Category Archives: Information Security

What CISOs Need to Tell The Board About Cyber Risk

To avoid devastating financial losses, boards and the C-suite must have a deep understating of the cyber risks their organizations’ face. Here’s what they need to hear from the security team

There should be little doubt about cybersecurity’s importance in 2016 given the amount of attention the topic has garnered in the past decade. Board directors and top leadership are under pressure from all sides: from federal and state regulators, from business partners seeking to tackle third-party vendor cyber risks, and from shareholders and their class-action lawyers ready to sue the moment a breach is announced.

Read More Darkreading

VMware Expands Its Security Capabilities

VMware

New TrustPoint endpoint security technology debuts as VMware adds cloud access security broker integrations to AirWatch.

VMware grew its portfolio of security products and capabilities on June 13, with the debut of the TrustPoint for endpoint security as well as new cloud access security broker (CASB) integrations with AirWatch and advances in Workspace ONE.VMware TrustPoint benefits from Tanium’s endpoint security technology, which VMware is integrating into it. Tanium is a security vendor that to date has raised $262 million in an effort to build a new generation of endpoint defense and management capabilities. It was created by the founders of BigFix, which IBM acquired in 2010.

Read More eWeek

The U.S. just took one step closer to privatizing a core part of the Internet

Every time you type “Google.com” into your browser, what you get is a search engine used by billions. What you don’t see? A complicated string of actions kicking into high gear behind the scenes, turning your URL into language that any computer or server in the world can understand and, ultimately, spit out as a Web page.

Read More Thewashingtonpost

VMware Patches Critical Flaw in NSX, vCNS Products

VMware has released updates for some of its products to address several vulnerabilities, including an information disclosure issue rated critical.

In an advisory published on Thursday, the company revealed that VMware NSX and vCloud Networking and Security (vCNS) are plagued by a critical input validation flaw (CVE-2016-2079). The vulnerability can be exploited by a remote attacker to gain access to sensitive information.

Read More Securityweek

Singapore’s civil servants are set to lose internet privileges

The country’s government is planning on blocking the internet from civil servants starting next year in the interest of security.

By this time next year, Singapore’s civil servants will have lost access to the internet.

The change, which was announced yesterday, is designed to prevent any leaks from work emails and shared government documents, as well as to safeguard the country’s serves from malware,The Straits Times reported.

Read More CNet

9-vendor authentication roundup: The good, the bad and the ugly

New ‘smart’ tokens and risk-based factors deliver tighter security, but setups remain complex and user interfaces need a facelift.

Due to numerous exploits that have defeated two-factor authentication, either by social engineering, remote access Trojans or various HTML injection techniques, many IT departments now want more than a second factor to protect their most sensitive logins and assets.

In the three years since we last reviewed two-factor authentication products, the market has responded, evolving toward what is now being called multi-factor authentication or MFA, featuring new types of tokens.

Read More Networkworld

Accessing your internet browsing history is FBI’s top legislative priority

Tech firms and privacy groups are fighting back against an amendment that would give the FBI a top-level view of “electronic communication transactional records” (ECTRs) without the need for a warrant in terrorism and spy cases.

ECTRs include everything from the websites you’ve visited to how long you browsed a particular page. It’s all up for grabs as part of an amendment to the Electronic Communications Privacy Act being considered this week by the Senate Judiciary Committee. The legislation would expand the government’s ability to collect data using a National Security Letter, or NSL, which doesn’t require a court order and typically includes a gag order saying the recipient cannot publicly acknowledge the letter.

Read More Cnet

Vulnerabilities in Facebook Chat and Messenger exploitable with basic HTML knowledge

Check Point’s security research team has discovered vulnerabilities in Facebook’s standard online Chat function, and its separately downloaded Messenger app.

The vulnerabilities, if exploited, would allow anyone to essentially take control of any message sent by Chat or Messenger, modify its contents, distribute malware and even insert automation techniques to outsmart security defences.

Facebook vulnerability chat

Read More Helpnetsecurity