Internal tests from a leading industry vendor have shown that fixes applied to servers running Linux or Windows Server aren’t as detrimental as initially thought, with many use cases seeing no impact at all. The Meltdown and Spectre vulnerabilities, first documented in January, seemed like a nightmare for virtualized systems, but that is overblown. There […]
Penn State secures building automation, IoT traffic with microsegmentation
It was time to get a handle on BACnet traffic at Penn State. BACnet is a communications protocol for building automation and control (BAC) systems such as heating, ventilating and air conditioning (HVAC), lighting, access control and fire detection. Penn State standardized on BACnet because of its openness. [ For more on IoT see tips […]
13 flaws found in AMD processors, AMD given little warning
It’s probably a good thing AMD didn’t rub Intel’s nose in the Meltdown and Spectre flaws too much because boy, would it have a doosy of a payback coming to it. A security firm in Israel has found 13 critical vulnerabilities spread across four separate classes that affect AMD’s hot new Ryzen desktop and Epyc […]
What do ogres, onions and SD-WAN security have in common? Layers!
Remember this scene from the movie Shrek? The big ogre was explaining to Donkey that ogres are very complicated, and like onions, they have layers. Donkey, of course, didn’t like the analogy because not everyone likes onions and would have preferred cake as everyone likes cake, but he did seem to understand that ogres did indeed […]
New Spectre derivative bug haunts Intel processors
Intel just can’t catch a break these days. Researchers at Ohio State University have found a way to use the Spectre design flaw to break into the SGX secure environment of an Intel CPU to steal information. SGX stands for Software Guard eXtensions. It was first introduced in 2014 and is a mechanism that allows applications […]
IDG Contributor Network: What to understand about health care IoT and its security
As we have seen, the Internet of Things will disrupt and change every industry and how actors within it do business. Along with new paradigms in services and products that one can offer due to the proliferation of IoT, come business risks as well as heightened security concerns – both physical and cyber. In our […]
Scammers spoof Office 365, DocuSign and others | Salted Hash Ep 21
As phishing attacks evolve, hackers are using customization and targeted scams to ensnare users. Asaf Cidon, vice president, email security services at Barracuda, talks with host Steve Ragan about the ever-changing cat-and-mouse game of phishing.
Memcached servers can be hijacked for massive DDoS attacks
A flaw in the implementation of the UDP protocol for Memcached servers can allow anyone to launch a massive Distributed Denial of Service (DDoS) attack with little effort. The problem was first discovered by the 0kee Team from China, which published a paper about it (pdf). This past week, security researchers at content delivery network […]
GDPR deadline looms: The price and penalties | Salted Hash Ep 20
With the General Data Protection Regulation (GDPR) deadline fast approaching, host Steve Ragan explores the implications of noncompliance for companies — and possible penalties — with Greg Reber, founder/CEO of AsTech Consulting.
Which data center intrusion prevention systems are worth the investment? NSS Labs tests 5 DCIPS products
Performance is critical when evaluating data center intrusion-prevention systems (DCIPS), which face significantly higher traffic volumes than traditional IPSes. A typical IPS is deployed at the corporate network perimeter to protect end-user activity, while a DCIPS sits inline, inside the data center perimeter, to protect data-center servers and the applications that run on them. That […]