Sat.Apr 28, 2018 - Fri.May 04, 2018

article thumbnail

NIST Issues Call for "Lightweight Cryptography" Algorithms

Schneier on Security

This is interesting: Creating these defenses is the goal of NIST's lightweight cryptography initiative, which aims to develop cryptographic algorithm standards that can work within the confines of a simple electronic device. Many of the sensors, actuators and other micromachines that will function as eyes, ears and hands in IoT networks will work on scant electrical power and use circuitry far more limited than the chips found in even the simplest cell phone.

IoT 213
article thumbnail

New Pluralsight Course: JavaScript Security Play by Play

Troy Hunt

Ah JavaScript, the answer to - and cause of - all our problems on the web today! Just kidding, jQuery has solved all our JS problems now. But seriously, JS is a major component of so much of what we build online these days and as with our other online things, the security posture of it is enormously important to understand. Recently, I teamed up with good mate and fellow Pluralsight author Aaron Powell who spends his life writing JS things.

124
124
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

New Rowhammer Attack Hijacks Android Smartphones Remotely

WIRED Threat Level

Dutch researchers have pushed the mind-bending Rowhammer hacking technique one more step towards a practical attack.

Hacking 112
article thumbnail

How to Prevent SQL Injection Attacks

eSecurity Planet

Your company's website does not have to be the next victim of a SQL injection breach. Here's how to prevent SQL injection attacks.

109
109
article thumbnail

Prevent Data Breaches With Zero-Trust Enterprise Password Management

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

article thumbnail

IoT Inspector Tool from Princeton

Schneier on Security

Researchers at Princeton University have released IoT Inspector , a tool that analyzes the security and privacy of IoT devices by examining the data they send across the Internet. They've already used the tool to study a bunch of different IoT devices. From their blog post : Finding #3: Many IoT Devices Contact a Large and Diverse Set of Third Parties In many cases, consumers expect that their devices contact manufacturers' servers, but communication with other third-party destinations may not b

IoT 177
article thumbnail

Subresource Integrity and Upgrade-Insecure-Requests are Now Supported in Microsoft Edge

Troy Hunt

The more time that goes by and the more deeply I give it thought, the more convinced I am that the web is held together with sticky tape. No - cyber-sticky tape! Because especially when it comes to security, there are fundamental and inherent shortcomings in everything from HTTP to HTML and many of the other acronyms that make the web work as it does today.

More Trending

article thumbnail

How to handle mistakes while using AI to block attacks

Elie

This post looks at the main difficulties faced while using a classifier to block attacks: handling mistakes and uncertainty such that the overall system remains secure and usable. At a high level, the main difficulty faced when using a classifier to block attacks is how to handle mistakes. The need to handle errors correctly can be broken down into two challenges: how to strike the right balance between false positives and false negatives, to ensure that your product remains safe when your class

article thumbnail

LC4: Another Pen-and-Paper Cipher

Schneier on Security

Interesting symmetric cipher: LC4 : Abstract: ElsieFour (LC4) is a low-tech cipher that can be computed by hand; but unlike many historical ciphers, LC4 is designed to be hard to break. LC4 is intended for encrypted communication between humans only, and therefore it encrypts and decrypts plaintexts and ciphertexts consisting only of the English letters A through Z plus a few other characters.

article thumbnail

Weekly Update 85

Troy Hunt

It's a (new) weekly update! Lights are in, things are much brighter and. I think it was a bit too bright and the camera was pointed too high. This is all experimentation, folks, and I appreciate everyone's input as I tune things to try and get a consistent, quality result. Still, as someone said whilst I was mucking around with all this, the audio quality is great and that's what people are ultimately listening to so that's a fantastic start.

Passwords 109
article thumbnail

Nigerian Email Scammers Are More Effective Than Ever

WIRED Threat Level

By fine-tuning social engineering techniques and targeting small businesses, Nigerian scammers have kept well ahead of defenses.

article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

How to handle mistakes while using AI to block attacks

Elie

This post looks at the main difficulty faced while using a classifier to block attacks: handling mistakes and uncertainty such that the overall system remains secure and usable. This is the third post in a series of four that is dedicated to providing a concise overview of how to use artificial intelligence (AI) to build robust anti-abuse protections.

article thumbnail

Detecting Laptop Tampering

Schneier on Security

Micah Lee ran a two-year experiment designed to detect whether or not his laptop was ever tampered with. The results are inconclusive, but demonstrate how difficult it can be to detect laptop tampering.

145
145
article thumbnail

We're Doing Security Wrong!

Dark Reading

When you simply heap technology onto a system, you limit your hiring pool and spread your employees too thin. Focus on your people instead.

article thumbnail

Cambridge Analytica Shuts Down Amid Ongoing Facebook Crisis

WIRED Threat Level

The troubled data firm, which improperly accessed the data of up to 87 million Facebook users, has ceased operations.

111
111
article thumbnail

The Tumultuous IT Landscape Is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

article thumbnail

Interviewed on RSAC TV

Andrew Hay

I had the pleasure of being interviewed by Eleanor Dallaway, Editor and Publisher – Infosecurity Magazine, on RSA Conference Television (RSAC TV) last week at the annual RSA Security Conference. In the interview, we spoke of what I had observed on the show floor, the state of the security industry, and I describe my perfect customer in information security.

article thumbnail

How VMware Organizes Its Security Products

eSecurity Planet

VIDEO: Tom Corn, Senior Vice President and GM of Security Products at VMware, details the core pillars of cybersecurity at his company.

article thumbnail

Report: China's Intelligence Apparatus Linked to Previously Unconnected Threat Groups

Dark Reading

Multiple groups operating under the China state-sponsored Winnti umbrella have been targeting organizations in the US, Japan, and elsewhere, says ProtectWise.

68
article thumbnail

AI Can Help Cybersecurity—If It Can Fight Through the Hype

WIRED Threat Level

There are a ton of claims around AI and cybersecurity that don't quite add up. Here's what's really going on.

article thumbnail

The Importance of User Roles and Permissions in Cybersecurity Software

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

article thumbnail

Twitter Sold Data To Cambridge Analytica-Linked Company

Threatpost

Twitter is the latest company to face backlash for how it handles data privacy after disclosing that it sold data access to a Cambridge Analytica-linked researcher.

article thumbnail

WannaCry & NotPetya Ransomware Attacks – One Year Later

Thales Cloud Protection & Licensing

The cyber community is often reminded of past events such as large-scale data breaches and vicious cyberattacks that caused mass destruction and caught the publics’ attention. This month marks the one-year anniversary of the WannaCry ransomware attack that seized operating systems across the globe and caused businesses up to $4 billion in damages. The WannaCry virus was able to spread thanks to the Shadow Brokers’ NSA data dump which exposed EternalBlue to the public and was quickly abused by cy

article thumbnail

A Data Protection Officer's Guide to GDPR 'Privacy by Design'

Dark Reading

These five steps can show you how to start building your foundational privacy program for the EU's General Data Protection Regulation.

65
article thumbnail

DDoS For Hire, a CIA Card Game, and More Security News This Week

WIRED Threat Level

A major DDoS for hire site gets taken down, the CIA has a card game that you can play soon too, and more security news this week.

DDOS 95
article thumbnail

IDC Analyst Report: The Open Source Blind Spot Putting Businesses at Risk

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

article thumbnail

Tens of Thousands of Malicious Apps Using Facebook APIs

Threatpost

The apps are deemed malicious by doing things such as capturing pictures and audio when the app is closed, or making an unusually large amount of network calls.

61
article thumbnail

Database Encryption Key Management

Thales Cloud Protection & Licensing

Streamlining operations and improving security. Large data scale breaches have led an increasing number of companies to embrace comprehensive encryption strategies to protect their assets. According to our 2018 Global Encryption Trends Study , 43% of respondents report that their organization has an encryption strategy they apply across the enterprise, compared with 15% in 2005.

article thumbnail

Hackers Leverage GDPR to Target Airbnb Customers

Dark Reading

Fraudsters are taking advantage of new EU privacy laws to demand personal information from Airbnb users.

65
article thumbnail

Kali Linux 2018.2 Release

Kali Linux

This Kali release is the first to include the Linux 4.15 kernel, which includes the x86 and x64 fixes for the much-hyped Spectre and Meltdown vulnerabilities. It also includes much better support for AMD GPUs and support for AMD Secure Encrypted Virtualization , which allows for encrypting virtual machine memory such that even the hypervisor can’t access it.

article thumbnail

The Cloud Development Environment Adoption Report

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

article thumbnail

Abbott Addresses Life-Threatening Flaw in a Half-Million Pacemakers

Threatpost

A backdoor could be exploited to allow an attacker to manipulate the implants and cause heart problems and even death,

article thumbnail

Top 10 Governance, Risk and Compliance (GRC) Vendors

eSecurity Planet

Our picks for top GRC products, compliance solutions that are growing in importance thanks to data privacy and security regulations like GDPR.

article thumbnail

Ransomware Attacks Jumped 400% Worldwide in 2017

Dark Reading

WannaCry led the pack all year, new F-Secure report says.

article thumbnail

How to handle mistakes while using AI to block attacks

Elie

This post looks at the main difficulty faced while using a classifier to block attacks: handling mistakes and uncertainty such that the overall system remains secure and usable.

48
article thumbnail

Bringing the Cybersecurity Imperative Into Focus

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!