Information Security, SSAE 16, ISO 27001, CISA, Cert-IN
On demand free security tool that can integrate with your application pipeline or simply post deploy. I am big into finding the highest efficiency methods, and why not augment your brilliant human security experts with this tool to get a … Continue reading →
via https://ift.tt/2d6SW5x
A former Verizon Wireless network technician in Alabama has admitted to using company computers to steal and sell private customers’ location and call data over a period of five years. As Ars Technica reports, Daniel Traeger of Birmingham faces up to five years in prison or a $250,000 fine for the federal hacking charge. As part of a plea deal, Traeger confessed that he sold the data to an unnamed private investigator.
via https://ift.tt/2dmp92Q
Microsoft and Bank of America Merrill Lynch are collaborating on a new pilot project aimed at automating trade finance transactions using blockchain technology, the companies announced yesterday.
Blockchain is best known as the distributed database technology at the heart of cryptocurrencies like Bitcoin. It is hardened against tampering, preventing even its operators from revising or otherwise meddling with its continuously growing list of records.
via https://ift.tt/2dbc1PR
Reader coondoggie writes: As expected the IEEE has ratified a new Ethernet specification — IEEE P802.3bz — that defines 2.5GBASE-T and 5GBASE-T, boosting the current top speed of traditional Ethernet five-times without requiring the tearing out of current cabling. The Ethernet Alliance wrote that the IEEE 802.3bz Standard for Ethernet Amendment sets Media Access Control Parameters, Physical Layers and Management Parameters for 2.5G and 5Gbps Operation lets access layer bandwidth evolve incrementally beyond 1Gbps, it will help address emerging needs in a variety of settings and applications, including enterprise, wireless networks. Indeed, the wireless component may be the most significant implication of the standard as 2.5G and 5G Ethernet will allow connectivity to 802.11ac Wave 2 Access Points, considered by many to be the real driving force behind bringing up the speed of traditional NBase-T products.
Read more of this story at Slashdot.
via https://ift.tt/2dhvAYT
An anonymous Slashdot reader shares an excerpt with us from a report via ZDNet that summarizes a catfishing scheme designed to deceive Amazon users into buy low-quality ebooks: Emma Moore is just one of hundreds of pseudonyms employed in a sophisticated "catfishing" scheme run by Valeriy Shershnyov, whose Vancouver-based business hoodwinks Amazon customers into buying low-quality ebooks, which have been boosted on the online marketplace by an unscrupulous system of bots, scripts, and virtual servers. Catfishing isn’t new — it’s been well documented. Some scammers buy fake reviews, while others will try other ways to game the system. Until now, nobody has been able to look inside at how one of these scams work — especially one that’s been so prolific, generating millions of dollars in royalties by cashing in on unwitting buyers who are tricked into thinking these ebooks have some substance. Shershnyov was able to stay in Amazon’s shadows for two years by using his scam server conservatively so as to not raise any red flags. What eventually gave him away weren’t customer complaints or even getting caught. It was good old-fashioned carelessness. He forgot to put a password on his server.
Read more of this story at Slashdot.
via https://ift.tt/2dipJ5w
OSquery
, an open-source framework created by Facebook that allows organizations to look for potential malware or malicious activity on their networks, was available for Mac OS X and Linux environments until today.
But now the social network has announced that the company has developed a
Windows version of its osquery tool
, too.
When Facebook engineers want to monitor thousands of Apple Mac laptops across their organization, they use their own untraditional security tool called OSquery.
OSquery is a smart piece of cross-platform software that scans every single computer on an infrastructure and catalogs every aspect of it.
Then SQL-based queries allow developers and security teams to monitor low-level functions in real-time and quickly search for malicious behavior and vulnerable applications on their infrastructure.
In simple words, OSquery allows an organization to treat its infrastructure as a database, turning OS information into a format that can be queried using SQL-like statements.
This functionality is critical for administrators to perform incident response, diagnose systems and network level problems, help to troubleshoot performance issues, and more.
This open source endpoint security tool has become one of the most popular security projects on
since its release in mid-2014 and was available for Linux distribution such as Ubuntu or CentOS, and Mac OS X machines.
So, if your organization was running a Windows environment, you were out of luck.
But, not today, as with the help of Trail of Bits, Facebook has finally launched the OSquery developer kit for Windows, allowing security teams to build customized solutions for their Windows networks.
“
As adoption for osquery grew, a strong and active community emerged in support of a more open approach to security,
” reads the earlier version of Facebook’s blog post provided to The Hacker News.
“
We saw the long-held misconception of ‘security by obscurity’ fall away as people started sharing tooling and experiences with other members of the community. Our initial release of osquery was supported for Linux and OS X, but the community was also excited for a Windows version — so we set out to build it.
”
To get started with the OSquery developer kit for Windows, check this official
, the development environment, and a single
. The build is easy to install, and you can start coding right away.
You can read the full documentation of the development process of the OSquery developer kit for Windows on the
by Trail of Bits.
via https://ift.tt/2ddd1TW
The Enterprise Mobility and Security blog posted the first of a new series of informational articles that will be delving deeper into the new conditional feature.
via https://ift.tt/2dq7IiT
Today’s savvy bank robbers don’t break into vaults looking for gold or diamonds: They’re more likely to be hacking networks looking for access to the Swift payment system. Illusive Networks wants to catch them in the act.
via https://ift.tt/2dfAmpQ
OWASP Offensive Web Testing Framework is a project focused on penetration testing efficiency and alignment of security tests to security standards like: The OWASP Testing Guide (v3 and v4), the OWASP Top 10, PTES and NIST.
The purpose of this tool is to automate the manual and uncreative parts of pen testing. For example, Figuring out how to call “tool X” then parsing results of “tool X” manually to feed “tool Y” and so on is time consuming.
By reducing this burden we hope pen testers will have more time to:
This tool is however not a silver bullet and will only be as good as the person using it. Understanding and experience will be required to correctly interpret the tool output and decide what to investigate further in order to demonstrate the impact.
You can download OWASP OWTF here:
|
|
wget –N https://raw.githubusercontent.com/owtf/bootstrap-script/master/bootstrap.sh; bash bootstrap.sh |
Or read more here.
via https://ift.tt/2dpJqsK
(IN)SECURE Magazine is a free digital security publication discussing some of the hottest information security topics. Issue 51 has been released today.
via https://ift.tt/2cIYmjt