tips dan cara membuat blogSecuobs.com : 2013-10-11 01:49:08 - security - Trik dan cara membuat blog yang mudah bagi anda yang hobi ngeblog dan pemula yang ingin ikut eksis didunia blog,namun belum begitu faham tentang tata cara membuat blog yang baik dan benar,berikut ini ane akan berbagi resep tentang membuat blog di platform blogspot Kenapa blogspot karena banyak sekali para master yang merekomendasikan untuk menggunakan atau membuat blog via blogspot Banyak sekali keunggulan yang didapat dengan membuat blog di blogspot salah satunya adalah kita bisa memodifikasi tampilan sesuai keinginan, selain itu juga dapat menghasilkan uang dari blogspot Yasudah mari kita tkp untuk tata cara membuat blog dengan blogspot 1 gunakan email gmail 2 menuju blogspotcom 3 pilih buat blog baru 4 kemduian ikuti step2 erikutnya jadi deh demikianlah tutorial singkat tentang cara membuat blog dengan menggunakan blogspot http://www.secuobs.com/revue/news/473962.shtmlhttp://www.secuobs.com/revue/news/473962.shtml Strategi Cipto JunaedySecuobs.com : 2013-05-14 04:35:19 - security - Cipto Junaedy Nama ini sudah tidak asing lagi Strategi Tanpa Uang Tanpa Utang yang diajarkannya dikenal orisinil dan mendobrak Strateginya itu mampu mematahkan strategi Kiyosaki dan Dolf De Ross yang berbasis utang Hampir setiap minggu namanya menghiasi berbagai media massa nasional dan daerah Seminar yang dibawakannya pun menjadi yang terbesar dan terpopuler, juga hadir secara eksklusif dikenal tanpa menggunakan sponsor manapun, karena materi yang disampaikannya berbicara tentang strategi dan agar bebas kepentingan Hanya dalam waktu relatif singkat sejak memulai seminarnya, Cipto Junaedy telah berbicara di hadapan lebih dari 500000 orang Dia didengar oleh berbagai lapisan masyarakat Mulai dari yang kaya dan berpengaruh, seperti pengusaha besar, direktur korporat, para pejabat pemerintahan tingkat pusat maupun daerah, tokoh-tokoh parpol, anggota DPR, artis-artis terkenal, presenter televisi, wartawan, kalangan militer dan kepolisian, pengacara, pemuka agama, tokoh-tokoh adat, dokter, aktivis LSM, budayawan, hingga yang sederhana, seperti ibu rumah tangga, mahasiswa, guru, pensiunan, pedagang kecil, dan relawan korban bencana Rata-rata setiap 42 hari Cipto Junaedy memberikan 1 rumah gratis atau uang senilai rumah kepada mereka yang membutuhkan Sebagai mentor, dia juga telah membuktikan ajarannya sendiri dalam membeli property tanpa uang tanpa utang Dia telah mencaplok berbagai property strategis di sejumlah kota besar di Indonesia dan luar negeri Yang terkini, pada Mei 2011, dia berhasil mencaplok 90 unit apartement yang bergengsi di Jakarta dari developer terkemuka hanya dalam waktu 15 hari http chordsmantapblogspotcom 2013 05 cipto-junaedyhtml http://www.secuobs.com/revue/news/445194.shtmlhttp://www.secuobs.com/revue/news/445194.shtml Kiat menjadi Konsumen cerdas paham perlindungan konsumenSecuobs.com : 2013-04-08 13:00:32 - security - 1 Tegakkan Hak Kewajiban Anda Selaku KonsumenKonsumen diajarkan untuk kritis dan berani memperjuangkan haknya apabila barang jasa yang dibelinya tidak sesuai dengan standar yang dipersyaratkan dan tidak sesuai dengan diperjanjikan, tetapi Konsumen cerdas paham perlindungan konsumen juga harus mengerti kewajibannya sebagaimana tercantum pada UUPK 2 Teliti Sebelum MembeliKonsumen cerdas paham perlindungan konsumen diajarkan selalu mempunyai kebiasaan untuk teliti atas barang dan atau jasa yang ditawarkan tersedia dipasar Minimal secara kasat mata dapat digunakan untuk mengetahui keadaan yang sebenarnya dari barang dan atau jasa tersebut, dan bila kurang jelas paham, dapat menyampaikan untuk bertanya atau untuk memperoleh informasi atas barang dan atau jasa tersebut Berdasarkan hal ini, dapat diperoleh gambaran umum atas barang dan atau jasa yang ditawarkan di pasar 3 Perhatikan Label, MKG, dan Masa KadaluarsaKonsumen harus lebih kritis untuk mengetahui kondisi barang dan atau jasa, khususnya atas barang makanan, minuman, obat dan kosmetik, dalam keadaan terbungkus yang disertai label Dalam label dicantumkan antara lain komposisi, manfaat aturan pakai, dan masa berlaku Bila membeli produk telematika dan elektronika harus dilengkapi dengan petunjuk penggunaan manual dan kartu jaminan garansi purna jual dalam bahasa Indonesia Perhatikan masa kadaluarsa agar berhati-hati terhadap barang yang masuk kedalam tubuh atau yang digunakan diluar atas tubuh Karena barang tersebut sangat erat kaitannya dengan aspek kesehatan, keamanan dan keselamatan K3L konsumen 4 Pastikan Produk Sesuai dengan Standar Mutu K3LKonsumen diajak untuk mulai akrab dengan produk bertanda SNI dan memperhatikan produk yang sudah yang wajib SNI Produk bertanda SNI lebih memberikan jaminan kepastian atas kesehatan, keamanan dan keselamatan konsumen, bahkan lingkungannya K3L Saat ini terdapat produk dengan SNI yang diberlakukan secara sukarela voluntary dan 89 jenis produk yang sudah SNI Wajib Standar lain yang diberlakukan di dunia adalah Japanese Industrial Standards JIS , British Standards BS , American Society for Testing and Materials ASTM , Codex Standard, Conformità Europà enne CE , dan lain-lain 5 Beli Sesuai Kebutuhan Bukan KeinginanKonsumen diajak untuk mempunyai budaya perilaku tidak konsumtif artinya bukan barang dan atau jasa yang menguasai atau mempengaruhi konsumen andalah sebagai Konsumen cerdas paham perlindungan konsumen yang menguasai keinginannya untuk membeli barang dan atau jasa http://www.secuobs.com/revue/news/438122.shtmlhttp://www.secuobs.com/revue/news/438122.shtml Obat Wasir dan Ambeien Manjur di Obatwasirbiz Secuobs.com : 2012-12-14 19:52:16 - security - Obat Wasir dan Ambeien Manjur di Obatwasirbiz adalah suatu keyword yang sedang di perlombakan di lintasan seo google yang akan segera berakhir dalam beberapa jam sahabat saya pembolang ikut berpartisipasi dalam ajang kontes seo ini Kontes seo ini diadakan oleh obatwaasirbiz yang mana menyediakan tentang obat herbal untuk penyakit wasir dan lain sebagainya Semoga pembolang bisa mempertahankan posisi nya di page one dalam kontes seo Obat Wasir dan Ambeien Manjur di Obatwasirbiz http://www.secuobs.com/revue/news/417135.shtmlhttp://www.secuobs.com/revue/news/417135.shtml Short Cut Windows 8 Metro StyleSecuobs.com : 2012-12-09 04:20:03 - security - This is some Short cut from windows 8 check it out Windows key Switch between Modern Desktop Start screen and the last accessed application Windows key C Access the charms bar Windows key Tab Access the Modern Desktop Taskbar Windows key I Access the Settings charm Windows key H Access the Share charm Windows key K Access the Devices charm Windows key Q Access the Apps Search screen Windows key F Access the Files Search screen Windows key W Access the Settings Search screen Windows key P Access the Second Screen bar Windows key Z Brings up the App Bar when you have a Modern Desktop App running Windows key X Access the Windows Tools Menu Windows key O Lock screen orientation Windows key Move the screen split to the right Windows key Shift Move the screen split to the left Windows key V View all active Toasts Notifications Windows key Shift V View all active Toasts Notifications in reverse order Windows key PrtScn Takes a screenshot of the screen and automatically saves it in the Pictures folder as Screenshot Windows key Enter Launch Narrator Windows key E Open Computer Windows key R Open the Run dialog box Windows key U Open Ease of Access Center Windows key Ctrl F Open Find Computers dialog box Windows key Pause Break Open the System page Windows key 110 Launch a program pinned on the Taskbar in the position indicated by the number Windows key Shift 110 Launch a new instance of a program pinned on the Taskbar in the position indicated by the number Windows key Ctrl 110 Access the last active instance of a program pinned on the Taskbar in the position indicated by the number Windows key Alt 110 Access the Jump List of a program pinned on the Taskbar in the position indicated by the number Windows key B Select the first item in the Notification Area and then use the arrow keys to cycle through the items Press Enter to open the selected item Windows key Ctrl B Access the program that is displaying a message in the Notification Area Windows key T Cycle through the items on the Taskbar Windows key M Minimize all windows Windows key Shift M Restore all minimized windows Windows key D Show Hide Desktop minimize restore all windows Windows key L Lock computer Windows key Up Arrow Maximize current window Windows key Down Arrow Minimize restore current window Windows key Home Minimize all but the current window Windows key Left Arrow Tile window on the left side of the screen Windows key Right Arrow Tile window on the right side of the screen Windows key Shift Up Arrow Extend current window from the top to the bottom of the screen Windows key Shift Left Right Arrow Move the current window from one monitor to the next Windows key F1 Launch Windows Help and Support PageUp Scroll forward on the Modern Desktop Start screen PageDown Scroll backward on the Modern Desktop Start screen Esc Close a charm Ctrl Esc Switch between Modern Desktop Start screen and the last accessed application Ctrl Mouse scroll wheel Activate the Semantic Zoom on the Modern Desktop screen Alt Display a hidden Menu Bar Alt D Select the Address Bar Alt P Display the Preview Pane in Windows Explorer Alt Tab Cycle forward through open windows Alt Shift Tab Cycle backward through open windows Alt F Close the current window Open the Shut Down Windows dialog box from the Desktop Alt Spacebar Access the Shortcut menu for current window Alt Esc Cycle between open programs in the order that they were opened Alt Enter Open the Properties dialog box of the selected item Alt PrtScn Take a screen shot of the active Window and place it in the clipboard Alt Up Arrow Move up one folder level in Windows Explorer Like the Up Arrow in XP Alt Left Arrow Display the previous folder Alt Right Arrow Display the next folder Shift Insert CD DVD Load CD DVD without triggering Autoplay or Autorun Shift Delete Permanently delete the item rather than sending it to the Recycle Bin Shift F6 Cycle backward through elements in a window or dialog box Shift F10 Access the context menu for the selected item Shift Tab Cycle backward through elements in a window or dialog box Shift Click Select a consecutive group of items Shift Click on a Taskbar button Launch a new instance of a program Shift Right-click on a Taskbar button Access the context menu for the selected item Ctrl A Select all items Ctrl C Copy the selected item Ctrl X Cut the selected item Ctrl V Paste the selected item Ctrl D Delete selected item Ctrl Z Undo an action Ctrl Y Redo an action Ctrl N Open a new window in Windows Explorer Ctrl W Close current window in Windows Explorer Ctrl E Select the Search box in the upper right corner of a window Ctrl Shift N Create new folder Ctrl Shift Esc Open the Windows Task Manager Ctrl Alt Tab Use arrow keys to cycle through open windows Ctrl Alt Delete Access the Windows Security screen Ctrl Click Select multiple individual items Ctrl Click and drag an item Copies that item in the same folder Ctrl Shift Click and drag an item Creates a shortcut for that item in the same folder Ctrl Tab Move forward through tabs Ctrl Shift Tab Move backward through tabs Ctrl Shift Click on a Taskbar button Launch a new instance of a program as an Administrator Ctrl Click on a grouped Taskbar button Cycle through the instances of a program in the group F1 Display Help F2 Rename a file F3 Open Search F4 Display the Address Bar list F5 Refresh display F6 Cycle forward through elements in a window or dialog box F7 Display command history in a Command Prompt F10 Display hidden Menu Bar F11 Toggle full screen display Tab Cycle forward through elements in a window or dialog box PrtScn Take a screen shot of the entire screen and place it in the clipboard Home Move to the top of the active window End Move to the bottom of the active window Delete Delete the selected item Backspace Display the previous folder in Windows Explorer Move up one folder level in Open or Save dialog box Esc Close a dialog box Num Lock Enabled Plus Display the contents of the selected folder Num Lock Enabled Minus - Collapse the selected folder Num Lock Enabled Asterisk Expand all subfolders under the selected folder Press Shift 5 times Turn StickyKeys on or off Hold down right Shift for 8 seconds Turn FilterKeys on or off Hold down Num Lock for 5 seconds Turn ToggleKeys on or off http://www.secuobs.com/revue/news/415901.shtmlhttp://www.secuobs.com/revue/news/415901.shtml SecuObs.com http://www.secuobs.com Observatoire de la securite Internet fr webmaster@secuobs.com Setting the Benchmark in the Network Security Forensics Industry2016-04-26 21:37:30 - Security Bloggers Network : Setting the benchmark Beating thirty other products in threat detection and response capabilities Outstanding achievement in product leadership, technological innovation, customer service, and product development Superior capabilities for best addressing customer needs Wow While we certainly don t do what we do here for such accolades we do it to help our The post Setting the Benchmark in the Network Security Forensics Industry appeared first on Speaking of Security - The RSA Blog and Podcast http://www.secuobs.com/revue/news/604756.shtmlhttp://www.secuobs.com/revue/news/604756.shtml Is your security appliance actually FIPS validated 2016-04-26 21:37:30 - Security Bloggers Network : It may not seem like a big deal to the ordinary person, but security-conscious customers care a great deal about FIPS 140-2 the standard that determines security assurance level Security vendors may tell you that their security appliances are FIPS validated, but ask them to prove it You have the right to ask a security vendor to point you to their certificate or you can simply go look online to see if their key management appliance has been officially validated I ll show you where to look a little further into the blog IMAGE IMAGE IMAGE IMAGE IMAGE http://www.secuobs.com/revue/news/604752.shtmlhttp://www.secuobs.com/revue/news/604752.shtml 94 Percent of IT Pros See Free Wi-Fi Hotspots as a Significant Security Threat 2016-04-26 15:27:40 - LinuxSecurity.com Latest News : LinuxSecuritycom A recent survey of 500 CIOs and IT decision makers in the US, UK, Germany and France found that fully 94 percent of respondents see free Wi-Fi hotspots as a significant mobile security threat to their organizations http://www.secuobs.com/revue/news/604719.shtmlhttp://www.secuobs.com/revue/news/604719.shtml SWIFT warns customers of multiple cyber fraud cases, issues software security update2016-04-26 13:57:00 - Office of Inadequate Security : Jim Finkle reports SWIFT, the global financial network that banks use to transfer billions of dollars every day, warned its http://www.secuobs.com/revue/news/604713.shtmlhttp://www.secuobs.com/revue/news/604713.shtml Worldwide IoT security spending on the rise2016-04-26 08:20:05 - Help Net Security : Worldwide spending on Internet of Things security will reach 348 million in 2016, a 237 percent increase from 2015 spending of 2815 million, according to Gartner Furthermore, spending on IoT security is expected to reach 547 million in 2018 It s encouraging to see the investment in security spend for IoT increase, it will however not be enough based upon Gartner forecasts Our reliance on such devices will extend to well beyond consumer IoT, and such More http://www.secuobs.com/revue/news/604688.shtmlhttp://www.secuobs.com/revue/news/604688.shtml Deploying SAST Static Application Security Testing2016-04-26 07:17:37 - Security Bloggers Network : code_sastIf you read my previous post Selecting SAST you will have undergone the extensive process of selecting a very valuable asset in the quest to secure your software You have probably also discovered by now that there is a learning Continue reading The post Deploying SAST Static Application Security Testing appeared first on AsTech Consulting http://www.secuobs.com/revue/news/604686.shtmlhttp://www.secuobs.com/revue/news/604686.shtml Application Security Vulnerabilities Over Time The Uphill Battle2016-04-26 03:01:44 - Security Bloggers Network : Banner - The Uphill BattleIn a few of my previous blog posts, I have published some statistics regarding application vulnerability types found, related secure code remediation, and trends related to those vulnerabilities based on data that we have captured over the years from our Continue reading The post Application Security Vulnerabilities Over Time The Uphill Battle appeared first on AsTech Consulting http://www.secuobs.com/revue/news/604679.shtmlhttp://www.secuobs.com/revue/news/604679.shtml Continuing the Conversation Information Security Professionals in Higher Education2016-04-26 00:50:02 - Security Bloggers Network : By Joanna Grama, Director of Cybersecurity and IT GRC Programs, EDUCAUSE When information security professionals get together, there is no shortage of conversation From sharing points-of-view on the latest hot topic to swapping technology implementation tips, information security professionals are determined to learn from one another to advance the profession This shared commitment to improving information security was on full display during the Peer2Peer Session Advancing Information Security Strategies in Higher Education at the 2016 RSA Conference The session was filled to capacity and http://www.secuobs.com/revue/news/604669.shtmlhttp://www.secuobs.com/revue/news/604669.shtml Security Will be the Winner in the Cloud Wars2016-04-26 00:50:02 - Security Bloggers Network : Clouds tout their rapid elasticity, infinite scalability and commodity pricing when wooing developers and operations engineers While these are some of the sexier features of today s cloud infrastructure providers, they are not the ultimate differentiator that will win the hearts and minds of the desirable CIOs running the Fortune 5000 enterprises What magic trait will cloud providers rely on to earn the hearts of these power players Security the elusive and forever-moving target for many organizations http://www.secuobs.com/revue/news/604664.shtmlhttp://www.secuobs.com/revue/news/604664.shtml 3 things every employee needs to know about online security2016-04-26 00:50:02 - Security Bloggers Network : Companies of all sizes in multiple sectors lose sensitive information, millions of dollars, and their good reputation every year to cyberattacks Human error accounts for an estimated 95 percent of security incidents Bein http://www.secuobs.com/revue/news/604663.shtmlhttp://www.secuobs.com/revue/news/604663.shtml The 8th Annual Information Security Summit2016-04-25 16:05:07 - Security Bloggers Network : Plan now to join companies and industry peers for the premier Information Security event in Los Angeles The Eighth Annual The post The 8th Annual Information Security Summit appeared first on Checkmarx http://www.secuobs.com/revue/news/604626.shtmlhttp://www.secuobs.com/revue/news/604626.shtml Hell froze over Hacked firm cares more about its users security than its corporate image2016-04-25 16:03:24 - Office of Inadequate Security : Graham Cluley tells TruckersMP to take a bow for self-reporting a breach of user data to Troy Hunt s http://www.secuobs.com/revue/news/604622.shtmlhttp://www.secuobs.com/revue/news/604622.shtml The security review Dorkbot, encryption and buildings2016-04-25 15:25:33 - Security Bloggers Network : Welcome to this week s security review, which includes Dorkbot, the importance of encryption and how buildings are at threat of cyberattacks The post The security review Dorkbot, encryption and buildings appeared first on We Live Security http://www.secuobs.com/revue/news/604619.shtmlhttp://www.secuobs.com/revue/news/604619.shtml Information Security Vulnerabilities of Trains2016-04-25 15:25:33 - Security Bloggers Network : 1 Introduction Since the invention of the steam locomotive, there have been continuous technological developments in the field of railway transport For example, AGV Italo a train which entered Go on to the site to read the full article http://www.secuobs.com/revue/news/604612.shtmlhttp://www.secuobs.com/revue/news/604612.shtml TROOPERSCON - Developing an Enterprise IPv6 Security Strategy2016-04-25 14:46:52 - SecurityTube.Net : Usually IPv6 planning projects include at least three main documents a road map, an address concept plan and an IPv6 security concept In this talk I ll focus on the latter and I will lay out typical steps needed to come up with a set of IPv6 security controls both on the infrastructure and on the host endpoint layer suited to provide adequate IPv6 security in enterprise organizations, in an operationally feasible way ENNO REY Enno Rey Enno_Insinuator is an old school network security guy who has been involved with IPv6 since 1999 In the last years he has contributed to many IPv6 projects in very large environments, both on a planning and on a technical implementation level For More Information Please Visit - https wwwtroopersde http://www.secuobs.com/revue/news/604588.shtmlhttp://www.secuobs.com/revue/news/604588.shtml TROOPERSCON - Security Aspects of IPv6 Multi-Interface and Source Destination Routing2016-04-25 14:46:52 - SecurityTube.Net : Recent works in the MIF, routing working groups of the IETF are about supporting simultaneous use of several interfaces as well as discovering the provisioning domain PvD default search domain, recursive DNS servers, prefix to be used, Another recent topic is about source destination routing where the source address is also used in the forwarding decision The talk will briefly present those recent work items, then it will focus on their security impacts denial of service, spoofing, TR16_IPv6_Sec_Summit_evyncke_mif_securitypdf ERIC VYNCKE Eric Vyncke is a Distinguished Engineer based in the Brussels office of Cisco Systems His main current technical focus is about security and IPv6 He has designed several secured large IPsec networks and other security related designs In his work for the IETF, he co-authored RFC 3585, 5514, 7381 and 7404 and is active in V6OPS, 6MAN and OPSEC working groups His recent works are related to IPv6 including co-authoring a book on IPv6 Security he also authored a book on layer-2 security Eric is the current co-chair of the Belgian IPv6 Council wwwvynckeorg ipv6status is well-known for several years to collect statistics about IPv6 deployment He is also a visiting professor for security topics at the University of Mons He is an adjunct professor at HEC, the business school of University of Liège, Belgium He holds a CISSP certification, is a member of ISSA and speaks frequently at international conferences He s presented at Troopers several times, like in 2015 on Segment Routing Twitter evyncke For More Information Please Visit - https wwwtroopersde http://www.secuobs.com/revue/news/604587.shtmlhttp://www.secuobs.com/revue/news/604587.shtml TROOPERSCON - IPv6 First Hop Security Features on HP Devices2016-04-25 14:46:52 - SecurityTube.Net : In this talk I ll provide an overview which IPv6 First Hop Security FHS features are currently available on HP Comware based devices, how those are configured and what actually works or doesn t We will have some devices in the room and this talk will be open end so we can even explore things in a practical way, next to a number of demos being part of the talk anyway CHRISTOPHER WERNY Christopher has been involved with IPv6 since 2005 and has performed a number of IPv6 planning, implementation and troubleshooting projects tasks since then He leads the network security team at ERNW For More Information Please Visit - https wwwtroopersde http://www.secuobs.com/revue/news/604583.shtmlhttp://www.secuobs.com/revue/news/604583.shtml TROOPERSCON - IPv6 Security Fundamentals2016-04-25 14:46:52 - SecurityTube.Net : TROOPERSCON - IPv6 Security Fundamentals For More Information Please Visit - https wwwtroopersde http://www.secuobs.com/revue/news/604576.shtmlhttp://www.secuobs.com/revue/news/604576.shtml TROOPERSCON - Security Assessment of Microsoft DirectAccess2016-04-25 14:46:52 - SecurityTube.Net : A talk about DirectAccess an IPv6-only VPN solution was given by our colleague Ali Hardudi during IPv6 summit Ali has recently finished his master thesis on this topic The DirectAccess VPN technology was introduced by Microsoft starting from Windows server 2008 It allows users remotely, seamlessly and securely connect to their internal network resources without a need to provide user credentials, which is done using different technologies such as Windows domain group policies As everything, this technology has advantages and disadvantages It is using pure IPv6 and can work over IPv4 infrastructure, provides bidirectional access and allows for remote management and administration while implementing enhanced security features, but not all Windows OS s are supported, the force tunneling and end-to-end encryption are not always possible, and there is a performance degradation when using IP-HTTPS tunneling The DirectAccess solution is relying on a wide range of technologies, such as Active Directory Domain Controller AD DC IPSEC Public Key Infrastructure PKI HTTPS server as Network Location Service NLS Name Resolution Policy Table NRPT IPv6 tunneling technologies NAT64 DNS64, and others Ali has built a lab and developed two scenarios for assessment IP-HTTPS default configuration case, and authenticated IP-HTTPS case In these scenarios an attacker is considered to have the following position He knows URL IP of the DirectAccess server He has compromised or a trusted certificate Position of attacker is remotely settled or within the local subnet of the client First scenario was the unauthenticated IP-HTTPS case with the following considerations packets with multicast unicast addresses are not forwarded, and a server replies on behalf of clients, if a client wants to configure an address that is already configure For this scenario the following attacks were performed Scan alive hosts using Ping scan attacker position is local or remote Scan for alive DA clients using Duplicate Address local or remote Send packets with spoofed IPv6 addresses local or remote Denial of Service against IP-HTTPS tunnel local or remote Neighbor Cache exhaustion local or remote MITM using a trusted certificate local or remote MITM by relaying IPSEC packets via attacker s computer local only The second scenario was the authenticated IP-HTTPS case with the following features almost all types of packets are accepted by the DirectAccess, null cipher suites can not be used any more, all the authenticated IP-HTTPS connections are trusted, and the only packets that are not forwarded are those which have unspecified IPv6 source address The following attacks were performed Scan for alive DirectAccess clients using Ping scan attacker position is local or remote Scan DirectAccess clients for open ports local or remote DoS against DirectAccess clients by sending fake Router Advertisement RA with randomized prefixes local or remote Hijacking IPSEC packets that are sent to the client and cause a DoS local or remote DoS DirectAccess client, by sending unsolicited Neighbor Solicitation NS with the IPv6 of the DirectAccess server as a source address local or remote This assessment has shown that IP-HTTPS is a very critical component, which could be utilized by attackers to perform many IPv6 attacks on both DirectAccess client and server You can have a look at the slides here or watch the video recording on our channel Cheers, Olga For More Information Please Visit - https wwwtroopersde http://www.secuobs.com/revue/news/604575.shtmlhttp://www.secuobs.com/revue/news/604575.shtml TROOPERSCON - Security Evaluation of Dual-Stack Systems2016-04-25 14:46:52 - SecurityTube.Net : This talk presents a measurement study of a current security state regarding to open ports on a direct comparison of IPv4 and IPv6 The study analyses almost 58,000 dual-stacked domains in order to find discrepancies in applied security policies We further discuss the potential reasons and, more importantly, the implications of the identified differences PATRIK FEHRENBACH Coming soon For More Information Please Visit - https wwwtroopersde http://www.secuobs.com/revue/news/604574.shtmlhttp://www.secuobs.com/revue/news/604574.shtml SkyDogCon 2015 Everyting You Know About Security is a Lie - Curtis Koenig2016-04-25 14:46:52 - SecurityTube.Net : Have you ever considered what it means to be secure Is the concept of security a mental construct or is it something that is equally quantifiable across people Several recent studies have shown disparity in the way experts and non-experts act with regards to how they view and act when presented with security choices This talk seeks to examine how Mostly Hairless Monkeys MHM or Humans perceive and act with regards to security For More Information Please Visit - http skydogconblogspotin http://www.secuobs.com/revue/news/604565.shtmlhttp://www.secuobs.com/revue/news/604565.shtml SkyDogCon 2015 The Politics of Security Failures - Tom Ruff2016-04-25 14:46:52 - SecurityTube.Net : A light-hearted comparison of how laser beam focus can result in serious problems In software, it usually leaves gaping security holes In politics, it usually leaves gaping holes in my wallet which I can now recover some of by fixing the gaping security holes in other people's software For More Information Please Visit - http skydogconblogspotin http://www.secuobs.com/revue/news/604561.shtmlhttp://www.secuobs.com/revue/news/604561.shtml SkyDogCon 2015 Security Lessons Learned Sponsoring a Sex Addict - Sarah Clarke2016-04-25 14:46:52 - SecurityTube.Net : What happens when someone in your home comes to you and asks you to help with their sex addiction A tour through the technical and human issues that must be addressed to provide a solution, a compare and contrast to our larger infosec issues, and the results of the experiment For More Information Please Visit - http skydogconblogspotin http://www.secuobs.com/revue/news/604560.shtmlhttp://www.secuobs.com/revue/news/604560.shtml Security Slice The Resurgence of Ransomware2016-04-25 09:32:10 - Security Bloggers Network : Ransomware seems to be everywhere According to Blue Coat Systems 2015 Mobile Malware Report, ransomware is now the top malware threat targeting mobile devices, and it has even begun to infect Apple s Macintosh computers Hospitals across the nation have been significantly impacted by ransomware campaigns What factors are driving this dramatic rise in ransomware Listen to our Read More The post Security Slice The Resurgence of Ransomware appeared first on The State of Security IMAGE http://www.secuobs.com/revue/news/604537.shtmlhttp://www.secuobs.com/revue/news/604537.shtml Security Sense If I Can Verify Data Breaches, so Can Those Who Are Breached2016-04-24 16:48:05 - Security Bloggers Network : Companies are often slow to acknowledge they've suffered a data breach, but verification of a publicly leaked breach is often the easy bit read more http://www.secuobs.com/revue/news/604506.shtmlhttp://www.secuobs.com/revue/news/604506.shtml Started working on new book Measuring Software Quality using Application Security 2016-04-24 16:45:56 - Dinis Cruz Blog : IMAGE Over the 3 weeks I spent in the US in an RV with family I started working on a book based on the ideas shown at the New Era of Software with modern Application Security presentation v10 The current title is Measuring Software Quality using Application Security and it is going to be published at LeanPub https leanpubcom Software_Quality All content is hosted on the public GitHub repo https githubcom DinisCruz Book_Software_Quality tree master content, where you can also see a number of issues I plan to address including areas for research I am currently in the brain dump stage of development, where I'm adding the content I want to talk about in a kinda-structured way The idea is to expand the bullet points into text and normalise the content in logical areas some topics already have a first pass at expanding the ideas into final text Let me know if you want a copy of the latest version of PDF and please register your interest at Leanpub's site Here is what the current version look like which is at 80 pages IMAGE http://www.secuobs.com/revue/news/604503.shtmlhttp://www.secuobs.com/revue/news/604503.shtml Small Experiments in DIY Home Security2016-04-24 13:02:09 - Hackaday : Dann Albright writes about some small experiments he s done in home security He starts with the simplest Which is to purchase an off the shelf web camera, and hook it up to software built to do the task The first software he uses is the free, iSpy open source software This adds basic features like motion detection, time stamping, logging, and an interface He also explores other commercial options Next he delves a bit deeper He starts by making a simple motion detector When the Arduino detects motion using a PIR sensor it gets a computer to text an alert read more http://www.secuobs.com/revue/news/604501.shtmlhttp://www.secuobs.com/revue/news/604501.shtml COMELEC hacking should be treated as a serious national security problem2016-04-23 19:49:37 - Office of Inadequate Security : This column by Cecilio Arillo has some interesting figures and concerns IF no security contingency plan is yet in http://www.secuobs.com/revue/news/604489.shtmlhttp://www.secuobs.com/revue/news/604489.shtml Tampa International Airport infosecurity breach spurred probe2016-04-23 16:03:23 - Office of Inadequate Security : Yvette C Hammett reports A consultant working to upgrade Tampa International Airport s computer system last year caused http://www.secuobs.com/revue/news/604483.shtmlhttp://www.secuobs.com/revue/news/604483.shtml UK Intel Agencies Have Been Spying on Millions of People 'Of No Security Interest' Since 1990s2016-04-22 16:28:22 - Slashdot Your Rights Online : The UK's intelligence agencies such as MI5, MI6, and GCHQ have been collecting personal information from citizens who are unlikely to be of intelligence or security interest since the 1990s, a thousand pages of documents published on Thursday revealed The documents were published as a result of a lawsuit filed by Privacy International, a UK-based registered charity that defends and promotes the right to privacy across the world According to the documents, GCHQ and others have been collecting bulk personal data sets since 1998 under the provisions of section 94 of the Telecommunications Act 1984 JM Porup, reports for Ars Technica These records can be anything from your private medical records, your correspondence with your doctor or lawyer, even what petitions you have signed, your financial data, and commercial activities, Privacy International legal officer Millie Graham Wood said in a statement The information revealed by this disclosure shows the staggering extent to which the intelligence agencies hoover up our data Nor, it seems, are BPDs only being used to investigate terrorism and serious crime they can and are used to protect Britain's economic well-being -- including preventing pirate copies of Harry Potter books from leaking before their release date The so-called Bulk Personal Datasets, or BPDs are so powerful, in fact, that the normally toothless UK parliament watchdog that oversees intelligence gathering, the Intelligence and Security Committee ISC , recommended in February that Class Bulk Personal Dataset warrants are removed from the new legislation These data sets are so large and collect so much information so indiscriminately that they even include information on dead people IMAGE IMAGE Share on Google Read more of this story at Slashdot http://www.secuobs.com/revue/news/604456.shtmlhttp://www.secuobs.com/revue/news/604456.shtml What s New on SecurityIQ 2016-04-22 16:19:49 - Security Bloggers Network : Hello, SecurityIQ users As our dev team Dave and Justin continues to enhance our cloud-based security awareness education platform, I thought you all would like to know about some of the changes Go on to the site to read the full article http://www.secuobs.com/revue/news/604452.shtmlhttp://www.secuobs.com/revue/news/604452.shtml TROOPERScon - Medical Device Security Hack or Hype2016-04-22 15:05:23 - SecurityTube.Net : How has the field of medical device security evolved since the 2008 hack of a implantable medical device Why do I still maintain hope that medical device security will improve What s fiction and what s a clinically relevant risk I will discuss the subtle differences in philosophy between information security specialists and clinical engineers who must ensure the safety of patients depending on the function of medical devices By the end of the talk, an information security specialist will have a better understanding of how to work productively with clinical engineering, and more important, how to share a beer with a safety-minded clinical engineer Dr Kevin Fu is credited for establishing the field of medical device security Kevin is Chief Scientist of Virta Labs, Inc and Associate Professor in EECS at the University of Michigan where he directs the Archimedes Center for Medical Device Security and the Security and Privacy Research Group SPQR at secure-medicineorg Kevin has briefed White House staff on methods to improve medical device security He was named MIT Technology Review TR35 Innovator of the Year Kevin served as program chair of USENIX Security, a member of the NIST Information Security and Privacy Advisory Board, and co-chair of the AAMI Working Group on Medical Device Security He served as a visiting scientist at the Food Drug Administration, the Beth Israel Deaconess Medical Center of Harvard Medical School, Microsoft Research, and MIT CSAIL Kevin received his BS, MEng, and PhD from MIT He earned a certificate of artisanal bread making from the French Culinary Institute Follow Kevin DrKevinFu For More Information Please Visit - https wwwtroopersde http://www.secuobs.com/revue/news/604431.shtmlhttp://www.secuobs.com/revue/news/604431.shtml TROOPERSCON - Real Life Software Defined Security2016-04-22 15:05:23 - SecurityTube.Net : Vendors, pundits, and industry media love to talk about Software-Defined Everything, but nothing ever changes in the enterprise world, right Wrong Some engineers are already solving security problems with a software-defined approach to networking and security, be it microsegmentation in NSX or OpenStack environment, building scale-out IDS clusters, or respond to DoS or intrusion events in real-time and we ll cover all these ideas in this fast-paced presentation IVAN PEPELNJAK Ivan Pepelnjak, CCIE 1354 Emeritus, has been designing and implementing large-scale service provider and enterprise networks as well as teaching and writing books about advanced technologies since 1990 He s the author of several Cisco Press books, prolific blogger and writer, occasional consultant, and creator of a series of highly successful webinars For More Information Please Visit - https wwwtroopersde http://www.secuobs.com/revue/news/604427.shtmlhttp://www.secuobs.com/revue/news/604427.shtml Vormetric Data Security Manager Receives Prestigious Common Criteria Certification2016-04-22 12:15:58 - Security Bloggers Network : We did it Vormetric is officially the first vendor to receive the Enterprise Security Management ESM Policy Management Protection Profile PP_ESM_PM_V21 Common Criteria certification for the Vormetric Data Security Manager DSM V6000 appliances While this has been one long and difficult journey, it s also been one huge accomplishment Click To Tweet First to qualify for Common Criteria PP ESM PM V21 Vormetric Data Security Manager bitly 26h95GE pictwittercom wjxKZIPZLi The National Information Assurance Partnership NIAP a US organization responsible for implementation The post Vormetric Data Security Manager Receives Prestigious Common Criteria Certification appeared first on Data Security Blog Vormetric http://www.secuobs.com/revue/news/604403.shtmlhttp://www.secuobs.com/revue/news/604403.shtml The future of ICS security depends on OT-centric security solutions2016-04-22 09:29:41 - Help Net Security : New cybersecurity operational technologies are emerging to protect industrial control systems ICS against impending IT threats and attacks ABI Research indicates that demand will focus on network level security in the short term but eventually shift to place the significance on embedded security and lifecycle management Digital information, by its nature, can be backed up and restored, relocated and copied Most IT security methodologies and technologies rely on this aspect of virtual assets Operational technology More http://www.secuobs.com/revue/news/604381.shtmlhttp://www.secuobs.com/revue/news/604381.shtml IT channel security practices will balance products, processes and skills2016-04-22 07:51:52 - Help Net Security : A comprehensive security offering is quickly moving from simple product installation to an ongoing process IT channel companies that highlight processes and education along with the products they stock will be well positioned to seize new opportunities in the increasingly complex world of enterprise security, according to CompTIA Cybersecurity has been a concern and a priority for businesses for some time, but new technology models and a greater reliance on technology are driving changes on More http://www.secuobs.com/revue/news/604374.shtmlhttp://www.secuobs.com/revue/news/604374.shtml BSides Nashville 2016 - Container Chaos Docker Security Container Auditing2016-04-21 15:22:16 - SecurityTube.Net : Docker is one of the hottest tech trends of the past few years Containerized applications are convenient, scalable, and when implemented correctly can offer some security advantages However, with nearly 30pourcents of Docker containers showing that they are vulnerable to threats, how can the security team deal with this powerful new DevOps tool In this talk, we will explain some of the issues with securing Docker from privilege issues with the daemon to improper container builds We will then discuss best practices for deploying Docker securely without losing scalability For More Information Please Visit - http wwwbsidesnashorg http wwwirongeekcom iphp page videos bsidesnashville2016 mainlist http://www.secuobs.com/revue/news/604335.shtmlhttp://www.secuobs.com/revue/news/604335.shtml DakotaCon 2015 - Michael Iedema - Software Defined Radios and Cellular Network Security2016-04-21 15:22:16 - SecurityTube.Net : Michael Iedema - DakotaCon 2015 at Dakota State University, Madison SD For More Information Please Visit - http dakotaconorg http://www.secuobs.com/revue/news/604332.shtmlhttp://www.secuobs.com/revue/news/604332.shtml DakotaCon 2015 - Scott Erven - Medical Device Security - Infection Prevention2016-04-21 15:22:16 - SecurityTube.Net : Scott Erven - DakotaCon 2015 at Dakota State University, Madison SD For More Information Please Visit - http dakotaconorg http://www.secuobs.com/revue/news/604328.shtmlhttp://www.secuobs.com/revue/news/604328.shtml DakotaCon 2016 - Senator Mike Rounds - Legislating Cyber Security An Overview from Capital Hil2016-04-21 15:22:16 - SecurityTube.Net : On January 6th, 2015, Senator Marion Michael Mike Rounds was sworn into the United States Senate Senator Rounds serves on four committees Senate Armed Services Banking, Housing and Urban Affairs Veterans' Affairs and Environment and Public Works Rounds previously served as the 31st governor of South Dakota from 2003 - 2011, easily winning reelection in 2006 From 1991 to 2000, he was elected five times to the South Dakota State Senate In 1995, his colleagues selected him to serve as Senate Majority Leader, a position that he held for six years During his time in state government, Rounds was committed to growing the economy, keeping taxes low and strengthening South Dakota families A lifelong South Dakotan, Senator Rounds was born in Huron, the eldest of 11 siblings He earned a bachelor's degree in political science from South Dakota State University In the private sector, Rounds built a successful insurance and real estate business with offices throughout the state He and his wife, Jean, currently reside in Fort Pierre They are the proud parents of four grown children and eight grandchildren For More Information Please Visit - http dakotaconorg http://www.secuobs.com/revue/news/604324.shtmlhttp://www.secuobs.com/revue/news/604324.shtml Presentation Automotive Security2016-04-21 15:22:16 - SecurityTube.Net : Dan Klinedinst, presents on his recent research into hacking vehicles by abusing aftermarket ODB-II TCUs such as the Progressive and Uber devices This comes on the heels of a lot of publicity around car hacking, including Chris Valasek's highly publicized wireless Jeep hack and other media Table of Contents 00 00 - Begin 00 06 - Introductions 00 32 - Who is Dan Klinedinst 01 52 - Vehicles are Code 02 40 - Automotive Vulnerability Analysis 03 55 - Aftermarket OBD-II Devices 06 44 - Yes we CAN 08 06 - The CAN bus 10 48 - Example 17 52 - Car Networks 22 47 - Our Victim 23 29 - Our Contestants 24 41 - Example App 25 20 - Example Desktop App 26 01 - Attack Vectors 27 15 - General Architecture 28 05 - WiFi 31 16 - Delphi Connect Verizon 33 22 - Development Device 41 24 - Messing with the car 45 38 - Potential Impacts 48 15 - Next Steps 50 34 - Questions http://www.secuobs.com/revue/news/604322.shtmlhttp://www.secuobs.com/revue/news/604322.shtml Hacking Team postmortem is something all security leaders should read2016-04-21 15:09:05 - LinuxSecurity.com Latest News : LinuxSecuritycom Hacking Team is back in the news again Last weekend, the person responsible for Hacking Team's meltdown posted a recap of the incident, including a detailed overview of how they hacked the Italian firm It's a fascinating read on its own, but the postmortem should be essential reading for anyone that supports or manages a security program http://www.secuobs.com/revue/news/604318.shtmlhttp://www.secuobs.com/revue/news/604318.shtml Senate Passes Bipartisan Energy Bill To Develop New Technologies, Improve Cybersecurity2016-04-21 01:29:50 - Slashdot Your Rights Online : An anonymous reader quotes a report from Washington Post The US Senate acted in a bipartisan fashion to pass a sweeping energy bill, touching on everything from cybersecurity for power plants to the future of the grid The bill resulted from collaboration between Alaska Republican Sen Lisa Murkowski and Washington Democratic Sen Maria Cantwell The bill, if it merges with House legislation and becomes law, would unleash billions in research and development on new energy technologies, including energy storage, hydrokinetic and marine energy and advancing the electric grid Many of these initiatives have substantial aisle-crossing appeal, and some could, at least indirectly, help address the problem of climate change The bill also reauthorizes the Land and Water Conservation Fund, and contains provisions promoting more research on the sequestering of carbon emissions from coal burning and hastening the approval of pipelines and liquefied natural gas exports The bill, said Alliance to Save Energy president Kateri Callahan, not only saves homeowners and businesses money and creates jobs, but it also has a huge environmental return by avoiding 15 billion tons of carbon emissions Energy efficiency truly is a win-win-win for our country, making our economy more energy productive, protecting our environment and enhancing our energy security IMAGE IMAGE Share on Google Read more of this story at Slashdot http://www.secuobs.com/revue/news/604281.shtmlhttp://www.secuobs.com/revue/news/604281.shtml Risky Business 408 -- Advertising ecosystem security with Dan Kaminsky, news with Grugq2016-04-20 20:17:32 - Risky Business : Tagline Deja WHOAH Media URL http mediariskybiz RB408mp3Content HeadersContent Length 35292260 Content Type audio mpeg On this week's show, as promised, we'll be checking in with Dan Kaminsky of WhiteOps to discuss their bread and butter -- click fraud prevention We also get his thoughts on what the ad industry could do to stamp out malvertising As you'll hear, he thinks the only way forward is to actually fix browsers Seems sensible to us Adam Boileau is taking a well-deserved week off, so The Grugq pops in to fill in We'll chat to him about all the infosec news of the last week Links to everything are in this week's show notes read more http://www.secuobs.com/revue/news/604266.shtmlhttp://www.secuobs.com/revue/news/604266.shtml 5 Tips for Healthcare Cyber Security2016-04-20 18:01:22 - Security Bloggers Network : In a previous blog, we discussed the recent epidemic of ransomware attacks on US healthcare organizations and the importance of the industry taking this very serious cyber Security threat and healthcare cyber security in general seriously The good news is that although a ransomware attack can bring a healthcare facility to its knees, The post 5 Tips for Healthcare Cyber Security appeared first on MichaelPetersorg http://www.secuobs.com/revue/news/604259.shtmlhttp://www.secuobs.com/revue/news/604259.shtml Lock and Key Decrypting the Cybersecurity Act of 2015 s encryption mandate2016-04-20 18:01:22 - Security Bloggers Network : lockandkeyjpg Federal organizations are in dire need of data-centric solutions with simplified protection to mitigate security risks Government s demand for data protection is higher than ever Now is the time to take security measures to the next level IMAGE IMAGE IMAGE IMAGE IMAGE http://www.secuobs.com/revue/news/604256.shtmlhttp://www.secuobs.com/revue/news/604256.shtml IBM X-Force 2016 Cyber Security Intelligence Index2016-04-20 17:43:21 - Global Security Mag Online : IBM X-Force présente ce jour son 2016 Cyber Security Intelligence Index Ce rapport annuel revient sur l'année 2015 en s'appuyant sur les milliards de données opérationnelles et d'investigation, collectées par IBM Security Services, concernant des événements liés à la sécurité dans plus de 1000 entreprises à travers 100 pays Le rapport de cette année fournit un aperçu intéressant de la course aux armements qui se joue entre adversaires et défenseurs de la sécurité informatique Sans surprise, les pirates - Malwares http://www.secuobs.com/revue/news/604252.shtmlhttp://www.secuobs.com/revue/news/604252.shtml Cyber Insurance Security Tool or Hype 2016-04-20 16:13:49 - Security Bloggers Network : Is cyber insurance a useful security tool, or is it merely hype I discuss this topic in my latest SecurityWeek piece http wwwsecurityweekcom cyber-insurance-security-tool-or-hype I think you'll find my perspective a bit differen http://www.secuobs.com/revue/news/604239.shtmlhttp://www.secuobs.com/revue/news/604239.shtml Oracle security update patches 136 vulnerabilities2016-04-20 15:01:56 - Security Bloggers Network : A number of the bugs are critical issues which can lead to remote exploitation http://www.secuobs.com/revue/news/604227.shtmlhttp://www.secuobs.com/revue/news/604227.shtml BSides Nashville 2016 - How to get into ICS security2016-04-20 14:59:50 - SecurityTube.Net : This talk is about how to get into ICS securitybecause we don'۪t have enough people It covers knowing the basics, ICS security standards like NIST SP800-82 and ISA99 IEC62443 , threats to ICS, and basic defense measures For More Information Please Visit - http wwwbsidesnashorg http wwwirongeekcom iphp page videos bsidesnashville2016 mainlist http://www.secuobs.com/revue/news/604220.shtmlhttp://www.secuobs.com/revue/news/604220.shtml Stormshield adapte son offre Stormshield Network Security aux fournisseurs de services Cloud2016-04-20 10:56:38 - Global Security Mag Online : Stormshield annonce le lancement de Stormshield Network for Cloud Provider Cette offre Cloud de sécurisation réseau en mode pay-as-you-go a été développée pour répondre aux problématiques de sécurité des professionnels du Cloud et de leurs clients Aujourd'hui, les responsables IT doivent faire davantage avec moins Il leur devient difficile voire impossible de déployer des infrastructures et logiciels en les payant d'avance, comme cela est souvent la règle Ainsi la migration vers le Cloud et les - Produits http://www.secuobs.com/revue/news/604204.shtmlhttp://www.secuobs.com/revue/news/604204.shtml Employees risk corporate security by accessing pirated content2016-04-20 07:44:25 - Help Net Security : 6 in 10 Brits who use personal devices for work also use the same device for streaming or downloading pirated content Whilst the research, conducted by OnePulse, found that 80pourcents of individuals in the UK who access pirated content on these devices do consider the personal security risks of doing so, such as a malware infection, 4 in 10 do not consider the security implications for their organisation when accessing this content Malware incidents From More http://www.secuobs.com/revue/news/604191.shtmlhttp://www.secuobs.com/revue/news/604191.shtml How iMessage distributes security to block phantom devices 2016-04-20 05:42:48 - Security Bloggers Network : Last Friday I spent some time in a discussion with senior members of Apple s engineering and security teams While I knew most of the technical content, it really clarified more on how Apple approaches security, much of which they ve never explicitly stated, even on background Most of that is fodder for another post coming next, but I wanted to focus on one particular technical feature I ve never seen clearly documented before that highlights both Apple s approach to security, and shows that iMessage is more secure than I thought It turns out you can t add devices to an iCloud account without triggering an alert since that analysis happens on your device, and doesn t rely totally on a push notification from the server Apple put the security logic in your device, even though the system still needs a central authority Basically, they designed it to not trust themselves iMessage is one of the more highly-rated secure messaging systems available to consumers, at least according to the Electronic Frontier Foundation That doesn t mean it s perfect, that doesn t mean it s without flaws, but it s an extremely secure system especially when you consider it s basically invisible to end users just use it like any text messaging and on something like a billion devices I m not going to dig into the deep details of iMessage you can read about them in Apple s iOS Security Guide , and I also highly recommend you look at the recent research paper by Matthew Green and associates at Johns Hopkins University that exposed some design flaws in the system Here s a simplified overview of how it works Each device tied to your iCloud account generates its own public private key pair and sends the public key up to an Apple directory server The private key never leaves your device, and is protected by the device s Data Protection encryption scheme the one getting all the attention lately When you go to send an iMessage, your device checks Apple s directory server for the public keys of all the recipients on all their devices based on their iCloud user ID and phone number Your phone encrypts a copy of the message for each recipient with their public keys for each device I currently have five or six devices tied to my iCloud account, which means if you send me a message your phone actually creates five or six copies, each encrypted with the public key for each of my devices For you non-security readers, a public private keypair means if you encrypt something with the public key, it can only be decrypted with the private key and vice-versa Since I never share my private key, I can make my public key very public Then people can encrypt things that only I can read since only I have the private key Apples Push Notification Service APN then sends all the messages to their destination devices If you have multiple devices, you also encrypt and send copies to all your own devices so you keep the message thread Again, this is a simplification, but what it means is Every message is encrypted from end to end Messages are encrypted using keys tied to your devices, that cannot be removed okay, there is probably a way, especially on Macs, but not easily Each message is encrypted multiple times for each destination device, so your private keys are never shared between devices There s actually a lot more going on, with multiple encryption and signing operations, but that s the core of it Now according to that Johns Hopkins paper there are some exploitable weaknesses in the system the known ones are patched , but nothing trivial, and Apple continues to harden things Keep in mind that Apple focuses on protecting us from criminals, not necessarily governments despite current events It s just that at some point those two priorities always converge due to the inherent nature of security It turns out that one obvious weakness I ve seen mentioned in some blog posts and presentations isn t actually a weakness at all, thanks to a design decision iMessage is a centralized system with a central directory server If someone could compromise that server, they could add phantom devices to tap conversations or completely reroute them to a new destination To limit this Apple sends you a notification every time a device is added to your iCloud account I always thought Apple s server detected a new entry and then pushed out a notification, which would mean that if they were deeply compromised okay, forced by a government to alter their system that the notification could be faked, but that isn t how it works Your device checks it s own registry of keys, and pops up an alert if it sees a new one tied to your account Now according to the Johns Hopkins paper they managed to block the push notifications on a local network that triggered checking the directory and creating the alert That s easy to fix, and although unconfirmed, I highly suspect a fix is coming in a future update Once in place that will make it impossible to tap a line using a phantom device without at least someone in the conversation receiving an alert The way the current system works you also can t add a phantom recipient since your device checks for the addresses you specify Now both of those could change if Apple were, say, forced to change their fundamental architecture and code on both the server and device side This isn t something criminals could do, and under current law thanks to CALEA the US government can t force Apple to make this kind of change since it involves fundamental changes to the operation of the system It s a design decision I like Apple could have easily decided to push the notifications from the server and use that as the root authority for both the keys and the registered devices, but instead they chose to have the devices themselves detect any new devices based on new keys being registered which is why the alerts pop up on everything you own when you add one It balances the need for a central authority to keep the system usable with security and privacy by putting the logic in the hardware in your pocket or desk, or tote bag, or whatever I believe FaceTime uses a similar mechanism iCloud Keychain and Keychain Backup use a different, but similar mechanism that relies as much as possible on your device The rest of iCloud is far more open but I do also expect that to change over time Overall it s a solid balance of convenience and security Especially when you consider there are a billion Apple devices out there iMessage doesn t eliminate the need for true zero-knowledge messaging systems, but it is extremely secure when you consider it s basically a transparent replacement for text messaging - Rich 0 Comments Subscribe to our daily email digest http://www.secuobs.com/revue/news/604187.shtmlhttp://www.secuobs.com/revue/news/604187.shtml Security Firm Discovers Secret Plan To Hack Numerous Websites and Forums2016-04-20 04:24:16 - Slashdot Your Rights Online : An anonymous reader writes According to Softpedia, Security researchers from SurfWatch Labs have shut down a secret plan to hack and infect hundreds or possibly thousands of forums and websites hosted on the infrastructure of Invision Power Services, makers of the IPBoard forum platform The man behind this plan was a hacker known as AlphaLeon, maker of the Thanatos malware-as-a-service platform AlphaLeon hacked IPBoard's customer hosting platform, and was planning to place an exploit kit that would infect the visitors to these websites with his Thanatos trojan, in order to grow his botnet Some of the companies using IPBoard-hosted forums include Evernote, the NHL, the Warner Music Group, and Bethesda Softworks Elder Scrolls, Fallout, Wolfenstein, Doom games IMAGE IMAGE Share on Google Read more of this story at Slashdot http://www.secuobs.com/revue/news/604179.shtmlhttp://www.secuobs.com/revue/news/604179.shtml Security and Convenience Don t Mix2016-04-19 19:03:22 - Security Bloggers Network : David Storch is a Product Manager and Principal Consultant at Atos and a featured guest blogger In a press conference in March 2015 Hillary Clinton said When I got to work as secretary of state, I opted for convenience to use my personal email account because I thought it would be easier to carry just http://www.secuobs.com/revue/news/604147.shtmlhttp://www.secuobs.com/revue/news/604147.shtml Enterprise Security Concerns for Consumer IoT Devices2016-04-19 19:03:22 - Security Bloggers Network : By Andrew Hay, CISO, DataGravity What are the security implications of consumer Internet of Things IoT devices being introduced into modern business environments and how to you protect your organization as a result At RSA 2016 I was able to pose this question to a full room of business executives, IT architects, and security analysts who were responsible for dealing with this very real concern Several participants in this Peer2Peer session shared that their primary concern when it comes to employee-owned IoT devices was not discovering that they were present, but rather gaining http://www.secuobs.com/revue/news/604145.shtmlhttp://www.secuobs.com/revue/news/604145.shtml 19 open source GitHub projects for security pros2016-04-19 17:01:23 - LinuxSecurity.com Latest News : LinuxSecuritycom GitHub has a ton of open source options for security professionals, with new entries every day Add these tools to your collection and work smarter http://www.secuobs.com/revue/news/604134.shtmlhttp://www.secuobs.com/revue/news/604134.shtml Web Application Security Basics - Keeping All Your Software Up To Date2016-04-19 15:24:18 - Netsparker Web Application Security Scanner : One of the most basic principles of IT and web application security is to always run the latest version of the software that you use on your web server, websites and everything else that has some sort of software executed on it Yet sometimes the most basic principles are those that are ignored and most commonly exploited in successful hack attacks, case in point Mossack Fonseca What Happened at Mossack Fonseca and How did the Panama Papers Leak Happen ------------------------------------------------------------------- A lot has been said on the news on how the Panama Papers leak could have had happened Some news outlets said that the attackers gained access by exploiting a SQL Injection in a vulnerable version of WordPress, or a plugin Some others, including security software vendors said that the attackers exploited a SSL vulnerability such as either Heartbleed, Poodle or Drown One thing is for sure Mossack Fonseca were running their websites and customer portals using very old versions of WordPress, Drupal, Apache, SSL, PHP and several other components All of these software components had known vulnerabilities If Mossack Fonseca kept its software up to date none of this would have happened and the prime minister of Iceland would not have resigned Old Vulnerable Software Components Are a Big Web Security Problem ------------------------------------------------------------------- Mossack Fonseca got all the media s attention because many world leaders and businessmen are involved in this leak, though this is not the first time that old software was the cause of a successful hack attack Just last year a security research identified a vulnerability in a popular WordPress plugin called RevSlider As per usual, the developer released a fix though thousands of WordPress websites still got hacked through this vulnerability months later Actually, till this day there are WordPress websites being hacked through this vulnerability There are two reasons why so many WordPress websites are still being hacked through this vulnerability after all this time 1 Many WordPress website owners fail to keep their plugins up to date, 2 The plugin was shipped as a built-in component in several popular WordPress themes, and most of the theme developers did not update their themes or alert their customers Lessons Learnt - Always Keep Your Software Up To Date ----------------------------------------------------- Both the Mossack Fonseca and the RevSlider WordPress plugin issues are a perfect example of how important it is to always keep any software you use and web components, frameworks etc up to date That is why at Netsparker we focus on both heuristic web application security scanning and non heuristic checks, such as checks for possible vulnerable JavaScript libraries and other known software such as WordPress and Joomla Some More Food for Thought what Could Outdated Software Lead To Shouldn t the Panama paper leaks have happened, there wouldn t be a global turmoil about taxes, politicians and businessman I am in no way justifying any of the actions such people have done I am just highlighting the ramifications of not keeping all your software up to date From a simple mistake of not updating WordPress, or an SSL library, to a prime minister resignation and a political crisis And this is just the beginning IMAGE IMAGE IMAGE http://www.secuobs.com/revue/news/604118.shtmlhttp://www.secuobs.com/revue/news/604118.shtml USENIX Enigma 2016 - Why Is Usable Security Hard, and What Should We Do about it 2016-04-19 13:35:05 - SecurityTube.Net : Everyone wants to build software that's both usable and secure, yet the world is full of software that falters at this intersection How does this happen I experienced the disconnect firsthand, when the Chrome security team redid Chrome's security UI to conform to best practices for usable security In the process, we learned how hard it is to actually adhere to oft-cited wisdom about usable security when faced with real-world constraints and priorities With a set of case studies, I'll illustrate the limitations we encountered when trying to apply common wisdom to a browser with more than a billion users and discuss what has actually worked for us in practice, which might work for other practitioners too For More Information Please Visit - https wwwusenixorg conference enigma2016 http://www.secuobs.com/revue/news/604104.shtmlhttp://www.secuobs.com/revue/news/604104.shtml USENIX Enigma 2016 - Hacking Health Security in Healthcare IT Systems2016-04-19 13:35:05 - SecurityTube.Net : How is healthcare IT security different from all other application Let me count the ways You ve got doctors with god complexes, regulators who sometimes do and sometimes don t understand the impact of their decisions, patients who want access to their medical data in real time on their mobile device and make sure nobody else can see it , and entrepreneurs churning out new devices, systems and protocols at warp speed At the same time, health data is moving to the cloud, medical devices are connecting to the Internet, and technology has become wearable How are we supposed to secure anything in this environment We ll talk For More Information Please Visit - https wwwusenixorg conference enigma2016 http://www.secuobs.com/revue/news/604101.shtmlhttp://www.secuobs.com/revue/news/604101.shtml Samsung KNOX, élu plateforme la plus sécurisée, selon le rapport Gartner Mobile Device Security A Comparison of Platforms 2016-04-19 12:09:01 - Global Security Mag Online : Samsung Electronics Co, Ltd vient d'annoncer que Samsung KNOX 26, solution de sécurité native de niveau militaire , est la plateforme ayant reçu les meilleures notes dans le rapport Gartner, Inc Mobile Device Security A Comparison of Platforms Ce rapport, publié le 6 avril 2016, a comparé les principales fonctionnalités de sécurité des systèmes d'exploitation intégrées sur 12 plateformes d'appareils mobiles, ainsi que leurs capacités de gestion de politiques IT d'entreprise Selon Gartner, - Magic Quadrant http://www.secuobs.com/revue/news/604093.shtmlhttp://www.secuobs.com/revue/news/604093.shtml Ask Sucuri Differentiate Between Security Firewalls2016-04-19 10:38:41 - Security Bloggers Network : Question How should a website owner differentiate between Firewalls What do they do The term firewall is not new It is common terminology in the world of technology and security, and possibly common enough that even non-technical people have a basic understanding of what a firewall is Its meaning actually extends beyond security The brick walls that Read More The post Ask Sucuri Differentiate Between Security Firewalls appeared first on Sucuri Blog http://www.secuobs.com/revue/news/604084.shtmlhttp://www.secuobs.com/revue/news/604084.shtml Global security appliance market continues to grow2016-04-19 08:50:49 - Help Net Security : The global security appliance market is projected to grow at a CAGR of more than 11pourcents by 2020 Global security appliance market by large enterprises Technavio predicts the security appliance market by large enterprises to grow at a CAGR of 1225pourcents to reach USD 5745 billion by 2020 In 2015, large enterprises accounted for the largest market share with 4341pourcents A major factor contributing to the growth of the market in the recent years is More http://www.secuobs.com/revue/news/604072.shtmlhttp://www.secuobs.com/revue/news/604072.shtml Rogue Source Code Repos Can Compromise Mac Security Due To Old Git Version2016-04-19 04:31:15 - Slashdot Your Rights Online : An anonymous reader writes Recent Mac versions come bundled with a very old version of Git 264 that is vulnerable to two security flaws that allow attackers to execute code on the device when the user forks a Git repo holding malicious code The problem is that users can't upgrade this Git repo, they can't change its runtime permissions, nor can they remove it because Apple blocks even root users from twiddling with some system-level programs If you rely on machines like this, I am truly sorry I feel for you, the researcher wrote on her blog I wrote this post in an attempt to goad them Apple into action because this is affecting lots of people who are important to me They are basically screwed until Apple deigns to deliver a patched git unto them IMAGE IMAGE Share on Google Read more of this story at Slashdot http://www.secuobs.com/revue/news/604068.shtmlhttp://www.secuobs.com/revue/news/604068.shtml Flashback Declassified 1970 DOD cybersecurity document still relevant2016-04-18 14:23:01 - Risk Assessment Ars Technica : The Ware Report's recommendations still important as proven by ransomware and breaches http://www.secuobs.com/revue/news/604018.shtmlhttp://www.secuobs.com/revue/news/604018.shtml USENIX Enigma 2016 - Usable Security The Source Awakens2016-04-18 13:08:07 - SecurityTube.Net : Many aspects of information security combine technical and human factors If a highly secure system is unusable, users will try to circumvent the system or migrate entirely to less secure but more usable systems Problems with usability are a major contributor to many recent high-profile security failures The research domain of usable security and privacy addresses these issues However, the main focus of researchers in this field has been on the non-expert end-user After placing this issue in context of current research, the presenter will argue that we need to push the frontiers of usable security research to include the human aspects of system security and the administrators and developers involved in it The talk will use TLS as an example to illustrate usable security and privacy issues across all levels and for all actors involved in the system For More Information Please Visit - https wwwusenixorg conference enigma2016 http://www.secuobs.com/revue/news/604011.shtmlhttp://www.secuobs.com/revue/news/604011.shtml USENIX Enigma 2016 - Modern Automotive Security History, Disclosure, and Consequences2016-04-18 13:08:07 - SecurityTube.Net : Over the last six years, a range of research has transformed our understanding of automobiles What we traditionally envisioned as mere mechanical conveyances are now more widely appreciated as complex distributed systems with wheels A car purchased today has virtually all aspects of its physical behavior mediated through dozens of microprocessors, themselves networked internally, and connected to a range of external digital channels As a result, software vulnerabilities in automotive firmware potentially allow an adversary to obtain arbitrary control over the vehicle Indeed, multiple research groups have been able to demonstrate such remote control of unmodified automobiles from a variety of manufacturers In this talk, I'll highlight how our understanding of automotive security vulnerabilities has changed over time, how unique challenges in the automotive sector give rise to these problems, and how different approaches to disclosure have played a role in driving industry and government response For More Information Please Visit - https wwwusenixorg conference enigma2016 http://www.secuobs.com/revue/news/604008.shtmlhttp://www.secuobs.com/revue/news/604008.shtml US government is lousy at cybersecurity2016-04-18 11:54:04 - Help Net Security : SecurityScorecard released its 2016 Government Cybersecurity Report, a comprehensive analysis that exposes alarming cybersecurity vulnerabilities across 600 local, state, and federal government organizations in the United States Each US government organization was evaluated based on their overall security hygiene and security reaction time compared to their industry peers The company also analyzed the specific scores of NASA, the FBI, and the IRS, all of which fell victim to data breaches in early 2016 Among the More http://www.secuobs.com/revue/news/604001.shtmlhttp://www.secuobs.com/revue/news/604001.shtml Week in review The inconvenient truth about API security, and the perfect exfiltration technique2016-04-18 08:13:35 - Help Net Security : Here s an overview of some of last week s most interesting news and articles Uninstall QuickTime for Windows today Trend Micro s Zero Day Initiative has released advisories detailing two new, critical, remote code execution vulnerabilities affecting QuickTime for Windows, but Apple is not going to fix them EU approves new data protection rules The reform will replace the current data protection directive, dating back to 1995 when the internet was still in its infancy, with a More http://www.secuobs.com/revue/news/603987.shtmlhttp://www.secuobs.com/revue/news/603987.shtml Atique Orthodontics, PA Notifies Patients of Security Incident2016-04-16 05:40:19 - Office of Inadequate Security : SAN ANTONIO, April 15, 2016 PRNewswire Atique Orthodontics, PA AOPA is notifying certain patients about a http://www.secuobs.com/revue/news/603924.shtmlhttp://www.secuobs.com/revue/news/603924.shtml How to Get More Out of Your Mobile Application Security Testing Tools2016-04-15 23:22:20 - Security Bloggers Network : Users expect the apps they download to be secure and safe, in addition to fast and feature-packed It s up to The post How to Get More Out of Your Mobile Application Security Testing Tools appeared first on Checkmarx http://www.secuobs.com/revue/news/603905.shtmlhttp://www.secuobs.com/revue/news/603905.shtml Senate anti-encryption bill is itself a threat to national security2016-04-15 23:22:20 - Security Bloggers Network : The proposed Burr-Feinstein anti-encryption bill would put every American at risk of being spied on by foreign nations, hackers, or even the next US president http://www.secuobs.com/revue/news/603903.shtmlhttp://www.secuobs.com/revue/news/603903.shtml Man Faces 10 Years in Prison for DDoS Attack against Security Researcher2016-04-15 16:48:57 - LinuxSecurity.com Latest News : LinuxSecuritycom A man faces up to 10 years in prison for launching a distributed denial-of-service DDoS attack against a security researcher Benjamin Earnest Nichols, 37, of Oklahoma City, appeared before Judge David L Horan earlier this month and pleaded guilty to one count of knowingly causing the transmission of a program or code to a protected computer http://www.secuobs.com/revue/news/603879.shtmlhttp://www.secuobs.com/revue/news/603879.shtml Obama Forms Commission To Bolster US Cyber Security2016-04-15 16:33:09 - Slashdot Your Rights Online : An anonymous reader writes President Obama unveiled a commission of private, public and academic experts to bolster the US cyber security sector The Commission on Enhancing National Cybersecurity will be co-chaired by former IBM CEO Sam Palmisano and Tom Donilon, the President's former national security adviser Some other notable members include MasterCard CEO Ajay Banga, Microsoft Research VP Peter Lee, Uber's current and Facebook's former Chief Security Officer Joe Sullivan, Frontier Communications Executive Chairperson Maggie Wildrotter, and Annie Anton, chair of the School of Interactive Computing at Georgia Tech The specific goals of the commission are to Raise the level of cybersecurity in both the public and private sectors, deter, disrupt, and interfere with malicious cyber activity aimed at the US or its allies and respond effectively to and recover from cyber incidents IMAGE IMAGE Share on Google Read more of this story at Slashdot http://www.secuobs.com/revue/news/603853.shtmlhttp://www.secuobs.com/revue/news/603853.shtml Report US Government Worse Than All Major Industries On Cyber Security2016-04-15 16:33:09 - Slashdot Your Rights Online : schwit1 quotes a report from Reuters US federal, state and local government agencies rank in last place in cyber security when compared against 17 major private industries, including transportation, retail and healthcare, according to a new report released Thursday The analysis, from venture-backed security risk benchmarking startup SecurityScorecard, measured the relative security health of government and industries across 10 categories, including vulnerability to malware infections, exposure rates of passwords and susceptibility to social engineering, such as an employee using corporate account information on a public social network Educations, telecommunications and pharmaceutical industries also ranked low, the report found Information services, construction, food and technology were among the top performers And we are supposed to trust them with healthcare This report comes after President Obama recently unveiled a commission of private, public and academic experts to bolster the US cyber security sector IMAGE IMAGE Share on Google Read more of this story at Slashdot http://www.secuobs.com/revue/news/603851.shtmlhttp://www.secuobs.com/revue/news/603851.shtml IRS Security2016-04-15 16:20:40 - Security Bloggers Network : Monday is Tax Day Many of us are thinking about our taxes Are they too high or too low What's our money being spent on Do we have a government worth paying for I'm not here to answer any of those questions -- I'm here to give you something else to think about In addition to sending the IRS your money, you're also sending them your data It's a lot of highly personal financial data, so it's sensitive and important information Is that data secure The short answer is no Every year, the GAO -- Government Accountability Office -- reviews IRS security and issues a report The title of this year's report kind of says it all IRS Needs to Further Improve Controls over Financial and Taxpayer Data The details are ugly failures in identification and authentication of network users, failures to encrypt data, failures in audit and monitoring and failures to patch vulnerabilities and update software To be fair, the GAO can sometimes be pedantic in its evaluations And the 43 recommendations for the IRS to improve security aren't being made public, so as not to advertise our vulnerabilities to the bad guys But this is all pretty basic stuff, and it's embarrassing More importantly, this lack of security is dangerous We know that cybercriminals are using our financial information to commit fraud Specifically, they're using our personal tax information to file for tax refunds in our name to fraudulently collect the refunds We know that foreign governments are targeting US government networks for personal information on US citizens Remember the OPM data theft that was made public last year in which a federal personnel database with records on 215 million people was stolen There have been some stories of hacks against IRS databases in the past I think that the IRS has been hacked even more than is publicly reported, either because the government is keeping the attacks secret or because it doesn't even realize it's been attacked So what happens next If the past is any guide, not a lot The GAO has been warning about problems with IRS security since it started writing these reports in 2007 In each report, the GAO has issued recommendations for the IRS to improve security After each report, the IRS did a few of those things, but ignored most of the recommendations In this year's report, for example, the GAO complained that the IRS ignored 47 of its 70 recommendations from 2015 In its 2015 report, it complained that the IRS only mitigated 14 of the 69 weaknesses it identified in 2013 The 2012 report didn't paint IRS security in any better light If I had to guess, I'd say the IRS's security is this bad for the exact same reason that so much corporate network-security is so bad lack of budget It's not uncommon for companies to skimp on their security budget The budget at the IRS has been cut 17pourcents since 2010 I am certain IT security was not exempt from those cuts So we're stuck We have no choice but to give the IRS our data The IRS isn't doing a good job securing our data Congress isn't giving the IRS enough budget to do a good job securing our data Last Tuesday, the Senate Finance Committee urged the IRS to improve its security We all need to urge Congress to give it the money to do so Nothing is absolutely hacker-proof, but there are a lot of security improvements the IRS can make If we have to give the IRS all our information -- and we do -- we deserve to have it taken care of properly This essay previously appeared on CNNcom http://www.secuobs.com/revue/news/603831.shtmlhttp://www.secuobs.com/revue/news/603831.shtml How the web changes with HTTP 2 Performance and Security2016-04-15 16:20:40 - Security Bloggers Network : Changes to the web HTTP 2 Performance and Security On invitation by the Dutch consultancy firm Snow, I attended their Snow Unix Event SUE It was the third time in a row, with again an impressive lineup of speakers As I worked previously for the company, I expected no less than that The theme was about knowledge sharing That sounds like an invitation to also share some of the biggest insights I learned Let s start with the HTTP 2 insights by Daniel The post How the web changes with HTTP 2 Performance and Security appeared first on Linux Audit http://www.secuobs.com/revue/news/603830.shtmlhttp://www.secuobs.com/revue/news/603830.shtml 3 steps to embracing NIST 800 security controls2016-04-15 16:20:00 - Help Net Security : One proven path to improving any organization s security posture is to embrace the National Institute of Standards and Technology s risk management framework set forth in its NIST 800 series of documents NIST 800-53, in particular, lays out recommended policies and procedures covering access control, incident response, business continuity, disaster recoverability and about a dozen more key areas I can attest, based on a principle role I played in helping IDT911, get fully immersed in this More http://www.secuobs.com/revue/news/603825.shtmlhttp://www.secuobs.com/revue/news/603825.shtml Short URLs plus cloud services equal bad security2016-04-15 16:20:00 - Help Net Security : Short URLs are great when they lead to public websites, and documents and files that aren t meant to remain private, but you should think twice about using them to lead collaborators to content that s meant only for their eyes URLs created by many URL shortening services are so short that the entire space of possible URLs can be scanned or at least sampled on a large scale, researchers Martin Georgiev and Vitaly Shmatikov pointed out More http://www.secuobs.com/revue/news/603819.shtmlhttp://www.secuobs.com/revue/news/603819.shtml Guess what URL shorteners short-circuit cloud security2016-04-15 16:18:15 - Risk Assessment Ars Technica : Researchers search for Microsoft, Google short URLs, find exposed personal data http://www.secuobs.com/revue/news/603818.shtmlhttp://www.secuobs.com/revue/news/603818.shtml USENIX Enigma 2016 - From Concept to Deployment - the Life and Death of Security Features2016-04-15 16:16:31 - SecurityTube.Net : The research world is filled with new ideas about how to increase the security of shipping products Many of these ideas, however, never manage to make it into production Some ideas form the core for other technologies that do end up making it, some are relegated to a footnote in subsequent academic papers, and some disappear into obscurity In this presentation, I ll provide a case-study of several features developed either in the academic community or internally at BlackBerry At least one of these features has made it into a shipping product, while others have been left on the cutting-room floor I ll explore how the core idea morphed and was adapted before it managed to make it into product For More Information Please Visit - https wwwusenixorg conference enigma2016 http://www.secuobs.com/revue/news/603812.shtmlhttp://www.secuobs.com/revue/news/603812.shtml Le service de sécurité et de performances Imperva Incapsula est désormais intégré dans la solution Symantec Complete Website Security2016-04-14 17:21:49 - Global Security Mag Online : Imperva, Inc annonce l'intégration par Symantec du service Imperva Incapsula dans sa solution Complete Website Security Imperva Incapsula, un service cloud qui renforce la sécurité, les performances et la fiabilité des sites Web, complète ainsi l'offre Symantec de sécurisation des sites en apportant la capacité d'identifier et de contrer rapidement les risques liés aux attaques DDoS et autres types de cyberattaques La solution Symantec Complete Website Security va bien au-delà du cryptage pour - Produits http://www.secuobs.com/revue/news/603788.shtmlhttp://www.secuobs.com/revue/news/603788.shtml Equinix rejoint la Cloud Security Alliance2016-04-14 16:00:58 - Global Security Mag Online : Equinix, Inc, fournisseur international d'interconnexions et de datacentres, a annoncé rejoindre la Cloud Security Alliance CSA , une organisation à but non lucratif dont la mission est de promouvoir les meilleures pratiques afin d'assurer la sécurité au sein du cloud computing, éduquer sur ses usages pour une meilleure sécurisation des autres domaines informatiques Cet accord renforce son engagement à fournir des connexions sécurisées, directes et de haute performance à de multiples fournisseurs - Produits http://www.secuobs.com/revue/news/603778.shtmlhttp://www.secuobs.com/revue/news/603778.shtml USENIX Enigma 2016 - Computer Security and the Internet of Things2016-04-14 14:55:50 - SecurityTube.Net : Tadayoshi Kohno, Short-Dooley Professor of Computer Science Engineering, University of Washington Computers are now integrating into everyday objects, from medical devices to children's toys This integration of technology brings many benefits Without the appropriate checks and balances, however, these emerging technologies also have the potential to compromise our digital and physical security and privacy This talk will explore case studies in the design and analysis of computer systems for several types of everyday objects, including wireless medical devices, children's toys, and automobiles I will discuss the discovery of security risks with leading examples of these technologies, the challenges to securing these technologies and the ecosystem leading to their vulnerabilities, and new directions for security and privacy For example, I will discuss efforts in collaboration with UC San Diego to compromise the computers in an automobile from a thousand miles away, and the implications and consequences of this and other works I will also discuss directions for mitigating computer security and privacy risks, including both technical directions and education For More Information Please Visit - https wwwusenixorg conference enigma2016 http://www.secuobs.com/revue/news/603749.shtmlhttp://www.secuobs.com/revue/news/603749.shtml Security tips and tricks for businesses and consumers2016-04-14 07:57:14 - Help Net Security : In 2015, the number of zero-day vulnerabilities discovered more than doubled to a record-breaking 54, a 125 percent increase from the year before, reaffirming the critical role they play in lucrative targeted attacks, according to Symantec s Internet Security Threat Report As attackers evolve, there are many steps businesses and consumers can take to protect themselves As a starting point, Symantec recommends the following best practices For businesses Don t get caught flat-footed Use advanced threat and More http://www.secuobs.com/revue/news/603719.shtmlhttp://www.secuobs.com/revue/news/603719.shtml How is BYOD a security risk 2016-04-14 07:17:46 - Security Bloggers Network : How is BYOD a security risk Bring your own device BYOD strategy is when an employee uses their personal mobile device to work with your company from anywhere This strategy can bring about many advantages to your business such as increased efficiency and convenience However, this can also bring a number of security risks for your IT infrastructure and data The post How is BYOD a security risk appeared first on Health Security Solutions http://www.secuobs.com/revue/news/603715.shtmlhttp://www.secuobs.com/revue/news/603715.shtml From my Gartner Blog How to Plan and Execute Modern Security Incident Response NEW2016-04-14 07:17:46 - Security Bloggers Network : I had the opportunity to work with Anton on updating one of his best documents, How to Plan and Execute Modern Security Incident Response , which was published today on Gartnercom GTP Access required The document is a nice assessment of what organizations should be doing in terms of incident response today It covers some of the basics, but also the changes we ve been seeing in those practices in the past couple of years, especially the move to continuous IR As we say there, The traditional route of detecting incidents using security monitoring technologies is not the whole answer to today s threat landscape, which is laden with skilled and persistent threat actors Leading organizations don t just develop excellent security monitoring capabilities that operate in near-real time such as mature SOC capabilities based on SIEM tools They also seek to explore the data they collect in order to discover rather than detect in real time incidents that their own detection controls missed This is just one of the juicy bits from the document You can read more about in Anton s blog The post How to Plan and Execute Modern Security Incident Response NEW appeared first on Augusto Barros from Augusto Barros http ifttt 260UoHP via IFTTT IMAGE IMAGE IMAGE http://www.secuobs.com/revue/news/603713.shtmlhttp://www.secuobs.com/revue/news/603713.shtml From my Gartner Blog Gartner Security Risk Management Summit US2016-04-14 07:17:46 - Security Bloggers Network : So, the great Security Risk Management Summit is approaching June 13-16 , and I m happy to be one of the speakers there My sessions on the agenda are The World Is Changing How Does It Affect My Vulnerability Management Program Developing, Implementing and Optimizing Security Monitoring Use Cases Workshop Together with Anton Chuvakin To The Point Crossfire MSSP or In-House Battle of Security Outsourcing Also together with Anton Roundtable Building and Maintaining an Effective Vulnerability Management Program And another one with Anton Please come and say hi, it s always good to know who reads this blog - The post Gartner Security Risk Management Summit US appeared first on Augusto Barros from Augusto Barros http ifttt 1SAxbls via IFTTT IMAGE IMAGE IMAGE http://www.secuobs.com/revue/news/603712.shtmlhttp://www.secuobs.com/revue/news/603712.shtml Microsoft Trusted Cloud Security Summit2016-04-14 07:17:46 - Security Bloggers Network : Earlier this month, Microsoft hosted its third Trusted Cloud Security Summit in Washington DC The event brought together a wide range of security stakeholders from the different Microsoft cloud offerings and over a 100 federal department and agency participants, particularly those looking to adapt the FedRAMP High baseline, such as the Department of Homeland Security, Federal Bureau of Investigations, Department of Justice, State Department, the Treasury and the Food and Read more http://www.secuobs.com/revue/news/603709.shtmlhttp://www.secuobs.com/revue/news/603709.shtml NJ Woman sues hospital, claims HIV status was revealed in security breach2016-04-14 00:40:52 - Office of Inadequate Security : Anna Merriman reports A security breach at a Plainsboro hospital resulted in one employee s medical records and http://www.secuobs.com/revue/news/603693.shtmlhttp://www.secuobs.com/revue/news/603693.shtml From my Gartner Blog - Gartner Security Risk Management Summit US2016-04-14 00:01:55 - Security Balance : So, the great Security Risk Management Summit is approaching June 13-16 , and I m happy to be one of the speakers there My sessions on the agenda are The World Is Changing How Does It Affect My Vulnerability Management Program Developing, Implementing and Optimizing Security Monitoring Use Cases Workshop Together with Anton Chuvakin To The Point Crossfire MSSP or In-House Battle of Security Outsourcing Also together with Anton Roundtable Building and Maintaining an Effective Vulnerability Management Program And another one with Anton Please come and say hi, it s always good to know who reads this blog - The post Gartner Security Risk Management Summit US appeared first on Augusto Barros from Augusto Barros http ifttt 1SAxbls via IFTTT IMAGE IMAGE IMAGE http://www.secuobs.com/revue/news/603689.shtmlhttp://www.secuobs.com/revue/news/603689.shtml From my Gartner Blog - How to Plan and Execute Modern Security Incident Response NEW2016-04-14 00:01:55 - Security Balance : I had the opportunity to work with Anton on updating one of his best documents, How to Plan and Execute Modern Security Incident Response , which was published today on Gartnercom GTP Access required The document is a nice assessment of what organizations should be doing in terms of incident response today It covers some of the basics, but also the changes we ve been seeing in those practices in the past couple of years, especially the move to continuous IR As we say there, The traditional route of detecting incidents using security monitoring technologies is not the whole answer to today s threat landscape, which is laden with skilled and persistent threat actors Leading organizations don t just develop excellent security monitoring capabilities that operate in near-real time such as mature SOC capabilities based on SIEM tools They also seek to explore the data they collect in order to discover rather than detect in real time incidents that their own detection controls missed This is just one of the juicy bits from the document You can read more about in Anton s blog The post How to Plan and Execute Modern Security Incident Response NEW appeared first on Augusto Barros from Augusto Barros http ifttt 260UoHP via IFTTT IMAGE IMAGE IMAGE http://www.secuobs.com/revue/news/603688.shtmlhttp://www.secuobs.com/revue/news/603688.shtml 0-day exploits more than double as attackers prevail in security arms race2016-04-13 22:44:11 - Risk Assessment Ars Technica : Spike brings number to 54 in 2015, the highest ever recorded http://www.secuobs.com/revue/news/603683.shtmlhttp://www.secuobs.com/revue/news/603683.shtml April 2016 Patch Tuesday Releases 13 Security Patches Addresses the Badlock Vulnerability2016-04-13 20:46:50 - TrendLabs Security Intelligence Blog : 13 security bulletins were released in this month s Patch Tuesday addressing vulnerabilities in Internet Explorer, Microsoft Edge, Microsoft Office, and Microsoft XML Core Services, among others Out of these bulletins, six are rated as Critical while seven are tagged as Important Both MS16-037 and MS16-038 which fixed vulnerabilities in Internet Explorer and Edge respectively, could allow Post from Trendlabs Security Intelligence Blog - by Trend Micro April 2016 Patch Tuesday Releases 13 Security Patches Addresses the Badlock Vulnerability http://www.secuobs.com/revue/news/603676.shtmlhttp://www.secuobs.com/revue/news/603676.shtml NIST hosts a Cybersecurity Framework Workshop for 20162016-04-13 20:05:26 - Security Bloggers Network : For two days, April 6 and 7 2016, NIST National Institute for Standards and Technology hosted a workshop for the Cybersecurity Framework CSF This is the 7th they have heldIn developing the CSF, NIST held a series of 5 such workshops to gath http://www.secuobs.com/revue/news/603667.shtmlhttp://www.secuobs.com/revue/news/603667.shtml CBS had data leak during March Madness Security firm2016-04-13 17:27:37 - Office of Inadequate Security : Jessica Golden reports CBS Sports may have exposed more than just your busted March Madness bracket Mobile data management http://www.secuobs.com/revue/news/603660.shtmlhttp://www.secuobs.com/revue/news/603660.shtml How to End the Gender Diversity Problem in Cyber Security Forever2016-04-13 16:12:00 - Security Bloggers Network : We ourselves feel that what we are doing is just a drop in the ocean But the ocean would be less because of that missing drop Mother Teresa I live by this quote It s powerful It inspires me and it s one of the reasons why I do what I do Let me explain It Read More The post How to End the Gender Diversity Problem in Cyber Security Forever appeared first on The State of Security IMAGE http://www.secuobs.com/revue/news/603650.shtmlhttp://www.secuobs.com/revue/news/603650.shtml Siphoning Through the Alphabet Soup of Healthcare Security2016-04-13 16:12:00 - Security Bloggers Network : Extensive healthcare data contains enough information to not just apply for credit cards or loans, but it can compromise patients financial accounts and generate huge sums from fraudulent medical charges As a result, healthcare data is at a premium, which does not bode well at a time when data breaches are at an all-time high and organizations are still grasping how to handle these new and improved threats Click To Tweet Alphabet Soup of Risks for Healthcare IT Security The post Siphoning Through the Alphabet Soup of Healthcare Security appeared first on Data Security Blog Vormetric http://www.secuobs.com/revue/news/603649.shtmlhttp://www.secuobs.com/revue/news/603649.shtml Inspiring learning in cyber security and beyond2016-04-13 16:12:00 - Security Bloggers Network : Cyber professionals working at BT SecurityBy Rob Partridge, Learning and Development, BT Security Inspirational learning is the most effective way to achieve true understanding Here are easy ways you can make it happen in your workplace Giving and receiving inspiration I ve been privileged to be involved in two events recently aiming to inspire young people to make the right education http://www.secuobs.com/revue/news/603648.shtmlhttp://www.secuobs.com/revue/news/603648.shtml Security considerations in Games Platforms2016-04-13 16:12:00 - Security Bloggers Network : Online games have taken off over the last decade In the early years, multiplayer gaming was achieved by linking hosts directly together via Peer-to-peer links over public or private networks Today, Go on to the site to read the full article http://www.secuobs.com/revue/news/603644.shtmlhttp://www.secuobs.com/revue/news/603644.shtml How Has Let s Encrypt Impacted Web Security 2016-04-13 16:12:00 - Security Bloggers Network : When Let's Encrypt was founded at the end of 2014 it had a lofty goal promote the use of TLS everywhere by making certificates free and server configuration painless It was noted that for many web administrators, for both large http://www.secuobs.com/revue/news/603642.shtmlhttp://www.secuobs.com/revue/news/603642.shtml Underwriters Labs refuses to share new IoT cybersecurity standard2016-04-13 15:31:50 - Risk Assessment Ars Technica : Too many unhealthy products will pass the bare-minimum certification process http://www.secuobs.com/revue/news/603638.shtmlhttp://www.secuobs.com/revue/news/603638.shtml Dell Security sécurise l'accès des utilisateurs distants2016-04-13 15:15:49 - Global Security Mag Online : Dell annonce des mises à jour du système d'exploitation SonicWALL Secure Mobile Access SMA permettant aux salariés distants équipés d'un smartphone, d'une tablette ou d'un PC portable, infogéré ou non, d'obtenir un accès VPN SSL basé sur des règles aux applications, données et ressources critiques Dell SonicWALL SMA 114 permet aux entreprises d'accorder facilement à leurs collaborateurs où qu'ils se trouvent une autorisation d'accès mobile sécurisé à tout type de données, via le terminal de leur choix, - Produits http://www.secuobs.com/revue/news/603636.shtmlhttp://www.secuobs.com/revue/news/603636.shtml Security Weekly Talks About Web Application Security Automation with Netsparker CEO2016-04-13 13:31:28 - Netsparker Web Application Security Scanner : IMAGE If web application security is one of the many things you have on your job description, then you should watch episode 457 of Paul s Security Weekly In this episode, the show s host Paul Asadoorian is joint by industry veteran Jack Daniel, infosec consultant Joff Thyer and Netsparker s CEO and founder Ferruh Mavituna In this web application security focused episode participants discussed subjects such as 1 What is going on at Netsparker and the aim to automate as much as possible from the web vulnerability detection process to help organizations keep all of their complex web assets secure 2 How to find the right balance between speed, intrusiveness and thoroughness when using a security tool to automatically scan more than 1,000 websites and web applications for security flaws 3 How can enterprises digest all the information from the scan results of thousands of websites and pass all that information to the web developers so they can fix the identified vulnerabilities 4 How can businesses integrate automated web application security scanning at every stage of the SDLC, including automated scanning of the fixes that developers submit 5 The challenges web developers face when they have to write both functional and secure code, yet still meet the project s deadlines IMAGE IMAGE IMAGE http://www.secuobs.com/revue/news/603629.shtmlhttp://www.secuobs.com/revue/news/603629.shtml Shmoocon 2016 - Speak Security And Enter2016-04-13 11:43:06 - SecurityTube.Net : Every day, passionate security professionals encounter a common problem after bringing a student or colleague up to speed on best practices, it feels like nothing stuck Why does this happen And how can we change it up to get better outcomes This talk will help IT and security professionals find common ground with non-technical users In addition to sharing people-friendly metaphors, it will give attendees a solid set of communication strategies, and approaches to educate the average user about the mindset behind security to develop secure behaviors And yes spoiler alert there will definitely be some Lord of the Rings involved Jessy Irwin lives in San Francisco, and is Security Empress at AgileBits, makers of 1Password Her work focuses on security awareness and end-user education for nontechnical audiences She is an prolific writer, regular speaker, and outspoken advocate for stronger privacy and security protections in schools and education technology software For More Information Please Visit - http shmooconorg http://www.secuobs.com/revue/news/603613.shtmlhttp://www.secuobs.com/revue/news/603613.shtml Shmoocon 2016 - Software Security By The Numbers2016-04-13 11:43:06 - SecurityTube.Net : Every industry faces the challenge of securing software, so why do some industries get it while others struggle to manage the problem at scale In this session, we will share data drawn from over 200,000 application assessments performed via Veracode s cloud platform over an 18-month period This is the largest data set of its kind, and it provides unique insight into the state of software security Attendees can use this information to benchmark their AppSec program against peers, answering key questions such as Do I have more serious vulnerabilities than my peers What percentage of vulnerabilities do my peers remediate How many of our applications should pass the OWASP Top 10 when initially assessed What are the most common vulnerabilities in our vertical How do coding vulnerabilities manifest across different programming languages Chris Eng chriseng is vice president of research at Veracode Throughout his career, he has led projects breaking, building, and defending software for some of the world s largest companies He is an unabashed supporter of the Oxford comma and hates it when you use the word ask as a noun For More Information Please Visit - http shmooconorg http://www.secuobs.com/revue/news/603612.shtmlhttp://www.secuobs.com/revue/news/603612.shtml Shmoocon 2016 - LTE Security Protocol Exploits2016-04-13 11:43:06 - SecurityTube.Net : The Long Term Evolution LTE is the newest standard being deployed globally for mobile communications Despite the well understood security flaws of legacy 2G networks, which lack of mutual authentication and implement an outdated encryption algorithm, LTE is generally considered secure given its mutual authentication and strong encryption scheme To the day, the main cellular vulnerabilities being exploited in most IMSI catchers and stingrays are based on 2G base stations Nevertheless, rogue base stations and protocol exploits are also possible in LTE Before the authentication and encryption steps of a connection are executed, a mobile device engages in a substantial exchange of messages with any LTE base station real or rogue that advertises itself with the right broadcast information And this broadcast information is sent in the clear and can be easily sniffed This talk overviews my work on LTE protocol exploits ranging from full-LTE IMSI catchers, blocking of the SIM or the device until device reboot, severe battery drain, location leaks and low-power jamming Some of these exploits have been previously released in some form and some others have not, such as a new way to track devices as they hand over from tower to tower Roger Piqueras Jover is a Wireless Security Research Scientist at the Security Architecture team of Bloomberg LP Previous to that, he spent 5 years as Principal Member of Technical Staff at the AT T Security Research Center His work focuses on LTE mobile network security, protocol exploits and exploring the security of anything that communicates wirelessly For More Information Please Visit - http shmooconorg http://www.secuobs.com/revue/news/603601.shtmlhttp://www.secuobs.com/revue/news/603601.shtml Stormshield agrandit sa gamme de protection des données avec le lancement de Stormshield Data Security for Cloud Mobility 2016-04-13 10:47:23 - Global Security Mag Online : Stormshield sécurise les échanges de données dans le Cloud et sur les appareils mobiles grâce à Stormshield Data Security for Cloud Mobility Cette solution innovante, qui vient compléter la gamme Stormshield Data Security, protège proactivement les données des entreprises contre les cyber-menaces Le Cloud aide les entreprises à développer le nomadisme de leurs collaborateurs, et les amène à réfléchir à de nouveaux modes de travail L'accès instantané à l'information a permis aux entreprises de - Produits http://www.secuobs.com/revue/news/603589.shtmlhttp://www.secuobs.com/revue/news/603589.shtml Why ICS network attacks pose unique security challenges2016-04-13 09:17:14 - Help Net Security : Attacks on industrial control systems ICSs are increasing in frequency and have become a reality we can no longer ignore Securing these networks poses unique challenges, primarily because ICS networks are unlike traditional IT networks They use different technologies and perform discrete functions In order to protect them we first need to understand how they operate ICS networks are different Until recently, industrial networks were separated from the rest of the world by Air More http://www.secuobs.com/revue/news/603581.shtmlhttp://www.secuobs.com/revue/news/603581.shtml Panama Papers A data security disaster2016-04-13 08:36:25 - Help Net Security : The Panama Papers security breach is a juicy, made-for-the-Internet scandal It has all the elements secret off-shore accounts involvement by international politicians, criminals, celebrities and sports stars 115 million files cyber-filched from a law firm s files and then leaked to the media A Google search for Panama Papers yields more than 10 million hits The whole world is watching While most of the Panama Papers attention will focus on the salacious aspects, the breach More http://www.secuobs.com/revue/news/603579.shtmlhttp://www.secuobs.com/revue/news/603579.shtml Solving Endpoint Security2016-04-13 07:56:50 - Security Bloggers Network : Insanity doing the same thing over and over again and expecting different results As a security architect, I've come to truly loathe the endpoint security space The answer seems to be an unending stream of yet another agent to layer http://www.secuobs.com/revue/news/603577.shtmlhttp://www.secuobs.com/revue/news/603577.shtml Using VDI to Deliver Better Mobile Security2016-04-13 07:56:50 - Security Bloggers Network : Mobile computing continues to put a strain on IT departments VDI can help read more http://www.secuobs.com/revue/news/603571.shtmlhttp://www.secuobs.com/revue/news/603571.shtml 7 Habits of Highly Effective Endpoint Security2016-04-13 07:56:50 - Security Bloggers Network : The threat landscape has grown considerably since the the first PC arrived on the tech scene in the 1980s Indeed, as the amount of information transmitted and stored by organizations has grown, we have seen a corresponding increase in computer crime Today, approximately one million new malware samples are developed each day External actors use Read More The post 7 Habits of Highly Effective Endpoint Security appeared first on The State of Security IMAGE http://www.secuobs.com/revue/news/603569.shtmlhttp://www.secuobs.com/revue/news/603569.shtml Attacks are driving cloud security market growth2016-04-12 08:54:26 - Help Net Security : The global cloud security market is expected to grow at a CAGR of over 20pourcents until 2019, according to Technavio A key reason for the adoption of cloud security is the sudden increase in cloud-specific attacks One of the reasons for such attacks is the growing use of cloud-based services that require users to reveal their credentials This affects the confidentiality of user data, and it has resulted in several cases of identity theft, said More http://www.secuobs.com/revue/news/603486.shtmlhttp://www.secuobs.com/revue/news/603486.shtml Summary of Cybersecurity Conferences Happening This Week Week 15, 2016 2016-04-11 18:42:07 - Security Bloggers Network : Cybersecurity Conferences, seminars, conventions and workshops taking place this week Week 15 April 11 April 17, 2016 This post is a summary of Cyber Security InfoSec events, conferences that are taking place this week For a full listing of all cyber events throughout 2016 please view this page and for upcoming events in 2017 The post Summary of Cybersecurity Conferences Happening This Week Week 15, 2016 appeared first on concise http://www.secuobs.com/revue/news/603452.shtmlhttp://www.secuobs.com/revue/news/603452.shtml How to Approach Application Security 2016-04-11 11:02:58 - Security Bloggers Network : Application security has changed over the years While initially dominated by Penetration Pen Testing and Manual Code Reviews, the evolution The post How to Approach Application Security appeared first on Checkmarx http://www.secuobs.com/revue/news/603389.shtmlhttp://www.secuobs.com/revue/news/603389.shtml The inconvenient truth about API security2016-04-11 08:37:42 - Help Net Security : Ovum Consulting asked IT and security professionals across a variety of industries globally about their use of APIs, adoption of API management platforms, and the security features included in those platforms The use of APIs to enable applications to interact across single and multiple infrastructures is skyrocketing and innovation is being fueled by companies finding new ways to monetize their software assets by exposing APIs to outside developers, said Rik Turner, senior analyst at Ovum More http://www.secuobs.com/revue/news/603380.shtmlhttp://www.secuobs.com/revue/news/603380.shtml Security Slice The Apple Encryption Debate2016-04-11 08:01:37 - Security Bloggers Network : After weeks of controversy, the FBI announced it successfully cracked the iPhone of the San Bernardino shooter The FBI s method did not require Apple s assistance, but the discussion surrounding encryption and law enforcement is far from over This special security slice podcast was recorded several days before the FBI dropped its legal case against Apple Read More The post Security Slice The Apple Encryption Debate appeared first on The State of Security IMAGE http://www.secuobs.com/revue/news/603375.shtmlhttp://www.secuobs.com/revue/news/603375.shtml Top US Undergraduate Computer Science Programs Skip Cybersecurity Classes2016-04-10 20:38:49 - Slashdot Your Rights Online : Kelly Jackson Higgins, reporting for Dark Reading A new study reveals that none of the top 10 US university computer science and engineering program degrees requires students take a cybersecurity course There's the cybersecurity skills gap, but a new study shows there's also a major cybersecurity education gap -- in the top US undergraduate computer science and engineering programs An analysis of the top 121 US university computer science and engineering programs by CloudPassage found that none of the top 10 requires students take a cybersecurity class for their degree in computer science, and three of the top 10 don't offer any cybersecurity courses at all The alarming study also reveals that only one University of Alabama out of the 121 schools required three or more cybersecurity classes to graduate With more than 200,000 open cybersecurity jobs in 2015 in the US alone and the number of threat surfaces exponentially increasing, there's a growing skills gap between the bad actors and the good guys, Robert Thomas, CEO of CloudPassage, told SCMagazinecom IMAGE IMAGE Share on Google Read more of this story at Slashdot http://www.secuobs.com/revue/news/603364.shtmlhttp://www.secuobs.com/revue/news/603364.shtml Cyber Security A Cost Difference of Millions2016-04-10 09:31:52 - Security Bloggers Network : Cyber Security pictureSo you ve put in some time into your infrastructure security, and you ve reached the point of looking into cyber-security insurance You figure you ll buy some default package and be done with it right Unfortunately, cyber security insurance is one of Continue reading The post Cyber Security A Cost Difference of Millions appeared first on AsTech Consulting http://www.secuobs.com/revue/news/603347.shtmlhttp://www.secuobs.com/revue/news/603347.shtml Is security-as-a-service the next evolution in enterprise security 2016-04-08 23:00:45 - Security Bloggers Network : cloud saasjpg Is security-as-a-service the next logical expansion of your enterprise cloud services IMAGE IMAGE IMAGE IMAGE IMAGE http://www.secuobs.com/revue/news/603305.shtmlhttp://www.secuobs.com/revue/news/603305.shtml Security Lessons from the Game of Werewolf2016-04-08 21:04:58 - Security Bloggers Network : I can't believe I haven't posted this before http://www.secuobs.com/revue/news/603289.shtmlhttp://www.secuobs.com/revue/news/603289.shtml Phishing Simulation and Security Awareness Two Sides of the Same Coin2016-04-08 17:27:45 - Security Bloggers Network : One hundred years ago you would have bought your milk and potatoes from two different markets Ten years ago you would have bought a navigation system after you bought your car And five years ago Go on to the site to read the full article http://www.secuobs.com/revue/news/603278.shtmlhttp://www.secuobs.com/revue/news/603278.shtml Central Ohio Infosec Summit 2016 - Building an OSS CI CD Security Toolchain2016-04-08 14:11:43 - SecurityTube.Net : Bio Coming from a background in web development, Kevin has centered his attention on leading secure code review initiatives and injecting security into Continuous Integration and Continuous Deployment He believes that security practices must enable developers to write and deploy secure code rather than restrict them from deploying insecure code, and holds the unpopular opinion that DevOps Agile and security are not mutually exclusive When Kevin isn t elbows-deep in code, he works to ensure that his daughter s first language is Python with a secondary focus in English documentation is a necessary evil after all , forces his autocorrect to believe that _composable toolchains is a valid phrase and can occasionally be found exploring the many mountain bike trails of Western Pennsylvania For More Information Please Visit - http wwwcentralohioissaorg http wwwirongeekcom iphp page videos centralohioinfosec2016 mainlist http://www.secuobs.com/revue/news/603243.shtmlhttp://www.secuobs.com/revue/news/603243.shtml Central Ohio Infosec Summit 2016 - A Touch ID of iOS Security2016-04-08 14:11:43 - SecurityTube.Net : Bio Jamie Bowser is a Technical Strategist who has over 20 years of information technology experience in a variety of roles including Web Application developer architect, Unix Administrator, and Systems Analyst Mr Bowser has worked with a number of Fortune 500 companies, including Morgan Stanley, JP Morgan Chase, and Key Corp As a Technical Strategist at Cigital, he has overseen and performed Mobile Strategic Consulting, Mobile Application Penetration Testing and Mobile Application Source Code reviews of systems built from a few thousand lines of code to systems containing tens of millions of lines of code Java, Net, and Objective-C Currently, Mr Bowser focuses on iOS Static and Dynamic testing tool development For More Information Please Visit - http wwwcentralohioissaorg http wwwirongeekcom iphp page videos centralohioinfosec2016 mainlist http://www.secuobs.com/revue/news/603242.shtmlhttp://www.secuobs.com/revue/news/603242.shtml Central Ohio Infosec Summit 2016 - Top 10 Tips for Educating Employees about Cybersecurity2016-04-08 14:11:43 - SecurityTube.Net : Bio Mark Villinski, Director, Field Marketing, Kaspersky Lab North America Mark Villinski brings more than 20 years of technology sales, marketing experience and channel leadership to Kaspersky Lab As Director, Field Marketing, Mark is responsible for field marketing efforts in the United States and for increasing awareness of Kaspersky Lab as a thought leader in the online security industry Prior to joining Kaspersky Lab, Mark served as Director Worldwide Channel Operations at Enterasys Networks Mark has presented at several industry conferences across North America addressing audiences on the challenges facing IT departments today and discussing ways organizations can protect themselves from the current threat landscape For More Information Please Visit - http wwwcentralohioissaorg http wwwirongeekcom iphp page videos centralohioinfosec2016 mainlist http://www.secuobs.com/revue/news/603241.shtmlhttp://www.secuobs.com/revue/news/603241.shtml Central Ohio Infosec Summit 2016 - SecOps Innovating Security in Innovative Organizations2016-04-08 14:11:43 - SecurityTube.Net : Bio Warner Moore is a technology and information security leader who is passionate about technology innovation and entrepreneurship having worked with technology focused businesses nearly his entire career When not scaling technology and teams at CoverMyMeds, he contributes back to the community by organizing Ohio LinuxFest and DevOpsDays Ohio as well as leading the LOPSA Columbus chapter For More Information Please Visit - http wwwcentralohioissaorg http wwwirongeekcom iphp page videos centralohioinfosec2016 mainlist http://www.secuobs.com/revue/news/603240.shtmlhttp://www.secuobs.com/revue/news/603240.shtml Central Ohio Infosec Summit 2016 - You're measuring all the wrong things - information security metrics2016-04-08 14:11:43 - SecurityTube.Net : Bio Here is a bio Shawn Sines is a seasoned information security professional who held positions loading high explosives on attack aircraft as a US Marine, spent time building information security and incident response programs, managed IR team investigations in numerous crisis and actually enjoys leveraging his people and relationship management skills as the technical translator to executive leadership His recent career focus is on building and refining effective identity and access management strategies For More Information Please Visit - http wwwcentralohioissaorg http wwwirongeekcom iphp page videos centralohioinfosec2016 mainlist http://www.secuobs.com/revue/news/603239.shtmlhttp://www.secuobs.com/revue/news/603239.shtml Central Ohio Infosec Summit 2016 - Security Certifications - are they worth it, and which ones are right for you 2016-04-08 14:11:43 - SecurityTube.Net : Bio Fifteen years of experience as a Chief Information Technology Officer and Chief Information Security Officer with a demonstrated track record of success Industry areas of expertise include Financial Services, Insurance, Healthcare, Manufacturing, Aviation and IT Consulting Proven, outstanding ability to effectively develop and implement enterprise IT strategies securely facilitating rapid growth in highly competitive service sectors Designed and directed an extensive list of enterprise transforming technology projects and organizational realignments Conducted IT due diligence assessments, provided interim and transitional CIO services with Board level reporting Substantial IT strategy, system integration, talent development, enterprise contracting, project management and security compliance experience For More Information Please Visit - http wwwcentralohioissaorg http wwwirongeekcom iphp page videos centralohioinfosec2016 mainlist http://www.secuobs.com/revue/news/603237.shtmlhttp://www.secuobs.com/revue/news/603237.shtml Central Ohio Infosec Summit 2016 - Information Security Metrics - Practical Security Metrics2016-04-08 14:11:43 - SecurityTube.Net : Bio Jack is a well-recognized for his passionate advocacy for information security, and has committed himself to leading IT and risk management initiatives within government, financial and manufacturing sectors Jack offers nearly 20 years of experience complemented with experience instructing and mentoring Jack s strengths lie in effectively working collaboratively across various business units to align IT and data privacy with an organization's business goals Jack earned the recognition as one of the _People Who Made a Difference in Security 2013 by the SANS Institute and received the CSO50 award for connecting security initiatives to business value He holds an Executive MBA from Baldwin-Wallace University and a bachelor s degree from Youngstown State University and is an adviser for Baldwin-Wallace s State winner Collegiate Cyber Defense Competition CCDC team He is certified in the following CISSP, GCIH, GSLC, CRISC, CCNP, CCDA, CCNA and VCP For More Information Please Visit - http wwwcentralohioissaorg http wwwirongeekcom iphp page videos centralohioinfosec2016 mainlist http://www.secuobs.com/revue/news/603236.shtmlhttp://www.secuobs.com/revue/news/603236.shtml Central Ohio Infosec Summit 2016 - Security analytics journey - a year's lesson learned2016-04-08 14:11:43 - SecurityTube.Net : Bio Mike Schiebel is the Cybersecurity Strategist for Hortonworks With over 15 years of information security leadership experience, Mike is focused to both drive enterprise security features into the Hadoop ecosystem and help shape the Apache Metron roadmap For More Information Please Visit - http wwwcentralohioissaorg http wwwirongeekcom iphp page videos centralohioinfosec2016 mainlist http://www.secuobs.com/revue/news/603233.shtmlhttp://www.secuobs.com/revue/news/603233.shtml Central Ohio Infosec Summit 2016 - Have you tied together your IAM and Information Security Incident Management Program 2016-04-08 14:11:43 - SecurityTube.Net : Bio His professional experience exceeds eighteen years in the information security field with ten years of that being in Healthcare Industry and five years in the Financial Industry As a Director of Information Security, Greene is a subject matter expert in security architecture Greene's broad technical knowledge includes disciplines in project management, change management, root cause analysis, intrusion prevention, identity and access management, as well as other cyber security disciplines For More Information Please Visit - http wwwcentralohioissaorg http wwwirongeekcom iphp page videos centralohioinfosec2016 mainlist http://www.secuobs.com/revue/news/603230.shtmlhttp://www.secuobs.com/revue/news/603230.shtml Central Ohio Infosec Summit 2016 - Myths of Cloud Security Debunked 2016-04-08 14:11:43 - SecurityTube.Net : Bio Bil is an accomplished, results-oriented professional with more than 25 years of extensive international experience in Security, Privacy and IT Having effectively written the book on developing and implementing Security and Privacy for Cloud, he has created and managed Cloud information security, data protection, compliance, and risk management programs world-wide His work history includes Strategist, Office of the CISO, Zscaler Inc Chief Security Officer, GoodData Corp Advisory Board member, Adallom Inc VP Security Cloud Privacy Officer, SuccessFactors an SAP Company And he is CISSP, CISM and CIPP certified At Zscaler he runs the Office of the CISO for the Americas, and as part of this team he engages security executives at a peer level to drive best practices and facilitate industry wide collaboration on emerging security topics He is also responsible for providing subject matter expertise through speaking engagements, blogging and media collaboration For More Information Please Visit - http wwwcentralohioissaorg http wwwirongeekcom iphp page videos centralohioinfosec2016 mainlist http://www.secuobs.com/revue/news/603226.shtmlhttp://www.secuobs.com/revue/news/603226.shtml Central Ohio Infosec Summit 2016 - Cyber Security - Super Bowl 502016-04-08 14:11:43 - SecurityTube.Net : Central Ohio Infosec Summit 2016 - Cyber Security - Super Bowl 50 For More Information Please Visit - http wwwcentralohioissaorg http wwwirongeekcom iphp page videos centralohioinfosec2016 mainlist http://www.secuobs.com/revue/news/603225.shtmlhttp://www.secuobs.com/revue/news/603225.shtml Four Database Security Best Practices to Implement Right Now2016-04-08 10:38:33 - Security Bloggers Network : How safe is your data center If the average budget allocation is any indication, the prognosis isn t good According to the International Data Corporation IDC , out of 27 billion cumulative worldwide spending on security products, http://www.secuobs.com/revue/news/603210.shtmlhttp://www.secuobs.com/revue/news/603210.shtml Central Ohio Infosec Summit 2016 - Building an Application Security Program2016-04-08 07:08:30 - SecurityTube.Net : Bio Mike Spaulding is a seasoned information security professional and leader With over 20 years of experience within information security his expertise includes the best of breed vendors in the SIEM and Next Generation Firewall markets During his consulting years, Mike focused on configuring and deploying these technologies in large global environments Within his most recent roles he has provided both technical expertise, along with vision, planning, and mentoring to staff within his organizations to ensure that current and future professionals are prepared to handle the changing infosec landscape ahead For More Information Please Visit - http wwwcentralohioissaorg http wwwirongeekcom iphp page videos centralohioinfosec2016 mainlist http://www.secuobs.com/revue/news/603201.shtmlhttp://www.secuobs.com/revue/news/603201.shtml Central Ohio Infosec Summit 2016 - Security vs Compliance in Healthcare2016-04-08 07:08:30 - SecurityTube.Net : Bio Sean Whalen is an Information Security Engineer in the healthcare industry, and founder of the InfoSec Speakeasy, specializing in intelligence and malware analysis Previously, he worked as an intelligence analyst in the defense industry He has a passion for open source software, and writing small scripts In his spare time, Sean makes cutting-edge open source InfoSec software easier to adopt through code and documentation contributions He is a Sci-Fi fanatic, and slightly paranoid For More Information Please Visit - http wwwcentralohioissaorg http wwwirongeekcom iphp page videos centralohioinfosec2016 mainlist http://www.secuobs.com/revue/news/603195.shtmlhttp://www.secuobs.com/revue/news/603195.shtml Central Ohio Infosec Summit 2016 - How to Secure Things and Influence People 10 Critical Habits of Effective Security Managers2016-04-08 07:08:30 - SecurityTube.Net : Bio Chris Clymer has nearly 20 years experience working within IT and IT security in numerous roles including Chief Security Officer, Manager, Architect, Analyst, Engineer, and Assessor Chris has worked for several Fortune 500 organizations, and across verticals as diverse as Healthcare, Financial Services, Government, Retail, Manufacturing, and Technology Within his role at MRK, Chris runs a practice focused on developing maturing security programs, from the top down Certifications include ISO 27001, CISSP, GPEN GIAC , GWAPT GIAC , and FAIR For More Information Please Visit - http wwwcentralohioissaorg http wwwirongeekcom iphp page videos centralohioinfosec2016 mainlist http://www.secuobs.com/revue/news/603194.shtmlhttp://www.secuobs.com/revue/news/603194.shtml Central Ohio Infosec Summit 2016 - Economically Justifying IT Security Initiatives2016-04-08 07:08:30 - SecurityTube.Net : Bio President of Global Lynx Inc, and Glomark-Governan Developed the Enterprise Value Creation EVC methodology and framework- currently used by over 12,000 IT professionals and executives around the world in Fortune 500 enterprises, and government agencies, as their value creation and economic risk management governance framework Have assisted CIOs, CISOs, and IT leaders in organizations such as Repsol YPF, University of Akron, The Ohio State University, and the City of Columbus, in developing their Strategic Plans with an IT value creation and realization approach Currently assisting CIOs and their teams, in various enterprises, to implement a culture of agile value creation, centered around the digitization of business processes and the internet-of-things For More Information Please Visit - http wwwcentralohioissaorg http wwwirongeekcom iphp page videos centralohioinfosec2016 mainlist http://www.secuobs.com/revue/news/603193.shtmlhttp://www.secuobs.com/revue/news/603193.shtml Central Ohio Infosec Summit 2016 - BYODAWSCYW Bring Your Own Device And Whatever Security Controls You Want One approach to reduce risk2016-04-08 07:08:30 - SecurityTube.Net : Bio Currently employed as a Security-Data Privacy Lead in health industry Certifications include CISSP, CEH, CCNA Retired certifications include MCSE, MCNE Started in Information Technology in 1982 with Big Blue President of consulting company since 1994 Happily married father of three children and four grandchildren For More Information Please Visit - http wwwcentralohioissaorg http wwwirongeekcom iphp page videos centralohioinfosec2016 mainlist http://www.secuobs.com/revue/news/603189.shtmlhttp://www.secuobs.com/revue/news/603189.shtml Central Ohio Infosec Summit 2016 - Cybersecurity Act of 2015 and Other Hot Privacy and Cybersecurity Topics2016-04-08 07:08:30 - SecurityTube.Net : Bio Heather focuses her practice on data security, privacy and financial consumer protection issues Heather has significant experience in data breaches, starting in 2007, including leading a large multinational bank s legal team for data breaches handling major data breaches related to retail merchants for a payments processor managing data breach litigation working with clients to advise on and negotiate with the Federal Trade Commission and state attorneys general investigating data breach issues and implementing incident response policies and information security programs Heather also assists companies with compliance issues related to the Telephone Consumer Protection Act TCPA , state and federal privacy and consumer protection laws impacting the collection, sharing, use and protection of information, such as the Gramm-Leach-Bliley Act, Fair Credit Reporting Act, Children's Online Privacy Protection Act, CAN-SPAM Act, and California Online Privacy Protection Act CalOPPA Chris is an associate in the Vorys Columbus office and a member of the litigation group His practice focuses on complex business, commercial, real property and contract litigation He has significant experience in counseling large commercial clients related to potential litigation, including breach of contract, breach of fiduciary duties, statutory and regulatory changes and general best business practices Chris served as a legislative aide to Sen Jeff Jacobson, president pro tempore of the Ohio Senate, for five years He also externed for the Honorable Maureen O'Connor, Supreme Court of Ohio Chris received his JD cum laude from The Ohio State University Michael E Moritz College of Law He received his BSBA cum laude from The Ohio State University For More Information Please Visit - http wwwcentralohioissaorg http wwwirongeekcom iphp page videos centralohioinfosec2016 mainlist http://www.secuobs.com/revue/news/603187.shtmlhttp://www.secuobs.com/revue/news/603187.shtml Central Ohio Infosec Summit 2016 - The Legal Perspective on Data Security for 20162016-04-08 07:08:30 - SecurityTube.Net : Bio The founding principal of the law firm Tsibouris Associates, LLC Practice concentrates in the area of technology and intellectual property law with specific expertise in electronic commerce, online financial services, software licensing, and privacy law In addition, my practice includes the implementation of electronic signatures, records management and information security Was previously an attorney with Thompson Hine LLP and a Vice President and Counsel for e-Commerce and Technology at Bank One Corporation now JPMorgan Chase Conducted CLE and trade association presentations on various e-banking and e-commerce matters, and participated in many regulatory and industry task forces addressing new legislation For More Information Please Visit - http wwwcentralohioissaorg http wwwirongeekcom iphp page videos centralohioinfosec2016 mainlist http://www.secuobs.com/revue/news/603186.shtmlhttp://www.secuobs.com/revue/news/603186.shtml Central Ohio Infosec Summit 2016 - Office 365 Security and Compliance Cloudy Collaboration Really 2016-04-08 07:08:30 - SecurityTube.Net : Bio Robert Brzezinski, MBA, CHPS, CISA the principal of BizWit LLC is an accomplished leader with hands on experience in leading teams through organizational changes, developing, testing and implementing process improvement, technology and information security solutions to protect organizations assets and ensure uninterrupted business operations with the Focus on Security approach Experience in the corporate structure and working in the trenches with small businesses allow Robert to find balance between SMB s operational reality, small business IT budget priorities, privacy, security and regulatory requirements Robert maintains the AHIMA professional certification of Certified in Healthcare Privacy and Security CHPS and is a member of AHIMA Certification Exam Development Committee He also maintain ISACA certification of Certified Information Systems Auditor CISA For More Information Please Visit - http wwwcentralohioissaorg http wwwirongeekcom iphp page videos centralohioinfosec2016 mainlist http://www.secuobs.com/revue/news/603184.shtmlhttp://www.secuobs.com/revue/news/603184.shtml Central Ohio Infosec Summit 2016 - State of Security and 2016 Predictions2016-04-08 07:08:30 - SecurityTube.Net : Bio Jason Samide has worked in Information Technology for the past 15 years focusing on Fortune 500 companies to include financial, manufacturing, healthcare, technology as well as State Government and the Department of Defense For the past eight years specializing in information security initiatives, each job has brought its own perspective with each experience building upon the next Jason has focused his career towards cyber security and managed security programs and continues to hone his skills through researching technologies and his involvement with various security groups around the region While technology is a method of enforcing policies, Jason understands the business side of technology having earned his Master s Degree in Business Administration Jason is passionate and driven to provide secure solutions to some of the most challenging environments facing Stealthcare s clients today For More Information Please Visit - http wwwcentralohioissaorg http wwwirongeekcom iphp page videos centralohioinfosec2016 mainlist http://www.secuobs.com/revue/news/603183.shtmlhttp://www.secuobs.com/revue/news/603183.shtml Security flaws found in 3 state health insurance websites2016-04-08 04:54:05 - Office of Inadequate Security : AP reports Federal investigators found significant cybersecurity weaknesses in the health insurance websites of California, http://www.secuobs.com/revue/news/603178.shtmlhttp://www.secuobs.com/revue/news/603178.shtml RESOURCE State Security Breach Notification Laws2016-04-08 03:00:27 - Office of Inadequate Security : Mintz Levin has updated its convenient chart of state breach notification laws Read more here I ve already http://www.secuobs.com/revue/news/603171.shtmlhttp://www.secuobs.com/revue/news/603171.shtml Summary of Cybersecurity Conferences Happening This Week Week 14, 2016 2016-04-07 22:59:06 - Security Bloggers Network : Cybersecurity Conferences, seminars, conventions and workshops taking place this week Week 14 April 4 April 10, 2016 This post is a summary of Cyber Security InfoSec events, conferences that are taking place this week For a full listing of all cyber events throughout 2016 please view this page and for upcoming events in 2017 The post Summary of Cybersecurity Conferences Happening This Week Week 14, 2016 appeared first on concise http://www.secuobs.com/revue/news/603161.shtmlhttp://www.secuobs.com/revue/news/603161.shtml Managing Third-Party Security Risk Requires Regular Reassessments2016-04-07 22:59:06 - Security Bloggers Network : Even if your business partners security policies and processes were thoroughly reviewed at the beginning of your relationship, third-party security risk management requires regular reassessments to ensure the appropriate levels of security, privacy, compliance, and resiliency are being maintained How Often to Reassess Security Risk Experts agree that signing a business agreement is not the The post Managing Third-Party Security Risk Requires Regular Reassessments appeared first on Speaking of Security - The RSA Blog and Podcast http://www.secuobs.com/revue/news/603152.shtmlhttp://www.secuobs.com/revue/news/603152.shtml Sign your PowerShell scripts to increase security2016-04-07 18:17:21 - 4sysops : Profile photo of Timothy Warner Timothy Warner - 0 comments Timothy Warner is a Windows systems administrator, software developer, author, and technical trainer based in Nashville, TN Check out his new book Windows PowerShell in 24 Hours Digitally signing your PowerShell scripts with a Class 3 code-signing certificate increases security in two important ways http://www.secuobs.com/revue/news/603139.shtmlhttp://www.secuobs.com/revue/news/603139.shtml Google Vendor Security Review Tool Goes Open Source2016-04-07 16:55:00 - Security Bloggers Network : In an ongoing effort to share their knowledge and expertise, Google recently announced on its security blog that they have The post Google Vendor Security Review Tool Goes Open Source appeared first on Checkmarx http://www.secuobs.com/revue/news/603129.shtmlhttp://www.secuobs.com/revue/news/603129.shtml Startup Aims to Make Auto Cybersecurity Ironclad2016-04-07 16:55:00 - Security Bloggers Network : If hackers infiltrate a government database, they might take somebody s Social Security number If they were to infiltrate a self-driving car, they might take a person s life That idea is s http://www.secuobs.com/revue/news/603125.shtmlhttp://www.secuobs.com/revue/news/603125.shtml Healthcare industry has an alarming mobile security gap2016-04-07 15:34:04 - Help Net Security : The healthcare industry is massively adopting smart mobile devices, but still moves very slowly when it comes to implementing cyber security measures to protect those devices In 2013, 8pourcents of doctors used mobile devices to manage in-patient data In 2014, the numbers of doctors relying on mobile devices grew to 31pourcents By 2015, it was 70pourcents of doctors, Skycure noted in its second Mobile Threat Intelligence report, compiled by taking into consideration worldwide threat Intelligence More http://www.secuobs.com/revue/news/603106.shtmlhttp://www.secuobs.com/revue/news/603106.shtml Ubuntu patches Linux kernel security bugs2016-04-07 15:17:00 - LinuxSecurity.com Latest News : LinuxSecuritycom Canonical has released an update that patches four bugs that, including one that could cause an attacker to execute code Ubuntu users have been notified of a reasonably pressing update to install that addresses four security issues, though none are remotely exploitable The bugs affect Ubuntu 1404 Long Term Support LTS , which gets five years of coverage http://www.secuobs.com/revue/news/603103.shtmlhttp://www.secuobs.com/revue/news/603103.shtml Kaspersky Lab accélère la lutte contre les Ransomwares avec Kaspersky Security for Windows Server2016-04-07 15:15:05 - Global Security Mag Online : Kaspersky Lab dévoile une nouvelle technologie intelligente pour aider les entreprises à mieux se protéger contre les ransomwares et les cryptowares La nouvelle technologie Anti-Cryptor est une composante majeure de la nouvelle version de l'application Kaspersky Security for Windows Server, faisant partie de la gamme de solutions Kaspersky Endpoint Security for Business 1 , ainsi que dans les solutions ciblées adressant les serveurs de fichiers et de stockage sécurisés Les entreprises - Produits http://www.secuobs.com/revue/news/603102.shtmlhttp://www.secuobs.com/revue/news/603102.shtml Researchers release PoC exploit code to bypass broken IBM security patch2016-04-07 13:37:07 - Security Bloggers Network : Broken patches for security issues are simply not enough http://www.secuobs.com/revue/news/603094.shtmlhttp://www.secuobs.com/revue/news/603094.shtml Panama Papers breach was the result of lax security practices 2016-04-07 12:56:28 - Help Net Security : News items based on the so-called Panama Papers, a set of 115 million documents leaked from the networks of Panama-based law firm Mossack Fonseca, keep popping up, but it s still unknown who the person behind the leak is and how he or she managed to get ahold of the documents The leaked emails, PDF files, photos, excerpts of an internal company database cover a period from the 1970s to 2016 In total, 26 terabytes of More http://www.secuobs.com/revue/news/603089.shtmlhttp://www.secuobs.com/revue/news/603089.shtml Threat s Identity How an Outsourced Workforce Can Harm Your Cybersecurity2016-04-07 12:17:51 - Security Bloggers Network : According to the forecast published by Gartner Research, we can expect a total of 64 billion devices connected online by the end of the year 2016, which is a 30 percent increase when compared to the previous year In that sort of environment, questioning your cybersecurity comes natural While we are well familiar with threats Read More The post Threat s Identity How an Outsourced Workforce Can Harm Your Cybersecurity appeared first on The State of Security IMAGE http://www.secuobs.com/revue/news/603082.shtmlhttp://www.secuobs.com/revue/news/603082.shtml Cybersecurity Pros Are in High Demand2016-04-07 01:13:23 - Security Bloggers Network : When it comes to cybersecurity, there simply aren t enough of you Despite being faced with escalating cyber threats, and having the support of corporate executives, security teams are still struggling to fill their open positions That s what we learned when we partnered with ISACA on our recent survey, State of Cybersecurity Implications for 2016 More than half of security job openings take from three to six months to fill, and nine percent of survey respondents say that they can t fill security roles at all What s worse, one third of respondents said that less than 25 percent of their http://www.secuobs.com/revue/news/603049.shtmlhttp://www.secuobs.com/revue/news/603049.shtml Liquidmatrix Security Digest Podcast Episode 682016-04-07 01:13:23 - Security Bloggers Network : Episode 0x68 Weekly Monthly Somethignly At least a few of the boys are back to whine, bitch and moan Upcoming this week Lots of News Breaches SCADA Cyber, cyber etc finishing it off with DERPs Mailbag or Deep Dive And there are weekly Briefs no arguing or discussion allowed And if you ve got commentary, The post Liquidmatrix Security Digest Podcast Episode 68 appeared first on Liquidmatrix Security Digest http://www.secuobs.com/revue/news/603048.shtmlhttp://www.secuobs.com/revue/news/603048.shtml Microsoft Cloud App Security Reaches General Availability2016-04-07 01:13:23 - Security Bloggers Network : This cloud based service from Microsoft is for IT Pros and members of your security team to exercise better control over the cloud apps being used in your organization read more http://www.secuobs.com/revue/news/603041.shtmlhttp://www.secuobs.com/revue/news/603041.shtml Escambia County School hit with payroll system security breach2016-04-06 21:51:03 - Office of Inadequate Security : Stephanie Nelson reports The Escambia County School System is one of three in the state hit with a payroll accounting http://www.secuobs.com/revue/news/603026.shtmlhttp://www.secuobs.com/revue/news/603026.shtml A Product Management Framework for Creating Security Products2016-04-06 18:31:42 - Lenny Zeltser : security-product-planningEstablished enterprises as well as startups have much to consider when deciding how to build and launch a security solution that makes sense for their business and customers While you can employ a variety of formal tech strategy frameworks, the following lightweight approach offers a reasonable starting point for defining security product plans by posing several fundamental questions Market Segmentation Read more http://www.secuobs.com/revue/news/603018.shtmlhttp://www.secuobs.com/revue/news/603018.shtml The security holes at the heart of the Panama Papers2016-04-06 15:54:23 - Office of Inadequate Security : James Temperton and Matt Burgess report The front-end computer systems of Mossack Fonseca are outdated and riddled http://www.secuobs.com/revue/news/603004.shtmlhttp://www.secuobs.com/revue/news/603004.shtml VA responds to security breaches on eBenefits website2016-04-06 14:35:25 - Office of Inadequate Security : Danielle Leigh reports An Army veteran from Yelm has a warning for other veterans about security breaches on the eBenefits http://www.secuobs.com/revue/news/602999.shtmlhttp://www.secuobs.com/revue/news/602999.shtml Apple goes server-side to fix Siri lock screen bypass security flaw2016-04-06 13:58:13 - Security Bloggers Network : The bug allowed attackers to bypass the lock screen to access a user's media, contacts and settings http://www.secuobs.com/revue/news/602997.shtmlhttp://www.secuobs.com/revue/news/602997.shtml The security impact of IoT evolution2016-04-06 09:40:28 - Help Net Security : Francis Bacon, First Viscount St Alban 1561 1626 , wrote, As the births of living creatures, at first are ill-shapen, so are all innovations, which are the births of time While this probably doesn t speak well of Viscount Bacon s opinion of babies, it should give us pause as we think about the likely shape, and impact, of the IoT Things, after all, rarely turn out the way we expect them to, and in the case More http://www.secuobs.com/revue/news/602973.shtmlhttp://www.secuobs.com/revue/news/602973.shtml Baselines and Security Patches A Tough NERC CIP Challenge2016-04-06 07:26:30 - Security Bloggers Network : There are roughly 200 requirements and sub-requirements in NERC CIP, and to satisfy each one requires performance-based compliance evidence that produces the comprehensive documentation that proves each requirement and sub-requirement was met for all activities that fall under it That by itself is no mean feat Of those 200 requirements, baseline configuration management and monitoring Read More The post Baselines and Security Patches A Tough NERC CIP Challenge appeared first on The State of Security IMAGE http://www.secuobs.com/revue/news/602963.shtmlhttp://www.secuobs.com/revue/news/602963.shtml The US Federal Government s Biggest Cybersecurity Challenge2016-04-06 04:20:12 - Security Bloggers Network : The biggest challenge facing cybersecurity professionals in Federal agencies is, well, the Federal government There are sweeping mandates to keep agencies secure But the funding to back that guidance is tied to factors that may not even contribute to http://www.secuobs.com/revue/news/602958.shtmlhttp://www.secuobs.com/revue/news/602958.shtml How to start your Security Monitoring 2016-04-06 02:25:40 - Security Bloggers Network : security monitoring 1png HPE Security Monitoring service is based on market leading HPE ArcSight technologies that includes ArcSight platform, SmartConnectors, and SIEM Security Monitoring service is a cost effective option for customers looking to outsource their security monitoring and log management needs The HPE hosted offering delivers consistent and defined level of service for a cost that is well understood The service is available globally and is delivered by HPE using a standardized multi-tenant infrastructure with HPE pre-defined standard correlation rules IMAGE IMAGE IMAGE IMAGE IMAGE http://www.secuobs.com/revue/news/602944.shtmlhttp://www.secuobs.com/revue/news/602944.shtml We Live In The Dark Ages of Internet Security, Says Kaspersky Labs CEO2016-04-05 20:40:19 - Slashdot Your Rights Online : An anonymous reader cites a report on TheMerkle It is never a positive sign when one of the world's leading security firms mentions how the world is currently in the âoeDark Agesâ of computer security That particular statement was made by Kaspersky Labs CEO Eugene Kaspersky during the NCSC One conference in The Hague Enterprises and consumers need to step up their protection sooner rather than later, as the number of security threats keeps increasing Reader Rob MacDonald comments slightly edited for clarity We're in the dark ages by design We've allowed the alphabet agencies to compromise our security, at every level, including hardware The one that doesn't have an exploit at shipping, gets intercepted and modified in transit The encryption algorithms we've been using were compromised at such a level it took this long to see it IMAGE IMAGE Share on Google Read more of this story at Slashdot http://www.secuobs.com/revue/news/602923.shtmlhttp://www.secuobs.com/revue/news/602923.shtml RSA Conference 2016 Security of Public Cloud Services It Takes a Village2016-04-05 19:14:40 - Security Bloggers Network : At the RSA conference last month, I lead a Peer2Peer session on the topic of Security of Public Cloud Services It Takes a Village I and 25 others discussed the notion that cloud services are inherently a shared responsibility model Far too many corporate users of cloud services often don t realize that while the cloud provider may have every attestation from PCI to SSAE-16, that means nothing if your team doesn t know what their responsibilities are around cloud security, and what they specifically have to do We spoke about the fact that when you move your applications and data to the http://www.secuobs.com/revue/news/602913.shtmlhttp://www.secuobs.com/revue/news/602913.shtml Microsoft patches severe account hijacking security flaw2016-04-05 14:37:40 - Security Bloggers Network : A vulnerability exposing user accounts to hijacking was patched 48 hours after being reported http://www.secuobs.com/revue/news/602879.shtmlhttp://www.secuobs.com/revue/news/602879.shtml Trend Micro fait évoluer son offre Cloud App Security2016-04-05 10:26:27 - Global Security Mag Online : Dans le monde professionnel, les utilisateurs de services Cloud devraient passer de 50 millions en 2013 à 695 millions en 2022, faisant de la sécurité des données une préoccupation majeure pour les entreprises migrant vers le Cloud Dans ce contexte, Trend Micro, leader mondial des logiciels et solutions de sécurité, annonce l'évolution de sa solution Cloud App Security pour les services de partage Box, Dropbox et Google Drive Cette solution complète optimise la sécurité des contenus au sein des - Produits http://www.secuobs.com/revue/news/602855.shtmlhttp://www.secuobs.com/revue/news/602855.shtml Take it to the boardroom Elevating the cybersecurity discussion2016-04-05 10:05:45 - Help Net Security : As data breaches continue to rise, organizations, regardless of their size or industry they are in, must take into consideration a new mindset Despite the FBI s focus on cybercriminal activity, less than five percent of computer-related crimes are successfully prosecuted Unfortunately, jail time and other penalties are rare, despite the pervasiveness of cybercrime and cyber espionage Corporate decision makers are faced with a shocking reality from a cyber perspective, they are on their own when More http://www.secuobs.com/revue/news/602853.shtmlhttp://www.secuobs.com/revue/news/602853.shtml Subgraph OS Open source, hardened OS that prioritizes security and anonymity2016-04-05 10:05:45 - Help Net Security : Subgraph, an open source security company based in Montreal, has published the alpha release of Subgraph OS, which is designed to with security, anonymity AND usability in mind Subgraph OS was designed from the ground-up to reduce the risks in endpoint systems so that individuals and organizations around the world can communicate, share, and collaborate without fear of surveillance or interference by sophisticated adversaries through network borne attacks, its creators say It has been in More http://www.secuobs.com/revue/news/602852.shtmlhttp://www.secuobs.com/revue/news/602852.shtml So, you want to be a security pro Read this first2016-04-04 17:15:39 - LinuxSecurity.com Latest News : LinuxSecuritycom Of all the high-demand areas in IT, security stands out at the top According to DICE, the number of security jobs skyrocketed by more than 40pourcents from 2014 to 2015, to 50,000 openings, compared with 168pourcents growth the year before http://www.secuobs.com/revue/news/602810.shtmlhttp://www.secuobs.com/revue/news/602810.shtml Intel Security - Objets connectés 61 pourcents des Français seraient prêts à vendre leurs données personnelles2016-04-04 12:22:47 - Global Security Mag Online : Selon les résultats d'une nouvelle étude mondiale The Internet of Things and the Smart Homes commanditée par Intel Security, 81 pourcents des Français craignent que les données collectées par leurs objets connectés ne soient utilisées par des services tiers à des fins marketing Paradoxalement, plus de 6 Français sur 10 accepteraient de partager volontairement les données collectées par ces dits objets, domotique incluse, contre de l'argent 61 pourcents ou des coupons de réduction 64 pourcents La maison intelligente, - Investigations http://www.secuobs.com/revue/news/602796.shtmlhttp://www.secuobs.com/revue/news/602796.shtml Central Ohio Infosec Summit 2016 - No Tradeoffs Cloud Security and Privacy Don't Need to Be at Odds2016-04-04 10:30:13 - SecurityTube.Net : Bio Jervis Hui, currently works on the product marketing team at Netskope focused on go-to-market efforts, product launches, and sales enablement Before that, he worked at Citrix, supporting its enterprise mobility and security products For More Information Please Visit - http wwwcentralohioissaorg http wwwirongeekcom iphp page videos centralohioinfosec2016 mainlist http://www.secuobs.com/revue/news/602781.shtmlhttp://www.secuobs.com/revue/news/602781.shtml Central Ohio Infosec Summit 2016 - 6 Critical Criteria For Cloud Workload Security2016-04-04 10:30:13 - SecurityTube.Net : Bio Sam has over 20 years of technical and solution experience in IT security, enterprise compliance, data protection, identity management and related technologies at multiple global organizations Most recent areas of expertise and focus include Cloud Security, SIEM, Threat Analysis, Enterprise Data Protection and Identity Management Sam has held multiple senior systems engineering and solution specialist roles at McAfee, ArcSight HP Enterprise Security, Oracle, Credant Technologies and Sun Microsystems Prior to that Sam was a consulting Technology Manager at E Ys Advanced Technologies practice For More Information Please Visit - http wwwcentralohioissaorg http wwwirongeekcom iphp page videos centralohioinfosec2016 mainlist http://www.secuobs.com/revue/news/602779.shtmlhttp://www.secuobs.com/revue/news/602779.shtml Smart Essay on the Limitations of Anti-Terrorism Security2016-04-04 04:48:17 - Security Bloggers Network : This is good Threats constantly change, yet our political discourse suggests that our vulnerabilities are simply for lack of resources, commitment or competence Sometimes, that is true But mostly we are vulnerable because we choose to be because w http://www.secuobs.com/revue/news/602767.shtmlhttp://www.secuobs.com/revue/news/602767.shtml FIRST publishes Security Incident Response Teams SIRTs Services Framework Version 10 and commits to developing training content to support it2016-04-02 01:43:56 - What's New : The Forum of Incident Response and Security Teams, Inc FIRST has announced publication of the SIRT Services Framework Version 10 This initial release provides an update on the services provided by Security Incident Response Teams and was developed in collaboration with experts from 25 countries across 6 continents http://www.secuobs.com/revue/news/602702.shtmlhttp://www.secuobs.com/revue/news/602702.shtml Oracle Security And Delphix Paper and Video Available2016-04-01 17:15:54 - Pete Finnigan's Oracle security weblog : I did a webinar with Delphix on 30th March 2016 on USA time This was a very good session with some great questions at the end from the attendees I did a talk on Oracle Security in general, securing non-production Read More Posted by Pete On 01 04 16 At 03 43 PM http://www.secuobs.com/revue/news/602678.shtmlhttp://www.secuobs.com/revue/news/602678.shtml Bonus from March Supply Chain Security Model2016-04-01 17:03:07 - MSI State of Security : Thanks for reading our supply chain security content throughout the month of March We just wanted to sneak this one in, despite the calendar If you click here, you can download a PDF version of a nice maturity model Continue reading The post Bonus from March Supply Chain Security Model appeared first on MSI State of Security http://www.secuobs.com/revue/news/602677.shtmlhttp://www.secuobs.com/revue/news/602677.shtml Central Ohio Infosec Summit 2016 - Navigating the FDA Recommendations on Medical Device Security _ and how they will shape the future of all IoT2016-04-01 13:43:12 - SecurityTube.Net : Bio Jake Williams, the founder and principal consultant at Rendition InfoSec, has over a decade of experience in secure network design penetration testing, incident response, forensics, and malware reverse engineering Prior to founding Rendition InfoSec, he worked with various government agencies in information security roles Jake is a SANS certified instructor and author Jake has performed security assessments and intrusion responses in classified and unclassified government environments as well as across multiple industry verticals in the commercial space He is a former Network Exploitation operator with the DoD where he is one of less than 15 people to date who have earned the designation of Master CNE Operator Although his efforts in this space, are classified he was awarded the Exceptional Civilian Service Medal, DoD s highest civilian honor, given to fewer than 20 people annually For More Information Please Visit - http wwwcentralohioissaorg http wwwirongeekcom iphp page videos centralohioinfosec2016 mainlist http://www.secuobs.com/revue/news/602652.shtmlhttp://www.secuobs.com/revue/news/602652.shtml Central Ohio Infosec Summit 2016 - Fail Now _ So I Don' t Fail Later A look into security testing and training methodologies 2016-04-01 13:43:12 - SecurityTube.Net : Bio Deral Heiland CISSP, serves as a Research Lead for Rapid7 Global Service Deral has over 20 years of experience in the Information Technology field, and has held multiple positions including Network Administrator, Database Manager, Financial Systems Manager and Senior Information Security Analyst Over the last 7 years Deral s career has focused on security research, penetration testing, and consulting for corporations and government agencies Deral is the creator of the open source tool _Praeda used for harvesting data from embedded devices Deral also conducted security research on a numerous technical subject, releasing white papers, security advisories, and has presented at numerous national and international security conferences including Blackhat, Defcon, Shmoocon, DerbyCon, Hack In Paris Deral has been interviewed by and quoted by several media outlets and publications including Bloomberg UTV, MIT Technical Review, MSNBC, SC Magazine, Threat Post and The Register For More Information Please Visit - http wwwcentralohioissaorg http wwwirongeekcom iphp page videos centralohioinfosec2016 mainlist http://www.secuobs.com/revue/news/602649.shtmlhttp://www.secuobs.com/revue/news/602649.shtml Central Ohio Infosec Summit 2016 - Future of Information Security Governance, Risk and Compliance2016-04-01 13:43:12 - SecurityTube.Net : Bio Max Aulakh is a software security and compliance leader delivering DoD-tested security strategies that safeguard mission-critical IT operations He trained and excelled in The United States Air Force as Security Specialist performing software assurance, InfoSec and ComSec functions of network hardware, software, and IT infrastructure for global unclassified and classified networks He is often quoted in several media outlets as an industry expert on governance, risk and compliance He leads an award-winning cybersecurity firm, MAFAZO Digital Solution that delivers Cyber Defense and Regulatory compliance to Defense, Healthcare, and Manufacturing industries His experience is supplemented by formal education and certifications He has an MBA, BS Information Systems Security with Computer Science minor and holds the following certifications Executive Education Certification CISO Institute, CISSP, Security , Network , Linux , Server , CSM, PMP, ITIL-F For More Information Please Visit - http wwwcentralohioissaorg http wwwirongeekcom iphp page videos centralohioinfosec2016 mainlist http://www.secuobs.com/revue/news/602641.shtmlhttp://www.secuobs.com/revue/news/602641.shtml Central Ohio Infosec Summit 2016 - Datacenter Security Virtualized2016-04-01 13:43:12 - SecurityTube.Net : Bio John has been involved with building, securing and managing enterprise networks and systems for 18 plus years In his current positions he assists Midwest Check Point customers to design secure networks and provides a conduit from customers to R D Most recently, he is spending most of his time with Check Point Software Defined Network SDN partner products NSX, OpenStack, and ACI For More Information Please Visit - http wwwcentralohioissaorg http wwwirongeekcom iphp page videos centralohioinfosec2016 mainlist http://www.secuobs.com/revue/news/602639.shtmlhttp://www.secuobs.com/revue/news/602639.shtml Has Reddit been served with a National Security Letter 2016-04-01 10:46:29 - Help Net Security : Reddit has published its 2015 Transparency Report, and there is one thing missing from it the entire section about national security requests The same report for 2014 included the following statement As of January 29, 2015, reddit has never received a National Security Letter, an order under the Foreign Intelligence Surveillance Act, or any other classified request for user information If we ever receive such a request, we would seek to let the public know More http://www.secuobs.com/revue/news/602630.shtmlhttp://www.secuobs.com/revue/news/602630.shtml Renforcement de la vie privée sur Internet Kaspersky Lab lance une nouvelle version de Kaspersky Internet Security for Mac 2016-04-01 10:30:43 - Global Security Mag Online : Kaspersky Lab dévoile la dernière version en date de Kaspersky Internet Security for Mac Grâce à cette nouvelle technologie de Navigation privée et de Protection de la webcam destinée à préserver la vie privée et les informations confidentielles, les utilisateurs voient leur sécurité garantie et peuvent même réaliser des économies lorsqu'ils effectuent des achats en ligne Lorsqu'un internaute surfe sur le Web, des milliers de robots le suivent à la trace et recueillent des informations à ce sujet - Produits http://www.secuobs.com/revue/news/602629.shtmlhttp://www.secuobs.com/revue/news/602629.shtml SMEs under attack, security readiness still low2016-04-01 08:20:04 - Help Net Security : When it comes to securing their data, SMEs remain several steps behind their larger counterparts Some reasons for the disparity in security readiness may be that SMEs have not as often been the targets of hackers, privately held companies don t face the same pressures for security as do their public-company counterparts, and that they simply may have pushed off the issue, according to Joakim Thorén, Versasec s CEO As larger companies become increasingly sophisticated around security, More http://www.secuobs.com/revue/news/602622.shtmlhttp://www.secuobs.com/revue/news/602622.shtml HPE Security Fortify Software Security Content 2016 Update 12016-04-01 06:18:32 - Security Bloggers Network : appdefenderpng HPE Security Fortify Software Security Research SSR is pleased to announce the immediate availability of updates to HPE Security Application Defender, HPE Security WebInspect SecureBase available via SmartUpdate , HPE Security Fortify Secure Coding Rulepacks English language, version 201610 , and HPE Security Fortify Premium Content IMAGE IMAGE IMAGE IMAGE IMAGE http://www.secuobs.com/revue/news/602615.shtmlhttp://www.secuobs.com/revue/news/602615.shtml Security Tools in QA2016-04-01 06:18:32 - Security Bloggers Network : makegoboomI was recently working on an application penetration test and it dawned on me If the QA for this organization had done a few of these steps in their exercising of the site, they would have more easily identified some Continue reading The post Security Tools in QA appeared first on AsTech Consulting http://www.secuobs.com/revue/news/602613.shtmlhttp://www.secuobs.com/revue/news/602613.shtml Before robots can take over they need better security against hackers2016-04-01 06:18:32 - Security Bloggers Network : Robots are becoming ever-smarter and more capable, but researchers and engineers driving robotics and AI aren't thinking about security http://www.secuobs.com/revue/news/602610.shtmlhttp://www.secuobs.com/revue/news/602610.shtml What Does Identity Mean for Security 2016-03-31 18:06:00 - Security Bloggers Network : Blog Post What Does Identity Mean for Security TK Keanini Mar 31, 2016 How do you know your users are really who they say they are According to a survey from Help Net Security , 90 pe http://www.secuobs.com/revue/news/602573.shtmlhttp://www.secuobs.com/revue/news/602573.shtml Security best practices for git users2016-03-31 18:06:00 - Security Bloggers Network : Introduction In recent years git has become one of most popular SCM Version Control systems Usage in some high-profile open-source projects like Linux or Raspberry Pi and support from vendors like Go on to the site to read the full article http://www.secuobs.com/revue/news/602572.shtmlhttp://www.secuobs.com/revue/news/602572.shtml AppSec California 2016 - Keynote Closing the Security Talent Gap - Jacob West2016-03-31 15:31:16 - SecurityTube.Net : The talent gap in security is huge and growing Tools compensate in some cases, but skilled people are critical to managing security risk With nearly half of security roles vacant, organizations must develop talent inside and out This session offers practical steps you can take today ranging from adopt-a-professor to highlighting security in every job description that will help close the gap Jacob West NetSuite Chief Architect, Security Products Jacob West is Chief Architect for Security Products at NetSuite In his role, West leads research and development for technology to identify and mitigate security threats Prior to this role, West served as CTO for Enterprise Security Products at HP where he founded and led HP Security Research, which drives innovation through research publications, threat briefings, and actionable security intelligence A world-recognized expert, West co-authored the book, Secure Programming with Static Analysis in 2007 West co-authors the Building Security in Maturity Model BSIMM , serves as a founding member of both the IEEE Center for Secure Design CSD and the ISC 2 Application Security Advisory Council ASAC , and is a frequent keynote speaker at industry events worldwide For More Information Please Visit - https 2016appseccaliforniaorg http://www.secuobs.com/revue/news/602544.shtmlhttp://www.secuobs.com/revue/news/602544.shtml APPSEC CALIFORNIA 2016 - MAKING SECURITY AGILE - OLEG GRYB - SANIAY TAMBE2016-03-31 15:31:16 - SecurityTube.Net : Many progressive IT organizations have already adopted agile methodologies and run in a CI CD mode, while security processes and a level of security automation are still behind and can easily become a bottleneck if not changed We ll show in our presentation how to convert the old approach to application security to a more progressive and a faster one You will also learn how to extend a leverage of a small security team by utilizing QA regression unit tests for security processes Achieving a greater level of productivity and security automation by utilizing open source and commercial tools will be also covered in our talk Oleg Gryb Samsung Strategy and Innovation Center Sr Manager, Security Engineering Oleg Gryb is Security Architect working in the application security domain at Samsung Electronics Innovation Center He was previously Security Architect at Intuit, where he was creating architecture for mission critical financial and business applications Gryb participates actively in creating open source software in a security, identity management and other domains He has a lot of passion around embedding security to all SDLC stages, threat modeling, enforcing security in web service fabric, security tools, cloud, IoT and mobile security He s also interested in building data protection solutions based on security appliances, such as Secure Elements for devices, nCipher, DataPower, Ingrian, Safenet Sanjay Tambe Samsung Strategy and Innovation Center Security Architect Sanjay Tambe is working as Security Architect at Samsung Strategy Innovation Center He is working on security of cloud based SAMI Internet of Things IoT platform Previously he worked as Core Security Champion at Intuit, where he ensured security of applications such as Mint running in AWS cloud Prior to that he worked for Wells Fargo Bank as Security Specialist, VP where he ensured security of high volume customer facing web mobile applications He is very passionate about application security using Architectural reviews and Security Automation He conducted Security Training workshops for Architects, Developers, QA, and managers He has 12 years of experience in security domain and 12 years of handson experience in design development of software applications For More Information Please Visit - https 2016appseccaliforniaorg http://www.secuobs.com/revue/news/602543.shtmlhttp://www.secuobs.com/revue/news/602543.shtml Bsides Orlando 2016 - Vikram Dhillon IoT Security2016-03-31 15:31:16 - SecurityTube.Net : Internet of Things has become the biggest buzzword to come out from 2015 But there are some serious efforts by big tech companies like IBM to create next generation technologies that talk to each other using the same language What kind of security policies will we be able to design for a new type of networking How do our traditional approaches work and where can we draw new inspiration from This talk focuses on some recent attacks on IoT technologies and what we have learned from them More interestingly, what kind of attacks do the experts speculate will happen when IoT is more prevalent What will be the implications of DoS when everything is online A cautionary tale, but it almost feels like we re living in the best of the times For More Information Please Visit - http bsidesorlandoorg 2016 http://www.secuobs.com/revue/news/602541.shtmlhttp://www.secuobs.com/revue/news/602541.shtml 3 Days of Oracle Security Training In York, UK2016-03-31 15:19:55 - Pete Finnigan's Oracle security weblog : I have just updated the public Oracle Security training dates on our Oracle Security training page to remove the public trainings that have already taken place this year and to add a new training in York for 2016 After the Read More Posted by Pete On 31 03 16 At 01 53 PM http://www.secuobs.com/revue/news/602533.shtmlhttp://www.secuobs.com/revue/news/602533.shtml Linux security isn t enough to stop data breaches2016-03-31 09:37:40 - Help Net Security : There is a difference between the security of an operating system and the security of the data created, which is edited and manipulated by people and saved on the operating system Human error and insider threats are some of the top causes for data loss, which can and do still occur even in a secure environment Add to this the most recently discovered Linux vulnerabilities, and it becomes clear that organizations need to take a More http://www.secuobs.com/revue/news/602514.shtmlhttp://www.secuobs.com/revue/news/602514.shtml