RSS_Virtulization

A professor of computer science and engineering at the University of Michigan has been charged with first degree sexual misconduct. Peter Chen was arraigned on January 27 and given a personal recognizance bond. The 55-year-old professor has taught at the university for 27 years. Dean of the College of Engineering, Alec Gallimore, announced to students and faculty that Chen had been placed on paid administrative leave on Thursday. Ann Arbor police launched an investigation into the professor…

Rapid7 has announced the acquisition of Kubernetes security provider Alcide.IO as part of efforts to enhance its cloud native security platform. The deal is worth approximately $50m, subject to certain adjustments. The announcement has come amid growing use of Kubernetes by developers in order to quickly develop containerized applications as part of the overall shift to the cloud. Israel-based Alcide’s technology helps ensure Kubernetes security is fully embedded into the DevOps lifecycle to enable cloud…

The Chinese government may have stolen personal data from 80% of adults in the United States, according to a 60 Minutes report that aired yesterday on American television and radio network CBS.  In the report, former director of the US National Counterintelligence and Security Center, Bill Evanina, warned that the PRC is actively working to gather and exploit Americans’ DNA and other health information. Evanina described how Chinese company BGI Group had approached six different states with…

Security experts suggest using IOBs to move from reacting to a cyberattack to preventing the incident. Image: Getty Images/iStockPhoto Most cybersecurity professionals have been trained to use Indicators of Compromise (IOC) when reacting to a cyberattack, and they are not happy about the after-the-fact nature of this approach. The switch to a work-from-home model is another significant limitation cybersecurity pros are battling. It removes the well-defined perimeter that they were used to. SEE: How to…

The British Security Industry Association’s (BSIA) video surveillance section has launched an ethical and legal use guide for Automated Facial Recognition (AFR). The guide, recommended by the Organization for Economic Co-operation and Development, outlines the considerations organizations should make regarding the responsible use of facial recognition technology, encompassing useful terms, abbreviations and ethical issues. The framework, designed to be accessible to both industry experts and the public, has a specific focus on the distinctive application…

Security experts explain why this approach is all about data and resilience, not deliberately sabotaging your own network. At a virtual summit on cybersecurity, Jamie Dicken, manager of applied security at Cardinal Health, said that security chaos engineering is similar to software testing. Image: Jamie Dicken Chaos engineering is a way for security teams to replace continuous firefighting with continuous learning, according to two industry experts. At the RSA 365 Virtual Summit this week, Aaron…

Security researchers believe that they’ve observed attacks in the wild exploiting a recently discovered SonicWall vulnerability. The technical Twitter account for global information assurance firm NCC Group posted yesterday referencing the original SonicWall advisory. “We’ve identified and demonstrated exploitability of a possible candidate for the vulnerability described and sent details to SonicWall – we’ve also seen indication of indiscriminate use of an exploit in the wild – check logs,” it urged. Followers of the account probed for…

We at The State of Security are committed to helping aspiring information security professionals to reach their full potential. Towards that end, we compiled a two–part list of the top 10 highest paying jobs in the industry. Back in 2017, we even highlighted the U.S. cities that rewarded security personnel with the best salaries, amenities and other benefits. Knowing what job title you’d like and where you’d like to live goes a long way towards…

Security researchers are warning of a resurgence of prolific Trojan malware Trickbot, which had its infrastructure disrupted by a Microsoft-led coalition late last year. Menlo Security said it had observed a new malicious spam campaign designed to trick North American users in the legal and insurance sectors into downloading the Trojan. Whereas weaponized email attachments were a common feature of previous Trickbot campaigns, this one encourages users to click on a phishing link, which redirects…