Schneier on Security
NOVEMBER 12, 2019
The Wall Street Journal has a story about how two people were identified as the perpetrators of a ransomware scheme. They were found because -- as generally happens -- they made mistakes covering their tracks. They were investigated because they had the bad luck of locking up Washington, DC's video surveillance cameras a week before the 2017 inauguration.
Krebs on Security
NOVEMBER 11, 2019
Orvis , a Vermont-based retailer that specializes in high-end fly fishing equipment and other sporting goods, leaked hundreds of internal passwords on Pastebin.com for several weeks last month, exposing credentials the company used to manage everything from firewalls and routers to administrator accounts and database servers, KrebsOnSecurity has learned.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Troy Hunt
NOVEMBER 9, 2019
It's a late, early in the day, hazy, bush-firey Aussie weekly update with a whole bunch of various bits and pieces of interest from throughout the week. The references below will give you a sense of how much I've jammed into this week so I won't repeat it all here in the intro, but I reckon it's a really interesting mix of different things across the industry.
Adam Shostack
NOVEMBER 13, 2019
The more I learn about threat modeling, the more I think the toughest part is how we answer the question: “What can go wrong?” Perhaps that’s “finding threats.” Maybe it’s “discovering” or “eliciting” them. Maybe it’s analogizing from threats we know about. I’m not yet even sure what to call it.
Advertisement
Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.
Schneier on Security
NOVEMBER 15, 2019
Really interesting research: TPM-FAIL: TPM meets Timing and Lattice Attacks , by Daniel Moghimi, Berk Sunar, Thomas Eisenbarth, and Nadia Heninger. Abstract: Trusted Platform Module (TPM) serves as a hardware-based root of trust that protects cryptographic keys from privileged system and physical adversaries. In this work, we per-form a black-box timing analysis of TPM 2.0 devices deployed on commodity computers.
Krebs on Security
NOVEMBER 13, 2019
In July 2016, KrebsOnSecurity published a story identifying a Toronto man as the author of the Orcus RAT , a software product that’s been marketed on underground forums and used in countless malware attacks since its creation in 2015. This week, Canadian authorities criminally charged him with orchestrating an international malware scheme. An advertisement for Orcus RAT.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
The Last Watchdog
NOVEMBER 12, 2019
There’s little doubt that the shift to quantum computing will open new horizons of digital commerce. But it’s also plain as day that the mainstreaming of quantum processing power will profoundly exacerbate cybersecurity exposures. Related: The ‘post quantum crytpo’ race is on This isn’t coming as any surprise to IT department heads. In fact, there’s widespread recognition in corporate circles that the planning to address fresh cyber risks associated with quantum computing should hav
Schneier on Security
NOVEMBER 13, 2019
Autonomous systems are going to have to do much better than this. The Uber car that hit and killed Elaine Herzberg in Tempe, Ariz., in March 2018 could not recognize all pedestrians, and was being driven by an operator likely distracted by streaming video, according to documents released by the U.S. National Transportation Safety Board (NTSB) this week.
Krebs on Security
NOVEMBER 12, 2019
Microsoft today released updates to plug security holes in its software, including patches to fix at least 74 weaknesses in various flavors of Windows and programs that run on top of it. The November updates include patches for a zero-day flaw in Internet Explorer that is currently being exploited in the wild, as well as a sneaky bug in certain versions of Office for Mac that bypasses security protections and was detailed publicly prior to today’s patches.
Tech Republic Security
NOVEMBER 14, 2019
The same threat actor has been observed targeting companies in the US, Italy, and Germany, according to a new report from security provider Proofpoint.
Advertisement
Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.
Troy Hunt
NOVEMBER 9, 2019
It's a late, early in the day, hazy, bush-firey Aussie weekly update with a whole bunch of various bits and pieces of interest from throughout the week. The references below will give you a sense of how much I've jammed into this week so I won't repeat it all here in the intro, but I reckon it's a really interesting mix of different things across the industry.
Schneier on Security
NOVEMBER 14, 2019
Technologists and policymakers largely inhabit two separate worlds. It's an old problem, one that the British scientist CP Snow identified in a 1959 essay entitled The Two Cultures. He called them sciences and humanities, and pointed to the split as a major hindrance to solving the world's problems. The essay was influential -- but 60 years later, nothing has changed.
Adam Levin
NOVEMBER 12, 2019
Google is collecting the health record data of millions of U.S. citizens, raising serious concerns about patient privacy. According to a recent story published in The Wall Street Journal , Google has partnered with Ascension, the nation’s second largest health care system for Project Nightingale. . The partnership gives Google full, non-anonymized access to “lab results, doctor diagnoses and hospitalization records… and amounts to a complete health history, including patient names and date
Tech Republic Security
NOVEMBER 11, 2019
With 5G comes a larger attack surface and more devices accessing the network. Companies must ramp up security strategies to stay protected, AT&T report finds.
Advertisement
After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!
Security Affairs
NOVEMBER 12, 2019
New problems for Facebook, it seems that the social networking giant is secretly using the camera while iPhone users are scrolling their feed. Is this another privacy issue for Facebook? The iPhone users Joshua Maddux speculates that Facebook might be actively using your camera without your knowledge while you’re scrolling your feed. Maddux published footage on Twitter that shows the camera o n his iPhone that is active while he scrolls through his feed.
Schneier on Security
NOVEMBER 11, 2019
Interesting : Siri, Alexa, and Google Assistant are vulnerable to attacks that use lasers to inject inaudible -- and sometimes invisible -- commands into the devices and surreptitiously cause them to unlock doors, visit websites, and locate, unlock, and start vehicles, researchers report in a research paper published on Monday. Dubbed Light Commands, the attack works against Facebook Portal and a variety of phones.
Adam Levin
NOVEMBER 15, 2019
News that Virtual Private Network ( VPN ) provider NordVPN was breached spread quickly. While the breach of a major VPN service is newsworthy, this one wasn’t particularly. A single server was compromised , one of many, and according to NordVPN only 50-200 customers were affected. But one of the watchwords of good cyber hygiene, a VPN, was breached.
Tech Republic Security
NOVEMBER 15, 2019
Nearly half (47%) of executives believe they will be at a greater security risk in the next year, a Chubb and NCMM report found.
Advertisement
How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.
Security Affairs
NOVEMBER 10, 2019
Experts believe Artificial intelligence (AI) could introduce new cybersecurity concerns, and that the upcoming 5G network could pose new risks as well. Information Risk Management (IRM) recently published its 2019 Risky Business Report. The document shows the results of polling decision-makers in the cybersecurity and risk management sectors to get their expert opinions on things like the changing threat landscape, corporate decision-making about cybersecurity and other pertinent topics.
Schneier on Security
NOVEMBER 14, 2019
This is a current list of where and when I am scheduled to speak: I'm speaking on " Securing a World of Physically Capable Computers " at the Indian Institute of Science in Bangalore, India on December 12, 2019. The list is maintained on this page.
Thales Cloud Protection & Licensing
NOVEMBER 14, 2019
In the modern era of a global information economy, every single day, enormous amounts of information are transmitted, stored and collected worldwide. All these transactions are made possible by the massive technological advancements in our computing and networking capabilities that have materialized in recent years. These technological advancements not only changed the landscape of our global online, social, economic and financial endeavors but also brought numerous changes in privacy and data p
Tech Republic Security
NOVEMBER 13, 2019
Lots of PHI, low security, and multiple entry points make hospitals the perfect target for hackers and ransomware attacks are up 45% in Q3.
Advertiser: Revenera
In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.
Security Affairs
NOVEMBER 12, 2019
On S unday , the Mexican state-owned oil company Petróleos Mexicanos (Pemex) was infected with the DoppelPaymer ransomware. On Sunday, a piece of the DoppelPaymer ransomware infected systems of the Mexican state-owned oil company Petróleos Mexicanos (Pemex) taking down part of its network. The ransom amount for Pemex is 565 BTC currently… Also, DoppelPaymer's TOR site's text was updated sometimes & now have this: "Also, we have gathered all your private sensitive data.
WIRED Threat Level
NOVEMBER 15, 2019
The dozens of flaws across 29 Android smartphone makers show just how insecure the devices can be, even brand-new.
Daniel Miessler
NOVEMBER 13, 2019
This is UL Member Content Subscribe Already a member? Login No related posts.
Tech Republic Security
NOVEMBER 14, 2019
An IBM X-Force Red team member explains how her background in makeup and sales helps her social engineering career. Also, she demonstrates how cybercriminals can easily clone your work ID badge.
Advertisement
Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.
Security Affairs
NOVEMBER 11, 2019
Crowdsourced security platform Bugcrowd announced it paid over $500,000 in bug bounty rewards during the last week of October. Bug bounty program could represent an excellent opportunity to monetize your passion, in just one week crowdsourced security platform Bugcrowd announced it paid over $500,000 in bug bounty rewards at the end of October. Bugcrowd is used by many enterprises, it allows them to manage bug bounty programs, penetration testing, and vulnerability disclosure.
WIRED Threat Level
NOVEMBER 15, 2019
From the 2017 French election to the Olympics to NotPetya, the same group's fingerprints have appeared again and again.
Dark Reading
NOVEMBER 14, 2019
Seven chief information security officers share their pain points and two-year spending plans.
Tech Republic Security
NOVEMBER 13, 2019
IBM's Chief People Hacker Stephanie "Snow" Carruthers describes how criminals use caller ID spoofing to get your private data.
Advertisement
Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!
Expert insights. Personalized for you.
237 
Let's personalize your content