Schneier on Security
MAY 31, 2018
Tom Standage has a great story of the first cyberattack against a telegraph network. The Blanc brothers traded government bonds at the exchange in the city of Bordeaux, where information about market movements took several days to arrive from Paris by mail coach. Accordingly, traders who could get the information more quickly could make money by anticipating these movements.
Troy Hunt
MAY 28, 2018
A couple of months ago, I shared news of on-boarding the UK and Australian governments to Have I Been Pwned (HIBP). As I explained at the time, I wanted to provide the folks there with easy access to their respective government domains which meant providing them with the facility to query at the TLD level - namely,gov.uk and.gov.au - as well as across a handful of their other whitelisted gov domains on other TLDs.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
WIRED Threat Level
MAY 15, 2018
Special Counsel Robert Mueller’s job is to make sense of how Russia hacked the 2016 election. But to make sense of Mueller, you have to revisit some of the bloodiest battles of Vietnam.
Lenny Zeltser
MAY 7, 2018
This cheat sheet offers guidelines for IT professionals seeking to improve technical writing skills. To print it, use the one-page PDF version; you can also customize the Word version of the document. General Recommendations. Determine your write-up’s objectives and audience. Keep the write-up as short and simple as possible to achieve the objectives.
Advertisement
Many cybersecurity awareness platforms offer massive content libraries, yet they fail to enhance employees’ cyber resilience. Without structured, engaging, and personalized training, employees struggle to retain and apply key cybersecurity principles. Phished.io explains why organizations should focus on interactive, scenario-based learning rather than overwhelming employees with excessive content.
eSecurity Planet
MAY 2, 2018
Your company's website does not have to be the next victim of a SQL injection breach. Here's how to prevent SQL injection attacks.
Elie
MAY 30, 2018
This blog post survey the attacks techniques that target AI (artificial intelligence) systems and how to protect against them. At a high level, attacks against classifiers can be broken down into three types: Adversarial inputs. , which are specially crafted inputs that have been developed with the aim of being reliably misclassified in order to evade detection.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
|
Troy Hunt
MAY 17, 2018
We're on a beach! It's the day after 3 pretty intense days of NDC conference and the day before Scott heads back to the UK so beach was an easy decision. The conference went fantastically well and, in all honesty, was the most enjoyable workshop I think I've done out of ~50 of them these last few years. NDC will be back on the Gold Coast next yet, plus of course it will be in Oslo in a few weeks' time then Sydney in September where we'll both do it all again.
WIRED Threat Level
MAY 28, 2018
We mined roughly 13 Bitcoins and then ripped up our private key. We were stupid—but not alone.
Dark Reading
MAY 17, 2018
Another widespread worm attack is "inevitable," but spreading a different more lucrative or destructive payload, experts say.
Thales Cloud Protection & Licensing
MAY 10, 2018
In past years’ Thales Data Threat Reports, we asked IT security pros around the world separate questions about whom they believed were the riskiest internal threats and external threats. The results were useful but didn’t allow us to compare which category proved most worrisome. This year, we restructured the two separate questions into a single one, and that gave us some very interesting results about who worries these IT security professionals the most.
Advertisement
The DHS compliance audit clock is ticking on Zero Trust. Government agencies can no longer ignore or delay their Zero Trust initiatives. During this virtual panel discussion—featuring Kelly Fuller Gordon, Founder and CEO of RisX, Chris Wild, Zero Trust subject matter expert at Zermount, Inc., and Principal of Cybersecurity Practice at Eliassen Group, Trey Gannon—you’ll gain a detailed understanding of the Federal Zero Trust mandate, its requirements, milestones, and deadlines.
Elie
MAY 30, 2018
This blog post survey the attacks techniques that target AI (artificial intelligence) systems and how to protect against them. At a high level, attacks against classifiers can be broken down into three types: Adversarial inputs. , which are specially crafted inputs that have been developed with the aim of being reliably misclassified in order to evade detection.
Schneier on Security
MAY 14, 2018
A new PGP vulnerability was announced today. Basically, the vulnerability makes use of the fact that modern e-mail programs allow for embedded HTML objects. Essentially, if an attacker can intercept and modify a message in transit, he can insert code that sends the plaintext in a URL to a remote website. Very clever. The EFAIL attacks exploit vulnerabilities in the OpenPGP and S/MIME standards to reveal the plaintext of encrypted emails.
Troy Hunt
MAY 31, 2018
I've been at the AusCERT conference this week which has presented a rare opportunity to walk to a major event from my home rather than fly to the other side of the world. And what an awesome walk too, right on the turn into "winter", which means something quite different in this part of the world: Off to #AusCERT2018 ! It’s all blue outside today, what an awesome day for a short walk from home ??
WIRED Threat Level
MAY 3, 2018
Dutch researchers have pushed the mind-bending Rowhammer hacking technique one more step towards a practical attack.
Advertisement
Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.
Dark Reading
MAY 29, 2018
One gas station failed its PCI compliance test due to security holes in its automated gas tank gauge configuration, researcher says.
eSecurity Planet
MAY 7, 2018
Using SQL injection, hackers can wreak havoc on databases and data-driven applications. Fortunately, there are ways to reduce SQL injection risk.
Lenny Zeltser
MAY 21, 2018
When cybersecurity professionals communicate with regular, non-technical people about IT and security, they often use language that virtually guarantees that the message will be ignored or misunderstood. This is often a problem for information security and privacy policies, which are written by subject-matter experts for people who lack the expertise.
Schneier on Security
MAY 15, 2018
Researchers have demonstrated the ability to send inaudible commands to voice assistants like Alexa, Siri, and Google Assistant. Over the last two years, researchers in China and the United States have begun demonstrating that they can send hidden commands that are undetectable to the human ear to Apple's Siri, Amazon's Alexa and Google's Assistant.
Advertisement
Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.
Troy Hunt
MAY 17, 2018
It's a new Pluralsight course! Yes, I know I said that yesterday too , but this is a new new Pluralsight course and it's the second part in our series on Creating a Security-centric Culture. As I wrote there back in Jan, we're doing this course on a quarterly basis and putting it out in front of the paywall so in other words, it's free! It's also a combination of video and screencast which means you see a lot of this: As for the topic in the title, shadow IT has always been an interesting one an
WIRED Threat Level
MAY 3, 2018
On World Password Day, Twitter discloses a major gaffe that left user passwords potentially vulnerable.
Dark Reading
MAY 24, 2018
Data breach costs increased 24% for enterprise victims and 36% for SMBs from 2017 to 2018, researchers found.
eSecurity Planet
MAY 17, 2018
Our guide to the top managed security service providers (MSSPs), based on their ratings in analyst reports the Gartner Magic Quadrant and the IDC MarketScape Vendor Assessment.
Advertisement
How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.
Thales Cloud Protection & Licensing
MAY 29, 2018
According to Thales eSecurity’s latest Data Threat Report, European Edition , almost three in four businesses have now fallen victim to some of the world’s most significant data breaches, resulting in a loss of sensitive data and diminished customer trust. It’s no surprise feelings of vulnerability are high, with just 8 per cent of businesses not feeling at risk.
Schneier on Security
MAY 14, 2018
EFF is reporting that a critical vulnerability has been discovered in PGP and S/MIME. No details have been published yet, but one of the researchers wrote : We'll publish critical vulnerabilities in PGP/GPG and S/MIME email encryption on 2018-05-15 07:00 UTC. They might reveal the plaintext of encrypted emails, including encrypted emails sent in the past.
Troy Hunt
MAY 3, 2018
Ah JavaScript, the answer to - and cause of - all our problems on the web today! Just kidding, jQuery has solved all our JS problems now. But seriously, JS is a major component of so much of what we build online these days and as with our other online things, the security posture of it is enormously important to understand. Recently, I teamed up with good mate and fellow Pluralsight author Aaron Powell who spends his life writing JS things.
WIRED Threat Level
MAY 23, 2018
Cisco researchers discover a new router malware outbreak that might also be the next cyberwar attack in Ukraine.
Advertiser: Revenera
In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.
Dark Reading
MAY 17, 2018
Two-factor authentication is a common best security practice but not ironclad. Here's how it can be bypassed, and how you can improve security.
eSecurity Planet
MAY 29, 2018
As cloud computing moves to the edge of network, organizations will face new security challenges.
Threatpost
MAY 10, 2018
The GandCrab ransomware continues to virulently spread and adapt to shifting cyber-conditions, most recently crawling back into relevance on the back of several large-scale spam campaigns.
Schneier on Security
MAY 18, 2018
Someone changed the address of UPS corporate headquarters to his own apartment in Chicago. The company discovered it three months later. The problem, of course, is that in the US there isn't any authentication of change-of-address submissions: According to the Postal Service, nearly 37 million change-of-address requests known as PS Form 3575 were submitted in 2017.
Advertisement
The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.
Expert insights. Personalized for you.
256 
Let's personalize your content