Information Security

New infosec products of the week: January 18, 2019

XebiaLabs launches new DevOps risk and compliance capability for software releases The XebiaLabs DevOps Platform provides a single pane of glass for technical and business stakeholders to track the release chain of custody across the end-to-end CI/CD toolchain, from code to production. And, with visibility into security and compliance issues, teams can take action to ensure that release failure risks, security vulnerabilities, and IT governance violations are resolved early in the software delivery cycle. ExtraHop … More →

The post New infosec products of the week: January 18, 2019 appeared first on Help Net Security.

Weekly [Discussion] Thread

Pull up a chair and put that work away, it's Friday! /r/Tasker open discussion starts now

Allowed topics - Post your tasks/profiles

  • Screens/Plugins

  • "Stupid" questions

  • Anything Android

Happy Friday!

submitted by /u/AutoModerator
[link] [comments]

Long-Range RFID With Feedback

Hack a Day - 8 hours 44 min ago

Not long ago, we published an article about researchers adding sensor data to passive RFID tags, and a comment from a reader turned our heads to a consumer/maker version which anyone can start using right away. If you’re catching up, passive RFID technology is behind the key fobs and stickers which don’t need power, just proximity to the reader’s antenna. This is a much “hackier” version that works with discrete signals instead of analog ones. It will not however require writing a new library and programming new tags from the ground up just for the user to get started, so there is that trade-off. Sparkfun offers a UHF reader which can simultaneously monitor 25 of the UHF tags shown in this paper.

To construct one of these enhanced tags, the antenna trace is broken and then routed through a switching device such as a glass-break sensor, temperature limit switch, doorbell, or light sensor. Whenever continuity is restored the tag will happily send back its pre-programmed data, and the reader will acknowledge that somewhere one of the tags is seeing some activity. Nothing says this could not be applied to inexpensive RFID readers should you just want a temperature warning for your gecko terrarium or light sensor to your greenhouse‘s sealed controller.

Thank you, [Mike Massen], for your tip on RFID Doing More Than ID.

New requirements for the secure design and development of modern payment software

The PCI Security Standards Council (PCI SSC) published new requirements for the secure design and development of modern payment software. The PCI Secure Software Standard and the PCI Secure Lifecycle (Secure SLC) Standard are part of a new PCI Software Security Framework, which includes a validation program for software vendors and their software products and a qualification program for assessors. The programs will be launched later in 2019. “Innovation in payments is moving at an … More →

The post New requirements for the secure design and development of modern payment software appeared first on Help Net Security.

Protecting privileged access in DevOps and cloud environments

While security strategies should address privileged access and the risk of unsecured secrets and credentials, they should also closely align with DevOps culture and methods to avoid negatively impacting developer velocity and slowing the release of new services. Example of tools in the DevOps pipeline Despite this, 73 percent of organizations surveyed for the 2018 CyberArk Global Advanced Threat Landscape report have no strategy to address privileged access security for DevOps. Key recommendations The report … More →

The post Protecting privileged access in DevOps and cloud environments appeared first on Help Net Security.

Risk managers see cybersecurity as the biggest threat to business

Sword GRC canvassed amost 150 risk managers from highly risk-aware organizations worldwide for their opinions. Overall, cybersecurity was seen as the biggest risk to business by a quarter of organizations. In the UK, Brexit and the resulting potential economic fall-out was cited as the biggest risk to business by 14% of risk managers. The most notable regional variation was in the US where 40% of organizations see cybersecurity as the most threatening risk. The most … More →

The post Risk managers see cybersecurity as the biggest threat to business appeared first on Help Net Security.

Friday fun fact: If Stegosauruses had space telescopes, they wouldn't have seen any rings around Saturn

The Register - 9 hours 32 min ago
Bet you were expecting a rude ring pun here? Well, not today

Saturn’s characteristic rings may only be as old as 100 million years, and thus formed during a time when dinosaurs still roamed on Earth.…

When do you think we'll reach the smartphone plateau?

Android - Thu, 01/17/2019 - 23:49

I remember the days whenever there's a new phone, I would be always on the fence on buying it because it has something new or different to offer from what I currently had.

Now, phones are reaching a point where they almost look the same and offer the same sets of features with unnoticeable performance bumps.

For me, it's starting to feel that the Golden Age of smartphones were from 2012-2016.

What do you think will be next?

submitted by /u/VobraX
[link] [comments]

Amazon Web Services announces AWS Backup

(IN)SECURE Magazine Notifications RSS - Thu, 01/17/2019 - 22:30

Amazon Web Services released AWS Backup, a backup service that makes it faster and simpler for customers to back up their data across AWS services and on-premises, helping customers meet their business and regulatory backup compliance requirements. AWS Backup makes protecting storage volumes, databases, and file systems easier by giving customers a single service to configure and audit the AWS resources they backup, automate backup scheduling, set retention policies, and monitor recent backups and restores … More →

The post Amazon Web Services announces AWS Backup appeared first on Help Net Security.

Immuta expands GRC expertise to help enterprises build data science programs

(IN)SECURE Magazine Notifications RSS - Thu, 01/17/2019 - 22:00

Immuta revealed that financial services industry veteran Richard Geering has joined as the company’s Vice President of Governance, Risk, and Compliance (GRC), reporting to CEO Matthew Carroll. Richard joins Immuta from the Royal Bank of Canada (RBC), where he served as Chief Operational Risk Officer for Investor and Treasury Services. He brings 25 years of experience in financial services and risk management, with broad domain knowledge in data analytics. Working alongside Immuta’s product and sales … More →

The post Immuta expands GRC expertise to help enterprises build data science programs appeared first on Help Net Security.

Designing A Toilet Roll Holder

Hack a Day - Thu, 01/17/2019 - 22:00

Everything needs to be designed, at one point or another. There are jobs for those who design kitchens, and stadiums, and interplanetary spacecraft. However, there are also jobs for those who design cutlery, hose fittings, and even toilet roll holders. [Eric Strebel] is here to share just such a story.

[Eric] covers the whole process from start to finish. In the beginning, a wide variety of concepts are drawn up and explored on paper. Various ideas are evaluated against each other and whittled down to a small handful. Then, cardboard models are created and the concepts further refined. This continues through several further phases until it gets down to the fun part of choosing colours and materials for the final product.

Watching the effects of cost and manufacturing process shape the finished item is instructive as to how the design process works in the real world. The toilet paper holder itself is an interesting unit, too – using adjustable magnetic detents to enable one-handed use, as well as including a cell phone holder.

We’ve seen [Eric]’s work before – such as his primer on the value of cardboard in design. Video after the break.

 

 

Old bugs, new bugs, red bugs … yes, it's Oracle mega-update day again

The Register - Thu, 01/17/2019 - 21:56
Out of 284 flaws, 33 are rated critical. Big Red admins have big patches ahead

Oracle admins, here's your first critical patch advisory for 2019, and it's a doozy: a total of 284 vulnerabilities patched across Big Red's product range, and 33 of them are rated “critical”.…

Advanced Fraud Solutions partners with Q6 Cyber to fight card fraud

(IN)SECURE Magazine Notifications RSS - Thu, 01/17/2019 - 21:30

Advanced Fraud Solutions and Q6 Cyber unveiled that they have partnered to integrate Q6 data feeds directly into the TrueCards fraud prevention software platform. TrueCards is a tool allowing financial institutions’ fraud teams to monitor card holder transactions for test sites, breaches, and common points of compromise (CPC). Q6 Cyber employs an approach to monitoring the “Digital Underground,” including the DarkWeb and DeepWeb. Leveraging years of law enforcement and intelligence experience in the dark corners … More →

The post Advanced Fraud Solutions partners with Q6 Cyber to fight card fraud appeared first on Help Net Security.

Onapsis signs agreement to acquire ERP cybersecurity company Virtual Forge

(IN)SECURE Magazine Notifications RSS - Thu, 01/17/2019 - 21:00

Onapsis has entered into a definitive agreement to acquire privately-held Virtual Forge, headquartered in Heidelberg, Germany. Onapsis’s platform is the cybersecurity solution that protects the ERP systems and business-critical applications of the world’s largest organizations. Founded in 2006, Virtual Forge is the provider of solutions to prevent, detect and remediate cybersecurity and compliance risks in customizations and extensions of SAP applications. The combination of Onapsis and Virtual Forge will empower customers to have visibility, incident … More →

The post Onapsis signs agreement to acquire ERP cybersecurity company Virtual Forge appeared first on Help Net Security.

Got a Drupal-powered website? You may want to get patching now...

The Register - Thu, 01/17/2019 - 20:45
Open-source CMS gets a pair of critical fixes

Drupal has issued a pair of updates to address two security vulnerabilities in its online publishing platform. The vulns are a little esoteric, and will not affect most sites, but it's good to patch just in case you later add functionality that can be exploited.…

Pages