8 steps to regaining control over shadow IT
Credit to Author: Ryan Francis| Date: Thu, 23 Feb 2017 12:17:00 -0800
Breaking and protecting devops tool chains
Ken Johnson, CTO of nVisium, and Chris Gates, Senior Security Engineer at Uber talk to CSO Online's Steve Ragan about working with devops tool chains.
Bruce Schneier and the call for "public service technologists"
Bruce Schneier, CTO of IBM Resilient on the increasing importance of technologist's presence in education and policy-making.
Police arrest man suspected of building million-router German botnet
Credit to Author: Peter Sayer| Date: Thu, 23 Feb 2017 09:06:00 -0800
Last year, someone turned a German internet service provider into a million-router botnet. German police think they will soon have the culprit.
The U.K.’s National Crime Agency (NCA) made an arrest on Wednesday in connection with the November 2016 hack on Deutsche Telekom. The agency said it arrested a 29-year-old man at Luton airport, acting on a European Arrest Warrant issued by the public prosecutor’s office in Cologne, Germany.
The German Federal Criminal Police Office (Bundeskriminalamt, or BKA), which led the investigation, said it had worked with British law enforcement officials to arrest the man, a Briton.
To read this article in full or to leave a comment, please click here
Eleven-year-old root Linux kernel flaw found and patched
Credit to Author: Lucian Constantin| Date: Thu, 23 Feb 2017 07:49:00 -0800
Linux system administrators should be on the watch for kernel updates because they fix a local privilege escalation flaw that could lead to a full system compromise.
The vulnerability, tracked as CVE-2017-6074, is over 11 years old and was likely introduced in 2005 when the Linux kernel gained support for the Datagram Congestion Control Protocol (DCCP). The problem was discovered last week and was patched by the kernel developers on Friday.
The flaw can be exploited locally by using heap spraying techniques to execute arbitrary code inside the kernel, the most privileged part of the OS. Andrey Konovalov, the Google researcher who found the vulnerability, plans to publish an exploit for it a few days.
To read this article in full or to leave a comment, please click here
Amid cyberattacks, ISPs try to clean up the internet
Credit to Author: Michael Kan| Date: Thu, 23 Feb 2017 06:26:00 -0800
If your computer’s been hacked, Dale Drew might know something about that.
Drew is chief security officer at Level 3 Communications, a major internet backbone provider that’s routinely on the lookout for cyberattacks on the network level. The company has linked more than 150 million IP addresses to malicious activity worldwide.
That means all of those IP addresses have computers behind them that are probably involved in distributed denial-of-service attacks, email spam, or breaches of company servers, Drew said.
Hackers have managed to hijack those computers to “cause harm to the internet,” but the owners don’t always know that, Drew said.
To read this article in full or to leave a comment, please click here
Healthcare Under Attack: Trend Micro Reveals All in New Report
Credit to Author: Ed Cabrera (Chief Cybersecurity Officer)| Date: Thu, 23 Feb 2017 13:00:21 +0000
Healthcare organizations (HCOs) around the world are under attack. The data they store and process has become a valuable commodity on the cybercriminal underground and has even been linked to nation state attacks. In 2015, more than 113 million records were stolen in the U.S. alone, according to the Department of Health and Human Services….
A Super-Common Crypto Tool Turns Out to Be Super-Insecure
Credit to Author: Lily Hay Newman| Date: Thu, 23 Feb 2017 13:00:56 +0000
NIST has been warning about vulnerabilities in its SHA-1 cryptographic hash function for years, but some services still use it and the threats are growing. The post A Super-Common Crypto Tool Turns Out to Be Super-Insecure appeared first on WIRED.
Read More