IT - Security

Is Your VPN Secure?
GCN, February 4th, 2019

"About a quarter of internet users use virtual private networks, a software setup that creates a secure, encrypted data connection between their own computer and another one elsewhere on the internet. Many people use them to protect their privacy when using Wi-Fi hotspots or to connect securely to workplace networks while traveling. Other users are concerned about surveillance from governments and internet providers..."

"Entering the information security industry can be a formidable undertaking and renowned professionals often seem larger than life and unapproachable (even though most are on Twitter and their email address is public).

Luckily for us all, Marcus J. Carey and Jennifer Jin have the ear of some of the biggest names in the field and have generously decided to share that access.

Their book Tribe of Hackers: Cybersecurity Advice from the Best Hackers in the World is a compilation of answers seventy cybersecurity luminaries have given to questions most of us always wanted to ask:..."

"Team from University of Missouri take wraps off Dolus, a system 'defense using pretense' which they say will help defend software-defined networking (SDN) cloud infrastructure.

Researchers with University of Missouri hope to move the ball forward on cyber decepton technology with a new form of intrusion deception they designed specifically to help defend software-defined networking (SDN) cloud infrastructure..."

"There are a number of measures organizations can and should take to help reduce the risk of cybersecurity attacks and data breaches. Unfortunately, about a third of organizations say they are largely unprepared for such attacks, according to eSecurity Planet's newly released 2019 State of IT Security survey.

The survey asked about specific threats and how well organizations are prepared to defend against them..."

Why Vaporworms Might Be The Scourge Of 2019
HelpNet Security, February 6th, 2019

"Not too long ago, the WatchGuard Threat Lab predicted the emergence of vaporworms as a major new cyber threat that will affect organizations of all sizes in 2019. We coined the term to describe a new breed of fileless malware with self-propagating, wormlike properties. At the time of the initial prediction, our team was fairly sure this idea was more than conjecture, but now the advent of the vaporworm in 2019 seems to be an abject certainty.

But before I get into why and how this new threat will pick up steam this year, let's take a step back to first examine fileless attacks and how they differ from traditional malware..."

"Google's head of account security, Mark Risher, discusses the various types of 2FA and how new options of WebAuthn and U2F are going to be game changers for enterprise.

Experts are recommending that enterprises strive for two-factor authentication -- especially new types of 2FA -- because of its ease of use and lower risk of human error.

Mark Risher, head of account security at Google, agreed that 2FA should be the baseline of security for enterprises. But he also noted that some types of 2FA are commonly misunderstood by users or may seem more daunting than they should..."

"Today, 64 percent of U.S. federal government IT leaders view identity management solutions as critical to addressing agencies' increased cybersecurity threats, according to a Unisys-sponsored survey. As identity and access management becomes increasingly important to protect against outsider cyber threats and ensure that the right users have access to the right information, it is clear that effective IAM faces several challenges..."

New Vulnerabilities Make RDP Risks Far From Remote
Dark Reading, February 5th, 2019

"More than two dozen vulnerabilities raise the risk of using RDP clients to remotely manage and configure systems.

Researchers have announced a flurry of vulnerabilities in three separate implementations of RDP, the remote desktop protocol that is widely used in remote technical support and configuration operations at large enterprises and service providers..."

See all Archived IT - Security articles See all articles from this issue