Thursday, July 19, 2018

Q3 Oracle CPU Preview: Fewer Java SE Patches May Not Mean Fewer Flaws

The July 2018 quarterly Oracle Critical Patch Update (CPU) is expected to set a new two-year high for total Oracle product patches and a 12-month low for Java SE patches, based on a review of a pre-release statement. The...

Memory Protection beyond the Endpoint

Threat actors have been digging into an ever-growing bag of tricks to compromise endpoints:  social engineering, phishing, malware, zero-day vulnerabilities, advertising, ransomware -- even recent cryptocurrency jacking operations are just a few examples of the diversity, and even the...

Intent Based Networking: Turning Intentions into Reality

Wouldn’t it be great if IT teams and network managers could simply outline, at a high level, what they want their enterprise networks to do, and then technology would automatically implement the changes across their infrastructure to make it...

Science Fiction Come True: Weaponized Technology Threatens to Shatter Security, Critical Systems

By 2020, the very foundations of today’s digital world will shake. Nation states and terrorist groups will increasingly weaponize the cyber domain, launching attacks on critical national infrastructure that cause widespread destruction and chaos. With power, communications and logistics...

Navigating Dangerous Waters: the Maritime Industry’s New Cybersecurity Threat as Technology Innovation Grows

The rapid evolution of technology and, in particular, the Industrial Internet of Things (IIoT) is transforming critical environments, bringing benefits such as optimised processes, reduced costs and energy efficiencies. The maritime industry, which forms part of our critical infrastructure,...

Is User Training the Weakest Link for Your Email Security Approach?

The days of only deploying an email security gateway to block viruses, spam and other threats from reaching user email accounts are gone. Even though gateways no doubt have their place in a comprehensive security strategy, in most cases...

Least Privilege Access – Still at the Front Lines of Security

Ever since authentication and authorization became the norm for access to computer systems, the principle of least privilege (POLP) has been the de-facto baseline for proper security. At its very core, least privilege access means granting a user just...

“Can you Hear Me Now?” – Security Professionals Warn about Who May Be Listening

In light of the recent move by Verizon to stop sharing location data with third parties, companies need to rethink strategies for data gathering from users. While in the past, companies and app makers used different technologies on mobile devices...

Every Business Can Have Visibility into Advanced and Sophisticated Attacks

Years ago, senior managers of large organizations and enterprises were primarily preoccupied with growing their businesses, forming strategic alliances and increasing revenue. Security, mostly left to IT departments, was usually regarded as a set-and-forget solution that was in place...

4 Cybersecurity Tips for Staying Safe During the World Cup

The World Cup is only days away and everyone is on their way to Russia or simply planning when they will stream the games they care most about online. When it comes to traveling, it is critically important to know...

Machine Learning vs. Deep Learning in Cybersecurity – Demystifying AI’s Siblings

Beginning in the 1950s, artificial intelligence (AI) was used as an umbrella term for all methods and disciples that result in any form of intelligence exhibited by machines. Today, nearly all software in every industry – especially in security...

Building a Strong, Intentional and Sustainable Security Culture

Here is the big idea: your security culture is – and will always be – a subcomponent of your larger organizational culture. In other words, your organizational culture will “win out” over your security awareness goals every time unless...

The 3 Must Knows of Sandboxing

Sandboxes have been touted as a high-ranking method to prevent a cyber-attack on organizations because they allow you to test everything before it can affect your production environment. But does that come with a cost and are they as...

Valve Patches 10-Year Old Flaw in Steam Client

A remote code execution (RCE) vulnerability that existed in the Steam client for at least 10 years was fully patched only in March this year, according to security firm Context Information Security. In July last year, Valve added modern...

Infrastructure Under Attack

What makes a DDoS attack different from an everyday data breach? The answer is embedded in the term: denial of service. The motive of a DDoS attack is to prevent the delivery of online services that people depend on....

Why the Best Defense Is a Good Offensive Security Strategy

When many people think about offensive security, they picture a mysterious figure wearing a hoodie, sitting behind a black-and-green terminal, diligently typing away as he probes enterprise networks. But the cybersecurity world has evolved well beyond this Hollywood hacker...

Google hit with $5.1b fine in EU’s Android antitrust case

This could mean the end of free Android. In the meantime, Google plans to appeal.

Privacy Advocates Say Kelsey Smith Act Gives Police Too Much Power

This bill making its way through Congress would allow law enforcement to more easily uncover location data for cell phones from mobile carriers in an emergency.

IDG Contributor Network: Hack like a CISO

I have written several times over the last couple of years about how the role of today’s CISOs have changed and are now more tuned to support business activities and the management of enterprise risk. Serving an organization as...

Cisco patches critical vulnerabilities in Policy Suite

One of the worst security flaws permits attackers to act as root and execute arbitrary code.