Tag Archives: infrastructure

My latest Gartner research: Vendor Rating: Huawei

Huawei has established itself as a solid provider of ICT infrastructure technologies across consumer, carrier and enterprise markets worldwide. CIOs and IT leaders should utilize this research to familiarize themselves with Huawei’s “all-cloud” strategy and ecosystem development….

Gartner subscribers can access this research by clicking here.




Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] IoT risks raise concerns among IT specialists in central and eastern Europe

www.computerweekly.com/news/4500272253/IoT-risks-raise-concerns-among-IT-specialists-in-CEE By Krzysztof Polak ComputerWeekly.com 04 Feb 2016 The internet of things (IoT) has gone from an industry buzzword to a highly promising phenomenon in central and eastern Europe – but IT specialists are concerned about how to protect networks from the extra strain of new connected devices. The driving force behind IoT is the desire to gain knowledge and insights about, for example, buildings, cars, industrial installations, healthcare, aviation and civil infrastructure, using smart and connected devices. But according to Sylwester Chojnacki, director, enterprise business group at Huawei CEE, the designers of IoT equipment have not learned the lessons from the early years of internet development. “They do not pay sufficient attention to the safety of devices and applications,” he said. IoT devices are often the first target in cyber attacks, leading to intrusions into computer systems and large databases. […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] New centre to help Singapore boost cyber security

www.straitstimes.com/singapore/new-centre-to-help-spore-boost-cyber-security By Lim Yan Liang The Straits Times Feb 4, 2016 Singapore will face more cyber attacks as technology is increasingly used in everyday life, from smart traffic lights and driverless trains to the ubiquitous smartphones. The greater risk, which is inevitable as Singapore pushes to be a Smart Nation, was flagged yesterday by the managing director of the Infocomm Development Authority (IDA), Ms Jacqueline Poh, noting the rise in the United States of such security incidents involving its critical infrastructures. To address the danger, Singapore plans to give existing measures a further boost. One is the introduction of a Cyber Security Bill in Parliament later this year to give the 11-month-old Cyber Security Agency greater powers to secure Singapore’s critical information infrastructure. […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] How much at risk is the U.S.’s critical infrastructure? (fwd)

www.csoonline.com/article/3024873/security/how-much-at-risk-is-the-uss-critical-infrastructure.html By Taylor Armerding CSO Jan 21, 2016 There is universal agreement that modern warfare or crime fighting is not just about bullets, bombs and missiles in physical space. It’s also about hacking in cyber space. But over the past decade there has been much less agreement over how much of a threat hackers are. On one side are those – some of them top government officials – who have warned that a cyber attack on the nation’s critical infrastructure could be catastrophic, amounting to a “cyber Pearl Harbor.” Those warnings prompted the recent book by retired ABC TV “Nightline” anchor Ted Koppel titled, “Lights Out: A Cyberattack, A Nation Unprepared, Surviving the Aftermath.” Other experts argue just as forcefully that while the threats are real and should be taken seriously, the risks are not even close to catastrophic. They say those who predict catastrophe are peddling FUD – fear, uncertainty and doubt. […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] Hacking Team’s Leak Helped Researchers Hunt Down a Zero-Day

www.wired.com/2016/01/hacking-team-leak-helps-kaspersky-researchers-find-zero-day-exploit/ By Kim Zetter Security Wired.com 01/13/16 ZERO-DAY EXPLOITS ARE a hacker’s best friend. They attack vulnerabilities in software that are unknown to the software maker and are therefore unpatched. Criminal hackers and intelligence agencies use zero day exploits to open a stealth door into your system, and because antivirus companies also don’t know about them, the exploits can remain undetected for years before they’re discovered. Until now, they’ve usually been uncovered only by chance. But researchers at Kaspersky Lab have, for the first time, discovered a valuable zero-day exploit after intentionally going on the hunt for it. And they did so by using only the faintest of clues to find it. The malware they found is a remote-code execution exploit that attacks a vulnerability in Microsoft’s widely used Silverlight software—a browser plug-in Netflix and other providers use to deliver streaming content to users. It’s also used in SCADA and other industrial control systems that are installed in critical infrastructure and industrial facilities. The vulnerability, which Microsoft called “critical” in a patch released to customers on Tuesday, would allow an attacker to infect your system after getting you to visit a malicious website where the exploit resides—usually through a phishing email that tricks you into clicking on a malicious link. The attack works with all of the top browsers except Chrome—but only because Google removed support for the Silverlight plug-in in its Chrome browser in 2014. […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] Call for Papers – YSTS X – Information Security Conference, Brazil

Forwarded from: Luiz Eduardo Hello ISN readers and sorry for the possible cross-postings you might see, on behalf of the conference’s organization team I would like to let you know that YSTS X’s CFP is currently opened. Call for Papers – YSTS X – Information Security Conference, Brazil YSTS 10th Edition Where: Sao Paulo, Brazil When: June 13th, 2016 Call for Papers Opens: December 13th, 2015 Call for Papers Close: March 1st, 2016 www.ysts.org @ystscon INTRODUCTION This is the celebratory 10th edition of the well-known information security conference “you Sh0t the Sheriff” and we are sending this CFP out so you share with us the coolest stuff you’ve been working on. The conference will be happening on June, 13th in a secret location within the city of Sao Paulo, Brazil. This is a great opportunity for you to speak about the latest research you have been working on to the most influential crowd in the Brazilian Information Security realm. ABOUT THE CONFERENCE you Sh0t the Sheriff is a very unique, one-day, event dedicated to bringing cutting edge talks to the top-notch professionals of the Braziiian Information Security Community. The conference’s main goal is to bring the attendees to the current state of the information security world by bringing the most relevant topics from different Infosec segments of the market and providing an environment that is ideal for both networking and idea sharing. YSTS is a an exclusive, mostly invite-only security con. Getting a talk accepted, will, not only get you to the event, but after you successfully present your talk, you will receive a challenge-coin that guarantees your entry to YSTS for as long as the conference exists. Due to the great success of the previous years’ editions, yes, we’re keeping the good old usual format: * YSTS 10 will be held at an almost secret location only announced to whom it may concern a couple of weeks before the con * the venue will be, most likely, a very cool club or a bar (seriously, look at the pictures) * appropriate environment to network with great security folks from Brazil and abroad * since it is a one-day con with tons of talks and activities, we make sure we fill everyone with coffee, food and booze CONFERENCE FORMAT Anything Information Security related is interesting for the conference, which will help us create a cool and diverse line-up. We strictly *do not* accept commercial/ product-related pitches. Keep in mind though, this is a one-day conference, we receive a lot of submissions, so your unique research with cool demos and any other possible twist you can throw in to keep the audience engaged will surely stand out to the other papers. Just in case you need some ideas, some of the topics in security that could be interesting to us: * Mobile Devices & BY0D – Bring your 0wn3d Device * Real Social Networking Threats * Embedded Systems * Everything in Offensive Security * “the” Cloud * Inside Jobs Detection/ Techniques * Big Data * Small Data * Tiny Data (the type that breaks big things) * Internet of all the things you can break * Career & Management topics * (cool and useful) Information Security Policies * Privacy in the Digital World * Messing with Network Protocols * RF Stuff * Mobile Payments * Authentication * Incident Response Stories and Policies * Information Warfare * Malware/ Botnets * DDoS Evolution or Stories (or solution, if you have one) * Secure Programming * Hacker Culture * Application Security * Virtualization * DataBase Security * Cryptography * System Weaknesses * Infrastructure and Critical Systems * Reverse Engineering * Social Reverse Engineering * Reversing Social Engineering * Caipirinha and Feijoada Hacks * and everything else information security related that our attendees would enjoy, the coolest/ different/ most creative submissions win, keep that in mind! We do like shorter talks, so please submit your talks and remember they must be 30 minutes long. (yes, we do strictly enforce that) We are also opened to some 15-minute talks, some of the smart people around might not need 30 minutes to deliver a message, or it might be a project that has been just kicked-off. 15 minutes might be your thing and that’s nothing to be ashamed about. you Sh0t the Sheriff is the perfect conference to release your new projects, other people have released very cool research before they presented it at the bigger cons later in the year. We also like that, a lot. And yes, we do prefer new hot-topics. “First-time” speakers are more than welcome. If you’ve got good content to present, that’s all that matters. SPEAKER PRIVILEGES (and yeah, that applies only to the 30 minute-long talks) * USD 1,000.00 to help covering travel expenses for international speakers * or R$ 1,200.00 to help covering travel expenses for Brazilian speakers who live outside of Sao Paulo * Breakfast, lunch and dinner during conference * Pre-and-post-conference official party (and the unofficial ones as well) * Auditing products in traditional Brazilian barbecue restaurants * Life-time free admission for all future YSTS conferences CFP IMPORTANT INFO (aka: RTFM) Each paper submission must include the following information * in text format only * * Abstract/ Presentation Title * Your Name, company/title, address, email and phone/contact number * Short biography * Summary or abstract for your presentation * Other publications or conferences where this material has been or will be published/submitted. * Speaking experience * Do you need or have a visa to come to Brasil? * is it a 30 minute or a 15 minute talk? * Technical requirements (others than LCD Projector) VERY IMPORTANT DATES Conference Date: June 13th, 2016 Final CFP Submission – March 1st, 2016 Final Notification of Acceptance – April 1st, 2016 Final Material Submission for accepted presentations – May 1st, 2016 (we might ask you to remotely present your talk to us at this date) All submissions must be sent via email, in text format only to: cfp/at/ysts.org IMPORTANT CONTACT INFORMATION Paper Submissions: cfp/at/ysts.org General Inquiries: b0ard/at/ysts.org Sponsorship Inquiries: sponsors/at/ysts.org OTHER STUFF Conference website www.ysts.org Video clips http://youtu.be/6ZblAdYZUGU http://youtu.be/ah-dLkwiK0Y tinyurl.com/ystsendorsements Some Pix tinyurl.com/ysts9pix tinyurl.com/ysts8pix tinyurl.com/ysts7pix1 tinnyurl.com/ysts5pix1 tinyurl.com/yoush0tthesheriff6 twitter @ystscon official twitter hashtag #ystscon We hope to see you there! Luiz Eduardo & Nelson Murilo & Willian Caprino


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] U.S. government wants in on the public cloud, but needs more transparency

www.computerworld.com/article/3006360/security/us-government-wants-in-on-the-public-cloud-but-needs-more-transparency.html By Blair Hanley Frank IDG News Service Nov 18, 2015 The federal government is trying to move more into the cloud, but service providers’ lack of transparency is harming adoption, according to Arlette Hart, the FBI’s chief information security officer. “There’s a big piece of cloud that’s the ‘trust me’ model of cloud computing,” she said during an on-stage interview at the Structure conference in San Francisco on Wednesday. That’s a tough sell for organizations like the federal government that have to worry about protecting important data. While Hart said that the federal government wants to get at the “enormous value” in public cloud infrastructure, its interest in moving to public cloud infrastructure is also tied to a need for greater security. While major providers like Amazon and Microsoft offer tools that meet the U.S. government’s regulations, not every cloud provider is set up along those lines. In Hart’s view, cloud providers need to be more transparent about what they do with security so the government and other customers can verify that their practices are sufficient for protecting data. […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] Blackhole Exploit Kit Makes a Comeback

www.eweek.com/security/blackhole-exploit-kit-makes-a-comeback.html By Robert Lemos eWEEK.com 2015-11-19 The once-popular Blackhole exploit kit has returned, attempting to infect using old exploits but also showing signs of active development, according to researchers with security firm Malwarebytes. Over the weekend, Malwarebytes detected attacks using older exploits for Oracle’s Java and Adobe’s Acrobat, but which attempted to deliver recently compiled malware. When Malwarebytes investigated, it found, behind the attacks, a poorly secured server that had Blackhole installed on it. The return of Blackhole suggests that cyber-criminals may be reusing the code, which was leaked in 2011, Jérôme Segura, senior security researcher for Malwarebytes Labs, told eWEEK. “Blackhole was well-written, and we have seen in the past, like with Zeus, that a lot of criminals do not reinvent the wheel,” he said. “They will use older infrastructure and build on top of it.” […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail