What is Cyber Deception?
Cymmetria founder and CEO Gadi Evron explains the complex world of cyber deception, and how the principles of information control are helping to secure our systems.
Computer Security Articles
RSS Reader for Computer Security Articles
Independent
Tech groups gear up for a big FISA surveillance fight
Credit to Author: Grant Gross| Date: Thu, 16 Feb 2017 07:36:00 -0800
A controversial provision in U.S. law that gives the National Security Agency broad authority to spy on people overseas expires at the end of the year, and six major tech trade groups are gearing up for a fight over an extension.
Section 702 of the Foreign Intelligence Surveillance Act expires on Dec. 31, and Congress almost certain to extend it in some form.
The tech trade groups, including BSA, the Consumer Technology Association, and the Computer and Communications Industry Association, are asking lawmakers to build in new privacy protections for internet users.
To read this article in full or to leave a comment, please click here
Should security pros get special H-1B visa consideration?
Credit to Author: Stacy Collett| Date: Thu, 16 Feb 2017 04:29:00 -0800
New U.S. Attorney General Jeff Sessions may disagree about whether there is a shortage of skilled IT workers in America, as he has asserted at hearings over the past two years, but talk to most CISOs and they will confirm that when it comes to cybersecurity talent in particular, the skills shortage is very real.
To read this article in full or to leave a comment, please click here
(Insider Story)
Read MoreLegislation revived to curb warrantless geolocation tracking
Credit to Author: John Ribeiro| Date: Thu, 16 Feb 2017 03:45:00 -0800
Members of Congress reintroduced bills that would place curbs on warrantless access by the government to electronically generated geolocation information of Americans, including on the use of cell-site simulators that can capture cellphone data.
A bill introduced Wednesday, called the Geolocation Privacy and Surveillance Act, aims to create clear rules for when law enforcement agencies can acquire an individual’s geolocation information, generated from electronic devices like smartphones, GPS units and Wi-Fi equipped laptops.
Another bill, the Cell Location Privacy Act of 2017, requires law enforcement, including local, state and federal agencies, to obtain a warrant for the use of cell-site simulators, with exceptions such as the use of the technology in emergencies or for foreign intelligence surveillance. It also imposes a fine or imprisonment of up to 10 years, or both, for any one knowingly using a cell-site simulator, except under certain exceptions like a warrant.
To read this article in full or to leave a comment, please click here
A.I. faces hype, skepticism at RSA cybersecurity show
Credit to Author: Michael Kan| Date: Wed, 15 Feb 2017 17:10:00 -0800
Vendors at this week’s RSA cybersecurity show in San Francisco are pushing artificial intelligence and machine learning as the new way to detect the latest threats, but RSA CTO Zulfikar Ramzan is giving visitors a reality check.
“I think it [the technology] moves the needle,” he said on Wednesday. “The real open question to me is how much has that needle actually moved in practice?”
It’s not as much as vendors claim, Ramzan warned, but for customers it won’t be easy cutting through the hype and marketing. The reality is that a lot of the technology now being pushed isn’t necessarily new.
In particular, he was talking about machine learning, a subfield in A.I. that’s become a popular marketing term in cybersecurity. In practice, it essentially involves building algorithms to spot bad computer behavior from good.
To read this article in full or to leave a comment, please click here
Sophos CEO sounds the alarm on enterprise ransomware attacks
Credit to Author: Martyn Williams| Date: Wed, 15 Feb 2017 12:32:00 -0800
Ransomware is increasingly becoming a problem for companies, and the CEO of a leading computer security firm says he fears 2017 could see entire companies shut down until they pay up, or risk losing all their data.
Ransomware works by infiltrating a computer with malware and then encrypting all the files on the disk. The user is presented with a limited time offer: Lose all your data or send money with the promise your data will be unlocked. The fee typically varies from tens of dollars to hundreds of dollars and often has to be transmitted in Bitcoin.
The problem began on a fairly small scale, targeting individual users, but has been growing. Last year, a hospital in Los Angeles admitted to paying $17,000 to get its system unlocked, and a report in October said ransomware cases were on course to quadruple in 2016 over the previous year.
To read this article in full or to leave a comment, please click here
SSD Advisory – Tripwire IP360 Local File Inclusion
Credit to Author: Maor Schwartz| Date: Wed, 15 Feb 2017 07:16:18 +0000
Vulnerabilities Summary The following advisory describes a Local File Inclusion (LFI) vulnerability found in Tripwire IP360 version 7.2.6. Tripwire IP360 is a enterprise-class vulnerability and risk assessment, it’s provides visibility into the enterprise network, including all networked devices and their associated operating systems and application. Credit An independent security researcher Mohammed Shameem has reported this … Continue reading SSD Advisory – Tripwire IP360 Local File Inclusion
Read MoreIT leaders say it's hard to keep the cloud safe
Credit to Author: Sharon Gaudin| Date: Wed, 15 Feb 2017 12:17:00 -0800
IT managers are finding it difficult to keep their applications and data safe in the cloud, and many are slowing cloud adoption because of it.
That was one of the findings of an Intel cloud security report that surveyed 2,000 IT professionals in different countries and industries last fall.
The issue isn’t with the cloud itself, since trust outnumbers distrust for public clouds by more than two to one, according to Intel’s survey.
IT professionals told Intel that shadow IT and a shortage of cybersecurity skills are causing the most problems.
To read this article in full or to leave a comment, please click here