Security News This Week: A Deluge of Mega-Breaches Dumps on the Dark Web

Security News This Week: A Deluge of Mega-Breaches Dumps on the Dark Web

Each Saturday we round up the news stories that we didn’t break or cover in depth at WIRED, but which deserve your attention nonetheless. The post Security News This Week: A Deluge of Mega-Breaches Dumps on the Dark Web appeared first on WIRED.
Uncategorized

OpenStack Security Project Continues to Help Secure the Cloud

The leader of the OpenStack Security Project details technologies and processes now in place to help build, configure and deploy the cloud securely.


RSS-1

Microsoft explains which cloud security problems are your problem

The new Shared Responsibilities for Cloud Computing (PDF) paper can be summarised pretty easily: Cloud problems no problem once you …


RSS-1

The top 12 cloud security threats

Enterprises are no longer sitting on their hands, wondering if they should risk migrating applications and data to the cloud. They’re doing it — but security remains a serious concern.

The first step in minimizing risk in the cloud is to identify the top security threats.

As the RSA Conference last week, the CSA (Cloud Security Alliance) listed the “Treacherous 12,” the top 12 cloud computing threats organizations face in 2016. The CSA released the report to help both cloud customers and providers focus their defensive efforts.

To read this article in full or to leave a comment, please click here

Network World Cloud Computing


RSS-4

Computer Scientist Seeks Stronger Security Shroud for the Cloud

Dr. Zhiqiang Lin, of the Erik Jonsson School of Engineering and Computer Science at UT Dallas, is working to advance the field of cloud computing, …

Cloud Computing


RSS-5

Computer Scientist Seeks Stronger Security Shroud for the Cloud

Dr. Zhiqiang Lin, of the Erik Jonsson School of Engineering and Computer Science at UT Dallas, is working to advance the field of cloud computing, …

Cloud Computing

All articles


RSS-5

IDG Contributor Network: IoT security will soon be common in the enterprise, Gartner says

A fifth of all businesses will have deployed IoT-related security by the end of 2017, analyst Gartner thinks.

Dedicated digital security services that are committed to “protecting business initiatives using devices and services in the Internet of Things” will be in place by then, the research and advisory company says.

Gartner made the statement in a press release on its website in relation to a security and risk management summit earlier this month in Mumbai.

‘Reshape IT’

“The IoT redefines security,” Ganesh Ramamoorthy, research vice president at Gartner, said in the press release.

To read this article in full or to leave a comment, please click here


All articles

Are your biggest security threats on the inside?

The now infamous Ashley Madison website has had a pretty successful run at helping its clientele be disloyal. So perhaps some would view it as poetic justice if the website became one of the most scandalous breaches in history at the hands of one of its own. 

At least that is the conclusion of IT security analyst John McAfee, who noted recently “yes, it is true. Ashley Madison was not hacked – the data was stolen by a woman operating on her own who worked for Avid Life Media.” 

If true, the fact that the Ashley Madison breach was due to an internal, and not external, threat shouldn’t come as too big a surprise. Many IT security studies this year have pointed to the growing threat of insider data theft and corporate breaches. 

To read this article in full or to leave a comment, please click here


All articles

Computer Scientist Seeks Stronger Security Shroud for the Cloud

Dr. Zhiqiang Lin, of the Erik Jonsson School of Engineering and Computer Science at UT Dallas, is working to advance the field of cloud computing, …


RSS-1

NSA director just admitted that government copies of encryption keys are a big security risk

NSA chief Michael S. Rogers speaks at Fort Meade.

The director of the NSA, Admiral Michael Rogers, just admitted at a Senate hearing that when Internet companies provide copies of encryption keys to law enforcement, the risk of hacks and data theft goes way up.

The government has been pressuring technology companies to provide the encryption keys that it can use to access data from suspected bad actors. The keys allow the government “front door access,” as Rogers has termed it, to secure data on any device, including cell phones and tablets.

Rogers made the statement in answer to a question from Senator Ron Wyden at the Senate Intelligence Committee hearing Thursday.

Screen Shot 2015-09-24 at 2.06.46 PMWyden:  “As a general matter, is it correct that anytime there are copies of an encryption key — and they exist in multiple places — that also creates more opportunities for malicious actors or foreign hackers to get access to the keys?

Screen Shot 2015-09-24 at 2.07.12 PMRogers: Again, it depends on the circumstances, but if you want to paint it very broadly like that for a yes and no, then i would probably say yes.”

View the exchange in this video.

Security researchers have been saying for some time that the existence of multiple copies of encryption keys creates huge security vulnerabilities. But instead of heeding the advice and abandoning the idea, Rogers has suggested that tech companies deliver the encryption key copies in multiple pieces that must be reassembled.

From VentureBeat

Get faster turnaround on creative, more testing, smarter improvements and better results. Learn how to apply agile marketing at our roadshow in SF.

“The NSA chief Admiral Rogers today confirmed what encryption experts and data scientists have been saying all along: if the government requires companies to provide copies of encryption keys, that will only weaken data protection and open the door for malicious actors and hackers,” said Morgan Reed of the App Association in a note to VentureBeat.

Cybersecurity has taken center stage in the halls of power this week, as Chinese president Xi Jinping is in the U.S. meeting with tech leaders and President Obama.

The Chinese government itself has been linked with various large data hacks on U.S. corporations and on U.S. government agencies. By some estimates, U.S. businesses lose $ 300 billion a year from Chinese intellectual property theft.

One June 2nd, the Senate approved a bill called the USA Freedom Act, meant to reform the government surveillance authorizations in the Patriot Act. The Patriot Act expired at midnight on June 1st.

But the NSA has continued to push for increased latitude to access the data of private citizens, both foreign and domestic.


All articles

Google Says Google Drive Now Has 1 Million Customers, Improves Security To Get More

Prior to the ISO certification, Google Drive has been certified as compliant with the SOC 2 and SOC 3 security standards for cloud computing.


RSS-1

Global Cloud Database Security Software Market – By End User Industry, Vendors and Geography …

NEW YORK, Sept. 24, 2015 /PRNewswire/ — Proliferation of cloud computing in the market has been remarkable as benefits gained from cloud based …


RSS-1

White House Concludes Four Days Of Cyber Security Meetings With Top Chinese Officials

The White House announced yesterday that senior U.S. and Chinese officials had just concluded four days of meetings on cyber security and other issues.


Cloud Computing