Schneier on Security
SEPTEMBER 14, 2018
Quantum computing is a new way of computing -- one that could allow humankind to perform computations that are simply impossible using today's computing technologies. It allows for very fast searching, something that would break some of the encryption algorithms we use today. And it allows us to easily factor large numbers, something that would break the RSA cryptosystem for any key length.
Troy Hunt
SEPTEMBER 11, 2018
Here's how it normally plays out: It all begins when a company pops up online and makes some sort of ludicrous statement related to their security posture, often as part of a discussion on a public social media platform such as Twitter. Shortly thereafter, the masses descend on said organisation and express their outrage at the stated position. Where it gets interesting (and this is the whole point of the post), is when another group of folks pop up and accuse the outraged group of doing a bit o
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Krebs on Security
SEPTEMBER 10, 2018
Later this month, all of the three major consumer credit bureaus will be required to offer free credit freezes to all Americans and their dependents. Maybe you’ve been holding off freezing your credit file because your home state currently charges a fee for placing or thawing a credit freeze, or because you believe it’s just not worth the hassle.
The Last Watchdog
SEPTEMBER 13, 2018
Of the many cybersecurity executives I’ve interviewed, Keenan Skelly’s career path may be the most distinctive. Skelly started out as a U.S. Army Explosive Ordnance Disposal (EOD) Technician. “I was on the EOD team that was actually assigned to the White House during 9/11, so I got to see our national response framework from a very high level,” she says.
Advertisement
Many cybersecurity awareness platforms offer massive content libraries, yet they fail to enhance employees’ cyber resilience. Without structured, engaging, and personalized training, employees struggle to retain and apply key cybersecurity principles. Phished.io explains why organizations should focus on interactive, scenario-based learning rather than overwhelming employees with excessive content.
Schneier on Security
SEPTEMBER 11, 2018
This is really interesting research: " BlackIoT: IoT Botnet of High Wattage Devices Can Disrupt the Power Grid ": Abstract : We demonstrate that an Internet of Things (IoT) botnet of high wattage devices-such as air conditioners and heaters-gives a unique ability to adversaries to launch large-scale coordinated attacks on the power grid. In particular, we reveal a new class of potential attacks on power grids called the Manipulation of demand via IoT (MadIoT) attacks that can leverage such a bot
Adam Shostack
SEPTEMBER 14, 2018
Lately, I’ve been asking what takes threat modeling from a practice to a mission. If you’re reading this blog, you may have seen that some people are nearly mad about threat modeling. The ones who say “you’re never done threat modeling.” The ones who’ve made it the center of their work practice. What distinguishes those people from those who keep trying to teach developers about the difference between a hactivist and a script kiddie?
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
|
Troy Hunt
SEPTEMBER 13, 2018
This is going to be a brief blog post but it's a necessary one because I can't load the data I'm about to publish into Have I Been Pwned (HIBP) without providing more context than what I can in a single short breach description. Here's the story: Kayo.moe is a free, public, anonymous hosting service. The operator of the service (Kayo) reached out to me earlier this week and advised they'd noticed a collection of files uploaded to the site which appeared to contain personal data from a breach.
Schneier on Security
SEPTEMBER 13, 2018
Some of us -- myself included -- have proposed lawful government hacking as an alternative to backdoors. A new report from the Center of Internet and Society looks at the security risks of allowing government hacking. They include: Disincentive for vulnerability disclosure Cultivation of a market for surveillance tools Attackers co-opt hacking tools over which governments have lost control Attackers learn of vulnerabilities through government use of malware Government incentives to push for less
The Last Watchdog
SEPTEMBER 14, 2018
In March 2018, the city of Atlanta fell victim to a ransomware attack that shut down its computer network. City agencies were unable to collect payment. Police departments had to handwrite reports. Years of data disappeared. Related: Political propaganda escalates in U.S. The attack also brought cybersecurity to the local level. It’s easy to think of it as a problem the federal government must address or something that enterprises deal with, but cybersecurity has to be addressed closer to home,
Krebs on Security
SEPTEMBER 11, 2018
Adobe and Microsoft today each released patches to fix serious security holes in their software. Adobe pushed out a new version of its beleaguered Flash Player browser plugin. Redmond issued updates to address at least 61 distinct vulnerabilities in Microsoft Windows and related programs, including several flaws that were publicly detailed prior to today and one “zero-day” bug in Windows that is already being actively exploited by attackers.
Advertisement
The DHS compliance audit clock is ticking on Zero Trust. Government agencies can no longer ignore or delay their Zero Trust initiatives. During this virtual panel discussion—featuring Kelly Fuller Gordon, Founder and CEO of RisX, Chris Wild, Zero Trust subject matter expert at Zermount, Inc., and Principal of Cybersecurity Practice at Eliassen Group, Trey Gannon—you’ll gain a detailed understanding of the Federal Zero Trust mandate, its requirements, milestones, and deadlines.
Adam Levin
SEPTEMBER 11, 2018
The Government Accountability Office released a report detailing last year’s massive Equifax data breach and how hackers were able to infiltrate the company’s systems to gain access to the personal information of at least 145.5 million individuals. According to the report, the hackers took advantage of a recently announced vulnerability in a web server technology called Apache Struts, which Equifax failed to patch or address and that left their systems vulnerable for weeks.
Schneier on Security
SEPTEMBER 12, 2018
A security vulnerability in Belkin's Wemo Insight "smartplugs" allows hackers to not only take over the plug, but use it as a jumping-off point to attack everything else on the network. From the Register : The bug underscores the primary risk posed by IoT devices and connected appliances. Because they are commonly built by bolting on network connectivity to existing appliances, many IoT devices have little in the way of built-in network security.
Troy Hunt
SEPTEMBER 14, 2018
We're on a boat! This week, Scott Helme is back in town so I'm treating him to a rare sight for the Englishman - sunshine ??. We're also talking about my.NET Conf talk, Chrome's visual changes (and rolling back some of them), the FreshMenu data breach, getting better at filtering CSP reports, the effectiveness of public shaming, the kayo.moe credential stuffing list and lastly, Scott talks about his blog post on protecting sites from modified JavaScript (now linked to in the references below).
Security Affairs
SEPTEMBER 14, 2018
Operator at kayo.moe found a 42M Record Credential Stuffing Data containing email addresses, plain text passwords, and partial credit card info. A huge archive containing email addresses, plain text passwords, and partial credit card data has been found on a free anonymous hosting service, Kayo.moe. The operator of the service shared the file with the popular expert Troy Hunt who operates the Have I Been Pwned data breach notification service asking him to check the source of the huge trove of
Advertisement
Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.
WIRED Threat Level
SEPTEMBER 10, 2018
Weak encryption in the cars' key fobs allows all-too-easy theft, but you can set a PIN code on your Tesla to protect it.
Adam Levin
SEPTEMBER 11, 2018
Adam Levin spoke with Columbus Business First at BizJournals about the recent cyber attack which hit an Ohio property management group. “Companies should be very vigorous when it comes to monitoring their systems,” Levin said in reference to the breach. Read the article here. The post Adam Levin discusses Ohio Cyberattack with BizJournals appeared first on Adam Levin.
Thales Cloud Protection & Licensing
SEPTEMBER 12, 2018
The Internet of Things (IoT) is rapidly growing and expected to affect all industry verticals as well as our private lives. It is no secret that security plays a very important part in the successful deployment and management of this technology, and its applications are set to transform the way we live and do business. In this blog, we reached out to our technology partner Nexus to better understand the challenges that the industry faces to ensure safe deployment and management of IoT technologi
Security Affairs
SEPTEMBER 13, 2018
New Firmware Flaws Resurrect Cold Boot Attacks. A team of security researchers demonstrated that the firmware running on nearly all modern computers is vulnerable to cold boot attacks. A team of experts from cybersecurity firm F-Secure has discovered security flaws affecting firmware in modern computers that could be exploited by hackers to carry out cold boot attacks and recover sensitive data from the memory of the affected machines.
Advertisement
Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.
Dark Reading
SEPTEMBER 13, 2018
One year after Armis disclosed 'BlueBorne,' a large number of Android, Linux, and iOS devices remain unpatched.
Architect Security
SEPTEMBER 9, 2018
One of my talks is about using “Social Engineering at work” – how to gain and utilize positive influence to get things done.
Thales Cloud Protection & Licensing
SEPTEMBER 11, 2018
Vincent Van Gogh is believed to have said “Great things are … done … by a series of small things brought together.” This aptly describes the Internet of Things (IoT), where many small things are coming together to shape what we all hope will deliver a great leap in the way we live and do business. In this blog, and in and accompanying interview with our colleague Daniel Hjort from Nexus Group, we discuss the challenges that industry faces to ensure safe deployment and management of IoT technolog
Security Affairs
SEPTEMBER 12, 2018
Security experts from Trend Micro have spotted a new strain of ransomware involved in attacks in July and August, the malicious code was posing as the Locky ransomware. Researchers at Trend Micro have detected a new ransomware family, dubbed PyLocky, that was used in attacks between July and August, the malware was posing as the Locky ransomware using its ransom note.
Advertisement
How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.
Dark Reading
SEPTEMBER 14, 2018
Protecting the 2018 election cycle means fixing the information infrastructure.
Threatpost
SEPTEMBER 14, 2018
The attack bypasses BIOS mitigations for cold-boot compromise on models from Apple, Dell, Lenovo and all others made in the last 10 years.
eSecurity Planet
SEPTEMBER 12, 2018
These step can help organizations find and fix security vulnerabilities in applications, whether from third parties or developed in-house.
Security Affairs
SEPTEMBER 13, 2018
Experts discovered several flaws in Fuji Electric V-Server, a tool that connects PCs within the organizations to Industrial Control Systems (ICS). Experts discovered several vulnerabilities in Fuji Electric V-Server, a tool that connects PCs within the organizations to Industrial Control Systems (ICS) on the corporate network. The ICS-CERT published two advisories to warn of the existence of the flaws that could have a severe impact on a broad range of companies in the critical manufacturing sec
Advertisement
After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!
Dark Reading
SEPTEMBER 14, 2018
Four-year, four-month term will follow a longer sentence in hacker's home country of Romania.
Threatpost
SEPTEMBER 12, 2018
The development fits a trend that sees threat actors turning to well-known, commodity malware, overcoming its easy detection with ever-better obfuscation methods.
WIRED Threat Level
SEPTEMBER 9, 2018
Misplacing your smartphone—or worse, having it stolen—is awful. But you can at least minimize the damage with a few easy steps.
Security Affairs
SEPTEMBER 11, 2018
Several anti-malware apps developed by Trend Micro have been removed from the Mac App Store because they were harvesting users’ browser history and other info. Several anti-malware apps developed by Trend Micro, including Dr Cleaner, Dr. Unarchiver, Dr Antivirus, and App Uninstall, have been removed from the Mac App Store after researchers discovered they were harvesting users’ browser history and other information.
Advertiser: Revenera
In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.
Expert insights. Personalized for you.
279 
Let's personalize your content