In this week’s Risk & Repeat podcast, SearchSecurity editors discuss the recent bitcoin boom and how the cryptocurrency’s rising value could affect the cybersecurity landscape.
The bitcoin boom that saw a dramatic rise in the cryptocurrency’s value in recent weeks could have big implications for information security.
In the last month, the price of a single bitcoin tripled, jumping from approximately $5,700 to more than $17,000. A number of factors, including interest in the opening of the first regulated bitcoin futures exchanges and a hard fork in the cryptocurrency, could be contributing to the bitcoin boom beyond a general increase in buying and selling volumes.
But the surge also comes at a time of rampant global ransomware attacks, many of which demand payment from victims in bitcoin. While some enterprises have disclosed ransomware attacks, experts generally believe that many more attacks are kept quiet.
Could cybercriminals and ransomware attacks be contributing to the bitcoin boom? What will the rising price of the cryptocurrency mean for the cybercrime economy? Will the high value of bitcoin lead to more cyberattacks on bitcoin owners and exchanges, like NiceHash, which recently lost approximately $80 million in bitcoin following a massive data breach?
SearchSecurity editors Rob Wright and Peter Loshin discuss those questions and more on the bitcoin boom in this episode of the Risk & Repeat podcast.
In this week’s Risk & Repeat podcast, SearchSecurity editors discuss the rise of accidental data breaches following a series of enterprise exposures of user data online.
Data breaches are so common these days that some of them don’t even include threat actors or malware of any kind.
Troy Hunt, security researcher and creator of the website HaveIbeenpwned.com, recently testified before Congress in a hearing titled “Identity Verification in a Post-Breach World,” in which he discussed how organizations are often committing accidental data breaches. Such incidents typically involve enterprises mistakenly making corporate or user data public on the internet through cloud services, web services and other technologies.
Hunt’s testimony comes on the heels of a number of accidental data breaches via Amazon Web Services (AWS); several organizations, including the NSA and U.S. Army, have exposed sensitive data through misconfigured instances of AWS’ Simple Storage Service. More recently, Kromtech Security Center revealed that mobile app developer Ai.type exposed more than 370 million personal records of users, including, in some cases, users’ contact lists, through a misconfigured MongoDB database.
During the congressional hearing last week, Rep. Morgan Griffith (R-Va.) asked Hunt why these accidental breaches keep happening. “Is it really that easy to accidentally share your cloud services with the world?” Griffith asked.
“The simple answer to the last question is, yes, it is that easy,” Hunt said. “It’s very often just a simple misconfiguration.”
Why are enterprises committing so many accidental breaches? Do these incidents reflect a lack of security competency? Should cloud providers and software developers do more to protect customers from making these types of errors? SearchSecurity editors Rob Wright and Peter Loshin discuss those questions and more in this episode of the Risk & Repeat podcast.
In this week’s Risk & Repeat podcast, SearchSecurity editors discuss the sale of Symantec Website Security to DigiCert and what it means for Symantec’s troubled certificate business.
DigiCert Inc.’s acquisition of Symantec Website Security was completed last week, but concerns in the browser community still remain about Symantec’s SSL certificates.
DigiCert agreed to acquire the Symantec Website Security division, which includes the vendor’s public key infrastructure (PKI) business, in August, following months of negotiations between Symantec and web browser giants Google and Mozilla regarding widespread issues with the security vendor’s certificate authority. Those issues included certificate mis-issuance and a lack of proper auditing, which led Google and Mozilla to propose a removal of trust for certificates issued by Symantec Website Security.
After tense negotiations and delays, Symantec ultimately agreed to a remediation plan that would turn over its SSL certificate operations to another trusted certificate authority that would oversee issuance and validation. Instead of choosing a third-party partner, Symantec agreed to sell its PKI business to DigiCert.
However, Mozilla expressed concerns that Symantec’s old PKI operations, as well as its culture and processes, would continue to operate despite DigiCert assuming ownership of the business — DigiCert has said that all Symantec certificates will be issued and validated by DigiCert’s PKI by Dec. 1.
Questions still remain about how DigiCert will address the systemic problems within the Symantec Website Security division and when they will be resolved. SearchSecurity editors Rob Wright and Peter Loshin discuss those questions and more in this episode of the Risk & Repeat podcast.
Salesforce CEO Marc Benioff revealed a massive cloud partnership with Google to expand globally and give the company’s customers access to Google Analytics and other tools.
SAN FRANCISCO — Salesforce has a new partner, and you may have heard of them: Google.
The massive Salesforce-Google partnership was the big news out of the opening day of Dreamforce 2017 this week. The two companies have been aligned for more than 10 years, but Google Cloud is now a preferred cloud provider for Salesforce’s international expansion, and several product integrations are in the works.
Google Analytics 360 will be embedded into Sales and Marketing Clouds as early as the first half of 2018 and will be available at no additional cost. The Salesforce-Google partnership also includes Salesforce Lightning for Gmail and Google Sheets, while Quip — Salesforce’s living document product — will integrate with Google Drive and Google Calendar as live apps, allowing users to work in those apps within a Quip document. This interoperability will be generally available in the first half of 2018 for Quip enterprise license holders.
Also coming out of Day One of Dreamforce were new features and rebranding for several Salesforce products, including myEinstein, myLightning and Salesforce’s mobile app, mySalesforce.
Salesforce CEO Marc Benioff called the revamped products “a smarter, more personalized Salesforce” at the opening keynote before unveiling the Salesforce-Google partnership to the thousands watching in the keynote auditorium, as well as thousands more attendees in satellite rooms.
In addition to the Salesforce-Google partnership, Lightning was a main attraction for attendees, with two separate Lightning migration sessions at capacity Monday morning, as customers continue to try to learn how to successfully migrate from Salesforce Classic to the newer Lightning console.
SearchSalesforce also toured the Salesforce Tower, which is under construction. Get the details on that and more on the latest edition of The Pipeline podcast.
In this week’s Risk & Repeat podcast, SearchSecurity editors discuss vulnerability marketing and compare how the recent KRACK attack and ROCA flaw were publicized and promoted.
Should security vulnerabilities be marketed like products? That was the question after two major security flaws brought to light last week — the KRACK attack and the ROCA flaw — offered a contrast in the practice of vulnerability marketing.
While the KRACK attack, which exploits a vulnerability in the WPA2 protocol, received more marketing and media attention, some infosec experts argued the ROCA flaw, which affects RSA encryption in Infineon Technologies chips, was equally, if not more serious than KRACK.
Both vulnerabilities were discovered primarily by security researchers at universities, not by vendors. Yet, ROCA appeared to have taken a backseat to the KRACK attack; the latter discovery benefited from vulnerability marketing efforts, which included a dedicated website and promotional efforts to raise awareness of the WPA2 flaw.
What are the potential drawbacks of vulnerability marketing? Should the researchers that discovered the ROCA flaw have done more to promote their findings, or is the infosec community treating vulnerabilities too much like products? SearchSecurity editors Rob Wright and Peter Loshin discuss those questions and more in this episode of the Risk & Repeat podcast.
HR tech expert Josh Bersin talks in a podcast from the HR Technology 2017 conference about the top disruptions — including productivity, design and intelligence — he sees for 2018.
LAS VEGAS —HR tech trends and disruptions in 2018 will converge around productivity, design and intelligence in HR tech applications, according to analyst Josh Bersin.
Bersin, principal and founder of Bersin by Deloitte, the research arm of Deloitte Consulting’s human capital business, is a veteran, keen observer of HR tech trends, and his analyses of the industry carry weight.
He is bullish on the innovation that is bursting out of startup HR tech software companies, though he also tracks the dominant human capital management (HCM) and ERP systems he sees as having established themselves firmly in the cloud.
In this SearchHRSoftware podcast, recorded at Deloitte’s booth on the animated expo floor of the 20th annual HR Technology Conference & Exposition, Bersin elaborated on the key takeaway points from the report, all encapsulated in an infographic. Bersin gave the closing keynote at the show, the country’s biggest HR tech conference.
The 10 disruptions and trends Bersin laid out in the infographic as the major HR technology trends for 2018 are the following:
Josh Bersinprincipal and founder of Bersin by Deloitte
New focus on tools for workforce productivity. These team-based communication tools are mobile-enabled and look like social networking platforms.
ERP and HCM move to the cloud, as the talent market reinvents itself. Bersin said he now sees the talent management components of larger core HCM platforms more as “team management” systems.
Continuous performance management has arrived. Employers are looking for CPM tools that adapt as people move between projects and teams; some of the leading products are built by game designers and are “easy to use, agile and data-driven,” Bersin said.
Explosion of feedback, pulse survey and analytics tools. This is about maintaining a positive employee experience.
Reinvention of corporate learning is here. Bersin said he thinks learning management systems are very important, and the learning market is seeing dramatic growth.
The recruiting market is changing rapidly. “Hiring people is by far the most important thing companies do,” Bersin wrote in the report. Video assessment of job candidates is growing quickly.
The well-being market is exploding. The digital benefits side is one of the newest HR technology trends; tech-based wellness and health coaching, biometrics using wearable devices, and self-assessments are all part of it.
The people analytics market has grown and matured. A “must-have,” Bersin said, this HR tech segment includes three crucial segments to watch. They are embedded analytics, artificial intelligence — the big tech buzz at the conference — and organizational network analysis.
Intelligent self-service, communications and employee experience tools are self-service platforms based on emerging technologies that use cognitive, conversational, intelligent systems that are similar to already widely used voice recognition software, Bersin noted.
HR departments are becoming digital and innovative. “Innovation is now coming from HR departments themselves,” according to Bersin.
Let’s watch how all these HR tech trends and Bersin-identified disruptions play out in 2018, as the HR tech market churns forward at a rapid pace.
In this week’s ‘Risk & Repeat’ podcast, SearchSecurity editors discuss the U.S. government’s Kaspersky ban and how competitors like McAfee are trying to capitalize on it.
The ongoing controversy surrounding the U.S. government’s ban on antivirus vendor Kaspersky Lab took another ugly turn, thanks to a competitor.
Last week, it was revealed that McAfee, formerly Intel Security, was using the Kaspersky ban to promote its McAfee Total Protection software. Specifically, the promotion highlighted the fact that McAfee is headquartered in the U.S., while Kaspersky is based in Russia. It also included an inflammatory headline, which claimed, “FBI advises removal of Kaspersky for suspected ties to Russia spies.” McAfee has since changed the promotion page, but not before Kaspersky Lab CEO Eugene Kaspersky criticized the vendor’s actions on Twitter.
McAfee joins the #cybersecurity hall of shame pic.twitter.com/7gyXdn8kT4
— Eugene Kaspersky (@e_kaspersky)
September 20, 2017
The Kaspersky ban came amid investigations regarding the Russian government’s alleged interference in the 2016 presidential election. While there’s no evidence of wrongdoing, the Department of Homeland Security this month ordered every federal agency to remove Kaspersky products from their systems within 90 days.
Should antivirus competitors try to capitalize on the Kaspersky ban? Was McAfee’s approach out of line? Is Kaspersky being treated unfairly by the U.S. government? SearchSecurity editors Rob Wright and Peter Loshin discuss those questions and more in this episode of the Risk & Repeat podcast.
Welcome back to another edition of Weekend Reading, with stories about the newly introduced Surface 3, a Next at Microsoft podcast featuring one of the “Mad Men” and the inclusion of the new Project Spartan browser in the latest build of the Windows 10 Technical Preview.
Microsoft on Tuesday announced the Surface 3, which features the same beautiful design and premium materials as Surface Pro 3 in a more compact and efficient package. At just 8.7 mm thin and weighing 1.37 pounds, the Surface 3 is the thinnest and lightest Surface yet. The 3:2 aspect screen ratio first introduced on Surface Pro 3 is also used here. It runs full Windows, including desktop applications, and includes a one-year subscription to Office 365. Surface 3 starts at $499 and will be on sale starting May 5, but is available for pre-order now. It will also be available in a mobile broadband version, Surface 3 (4G LTE).
The latest episode of the Next at Microsoft podcast is now available and fans of “Mad Men” should tune in to find out more about actor Rich Sommer, who plays Harry Crane on the show. Sommer speaks to David Chen about his gaming obsession, on both computers and physical boards. He has a collection of more than 800 of the latter. He also shares insights into his work on the show and in other TV, film and voice-over roles — like how he uses Skype to work from anywhere.
The new Project Spartan Web browser is available for the first time for Windows Insiders to try out as part of the latest Windows 10 Technical Preview build for PCs. Project Spartan is designed to work the way you do, with features enabling you to write or type on a Web page. It’s a browser made for easy sharing, reading, discovery and getting things done online. Project Spartan also includes some new rendering engine updates in this flight, including preview support for responsive images.
Microsoft released Office Lens for iPhone and Android phones Thursday, giving more smartphone users access to the popular capture app. Office Lens, one of the most popular free apps for Windows Phone users, turns your smartphone into a pocket scanner so you can digitize receipts, business cards, sticky notes and other documents.
Welcome to 2015’s first edition of Weekend Reading! We kick off the new year with stories on the bevy of Windows devices revealed at the Consumer Electronics Show, the debut of the Next at Microsoft Podcast series with a segment on George Takei and access to Office 365 to all Maryland public school students.
At the CES 2015 show in Las Vegas, Windows devices are delivering more premium choices than ever. For instance, a gaming laptop by ORIGIN PC is as well-outfitted as Major Cormack in “Call of Duty: Advanced Warfare.” All-in-one desktops save on space but deliver on style, and deluxe laptops like the ASUS T300 Chi laptop have a 12.5-inch screen that’s so thin, you could almost slice a cake with it. They’re just some of the enticing new Windows laptops, desktops, tablets and gaming PCs unveiled by hardware manufacturers this week. Nick Parker, corporate vice president of Microsoft’s OEM Division, says these devices represent a “remarkable transformation in many of the existing device categories, with new hardware designs and components that deliver new and exciting solutions for customers,” including “all-in-ones becoming portable, gaming rigs delivering righteous power, premium notebooks that are ultra-thin, light and mobile, and two-in-ones that enable fluid transformation from notebook to tablet.”
The debut of the Next at Microsoft Podcast – a series of discussions with original thinkers, innovators and tech luminaries – begins with George Takei. You know him as Mr. Sulu from “Star Trek,” but you probably also know there’s much more to him than his signature science fiction role. In real life, Takei is an advocate for human rights and marriage equality, and he has a huge following on Facebook and Twitter. Takei recently visited the Microsoft campus in Redmond to film an episode of his Web series, “Takei’s Take,” and sat down with Microsoft Editor David Chen to talk about what Takei saw on campus, including work done by a Microsoft hackathon team to help former NFL player Steve Gleason, who has ALS, use his eyes to control his wheelchair and to speed up the way he types on the computer keyboard.
Maryland State Superintendent of Schools Lillian M. Lowery, second from left, with students.
Maryland is giving all public school students access to Office 365 at both school and home, Maryland State Superintendent of Schools Lillian M. Lowery announced Thursday. The Department of Education also announced 25 new IT Academy programs for schools across the state.
Elsewhere in Office, there were new additions and expansions of previews. As Office 365 business customers discover the still-rolling out Office Delve, they can now use a new feature in it – boards. This next step makes it easier to organize all the valuable content in Delve. Use boards to group together and share related documents. If you have an ARM-based Android tablet running KitKat or Lollipop, with a screen size between seven and 10.1 inches, you can go to Google Play and download the Word, Excel and PowerPoint preview apps. Moving on to another preview, if you’re in the United States, Canada, the United Kingdom, India and a number of other countries where English is an official language, you can now download Sway for iPhone from the App Store. Sway for iPhone is already available in New Zealand and Australia.
While there were many devices unveiled at CES, we also saw the introduction of a new Nokia phone. The entry-level Nokia 215 and Nokia 215 Dual-SIM debuts for the Middle East, Africa, Asia and Europe for only $29 will come Internet-ready with social media staples preinstalled. Owners will also be able to surf the Web with Opera Mini Browser and Bing Search. Facebook and Messenger on board will make it easy to check friends’ news feeds, update status and keep in touch with others. Or, use Twitter to do the same in 140 characters.
Madefire app for Windows
The influx of apps and games for Windows Phone, PCs and tablets includes the App of the Week and the Red Stripe Deals. The App of the Week, Madefire is a free comic book reader that embeds sounds, motion and depth into digital comics and cartoons through a format called Motion Books. Its latest update unlocks their massive library so that top publishers such as DC Comics, IDW, Dark Horse and Top Cow are now available, delivering favorite classics as well as new releases updated weekly. While most holiday sales have petered out, the weekly Red Stripe Deals keep going strong, with at least 50 percent off a dozen apps and games for Windows Phone, PCs and tablets. The latest batch includes “NBA JAM” (Boomshakalaka!) and “Spirit of Wandering – The Legend HD (Full).” The newest update to “Subway Surfers” takes place in Las Vegas. For more fun on the slots, check out “Microsoft Jackpot.” And if you need to corral your Twitter activity, Tweetium can do it in a flexible, versatile design and modern layout that delivers simple searching for users and tweets, multi-window support and more than a dozen color schemes.