ITCurated, Author at Cyber Security Minute

IDG Contributor Network: Deletion is not destruction: ensuring the permanent removal of data

Issued by: CIO Security

Some words of warning to all armchair data security “experts:” The Delete button is not a substitute for destruction; it no more eliminates data than a pink eraser removes magic marker, or a magic wand has the power to do anything more than — to ever be anything more than — a cheap prop. And…

Malware & Threats

Doubts abound over US action on cybersecurity

Issued by: CIO Security

How should the U.S. respond to cyber attacks? That’s been a major question at this year’s RSA security conference, following Russia’s suspected attempt to influence last year’s election. Clearly, the government should be doing more on cybersecurity, said U.S. lawmakers and officials at the show, but they admit that politics and policy conflicts have hampered the…

Vulnerabilities

Over a Dozen Code Execution Flaws Patched in Flash Player

Issued by: Security Week

Adobe on Tuesday released security updates that address two dozen vulnerabilities in Flash Player, Digital Editions and the Campaigns marketing tool, but none of the flaws have been exploited in the wild. Flash Player 24.0.0.221 patches 13 critical vulnerabilities that can be exploited for arbitrary code execution, including type confusion, integer overflow, use-after-free, heap buffer…

Software Security

CrowdStrike Fails In Bid To Stop NSS Labs From Publishing Test Results At RSA

Issued by: Dark Reading

A security vendor’s failed attempt to prevent a report containing details on its product’s capabilities from being released at the RSA conference in San Francisco this week has focused attention on the need for more widely accepted testing and validation services for security technologies. The report is from NSS Labs, a company that bills itself…

Software Security

Salted Hash: RSA Conference 2017 – Live Blog

Issued by: CSO

All this week, Salted Hash will be on location at the RSA Conference in San Francisco. We’ll be updating the blog multiple times a day with news and other content from the show – so check-back often. Yesterday, we mentioned a lawsuit filed by CrowdStrike, which attempted to prevent NSS Labs from releasing test results…

Software Security

‘Shock And Awe’ Ransomware Attacks Multiply

Issued by: Dark Reading

RSA CONFERENCE 2017 – San Francisco – The data-hostage crisis isn’t going away anytime soon: In fact, it’s starting to get a lot scarier and destructive, and with a more unpredictable outcome. Security experts long have warned that ponying up with the ransom fee only plays into the hands of ransomware attackers; it doesn’t necessarily…

Malware & Threats

Simulation Shows Threat of Ransomware Attacks on ICS

Issued by: Security Week

Researchers at the Georgia Institute of Technology have demonstrated the potential impact of ransomware on industrial control systems (ICS) by simulating an attack aimed at a water treatment plant. David Formby, a Ph.D. student in the Georgia Tech School of Electrical and Computer Engineering, and his faculty advisor, Raheem Beyah, identified several commonly used programmable…

Vulnerabilities

IaaS Creating New Variant of Shadow IT

Issued by: Security Week

Organizations cannot rely on commercial off-the-shelf (COTS) software to fulfil all their IT requirements: almost all companies develop their own custom apps. The majority of these apps, whether internal or internet-facing, currently run on datacenters owned or operated locally. By the end of 2017 this will change — the majority of enterprise custom apps will…

Software Security

Privacy groups claim FBI hacking operation went too far

Issued by: CSO

Privacy advocates are claiming in court that an FBI hacking operation to take down a child pornography site was unconstitutional and violated international law. That’s because the operation involved the FBI hacking 8,700 computers in 120 countries, based on a single warrant, they said.

Network Security

Are companies doing enough on the IoT security front?

Issued by: CSO

We continue to hear dire warnings about the inherent security risks of the Internet of Things (IoT), and indeed IoT-related incidents are happening. With many companies beginning to capture IoT data from connected devices, a key question is are they doing enough to ensure that data and networks are secure? If security executives thought they…