Network Security | SC Media

Network Security

The death of the VPN – It’s time to say goodbye

Virtual private networks, VPNs, have often been referred to as the “backbone of the enterprise network.”  This is a bold statement to make about a technology that essentially hasn’t changed in almost over two decades.  And yet, a VPN’s ability to offer employees, third parties and even customers “secure” remote access into enterprise applications and…

Mozilla’s latest Firefox releases fix 22 vulnerabilities


The Mozilla Foundation yesterday issued version 66 of Firefox and 60.6 of Firefox Extended Support Release (ESR), in the process patching 22 vulnerabilities between them, five of them critical. Four of the five most severe flaws were found in both the standard and ESR versions of the web browser. This includes CVE-2019-9790, a use-after-free vulnerability…

Improve cybersecurity program reporting with time-based metrics


As executives allocate an increasing amount of funds to security efforts, they want tangible evidence that their investment is worthwhile. However, this poses a challenge for security teams because when programs are successful, there’s often nothing to report, such as data breaches, email outages, loss of service, or locked out users. This makes it hard…

Report: Chinese e-retailer Gearbest leaves database exposed, endangering 1.5 million records


The parent company of Chinese e-retailing giant Gearbest has been operating a completely unsecured corporate database, leaving roughly 1.5 million customer records unencrypted and exposed to the public, a new report warns. Led by white-hat hacker Noam Rotem, researchers from VPNMentor revealed the security issue after discovering they were able to access Gearbest’s customer, order,…

HHS CISO discusses new threat briefings and alerts for health industry

HHS operating divisions must improve security controls: OIG report


The U.S. Department of Health and Human Services must improve network security controls at its eight operating divisions (OPDIVs) and fix a series of vulnerabilities discovered during an audit, according to a summary report issued earlier this month by the Office of Inspector General (OIS). The audit, conducted back in 2016 and 2017 by a…

NYU, NYC Cyber Command conduct inaugurate training exercise in new Brooklyn cyber range


Normally, it’s the job of the New York City Cyber Command (NYC3) to defend the city from online threats. But yesterday, its members were actually the ones dishing out the punishment, lobbing a series of attacks at a group of 25-30 New York University cybersecurity graduate students. These besieged “Cyber Fellows” were participating in a…

Australian cyber start-ups embark on New York trade mission, pitch to VCs


Australia isn’t particularly well-known for being a hotbed of cybersecurity technology the way Silicon Valley or Israel is. Not yet, anyway. But late last month executives representing a group of Australian cyber start-ups traveled all the way to New York to pitch their products to a panel of venture capitalists for the opportunity to secure…

Ransomware attack targets college admissions data


Threat actors launched ransomware attacks against three U.S. colleges seizing the data on students applying for admission to the schools and demanded 1 Bitcoin or approximately $3,800 from students to retrieve their “entire admission file.” Attackers targeted Oberlin College in Ohio, Grinnell College in Iowa, and Hamilton College in New York to seize teacher recommendations,…

Is PSD2 the next GDPR? Not quite, but…(video)


The finance, banking and payment services industries have until September 2019 to comply with PSD2, a revised set of European Union regulations that give consumers more options and safer ways to make payments online. At RSA 2019, Geoff Sanders, director of product at anti-fraud and MFA company iovation (and former co-founder and CEO of iovation…

Next post in SC Videos