Schneier on Security
DECEMBER 15, 2017
Interesting research : The trick in accurately tracking a person with this method is finding out what kind of activity they're performing. Whether they're walking, driving a car, or riding in a train or airplane, it's pretty easy to figure out when you know what you're looking for. The sensors can determine how fast a person is traveling and what kind of movements they make.
Troy Hunt
DECEMBER 13, 2017
Occasionally, I feel like I'm just handing an organisation more shovels - "here, keep digging, I'm sure this'll work out just fine." The latest such event was with NatWest (a bank in the UK), and it culminated with this tweet from them: I'm sorry you feel this way. I can certainly pass on your concerns and feed this back to the tech team for you Troy?
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
WIRED Threat Level
DECEMBER 22, 2017
The NSA leaker's latest project aims to secure your computer—and you—from not just digital but physical attacks.
Elie
DECEMBER 2, 2017
This post provides a retrospective analysis of Mirai — the infamous Internet-of-Things botnet that took down major websites via massive distributed denial-of-service using hundreds of thousands of compromised Internet-Of-Things devices. At its peak in September 2016, Mirai temporarily crippled several high-profile services such as. OVH. , Dyn. , and.
Advertisement
Many cybersecurity awareness platforms offer massive content libraries, yet they fail to enhance employees’ cyber resilience. Without structured, engaging, and personalized training, employees struggle to retain and apply key cybersecurity principles. Phished.io explains why organizations should focus on interactive, scenario-based learning rather than overwhelming employees with excessive content.
Dark Reading
DECEMBER 18, 2017
Cloud security architecture skills to customer-service savvy are among the key IT security skills needed next year as CIOs ramp up hiring.
eSecurity Planet
DECEMBER 20, 2017
The information, from data analytics firm Alteryx, was in an Amazon S3 bucket configured to provide any AWS user with access.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
|
Troy Hunt
DECEMBER 31, 2017
Cause awareness and giving days can be very powerful themes upon which to launch online fundraising campaigns. The real-time, in-the-moment nature of cause awareness and giving days can inspire donors to give provided that your nonprofit knows how to promote the days effectively. The first step is to decide which days to build a campaign upon and add them to your 2018 editorial calendar.
WIRED Threat Level
DECEMBER 13, 2017
The DDoS attack that crippled the internet last fall wasn't the work of a nation-state. It was three college kids working a *Minecraft* hustle.
Threatpost
DECEMBER 28, 2017
Researchers warn of copycat type attacks as exploit code used in Mirai variant goes public.
Dark Reading
DECEMBER 6, 2017
Updated version includes changes to some existing guidelines - and adds some new ones.
Advertisement
The DHS compliance audit clock is ticking on Zero Trust. Government agencies can no longer ignore or delay their Zero Trust initiatives. During this virtual panel discussion—featuring Kelly Fuller Gordon, Founder and CEO of RisX, Chris Wild, Zero Trust subject matter expert at Zermount, Inc., and Principal of Cybersecurity Practice at Eliassen Group, Trey Gannon—you’ll gain a detailed understanding of the Federal Zero Trust mandate, its requirements, milestones, and deadlines.
eSecurity Planet
DECEMBER 28, 2017
And just 11 percent plan to add one in the coming year.
Troy Hunt
DECEMBER 20, 2017
This week, I've been writing up my 5-part guide on "Fixing Data Breaches" On Monday I talked about the value of education ; let's try and stop the breach from happening in the first place. Then yesterday it was all about reducing the impact of a breach , namely by collecting a lot less data in the first place then recognising that it belongs to the person who provided it and treating with the appropriate respect.
WIRED Threat Level
DECEMBER 1, 2017
The company's fix for an embarrassing security bug includes a big bug of its own.
Advertisement
Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.
Thales Cloud Protection & Licensing
DECEMBER 20, 2017
Thanks to heightened consumer confidence, a rise in proximity payments adoption and ongoing developments in biometrics, the payments industry continued to undergo digital transformation throughout 2017. We’re now seeing big data play an increasing role in how retail sales and payments are being tailored to individual consumer’s preferences, and providers are adopting and integrating smarter, more efficient ways of completing the path-to-purchase.
Dark Reading
DECEMBER 12, 2017
Follow these five guidelines to keep your organization's data protected.
eSecurity Planet
DECEMBER 27, 2017
And almost half of those breaches were caused by a third-party vendor or contractor.
Schneier on Security
DECEMBER 14, 2017
Security Planner is a custom security advice tool from Citizen Lab. Answer a few questions, and it gives you a few simple things you can do to improve your security. It's not meant to be comprehensive, but instead to give people things they can actually do to immediately improve their security. I don't see it replacing any of the good security guides out there, but instead augmenting them.
Advertisement
Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.
Troy Hunt
DECEMBER 17, 2017
We have a data breach problem. They're constant news headlines, they're impacting all of us and frankly, things aren't getting any better. Quite the opposite, in fact - things are going downhill in a hurry. Last month, I went to Washington DC, sat in front of Congress and told them about the problem. My full written testimony is in that link and it talks about many of the issue we face today and the impact data breaches have on identity verification.
WIRED Threat Level
DECEMBER 12, 2017
The Islamic State is designing and mass-producing its own advanced munitions—with parts from all over the world.
Threatpost
DECEMBER 27, 2017
Ancestry.com closes parts of its community-driven genealogy site RootsWeb as it investigates a leaky server that exposed thousands of passwords, email addresses and usernames to the public internet.
Dark Reading
DECEMBER 13, 2017
Avast's RetDec machine-code decompiler now available for free on Github.
Advertisement
How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.
eSecurity Planet
DECEMBER 1, 2017
The data is unusually sensitive, including full credit card and bank account numbers as well as images of Social Security cards and driver's licenses.
Schneier on Security
DECEMBER 28, 2017
Matthew Green wrote a fascinating blog post about the NSA's efforts to increase the amount of random data exposed in the TLS protocol, and how it interacts with the NSA's backdoor into the DUAL_EC_PRNG random number generator to weaken TLS.
Troy Hunt
DECEMBER 12, 2017
I've been gradually coming to this conclusion of my own free will, but Phil Schiller's comments last week finally cemented it for me: Face ID stinks. I wrote about the security implementations of Face ID just after it was announced and that piece is still entirely relevant today. To date, we haven't seen practical attacks against it that should worry the masses and the one piece that suggests it's vulnerable has been pretty thoroughly debunked by Dan Goodin at Ars Technica.
WIRED Threat Level
DECEMBER 1, 2017
The Justice Department has struck a plea deal with Nghia Hoang Pho, a programmer in the NSA's elite operations unit, for taking his highly classified work home with him.
Advertiser: Revenera
In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.
Thales Cloud Protection & Licensing
DECEMBER 19, 2017
As 2017 draws to a close, the trends and innovations that will shape the technology industry over the coming weeks, months and years were brought into sharper focus over the course of the last twelve months. Cloud computing has gone mainstream for many enterprises, and the Internet of Things (IoT) is changing how both industrial and consumer-oriented companies do business.
Dark Reading
DECEMBER 19, 2017
Loki malware, built to steal credentials, is distributed via Microsoft Excel and other Office applications rigged with malicious 'scriptlets' to evade detection.
eSecurity Planet
DECEMBER 14, 2017
Google details its Application Layer Transport Security approach for securing data inside the cloud.
Schneier on Security
DECEMBER 4, 2017
I agree with Lorenzo Franceschi-Bicchierai, " Cryptocurrencies aren't 'crypto' ": Lately on the internet, people in the world of Bitcoin and other digital currencies are starting to use the word "crypto" as a catch-all term for the lightly regulated and burgeoning world of digital currencies in general, or for the word "cryptocurrency" -- which probably shouldn't even be called "currency," by the way. [.].
Advertisement
The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.
Expert insights. Personalized for you.
278 
Let's personalize your content