Schneier on Security
NOVEMBER 12, 2019
The Wall Street Journal has a story about how two people were identified as the perpetrators of a ransomware scheme. They were found because -- as generally happens -- they made mistakes covering their tracks. They were investigated because they had the bad luck of locking up Washington, DC's video surveillance cameras a week before the 2017 inauguration.
Krebs on Security
NOVEMBER 13, 2019
In July 2016, KrebsOnSecurity published a story identifying a Toronto man as the author of the Orcus RAT , a software product that’s been marketed on underground forums and used in countless malware attacks since its creation in 2015. This week, Canadian authorities criminally charged him with orchestrating an international malware scheme. An advertisement for Orcus RAT.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Troy Hunt
NOVEMBER 9, 2019
It's a late, early in the day, hazy, bush-firey Aussie weekly update with a whole bunch of various bits and pieces of interest from throughout the week. The references below will give you a sense of how much I've jammed into this week so I won't repeat it all here in the intro, but I reckon it's a really interesting mix of different things across the industry.
Adam Shostack
NOVEMBER 13, 2019
The more I learn about threat modeling, the more I think the toughest part is how we answer the question: “What can go wrong?” Perhaps that’s “finding threats.” Maybe it’s “discovering” or “eliciting” them. Maybe it’s analogizing from threats we know about. I’m not yet even sure what to call it.
Advertisement
Many cybersecurity awareness platforms offer massive content libraries, yet they fail to enhance employees’ cyber resilience. Without structured, engaging, and personalized training, employees struggle to retain and apply key cybersecurity principles. Phished.io explains why organizations should focus on interactive, scenario-based learning rather than overwhelming employees with excessive content.
Schneier on Security
NOVEMBER 15, 2019
Really interesting research: TPM-FAIL: TPM meets Timing and Lattice Attacks , by Daniel Moghimi, Berk Sunar, Thomas Eisenbarth, and Nadia Heninger. Abstract: Trusted Platform Module (TPM) serves as a hardware-based root of trust that protects cryptographic keys from privileged system and physical adversaries. In this work, we per-form a black-box timing analysis of TPM 2.0 devices deployed on commodity computers.
Krebs on Security
NOVEMBER 11, 2019
Orvis , a Vermont-based retailer that specializes in high-end fly fishing equipment and other sporting goods, leaked hundreds of internal passwords on Pastebin.com for several weeks last month, exposing credentials the company used to manage everything from firewalls and routers to administrator accounts and database servers, KrebsOnSecurity has learned.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
|
The Last Watchdog
NOVEMBER 12, 2019
There’s little doubt that the shift to quantum computing will open new horizons of digital commerce. But it’s also plain as day that the mainstreaming of quantum processing power will profoundly exacerbate cybersecurity exposures. Related: The ‘post quantum crytpo’ race is on This isn’t coming as any surprise to IT department heads. In fact, there’s widespread recognition in corporate circles that the planning to address fresh cyber risks associated with quantum computing should hav
Schneier on Security
NOVEMBER 13, 2019
Autonomous systems are going to have to do much better than this. The Uber car that hit and killed Elaine Herzberg in Tempe, Ariz., in March 2018 could not recognize all pedestrians, and was being driven by an operator likely distracted by streaming video, according to documents released by the U.S. National Transportation Safety Board (NTSB) this week.
Krebs on Security
NOVEMBER 12, 2019
Microsoft today released updates to plug security holes in its software, including patches to fix at least 74 weaknesses in various flavors of Windows and programs that run on top of it. The November updates include patches for a zero-day flaw in Internet Explorer that is currently being exploited in the wild, as well as a sneaky bug in certain versions of Office for Mac that bypasses security protections and was detailed publicly prior to today’s patches.
Tech Republic Security
NOVEMBER 14, 2019
The same threat actor has been observed targeting companies in the US, Italy, and Germany, according to a new report from security provider Proofpoint.
Advertisement
The DHS compliance audit clock is ticking on Zero Trust. Government agencies can no longer ignore or delay their Zero Trust initiatives. During this virtual panel discussion—featuring Kelly Fuller Gordon, Founder and CEO of RisX, Chris Wild, Zero Trust subject matter expert at Zermount, Inc., and Principal of Cybersecurity Practice at Eliassen Group, Trey Gannon—you’ll gain a detailed understanding of the Federal Zero Trust mandate, its requirements, milestones, and deadlines.
Troy Hunt
NOVEMBER 9, 2019
It's a late, early in the day, hazy, bush-firey Aussie weekly update with a whole bunch of various bits and pieces of interest from throughout the week. The references below will give you a sense of how much I've jammed into this week so I won't repeat it all here in the intro, but I reckon it's a really interesting mix of different things across the industry.
Schneier on Security
NOVEMBER 14, 2019
Technologists and policymakers largely inhabit two separate worlds. It's an old problem, one that the British scientist CP Snow identified in a 1959 essay entitled The Two Cultures. He called them sciences and humanities, and pointed to the split as a major hindrance to solving the world's problems. The essay was influential -- but 60 years later, nothing has changed.
Adam Levin
NOVEMBER 12, 2019
Google is collecting the health record data of millions of U.S. citizens, raising serious concerns about patient privacy. According to a recent story published in The Wall Street Journal , Google has partnered with Ascension, the nation’s second largest health care system for Project Nightingale. . The partnership gives Google full, non-anonymized access to “lab results, doctor diagnoses and hospitalization records… and amounts to a complete health history, including patient names and date
Tech Republic Security
NOVEMBER 11, 2019
With 5G comes a larger attack surface and more devices accessing the network. Companies must ramp up security strategies to stay protected, AT&T report finds.
Advertisement
Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.
Security Affairs
NOVEMBER 12, 2019
New problems for Facebook, it seems that the social networking giant is secretly using the camera while iPhone users are scrolling their feed. Is this another privacy issue for Facebook? The iPhone users Joshua Maddux speculates that Facebook might be actively using your camera without your knowledge while you’re scrolling your feed. Maddux published footage on Twitter that shows the camera o n his iPhone that is active while he scrolls through his feed.
Schneier on Security
NOVEMBER 11, 2019
Interesting : Siri, Alexa, and Google Assistant are vulnerable to attacks that use lasers to inject inaudible -- and sometimes invisible -- commands into the devices and surreptitiously cause them to unlock doors, visit websites, and locate, unlock, and start vehicles, researchers report in a research paper published on Monday. Dubbed Light Commands, the attack works against Facebook Portal and a variety of phones.
Adam Levin
NOVEMBER 15, 2019
News that Virtual Private Network ( VPN ) provider NordVPN was breached spread quickly. While the breach of a major VPN service is newsworthy, this one wasn’t particularly. A single server was compromised , one of many, and according to NordVPN only 50-200 customers were affected. But one of the watchwords of good cyber hygiene, a VPN, was breached.
Tech Republic Security
NOVEMBER 15, 2019
Nearly half (47%) of executives believe they will be at a greater security risk in the next year, a Chubb and NCMM report found.
Advertisement
Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.
Security Affairs
NOVEMBER 12, 2019
On S unday , the Mexican state-owned oil company Petróleos Mexicanos (Pemex) was infected with the DoppelPaymer ransomware. On Sunday, a piece of the DoppelPaymer ransomware infected systems of the Mexican state-owned oil company Petróleos Mexicanos (Pemex) taking down part of its network. The ransom amount for Pemex is 565 BTC currently… Also, DoppelPaymer's TOR site's text was updated sometimes & now have this: "Also, we have gathered all your private sensitive data.
Schneier on Security
NOVEMBER 14, 2019
This is a current list of where and when I am scheduled to speak: I'm speaking on " Securing a World of Physically Capable Computers " at the Indian Institute of Science in Bangalore, India on December 12, 2019. The list is maintained on this page.
Daniel Miessler
NOVEMBER 13, 2019
This is UL Member Content Subscribe Already a member? Login No related posts.
Tech Republic Security
NOVEMBER 13, 2019
Lots of PHI, low security, and multiple entry points make hospitals the perfect target for hackers and ransomware attacks are up 45% in Q3.
Advertisement
How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.
Security Affairs
NOVEMBER 15, 2019
Sergiy P. , the administrator of DDoS-for-hire services was sentenced to 13 months in prison, and additional three years of supervised release. Sergiy P. Usatyuk , a man that was operating several DDoS-for-hire services was sentenced to 13 months in prison, and additional three years of supervised release. DDoS-for-hire services , aka stressers or booters , allows crooks to launch large scale DDoS attacks by paying a subscription fee. “An Orland Park, Illinois, resident was sentenced yeste
Dark Reading
NOVEMBER 14, 2019
Seven chief information security officers share their pain points and two-year spending plans.
Threatpost
NOVEMBER 14, 2019
The campaign is consistent with emerging tactics from bad actors to use increasingly sophisticated social engineering and spoofing to deliver malware.
Tech Republic Security
NOVEMBER 14, 2019
An IBM X-Force Red team member explains how her background in makeup and sales helps her social engineering career. Also, she demonstrates how cybercriminals can easily clone your work ID badge.
Advertisement
After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!
Security Affairs
NOVEMBER 11, 2019
Researchers from Radware reported that massive TCP SYN-ACK DDoS reflection attacks hit Amazon, SoftLayer and telecom infrastructure in the last month. Researchers from Radware are warning of a wave of TCP SYN-ACK DDoS reflection attacks that in the last 30 days hit Amazon, SoftLayer and telecom infrastructure. “Over the last 30 days, Radware has observed a number of criminal campaigns that have been abusing the TCP implementation by performing TCP reflection attacks against large corporati
Dark Reading
NOVEMBER 14, 2019
Well-known Trojans Emotet and Trickbot are cybercriminals' favorite weapons in their campaigns.
Threatpost
NOVEMBER 15, 2019
The threats follow a DDos attack bent on taking out the Labour Party's online presence.
Tech Republic Security
NOVEMBER 13, 2019
IBM's Chief People Hacker Stephanie "Snow" Carruthers describes how criminals use caller ID spoofing to get your private data.
Advertiser: Revenera
In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.
Expert insights. Personalized for you.
264 
Let's personalize your content