/ By Fahmida Y. Rashid / 0 Comments

Microsoft wants to stop supporting its Enhanced Mitigation Experience Toolkit (EMET) because all of the security features have been baked into Windows 10. A vulnerability analyst says Windows with EMET offers additional protection not available in standalone Windows 10.

"Even a Windows 7 system with EMET configured protects your application more than a stock Windows 10 system," said Will Dormann, a vulnerability analyst with the Computer Emergency Response Team (CERT) at Carnegie Mellon University’s Software Engineering Institute.

To read this article in full or to leave a comment, please click here

/ By Peter Sayer / 0 Comments

For Hewlett Packard Enterprise, turnabout is fair play in the cloud.

HPE originally pitched its Synergy line of "composable" IT infrastructure as a way to bring the flexibility of cloud services to on-premises systems. Now it's turning that story around, putting those same Synergy components -- and some new ones -- into the public cloud with the goal of simplifying hybrid IT management.

The new components of Synergy made their debut in London on Tuesday at HPE Discover, an event for the company's customers and partners.

To read this article in full or to leave a comment, please click here

/ By John Ribeiro / 0 Comments

The San Francisco Municipal Transportation Agency said late Monday that no data had been accessed from its servers in a ransomware attack on the Muni transit system and the agency has never considered paying the ransom asked by the attacker.

The statement by the SFMTA follows reports that the alleged attacker has threatened to dump 30GB of data stolen from the agency if the ransom of the equivalent of about $73,000 in bitcoin was not paid.

“The SFMTA network was not breached from the outside, nor did hackers gain entry through our firewalls,” the agency’s spokeswoman Kristen Holland wrote in a blog post. She did not mention how the ransomware had gotten to the SFMTA systems, though there is the possibility that it may have been activated through a link in an email or a web link by an unsuspecting insider.

To read this article in full or to leave a comment, please click here

/ By David Linthicum / 0 Comments

Remember the last technology bubble? It left many investors poorer, with enterprises and technology providers scratching their heads as to what went wrong.

While the investors and entrepreneurs could simply move on to the next venture, many enterprises were stuck with dead technology that cost a great deal to replace. Lesson learned? Not really. Sixteen years later, history seems to be repeating itself around cloud computing.

Why is this happening? Funding is plentiful right now, and VCs are willing to take risks rather than keep their investors' money out of play. Thus, companies with a cloud technology idea that should really not be funded will get funding.

To read this article in full or to leave a comment, please click here

/ By Roger A. Grimes / 0 Comments

I received the following “domain abuse notice” for one of my inactive registered domains last week:

domain abuse notice

Those of us who have dealt with falsely blacklisted domains in the past have seen notices like this before. It’s usually from an antispam vendor or service letting you know that your domain has been used in a spam attack—and they’re going to put you on one or more mailing blacklists until you resolve the problem.

I hate spam blacklists. Although well intentioned, they tend to be reports on false positives rather than domains used to send spam. Lately, antispam services and products have become quite good, and it’s a rarity for me to get these types of reports, false or not. Plus, I bought this particular name a few months ago, and it has remained completely inactive in that time.

To read this article in full or to leave a comment, please click here

/ By Fahmida Y. Rashid / 0 Comments

Broken authentication, improperly secured configuration files, and poor certificate management: Attackers could have exploited these issues to compromise any RHEL (Red Hat Enterprise Linux) instance on Microsoft Azure.

Ian Duffy, an Irish software engineer with the e-commerce company Zalando, discovered these flaws when creating a machine image of RHEL that was compliant with the Security Technical Implementation Guide defined by the Department of Defense. Microsoft has since fixed these problems, but they offer an object lesson in the hazards of poorly implemented cloud security.

To read this article in full or to leave a comment, please click here

/ By Serdar Yegulalp / 0 Comments

With the PC market tapped out and in a perpetual slump and the cloud market a tough fight for customers, Microsoft's on the prowl for new frontiers.

In that spirit, the company announced last week an effort to create a quantum computer, an amalgam of exotic hardware and specialized software that will allow parallel computations at speeds orders of magnitude beyond what conventional silicon can provide.

An announcement like this would once have been easy to blow off as a science-fiction self-indulgence. But in the last couple of years, quantum computing has become a field of serious study for big-name enterprise IT companies. Here are four big takeaways from Microsoft's plunge into what may prove to be a very deep pool.

To read this article in full or to leave a comment, please click here

/ By John Ribeiro / 0 Comments

San Francisco’s Muni transit system was reportedly hit by ransomware since Friday, leading to the message “You Hacked, ALL Data Encrypted” being displayed on the computer screens at stations, according to newspaper reports.

The message asked that cryptom27 at yandex.com should be contacted for the key to unlock the data.

Fare payment machines at stations also displayed that they were “out of service,” and San Francisco's Municipal Railway, widely known as Muni, was allowing free rides on its light-rail vehicles as it was unable to charge customers, according to the Examiner.

To read this article in full or to leave a comment, please click here

/ By InfoWorld Security / 0 Comments
CSO Editor-in-Chief Joan Goodchild sits down with Kevin O'Brien, founder and CEO of GreatHorn, to discuss ways that security leaders can fend off spear phishing attempts aimed at the executives at their companies.
/ By Fahmida Y. Rashid / 0 Comments

There are two types of open source projects: those with corporate sponsorship and those that fall under the “labor of love” category. Actually, there’s a third variety: projects that get some support but have to keep looking ahead for the next sponsor.

Some open source projects are so widely used that if anything goes wrong, everyone feels the ripple effects. OpenSSL is one such project; when the Heartbleed flaw was discovered in the open source cryptography library, organizations scrambled to identify and fix all their vulnerable networking devices and software. Network Time Protocol (NTP) arguably plays as critical a role in modern computing, if not more; the open source protocol is used to synchronize clocks on servers and devices to make sure they all have the same time. Yet, the fact remains that NTP is woefully underfunded and undersupported.

To read this article in full or to leave a comment, please click here