Cybersecurity

Pwn2Own Contest Places a $75K Bounty to Hack VMware Workstation at CanSecWest Security Conference

Article Written by David Marshall



The annual Pwn2Own hacking contest returns next month to the CanSecWest security conference and researchers are going up against the most popular browsers and operating systems, challenged with finding and exposing exploits.  

For this year's contest, participants will be asked to exploit Microsoft Edge or Google Chrome on fully patched versions of 64-bit Windows 10 and Apple Safari on OS X El Capitan.  

Exploiting Google Chrome or Microsoft Edge will earn hackers a $65,000 prize, while exploiting Apple Safari on Mac will earn a payout of $40,000.  Achieving system-level access on Windows or root access on Mac OS X would bring an additional bonus of $20,000 to the pot.
 

IBM Sees 2015 Growth in Cloud, Security and Systems

Grazed from eWeek.  Author: Darryl K. Taft.

 IBM's strategic initiative led the way in 2015, with cloud now a $10 billion business and security a $2 billion unit. Systems and analytics also grew.  Despite another quarterly revenue slide, IBM sees a silver lining in its strategic imperatives as these key focus areas—cloud, analytics, mobile, social and security—show significant growth and indicate Big Blue is committed to succeeding in its transformation.

In the fourth quarter of 2015, IBM saw its revenue decline 9 percent to $22.1 billion; however the company's strategic imperatives revenue grew 26 percent (adjusting for currency and the System x divestiture) to $28.9 billion and now represents 35 percent of the company's overall revenue...

The Future of Information: Linking Cloud, Cybersecurity and Big Data Investment

Grazed from INNDaily. Author: Morag McGreevey.

Sometimes it seems like every other business is a cloud-based company. This internet-based computing service has entirely transformed the way information is processed, organized, stored and shared. Indeed, it seems almost impossible to separate the explosion of big data from cloud computing.

However, the rapid transition from old school data management to the highly efficient data centers driving today’s markets has created a need for cybersecurity solutions. With sensitive personal information, healthcare records and financial records being managed by these systems, cloud security has emerged as a vital aspect of protecting this data. As a result, cloud computing, cybersecurity and big data investment have formed an important nexus in the tech space...

Cloud Computing: Hackers reveal flaws in cyber security framework

Grazed from TheNation.  Author: Asina Pornwasin.

The recent hacking of government websites has called into question the government’s cyber security standards and risked its reputation for management, but a single gateway was not a solution to that problem, cyber security specialists said yesterday.  What the government can do is upgrade cyber security standards and adopt cyber security best practices as well as draft a national policy framework and regulations for cyber security. 
 
Police websites and about 300 Courts of Justice websites were hacked by sympathisers of the Anonymous group in protest against the Koh Tao double-murder verdict.   That led to a suggestion from police to bring back the single gateway plan to tackle the problem...

Cloud Computing: What's Behind Microsoft's Security Moves

Grazed from CMSWire. Author: David Roe.

Microsoft CEO Satya Nadella announced the launch of a new security strategy for the entire Microsoft portfolio on Nov. 17. Except Nadella didn’t call it a strategy — he called it a "posture." In practical terms we'll assume there isn't much difference between the two. Nadella said that security will no longer be an afterthought in product design, but rather a core consideration.

Same As It Ever Was?

Security is top of mind for Microsoft as it develops business around cloud products like Azure and Office 365. But does this announcement herald a new era for Microsoft’s approach to security? According to Garrett A. Bekker III, senior analyst for Information Security with 451 Research, the objectives may be different, but the way Microsoft is going about it is not...

Read more from the source @ http://www.cmswire.com/information-management/whats-behind-microsofts-security-moves/

Kaspersky Lab Patents New Technology to Enhance Virtual Desktop Infrastructure Security

Grazed from Kaspersky Lab.

Kaspersky Lab has patented a new technology designed to prioritize data-scanning tasks on virtual machines. The technology significantly speeds up processing of high-priority scan requests in real time, while maintaining virtual machine performance. The patent was granted by the US Patent and Trademark Office. 

A corporate virtual environment usually consists of a dedicated virtual machine protected by a security solution and a network of virtual workstations with so-called agents. A network connection is installed between the dedicated virtual machine and the agents, to allow data exchange during on-demand scanning of files (ODS) or on-access scanning of user applications (OAS). 

Cloud Computing: Cyber Security Skills -The Hot New Must-Have IT Skill Set

Grazed from LinkedIn.  Author:  Mayank  Singh.

Those in the IT world are always looking to develop the right skill sets that will help them get noticed above their competition. Considering how quickly technology changes, possessing a highly-desired set of skills can lead to better jobs and higher wages.   Trends, of course, come and go, and keeping up with what is currently the most in-demand skills can sometimes feel like a job in and of itself. IT workers have to figure out what skills they want to master that will lead to higher chances of employment and greater job stability. 
 
While many companies may be attracted to technical buzzwords being tossed about, one of the hottest IT skill sets is something that mostly avoids the hype: cyber security.   Employers are eager to find workers with expertise in security, and the numbers back this up. The fastest growing job category on Dice.com happens to be cyber security, with the number of job postings having jumped by 91 percent compared to last year...

Cloud Computing: Even Einstein Couldn't Fix Cybersecurity

Grazed from GovTech. Author: Larry Karisny.

A massive cyberattack at the U.S. Office of Personnel Management (OPM) exposed the personal information of as many as 4 million federal employees. Though this type of news is not unusual, this particular case is different given that a multi-billion-dollar federal civilian cyberdefense systems was hacked.

The cyberdefense systems supposedly protecting the OPM are Department of Homeland Security programs known as Einstein and Continuous Diagnostics and Mitigation (CDM) -- and were hailed as the cornerstone of repelling cyberthreats in real time. Unfortunately this is not actually the case, as it took five months to discover the intrusion -- hackers hit the OPM in December, and the agency did not detect the intrusion until April. How bad the attack really was is still being analyzed...

Rising to the Cloud Security Challenge

Grazed from TalkinCloud. Author: Mike Vizard.

For as long as anyone cares to remember the biggest inhibitor to cloud adoption has been concerns about security. In fact, when it comes to security the primary enemy has always been integration. By definition, the greater the number of points of integration there are the less secure something is. From an IT security perspective cloud computing, of course, is the ultimate form of integration.

But as much as integration might be part of the problem it’s also a big part of the solution. The more integrated security technologies become the more effective IT security solutions become inside and out of the cloud. For that reason, many IT security vendors are taking advantage of well-documented application programming interfaces (APIs) to drive a wave of alliances that go well beyond the basic marketing agreement...

Read more from the source @ http://talkincloud.com/cloud-computing-security/rising-cloud-security-challenge

Cloud Computing: Companies Should Heed DOJ’s New Cybersecurity Guidance to Minimize Liability

Grazed from Bloomberg.  Author: Kathryn Allen and Daniel Farris.

The Department of Justice (DOJ) has released new guidance on cyber preparedness and incident response, becoming the latest federal agency to do so in recent months. Newly sworn-in Attorney General, Loretta Lynch, has indicated that the investigation and prosecution of cyber crimes will be one of the top priorities of her administration. Although the Guidance sets forth only voluntary standards, companies wishing to minimize potential liability in enforcement actions and/or civil litigation should take notice.

In releasing its “Best Practices for Victim Response and Reporting of Cyber Incidents,” the DOJ's Cybersecurity Unit called upon law enforcement and private industry to share in the effort to improve systems that protect consumer information...