Kategorie

Ke dvěma rokům vězení byl tento týden v Británii odsouzen za závažné počítačové pirátství 18letý Kane Gamble. Ještě jako nezletilý se dokázal dostat do e-mailových a mobilních účtů významných činitelů amerických zpravodajských služeb a ministerstva spravedlnosti a některé utajované materiály, které přitom získal, předal dál.

LinuxSecurity.com: A decade ago, it was a serious question whether open source databases were ready for mission-critical applications. The obvious response at the time was "no," with substantial evidence to back that claim. More recently, self-promoting vendors have continued to pitch the idea that proprietary databases "are the best fit for mission-critical applications," but the idea has lost credibility.

LinuxSecurity.com: Acquired by Apple in 2015, the FoundationDB database architecture has officially gone open source, the company announced today. It's the latest move by Apple to open more of its non-secret software initiatives to public contributions, following earlier moves with its Swift programming language, cryptographic libraries, and benchmarking tools.

Not just Facebook, a new vulnerability discovered in Linkedin's popular AutoFill functionality found leaking its users' sensitive information to third party websites without the user even knowing about it. LinkedIn provides an AutoFill plugin for a long time that other websites can use to let LinkedIn users quickly fill in profile data, including their full name, phone number, email address,

LinuxSecurity.com: If cybercrime was a country, it would have the 13th highest GDP in the world. Attackers generate $1.5 trillion in annual profit, which is about equal to the GDP of Russia, according to a new study on the interconnected economy of cybercrime.

The British teenager who managed to hack into the online accounts of several high-profile US government employees sentenced to two years in prison on Friday. Kane Gamble, now 18, hacked into email accounts of former CIA director John Brennan, former Director of National Intelligence James Clapper, former FBI Deputy Director Mark Giuliano, and other senior FBI officials—all from his parent's

LinuxSecurity.com: Over one-third of all security incidents start with phishing emails or malicious attachments sent to company employees, according to a report by F-Secure.

Posted by Elie Bursztein, Anti-Abuse Research Lead - Ian Goodfellow, Adversarial Machine Learning Research Lead

Recent advances in AI are transforming how we combat fraud and abuse and implement new security protections. These advances are critical to meeting our users’ expectations and keeping increasingly sophisticated attackers at bay, but they come with brand new challenges as well.

This week at RSA, we explored the intersection between AI, anti-abuse, and security in two talks.

Our first talk provided a concise overview of how we apply AI to fraud and abuse problems. The talk started by detailing the fundamental reasons why AI is key to building defenses that keep up with user expectations and combat increasingly sophisticated attacks. It then delved into the top 10 anti-abuse specific challenges encountered while applying AI to abuse fighting and how to overcome them. Check out the infographic at the end of the post for a quick overview of the challenges we covered during the talk.

Our second talk looked at attacks on ML models themselves and the ongoing effort to develop new defenses.

It covered attackers’ attempts to recover private training data, to introduce examples into the training set of a machine learning model to cause it to learn incorrect behaviors, to modify the input that a machine learning model receives at classification time to cause it to make a mistake, and more.

Our talk also looked at various defense solutions, including differential privacy, which provides a rigorous theoretical framework for preventing attackers from recovering private training data.

Hopefully you were to able to join us at RSA! But if not, here is re-recording and the slides of our first talk on applying AI to abuse-prevention, along with the slides from our second talk about protecting ML models.

Introduction Cloud computing and mobile applications are radically changing the way we do business. Enterprises are building applications more rapidly than ever before, often using Agile development processes and then expanding their internal development programs with third-party software and open-source libraries and components that increase the overall threat exposure cumulatively. An application or software “vulnerability” […]

The post CISSP: Development Environment Security Controls appeared first on InfoSec Resources.

CISSP: Development Environment Security Controls was first posted on April 20, 2018 at 2:15 pm.
©2017 "InfoSec Resources". Use of this feed is for personal non-commercial use only. If you are not reading this article in your feed reader, then the site is guilty of copyright infringement. Please contact me at darren.dalasta@infosecinstitute.com

Introduction CISA certification is designed for professionals who want to showcase their knowledge and experience in information system (IS) control, assurance and security. This certification by ISACA is globally recognized and is considered to be the gold standard. Having a certification like CISA gives you all the credibility you need to move forward in your […]

The post How To Become CISA Certified – Certification Requirements appeared first on InfoSec Resources.

How To Become CISA Certified – Certification Requirements was first posted on April 20, 2018 at 12:18 pm.
©2017 "InfoSec Resources". Use of this feed is for personal non-commercial use only. If you are not reading this article in your feed reader, then the site is guilty of copyright infringement. Please contact me at darren.dalasta@infosecinstitute.com

Andy Ellis, CSO Akamai, discusses how the company works with others within the cybersecurity landscape to help keep the internet safe.

Threatpost's Tom Spring talked to Roman Unuchek, senior malware analyst at Kaspersky Lab, about his discoveries this week at the RSA Conference.

Can bug bounty programs be designed to protect consumer privacy and how do programs balance white hat disclosure versus companies sitting on vulnerabilities until they are fixed?

Cybersecurity conferences don't always practise what they preach.

The man behind a cacophony of robocalls had little to say for himself on Capitol Hill

If you can't beat 'em, join 'em.

If you have installed a network-attached storage device manufactured by LG Electronics, you should take it down immediately, read this article carefully and then take appropriate action to protect your sensitive data. A security researcher has revealed complete technical details of an unpatched critical remote command execution vulnerability in various LG NAS device models that could let

LinuxSecurity.com: LinkedIn has quietly patched a vulnerability which could have allowed malicious third parties to steal members' personal data.

Bots run by shady websites are creating thousands of phantom pages

LinuxSecurity.com: Developer platform GitHub has warned that plans to stop copyright infringements online could have a major impact on open-source software development.