Network Forensics Tracking Hackers Through Cyberspace
Wired for War: The Robotics Revolution and Conflict in the 21st Century
Wired for War: The Robotics Revolution and Conflict in the 21st Century
Blogs / News -
Hot Air - Stanford prof: Coronavirus may be less deadly than we think — and too mild to justify these aggressive countermeasures -
At bottom his argument is the same as Dr. Jeremy Faust’s, who I’ve written about before. What if there are a ton more people walking around with asymptomatic COVID-19 than we realize? If there are then the death rate is far lower than we’re estimating. If in fact this virus is less deadly than the flu, do we actually want a coast-to-coast shutdown to contain it?
This fits in with yesterday's "Some Ask a Taboo Question: Is America Overreacting to Coronavirus"CNN- The coronavirus is creating an 'enormous stress test' of America's internet -
The United States' internet and wireless networks are coming under immense pressure to deliver reliable connectivity as schools and businesses confronting the novel coronavirus have shifted their day-to-day operations out of the workplace and into homes, according to industry analysts and government officials.
"This is going to be an enormous stress test for our communications networks," said Blair Levin, a former Federal Communications Commission chief of staff and author of the agency's 2010 plan to improve internet access nationwide.The Atlantic - America Is Acting Like a Failed State -
But in the United States, the pandemic has devolved into a kind of grotesque caricature of American federalism. The private sector has taken on quasi-state functions at a time when the executive branch of government—drained of scientific expertise, starved of moral vision—has taken on the qualities of a failed state. In a country where many individuals, companies, institutions, and local governments are making hard decisions for the good of the nation, the most important actor of them all—the Trump administration—has been a shambolic bonanza of incompetence.RSA - Renaissance of the OTP hardware token -
Where do we go from here with deploying MFA? Here are a few thoughts:
- First, you need to take a step back and craft a solid identity access management strategy for your entire enterprise. You should examine whether every user needs a hardware token and for all their access methods. Instead, focus on the relative risks. For example, tokens are a good idea for those users who handle cash transactions, but perhaps not if their jobs are on the factory floor.
- Second, think about how you handle your partners and customers’ transactions, and how to beef up their logins. Getting hardware tokens registered, and eventually revoked, for anyone who isn’t a full-time employee is still painful. Also, consider whether you should mix and match hardware and smartphone MFA apps, especially when the application circumstances and risk profiles dictate it.Finally, consider how to authenticate cloud apps. Some cloud platforms support standards that make integrating smartphone MFA apps easier, so that may be a better solution. At the end of the day, having more MFA is usually better than no MFA, but it should be deployed intelligently and carefully.
Fifth Domain - The Pentagon is handling cyber vulnerabilities inconsistently -
The Department of Defense has not consistently mitigated cyber vulnerabilities identified in a 2012 report, according to the department’s inspector general.
The DoD IG issued a follow-on report to its 2012 report, issued March 13 and made public March 17, that determined cyber red teams didn’t report the results of assessments to organizations and components didn’t effectively correct or mitigate the identified vulnerabilities.Schneier on Security - The Insecurity of WordPress and Apache Struts -
A study that analyzed all the vulnerability disclosures between 2010 and 2019 found that around 55% of all the security bugs that have been weaponized and exploited in the wild were for two major application frameworks, namely WordPress and Apache Struts.Threatpost - Adobe Discloses Dozens of Critical Photoshop, Acrobat Reader Flaws -
Adobe has released out-of-band updates addressing critical vulnerabilities in its Photoshop and Acrobat Reader products, which if exploited could allow arbitrary code-execution.
Overall, Adobe on Wednesday patched flaws tied to 41 CVEs across its products, 29 of which were critical in severity. The fixes were released outside of Adobe’s regularly scheduled update day, which was earlier in March (during which, in fact, Adobe had no patches).HelpNet Secuurity - Over 60% of the Fortune 1000 had at least one public breach over the last decade -
Over 60% of the Fortune 1000 had at least one public breach over the last decade, according to a Cyentia Institute research. On an annual basis, it is estimated one in four Fortune 1000 firms will suffer a cyber loss event. That ratio approaches 50% for the Fortune 250.Bank Info Security - Data Governance: How to Tackle Three Key Issues -
Three key emerging governance challenges are: defining who is accountable for privacy within an organization; identifying where all personally identifiable data resides so it can be protected; and applying automation to help respond to consumers' requests, such as for an accounting of their data that an organization stores.CSO - Toward a common UI for security operations -
It’s 2020, yet many organizations still depend upon a myriad of disparate point tools for security operations, leading to many challenges. According to ESG research these are the biggest challenges associated with managing an assortment of point tools:
- it makes security operations complex and time consuming (35%)
- it is difficult to get a complete picture of their security status at any time (35%)
- triaging, prioritizing, and investigating all the security alerts generated (34%)
- each security tool demands its own management and operations, straining the organization’s resources (33%)
- the organization doesn’t have enough staff members or the right skills to manage all the tools effectively (25%)
No comments:
Post a Comment