FTC Posts Third Blog in Its “Stick with Security” Series

Hunton Privacy

On August 4, 2017, the FTC published the third blog post in its “Stick with Security” series. The blog post notes that just as business owners lock doors to prevent physical access to business premises and shield company proprietary secrets from unauthorized eyes, they should exercise equal care with respect to access to sensitive customer and employee data. The FTC’s next blog post, to be published Friday, August 11, will focus on secure passwords and authentication.

Weekly podcast: Memcached DDoS attacks, Equifax (once again) and Alexa

IT Governance

An Akamai blog explained that memcached is “meant to cache data and reduce strain on heavier data stores […] and is only intended to be used on systems that are not exposed to the Internet”. According to Akamai, there are “currently more than 50,000 known vulnerable systems exposed”.

Simplify records management while improving information governance

OpenText Information Management

Challenge: Your organization has many users involved in the lifecycle management of important information assets–from knowledge workers to legal associates to system administrators and, yes, Records Managers.

Nick Jovanovic, VP Federal of Thales eSecurity Federal, Speaks to Media about Data Security

Thales eSecurity

An excerpt from Federal Tech Talk’s post-interview blog may be found below. He suggests that protecting data that is on your system should be the focus.

FireEye experts found source code for CARBANAK malware on VirusTotal?

Security Affairs

” reads a blog post published by FireEye. Hladyr is suspected to be a system administrator for the group. Cybersecurity researchers from FireEye revealed that the Carbanak source code has been available on VirusTotal for two years, and none noticed it before.

A Russian cyber vigilante is patching outdated MikroTik routers exposed online

Security Affairs

Alexey is a Russian-speaking cyber vigilante that decided to fix the MikroTik routers and he claims to be e system administrator. Alexey described his activity on a Russian blogging platform, he explained he hacked into the routers to change settings and prevent further compromise.

Mining 102

FireEye experts found source code for CARBANAK malware on VirusTotal?

Security Affairs

” reads a blog post published by FireEye. Hladyr is suspected to be a system administrator for the group. Cybersecurity researchers from FireEye revealed that the Carbanak source code has been available on VirusTotal for two years, and none noticed it before.

Brazil expert discovers Oracle flaw that allows massive DDoS attacks

Security Affairs

In this type of distributed denial of service (DDoS) attack, the malicious traffic generated with the technique is greater than the once associated with the use of memcached, a service that does not require authentication but has been exposed on the internet by inexperienced system administrators.

New Linux/DDosMan threat emerged from an evolution of the older Elknot

Security Affairs

2014), as described on the MMD blog when MMD detected 5 variants active under almost 15 panels scattered in China network. On the MMD blog. Figure 1: The ARM version of Elknot malware on MMD blog.

More Cloud Means More Multi-Tenant Environments

Thales eSecurity

To ensure a secure multi-tenant environment for consolidation, you need a solution that: adequately isolates security for specific tenants or customers; authorizes access to the data itself without allowing even systems administrators or privileged users to see the data; and.

Cloud 90

Only now we known that International Civil Aviation Organization (ICAO) was hacked in 2016

Security Affairs

” reported a blog post published by ESET. “Mail server, domain administrator and system administrator accounts were all affected, giving cyberespions access to the past and current passwords of more than 2,000 ICAO system users.

Stealing computing power: A growing trend in cyber crime that can target all Internet-connected devices

CGI

What is most alarming is that, in addition to advanced cyber attacks aimed at elaborate systems, criminals will use any device connected to the Internet – for example, your mobile phone or a remotely controlled heat pump. Is it just one device or a whole system?

First Multistate HIPAA Data Breach Lawsuit May Signal Increased State Interest in Data Security Enforcement

Data Matters

million individuals from the Company’s systems. According to the complaint, over a period of 19 days, hackers were able to infiltrate the Company’s computer systems. They argue that the Company failed to protect its computer systems adequately, take steps to prevent the breach, disclose material facts to consumers, and provide timely and adequate notice, among other things.

Georgia Governor Vetoes Broad-Reaching Computer Crime Bill, Highlighting Debate Around Bug Bounty Programs

Data Matters

Specifically, researchers believed that the current version of SB 315 could chill security research—both the purely academic and the “white hats”—ultimately discouraging individuals from identifying vulnerabilities in networks and alerting system administrators of the issues. Organizations have employed bug bounty programs in an effort to encourage researchers to report security flaws in their systems.

Trust, but Verify: Keeping Watch over Privileged Users

Thales eSecurity

Privileged users today can include a multitude of people from system administrators, network engineers, and database administrators, to data center operators, upper management, and security personnel.

Laying the foundation for cybersecurity

CGI

A system administrator did not apply a patch. The guidelines and standards developed at that time, which introduced the Confidentiality, Integrity and Availability model, still apply to any technology used to process and store information, whether it be a mobile device, a sensor, a process control system, etc. The basic tenets of securing systems and data still apply. Blog moderation guidelines and term of use Laying the foundation for cybersecurity.

DB2 for z/OS: Monitoring Prefetch Read Activity

Robert's Db2

My analysis of the figures suggested that the system administrators were concerned by numbers that were in fact positive in nature; however, I also saw prefetch items that really were troublesome, and I subsequently learned that these were likely due to a buffer pool configuration change that had been made to improve application performance but ended up working towards the opposite end.

DB2 for z/OS Buffer Pool Enlargement is NOT Just an Elapsed Time Thing

Robert's Db2

A couple of weeks ago, I got a question from a mainframe DB2 DBA about the impact of DB2 buffer pool enlargement on application and system performance. I/O assist processors are great, and they are one reason that System z has long excelled as a platform for I/O-intensive applications, but general-purpose engines (and zIIP engines, for that matter) still have to shoulder some of the read/write load. That time period could capture a "peak" of system activity (e.g.,