This site uses cookies to improve your experience. To help us insure we adhere to various privacy regulations, please select your country/region of residence. If you do not select a country, we will assume you are from the United States. Select your Cookie Settings or view our Privacy Policy and Terms of Use.
Cookie Settings
Cookies and similar technologies are used on this website for proper function of the website, for tracking performance analytics and for marketing purposes. We and some of our third-party providers may use cookie data for various purposes. Please review the cookie settings below and choose your preference.
Used for the proper function of the website
Used for monitoring website traffic and interactions
Cookie Settings
Cookies and similar technologies are used on this website for proper function of the website, for tracking performance analytics and for marketing purposes. We and some of our third-party providers may use cookie data for various purposes. Please review the cookie settings below and choose your preference.
Strictly Necessary: Used for the proper function of the website
Performance/Analytics: Used for monitoring website traffic and interactions
A highly targeted, malware-laced phishing campaign landed in the inboxes of multiple credit unions last week. The missives are raising eyebrows because they were sent only to specific anti-money laundering contacts at credit unions, and many credit union sources say they suspect the non-public data may have been somehow obtained from the National Credit Union Administration (NCUA), an independent federal agency that insures deposits at federally insured credit unions.
In Gmail addresses, the dots don't matter. The account "bruceschneier@gmail.com" maps to the exact same address as "bruce.schneier@gmail.com" and "b.r.u.c.e.schneier@gmail.com" -- and so on. (Note: I own none of those addresses, if they are actually valid.). This fact can be used to commit fraud : Recently, we observed a group of BEC actors make extensive use of Gmail dot accounts to commit a large and diverse amount of fraud.
A recent leak compromised the personal data of all 4,557 active students at the California State Polytechnic University Science School. This was not a case of hackers gaining access through illicit means or an accidental exposure of an unsecured database. The data was inadvertently sent in a spreadsheet as an email attachment by a university employee.
Josh Corman opened a bit of a can of worms a day or two ago, asking on Twitter: “ pls RT: who are the 3-5 best, most natural Threat Modeling minds? Esp for NonSecurity people. @adamshostack is a given. ” (Thanks!). What I normally say to this is I don’t think I’m naturally good at finding replay attacks in network protocols — my farming ancestors got no chance to exercise such talents, and so it’s a skill I acquired.
Many cybersecurity awareness platforms offer massive content libraries, yet they fail to enhance employees’ cyber resilience. Without structured, engaging, and personalized training, employees struggle to retain and apply key cybersecurity principles. Phished.io explains why organizations should focus on interactive, scenario-based learning rather than overwhelming employees with excessive content.
Godaddy.com , the world’s largest domain name registrar, recently addressed an authentication weakness that cybercriminals were using to blast out spam through legitimate, dormant domains. But several more recent malware spam campaigns suggest GoDaddy’s fix hasn’t gone far enough, and that scammers likely still have a sizable arsenal of hijacked GoDaddy domains at their disposal.
The Wired headline sums it up nicely -- " Facebook Hires Up Three of Its Biggest Privacy Critics ": In December, Facebook hired Nathan White away from the digital rights nonprofit Access Now, and put him in the role of privacy policy manager. On Tuesday of this week, lawyers Nate Cardozo, of the privacy watchdog Electronic Frontier Foundation, and Robyn Greene, of New America's Open Technology Institute, announced they also are going in-house at Facebook.
We’re just a month and change into the new year, and already there have been two notable developments underscoring the fact that some big privacy and civil liberties questions need to be addressed before continuing the wide-scale deployment of advanced facial recognition systems. This week civil liberties groups in Europe won the right to challenge the UK’s bulk surveillance activities in the The Grand Chamber of the European Court of Human Rights.
We’re just a month and change into the new year, and already there have been two notable developments underscoring the fact that some big privacy and civil liberties questions need to be addressed before continuing the wide-scale deployment of advanced facial recognition systems. This week civil liberties groups in Europe won the right to challenge the UK’s bulk surveillance activities in the The Grand Chamber of the European Court of Human Rights.
The Chinese government-linked hacking group APT10 is continuing its campaign against US and European businesses with increasingly sophisticated tactics and strategies, warn officials from the Department of Homeland Security. The group is thought to be responsible for recent cyber-espionage campaigns against a U.S. law firm, an international apparel company, and Visma , a major Norwegian software firm according to a report from security firms Recorded Future and Rapid7.
Prosecutors in Northern California have charged two men with using unauthorized SIM swaps to steal and extort money from victims. One of the individuals charged allegedly used a hacker nickname belonging to a key figure in the underground who’s built a solid reputation hijacking mobile phone numbers for profit. According to indictments unsealed this week, Tucson, Ariz. resident Ahmad Wagaafe Hared and Matthew Gene Ditman of Las Vegas were part of a group that specialized in tricking or br
Zcash just fixed a vulnerability that would have allowed "infinite counterfeit" Zcash. Like all the other blockchain vulnerabilities and updates, this demonstrates the ridiculousness of the notion that code can replace people, that trust can be encompassed in the protocols, or that human governance is not ncessary.
A zero-day vulnerability in macOS Mojave can be exploited by malware to steal plaintext passwords from the Keychain. The security expert Linus Henze has disclosed the existence of a zero-day vulnerability in macOS Mojave that can be exploited by malware to steal plaintext passwords from the Keychain. According to Henze, the flaw affects macOS Mojave and earlier versions.
The DHS compliance audit clock is ticking on Zero Trust. Government agencies can no longer ignore or delay their Zero Trust initiatives. During this virtual panel discussion—featuring Kelly Fuller Gordon, Founder and CEO of RisX, Chris Wild, Zero Trust subject matter expert at Zermount, Inc., and Principal of Cybersecurity Practice at Eliassen Group, Trey Gannon—you’ll gain a detailed understanding of the Federal Zero Trust mandate, its requirements, milestones, and deadlines.
Gregory C. Allen at the Center for a New American Security has a new report with some interesting analysis and insights into China's AI strategy, commercial, government, and military. There are numerous security -- and national security -- implications.
Google patched a critical flaw in its Android OS that allows an attacker to send a specially crafted PNG image file to hack a target device, Opening an image file on your smartphone could allow attackers to hack into your Android device due to three critical vulnerabilities, CVE-2019-1986, CVE-2019-1987, and CVE-2019-1988. The flaws affect millions of Android devices running versions of the Google OS, ranging from Android 7.0 Nougat to the latest Android 9.0 Pie.
Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.
I hate reviewing books by people I know, because I am a picky reader, and if you can’t say anything nice, don’t say anything at all. I also tend to hate management books, because they often substitute jargon for crisp thinking. So I am surprised, but, here I am, writing a review of Kip Boyle’s “ Fire Doesn’t Innovate.” I’m giving little away by saying the twist is that attackers do innovate, and it’s a surprisingly solid frame on which Kip hangs a
Metro Bank has become the first major bank to disclose SS7 attacks against its customers, but experts believe it isn’t an isolated case. A new type of cyber attack was used for the first time against the Metro Bank, threat actors are leveraging known flaws in the SS7 signaling protocol to intercept the codes sent via text messages to customers to authorize transactions.
Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.
Armed with an impressive bag of exploits and other tricks for propagation, researchers believe the new trojan could be the catalyst for an upcoming, major cyber-offensive.
A security expert discovered a severe Remote Code Execution vulnerability in the popular LibreOffice and Apache OpenOffice. The security researcher Alex Inführ discovered a severe remote code execution vulnerability in LibreOffice and Apache OpenOffice that could be exploited by tricking victims into opening an ODT (OpenDocument Text) file embedding an event embedded.
How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.
Several airlines send unencrypted links to passengers for flight check-in that could be intercepted by attackers to view passenger and other data, researchers found.
Hungarian police arrested a young hacker because he discovered and exploited serious vulnerabilities in the systems of the Magyar Telekom. Which are the risks for a hacker that decide to publicly disclose a vulnerability? The case I’m going to discuss shows us legal implication for this conduct. Last year, Hungarian law enforcement arrested a young hacker (20) because he discovered and exploited serious vulnerabilities in the systems of the Magyar Telekom, the major Hungarian telecommunica
After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!
Tina Stewart, VP of Market Strategy. “So, what are we doing about encryption?”. That’s a question you can expect to be tossed around in plenty of boardrooms, in the coming months. Whether it’s on the next earnings call or after delivering the next keynote, it’s one many CEOs will now be expecting to encounter. So why has it become such a hot topic, and what will their willingness – and readiness – to address the topic say about the state of enterprise data security?
Security experts identified nearly 500,000 Ubiquit devices that may be affected by a vulnerability that has already been exploited in the wild. Security experts are warning Ubiquit users of a vulnerability that has already been exploited in the wild. Last week, the researcher Jim Troutman, consultant and director of the Northern New England Neutral Internet Exchange (NNENIX), revealed that threat actors had been targeting Ubiquiti installs exposed online.
In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.
We organize all of the trending information in your field so you don't have to. Join 28,000+ users and stay up to date on the latest articles your peers are reading.
You know about us, now we want to get to know you!
Let's personalize your content
Let's get even more personalized
We recognize your account from another site in our network, please click 'Send Email' below to continue with verifying your account and setting a password.
276 
Let's personalize your content