Tag Archives: continue

My latest Gartner research: Predicts 2017: Security Solutions

…into access control policies, up from 1% in 2016. Analysis by: Lawrence Pingree Key Findings: Although firewalls continue to augment overall security with…

Gartner Subscribers can access this research by clicking here.




Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] Newly Fired CEO Of Norse Fires Back At Critics

www.darkreading.com/threat-intelligence/newly-fired-ceo-of-norse-fires-back-at-critics-/d/d-id/1324195 By Jai Vijayan DarkReading.com 2/4/2016 Critics maintain that Norse Corp. is peddling threat data as threat intelligence. A massive and potentially company-ending shakeup at security vendor Norse Corp. in recent weeks amid controversy over its practices may be a signal that the threat intelligence industry is finally maturing. KrebsonSecurity last week reported that Norse had fired its CEO Sam Glines after letting go some 30% of its staff less than a month earlier. The blog quoted unnamed sources as saying Norse’s board of directors had asked board member Howard Bain to take over as an interim CEO. The remaining employees at the Foster City, Calif.-based threat intelligence firm were apparently informed they could continue showing up for work, but there would be no guarantee they would be paid, KrebsonSecurity reported. Shortly thereafter, Norse’s website went dark and remained unavailable through the week


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] What are Top HIPAA Compliance Concerns, Obstacles?

healthitsecurity.com/news/what-are-top-hipaa-compliance-concerns-obstacles By Elizabeth Snell Health IT Security January 25, 2016 Maintaining HIPAA compliance should always be a key area for leaders in the healthcare industry, but as technology continues to evolve, there are numerous factors coming into play that could affect how organizations keep patient data secure. But what type of obstacles are standing in provider’s’ way? Are there certain difficulties when it comes to HIPAA compliance? We’ve previously discussed the legal perspective on HIPAA regulations, and various experts in the field have claimed that “it’s not a matter of if, but a matter of when” a data breach will take place. Recent OCR HIPAA settlements not only show that size is not a factor when it comes to enforcement, but that organizations need to be mindful of everything from physical safeguards to conducting regular risk assessments. Technical advancements have also proven to be potentially beneficial to covered entities. Whether an organization is looking to implement secure messaging options or potentially invest in cloud storage, privacy and security issues cannot be overlooked. […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] ProtonMail taken down by ‘extremely powerful DDoS attack’

www.computing.co.uk/ctg/news/2433469/protonmail-taken-down-by-extremely-powerful-ddos-attack By John Leonard computing.co.uk 05 Nov 2015 ProtonMail, the Geneva-based encrypted email service that was developed by CERN scientists, was taken off line on Tuesday November 3rd by what the company describes as an “extrememly powerful DDoS attack”. At time of writing the service was still offline. Writing in a blog, CEO Andy Yen says: “The attackers began by flooding our IP addresses. That quickly expanded to the datacenter in Switzerland where we have our servers. In the process of attacking us, several other tech companies and even some banks were knocked offline temporarily.” Yen continues: “Despite our best efforts, we have been unable to stop the attack but we are working non-stop to get back online.” […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] Report Warns of Chinese Hacking

www.wsj.com/articles/report-warns-of-chinese-hacking-1445227440 By DANNY YADRON The Wall Street Journal Oct. 19, 2015 A U.S. cybersecurity company says it has evidence hackers linked to the Chinese government may have tried to violate a recent agreement between Washington and Beijing not to hack private firms in each other’s country for economic gain. The firm, CrowdStrike Inc., plans to announce Monday that unnamed customers in the technology and pharmaceutical industries have faced attempted—though unsuccessful—intrusions from China-linked hackers. Two incidents took place the day before and the day after President Barack Obama and Chinese President Xi Jinping said on Sept. 25 they reached an “understanding” not to use cyberspies to commit economic espionage against each other, according to CrowdStrike. The Chinese embassy in Washington didn’t immediately respond to a request for comment. “We are aware of this report. We’ll decline comment on its specific conclusions,” said a senior Obama administration official. “We have and will continue to directly raise our concerns regarding cybersecurity with the Chinese.” […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] China arrests hackers following request from U.S. – report

www.washingtontimes.com/news/2015/oct/12/china-arrests-hackers-following-request-from-us-re/ By Andrew Blake The Washington Times October 12, 2015 China reportedly arrested several computer hackers at the behest of the United States government weeks ahead of President Xi Jinping’s visit to the White House last month as the U.S. continues to weigh imposing sanctions as a result of cyberattacks blamed on Beijing. Officials within the Obama administration confirmed the arrests to the Washington Post on Friday and said the individuals apprehended are accused of participating in espionage campaigns in which secrets were stolen from U.S. companies to be handed off to competitors in China. But with the arrests having occurred amid ongoing talks concerning the possible imposition of sanctions against China as a result of wave of cyberattacks, the White House is now waiting to see if authorities will move forward with prosecuting the supposed criminals or let their actions slide. “We need to know that you’re serious,” an individual who spoke with the Post on condition of anonymity said in explaining the reasoning for requesting the arrests. “So we gave them a list, and we said, ‘Look, here’s these guys. Round them up.’” […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] Salted Hash: Live from DerbyCon 5.0 (Day 2)

http://www.csoonline.com/article/2986800/security-awareness/salted-hash-live-from-derbycon-5-0-day-2.html By Steve Ragan Salted Hash CSO Online Sept 26, 2015 It’s Day two at DerbyCon, which is actually the day that most of the action takes place. This weekend has already seen some impressive talks, but today promises to be interesting with talks running the full spectrum of InfoSec, from medical device research, AppSec, and social engineering. This post is being written at 0900, which is early for a hacker conference, but people are slowly starting to gather, as the picture shows. So far this weekend, Salted Hash has posted various conversation starters along with general updates, so today’s post will continue that slight trend. The idea for the topic came out of a technical failure on your faithful reporter’s part yesterday. […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] Legacy IT, legacy acquisition compound cyber risk

http://fcw.com/articles/2015/09/17/legacy-it-risk.aspx By Adam Mazmanian FCW.com Sep 17, 2015 The way the government buys technology can constrain efforts to protect federal systems from cybersecurity threats, says Michael Daniel, the top White House advisor on cybersecurity. Federal agencies continue to rely on legacy systems that are vulnerable to intrusions and hard to secure. “The burden of legacy in government is a huge one,” Daniel said at the Billington Cybersecurity Conference in Washington, D.C., on Sept. 17. Government is struggling with the problem of how to move off of old systems. “We have architectures and hardware and software in places that is indefensible, no matter how much money and talent we put on it. We don’t have a good process for moving off,” Daniel said. Security measures are often bolted on to older hardware, software and operating systems, “rather than being deeply embedded in the product,” Daniel said. Compounding the problem are legacy acquisition methods. “We treat computer systems as a gigantic capital investment like a building, rather than investments you need to continually refresh,” Daniel said. But moving to a more flexible budgeting and acquisition system, to allow for revolving funds and other more nimble financial instruments, requires new law. “We’re going to need some help from Congress. There’s a very strong resistance to making some of those shifts among a lot of folks on the Hill,” he said. […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail