As I sit here at the park, sun setting, ants crawling on my feet , gnats trying flying around my head , it takes all my will power to focus on my daughters soccer practice. All I can think of is my flight tomorrow, and which sponsored cocktail party/social to attend! BlackHat is officially on!
McAfee has announced the McAfee Threat Intelligence Exchange, a solution that’s designed to bring together intelligence information from local and global sources with enterprise-wide security products. McAfee Threat Intelligence Exchange is expected to become available in the fourth quarter of 2014.
The solution is designed to provide immediate protection to both endpoint and network controls through information sharing and real-time preventive actions.
McAfee says that the Threat Intelligence Exchange represents a significant evolution, since it can do in milliseconds what other products do in days, weeks and even months.
The solution optimizes an organization’s defenses by orchestrating security controls to identify patterns, immunize assets to make sure they’re protected against new malware, and prevent data exfiltration.
In order to offer comprehensive threat intelligence, information from global sources is combined with local data. This enables businesses to immediately identify targeted attacks and potential risks.
Excerpt from the DataSheet:
“McAfee® Threat Intelligence Exchange enables adaptive threat prevention by sharing relevant security data across endpoints, gateways, and other security products. Sharing of data allows these products to operate as one, exchanging and acting
on collective threat intelligence. By delivering a cohesive framework where security products collectively pinpoint threats and expose threat trends within an organization,McAfee Threat Intelligence Exchange significantly optimizes threat prevention.
McAfee narrows the gap from encounter to containment from days, weeks, and months down to milliseconds.”
MTIE requires that you are running ePO, VSE and have the McAfee Agent deployed to your end points.
REDMOND, Wash. — Feb. 4, 2014 — Microsoft Corp. today announced that its Board of Directors has appointed Satya Nadella as Chief Executive Officer and member of the Board of Directors effective immediately. Nadella previously held the position of Executive Vice President of Microsoft’s Cloud and Enterprise group.
Is this as big of a story as when Bill Gates stepped down? No. Does anyone under the age of 35 find this the least bit interesting? No. Does Satya have what it takes to make Microsoft a player in the mobile and cloud computing sector and push past Google, Apple and Amazon? No, no one can. Its too late for Microsoft.
But for those of you over 35, heres the press release:
As Satya Nadella becomes the third CEO of Microsoft, he brings a relentless drive for innovation and a spirit of collaboration to his new role. He joined Microsoft 22 years ago because he saw how clearly Microsoft empowers people to do magical things and ultimately make the world a better place. Many companies, he says, “aspire to change the world. But very few have all the elements required: talent, resources and perseverance. Microsoft has proven that it has all three in abundance.”
“During this time of transformation, there is no better person to lead Microsoft than Satya Nadella,” said Bill Gates, Microsoft’s Founder and Member of the Board of Directors. “Satya is a proven leader with hard-core engineering skills, business vision and the ability to bring people together. His vision for how technology will be used and experienced around the world is exactly what Microsoft needs as the company enters its next chapter of expanded product innovation and growth.”
“Satya is clearly the best person to lead Microsoft, and he has the unanimous support of our Board,” Thompson said. “The Board took the thoughtful approach that our shareholders, customers, partners and employees expected and deserved.”
With the addition of Nadella, Microsoft’s Board of Directors consists of Ballmer; Dina Dublon, former Chief Financial Officer of JPMorgan Chase; Gates; Maria M. Klawe, President of Harvey Mudd College; Stephen J. Luczo, Chairman and Chief Executive Officer of Seagate Technology PLC; David F. Marquardt, General Partner at August Capital; Nadella; Charles H. Noski, former Vice Chairman of Bank of America Corp.; Dr. Helmut Panke, former Chairman of the Board of Management at BMW Bayerische Motoren Werke AG; and Thompson, Chief Executive Officer of Virtual Instruments. Seven of the 10 board members are independent of Microsoft, which is consistent with the requirement in the company’s governance guidelines that a substantial majority be independent.
Cloud software maker VMware Inc said it would buy privately held mobile security company AirWatch for $1.54 billion to tap into rising demand from companies to secure the smartphones and tablets used by employees.
While some analysts view the deal as a threat to BlackBerry Ltd, which has long been the go-to for companies looking for security products, others say the deal could spur more acquisitions in the mobile security market.
VMware itself has entered this market recently. Its main business is making virtualization software, which creates a virtual machine that acts like a real computer. This helps companies cut IT costs by saving on server and storage space.
“AirWatch will be the center of our mobile activities,” CEO Pat Gelsinger told Reuters. “We are really bringing together the strength we have in PCs and desktops with AirWatch’s in the mobility space.”
The VMware-AirWatch deal is the third major acquisition in the mobile security market, a business which ABI Research estimates will double to more than $1 billion by 2015. (r.reuters.com/cuf36v)
Last year, IBM bought mobile device management company Fiberlink Communications, while Citrix Systems Inc bought Zenprise in 2012.
UBS analyst Amitabh Passi said the deal will make it more challenging for BlackBerry as it now faces strong competitors and said he expects Google Inc, Apple Inc and Microsoft Corp to look for acquisitions to bolster their presence in the mobile enterprise market.
VMware shares were up 2.3 percent at $99.57 in afternoon trade on the New York Stock Exchange after the company also forecast fourth-quarter and current-quarter revenue above analysts’ estimate.
BILLION DOLLAR DEAL
AirWatch, founded in 2003, will become a unit of VMware and its 1,600 employees will continue to report to AirWatch founder and Chief Executive John Marshall. AirWatch co-founder and Chairman Alan Dabbiere will report to VMware CEO Pat Gelsinger.
Atlanta-based AirWatch, whose rivals include MobileIron and FrontRange, says it has more than 10,000 customers including United Airline, Renault, and nine of the top 10 U.S. retailers.
VMware said it would pay about $1.175 billion in cash and about $365 million in installment payments and assumed unvested equity. It will borrow $1 billion from parent EMC Corp to pay for the acquisition.
AirWatch is VMware’s second billion-dollar deal in one-and-a-half years after the company bought Nicira, a provider of network virtualization software, in 2012.
AirWatch is expected to add about $75 million to revenue in 2014 after the deal closes late in the first quarter. VMware expects the acquisition to add to adjusted profit in late 2015.
VMware also said it would provide a bridge loan of $25 million to AirWatch if the deal fails to close by June 1.
Analyst Brian Marshall said AirWatch had raised about $225 million in funding from Insight Venture Partners and Accel Partners. “AirWatch revenue last year may have been in the $125-$150 million range,” he said.
This is a two parter: 1st, stopping the attacks will be an ongoing issue such as protecting users machines is now. We follow best security practices, we patch them, we keep current Anti-Virus and we run Firewalls, Vulnerability Scans, IPS and Internet Gateways to help prevent such attacks. 2nd , the only thing that will put a dent in this type of attack is an authenticating credit and debit card system such as EMV. Now, I don’t see part 2 happening anytime soon as it’s too expensive and Banks and Credit card companies find that it’s cheaper to pay the burden of fraudulent charges to customers. In today’s zero liability world, people don’t really care about moving to EMV either, all they have to do is wait for their new card when the credit company discovers fraudulent charges and they pay none of it. Embezzling, larceny and fraud are as old as dirt, it’s a vicious cycle, that is likely not to end anytime soon. People like us are the sheriffs of Cybertown and I only see the need for more sheriffs in the future. So in some sinister way, this is good for Security Professionals. When society starts checking their bank account as much as their Facebook account, then we can start to make a change, until then, just wait for your new card in the mail.
Target CEO Gregg Steinhafel confirmed in a CNBC interview on Monday that he was made aware of the breach on December 15th and eliminating the malware was done the following day.
Target CEO confirmed zero liability and free credit reporting for guest affected by breach, which is status quo for this type of issue. As well as that malware installed on POS devices is what enabled thieves to steal 70 million customer cards, CVV numbers and encrypted PIN codes.
“We don’t know the full extent of what transpired, but what we do know was there was malware installed on our point-of-sale registers,” Steinhafel said. “We removed that malware so that we could provide a safe and secure shopping environment.”
Target has taken other actions to protect its customers too, Steinhafel said, such as taking down 13 phishing sites that were preying on confused shoppers.
The retail giant also made good on its promise to offer free credit monitoring and identity theft protection when, on Monday, impacted individuals were given the green light to begin the enrollment process for those services.
Officials initiated an investigation and began forensic work on Dec. 16, 2013, Steinhafel said, explaining the following day was spent setting up the call center and preparing store employees for customer queries. Target then prepared to notify the public and announced the breach on Dec. 19, 2013.
“We have seen almost no fraudulent activity on our Target REDcard,” Steinhafel said, explaining Target will offer zero liability to customers by paying for any fraudulent charges on cards as a result of the breach. “We have some very low-level activity on the legacy Target Visa card. That’s the only place that we’ve seen anything to this point.”
Looking forward, Steinhafel said that he would like to see Target take a lead role in shifting the U.S. from cards that use vulnerable magnetic strips to cards that contain encrypted chips and follow the EMV global standard for chip cards.
However, it is already an initiative that began gaining momentum in 2011 and is expected to really take off in October 2015, according to Randy Vanderhoof, executive director with the Smart Card Alliance.
Vanderhoof told SCMagazine.com on Monday that chip cards offer a bigger safety benefit because financial information is encrypted on the chip and can only be read when swiped through a card reader, which creates a unique one-time key only for that single transaction.
“The use of EMV cards wouldn’t have prevented a data breach, but it would have been less likely to have occurred because there would be no value to be gotten from stealing the payment data,” Vanderhoof said. “They couldn’t resell it to people to make counterfeit copies of the card.”
All this is not stopping consumer advocates and the spawning of more than a dozen lawsuits.
But on Tuesday, a Seattle law firm filed a new complaint against Target alleging that the retailer was warned in 2007 by a security expert about weaknesses in its point-of-sale systems.
The lawsuit accuses Target of ultimately ignoring a white paper by Neal Krawetz naming the company and other retail chains as potential targets of account theft. Among the allegations: that Target was negligent before the breach and then misleading to customers afterward.
Law firm Hagens Berman Sobol Shapiro is seeking class-action status for the suit, which was filed in federal court in the Northern District of California.
And with the news about Nieman Marcus breach, the offices of Connecticut Atty. Gen. George Jepsen and Illinois Atty. Gen. Lisa Madigan confirmed they are looking into the Neiman Marcus break-in. Who will be next?
President Obama will unveil his plans for National Security Agency ( NSA ) reform in a speech Jan. 17, the White House announced.
The speech will come in the wake of a report issued last month by the president’s review group calling for sweeping changes to the government’s surveillance practices, including forcing the NSA to give up its database of records on all U.S. phone calls.
“We will not harm our national security,” White House press secretary Jay Carney said last Friday, announcing the date of the speech, but providing no other details about its time or location.
When the leaks by Edward Snowden first revealed new details about the scope of NSA surveillance last year, Obama argued that no one’s privacy rights were being violated and that any changes should be focused on improving trust in the NSA. But he has faced mounting pressure from civil-liberties groups, tech companies, and members of both parties for more-dramatic changes.
Obama discussed potential changes to the NSA with intelligence officials on Wednesday and key lawmakers on Thursday. White House staffers additionally met with privacy advocates on Thursday and are scheduled to meet with executives from tech companies on Friday.
The president could enact some changes through executive action, while other reforms will likely require congressional action.
In addition to changes to the NSA’s phone-records database, other reforms could include creating a privacy advocate at the Foreign Intelligence
Surveillance Court, which currently hears arguments only from the government in favor of surveillance.
Obama could also announce changes to how the government handles the information of foreigners.
Rep. Jim Sensenbrenner, R-Wis., said after Thursday’s sit-down with Obama that “the problem cannot be solved by presidential fiat.” Sensenbrenner, the author of the post-9/11 USA Patriot Act, is pushing his Freedom Act, which would rein in the NSA’s domestic-surveillance programs more tightly than what most observers expect the president will offer.
Sens. Ron Wyden, D-Ore., and Mark Udall, D-Colo.—two of the NSA’s most vocal critics—also met with Obama on Thursday. They along with Sen. Martin Heinrich, D-N.M., sent Obama a letter Friday urging for Obama to act swiftly and decisively to curtail the NSA’s collection of domestic phone records and to reform the FISA court. All serve on the Senate Intelligence Committee.
How the emails are titled also plays a significant role in the success of a phishing campaign.
(Based on research conducted 1/1/13-9/30/13)
1. Invitation to connect on LinkedIn
2. Mail delivery failed: returning message to sender
3. Dear <insert bank name here> Customer
4. Comunicazione importante
5. Undelivered Mail Returned to Sender
The list above portrays how cybercriminals are attempting to fool recipients into clicking a malicious link or downloading an infected file by using business-focused and legitimate-looking subject lines. As Enterprises ramp up security training and the younger work force being more keen on the average phishing scam, scammers have to get more detailed, refined and sneeky.
In addition to social engineering, geographic location also plays an intricate role in phishing. By rank, here’s a list of the top 10 countries hosting phishing URLs: (Based on research conducted 1/1/13-9/30/13)
2. United States
4. United Kingdom
8. Hong Kong
The re-branding will begin immediately, but the transition is expected to take up to a year before completed, the company said. McAfee will continue to operate as a wholly owned subsidiary of Intel. Krzanich, during his keynote address at CES, also announced Intel’s plans to release free mobile security software for Apple and Android devices and said later this year Intel Security will offer Intel Device Protection technology, which will help secure Intel-based Android mobile devices.
The McAfee brand, created by anti-virus software pioneer John McAfee, suffered some damage after the founder was wanted in Belize for questioning over the murder of his neighbor in late 2012, sparking months of dramatic events and a wild goose chase across Central America. While John McAfee has had nothing to do with the security firm for more than 15 years, the company still carried his name, and according to Intel, the Intel Security brand will retain the familiar red shield.
rebranding’s aren’t unusual after an acquisition like Intel’s purchase of McAfee for $7.7 billion in 2010, and the computer security market is heating up as one of tech’s most alluring in 2014, given recent hacker attacks and revelations of government spying.
The IronKey F200 Biometric Flash Drive by Imation is an awesome tool! But comes with a hefty price tag, $129 ; software $250 (including one year support); renewal yearly maintenance $45.
The waterproof flash drive lights up when pluged in when it is ready for the user to swipe their fingerprint. The level of security is FIPS 140-2 level 3 validation and AES 256-bit encryption that is handled at the hardware level. And encryption implemented in Cipher Block Chaining (CBC) mode is activated every time the USB flash drive is in use.
One of the tool’s strongest features is that it can record up to 10 fingerprints per user and up to 10 users. The software application ACCESS has a simple interface that has a built-in help function that lay out what everything does on the menu. ACCESS has three levels of applications: standard, enterprise manager and enterprise server, all offering a little more software support to enhance the application. The performance of the flash drive is excellent – just plug it in and swipe a finger to unlock the drive and start using it. One of the strong features is the sturdy magnesium alloy case in which it comes with a waterproofing O-ring. Also, if the drive is being tampered with, it will clear all the data on its own.
McAfee ePolicy Orchestrator users will be happy to hear that the IronKey F Series drives are compatible and be managed by ePO
For more information :