Schneier on Security

MAY 2, 2018

This is interesting: Creating these defenses is the goal of NIST's lightweight cryptography initiative, which aims to develop cryptographic algorithm standards that can work within the confines of a simple electronic device. Many of the sensors, actuators and other micromachines that will function as eyes, ears and hands in IoT networks will work on scant electrical power and use circuitry far more limited than the chips found in even the simplest cell phone.

IoT 200

IoT Encryption 200

Troy Hunt

MAY 3, 2018

Ah JavaScript, the answer to - and cause of - all our problems on the web today! Just kidding, jQuery has solved all our JS problems now. But seriously, JS is a major component of so much of what we build online these days and as with our other online things, the security posture of it is enormously important to understand. Recently, I teamed up with good mate and fellow Pluralsight author Aaron Powell who spends his life writing JS things.

120

120

eSecurity Planet

MAY 2, 2018

Your company's website does not have to be the next victim of a SQL injection breach. Here's how to prevent SQL injection attacks.

111

111

Elie

APRIL 29, 2018

This post looks at the main difficulties faced while using a classifier to block attacks: handling mistakes and uncertainty such that the overall system remains secure and usable. At a high level, the main difficulty faced when using a classifier to block attacks is how to handle mistakes. The need to handle errors correctly can be broken down into two challenges: how to strike the right balance between false positives and false negatives, to ensure that your product remains safe when your class

Accountability 88

Accountability Artificial Intelligence 88

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Software

Schneier on Security

MAY 1, 2018

Researchers at Princeton University have released IoT Inspector , a tool that analyzes the security and privacy of IoT devices by examining the data they send across the Internet. They've already used the tool to study a bunch of different IoT devices. From their blog post : Finding #3: Many IoT Devices Contact a Large and Diverse Set of Third Parties In many cases, consumers expect that their devices contact manufacturers' servers, but communication with other third-party destinations may not b

IoT 167

IoT Manufacturing Encryption DNS 167

Troy Hunt

MAY 1, 2018

The more time that goes by and the more deeply I give it thought, the more convinced I am that the web is held together with sticky tape. No - cyber-sticky tape! Because especially when it comes to security, there are fundamental and inherent shortcomings in everything from HTTP to HTML and many of the other acronyms that make the web work as it does today.

Government 120

Government 120

Elie

APRIL 29, 2018

This post looks at the main difficulty faced while using a classifier to block attacks: handling mistakes and uncertainty such that the overall system remains secure and usable. This is the third post in a series of four that is dedicated to providing a concise overview of how to use artificial intelligence (AI) to build robust anti-abuse protections.

Accountability 88

Accountability Artificial Intelligence 88

Schneier on Security

MAY 3, 2018

Interesting symmetric cipher: LC4 : Abstract: ElsieFour (LC4) is a low-tech cipher that can be computed by hand; but unlike many historical ciphers, LC4 is designed to be hard to break. LC4 is intended for encrypted communication between humans only, and therefore it encrypts and decrypts plaintexts and ciphertexts consisting only of the English letters A through Z plus a few other characters.

Encryption 143

Encryption Authentication 143

Troy Hunt

MAY 4, 2018

It's a (new) weekly update! Lights are in, things are much brighter and. I think it was a bit too bright and the camera was pointed too high. This is all experimentation, folks, and I appreciate everyone's input as I tune things to try and get a consistent, quality result. Still, as someone said whilst I was mucking around with all this, the audio quality is great and that's what people are ultimately listening to so that's a fantastic start.

Passwords 109

Passwords Data breaches 109

WIRED Threat Level

MAY 3, 2018

By fine-tuning social engineering techniques and targeting small businesses, Nigerian scammers have kept well ahead of defenses.

Social Engineering 105

Social Engineering Small Business Engineering 105

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

Andrew Hay

APRIL 30, 2018

I had the pleasure of being interviewed by Eleanor Dallaway, Editor and Publisher – Infosecurity Magazine, on RSA Conference Television (RSAC TV) last week at the annual RSA Security Conference. In the interview, we spoke of what I had observed on the show floor, the state of the security industry, and I describe my perfect customer in information security.

Information Security 74

Information Security 74

Schneier on Security

MAY 4, 2018

Micah Lee ran a two-year experiment designed to detect whether or not his laptop was ever tampered with. The results are inconclusive, but demonstrate how difficult it can be to detect laptop tampering.

138

138

Dark Reading

MAY 4, 2018

When you simply heap technology onto a system, you limit your hiring pool and spread your employees too thin. Focus on your people instead.

Technology 78

Technology 78

WIRED Threat Level

MAY 2, 2018

The troubled data firm, which improperly accessed the data of up to 87 million Facebook users, has ceased operations.

108

108

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Thales Cloud Protection & Licensing

MAY 1, 2018

The cyber community is often reminded of past events such as large-scale data breaches and vicious cyberattacks that caused mass destruction and caught the publics’ attention. This month marks the one-year anniversary of the WannaCry ransomware attack that seized operating systems across the globe and caused businesses up to $4 billion in damages. The WannaCry virus was able to spread thanks to the Shadow Brokers’ NSA data dump which exposed EternalBlue to the public and was quickly abused by cy

Ransomware 59

Ransomware Encryption Data privacy Data breaches 59

eSecurity Planet

APRIL 30, 2018

VIDEO: Tom Corn, Senior Vice President and GM of Security Products at VMware, details the core pillars of cybersecurity at his company.

Cybersecurity 70

Cybersecurity 70

Dark Reading

MAY 4, 2018

Multiple groups operating under the China state-sponsored Winnti umbrella have been targeting organizations in the US, Japan, and elsewhere, says ProtectWise.

68

68

WIRED Threat Level

MAY 3, 2018

On World Password Day, Twitter discloses a major gaffe that left user passwords potentially vulnerable.

Passwords 109

Passwords 109

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

Threatpost

APRIL 30, 2018

Twitter is the latest company to face backlash for how it handles data privacy after disclosing that it sold data access to a Cambridge Analytica-linked researcher.

Data privacy 61

Data privacy Media 61

eSecurity Planet

MAY 3, 2018

Our picks for top GRC products, compliance solutions that are growing in importance thanks to data privacy and security regulations like GDPR.

Government 66

Government Data privacy Risk 66

Dark Reading

MAY 1, 2018

Despite heightened awareness of the security implications many users still continue to reuse passwords and rarely if ever change them, a LogMeIn survey shows.

Passwords 64

Passwords 64

WIRED Threat Level

APRIL 29, 2018

There are a ton of claims around AI and cybersecurity that don't quite add up. Here's what's really going on.

Cybersecurity 100

Cybersecurity 100

Advertisement

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

Software

Thales Cloud Protection & Licensing

MAY 3, 2018

Streamlining operations and improving security. Large data scale breaches have led an increasing number of companies to embrace comprehensive encryption strategies to protect their assets. According to our 2018 Global Encryption Trends Study , 43% of respondents report that their organization has an encryption strategy they apply across the enterprise, compared with 15% in 2005.

Encryption 54

Encryption Architecture Software Risk 54

Kali Linux

APRIL 29, 2018

This Kali release is the first to include the Linux 4.15 kernel, which includes the x86 and x64 fixes for the much-hyped Spectre and Meltdown vulnerabilities. It also includes much better support for AMD GPUs and support for AMD Secure Encrypted Virtualization , which allows for encrypting virtual machine memory such that even the hypervisor can’t access it.

Encryption 52

Encryption 52

Dark Reading

MAY 1, 2018

Researchers get hold of a copy of Kim Jong Un regime's mysterious internal 'SiliVaccine' antivirus software provided only to its citizens - and find a few surprises.

Software 62

Software Antivirus 62

WIRED Threat Level

APRIL 28, 2018

A major DDoS for hire site gets taken down, the CIA has a card game that you can play soon too, and more security news this week.

DDOS 78

DDOS 78

Advertisement

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

Cybersecurity

Threatpost

MAY 1, 2018

The apps are deemed malicious by doing things such as capturing pictures and audio when the app is closed, or making an unusually large amount of network calls.

61

61

Elie

APRIL 29, 2018

This post looks at the main difficulty faced while using a classifier to block attacks: handling mistakes and uncertainty such that the overall system remains secure and usable.

48

48

Dark Reading

MAY 1, 2018

These five steps can show you how to start building your foundational privacy program for the EU's General Data Protection Regulation.

65

65

eSecurity Planet

MAY 3, 2018

We review the Nasdaq BWise eGRC platform, which has modules for internal audit, risk management, compliance & policy management, information security and sustainability performance management.

Information Security 40

Information Security Risk 40

Advertisement

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

Cybersecurity