Friday, September 05, 2014

Why you shouldn't change your passwords regularly

Cyberespionage group starts using new Mac OS X backdoor program | Netflix looking to hire a 'Chaos Engineer'

Network World Security

Why you shouldn't change your passwords regularly
Here's some surprising advice: Stop changing your passwords. But just how wacky is that idea? Read More


WHITE PAPER: OpenMarket

How CIOs Can Guide the Enterprise to Mobile Success
In this paper we look at the new, front-line role of IT and security, specifically within enterprises using mobile messaging technologies, and suggest ways to mitigate risk and avoid costly mistakes and pitfalls. View Now>>

RESOURCE COMPLIMENTS OF: Alien Vault

It's Here: Gartner Magic Quadrant for SIEM 2014
AlienVault is on a mission to change how organizations detect & mitigate threats - affordably & simply. Our USM solution delivers complete security visibility in a fraction of the time of traditional SIEM. So, you can go from installation to insight in days, not months. Download the 2014 Gartner MQ for SIEM now to see what makes AlienVault a SIEM Visionary.

Cyberespionage group starts using new Mac OS X backdoor program
A group of hackers known for past cyberespionage attacks against the U.S. Defense Industrial Base, as well as companies from the electronics and engineering sectors, has recently started using a backdoor program to target Mac OS X systems.“The backdoor code was ported to OS X from a Windows backdoor that has been used extensively in targeted attacks over the past several years, having been updated many times in the process,” security researchers from FireEye said Thursday in a blog post.The malicious program is dubbed XSLCmd and is capable of opening a reverse shell, listing and transferring files and installing additional malware on an infected computer. The OS X variant can also log keystrokes and capture screen shots, the FireEye researchers said.To read this article in full or to leave a comment, please click here Read More


WHITE PAPER: Fortinet

Security Concerns in the C-Suite
Next-generation firewall technology (NGFW) addresses the most prevalent security issues. Fortinet's FortiGate NGFW integrates five crucial security protections, including strong authentication, antimalware and APT detection. View Now>>

Netflix looking to hire a 'Chaos Engineer'
Here’s a job offering you don’t see every day (asterisks mine): “Netflix is hiring a ‘Chaos Engineer’ … Basically, somebody to go in and f**k s**t up to prove we can recover. Ping me for details!”The “recruiter” in this case is Dan Woods, a senior software engineer at Netflix, and the “listing” was in the form of a tweet, which elicited a string of wisecracks – and a few expressions of interest -- from the Twitter crowd: Netflix is no stranger to chaos. In 2012 the company released the source code for Chaos Monkey, the first of its Simian Army collection of cloud testing tools.To read this article in full or to leave a comment, please click here Read More


WHITE PAPER: HP

Top 5 Truths About Big Data Hype and Security Intelligence
Big Data Security Analytics (BDSA) is the subject of exuberant predictions. However, a Gartner analyst points out that no available BDSA solutions come close to these forecasts. Nevertheless, the principles of Big Data are the key to advanced security intelligence. This white paper discusses the key tenets of Big Data. Learn more >>

Note to Executives, Legislators, and Consumers: Time For a More Serious Dialogue About Cybersecurity
Like everyone else in the cybersecurity domain, I've been pretty busy the past week or so.  First there was the UPS store breach, which was small change compared to the nefarious cybersecurity situation at JP Morgan Chase.  The condition became a bit more whimsical when photos of naked celebrities floated around the web but quickly became serious again with the breach at Home Depot, which may trump the Target breach when all is said and done. Here is a terse synopsis of what’s going on:  We’ve gotten really good at rapidly developing and implementing new applications on new technologies.  We can even do so at scale (with the exception of healthcare.gov, but that’s another story).  Yup, we want immediate gratification from our technology toys but we really don’t have the right people, skills, processes, or oversight to actually protect them.To read this article in full or to leave a comment, please click here Read More

Encrypted data in the cloud? Be sure to control your own keys
This column is available in a weekly newsletter called IT Best Practices.  Click here to subscribe.  With cloud computing there's no longer a question about whether you should encrypt data. That's a given. The question today is, who should manage and control the encryption keys?Whether talking to an infrastructure provider like Amazon or Microsoft, or a SaaS provider, it's imperative to have the discussion about key control. The topic is more relevant than ever as more companies move regulated data into the cloud and as concerns about data privacy grow.To read this article in full or to leave a comment, please click here Read More

Configuration errors lead to HealthCare.gov breach
The Health and Human Services Department (HHS) said that HealthCare.gov, the nation's health insurance enrollment website, was breached in July and that the attackers uploaded malware to the server.The breach, which is the first successful intrusion into the website, was discovered on August 25 by a CMS security team after an anomaly was detected in the security logs of one of the servers on the compromised system.MORE ON NETWORK WORLD: Free security tools you should try Officials say that while the attacker did gain access to the server, no personal information was compromised.To read this article in full or to leave a comment, please click here Read More


SLIDESHOWS

The new Microsoft under Satya Nadella

The Microsoft CEO has set new goals, taken some decisive actions, moved ahead with works already in progress and made Wall Street happy.

JOIN THE NETWORK WORLD COMMUNITIES

As network pros you understand that the value of connections increase as the number of connections increase, the so called network effect, and no where is this more evident than in professional relationships. Join Network World's LinkedIn and Facebook communities to share ideas, post questions, see what your peers are working on and scout out job applicants (or maybe find your next opportunity).

Network World on Facebook

Network World on LinkedIn

MOST-READ STORIES of 2014

1. UCLA, Cisco & more join forces to replace TCP/IP

2. Internet of Overwhelming Things

3. Reddit, Mozilla, Imgur and others in slowdown protest over net neutrality rules

4. Cisco retools UCS server line

5. Data shows Home Depot breach could be largest ever

6. What an Apple mobile payments system on iPhone 6 might look like

7. Bypassing hardware firewalls in 20 seconds

8. Munich reverses course, may ditch Linux for Microsoft

9. Google's plan for Chrome worries certificate authority vendors

10. Patch Tuesday: Internet Explorer needs critical patches, again


Do You Tweet?
Follow everything from NetworkWorld.com on Twitter @NetworkWorld.

You are currently subscribed to networkworld_security_alert as security.world@gmail.com.

Unsubscribe from this newsletter | Manage your subscriptions | Subscribe | Privacy Policy

When accessing content promoted in this email, you are providing consent for your information to be shared with the sponsors of the content. Please see our Privacy Policy for more information.

If you are interested in advertising in this newsletter, please contact: bglynn@cxo.com

To contact Network World, please send an e-mail to customer_service@nww.com.

Copyright (C) 2014 Network World, 492 Old Connecticut Path, Framingham MA 01701

** Please do not reply to this message. If you want to contact someone directly, send an e-mail to customer_service@nww.com. **


No comments:

Post a Comment