Category Archives: business

Goldman Sachs Is Getting Serious About Cryptocurrency

Goldman Sachs made a significant push into the cryptocurrency market earlier this month by hiring Justin Schmidt to lead its digital asset division. While the bank remains non-committal about the scope of its cryptocurrency operation, actions speak louder than words. Goldman’s Hire Financial news site Tearsheet first reported the news of Schmidt’s hiring in an […]

The post Goldman Sachs Is Getting Serious About Cryptocurrency appeared first on Hacked: Hacking Finance.

Amazon Has a Top-Secret Plan to Build Home Robots

After making smart speakers a household product (at least to some), Amazon seems to have found its next big consumer product: robots. Amazon is building smart robots that are equipped with cameras that let them drive around homes, Bloomberg reported Monday. These robots could launch as soon as next year. From the report: Codenamed "Vesta," after the Roman goddess of the hearth, home and family, the project is overseen by Gregg Zehr, who runs Amazon's Lab126 hardware research and development division based in Sunnyvale, California. Lab126 is responsible for Amazon devices such as the Echo speakers, Fire TV set-top-boxes, Fire tablets and the ill-fated Fire Phone. The Vesta project originated a few years ago, but this year Amazon began to aggressively ramp up hiring. There are dozens of listings on the Lab 126 Jobs page for openings like "Software Engineer, Robotics" and "Principle Sensors Engineer." People briefed on the plan say the company hopes to begin seeding the robots in employees' homes by the end of this year, and potentially with consumers as early as 2019, though the timeline could change, and Amazon hardware projects are sometimes killed during gestation.

Read more of this story at Slashdot.

SmugMug Buys Flickr, Vows To Revitalize the Photo Service

On Friday, Silicon Valley photo-sharing and storage company SmugMug announced it had acquired Flickr, the photo-sharing site created in 2004 by Ludicorp and acquired in 2005 by Yahoo. SmugMug CEO Don MacAskill told USA TODAY he's committed to revitalizing the faded social networking site, which hosted photos and videos long before it became trendy. Flickr will reportedly continue to operate separately, and SmugMug and Flickr accounts will "remain separate and independent for the foreseeable future." From the report: He declined to disclose the terms of the deal, which closed this week. "Flickr is an amazing community, full of some of the world's most passionate photographers. It's a fantastic product and a beloved brand, supplying tens of billions of photos to hundreds of millions of people around the world," MacAskill said. "Flickr has survived through thick-and-thin and is core to the entire fabric of the Internet." The surprise deal ends months of uncertainty for Flickr, whose fate had been up in the air since last year when Yahoo was bought by Verizon for $4.5 billion and joined with AOL in Verizon's Oath subsidiary.

Read more of this story at Slashdot.

Many Amazon Warehouse Workers are on Food Stamps

Many of Amazon's warehouse workers have to buy their groceries with food stamps through America's Supplemental Nutrition Assistance Program, reports the Intercept. In Arizona, new data suggests that one in three of the company's own employees depend on SNAP to put food on the table. In Pennsylvania and Ohio, the figure appears to be around one in 10. Overall, of five states that responded to a public records request for a list of their top employers of SNAP recipients, Amazon cracked the top 20 in four. Though the company now employs 200,000 people in the United States, many of its workers are not making enough money to put food on the table... "The average warehouse worker at Walmart makes just under $40,000 annually, while at Amazon would take home about $24,300 a year," CNN reported in 2013. "That's less than $1,000 above the official federal poverty line for a family of four." In addition Amazon uses temp workers who may also be on food stamps, notes the article, adding that in 2017 Amazon received $1.2 billion in state and local subsidies, while effectively paying no federal income tax. "The American people are financing Amazon's pursuit of an e-commerce monopoly every step of the way: first, with tax breaks, subsidies, and infrastructure improvements meant to lure fulfillment centers into town, and later with federal transfers to pay for warehouse workers' food."

Read more of this story at Slashdot.

Eventbrite Claims The Right To Film Your Events — And Keep the Copyright

Eventbrite lets you sell tickets online for your events. An anonymous reader reports on Eventbrite's newly-updated merchant agreement. The merchant agreement specifies that you "grant permission to Eventbrite and its agents to enter onto and remain on the premises (including real property, fixtures, equipment, or other personal property) where your event is hosted...with personnel and equipment for the purpose of photographing and recording the Premises, both internally and externally in connection with the production of digital content on the date of your event(s) and any other dates reasonably requested by Eventbrite (for example, during setup and breakdown for the event) (the 'Shoot')." But in addition, you're also granting them permission to record and use footage of all your attendees and speakers, "in any manner, in any medium or context now known or hereafter developed, without further authorization from, or compensation to." And after that Eventbrite "will own all rights of every nature whatsoever in and to all films and photographs taken and recordings made hereunder, including without limitation of all copyrights therein and renewals and extensions thereof, and the exclusive right to use and exploit the Recordings in any manner, in any medium or context now known or hereafter developed..." You're even responsible for obtaining all the clearances and licenses "necessary to secure Eventbrite the permissions and rights described above," and you also release Eventbrite from any claims that may arise regarding use of the Recordings, "including, without limitation, any claims of defamation, invasion of privacy, or infringement of rights of likeness, publicity or copyright." "So, yeah. No," tweeted Ars Technica's national security editor. "Eventbrite is now off my list for recommended event organizing tools."

Read more of this story at Slashdot.

IP EXPO Manchester 2018 – Head in the Clouds? Let’s get serious about how to benefit from Cloud platforms whilst staying protected

ipexpomanchester.com - Richard will look at the reasoning behind the current move towards Cloud-based resource usage and identify the many areas of risk that must be considered when a migration project is being planned. He…


Tweeted by @IPEXPO https://twitter.com/IPEXPO/status/987707823256735746

Study Warns Chinese Electronics Make U.S. Vulnerable to Espionage, Cyber Attack – World News Report – EIN News

world.einnews.com - The study concerns “supply chain risk management,” which essentially means making the U.S. government less dependent on cheap electronic products from potentially hostile countries. “The supply chain…


Tweeted by @EINChinaNews https://twitter.com/EINChinaNews/status/987481117505748997

McAfee vNSP and AWS Are Winning Combination for Enterprise and Federal Customers

Fun Facts: ECS stood up and managed the first security operations center at the White House. Today, ECS manages the world’s largest McAfee installation—employing just about every solution we make—for the U.S. Army.

ECS is more than a McAfee Platinum Partner: they’ve built their entire security solution around McAfee products. The company’s unique offering to Enterprise, military, intelligence and federal civilian combines their award-winning managed services powered by McAfee, and high-level competencies across the Amazon Web Services (AWS) product suite.

ECS has earned service delivery certifications for every McAfee product, participating regularly in betas and trials of new software with active input into the development of new products. Its AWS bona fides are equally ambitious: ECS is an AWS Premier Consulting Partner, an Audited Managed Service Partner, and one of the world’s largest AWS resellers.

For the past 17 years, ECS (formerly InfoReliance) has built a managed-services offering that focuses on delivering custom solutions for clients in regulated industries such as government and defense, but the company also has a large and growing roster of high-profile enterprise and commercial customers. ECS focuses its security solutions around the threat defense lifecycle, applying not only McAfee products but complementary solutions from McAfee Security Innovation Alliance.

“Our choice to provide a single-vendor security platform and deliver McAfee at scale is one of the things that makes us unique,” remarks Andy Woods, Director of Managed Cybersecurity at ECS. “It means our organization can have a depth of expertise that’s frankly unmatched by anyone else in the industry. We also believe it’s the best way to be technology-heavy and people-light, and to automate as much of the cybersecurity lifecycle as we can.”

The McAfee Virtual Network Security Platform (vNSP) and its tight synergy with AWS is a large focus of ECS’s business. Tim Gonda, ECS security engineer and vNSP expert, explains: “We feel it is important to recognize that as part of the AWS shared responsibility model, it is up to us to ensure the security of our virtual networks. We leverage vNSP as a way to augment the security of native AWS capabilities. We are able to establish more flexible controls for protecting our own workloads, as well as providing custom-tailored solutions to our clients.”

In one example of a customer’s virtual private cloud (VPC) deployment, the ECS team launched a vNSP controller into the VPC, and deployed sensors per subnet. The application service also included the lightweight, host-based traffic redirector. “One of the biggest differentiators of vNSP versus other products is that it allows us to monitor internal VPC traffic, as well as traffic leaving the VPC, in an extremely lightweight framework,” Gonda comments. “In this example, we managed the lateral traffic within the VPC, as well as traffic going out to the internet, while providing custom filters and rules looking for specific threats on the wire.”

The application of vNSP with AWS-driven VPCs is just one example of ECS’s fearless innovation in today’s marketplace. Woods notes, “We’re proud of our internally developed intellectual properties, such as our iRamp billing system. We developed one of the very first DXL-enabled technologies within the partner community. We were also early adopters of integrated security through McAfee ePO, born out of a need to support clients in regulated industries.”

Woods concludes, “Our clients are focused on value management of their cybersecurity spend and how we can help them reduce their risk not only today but into the future. We deliver security customized security outcomes for every organization we work with. We’re confident in McAfee’s ability to scale along with core competencies on the endpoint, whether on-premises or in the cloud. The connected infrastructure is a key differentiator for us as we deliver managed services to customers across all verticals. For us, ‘Together is Power’ means being able to solve our clients’ cybersecurity problems in the most powerful manner possible, through a single platform of connected technologies.”

The post McAfee vNSP and AWS Are Winning Combination for Enterprise and Federal Customers appeared first on McAfee Blogs.

Head of Business Development & Strategy – Raytheon UK Cyber & Intelligence (C&I) job with Raytheon Systems | 801843662

securityclearedjobs.com - Head of Business Development & Strategy – Raytheon UK Cyber & Intelligence (C&I) Location United Kingdom, Gloucester Send Save Apply Job Title: Head of Business Development & Strategy - Raytheon UK C…


Tweeted by @SecurityCleared https://twitter.com/SecurityCleared/status/987298724522151936

Watch out for and report malicious Russian cyber activity

The UK & US Governments have issued a joint Technical Alert  advising all businesses – public and private sector, critical infrastructure providers, and ISPs supported them – to review their network security and report back on any signs of malicious cyber activity carried out by or on behalf of the Russian Government.

 This first joint security statement, Government officials said they had “high confidence” that Russian state-sponsored cyber actors was behind the “broad campaign” to compromise network hardware devices such as routers, switches, firewalls, and the Network Intrusion Detection System (NIDS).

By compromising these devices, the cyber criminals are able to redirect traffic, steal valuable information, and have a staging post for future offensive activity. Multiple sources, including private and public-sector cyber security research organisations and allies, have reported this activity to the U.S. and UK governments.

Businesses of all sizes are advised to read the Technical Alert and act on the recommendations. The alert contains details of Indicators of Attack (IoA) on the networks of compromised victims. Any signs of compromise should be reported to DHS, FBI, NCSC or law enforcement immediately.

Ciaran Martin, CEO of the National Cyber Security Centre said:

“This is the first time that in attributing a cyber attack to Russia the U.S. and the UK have, at the same time, issued joint advice to industry about how to manage the risks from the attack. It marks an important step in our fight back against state-sponsored aggression in cyberspace.

Guards all the doors and holds all the keys

Network devices are ideal targets, as the majority of organizational and customer traffic must traverse these critical devices. Any cyber criminal with access to these devices can monitory, modify, deny and redirect traffic as desired. This coupled with a lack of regular updates, as once installed network devices are often neglected when assumed to be working correctly, often only receiving attention when a fault arises, means a complete layer of corporate security could be bypassed without knowing.

 Mitigation Strategies

There is a large amount of publicly available cybersecurity guidance and best practices from NCSC, DHS, device vendors, and the cybersecurity community on mitigation strategies.

The advice given to firms in Technical Alert TA18-106A includes ways to configure their systems correctly and how to apply patches to address hardware vulnerabilities.

  • Review network device logs and data for indications of compromise on all network device hosts.
  • Do not allow unencrypted management protocols to enter an organization from the Internet.
  • Harden the encrypted protocols based on current best security practice.
  • Do not allow Internet access to the management interface of any network device.
  • Immediately change default passwords and enforce a strong password policy.
  • Apply software updates and security patches to all devices.

Also ensure a reputable Endpoint Detection and Response solution is in place across the network, such as Panda Adaptive Defense, to mitigate attacks should your network devices be compromised.

See It. Say It. Sorted.

 

The post Watch out for and report malicious Russian cyber activity appeared first on Panda Security Mediacenter.

Netflix Could Start Buying Movie Theaters to Help Films Gain a Boost in Oscar Race, Report Says

Netflix has made a strong effort to land Oscar nominations since debuting its first original feature, "Beasts of No Nation," in 2015. The next step in the streaming giant's plan to secure film awards could be to buy and own movie theaters. IndieWire: A new report from the Los Angeles Times says Netflix is considering buying theaters in Los Angeles and New York in order to gain a boost during Oscar season. People familiar with the situation say the theaters would be used to give greater exposer to the feature and documentary titles Netflix is hoping to push into the awards race. According to the Times, Netflix executives originally considered purchasing the Los Angeles-based Landmark Theaters, which is co-owned by Mark Cuban. The theaters are well known for attracting awards voters by running first-run features, documentaries, and foreign films during Oscar season. Sources close to Netflix confirm the company has no current plans to buy Landmark properties. Landmark has three Los Angeles locations and 53 theaters overall in the U.S. Sources close to Netflix.

Read more of this story at Slashdot.

Pasta Is Good For You, Say Scientists Funded By Big Pasta

Earlier this month, numerous news outlets reported on a study which concludes that eating pasta is good for health. In fact, the reports claimed, eating pasta could help you lose weight. Except, there is more to the story. BuzzFeed News reports: What those and many other stories failed to note, however, was that three of the scientists behind the study in question had financial conflicts as tangled as a bowl of spaghetti, including ties to the world's largest pasta company, the Barilla Group. Over the last decade or so, with the rise of the Atkins, South Beach, paleo, and ketogenic diets, Big Pasta has battled a societal shift against carbohydrates -- and funded and promoted research suggesting that noodles are good for you. At least 10 peer-reviewed studies about pasta published since 2008 were either funded directly by Barilla or, like the one published this month, were carried out by scientists who have had financial ties to the company, which reported sales of 3.4 billion euros ($4.2 billion) in 2016. For two years, Barilla has publicized some of these studies, plus others favorable to its product, on its website with taglines like "Eat Smart Be Smart...With Pasta" and "More Evidence Pasta Is Good For You." And the company hired the large public relations firm Edelman to push the latest study's findings to journalists.

Read more of this story at Slashdot.

Marissa Mayer is Back

Former Yahoo Chief Executive Officer Marissa Mayer is starting a technology business incubator, Lumi Labs, with longtime colleague Enrique Munoz Torres, she revealed in an interview with The New York Times. Bloomberg: The venture will focus on consumer media and artificial intelligence, according to the company's website, which is set against a backdrop of snow-covered peaks. Lumi means snow in Finnish, Mayer told the New York Times, which reported the news earlier Wednesday. The next project for Mayer, who was an early employee at Google and worked there until leaving to run Yahoo in 2012, had been a matter of considerable speculation in Silicon Valley. She left Yahoo, once a leading search engine and web destination, after it was sold to Verizon Communications last year.

Read more of this story at Slashdot.

Bitcoin Forum – Index

bitcointalk.org - Bitcoin Discussion General discussion about the Bitcoin ecosystem that doesn't fit better elsewhere. News, the Bitcoin community, innovations, the general environment, etc. Discussion of specific Bit…


Tweeted by @dinukilakshika https://twitter.com/dinukilakshika/status/986991383616671745

Finland Is Killing Its Basic Income Experiment

tomhath shares a report: Since the beginning of last year, 2000 Finns are getting money from the government each month -- and they are not expected to do anything in return. The participants, aged 25-58, are all unemployed, and were selected at random by Kela, Finland's social-security institution. Instead of unemployment benefits, the participants now receive $690 per month, tax free. Should they find a job during the two-year trial, they still get to keep the money. While the project is praised internationally for being at the cutting edge of social welfare, back in Finland, decision makers are quietly pulling the brakes, making a U-turn that is taking the project in a whole new direction. "Right now, the government is making changes that are taking the system further away from a basic income," Kela researcher Miska Simanainen told the Swedish daily Svenska Dagbladet.

Read more of this story at Slashdot.

IP EXPO Manchester 2018 – Often ‘A’, sometimes ‘P’, but always a ‘T’: A review of current trends and the future development of targeted attacks

ipexpomanchester.com - Targeted attacks are now an established part of the threat landscape and in 2017 the headlines were full of news about sophisticated attacks of all kinds. Some were highly-targeted, others affected …


Tweeted by @IPEXPO https://twitter.com/IPEXPO/status/986952973254348802

Jeff Bezos Reveals That Amazon Has Over 100 Million Prime Subscribers

Amazon CEO Jeff Bezos revealed today that the company has over 100 million Prime members, "marking the first time in the 13-year history of Amazon offering its Prime membership that the company has ever revealed its number of subscribers," reports The Verge. From the report: According to Bezos, Amazon Prime also saw its best year ever in 2017, with the company shipping over five billion products with Prime and signing up more new members than in any previous year. Also revealed today, Whole Foods Market will discontinue its rewards program on May 2 and fold it into Amazon Prime. "Stay tuned for additional announcements for Amazon Prime members," reads the Whole Foods FAQ page focused on digital coupons, rewards and online accounts. "Any account benefits, including membership and/or unused rewards, will not roll into any future programs."

Read more of this story at Slashdot.

Threat Intelligence Security Market Expected To Boost The Industry Across The Globe – Technical Progress

thetechnicalprogress.com - Zion Market Research Recently Added A New Report On “Threat Intelligence Security Market: Global Industry Analysis, Size, Share, Growth, Trends, and Forecasts 2016–2024” In Their Database Which Inclu…


Tweeted by @SecurityToday https://twitter.com/SecurityToday/status/986866493647347712

Global Threat Intelligence Market Insight Study of Key Players Profiles on Share, Size, Volume and Revenue Overview 2017-2026 – Facts Week

factsweek.com - A report on Threat Intelligence begins with a deep introduction of the global Threat Intelligence market and then delves broad into specific segments such as solution, service, deployment type, organ…


Tweeted by @SecurityToday https://twitter.com/SecurityToday/status/986866487733305344

Robots Ride To the Rescue Where Workers Can’t Be Found

Fast-growing economies in Eastern Europe have led to severe labor shortages, so companies are calling in the machines [Editor's note: the link may be paywalled]. From a report: In many major economies, companies are experimenting with replacing factory workers, truck drivers and even lawyers with artificial intelligence, raising the specter of a mass displacement of jobs. But in Eastern Europe, robots are being enlisted as the solution for a shortage of workers. Often they are helping to create new types of jobs as businesses in the Czech Republic, Hungary, Slovakia and Poland try to stay agile and competitive. Growth in these countries, which became low-cost manufacturing hubs for Europe after the fall of Communism, has averaged 5 percent in recent years, buoyed by the global recovery. Few are riding higher than the Czech Republic, where plants roll out cars for the likes of Toyota and consumer electronics for Dell, while smaller companies produce specialty goods to sell around the world. A roaring economy has slashed the jobless rate to just 2.4 percent, the lowest in the European Union. The dearth of manpower, however, has limited the ability of Czech companies to expand. Nearly a third of them have started to turn away orders, according to the Czech Confederation of Industry, a trade group.

Read more of this story at Slashdot.

Endpoint Security Testing Matters: New NSS AEP Test Results

NSS Labs, Inc. has just released the 2018 edition of their Advanced Endpoint Protection testing, and Trend Micro’s endpoint solutions have performed very well, resulting in a “recommended” rating. We had strong performance on “security effectiveness,” meaning that we detected and blocked threats effectively. We also had a low total cost of ownership relative to most other vendors in the test.

You can see the test results here: https://resources.trendmicro.com/NSSLabs-Adv-Endpoint-Report.html

“Next Generation” isn’t working better than Trend Micro

This latest test clearly shows Trend Micro performing better than a number of “next generation” endpoint vendors. These same vendors would have you believe a marketing story that Trend Micro relies on AV signatures and can’t detect modern threats, but this has proven to be nonsense. The line between Trend Micro and “next gen” is blurrier than ever.

We have performed well on this and other independent tests because of our cross-generation blend of threat detection techniques. We’re one of the very few endpoint security vendors using state-of-the art machine learning techniques to analyze threats not only pre-execution, but also at run-time (which dramatically boosts effectiveness against file-less malware). We also leverage behavioral IOA detection, our anti-exploit engine, virtual patching capabilities, and a powerful noise cancellation capability to reduce false positives.

In the coming days, vendors who did poorly may release “re-tests” in order to benefit from correcting “bugs” in their products. Unsurprisingly, after learning from their missed detections and correcting their “bugs” they will be able to improve their performance. It’s important to focus on the level playing field of the public test, where all vendors see the test scenarios for the first time.

Testing Matters

Independent third-party testing of endpoint security products is more important than ever, in a landscape full of marketing claims and “next generation” jargon. It is difficult for enterprises to assess the numerous vendor offerings in order to figure out who will actually be more effective, without unacceptable operational cost.

Our objective is to work constructively with independent test labs, avoiding “pay for play” tests, and aiming for an evaluation that is as real-world as possible. We do this instead of publishing our own biased tests, and instead of encouraging customers to test endpoint products for themselves, with biased sample sets we provide. Independent labs are going to deliver a better answer for customers.

Tests like this NSS AEP evaluation make our products better; you can be sure that for each of the small number of missed detections, Trend Micro has investigated, learned, and improved its products already. That’s a key benefit for customers, beyond the evaluation report itself.

Blocking Matters

It’s worth noting that NSS Labs’ latest AEP test rates “security effectiveness” on the Y axis based on ability to block threats, not only detect them. This aligns with what we frequently hear from our customers: they want effective detection, but they also want automatic response (quarantine, isolation, process termination). Response shouldn’t be left to a later investigative stage if it can be handled immediately and automatically. Our detection technologies are seamlessly linked with our response capability, even with run-time detections where process termination can be followed by roll-back to ensure data isn’t damaged or lost.

Achieving Low TCO

NSS Labs not only examines detection and blocking effectiveness, but also assesses TCO using a formula that accounts for product cost, but also the staffing costs to operate products, deal with investigations, missed detections and outbreaks. During this test cycle Trend Micro showed we minimize these staffing expenses by minimizing manual effort for the IT team, and providing the information and tools needed for prompt investigation.

We’re not resting after this test result. The threat landscape keeps on moving, and we continue to invest heavily to enhance our detection effectiveness while keeping TCO low for our customers.

The post Endpoint Security Testing Matters: New NSS AEP Test Results appeared first on .

Microsoft, Facebook and other tech giants join forces on cybersecurity

In light of increased and more sophisticated threats in the cybersecurity landscape, tech giants have vowed to get more serious about protecting their customers by working together through a new Cybersecurity Tech Accord. Thirty-four companies—including Microsoft, Oracle, HP, Facebook, Cisco, Nokia TrendMicro and others—have signed on to the...

Read the whole entry... »

Related Stories

The Human (Resource) Role in the Journey to GDPR Compliance

Employees are at the center of dealing with the General Data Protection Regulation (GDPR), which is the new European regulation that aims to strengthen and standardize the data pricy rights of European citizens. As we’ve discussed throughout this blog series, the GDPR impacts many organizations processing customer data from outside of the EU, but these new data transparency and security benchmarks also need to be adhered to for employee data.

HR departments in particular will be impacted by the GDPR, as a large amount of data processing and controlling happens within them.

HR departments need to know if there are any potential compliance gaps, and must know where they get their data, how they get it, and who uses it. As a critical part of our GDPR journey, we’ve mapped all of our employee data so that we know what data we have, how and where it’s stored, how long we are planning to keep it, and how we will protect it throughout the employee lifecycle.

At Trend Micro, protecting employee data is a part of our global commitment to data privacy. In order to comply with the GDPR, we’ve initiated new policies and procedures and also revisited key items like confidentiality agreements and consent procedures across the employee lifecycle. This includes changes to:

  • Recruitment – prospective employees now need to consent to how we will use their data from the very beginning
  • Employee contracts – employment contracts needed to be updated, including indicating how we use and store their data, and also identifying how their data will be kept
  • Partner processing agreements – all our payroll and benefits partners must meet our new standards for data privacy

Employees also play a critical role in our GDPR compliance efforts. In order help them better understand their role in ongoing compliance, we’ve developed a training program that all our employees will take. This program will not only help employees understand the GDPR, it will also illustrate how we protect their data.

Hear more from Claudia Wu, Senior Vice President, Global HR, on how the GDPR affects our employees, and what we are doing to protect their data.

Video Schedule

4/25 – Marketing Operations: Learn how our Marketing Operations team ensures that our customer data is protected across all external platforms.

5/2 – Products and Services: Hear from Bill McGee, SVP Cloud Security, on how we’re always evolving to deliver state-of-the-art capabilities in our products, and how we help our customers deliver their portion of the shared security responsibility of cloud environments.

5/9 – Sales and Channel Enablement: See how important it is that our existing partners understand GDPR, and how we help them find the tools needed to achieve GDPR compliance.

The post The Human (Resource) Role in the Journey to GDPR Compliance appeared first on .

Amazon and Best Buy Team Up To Sell Smart TVs

Amazon and Best Buy want to sell you your next smart TV. From a report: The companies, which are two of the biggest electronics retailers in the US, on Wednesday revealed a new multiyear partnership to sell the next generation of TVs running Amazon's Fire TV operating system to customers in the US and Canada. Best Buy will be the exclusive seller for more than 10 4K and HD Fire TV Edition models made by Toshiba and Best Buy's Insignia brand starting this summer. Pricing on the sets has not yet been announced. These smart TVs will be available only in Best Buy stores, on BestBuy.com and, for the first time, from Best Buy as a seller on Amazon.com.

Read more of this story at Slashdot.

Russia Hacks U.S. Nuclear Plants, Infrastructure ‘Hundreds Of Thousands Of Times A Day,’ Secretary Perry Warns | Stock News & Stock Market Analysis – IBD

investors.com - Russian hackers are attacking critical U.S. infrastructure, including the energy grid, nuclear power plants, and airports, according to U.S. government officials. Water processing plants are among th…


Tweeted by @Nov2018BlueWave https://twitter.com/Nov2018BlueWave/status/986603064936120320

Lawyers strengthen counter fraud team

greaterbirminghamchambers.com - Law firm Browne Jacobson has strengthened its counter fraud team with the appointment of intelligence manager Christopher Grocock (pictured). Chris joins from Derby-based Analytical Alternatives and …


Tweeted by @janethejock https://twitter.com/janethejock/status/986508807118446592

Cyber Security Specialist emt Distribution Takes on ThreatConnect Threat Intelligence Platform in Australia and New Zealand – Media Releases – CSO

cso.com.au - Adelaide, Australia – 18 April 2018: Cyber security software specialist, emt Distribution today announced it has been appointed as Australian and New Zealand distributor for Arlington, Virginia-based…


Tweeted by @darkisdarkn1 https://twitter.com/darkisdarkn1/status/986484584413048832

Amazon Shelves Plan To Sell Prescription Drugs

Major Blud writes: CNBC is reporting that Amazon Business, which considered selling pharmaceutical products last year, has put its plans to do so on hiatus. "The change in plan comes partly because Amazon has not been able to convince big hospitals to change their traditional purchasing process, which typically involves a number of middlemen and loyal relationships," reports CNBC. Amazon was able to gain licensing in 47 out of the 50 U.S. states, but has struggled to land contracts with large hospital networks. "The setback illustrates the challenges of getting into the medical supply and pharmaceutical space, even for a company as big as Amazon," reports CNBC. "Several health-care and pharmaceutical distribution companies saw their stock take a nosedive following recent reports of Amazon potentially getting into the space, but it will likely take some time before those concerns turn into real threats."

Read more of this story at Slashdot.

One Laptop Per Child’s $100 Laptop Was Going To Change the World — Then it All Went Wrong

Adi Robertson, reporting for The Verge: In late 2005, tech visionary and MIT Media Lab founder Nicholas Negroponte pulled the cloth cover off a small green computer with a bright yellow crank. The device was the first working prototype for Negroponte's new nonprofit One Laptop Per Child (OLPC), dubbed "the green machine" or simply "the $100 laptop." And it was like nothing that Negroponte's audience -- at either his panel at a UN-sponsored tech summit in Tunis, or around the globe -- had ever seen. After UN Secretary-General Kofi Annan offered a glowing introduction, Negroponte explained exactly why. The $100 laptop would have all the features of an ordinary computer but require so little electricity that a child could power it with a hand crank. [...] But OLPC's overwhelming focus on high-tech hardware worried some skeptics, including participants in the Tunis summit. One attendee said she'd rather have "clean water and real schools" than laptops, and another saw OLPC as an American marketing ploy. "Under the guise of non-profitability, hundreds of millions of these laptops will be flogged off to our governments," he complained. In the tech world, people were skeptical of the laptop's design, too. Intel chairman Craig Barrett scathingly dubbed OLPC's toy-like prototype "the $100 gadget," and Bill Gates hated the screen in particular. "Geez, get a decent computer where you can actually read the text," he told reporters. [...] After announcing "the $100 Laptop," OLPC had one job to do: make a laptop that cost $100. As the team developed the XO-1, they slowly realized that this wasn't going to happen. According to Bender, OLPC pushed the laptop's cost to a low of $130, but only by cutting so many corners that the laptop barely worked. Its price rose to around $180, and even then, the design had major tradeoffs. [...]

Read more of this story at Slashdot.

Cyber Europe 2018 — ENISA

enisa.europa.eu - Home Topics Cyber Exercises Cyber Europe Cyber Europe 2018 In 2018, European countries and the EU Agency for Network and Information Security (ENISA) will organise the 5th pan European cyber crisis e…


Tweeted by @enisa_eu https://twitter.com/enisa_eu/status/986276202427056128

BU Research Blog | Dr Sascha Dov Bachmann invited to give a keynote speech at the 14th International Conference on Cyber Warfare and Security (ICCWS) Stellenbosch RSA

blogs.bournemouth.ac.uk - Dr Sascha Dov Bachmann, Associate Professor in International Law (BU) and War Studies (Swedish Defence University – FHS), Research Fellow at CEMIS, Stellenbosch University and Director of BU’s Centre…


Tweeted by @SdBachman https://twitter.com/SdBachman/status/986262800916983816

5 cybersecurity questions retailers must ask to protect their businesses

The Target breach in 2013 may not be the biggest retail breach in history, but for many retailers, it was their watershed moment.

Point-of-sale (PoS) terminals were compromised for more than two weeks. 40 million card details and 70 million records of personal information swiped—part of which was “backlist,” historical transaction information dating back to more or less a decade ago. Card unions paid over $200 million in cost for card reissues. They then filed a class-action lawsuit against Target to regain this cost.

And the most mind-blowing fact of all? Target actually had (and still does have) cybersecurity measures in place and a security policy for employees to follow. How and why the breach even happened the way it happened remained the subject of discussion for a long time, and hard lessons were learned.

The good news for retailers is that it doesn’t (always) have to be this way.

Pose the right questions

Retailers of all shapes and sizes care about their businesses and clients. No merchant would want to be in the shoes of Target or TJX for a minute, post-breach. In fact, if they can keep something as big and messy and costly from happening to them, they would do anything.

It’s understandably challenging to add more to an already tall order of “things to do” in the retail industry; however, cybersecurity should no longer be seen as an afterthought, nor should it be treated like an option that one can get hyped up about today and then forget tomorrow. It has quickly become an integral part of any organization for the sake of business continuity, client retention, and brand integrity.

If you remain unconvinced whether you really need to incorporate cybersecurity in your business, perhaps this is a thought you can consider: If your organization uses any form of technology that connects to a data communication avenue and/or the Internet, chances are you need cybersecurity.

“Where do I start?” is probably not the right question to ask once you decide to kick off this journey, for you’ll most certainly receive an “I don’t know” or “I have no idea” just as instantly. Instead, be specific and practical. Come up with questions that you think you can answer. We have listed some below that you can use to guide you on your way.

What am I using in business that needs protecting?

Here, you can list down your valuable assets, beginning with the tangible (the retail store, CCTV cameras, mobile phones, point-of-sale machines, etc.) and then the intangible (your website, customer data, intellectual property, etc.). Once done, you can then find out ways to secure them individually according to your business’s needs. Most of the time, all you need to do is to configure your devices and peripherals to make the most use of security-related settings.

For example, installing smart CCTV cameras on-premise can both lessen the risk of physical theft and aid law enforcement in capturing criminals should something terrible happen in the shop. But who is watching your watcher? Better yet: Who else could be watching through your watcher? A lot of CCTV cameras can be accessed publicly via the Internet. You can secure these cameras and ensure that you and your staff are the only ones who can use them by setting them up to local-only mode and changing their admin names and passwords.

You may also decide to seek help from your service provider with more complicated devices and systems.


Read: Why you don’t need 27 different passwords


Should you wish to invest in software or tools, pick those that protect as many of your assets as possible. For example, many endpoint security solutions allow users to install it on multiple devices running on Windows.

What are the threats that can potentially affect my business?

Cybersecurity threats to retail businesses can come in the form of people or technology. We’re quite familiar with the former: from the petty thief to an organized crime group. There are also malicious insiders and basically anyone meaning to make money out of your business.

On the other hand, one thing merchants miss when identifying what could potentially introduce threats to their companies are the very technology (apps, modern payment systems, and others) they use or invest in to remain competitive. The dangers or risks introduced by these are usually accidental, and can be avoided entirely.

Customer data remains the primary target of fraud in the retail industry. For those who may not be in the know, one customer data may contain their credit or debit card details, spending patterns or habits, and loyalty behaviors, which can be retrieved from online shopping, digital marketing, and loyalty schemes they’re enrolled in.

Other threats retailers must keep in mind that they must defend themselves against malicious insiders, spear phishing, DDoS attacks, brute force attacks, reconnaissance and suspicious activity attacks, supply chain attacks, and more. If you’re a merchant that uses the omni-channel approach, be aware that there is now a new type of fraud in this environment. We’ll tackle this in depth in a future post.

How can I keep cybersecurity threats away from my business?

Merchants have gotten really good at handling traditional risks and threats to their businesses. But managing potential physical risks, which is fantastic, is one thing, and managing digital risks is another. For new and old merchants alike, thankfully they don’t have to start from scratch. There are already industry standards in place, such as the Payment Card Industry Security Council’s Data Security Standard (PCI DSS), that they can readily glean from. The Object Management Group (OMG), an international technology standards consortium, also has a cybersecurity standard that merchants may want to look into as well. And, oh, if you have clients in the UK and EU countries, let’s not forget GDPR.

As for other cybersecurity threats that need addressing, such as those that affect a merchant’s website, our Labs blog has a lot of great resources:

The National Federation of Retail Newsagents (NFRN), an organization composed of thousands of independent retailers in the UK and Northern Ireland, published a booklet that also serves as a checklist for merchants regarding assessing retail crime risk. This list includes physical security and cybersecurity.

Lastly, merchants must decide on a regular time to conduct a risk assessment—monthly, quarterly, biannually, or annually.

Should my employees get involved in mitigating cybersecurity risks?

Absolutely. When it comes to implementing good security practices in a retail business, merchants cannot do it alone. One way they can start employees off is by creating a culture of cybersecurity at the very beginning. Merchants can even incorporate awareness and basic cybersecurity concepts in their training process for new hires. Get them up to speed with the kinds of digital threats the business may come face-to-face with at some point in the future and provide them the steps on how to respond efficiently to red alert cases.


Read: How to create an intentional culture of cybersecurity


Note that training must be done on a regular basis and not just a one-off occurrence. It must also be relevant, practical, and engaging to employees. Use familiar case studies like the Target breach, or if your organization has experienced a form of cyberattack in the past, use that as a teaching moment, too.

What else can I do once I’ve secured the business’s assets?

Once you’ve done a great deal of securing, realize that the job doesn’t end there. There are still some things that need to be done:

  • Monitor your PCI environment on a regular basis. Doing so will notify you in real-time of potential intrusions in your payment system so you can nip the thread in the bud before the circumstance escalate.
  • Schedule a regular audit of security and compliance. This will ensure that your retail business remains in compliance with security and industry standards.
  • Join a community. Information sharing among fellow merchants is becoming a trend when it comes to cybersecurity. Firms learn from each other’s victories and mistakes. After all, cybercrime is not just a problem of one but of every organization in the industry. Cybersecurity, in this regard, is now a community effort.
  • Keep learning. Staying on top of the latest security news and industry challenges can help merchants familiarize themselves with tactics threat actors are using against retailers, assess their current situation, and make adjustments to their defenses and protocols accordingly.
  • Prioritize security and privacy when creating apps. Make sure that should you choose to develop software, such as apps, that you encourage your clients to install, make sure that you have security in mind in making these apps.
  • Create a security policy. This makes good computing practices not just feel like guidelines but actual procedures employees need to adhere to. Here are sample templates merchants can use as and tweak to their preference.

Stop chasing the wrong answers

Breaches are inevitable. This is a known fact and an often-repeated line by people in the cybersecurity industry. Companies have been advised to prepare.

That said, perhaps a merchant’s next and final question would be this: If a breach is inevitable, then what’s the point of doing all this?

It’s true that no one wants to invest a lot of time and money in security tools, services, and people to fight off breaches only to be told it’s not possible. The message they’re hearing is “the bad guys always win, and there’s nothing you can do about it.” However, this isn’t in-line with reality at all.

While there’s no such thing as perfect security, the protocols a multitude of companies have in place already helped them stop many breach attempts.

Unfortunately, sometimes threat actors do succeed in infiltrating a retailer’s network. In this case, the logical action is to contain it to prevent it from escalating and causing more damage. But containment and preventative steps cannot be done if proper security measures, guidelines, and a good security architecture aren’t in place, to begin with. Also, identifying what made it successful so the organization can make changes is part of the overall cybersecurity strategy. So putting them there isn’t really for naught.

The post 5 cybersecurity questions retailers must ask to protect their businesses appeared first on Malwarebytes Labs.

Cybersecurity Tech Accord: More Than 30 Tech Firms Pledge Not to Assist Governments in Cyberattacks

Over 30 major technology companies, led by Microsoft and Facebook, on Tuesday announced what they are calling the Cybersecurity Tech Accord, a set of principles that include a declaration that they will not help any government -- including that of the United States -- mount cyberattacks against "innocent civilians and enterprises from anywhere." The companies that are participating in the initiative are: ABB, Arm, Avast, Bitdefender, BT, CA Technologies, Cisco, Cloudflare, DataStax, Dell, DocuSign, Facebook, Fastly, FireEye, F-Secure, GitHub, Guardtime, HP Inc., HPE, Intuit, Juniper Networks, LinkedIn, Microsoft, Nielsen, Nokia, Oracle, RSA, SAP, Stripe, Symantec, Telefonica, Tenable, Trend Micro, and VMware. The announcement comes at the backdrop of a growing momentum in political and industry circles to create a sort of Digital Geneva Convention that commits the entire tech industry and governments to supporting a free and secure internet. The effort comes after attacks such as WannaCry and NotPetya hobbled businesses around the world last year, and just a day after the U.S. and U.K. issued an unprecedented joint alert citing the threat of cyberattacks from Russian state-sponsored actors. The Pentagon has said Russian "trolling" activity increased 2,000 percent after missile strikes in Syria. Interestingly, Amazon, Apple, Google, and Twitter are not participating in the program, though the Tech Accord says it "remains open to consideration of new private sector signatories, large or small and regardless of sector."

Read more of this story at Slashdot.

The Cybersecurity Tech Accord: Time to Come Together to Combat Digital Threats

At Trend Micro we’re committed to making the world a safer place in which to exchange digital information. In fact, we’ve been protecting our customers from the ever-evolving threat landscape for nearly 30 years. But we know we can and must do more as an industry to combat the challenges we face today. That’s why we’re a founding member of a monumental new pact with some of the world’s biggest security and technology companies.

The Cybersecurity Tech Accord demonstrates a commitment by key industry players like us to become more than the sum of our parts. By working together we can make an even bigger impact in helping protect global consumers and organizations from cybercrime and nation-state hacking. 

The $8 trillion problem

Turn on the TV, open a newspaper or browse the web and you’ll read the same thing: cyberattacks are everywhere today. Trend Micro alone blocked over 66.4 billion online threats last year, more than 631 million of which were ransomware-related. Then there’s crypto-jacking, info-stealing malware, phishing, zero-day exploits — the list of threats facing internet users today is immense, and it will only continue to grow and evolve.

What does this mean for organizations? The risk of huge financial and reputational damage: legal costs, regulatory fines, customer attrition, and much more. We predict that cumulative losses from Business Email Compromise (BEC) attacks alone will hit $9 billion this year. In fact, the cybercrime industry is predicted to cost the global economy as much as $8 trillion by 2022. 

Four steps to a more secure world

That’s why key industry players have come together to form the Cybersecurity Tech Accord: the largest-ever joint commitment by private sector technology and security companies to protect customers and improve cybersecurity. It’s built around four key tenets: 

Stronger defense: We will help protect users and organizations around the world, wherever they are. 

No offensive support: We will not help governments to launch cyberattacks or undermine the security of our products by tampering with them. Incidents such as the WannaCry ransomware attacks of 2017, which leveraged alleged nation-state-developed exploits, have shown how easily government-level offensive capabilities can lead to mass attacks on innocent businesses and consumers. 

Capacity building: We’ll all do more to help developers and those who use their technology improve their ability to protect themselves — via new features and best practices. 

Collective action: All members of the accord will work together via formal and informal partnerships with other industry players, civil society, researchers and more to share intelligence, manage vulnerability disclosures and combat malware. 

Trend Micro’s pledge

As a founding member of the accord, Trend Micro is keenly aware of the positive power of industry-wide collaboration. The 28 companies currently on board include companies like Cisco, Facebook, HP, Intel, Microsoft, Nokia, Oracle, Siemens, and Trend Micro, and together represent a market capitalization of more than $1.8 trillion. Each will be able to contribute different expertise to benefit the whole.

Part of the value Trend Micro will bring is in leveraging our world-leading vulnerability detection and threat intelligence capabilities in known, new and forward-looking threats. We’ll play an active role in coordinating vulnerability disclosures across the group, collaborating via shared intelligence and enabling other members to identity vulnerabilities in their own systems earlier on.

No one of us alone can solve the problems that cybercrime and nation-state hacking have brought to the world. But together we have a chance — through partnerships, collective action and determination. It’s time to make technology work for us, not the bad guys.

The post The Cybersecurity Tech Accord: Time to Come Together to Combat Digital Threats appeared first on .

Akamai Security Expertise On Full Display at RSA Conference 2018 to Show How to Harness the Power of the Cloud Without Losing Control | Akamai

akamai.com - Akamai Technologies, Inc. (NASDAQ: AKAM), the world’s largest and most trusted cloud delivery platform, will be showcasing its full range of award-winning cloud security solutions and services at the…


Tweeted by @TomLeightonAKAM https://twitter.com/TomLeightonAKAM/status/986200710193864704

Arm your users with knowledge to spot phishing attacks – for free!

Attendees to the Black Hat 2017 security conference said their #1 security concern and most time-consuming activity was phishing and social engineering attacks. That’s no surprise with the increase in Business Email Compromise (BEC) attacks and with most ransomware being delivered by email. But Black Hat Attendees also said the weakest link in their security strategy was end users who are susceptible to phishing and social engineering.

[source: https://www.blackhat.com/docs/us-17/2017-Black-Hat-Attendee-Survey.pdf]

That’s why we’ve introduced a new free service, Phish Insight. With it, businesses of all sizes will finally be able to generate exactly the information they need to craft more effective security awareness and training programs. Best of all, it is completely free!

The top threat vector

Email is still the biggest threat vector impacting organizations today. Trend Micro’s Smart Protection Network blocked more than 66.4 billion threats in 2017 and over 85 percent of these were emails containing malicious content. Phishing is among the most common tactics used by cybercriminals. Employing social engineering tactics, they typically aim to trick the user into clicking on a malicious link or opening a malware-laden attachment. This in turn could lead to a ransomware download or even be the first stage in a more covert info-stealing operation designed to lift customer data or highly sensitive intellectual property.

In 2017, 94 percent of all ransomware blocked by Trend Micro was distributed via email. What’s more, the latest stats from Verizon claim that phishing represented 93 percent of all data breaches recorded in 2017. BEC is another rising threat to the organization which relies on tricking the end user, this time into making corporate wire transfers to the hacker, who is impersonating the CEO or other senior executives. Trend Micro predicts such scams will lead to cumulative losses in excess of $9 billion this year.

On the frontline

As social engineering and phishing tactics play an ever greater role in cyber-attacks, the stakes will only increase. The share price of one aerospace company is said to have fallen 38 percent after it was hit by a BEC attack which resulted in losses of over €50m ($62m). So what’s the answer? Clearly we need to get better at strengthening our weakest link in the cybersecurity chain: our employees.

Unfortunately, unlike technology, staff can’t be patched. But with the right kind of education programs they can be taught how to spot email scams. According to Verizon, 4 percent of targets in any given phishing campaign will click on it. That may not sound like much. But it only takes one misplaced click to potentially land your organization in trouble.

Introducing Phish Insight

We know that awareness and education programs are an important complement to cybersecurity tools and technologies. But how do you go about crafting an effective program? This is where insight into user behavior becomes crucial.

Phish Insight allows you to quickly and easily generate that insight — completely free of charge. Organizations of all sizes can get started: all they need is one administrator and a few minutes to create a phishing campaign. They can select recipients choose a template according to behavior or topic for phishing, and even customize the phishing exercise by subject, graphics, language and so on. Admins can also set the duration of the awareness “campaign.”

Once the campaign is underway, insight will be fed back via detailed stats in the Monitoring Center. IT Teams can see who has been caught at an employee level and can also identify if certain departments or regions are more at risk than others. It’s this information that they can then use to improve training programs. How they do this is up to the customer, but next steps could include issuing an automatic email alert if they are successfully phished, and/or routing them to online training on phishing awareness. The premium version is free upon request and also includes an Outlook plugin which adds a button for users to alert their security team of suspicious emails.

“We count on Trend Micro as a security partner, with that comes the expectation that they will deliver the latest methods to detect, assess and react to threats,” said Niall O’Beaglaoi Business Development Manager with Smarttech, “Their newest tool, Phish Insight, has provided invaluable information on how users perceive and interact with phishing emails.”

For 30 years Trend Micro has been working to make the world safer to exchange digital information. We’re making this service available free of charge because there’s a real opportunity here to radically improve baseline security for countless organizations. Humans are creatures of habit, and If you can persuade them to adopt good practices then you’ll be taking a massive step on the road to a more proactive cybersecurity posture. That all begins with better insight: with Phish Insight.

The post Arm your users with knowledge to spot phishing attacks – for free! appeared first on .

Head of Business Development & Strategy – Raytheon UK Cyber & Intelligence (C&I) job with Raytheon UK | 5109022

cybersecurityjobsite.com - Head of Business Development & Strategy – Raytheon UK Cyber & Intelligence (C&I) Location United Kingdom, Gloucester Send Save Apply Job Title: Head of Business Development & Strategy - Raytheon UK C…


Tweeted by @CyberJobsite https://twitter.com/CyberJobsite/status/986158715731632128

Vehere :: News

vehere.com - Enam Holdings has picked up a 15 per cent stake in city-based communications intelligence and cyber defence startup 'Vehere' Read more Vehere Participates in ISS World Middle East 2018 Read more…


Tweeted by @InVehere https://twitter.com/InVehere/status/986147230527688704

Netflix Shares Surge After Hours amid Record Growth in Subscriptions

Netlix Inc. (NFLX) has proved it can raise prices and still attract a record number of new users. The Los Gatos, California-based streaming service added 7.41 million customers in the first quarter, smashing analysts’ forecasts by about 1.7 million. Netflix Earnings In addition to adding a record number of subscribers, Netflix posted per-share earnings of […]

The post Netflix Shares Surge After Hours amid Record Growth in Subscriptions appeared first on Hacked: Hacking Finance.

New Child Protection Nonprofit Strikes Back At Sex-Negative Approach of FOSTA-SESTA

qirtaiba writes: When the FOSTA-SESTA online sex trafficking bill passed last month, it sailed through Congress because there were no child protection organizations that stood against it, and because no member of Congress (with the brave exceptions of Ron Wyden and Rand Paul) wanted to face re-election having opposed a bill against sex trafficking, despite its manifest flaws. In the wake of the law's passage, its real targets -- not child sex traffickers, but adult sex workers and the internet platforms used by them -- have borne the brunt of its effects. Websites like the Erotic Review and Craigslist's personals section have either shut down entirely or for U.S. users, while Backpage.com has been seized, leaving many adult sex workers in physical and financial peril. A new child protection organization, Prostasia Foundation, has just been announced, with the aim of taking a more sex-positive approach that would allow it to push back against laws that really target porn or sex work under the guise of being child protection laws. Instead, the organization promotes a research-based approach to the prevention of child sexual abuse before it happens. From the organization's press release: "Prostasia Director Jaylen MacLaren is a former child prostitute who used a website like this to screen her clients. She now recognizes those clients as abusers, but she does not blame the website for her suffering. 'I am committed to preventing child sexual abuse, but I don't believe that this should come at the cost of civil liberties and sexual freedom,' Jaylen said. 'I have found ways to express my sexuality in consensual and cathartic ways.'" Nerea Vega Lucio, a member of the group's Advisory Council, said, 'Child protection laws need to be informed by accurate and impartial research, and ensuring that policy makers have access to such research will be a top priority for Prostasia.'"

Read more of this story at Slashdot.

Artificial Intelligence in the Cyber Domain

brighttalk.com - "It’s no longer a case of ‘if you will be breached’, but instead how you’ll respond to and remediate the situation ‘once you are breached." – Kevin Mandia, CEO, FireEye The FireEye 2017 M-Trends repo…


Tweeted by @awalinsopan https://twitter.com/awalinsopan/status/985999902592327680

California Bill Would Restore, Strengthen Net Neutrality Protections

An anonymous reader quotes a report from The Mercury News: With the FCC order to repeal net neutrality rules set to take effect next week, a bill that would restore those regulations in California will get its first hearing Tuesday (Warning: source may be paywalled; alternative source). SB 822, written by State Sen. Scott D. Wiener, D-San Francisco, is backed by big names including Tom Wheeler, the Obama-appointed former Federal Communications Commission chairman who wrote the 2015 Open Internet Order. Wheeler is joined by former FCC commissioners Michael Copps and Gloria Tristani in advocating for SB 822, which would in some ways be stronger than the net neutrality rules put in place under President Obama's administration after more than a decade of legal and political wrangling. Those rules required equal treatment of all internet traffic, and prohibited the establishment of internet slow and fast lanes. Wiener's bill would also prohibit "zero rating," in which internet providers exempt certain content, sites and services from data caps. In addition, it would prohibit public agencies in the state from signing contracts with ISPs that violate net neutrality principles, and call for internet service providers to be transparent about their practices and offerings.

Read more of this story at Slashdot.

Demand For Batteries Is Shrinking, Yet Prices Keep On Going and Going<nobr> <wbr></nobr>… Up

schwit1 shares a report: Batteries on average cost 8.2% more than a year ago, while prices in the overall household-care segment rose only 1.8%, according to Nielsen. At a time when prices are stagnating on everything from toilet paper to diapers, such pricing power for a product that is increasingly obsolete has confounded shoppers [Editor's note: the link may be paywalled]. "As far as the prices go, you don't have a choice," said Samuel Hurly, a contractor from Mount Vernon, N.Y., as he scanned a Home Depot display of AAA batteries to power flashlights he uses on the job. Batteries ordered online take too long to arrive, Mr. Hurly said, and he finds cheaper, private-label options lose power too quickly. Battery prices were more likely to fluctuate a few years ago, when Duracell was owned by consumer-products giant Procter & Gamble Co. and Energizer was part of Edgewell Personal Care Co. Those companies were more focused on their bigger, more profitable razor businesses -- Edgewell with Schick and P&G with Gillette. They would invest less in batteries, or slash prices to drive up volume, to compensate for weak sales in other units, said SunTrust analyst Bill Chappell. Energizer Holdings Inc. spun off from Edgewell in 2015, and Duracell broke apart from P&G a year later when it was acquired by Warren Buffett's Berkshire Hathaway Inc. schwit1 asks, "Both businesses have become more profit-focused since separating from their previous owners. Is the Energizer/Duracell duopoly ripe for disruption?"

Read more of this story at Slashdot.

Reflections on CyberUK

nccgroup.trust - NCC Group is proud to have been a lead sponsor for the National Cyber Security Centre’s (NCSC) CyberUK conference for the third year running. Giving our talented people the opportunity to share their…


Tweeted by @KatharinaOL https://twitter.com/KatharinaOL/status/985892682479390722

Leveraging the Power of AI to Stop Email Scammers

Staff members are on the frontline when it comes to cyberattacks against their employers. They’re increasingly seen by hackers as a weak link in the cybersecurity chain. That’s why most threats today come via email, aimed squarely at tricking the recipient into downloading malware, divulging log-ins or making wire transfers to the attacker. We predict cumulative losses from Business Email Compromise (BEC) attacks alone will hit $9 billion this year.

As attacks get smarter, so must we. That’s why Trend Micro is introducing two innovative new offerings to help in the fight against email scammers. One is a new AI-powered feature designed to improve BEC detection while the other will help IT teams train their employees to spot phishing attacks. It’s one more step towards taking the fight to the bad guys.

The email threat

There’s no doubt that email is the primary threat vector for attackers targeting organizations today. The Trend Micro™ Smart Protection Network™ blocked more than 66 billion threats in 2017, over 85 percent of which were emails containing malicious content.

BEC is an increasingly favored tactic as the rewards can be huge. It’s hard for many organizations to spot because attacks typically don’t contain any malware; they rely mainly on social engineering of the carefully selected recipient. That recipient, usually in the finance department, is sent an email impersonating the CEO, CFO, or other executive requesting that they urgently make a wire transfer or reply with sensitive data. With average losses topping $130,000 per incident, it’s no surprise that we saw an increase in attempted BEC attacks on our customers of 106 percent between 1H and 2H 2017.

This is not to underplay the impact phishing continues to have on organizations around the globe. By targeting employees, attackers can spread malware and covertly infiltrate networks to steal sensitive data and IP. Results from the Black Hat Attendee Survey last year illustrate the impact this trend is having on organizations.

  • IT Leaders cited phishing as their #1 security concern
  • Phishing was identified as the most time-consuming threat
  • The weakest link in IT security was cited as end users being tricked by phishing attacks
  • 19 percent rated phishing as the most serious cyber threat to emerge within the past year, second only to ransomware

Taking action

The potential financial and reputational damage of such attacks is obvious. In the face of these rising threat levels we must hit back — and we have, with two new free tools.

Writing Style DNA includes new AI-powered technology that learns how executives write so that it can spot impersonation attempts, and sends a warning to the implied sender, recipient and the IT department. It sounds straightforward but requires serious computing power and smart AI algorithms to achieve. For each user, a personal model is created using 7,000 features of writing characteristics to train the system — things like punctuation and sentence length. We convert emails to meta data before analyzing, to protect customer’s privacy and meet compliance requirements.

Focusing on the writing style in the body of the email complements existing techniques that analyze behavior and intention. Some of these current techniques can fail if, for example, the attacker uses compromised accounts at legitimate domains to hide the true origin of the email. It’s one more tool to help IT teams push back the rising tide of email threats, and it will be made available at no extra cost as part of Cloud App Security (CAS) for Office 365 and ScanMail for Microsoft Exchange (SMEX),

First line of defense

Technology is a vital layer of defense to keep email threats at bay. But what about your employees, who are often thought of as the ‘weakest link?’

We can help here, too. A new free SaaS-based phishing simulation service can help IT teams train employees to spot attempted attacks before they have a chance to impact the organization. Phish Insight is all about enhancing awareness of your staff. All it takes is one administrator, four steps and five minutes to run a real-world exercise designed to mimic what employees might see at their desks.

With the detailed reporting results, displayed in a handy graphical interface, IT teams can then tailor their education programs to make lasting behavioral changes.

Phish Insight is now available free of charge to all organizations of all sizes around the world. The service has been available for a year in Asia and has generated huge interest as organizations leverage it to turn their weakest link into a formidable first line of defense. As email threats continue to rise, we’d encourage you to take a look.

To stop phishing and social engineering attacks it is critical to make both your people and your technology smarter. Phish Insight trains your people to better spot phishing attacks and Writing Style DNA confirms the authorship of an email to prevent CEO fraud and other types of BEC attacks.

The post Leveraging the Power of AI to Stop Email Scammers appeared first on .

News in brief – 16 April 2018

ukfinance.org.uk - The average asking price for a house in the UK is now £305,732 – 0.3 per cent higher than July 2017 – according to data from Rightmove (The Times, p36, £). This is reportedly due to growth in the UK…


Tweeted by @UKFtweets https://twitter.com/UKFtweets/status/985816776972922881

service manager – Top Spot Jobs

topspotjobs.com - Symantec Corporation (NASDAQ: SYMC) is the global leader in cyber security. Operating one of the world’s largest cyber intelligence networks, we see more threats, and protect more customers from the …


Tweeted by @TopOracleJobs https://twitter.com/TopOracleJobs/status/985802091431059457

Global Threat Intelligence Market – Check Point Software Technologies Ltd., Juniper Networks Inc., IBM Corporation – Pharmaceuticals

newspharmaceuticals.com - According to the MarketResearch.Biz, the Threat Intelligence market held a value of over US$ XX.XX Mn in 2017, which is expected to reach a valuation in excess of US$ XX.XX Mn by the end of 2026, gro…


Tweeted by @KeoXes https://twitter.com/KeoXes/status/985790355034595328

Threat Intelligence Solution Market 2022: Top Companies, Regional Growth Overview and Growth Factors Details by Regions, Types & Applications – Business News

businessservices24.com - Global Threat Intelligence Solution Market 2017 is a comprehensive, professional report delivering market research data that is relevant for new market entrants or established players. Key strategies…


Tweeted by @SecurityToday https://twitter.com/SecurityToday/status/985730645568585728

Netflix CEO: Why Even $8 Billion Investment in Content Isn’t Enough

Netflix expects to spend about $8 billion on content this year. For Hollywood studios, that's a reasonable figure. But for Netflix CEO Reed Hastings, it's not enough. From a report: The company is competing against a range of traditional entertainment companies around the globe, and of course, against the need to work, sleep and do other things. Speaking at TED in Vancouver, Hastings noted that $8 billion is about what Disney spends. "That's spread globally," he said. "It's not as much as it sounds." Hastings noted that House of Cards wasn't really the company's first effort at original content. It had tried back in the days when it was still mailing out DVDs. "It didn't work out because we were sub-scale," he said.

Read more of this story at Slashdot.

RSA Influencers Identify Cybersecurity’s Top Issues

More interest, more news, and more money are swirling through the cybersecurity industry than perhaps ever before. Data breaches make headlines, shape elections, and lead to Congressional hearings. Artificial intelligence tools wow the public and stretch the limits of the imagination.

And the 40,000 RSA Conference attendees pouring into San Francisco are not impressed. Cybersecurity is a profession, they say, not a circus.

We reached out to RSA speakers and attendees and asked what they think is the most relevant recent development in cybersecurity. They gave us a variety of answers, many with the central theme that companies and consumers should not believe the hype. Cybersecurity still is – and perhaps always will be – about seasoned professionals patiently applying good tools in a comprehensive way.

“The problem we’re seeing at trade shows recently is there is very little new,” said John Bambenek, a vice president at ThreatSTOP who lectures on cybersecurity at the University of Illinois. “We’re still trying to solve the same old problems in the same ways with newish looking packaging. What’s being overlooked is actually spending the time developing understanding of attacks, threats, and trends so models can be truly informed before making decisions.”

 

Caroline Wong, Vice President of Security Strategy at Cobalt, agreed. You can’t just turn the latest tools on and watch them vanquish threats. “There’s a big push in DevSecOps for more and more automation, but it’s critical to remember that when it comes to web applications and APIs, manual pen testing is required to discover vulnerabilities in application business logic. Automated scans often miss the most interesting security vulnerabilities.”

 

 

“Automated scans often miss the most interesting security vulnerabilities.”

– Caroline Wong, Cobalt

“Assuming that machine learning models and classifiers will work 100% of the time is setting your SOC up to fail,” wrote McAfee CISO Grant Bourzikas in an RSA blog post titled, “What humans do better than machines.” Bourzikas and McAfee Chief Human Resources Officer Chatelle Lynch will host a session at RSA on how innovation can help companies retain top talent. “Recruiting and retaining a diverse talent pool in cybersecurity today is so competitive,” Lynch said of her session. “Employees want to know they are at a company that strives for the latest innovation.” But that is always within the realm of human-machine teaming at McAfee, Bourzikas says. Shiny new tech must be paired with human analysis.

Many cited human decisions about data regulation – the opposite of whiz-bang security tech – as one of the main issues in cybersecurity today.

“The most important development in cybersecurity is Facebook’s reaction to the imminent enforcement of GDPR,” says Kevin L. Jackson, Founder and CEO of GovCloud Network. “The sound of Facebook’s leadership failure is deafening. The legal battles around data privacy and security will drive whatever happens across the entire cybersecurity landscape, including what technology is deployed.”

 

 

“The sound of Facebook’s leadership failure is deafening.”

– Kevin L. Jackson, GovCloud Network

Kathy Delaney Winger, a Tucson-based lawyer whose areas of practice include cybersecurity, concurred. “Businesses may be surprised to learn that they are obligated to comply with laws such as New York’s cybersecurity regulation and the GDPR – even though they do not fall under the jurisdiction of the enacting entities.”

 

“Far too many small and mid-size businesses simply underestimate the impact that the EU General Data Protection Regulation will have on them,” said Ben Rothke, principal security consultant for Nettitude.

 

GDPR preparation doesn’t have to be drudgery. Flora Garcia, a McAfee attorney writing about the regulations, has suggested GDPR can also stand for Great Data Protection Rocks. Data protection could even be a shared global citizenship effort along the lines of environmentalism, she says.

 

The data-protection revolution may even have us rethinking the nature of identity. “The identity industry is moving away from identity,” said Steve Wilson, vice president and principal analyst of Constellation Research, Inc. “What matters in authentication? Not who someone is, but what they are. You need to know something specific about a counter-party, like their age, or their address, or their credit card number, or their nationality, or some mix of these things. You don’t really need to know their identity. This is a very fundamental shift in thinking, and it’s just the beginning of a major regulatory push around data provenance.”

 

“The identity industry is moving away from identity.”

– Steve Wilson, Constellation Research, Inc.

Grounded data-protection hygiene and cybersecurity discipline that looks past the cool factor are not preventing RSA attendees from looking at the very latest threats. “These days, attackers are increasingly focused on cryptocurrencies – stealing them, mining them via cryptojacking or obtaining them as ransom,” said Nick Bilogorskiy, who drives cybersecurity strategy at Juniper Networks and was previously Chief Malware Expert at Facebook. “As companies do not usually have crypto wallets to steal, attackers turn to ransomware because it provides the best bang for the buck and is the logical choice for attackers to monetize business breaches. I expect ransomware and other cryptocurrency malware attacks to grow in popularity this year.”

But even the most quickly evolving threats are enterprises launched by people, aimed at people, and shut down by people. Raj Samani, McAfee’s Chief Scientist, says ransomware and its many forms can be beaten by people – if they get the right help. “The purpose of pseudo-ransomware is typically destruction, but we have seen evidence of its use as a diversionary tactic, and whilst it may appear as traditional ransomware the attackers are unlikely to provide any decryption capability regardless whether the ransom is paid. Either way, with actual ransomware or the decoy tactic, organizations need guidance to mitigate the risk.” Samani is speaking about pseudo-ransomware during his session on the topic at RSA.

Everything in cybersecurity may seem new, baffling, and roiling with change. But people can apply lessons of the past – such as with airport security changes after 9/11 – to find solutions in the future, said McAfee CEO Chris Young. “Smart security changed air travel from top to bottom. We need to bring a cybersecurity paradigm shift that is more collaborative, clear and accessible,” Young said of his RSA keynote on what cybersecurity can learn from those who keep air travel safe.

The post RSA Influencers Identify Cybersecurity’s Top Issues appeared first on McAfee Blogs.

How intelligence analysis is impacting corporate security now – and why it will be even more important in the future – AS Solution

assolution.com - An outlier in corporate security just a few years ago, intelligence analysis is now becoming a critical piece of the overall security efforts for more and more corporations. And from all indications,…


Tweeted by @as_solution https://twitter.com/as_solution/status/985598133274112001

Survey Finds ‘Agile’ Competency Is Rare In Organizations

An anonymous reader writes: The 12th annual "State of Agile" report has just been released by CollabNet VersionOne, which calls it "the largest and longest-running Agile survey in the world." After surveying more than 1,400 software professionals in various roles and industries over the last four months of 2017, "Only 12% percent responded that their organizations have a high level of competency with agile practices across the organization, and only 4% report that agile practices are enabling greater adaptability to market conditions... The three most significant challenges to agile adoption and scaling are reported as organizational culture at odds with agile values (53%), general organizational resistance to change (46%), and Inadequate management support and sponsorship (42%)... "The encouraging news is that 59% recognize that they are still maturing, indicating that they do not intend to plateau where they are." And agile adoption does appear to be growing. "25% of the respondents say that all or almost all of their teams are agile, whereas only 8% reported that in 2016." The researchers also note "the recognized necessity of accelerating the speed of delivery of high-quality software, and the emphasis on customer satisfaction," with 71% of the survey respondents reporting that a DevOps initiative is underway or planned for the next 12 months.

Read more of this story at Slashdot.

Can We Build Indoor ‘Vertical Farms’ Near The World’s Major Cities?

Vox reports on the hot new "vertical farming" startup Plenty: The company's goal is to build an indoor farm outside of every city in the world of more than 1 million residents -- around 500 in all. It claims it can build a farm in 30 days and pay investors back in three to five years (versus 20 to 40 for traditional farms). With scale, it says, it can get costs down to competitive with traditional produce (for a presumably more desirable product that could command a price premium)... It has enormous expansion plans and a bank account full of fresh investor funding, but most excitingly, it is building a 100,000 square foot vertical-farming warehouse in Kent, Washington, just outside of Seattle... It recently got a huge round of funding ($200 million in July, the largest ag-tech investment in history), including some through Jeff Bezos's investment firm, so it has the capital to scale...; heck, it even lured away the director of battery technology at Tesla, Kurt Kelty, to be executive of operations and development... The plants receive no sunlight, just light from hanging LED lamps. There are thousands of infrared cameras and sensors covering everything, taking fine measurements of temperature, moisture, and plant growth; the data is used by agronomists and artificial intelligence nerds to fine-tune the system... There are virtually no pests in a controlled indoor environment, so Plenty doesn't have to use any pesticides or herbicides; it gets by with a few ladybugs... Relative to conventional agriculture, Plenty says that it can get as much as 350 times the produce out of a given acre of land, using 1 percent as much water. Though it may use less water and power, to be competitive with traditional farms companies like Plenty will also have to be "even better at reducing the need for human planters and harvesters," the article warns. "In other words, to compete, it's going to have to create as few jobs as possible."

Read more of this story at Slashdot.

Apple’s Stumbling HomePod Isn’t the Hot Seller It Wanted

The recently-released Apple HomePod smart speaker is not selling very well. According to Bloomberg, "By late March, Apple had lowered sales forecasts and cut some orders with Inventec, one of the manufacturers that builds the HomePod for Apple." From the report: At first, it looked like the HomePod might be a hit. Pre-orders were strong, and in the last week of January the device grabbed about a third of the U.S. smart speaker market in unit sales, according to data provided to Bloomberg by Slice Intelligence. But by the time HomePods arrived in stores, sales were tanking, says Slice principal analyst Ken Cassar. "Even when people had the ability to hear these things," he says, "it still didn't give Apple another spike." During the HomePod's first 10 weeks of sales, it eked out 10 percent of the smart speaker market, compared with 73 percent for Amazon's Echo devices and 14 percent for the Google Home, according to Slice Intelligence. Three weeks after the launch, weekly HomePod sales slipped to about 4 percent of the smart speaker category on average, the market research firm says. Inventory is piling up, according to Apple store workers, who say some locations are selling fewer than 10 HomePods a day. KGI Securities analyst Ming-Chi Kuo says Apple is "mulling" a "low-cost version" of the HomePod that may help short-term shipments. However, even if the product materializes, he predicts it will only provide a short-term boost to sales.

Read more of this story at Slashdot.

Firms Relabelling Low-Skilled Jobs As Apprenticeships, Says Report

Fast food giants, coffee shops and retailers are relabelling low-skilled jobs as apprenticeships and gaining subsidies for training, a report says. BBC: The study by centre-right think tank Reform says many firms have rebranded existing roles after being obliged to contribute cash to on-the-job training. It adds that 40% of government-approved apprenticeship standards do not meet a traditional definition of them. The government says "quality" is at the heart of its apprenticeship reforms. As part of the changes, it introduced an apprenticeship levy on organisations paying more than $4.3m in salaries a year. They have to pay 0.5% of their wages total into a "digital account" held by HMRC. They then "spend" these contributions on apprenticeship training delivered by registered providers. They can also get back up to 90% of the cost of training. But they are also entitled to pay apprentices lower than the standard minimum wage.

Read more of this story at Slashdot.

Cybersecurity ROI: Still a tough sell

csoonline.com - How do you convince a company board of directors that there is a return on investment (ROI) for something that doesn't happen? That is not a new question. It is the ongoing, persistent question that …


Tweeted by @data_secu https://twitter.com/data_secu/status/985033509948612609

MITRE at RSA Conference 2018

mitre.org - Moscone Center, San Francisco, California With more than 45,000 attendees from across the cyber community, RSA 2018 is the “go to” event for cyber professionals worldwide. MITRE will be well represen…


Tweeted by @MITREcorp https://twitter.com/MITREcorp/status/985007740593541120

Comcast Is Bundling Netflix Into Cable Packages

The latest option in Comcast's Xfinity cable bundle is Netflix. The two companies announced an expansion of their partnership today, which was first established in 2016 when Comcast added Netflix to its X1 interface. TechCrunch reports: The companies said they will expand that existing relationship by bundling Netflix into the overall subscription in new and existing Xfinity packages. Netflix's subscriber growth -- the primary driver of its value as a public company -- continues to surge, and it appears that this could be another piece in its tool kit to keep that engine humming. Those cable packages already include an increasing breakout of diverse services that allow for streaming outside of the over-the-top experience, like HBO Go and ESPN, and this offers another streaming service on-the-go for users. By tethering to additional over-the-top services, Netflix has a chance to woo subscribers that might otherwise just stick with their existing service providers and bake itself directly into that experience. The bundle, which will be available to new and existing Xfinity customers, will be included in its cable TV, phone and internet plans.

Read more of this story at Slashdot.

In a Leaked Memo, Apple Warns Employees to Stop Leaking Information

Apple warned employees to stop leaking internal information on future plans and raised the specter of potential legal action and criminal charges, one of the most-aggressive moves by the world's largest technology company to control information about its activities. From a report: The Cupertino, California-based company said in a lengthy memo posted to its internal blog that it "caught 29 leakers," last year and noted that 12 of those were arrested. "These people not only lose their jobs, they can face extreme difficulty finding employment elsewhere," Apple added. The company declined to comment on Friday. Apple outlined situations in which information was leaked to the media, including a meeting earlier this year where Apple's software engineering head Craig Federighi told employees that some planned iPhone software features would be delayed. Apple also cited a yet-to-be-released software package that revealed details about the unreleased iPhone X and new Apple Watch. Leaked information about a new product can negatively impact sales of current models, give rivals more time to begin on a competitive response, and lead to fewer sales when the new product launches, according to the memo.

Read more of this story at Slashdot.

Apple Sued an Independent iPhone Repair Shop Owner and Lost

Jason Koebler, reporting for Motherboard: Last year, Apple's lawyers sent Henrik Huseby, the owner of a small electronics repair shop in Norway, a letter demanding that he immediately stop using aftermarket iPhone screens at his repair business and that he pay the company a settlement. Norway's customs officials had seized a shipment of 63 iPhone 6 and 6S replacement screens on their way to Henrik's shop from Asia and alerted Apple; the company said they were counterfeit. Apple threatened to take action, unless Huseby provided the companies with copies of invoices, product lists, and a plethora of other things. The letter, sent by Frank Jorgensen, an attorney at the Njord law firm on behalf of Apple, included a settlement agreement that also notified him the screens would be destroyed. [...] Huseby decided to fight the case. Apple sued him. Local news outlets reported that Apple had five lawyers in the courtroom working on the case, but Huseby won. Apple has appealed the decision to a higher court; the court has not yet decided whether to accept the appeal.

Read more of this story at Slashdot.

2018 Fortress Cyber Security Award Winners

fortressawards.com - Philadelphia, PA—April 12, 2018—The Business Intelligence Group today announced the winners of the 2018 Fortress Cyber Security Awards. The inaugural program sought to identify and reward the world’s…


Tweeted by @cgougler https://twitter.com/cgougler/status/984811778835070976

Les Autorités de supervision européennes s’inquiètent des cyber-risques – Actualités Régulation | Renseignements Stratégiques, Investigations & Intelligence Economique

scoop.it - Les Autorités de supervisions européennes (ESA) mettent en garde face au risque d’une recrudescence de l’aversion au risque, à la perspective du Brexit et aux cyber-risques dans leur dernier rapport …


Tweeted by @Expert_IE_ https://twitter.com/Expert_IE_/status/984739670989967360

Global Threat Intelligence Market In-depth Research Report on Trends, Size, Share and Segmentation Outlook 2017-2026 – Truth Today

truthtoday24.com - To analyze growth trajectory and present an industry overview of the global Threat Intelligence market, the report titled global Threat Intelligence market begins with definition, executive summary, …


Tweeted by @SecurityToday https://twitter.com/SecurityToday/status/984706199307169792

Uber Drivers Are Independent Contractors, Not Employees, Judge Rules

Uber drivers are independent contractors, not full-time employees of the ride-hailing company, a federal judge in Philadelphia ruled in what is said to be the first classification of Uber drivers under federal law. Reuters reports: U.S. District Judge Michael Baylson on Wednesday said San Francisco-based Uber does not exert enough control over drivers for its limo service, UberBLACK, to be considered their employer under the federal Fair Labor Standards Act. The drivers work when they want to and are free to nap, run personal errands, or smoke cigarettes in between rides, Baylson said. Jeremy Abay, a lawyer for the plaintiffs, said he would appeal the ruling to the Philadelphia-based 3rd U.S. Circuit Court of Appeals. The 3rd Circuit would be the first federal appeals court to consider whether Uber drivers are properly classified as independent contractors.

Read more of this story at Slashdot.

Threat Intelligence in Supply Chain

cscmp.org - Since 1963, the Council of Supply Chain Management Professionals (CSCMP) has been providing networking, career development, and educational opportunities to the logistics and supply chain management …


Tweeted by @cscmp https://twitter.com/cscmp/status/984514039656022016

Financial Services and GDPR: What 200 Professionals Told Us About Their Data Protection

When the European Union’s (EU) General Data Protection Regulation (DPR) comes into full force May 25, European citizens will receive greater privacy protection and regulators will have a strengthened authority to take action against businesses that breach the new laws. Fines of up to 4% of annual global revenue or €20 million, whichever is greater, can be levied against any organization that processes personal data of EU residents, regardless of where they are based. Stories with doomsday predictions and generous helpings of fear can be found in many publications.

McAfee recently published an executive summary of our report, Beyond GDPR: Data Residency Insights from Around the World, that focuses on responses from the 200 professionals surveyed in the financial services sector. While there remains work to be done, it’s not all doom and gloom for the financial services industry. More than one quarter (27%) of financial services firms surveyed are already set up to comply with the GDPR requirement for controllers to report a breach to the appropriate authorities within 72 hours of becoming aware of a breach, when compared to just 20 percent of other industries. This is most likely the result of greater preparation, as the financial sector has a higher proportion of firms (28%) that have been working on compliance for three to four years, compared to the global average of just two years.

We believe that the looming threat of GDPR fines is an opportunity to communicate the seriousness of these regulations to your board and executives, and to position the firm as one that cares about personal privacy. And that could help boost the bottom line according to survey respondents – some 80% of financial services respondents believe that organizations that properly apply data protection laws will attract new customers.

Knowing what data is stored where is one of the most important steps of this data protection activity, but here are a few more that we recommend.

Step 1. Know Your Data.

Not only where it is, but what it is, why you are collecting it, and what levels of security and encryption are used to protect it. If you are collecting personal data that is not essential to your service offering, you may want to reconsider what you collect to better manage your risk of exposure, and comply with data-minimization principles.

Step 2. Enforce Encryption.

Effective encryption protects data by making it useless to hackers in the event of a data breach. Use proven encryption technologies, such as Triple Data Encryption Standard (DES), RSA, or Advanced Encryption Standards (AES) to ensure the safe storage of both your employees’ data and customers’ data.

Step 3. Pseudonymize personally identifiable information (PII).

Modifying data prior to processing so that it cannot be tracked back to a specific individual provides another layer of data protection. Pseudonymizing your data allows you to take advantage of Big Data and do larger scale data analysis, and is viewed as an appropriate technical and organizational measure under article 32 of the GDPR.

Step 4. Get Executive Management Involved.

The necessary changes to your data storage, monitoring, management, and security systems can require more human and financial resources than are currently budgeted. The potential of significant fines is an excellent opportunity to get the required support from the highest levels of your organization.

Step 5. Appoint a Project Owner.

Staying compliant with various data protection laws is not something that can be done by an IT staffer in their spare time. Consider appointing a data protection officer or equivalent, to take ownership of both implementation and ongoing management of this project. A data protection officer may be required in any event, depending on the nature of the processing carried out.

Step 6. Review Data Security with Cloud Vendors.

With cloud computing and storage touching most business processes in some fashion, consider conducting an audit of all your vendors’ systems, procedures, and contracts, and the data that they are handling and storing on your behalf. After all, each organization will be held responsible for meeting the GDPR requirements.

Step 7. Foster a Security-Aware Culture.

Human errors are often responsible for data and security breaches. It doesn’t matter that your business follows the strictest security protocol —one error made by one uninformed person could lead to irreparable damages. Consider making sure that all your employees and contractors receive proper and regular training on data security and the handling of customer information.

Step 8. Have a Response Plan.

No system is 100% bulletproof. You need an incident response plan in place to make sure that you can recover as quickly as possible in the event of a data breach. Under GDPR law, you are required as a controller to alert the appropriate authorities within 72 hours of becoming aware of a data breach, and you also need to notify any individuals whose personal data has been compromised.

Step 9.  Go with a Privacy by Design Approach.

The GDPR places a requirement on organizations to take into account data privacy during design stages of all projects.  Companies will want to consider data-protection technologies such as data loss prevention (DLP) and cloud data protection (CASB) from the very beginning of the development. Implement data-protection policies that would help prevent both accidental and malicious data theft by insiders and cybercriminals – doesn’t matter where it resides.

While no one can guarantee that you will not suffer a data loss, following these steps will help you understand where you stand, identify any gaps, and improve your organization’s responsiveness. Loss of customer confidence was the most common concern of financial services organisations (64%), and rapid containment and response is one of the best ways to protect your firm’s valuable reputation. So keep calm, and prepare for GDPR.

Read the full report, Beyond GDPR: Data Residency Insights from Around the World, and learn more about the top data-protection concerns and strategies of more than 800 senior business professionals from eight countries and a range of industries.

The post Financial Services and GDPR: What 200 Professionals Told Us About Their Data Protection appeared first on McAfee Blogs.

Manager – Cyber & Threat Intelligence

cv-library.co.uk - Manager - Cyber & Threat Intelligence, £30k-£55k Edinburgh My client, a reputable banking organisation, widely recognised for their retail customer base and their collaborative and revolutionary view…


Tweeted by @BankingJobsUK https://twitter.com/BankingJobsUK/status/984399477833220096

Adopt threat hunting to prevent cyber menace

themalaysianreserve.com - Local companies need to shift from just prevention to threat hunting, says cyber security expert By RAHIMI YUNUS / Pic By ISMAIL CHE RUS Traditional monitoring for malware and responding to cyber att…


Tweeted by @CristinaM_SANS https://twitter.com/CristinaM_SANS/status/984371092591661057

Global Threat Intelligence Solution Market 2018-2025 Status and Forecast, by Players, Types and Applications – Investor Opinion

opinioninvestor.com - The Global Threat Intelligence Solution Market Report begins with an all-inclusive introduction to the industry followed by deeply drilling in to certain scenario that is segmented on the basis of ap…


Tweeted by @SecurityToday https://twitter.com/SecurityToday/status/984327013379915777

Netflix Pulls Out of Cannes Following Rule Change

Netflix and Cannes are breaking up, at least for now. On Wednesday, Netflix chief Ted Sarandos said that the streaming platform won't be sending any films to the prestigious French festival, formally severing the strained relationship between the two power players. The decision was a long time coming, after Cannes established a rule that forbade films without a theatrical distribution plan from its competition. From, a report: In an exclusive interview with Variety, Netflix's chief content officer says that the festival sent a clear message with a new rule that bans any films without theatrical distribution in France from playing in competition. Netflix could screen some of its upcoming movies out of competition, but Sarandos says that doesn't make sense for the streaming service. "We want our films to be on fair ground with every other filmmaker," Sarandos says. "There's a risk in us going in this way and having our films and filmmakers treated disrespectfully at the festival. They've set the tone. I don't think it would be good for us to be there." Netflix made a big splash at the prestigious film festival last year with two movies that showed in competition: Bong Joon-ho's "Okja" and Noah Baumbach's "The Meyerowitz Stories." But after the 2017 announcement, French theaters owners and unions protested the inclusion of these films to Thierry Fremaux, the artistic director of Cannes. Netflix was amenable to having their movies play on big screens in France, but a law in the country requires movies to not appear in home platforms for 36 months after their theatrical release.

Read more of this story at Slashdot.

Spotify Is Planning a New Version of Its Free Music Service

An anonymous reader shares a report: Spotify Technology is developing a new version of its free music service, the first big product change since the streaming company went public last week, according to people familiar with the matter. The company is tweaking the free service to make it easier to use, especially for customers on mobile phones, said the people. An announcement is expected within a couple weeks. Spotify needs to attract large numbers of new listeners to satisfy investors who value the newly public company based on user growth. The free service generates customers that the company can steer into its paid offerings. The paid version accounts for less than half of Spotify's customer base, but generated about 90 percent of its 4.09 billion euros in 2017 revenue. [...] With the updated service, free mobile listeners will be able to access playlists more quickly and have more control over what songs they hear on top playlists, mimicking Spotify's ad-free subscription product. The basic package is $9.99 a month.

Read more of this story at Slashdot.

Sharing the Journey to GDPR Compliance

Customer data is everything at Trend Micro. As a global cybersecurity leader, protecting customer data is what we do for a living, which is why it’s important for us to put into practice what we talk to our customers about.

As a demonstration of our commitment to protecting our millions of customers, we treat all of our sensitive customer data as if it were our own. We implement the same security practices that we recommend to our customers, and take the same stance on protecting data that we believe they should take. This means that we are leveraging state-of-the-art security capabilities – many of our own – across the company, combined with updated policies, procedures, and employee awareness.

With this philosophy in place, security has evolved at Trend Micro to the point of not just saying no – we’re now able to confidently say “yes” to new and exciting projects , and we want our customers to be able to do the same. Something which is rarely talked about is that the GDPR can be about the potential of being able to do more, enabling more business opportunities faster than ever before.

The GDPR is also giving us the opportunity to show our customers that we’re driving the same road to compliance that they are. We’re not just trying to sell them state-of-the-art solutions that may help with compliance; we are a large company that specializes in security and we are implementing the same processes as they do. In sharing our journey to GDPR compliance, we are hoping to show our customers the benefits and the results of this process.

Watch the video to hear from our COO, Kevin Simzer, on how we value protecting customer data, and how we implement the same measures that we talk about to our customers.

Video Schedule

4/18 – HR: See how the GDPR affects our employees, and what we’ll do to ensure they have a good understanding of the regulation.

4/25 – Marketing Operations: Learn how our Marketing Operations team ensures that our customer data is protected across all external platforms.

5/2 – Products and Services: Hear from Bill McGee, SVP Cloud Security, on how we’re always evolving to deliver state-of-the-art capabilities in our products, and how we help our customers deliver their portion of the shared security responsibility of cloud environments.

5/9 – Sales and Channel Enablement: See how important it is that our existing partners understand GDPR, and how we help them find the tools needed to achieve GDPR compliance.

The post Sharing the Journey to GDPR Compliance appeared first on .

Tech Giants Like Amazon and Facebook Should Be Regulated, Disrupted, or Broken Up: Mozilla Foundation

The Mozilla Foundation has called for the regulation of tech giants like Google, Amazon, and Facebook. From a report: Though tech giants in the U.S. and companies like Alibaba and Tencent in China have "helped billions realize the benefits of the internet," the report calls for regulation of these players to mitagate monopolistic business practices that undermine "privacy, openness, and competition on the web." They box out competitors, restricting innovation in the process, Mozilla wrote today in its inaugural Internet Health Report, "As their capacity to make sense of massive amounts of data grows through advances in artificial intelligence and quantum computing, their powers are likely to advance into adjacent businesses through vertical integrations into hardware, software, infrastructure, automobiles, media, insurance, and more -- unless we find a way to disrupt them or break them up." Governments should enforce anti-competitive behavior laws and rethink outdated antitrust models when implementing regulation of tech giants, the report states.

Read more of this story at Slashdot.

Global Threat Intelligence Market Growth Rate, Revenue Share, Trend, Size, and Forecast 2017-2026 – Healthcare News

journalhealthcare.com - The new research from MarketResearch.Biz on Global Threat Intelligence Market Report for 2018 aim to provide target audience with the recent outlook on Threat Intelligence market and complete the kno…


Tweeted by @SecurityToday https://twitter.com/SecurityToday/status/984056421967847425

The comprehensive report on Threat Intelligence market offers in-depth visions into the key drivers and Market Growth By focusing on top Key Vendors like LogRhythm, Inc. , LookingGlass Cyber Solutions, Inc. , Optiv Security, Inc. , Webroot, Inc. , Farsight Security, Inc. , F-Secure Corporation, AlienVault, Inc. , and Splunk, In – satPRnews

satprnews.com - Threat intelligence is a cyber-security discipline that seeks understanding of sophisticated cyber threats and their detection, analysis, and predictive remediation. Threat intelligence solutions pro…


Tweeted by @SecurityToday https://twitter.com/SecurityToday/status/984056414065733632

The Maritime and Port Security Information Sharing & Analysis Organization Adopts VirnetX’s Gabriel Secure Technology – VirnetX

virnetx.com - NASA/Kennedy Space Center, FL., – January 22, 2018 – The Maritime and Port Security Information Sharing and Analysis Organization (MPS-ISAO), advancing global maritime and port critical infrastructur…


Tweeted by @joseFreedomVE https://twitter.com/joseFreedomVE/status/984052207015342080

Hackers target business supply chains

channelpro.co.uk - Hackers are targeting supply chain firms to gain access to commercially sensitive data from them and their customers, according to the UK's National Cyber Security Centre (NCSC). A large number of ma…


Tweeted by @channel_pro https://twitter.com/channel_pro/status/984036343213969408

EBF newsletters – EBF

ebf.eu - You can subscribe to two newsletters published by the mediacentre of the European Banking Federation. Subscribe to both if you want to see EBF news and insights every weekday. CLICK HERE FOR THE LATE…


Tweeted by @EBFeu https://twitter.com/EBFeu/status/983966040328634368

Global Artificial Intelligence in Cyber Security Market Report 2017: Analysis & Forecasts (2013-2023) – Network Security Accounted for the Largest Market During the Historical Period

prnewswire.com - Global Artificial Intelligence in Cyber Security Market is expected to reach $18.2 billion by 2023. As per the findings of the research, network security accounted for the largest market during the h…


Tweeted by @moueller1961 https://twitter.com/moueller1961/status/983938266763325440

Apple Must Pay Patent Troll More Than $500 Million In iMessage Case

A federal court in Texas today has ordered Apple to pay $502.6 million to a patent troll called VirnetX, the latest twist in a dispute now in its eighth year. "VirnetX claimed that Apple's FaceTime, VPN on Demand and iMessage features infringe four patents related to secure communications, claims that Apple denied," reports Bloomberg. From the report: The dispute has bounced between the district court, patent office and Federal Circuit since 2010. There have been multiple trials, most recently one involving earlier versions of the Apple devices. A jury in that case awarded $302 million that a judge later increased to $439.7 million. Kendall Larsen, CEO of VirnetX, said the damages, which were based on sales of more than 400 million Apple devices, were "fair." "The evidence was clear," Larsen said after the verdict was announced. "Tell the truth and you don't have to worry about anything." For VirnetX, the jury verdict in its favor could be a short-lived victory. The Patent Trial and Appeal Board has said the patents are invalid, in cases that are currently before the U.S. Court of Appeals for the Federal Circuit in Washington. The Federal Circuit, which handles all patent appeals, declined to put this trial on hold, saying it was so far along that a verdict would come before a final validity decision.

Read more of this story at Slashdot.

cyber crime report

professionalsecurity.co.uk - Criminals are launching more online attacks on UK businesses than ever, say UK police and cyber authorities in a report to mark the start a cyber security conference. The National Cyber Security Cent…


Tweeted by @iGloobe_info https://twitter.com/iGloobe_info/status/983849148465197056

Theranos Lays Off Almost All of Its Remaining Workers

A few months ago, Theranos laid off almost half of its workforce as it struggled to recover from the backlash generated when the company failed to provide accurate results to patients using its proprietary blood test technology. Now, according to people familiar with the matter, the company is laying off most of its remaining workforce in a last-ditch effort to preserve cash and avert or at least delay bankruptcy for a few more months. MarketWatch reports: Tuesday's layoffs take the company's head count from about 125 employees to two dozen or fewer, according to people familiar with the matter. As recently as late 2015, Theranos had about 800 employees. Elizabeth Holmes, the Silicon Valley firm's founder and chief executive officer, announced the layoffs at an all-employee meeting at Theranos's offices in Newark, Calif. on Tuesday, less than a month after settling civil fraud charges with the U.S. Securities and Exchange Commission. Under the SEC settlement, Holmes was forced to relinquish her voting control over the company she founded 15 years ago as a 19-year-old Stanford dropout, give back a big chunk of her stock, and pay a $500,000 penalty. She also agreed to be barred from being an officer or director in a public company for 10 years.

Read more of this story at Slashdot.

FTC Warns Manufacturers That ‘Warranty Void If Removed’ Stickers Break the Law

schwit1 writes: The Federal Trade Commission put six companies on notice today, telling them in a warning letter that their warranty practices violate federal law. If you buy a car with a warranty, take it a repair shop to fix it, then have to return the car to the manufacturer, the car company isn't legally allowed to deny the return because you took your car to another shop. The same is true of any consumer device that costs more than $15, though many manufacturers want you to think otherwise. Companies such as Sony and Microsoft pepper the edges of their game consoles with warning labels telling customers that breaking the seal voids the warranty. That's illegal. Thanks to the 1975 Magnuson-Moss Warranty Act, no manufacturer is allowed to put repair restrictions on a device it offers a warranty on. Dozens of companies do it anyway, and the FTC has put them on notice. Apple, meanwhile, routinely tells customers not to use third party repair companies, and aftermarket parts regularly break iPhones due to software updates.

Read more of this story at Slashdot.

Linux Computer Maker System76 To Move Manufacturing To the US

An anonymous reader shares a report: Linux computer manufacturer System76 made its mark in part because of its commitment to open source principles and doing what it believes is right. Last year it released its homegrown Linux, Pop!_OS. In early March, System76 founder Carl Richell tweeted about the company's plans to locate its computer manufacturing factory in Denver, Colorado. By moving its manufacturing from China to the United States, System76 is offering more proof that it's not afraid to buck prevailing tech norms to do things "the System76 way." Carl Richell, founder and CEO of System76, says in a Twitter exchange that they anticipate shipping products from the factory by the end of the year.

Read more of this story at Slashdot.

MODEX 2018 Seminar

modexshow.com - Home Attend On-floor Seminars Seminar Natalie Lehr - Co-Founder and Vice President of Analytics TSC Advantage nlehr@tscadvantage.com


Tweeted by @TSCAdvantage https://twitter.com/TSCAdvantage/status/983703389073760256

The Role That IT Security Teams Need to Play in Connected Hospitals

The WannaCry outbreak that reportedly raked in US$1B in damage costs also forced doctors to cancel scheduled appointments, among other things, brought on warranted concern over pervasive ransomware attacks that could stem from oft-overlooked components of healthcare networks—exposed medical cyber assets and third-party partners.

It’s a well-known fact that advances in medical technology and information systems are key reasons for the rise in life expectancy worldwide. Integrated modern diagnostic, monitoring, and treatment systems that allow information to quickly and efficiently flow through are enabling cooperative patient care. What some may not know, however, is that the hospital information system is the backbone of this data flow. It caters to aspects of hospital operations beyond medical services—administrative, financial, record keeping, and even legal processes. And as we have learned time and again, any sufficiently complex system that combines or builds on individual systems is bound to introduce weaknesses and broaden the attack surface.

Our latest joint research with HITRUST, Securing Connected Hospitals, highlights two crucial aspects of the healthcare ecosystem that IT teams need to consider as part of their overall security strategy—exposed devices and third-party partners.

We may think hospitals would be extremely sensitive to device exposure on the internet because of the fines that the Healthcare Insurance Portability and Accountability Act (HIPAA) and similar regulations impose for data exposure violations. But when we looked for healthcare-related cyber assets using Shodan, we were surprised to find a large number of exposed hospital systems.

[READ: For more details on exposed medical devices and systems]

Aside from the risks brought on by unsecured medical devices and systems online, healthcare organizations also run the risk of compromise via weaknesses in the supply chain. Exposure stemming from security gaps in the supply chain could put connected hospitals at risk of threats such as device firmware attacks, mHealth mobile app compromise, and source code compromise during manufacturing, among others.

[READ: For more details on supply-chain-related connected hospital threats]

Healthcare organizations are beginning to understand the risk of suffering a cyberattack that will affect hospital operations (staff schedule database, hospital paging, building controls, and other systems), data privacy (patient and employee personally identifiable information [PII], patient diagnosis and treatment data, insurance and financial information, etc.) and patient health (diagnoses, treatments, and monitoring data of patients). Operational risks of cyberattacks are the new norm. Threat actors can abuse, steal and monetize exposed medical devices and supply chain weaknesses, including PII, intellectual property, research findings, and others and monetize the stolen data in various ways (identity theft, privacy violation, financial fraud, among others). Even more menacing is the exponential growth of digital extortion attacks that are affecting hospitals resulting in operational downtime that result in life and safety risks to patients and financial losses, including penalties, reputation damage, and legal troubles.

It’s true, healthcare IT teams have competing priorities, making it critical to use risk-based strategies. The HITRUST Alliance’s Common Security Framework (CSF) does exactly this. It provides a risk-based approach that is prescriptive not descriptive and harmonizes and cross-references standards from the International Organization for Standardization (ISO), the National Institute of Standards and Technology (NIST), the Payment Card Industry (PCI), and HIPAA. HITRUST even offers a free assessment tool—MyCSF.

Adopting frameworks such as the CSF is just a start to help hospital systems stay up and running to deliver life-preserving services and securing said systems from malicious actors. But we can’t stress the importance of evaluating risks enough, as threats can interrupt operations and cause financial damage. So we recommend starting with sound security architecture and using technical solutions such as network segmentation, breach detection and next-generation firewalls/Unified Threat Management (UTM) gateways, and dynamic threat intelligence among others as a baseline.

[READ: For a complete list of recommended technical solutions]

To address the also-critical human aspect, healthcare IT teams should conduct regular social engineering drills and provide training for all employees and relevant third-party partners. An incident response protocol and team, consisting of people from different hospital departments, should be established. This team should be ready to act at a moment’s notice when a breach is discovered.

To address supply-chain-specific threats, we recommend that healthcare IT teams perform vulnerability assessments of new medical devices and include authentication using Network Access Control (NAC) before allowing network access in bring your own device (BYOD) programs, among others.

[READ: For a complete list of supply-chain-specific recommendations]

As highlighted in our latest joint research with HITRUST, Securing Connected Hospitals, healthcare organizations, to stay secure while remaining connected, need to address two aspects of their networks as part of their overall security strategy—exposed devices and third-party partners.

The post The Role That IT Security Teams Need to Play in Connected Hospitals appeared first on .

How Much VR User Data Is Oculus Giving To Facebook?

Facebook owns many other apps and services, including the Oculus virtual-reality platform, which collects incredibly detailed information about where users are looking and how they're moving. Since most of the discussion about how Facebook handles user information is focused on the social network itself, The Verge's Adi Robertson looks into the link between Facebook and Oculus: A VR platform like Oculus offers lots of data points that could be turned into a detailed user profile. Facebook already records a "heatmap" of viewer data for 360-degree videos, for instance, flagging which parts of a video people find most interesting. If it decided to track VR users at a more detailed level, it could do something like track overall movement patterns with hand controllers, then guess whether someone is sick or tired on a particular day. Oculus imagines people using its headsets the way they use phones and computers today, which would let it track all kinds of private communications. The Oculus privacy policy has a blanket clause that lets it share and receive information from Facebook and Facebook-owned services. So far, the company claims that it exercises this option in very limited ways, and none of them involve giving data to Facebook advertisers. "Oculus does not share people's data with Facebook for third-party advertising," a spokesperson tells The Verge. Oculus says there are some types of data it either doesn't share or doesn't retain at all. The platform collects physical information like height to calibrate VR experiences, but apparently, it doesn't share any of it with Facebook. It stores posts that are made on the Oculus forums, but not voice communications between users in VR, although it may retain records of connections between them. The company also offers a few examples of when it would share data with Facebook or vice versa. Most obviously, if you're using a Facebook-created VR app like Spaces, Facebook gets information about what you're doing there, much in the same way that any third-party app developer would. You can optionally link your Facebook account to your Oculus ID, in which case, Oculus will use your Facebook interests to suggest specific apps or games. If you've linked the accounts, any friend you add on Facebook will also become your friend on Oculus, if they're on the platform. Oculus does, however, share data between the two services to fight certain kinds of banned activity. "If we find someone using their account to send spam on one service, we can disable all of their accounts," an Oculus spokesperson says. "Similarly, if there's 'strange activity' on a specific Oculus account, they can share the IP address it's coming from with Facebook," writes Robertson. "The biggest problem is that there's nothing stopping Facebook and Oculus from choosing to share more data in the future."

Read more of this story at Slashdot.