifications
Microsoft has backtracked on a plan to stop sending email-based notifications about security bulletins starting this month.The company informed its customers Friday that beginning Tuesday it would no longer send security-related notifications via email because of "changing governmental policies concerning the issuance of automated electronic messaging."The decision would have affected notifications about upcoming security bulletins, security bulletin summaries, new security advisories, and revisions to security bulletins and advisories.To read this article in full or to leave a comment, please click here Read More
WHITE PAPER: Juniper Networks
Security in the Next-Generation Data Center
This white paper examines these trends, and it reveals the key capabilities that today's security teams require to effectively ensure that vital corporate assets remain secure, while at the same time optimizing access, cost, and administrative efficiency. View Now
WHITE PAPER: HP
Why you need a next-generation firewall
This white paper explores the reasons for implementing NG firewalls and lays out a path to success for overburdened IT organizations. Learn More
Apple patches iOS, OS X and Safari on Mega Monday
Apple on Monday updated both OS X and iOS, patching 19 security vulnerabilities in the former and 44 in the latter.OS X 10.9.3, aka "Mavericks," and iOS 7.1.2 each contained several non-security fixes as well.Mavericks received 19 patches, 11 of them rated critical with the description that an exploit may be able to execute "arbitrary code," Apple-speak for the most serious tier of vulnerabilities. The separate Security Update 2014-003 addressed three bugs in Lion and eight in Mountain Lion, the precursors to Mavericks which shipped in 2011 and 2012, respectively.Because Apple has stopped shipping security updates for OS X Snow Leopard, there was no corresponding update for the 2009 edition that still powers about one in every six Macs.To read this article in full or to leave a comment, please click here Read More
EFF sues the NSA to disclose use of software security flaws
The Electronic Frontier Foundation, a prominent digital privacy rights group, has filed a lawsuit against the U.S. National Security Agency to get it to specify the extent to which it might exploit software security flaws.The EFF said Tuesday it had filed a Freedom of Information Act lawsuit against the NSA and the Office of the Director of National Intelligence to gain access to documents showing how intelligence agencies choose whether to disclose software security flaws known as "zero days." These early stage flaws are typically discovered by researchers but are not yet patched by developers or the company. A market has even sprung up around the flaws, in which governments will purchase the vulnerabilities to gain access to people's computers, EFF said.To read this article in full or to leave a comment, please click here Read More
Hadoop's success drives efforts to make it more secure
Talk about big data and it won't take long for Hadoop to appear in the conversation. The Apache open source software is used to orchestrate clusters of commodity computers to crunch information from mountains of data.To read this article in full or to leave a comment, please click here(Insider Story) Read More
WEBCAST: IBM
The Next Generation of Big Data
Learn about IBM's new and expanded Information Management capabilities now delivered in the cloud. Learn More
Tools catch security holes in open source code
This year has been the best of times and the worst of times for open source code and security.On the one hand, the latest survey by Black Duck Software and North Bridge Venture Partners shows that 72 percent of industry professionals prefer open source software because it's more secure than proprietary solutions.[Are open-source projects the pathway to better security?]On the other hand, Heartbleed exposed a security flaw in the widely-used, open source OpenSSL encryption tool that affected more than half a million websites. Also this spring, TrueCrypt unexpectedly shut down, citing "unfixed security issues" on its SourceForge page, and a critical bug in Linux, GnuTLS, was finally exposed after having been undiscovered for more than 10 years.To read this article in full or to leave a comment, please click here Read More
Microsoft legal action cramping other hacking campaigns, Kaspersky says
Microsoft's seizure of domains from a DNS service provider has also disrupted some state-sponsored cyberespionage campaigns, according to security vendor Kaspersky Lab.A quarter of the long-term malware operations run by hacking groups tracked by the Russian security vendor have been affected by the seizure of domains from No-IP, wrote analyst Costin Rau on a company blog Tuesday.No-IP, run by Nevada-based Vitalwerks, has a free "dynamic DNS" service that updates DNS entries for a domain that has a changing IP address assigned by an ISP. It does that by lending a subdomain to the customer, then updating the DNS record as the IP address for the hostname changes.To read this article in full or to leave a comment, please click here Read More
Israeli security startup firm Hexadite automates cyber incident response
Technology developed by an Israeli security firm called Hexadite promises to help companies reduce cyber incident response times by automating security breach investigation and remediation.The company's product, called the Hexadite Automated Incident Response Solution (AIRS), is currently being tested by several U.S. and Israeli-based companies and is expected to be launched around October.However, companies interested in the technology can request a demo starting Tuesday and then potentially join the beta program, said Hexadite's co-founder and CEO, Eran Barak.Large enterprises have a wide range of security products running on their endpoint systems or networks, including anti-malware programs, data loss prevention (DLP) systems, firewalls and intrusion detection systems (IDS). These are further complemented by security information and event management (SIEM) products that analyze data from various applications and systems inside the organization and generate alerts.To read this article in full or to leave a comment, please click here Read More
WEBCAST: Network Instruments
3 Choices for Effective UC Management
This webcast discusses five best practices on how to successfully optimize and manage UC, as well as how to gain clear picture of overall performance and quickly troubleshoot when the inevitable issues arise. Learn More
DARPA demos lightweight, 94GHz silicon system on a chip
Looking to bring lighter, more powerful and less expensive systems for various applications such as communications, radar or guidance systems, DARPA said this week it had recently demonstrated an all-silicon, microchip-sized system on a chip that runs at 94 GHz.DARPA claims that this chip is the first time a silicon-only package has achieved such a high frequency, which falls in the millimeter-wave range.+More on Network World: Quick look: NASA tests supersonic Mars flying saucer+"What normally would require multiple circuit boards, separate metal shielded assemblies and numerous I/O cables we can now miniaturize onto one silicon chip about half the size of an adult's thumbnail," said Dev Palmer, DARPA program manager in a statement. "This accomplishment opens the door for co-designing digital CMOS [complementary metal oxide semiconductors] and millimeter-wave capabilities as an integrated system on an all-silicon chip, which should also make possible new design architectures for future military [wireless] systems."To read this article in full or to leave a comment, please click here Read More
Big data security analytics mantra: Collect and analyze everything
In a recent research survey, ESG asked security professionals to identify the most important type of data for use in malware detection and analysis (note: I am an employee of ESG). The responses were as follows: 42% of security professionals said, "Firewall logs" 28% of security professionals said, "IDS/IPS alerts" 27% of security professionals said. "PC/laptop forensic data" 23% of security professionals said, "IP packet capture" 22% of security professionals said, "Server logs" I understand this hierarchy from a historical perspective, but I contend that this list is no longer appropriate for several reasons. First of all, it is skewed toward the network perimeter which no longer makes sense in a mobile device/mobile user world. Second, it appears rooted in SIEM technology which was OK a few years ago, but we no longer want security technologies mandating what types of data we can and cannot collect and analyze.To read this article in full or to leave a comment, please click here Read More
Energy providers hacked through malicious software updates
Symantec says the Dragonfly campaign, originating in Eastern Europe, sought to gain persistent access to energy suppliers Read More
| |
No comments:
Post a Comment