There is a wide and growing concern for the security of the Internet of Things (IoT). It’s abundantly clear that the Internet is infested with neer-do-wells who thrive on hacking into networked devices. But many embedded development teams have never had to deal with security issues before, and are still trying to decide what, if anything, they need to do.
Read about first three rules of Internet of Things security on EDN Network.
Over the last few years, network attacks have subsided in favor of attacks by hackers on firewalls. Because of active SSL usage and booming attention to Web (cloud) storage, typical intrusion detection and intrusion prevention systems (IDS/IPS) solutions are not capable of analyzing traffic higher than the third level of the OSI model. That’s why Web applications have become the main arena for battles of hacking vs. security.
Web application firewall (WAF) protection appears to be the next key direction in IT/security development.
Read why Web application firewall will be the next big thing in IT and security on eSecurity Planet.
Cyber crime has the potential to cause serious damage to the reputations of the world’s largest fund houses, but risk experts believe the investment industry has been slow to tackle the threat, potentially leaving investors exposed.
Concern over fund houses’ vulnerability to cyber crime has intensified following a sharp increase in the number of attacks on financial services companies last year.
Read more about how fund houses are concerned regarding the cyber crimes on FT.
The unfortunate reality of today’s advanced cybercrime attacks is that they are evolving faster than organizations can keep up. Zero-day threats are everywhere. And, the last generation prevention systems are failing to identify these new and advanced threats.
According to AV-test.org, more than 390,000 malicious programs are found each day, and this number continues to grow. Lastline Labs found that only 51 percent of AV scanners detect new malware samples on Day 0. Cyber criminals use these malware, and other associated techniques, to invade and compromise your critical systems.
Read more about why the enterprises should be prepared for the ‘inevitable’ cyber attacks on Trip Wire.
The use of spyware software – used to track partner’s movements, texts and even listen in on calls in realtime – has seen a dramatic rise over the past few years, according to an exclusive report by British newspaper The Independent.
A survey by domestic violence charity Women’s Aid concluded that 41% of abuse victims it had been involved with had been the victim of harassment using electronic devices or spyware abuse, while a second survey – this time by Digital Trust – claims it found that 50% of abusive partners had used spyware or electronic devices to snoop on their victims.
Read more about the abuse of spywares available, to track partners on We Live Security.
Ask a security professional for his or her job description, and you’re likely to get an answer along the lines of, “Protecting the company’s assets from being stolen or compromised.”
Then try asking what they mean by “assets.” You’ll almost certainly get either a blank stare or an irritated scowl. Everyone knows what an asset is, right? And everyone knows about asset management, right?
Read more about the definition of asset management in security terms on RSA Blog.
MIT researchers have taken several stabs at creating programming languages that “auto-complete”. One example is a programming language called Sketch, developed by Armando Solar-Lezama, an associate professor in MIT’s Department of Electrical Engineering and Computer Science. Sketch automatically fills in some programming gaps when programmers omit parts of their code.
On Wednesday, another MIT researcher unveiled a somewhat different approach. Professor of software technology Adam Chlipala has described a new programming language called Ur/Web, which allows web applications to be developed as executable programs.
Read more about how to make web programming easier and more secure on ZDNet.
Worried about hackers and fraudsters gaining access to the data on your Android smartphone or tablet? According to security experts, you should be, because mobile is the new platform of choice for the bad guys, with Android being at the top of that list. Some Android devices are even making their way to customers with preinstalled security vulnerabilities and misconfigurations.
The risk is real. But you can also reduce that risk by installing a security app on your device.
Read more about the best and free Android security Apps for your smartphone and tablet on ZDNet.
Aircraft manufacturer and defense contractor Boeing has turned to Canadian telecommunication form BlackBerry for help developing a super-secret, self-destructing ‘Black’ smartphone for government agencies.
According to The Telegraph, the smartphone will feature dual-SIM capability, built-in encryption, hardware communications crypto, swappable backplates that allow the smartphone to have satellite or radio capability, solar power chargers, and biometric sensors.
Read more about the new super-secret and self destructing ‘Black’ smartphone being developed by Boeing in collaboration with BlackBerry on ZDNet.
Cable and Internet service conglomerate Comcast is facing a class-action lawsuit stemming from its use of customer routers as personal home Wi-Fi networks as well as public-facing wireless hotspots available for other Comcast-Xfinity customers.
Toyer Grear and Jocelyn Harris, themselves and on behalf of the rest of the class, allege that Comcast is violating the Computer Fraud and Abuse Act, California’s Comprehensive Computer Data Access and Fraud Act, and the Business Professions code. The Class action was filed in a San Francisco court on Dec. 4.
Read about the Class action suit filed against Comcast for violating the privacy and security of its users on Threat Post.