Schneier on Security
AUGUST 18, 2021
Apple’s NeuralHash algorithm — the one it’s using for client-side scanning on the iPhone — has been reverse-engineered. Turns out it was already in iOS 14.3, and someone noticed : Early tests show that it can tolerate image resizing and compression, but not cropping or rotations. We also have the first collision : two images that hash to the same value.
Troy Hunt
AUGUST 18, 2021
Today I'm really excited to announce a big piece of work 1Password and I have been focusing on this year, a totally free video series called "Hello CISO" This is a multi-part series that launched with part 1 and when I say "free", I don't mean "give us your personal data so we can market to you", I mean here it is, properly free: This is intended to be a very practical, broadly accessible series and whilst it has "CISO" in the title, we expect it'll
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Krebs on Security
AUGUST 25, 2021
In 2018, Andrew Schober was digitally mugged for approximately $1 million worth of bitcoin. After several years of working with investigators, Schober says he’s confident he has located two young men in the United Kingdom responsible for using a clever piece of digital clipboard-stealing malware that let them siphon his crypto holdings. Schober is now suing each of their parents in a civil case that seeks to extract what their children would not return voluntarily.
Lohrman on Security
AUGUST 8, 2021
Exponential increases in global cyber crime. Ransomware crippling governments and businesses. Nations ignoring cyber criminals operating on their soil. The time for international cooperation on cybersecurity is now.
Advertisement
Keeper Security is transforming cybersecurity for people and organizations around the world. Keeperās affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.
Daniel Miessler
AUGUST 5, 2021
I’ve always been fascinated by security that was “just good enough” I think lots of security actually qualifies (see The News), but I think fencing (and maybe bike locks) take first prize. As a kid I used to love breaking into stuff. Nighttime construction sites. Abandoned buildings. Whatever. And the older I got the more I started paying attention to how silly most fences are.
Anton on Security
AUGUST 30, 2021
As you are reading our recent paper āAutonomic Security Operations?ā?10X Transformation of the Security Operations Centerā , some of you may think āHey, marketing inserted that 10X thing in there.ā Well, 10X thinking is, in fact, an ancient tradition here at Google. We think that it is definitely possible to apply ā10X thinkingā to many areas of security (at the same link , they say that sometimes it is āeasier to make something 10 times better than it is to make it 10 percent betterā ).
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
Troy Hunt
AUGUST 9, 2021
Today I'm very happy to welcome the national Turkish CERT to Have I Been Pwned, TR-CERT or USOM, the National Cyber Incident Response Center. They are now the 26th government to have complete and free API level access to query their government domains. Providing governments with greater visibility into the impact of data breaches on their staff helps protect against all manner of online attacks.
Krebs on Security
AUGUST 16, 2021
Communications giant T-Mobile said today it is investigating the extent of a breach that hackers claim has exposed sensitive personal data on 100 million T-Mobile USA customers, in many cases including the name, Social Security number, address, date of birth, phone number, security PINs and details that uniquely identify each customer’s mobile device.
Lohrman on Security
AUGUST 15, 2021
Email tips abound, but lasting email etiquette is severely lacking at home and work in 2021.
Joseph Steinberg
AUGUST 5, 2021
(I co-wrote this article with Mark Lynd , CISSP, ISSAP & ISSMP, Head of Digital Business at NETSYNC.). While leveraging cyber-liability insurance has become an essential component of cyber-risk mitigation strategy, cyber-liability offerings are still relatively new, and, as a result, many parties seeking to obtain coverage are still unaware of many important factors requiring consideration when selecting a policy.
Advertisement
Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, youāll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.
The Last Watchdog
AUGUST 19, 2021
TMobile has now issued a formal apology and offered free identity theft recovery services to nearly 48 million customers for whom the telecom giant failed to protect their sensitive personal information. At the start of this week, word got out that hackers claimed to have seized personal data for as many as 100 million T-Mobile patrons. Related: Kaseya hack worsens supply chain risk.
Schneier on Security
AUGUST 6, 2021
Fascinating research: “ Generating Master Faces for Dictionary Attacks with a Network-Assisted Latent Space Evolution.” Abstract: A master face is a face image that passes face-based identity-authentication for a large portion of the population. These faces can be used to impersonate, with a high probability of success, any user, without having access to any user-information.
Troy Hunt
AUGUST 5, 2021
The greatest gift I can give my kids is a love of technology. I mean after all the usual Maslow's hierarchy of needs stuff , of course, the thing that I (and many of my readers) can instil in our kids is a deep passion for this life-altering and possibly career-defining thing that increasingly defines our everyday being. And without doubt, the best educational technology thing I've ever brought home is my Prusa 3D printer.
Krebs on Security
AUGUST 13, 2021
A new dark web service is marketing to cybercriminals who are curious to see how their various cryptocurrency holdings and transactions may be linked to known criminal activity. Dubbed “ Antinalysis,” the service purports to offer a glimpse into how one’s payment activity might be flagged by law enforcement agencies and private companies that try to link suspicious cryptocurrency transactions to real people.
Advertisement
After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out whatās next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!
Lohrman on Security
AUGUST 22, 2021
The desperate images coming out of Afghanistan following the Talibanās takeover last weekend underline the importance of technology and the real-life impacts when planning goes well ā or not so well.
Joseph Steinberg
AUGUST 16, 2021
Two recent ransomware attacks successfully breached computers at wastewater management plants in the US State of Maine , according to a statement by the state’s Department of Environmental Protection. While the two cyberattacks, which hit facilities in the towns of Mount Desert and Limestone in the USās most northeastern state, are believed to have posed no threat to human safety, they were far from benign, and have raised serious concerns about the potential danger to human life created b
The Last Watchdog
AUGUST 30, 2021
One of the most commonly repeated phrases in the security industry is, āSecurity teams hate their SIEM!ā. Related: The unfolding SIEM renaissance. Security Information and Event Management (SIEM) is not what it was 20 years ago. Donāt get me wrong, SIEMs do take work through deployment, maintenance, and tuning. They also require strategic planning. Yet, much to the chagrin of everyone who believed the vendor hype, they fail to provide the āsingle pane of glassā for all tasks in security operatio
Schneier on Security
AUGUST 10, 2021
Apple’s announcement that it’s going to start scanning photos for child abuse material is a big deal. ( Here are five news stories.) I have been following the details, and discussing it in several different email lists. I don’t have time right now to delve into the details, but wanted to post something. EFF writes : There are two main features that the company is planning to install in every Apple device.
Advertisement
How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldnāt hand those out too freely. You have stuff thatās worth protectingāand the more people that have access to your belongings, the higher the odds that something will go missing.
Troy Hunt
AUGUST 12, 2021
More than 3 years ago now, Scott Helme and I launched a little project called Why No HTTPS? It listed the world's largest websites that didn't properly redirect insecure requests to secure ones. We updated it December before last and pleasingly, noted that more websites than ever were doing the right thing and forcing browsers down the secure path.
Krebs on Security
AUGUST 10, 2021
Microsoft today released software updates to plug at least 44 security vulnerabilities in its Windows operating systems and related products. The software giant warned that attackers already are pouncing on one of the flaws, which ironically enough involves an easy-to-exploit bug in the software component responsible for patching Windows 10 PCs and Windows Server 2019 machines.
Lohrman on Security
AUGUST 29, 2021
From cryptocurrency thefts to hacking bank accounts, SIM swapping is a growing threat online. Here are relevant definitions, real-world examples and tips to help stop cyber criminals.
Joseph Steinberg
AUGUST 3, 2021
The Global Foundation for Cyber Studies and Research (GFCyber) announced today that it has launched Cyber Insights , a new digital magazine that aims to help readers stay informed about contemporary cyber-related issues and their potential ramifications, from the perspectives of policy, practice, and technology. Cyber Insights provides policymakers and tech leaders with guidance and suggestions as to what issues they should ponder, and discusses associated challenges and concerns that might war
Advertiser: Revenera
In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.
The Last Watchdog
AUGUST 23, 2021
While every business needs to prioritize cybersecurity, doing so is becoming increasingly complicated. With many employees now working remotely, securing company data isnāt as straightforward as it used to be. Things get even more complicated if you have an international remote workforce. Related: Employees as human sensors. As of 2018, more than 2 million people were working abroad for U.S. companies in China alone.
Schneier on Security
AUGUST 3, 2021
Forbes has the story : Paragon’s product will also likely get spyware critics and surveillance experts alike rubbernecking: It claims to give police the power to remotely break into encrypted instant messaging communications, whether that’s WhatsApp, Signal, Facebook Messenger or Gmail, the industry sources said. One other spyware industry executive said it also promises to get longer-lasting access to a device, even when it’s rebooted. […].
Troy Hunt
AUGUST 13, 2021
Well this week went on for a bit, an hour and 6 mins in all. The 2 Apple things were particularly interesting due to the way in which both catching CSAM baddies and catching baddies who steal your things involves using technology that can be abused. Is it good tech because it can do good things? Bad tech because it can do bad things? Or is tech just morally neutral and we need to look at it more holistically?
Krebs on Security
AUGUST 18, 2021
T-Mobile is warning that a data breach has exposed the names, date of birth, Social Security number and driver’s license/ID information of more than 40 million current, former or prospective customers who applied for credit with the company. The acknowledgment came less than 48 hours after millions of the stolen T-Mobile customer records went up for sale in the cybercrime underground.
Advertisement
The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.
Tech Republic Security
AUGUST 19, 2021
As the predominantly pandemic-caused global chip shortage rolls on, businesses are now facing another challenge ā component scams and bogus supply-chain claims.
Adam Shostack
AUGUST 9, 2021
Twenty-five years ago I published a set of code review guidelines that I had crafted while working for a bank. I released them (thanks, SteveMac!) to get feedback and advice, because back then, there was exceptionally little in terms of practical advice on what we now call AppSec. Looking back at what’s there: it’s explicitly a review document for a firewall group, taking code that’s ‘thrown over a wall’ to be run and operated by that group.
The Last Watchdog
AUGUST 18, 2021
So NortonLifeLock has acquired Avast for more than $8 billion. This deal reads like to the epilogue to a book titled The First 20 Years of the Supremely Lucrative Antivirus Market. Way back in 1990, Symantec acquired Norton Utilities and made Norton the heart of its antivirus subscription offering. Related: The coming of ubiquitous passwordless access.
Schneier on Security
AUGUST 25, 2021
Vice has an article about how data brokers sell access to the Internet backbone. This is netflow data. It’s useful for cybersecurity forensics, but can also be used for things like tracing VPN activity. At a high level, netflow data creates a picture of traffic flow and volume across a network. It can show which server communicated with another, information that may ordinarily only be available to the server owner or the ISP carrying the traffic.
Speaker: Blackberry, OSS Consultants, & Revenera
Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, āDo you know whatās in your software?
Expert insights. Personalized for you.
363 
Let's personalize your content