Search This Blog

Thursday, August 07, 2014

IE plays security catch-up, will block outdated Java plug-ins

Network World Security - Newsletter - networkworld.com
Black Hat USA 2014: Talking botnets and ad campaigns | The Black Hat Quiz 2014

Network World Security

Forward this to a Friend >>>


IE plays security catch-up, will block outdated Java plug-ins
An update to IE 8 through IE 11 next week will introduce a new warning when users try to run an outmoded Java ActiveX control Read More


WHITE PAPER: Dell Software

IAM for the Real World – Privileged Account Management
Read this e-book for essential information on the common security issues with privileged account management – and how you can minimize or eliminate them. Read now!

WHITE PAPER: SIGMA Solutions and EMC Corporation

Confront consumerization with convergence
Virtualization expert Elias Khnaser spotlights the security, compliance, and governance issues that arise when enterprise users "consumerize" with shadow IT and public cloud services. And he provides a prescription for modifying this behavior with a private cloud hosted on a robust converged infrastructure. Learn More

Black Hat USA 2014: Talking botnets and ad campaigns
"The situation we're in with advertising is a lot like where the banks are, where everyone has struggled with the fact that you can't trust the other end of the connection," says White Ops CEO Michael Tiffany. "It's the same cookies, user information, etc. But one is real, and the other is fake."[Malicious advertising offers broad reach and quick rewards for malware perpetrators]Tiffany, of course, is referring to the very real threat of botnets targeting ad campaigns by infecting the computers of actual customers and users. When it comes to dodging anomaly detection, this is a far more effective approach than attempting to steal credentials.To read this article in full or to leave a comment, please click here Read More

The Black Hat Quiz 2014
How well do you know the security conference's revelations about NSA, pwned cars, spying cell phones and more? Read More

US federal agencies halt background checks by contractor after cyberattack
Two U.S. federal agencies have halted background checks with a contractor that said Wednesday its networks had been breached in a cyberattack suspected to have been coordinated by an unnamed country.US Investigations Services (USIS), based in Falls Church, Virginia, said federal law enforcement is investigating the incident, which it claimed “has all the markings of a state-sponsored attack,” according to a statement. It has hired a computer forensics firm to “determine the precise nature and extent of any unlawful entry into our network.”The Office of Personnel Management (OPM) and the Department of Homeland Security (DHS) temporarily suspended its contracts with the company, but USIS said it hoped to resume business soon.To read this article in full or to leave a comment, please click here Read More


WHITE PAPER: Juniper Networks

Security in the Next-Generation Data Center
This white paper examines these trends, and it reveals the key capabilities that today's security teams require to effectively ensure that vital corporate assets remain secure, while at the same time optimizing access, cost, and administrative efficiency. View Now

Network-attached storage devices more vulnerable than routers, researcher finds
A security review of network-attached storage (NAS) devices from multiple manufacturers revealed that they typically have more vulnerabilities than home routers, a class of devices known for poor security and vulnerable code.Jacob Holcomb, a security analyst at Baltimore-based Independent Security Evaluators, is in the process of analyzing NAS devices from 10 manufacturers and has so far found vulnerabilities that could lead to a complete compromise in all of them.“There wasn’t one device that I literally couldn’t take over,” Holcomb said Wednesday during a talk at the Black Hat security conference in Las Vegas, where he presented some of his preliminary findings. “At least 50 percent of them can be exploited without authentication,” he said.To read this article in full or to leave a comment, please click here Read More

OpenSSL, critical encryption component, gets nine software fixes
Nine software fixes were released Wednesday for OpenSSL, a critical encryption component for exchanging data on the web, although none of the problems are as severe as the “Heartbleed” issue found in April.All of the issues were reported during June and July by security analysts with software vendors Google, Codenomicon, LogMeIn and NCC Group, according to an advisory.The latest patches fixed several problems that can be triggered through denial-of-service attacks, which can cause OpenSSL to crash, consume large amounts of memory or leak information.OpenSSL’s code has been intensively examined since April, when vendor Codenomicon found the so-called ”Heartbleed” vulnerability, a server-side memory leak that could divulge passwords and private SSL/TLS (Secure Sockets Layer/Transport Layer Security) keys needed to decode encrypted data traffic. Adding to the risk, an attack using Heartbleed is undetectable.To read this article in full or to leave a comment, please click here Read More

Massive Russian hack has researchers scratching their heads
Don’t worry, you’re not the only one with more questions than answers about the 1.2 billion user credentials amassed by Russian hackers.Some security researchers on Wednesday said it’s still unclear just how serious the discovery is, and they faulted the company that uncovered the database, Hold Security, for not providing more details about what it discovered.“The only way we can know if this is a big deal is if we know what the information is and where it came from,” said Chester Wisniewski, a senior security advisor at Sophos. “But I can’t answer that because the people who disclosed this decided they want to make money off of this. There’s no way for others to verify.”To read this article in full or to leave a comment, please click here Read More


WHITE PAPER: HP

Why you need a next-generation firewall
This white paper explores the reasons for implementing NG firewalls and lays out a path to success for overburdened IT organizations. Learn More

Black Hat 2014: How to crack just about everything
From cell phones and cars to IPv6 security researchers have turned their skills against a world of technology Read More

6 Job Search 'Hacks' That Will Get You Hired
These six job search 'hacks' can help you set yourself apart from other candidates and put you on the path to land your dream job. Read More

Worst data breaches of 2014…So far
For the first half of this year that is Read More


SLIDESHOWS

Black Hat 2014: How to crack just about everything

From cell phones and cars to IPv6 security researchers have turned their skills against a world of technology.

JOIN THE NETWORK WORLD COMMUNITIES

As network pros you understand that the value of connections increase as the number of connections increase, the so called network effect, and no where is this more evident than in professional relationships. Join Network World's LinkedIn and Facebook communities to share ideas, post questions, see what your peers are working on and scout out job applicants (or maybe find your next opportunity).

Network World on Facebook

Network World on LinkedIn

MOST-READ STORIES of 2014

1. Rackspace bows out of IaaS market

2. Why TCP/IP is on the way out

3. iPhone 6 will not be delayed by Chinese wheel hub factory explosion

4. Microsoft's inconsistent Windows Phone 8.1 strategy stumbles forward

5. Cisco: Blackhole arrest cuts exploit-kit traffic, but don't let your guard down

6. 10 things you need to know about Microsoft's Surface Pro 3

7. IT Outsourcing Customers Mad as Hell, Ready to Walk

8. Top 20 colleges for computer science majors, based on earning potential

9. 10 disturbing attacks at Black Hat USA 2014

10. Defining F5's role in software defined networks


Do You Tweet?
Follow everything from NetworkWorld.com on Twitter @NetworkWorld.

You are currently subscribed to networkworld_security_alert as security.world@gmail.com.

Unsubscribe from this newsletter | Manage your subscriptions | Subscribe | Privacy Policy

When accessing content promoted in this email, you are providing consent for your information to be shared with the sponsors of the content. Please see our Privacy Policy for more information.

If you are interested in advertising in this newsletter, please contact: bglynn@cxo.com

To contact Network World, please send an e-mail to customer_service@nww.com.

Copyright (C) 2014 Network World, 492 Old Connecticut Path, Framingham MA 01701

** Please do not reply to this message. If you want to contact someone directly, send an e-mail to customer_service@nww.com. **


No comments: