Schneier on Security
OCTOBER 10, 2018
The US Government Accounting Office just published a new report: " Weapons Systems Cyber Security: DOD Just Beginning to Grapple with Scale of Vulnerabilities " (summary here ). The upshot won't be a surprise to any of my regular readers: they're vulnerable. From the summary: Automation and connectivity are fundamental enablers of DOD's modern military capabilities.
Krebs on Security
OCTOBER 12, 2018
Earlier this month I spoke at a cybersecurity conference in Albany, N.Y. alongside Tony Sager , senior vice president and chief evangelist at the Center for Internet Security and a former bug hunter at the U.S. National Security Agency. We talked at length about many issues, including supply chain security, and I asked Sager whether he’d heard anything about rumors that Supermicro — a high tech firm in San Jose, Calif. — had allegedly inserted hardware backdoors in technology s
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Adam Levin
OCTOBER 8, 2018
Amazon revealed a breach of customer data last week, but it wasn’t a data breach of the usual variety. Rather than falling prey to a cyberattack or having hackers exploit unsecured code, customer emailed addresses were leaked by an employee to an online reseller in exchange for money. What you need to know: 1.) A crime was committed, and 2.) It still counts as a data compromise.
Adam Shostack
OCTOBER 12, 2018
I have regularly asked why we don’t know more about the Equifax breach, including in comments in “ That Was Close! Reward Reporting of Cybersecurity ‘Near Misses’ ” These questions are not intended to attack Equifax. Rather, we can use their breach as a mirror to reflect, and ask questions about how defenses work, and learn things we can bring to our own systems.
Advertisement
Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.
Schneier on Security
OCTOBER 12, 2018
It's no secret that computers are insecure. Stories like the recent Facebook hack , the Equifax hack and the hacking of government agencies are remarkable for how unremarkable they really are. They might make headlines for a few days, but they're just the newsworthy tip of a very large iceberg. The risks are about to get worse, because computers are being embedded into physical devices and will affect lives, not just our data.
Krebs on Security
OCTOBER 9, 2018
What do we do with a company that regularly pumps metric tons of virtual toxic sludge onto the Internet and yet refuses to clean up their act? If ever there were a technology giant that deserved to be named and shamed for polluting the Web, it is Xiongmai — a Chinese maker of electronic parts that power a huge percentage of cheap digital video recorders (DVRs) and Internet-connected security cameras.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
The Last Watchdog
OCTOBER 8, 2018
“May you live in interesting times.” The old Chinese proverb–some consider it a blessing and others a curse–certainly describes the modern-day cyber landscape. Related: 7 attacks that put us at the brink of cyber war. In today’s geopolitical terrain, nation-state backed cyber criminals are widening their targets and starting to zero in on their adversaries’ business and industrial sectors, using more and more sophisticated weaponry to do so.
Schneier on Security
OCTOBER 11, 2018
Bloomberg has another story about hardware surveillance implants in equipment made in China. This implant is different from the one Bloomberg reported on last week. That story has been denied by pretty much everyone else, but Bloomberg is sticking by its story and its sources. (I linked to other commentary and analysis here.). Again, I have no idea what's true.
Krebs on Security
OCTOBER 11, 2018
Microsoft this week released software updates to fix roughly 50 security problems with various versions of its Windows operating system and related software, including one flaw that is already being exploited and another for which exploit code is publicly available. The zero-day bug — CVE-2018-8453 — affects Windows versions 7, 8.1, 10 and Server 2008, 2012, 2016 and 2019.
Adam Levin
OCTOBER 10, 2018
Facebook announced today that a security bug in its WhatsApp messaging service that allowed hackers to take control of users’ phones has been fixed. The vulnerability affected the WhatsApp app on both iPhone and Android devices.It allowed hackers to take control of accounts simply by having their victims answer a video call. The bug was initially discovered by Google Project Zero, and reported by ZDNet and the Register in late August, but was not fixed until this week, leaving the service’s 1.2
Advertisement
After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!
Security Affairs
OCTOBER 10, 2018
A Windows zero-day flaw addressed by Microsoft with its latest Patch Tuesday updates is exploited by an APT group in attacks aimed at entities in the Middle East. The Windows zero-day vulnerability tracked as CVE-2018-8453 is a privilege escalation flaw that was exploited by an APT group in attacks against entities in the Middle East. The flaw, tracked as CVE-2018-8453, affects the Win32k component of Windows handles objects in memory.
Schneier on Security
OCTOBER 9, 2018
The international digital human rights organization Access Now (I am on the board ) is looking to hire a Chief Security Officer. I believe that, somewhere, there is a highly qualified security person who has had enough of corporate life and wants instead of make a difference in the world. If that's you, please consider applying.
Dark Reading
OCTOBER 12, 2018
There's no excuse for not knowing your exposure. These free tools can help you analyze what your company is up against and point ways to developing a more thorough security program.
Adam Levin
OCTOBER 8, 2018
Google announced that it will be shutting down consumer use of the long-ailing social platform Google+ after it was revealed that a security bug dating back more than six months was not disclosed by the company. According to the Wall Street Journal , Google may have opted not to disclose the bug at least in part to avoid regulatory scrutiny, though the platform, originally launched to compete against Facebook, has had lackluster adoption among users and may well have been slated for the digital
Advertisement
How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.
Security Affairs
OCTOBER 9, 2018
Security researchers who devised last year the Key Reinstallation Attack, aka KRACK attack, have disclosed new variants of the attack. Security researchers Mathy Vanhoef and Frank Piessens who devised last year the Key Reinstallation Attack against WPA, aka KRACK attack, have disclosed new variants of the attack. Last year, boffins discovered several key management flaws in the core of Wi-Fi Protected Access II (WPA2) protocol that could be exploited by an attacker to hack into Wi-Fi network
Schneier on Security
OCTOBER 8, 2018
Two teenagers figured out how to beat the "Deal or No Deal" arcade game by filming the computer animation than then slowing it down enough to determine where the big prize was hidden.
WIRED Threat Level
OCTOBER 11, 2018
For years, China has systematically looted American trade secrets. Here's the messy inside story of how DC got Beijing to clean up its act for a while.
eSecurity Planet
OCTOBER 8, 2018
This new IT security testing technology continually monitors networks and systems to help organizations determine how secure their environment is.
Advertiser: Revenera
In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.
Security Affairs
OCTOBER 7, 2018
The Git Project released a new version of the Git client, Github Desktop, or Atom. that addressed a critical remote code execution vulnerability in the Git. The Git Project addressed a critical remote code execution vulnerability in the Git command line client, Git Desktop, and Atom. The flaw tracked as CVE-2018-17456 could be exploited by malicious repositories to remotely execute commands on a vulnerable system.
Thales Cloud Protection & Licensing
OCTOBER 11, 2018
As a father of two teenage boys, I should have seen this coming. It was time to have the talk about the right, wrong, and applying good judgement of things found on the Web. It started the moment I walked through the door, I was welcomed by my wife with, “I don’t know what those boys were doing on the computer, but you need to see this. It isn’t working.
WIRED Threat Level
OCTOBER 10, 2018
A new report says the Department of Defense "likely has an entire generation of systems that were designed and built without adequately considering cybersecurity.".
Lenny Zeltser
OCTOBER 12, 2018
The language of cybersecurity evolves in step with attack and defense tactics. You can get a sense for such dynamics by examining the term fileless. It fascinates me not only because of its relevance to malware, but also because of its knack for agitating many security practitioners. I traced the origins of “fileless” to 2001, when Eugene Kaspersky (of Kaskersky Labs) used it in reference to Code Red worm’s ability to exist solely in memory.
Advertisement
Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.
Security Affairs
OCTOBER 6, 2018
Experts at FortiGuard Labs team discovered three vulnerabilities in eight Sony Bravia smart TVs, one of them rated as critical. Patch management is a crucial aspect for IoT devices, smart objects are surrounding us and represent a privileged target for hackers. Experts at FortiGuard Labs team discovered three vulnerabilities (a stack buffer overflow, a directory traversal, and a command-injection issue) in eight Sony Bravia smart TVs, one of them rated as critical.
Dark Reading
OCTOBER 10, 2018
Profiles of some of the women currently leading Microsoft security operations - and their efforts to drive inclusivity.
Threatpost
OCTOBER 7, 2018
Researchers say a medium severity bug should now be rated critical because of a new hack technique that allows for remote code execution on MikroTik edge and consumer routers.
WIRED Threat Level
OCTOBER 12, 2018
Facebook has revealed more details about the unprecedented breach of its platform—including how hackers got away with the access tokens of 30 million users.
Advertisement
Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!
Security Affairs
OCTOBER 6, 2018
Users are reporting problems with the CCleaner software that appears to be partially broken after the installation of Windows 10 October 2018 Update. Many Windows users are reporting problems after the installation of Windows 10 October 2018 Update, a few days ago a Reddit user discovered the Task Manager tool was showing inaccurate CPU usage after the upgrade.
Dark Reading
OCTOBER 8, 2018
Artificial intelligence (AI) holds the promise of easing the skills shortage in cybersecurity, but implementing AI may result in a talent gap of its own for the industry.
Thales Cloud Protection & Licensing
OCTOBER 9, 2018
As Cybersecurity continues to be heavily focused on solving the problem of attacks against software vulnerabilities and system access, one potential silver bullet in the data breach equation remains out of the limelight. Enter data-centric security… a set of technologies that lower the value of data through encryption, tokenization, data masking and access control methods.
WIRED Threat Level
OCTOBER 12, 2018
Facebook Friday offered more details about its recent breach. Here's how to see if you were affected.
Advertisement
Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.
Expert insights. Personalized for you.
234 
Let's personalize your content