Schneier on Security
JULY 30, 2018
Interesting research: " You are your Metadata: Identification and Obfuscation of Social Media Users using Metadata Information ," by Beatrice Perez, Mirco Musolesi, and Gianluca Stringhini. Abstract: Metadata are associated to most of the information we produce in our daily interactions and communication in the digital world. Yet, surprisingly, metadata are often still categorized as non-sensitive.
The Last Watchdog
AUGUST 3, 2018
Illicit crypto mining is advancing apace. It was easy to see this coming. It began when threat actors began stealthily embedding crypto mining functionality into the web browsers of unwitting individuals. Cryptojacking was born. And now, the next-level shift is underway. Related article: Illicit crypto mining hits cloud services. Cybercriminals have shifted their focus to burrowing onto company servers and then redirecting those corporate computing resources to crypto mining chores.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Krebs on Security
AUGUST 1, 2018
Reddit.com today disclosed that a data breach exposed some internal data, as well as email addresses and passwords for some Reddit users. As Web site breaches go, this one doesn’t seem too severe. What’s interesting about the incident is that it showcases once again why relying on mobile text messages (SMS) for two-factor authentication (2FA) can lull companies and end users into a false sense of security.
Troy Hunt
JULY 31, 2018
So that little project Scott Helme and I took on - WhyNoHTTPS.com - seems to have garnered quite a bit of attention. We had about 81k visitors drop by on the first day and for the most part, the feedback has been overwhelmingly positive. Most people have said it's great to have the data surfaced publicly and they've used that list to put some pressure on sites to up their game.
Advertisement
Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.
Schneier on Security
AUGUST 3, 2018
Humble Bundle sells groups of e-books at ridiculously low prices, DRM free. This month , the bundles are all Wiley titles, including three of my books: Applied Cryptography , Secrets and Lies , and Cryptography Engineering. $15 gets you everything, and they're all DRM-free. Even better, a portion of the proceeds goes to the EFF. As a board member, I've seen the other side of this.
The Last Watchdog
JULY 30, 2018
One sliver of the $90 billion, or so, companies are expected to spend this year on cybersecurity products and services is an estimated $85 million they will shell out for encrypted flash drives. One of more fascinating innovators in this space is 11-year-old DataLocker, based in Overland Park, Kansas. Related: How DataLocker got its start h. Co-founder Jay took a business trip to South Korea in the fall of 2007.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
Troy Hunt
AUGUST 2, 2018
It's the coffee-machine weekly update! A slight change of scenery but other than that, it's business as usual. I'm going to keep this intro super-brief because it's very near beer o'clock and I have a very important task to go and take care of: BBQ time ?? pic.twitter.com/yq5hXOGABt — Troy Hunt (@troyhunt) August 3, 2018. References. Fashion Nexus suffered a data breach ("Is there an official statement?
Schneier on Security
AUGUST 1, 2018
The UK's GCHQ delivers a brutally blunt assessment of quantum key distribution: QKD protocols address only the problem of agreeing keys for encrypting data. Ubiquitous on-demand modern services (such as verifying identities and data integrity, establishing network sessions, providing access control, and automatic software updates) rely more on authentication and integrity mechanisms -- such as digital signatures -- than on encryption.
The Last Watchdog
AUGUST 2, 2018
The targeting of Sen. Claire McCaskill by Russian intelligency agency hackers, as she runs for re-election, underscores the need for each individual and organization to take online privacy and security as a core part of our everyday lives. Related: Using ‘gamification’ for security training. The National Cyber Security Alliance is a non-profit group, underwritten by the top tech companies and biggest banks, that has been out there since 2001 promoting best practices and supplying pr
Adam Levin
AUGUST 3, 2018
One of the world’s largest websites has announced a security compromise. Reddit, the self-proclaimed “front page of the Internet,” announced a security breach that occurred over a three-day period in June. What Happened. The hacker or hackers bypassed the site’s 2-Factor Authentication associated with several employees credentialed to access sensitive data and used that access to take email addresses, server logs, and a decade-old database containing logins and passwords.
Advertisement
After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!
Adam Shostack
JULY 31, 2018
I’m honored to have my threat modeling book on this short list with Daniel Kahneman, Tony Hsieh, Nicole Forsgren, and Tom DeMarco: “ Summer Reading List: Top Recommendations from our Engineers.
Schneier on Security
AUGUST 1, 2018
We don't know if this is error or deliberate action, but five backdoors have been discovered already this year.
The Last Watchdog
JULY 30, 2018
Understanding today’s cybersecurity landscape is complex. The amount of threats aimed at enterprises is staggering. More than 230,000 new malware samples are launched every day. The average small and medium-size business experiences a cyber attack 44 times every day. And the cost of damage directly related to cybercrime is adding up, expected to reach $6 trillion by 2021.
Dark Reading
JULY 31, 2018
The second installment in a series highlighting women who are driving change in cybersecurity but may not be on your radar - yet.
Advertisement
How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.
Adam Shostack
JULY 30, 2018
Cybersecurity 2.0 is a new promo from Humble Bundle. Nearly $800 worth of books, including my Threat Modeling, Schneier’s Secrets and Lies, and a whole lot more!
Schneier on Security
JULY 30, 2018
Good policy paper (summary here ) on the threats, current state, and potential policy solutions for the poor security of US space systems.
WIRED Threat Level
JULY 29, 2018
Inside Cloudflare's San Francisco office, 100 units of Edward Craven Walker’s groovy hardware help guard the internet.
Security Affairs
AUGUST 1, 2018
Google recently removed 145 applications from the official Google Play store because they were found to carry malicious Windows executables inside. Researchers from Palo Alto Networks revealed that Google removed more than 145 apps from the Play store because they were carrying a Windows malware, The apps were uploaded to the Google Play store between October and November 2017, this means that for months Android users were exposed to the attack.
Advertiser: Revenera
In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.
Thales Cloud Protection & Licensing
AUGUST 2, 2018
This article was originally featured as a guest post on Venafi’s blog. Thales eSecurity and Venafi are technology partners. One of the biggest threat to machine identities today is the integrity of the software that runs within them, and that dictates their programed function. Whereas many machines worked independently in the past, the availability of ubiquitous communications is making it possible for networks of machines – including sensors, cloud applications, and distributed controls &
Schneier on Security
AUGUST 2, 2018
Evidence that stolen credit cards are being used to purchase items in games like Clash of Clans, which are then resold for cash.
WIRED Threat Level
AUGUST 1, 2018
The Justice Department announced the arrest of three members of notorious cybercrime group Fin7—and detailed some of their methods in the process.
Security Affairs
AUGUST 3, 2018
Experts uncovered a massive cryptojacking campaign that is targeting MikroTik routers to inject a Coinhive cryptocurrency mining script in the web traffic. Security experts have uncovered a massive cryptojacking campaign that is targeting MikroTik routers, the hackers aim to change the configuration of the devices to inject a Coinhive cryptocurrency mining script in the users’ web traffic.
Advertisement
Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.
Privacy and Cybersecurity Law
AUGUST 1, 2018
The Information Commissioner’s Office have released their Annual Report for 2018. This blog summarises the key messages. Information Commissioner’s Thoughts […].
Schneier on Security
JULY 31, 2018
The Diqee 360 robotic vacuum cleaner can be turned into a surveillance device. The attack requires physical access to the device, so in the scheme of things it's not a big deal. But why in the world is the vacuum equipped with a microphone?
Thales Cloud Protection & Licensing
JULY 31, 2018
The newest CipherTrust Cloud Key Manager capability. CipherTrust Cloud Key Manager is a multi-cloud encryption key management solution ideal for customers using Microsoft Azure Key Vault , Amazon Web Services Key Management Service , Microsoft Office365 or Salesforce Shield Platform Encryption. Before I talk about the importance of the newest feature of Cipher Trust Key Manager let’s define some terms to get everyone thinking similarly about keys and key management.
Security Affairs
AUGUST 1, 2018
Reddit Warns Users of Data Breach. Reddit is warning its users of a security breach, an attacker broke into the systems of the platform and accessed user data. Reddit is warning its users of a security breach, a hacker broke into the systems of the platform and accessed user data. The hacker accessed user data, email addresses, and a 2007 backup database containing hashed passwords managed by the platform.
Advertisement
Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!
Dark Reading
AUGUST 1, 2018
An attacker broke into Reddit systems and accessed user data, email addresses, and a database of hashed passwords from 2007.
Schneier on Security
AUGUST 3, 2018
Interesting commentary : The military is an impossible place for hackers thanks to antiquated career management, forced time away from technical positions, lack of mission, non-technical mid- and senior-level leadership, and staggering pay gaps, among other issues. It is possible the military needs a cyber corps in the future, but by accelerating promotions, offering graduate school to newly commissioned officers, easing limited lateral entry for exceptional private-sector talent, and shortening
WIRED Threat Level
JULY 31, 2018
After five years, US lawmakers and law enforcement are starting to fight back against 3-D printed firearms and "ghost guns.".
Security Affairs
JULY 29, 2018
Cisco Talos researchers found tens of flaws in Samsung SmartThings Hub controller that potentially expose smart home devices to attack. Cisco Talos researchers have discovered 20 vulnerabilities in Samsung SmartThings Hub controller that potentially expose any supported third-party smart home devices to cyber attack. “Cisco Talos recently discovered several vulnerabilities present within the firmware of the Samsung SmartThings Hub.” reads the analysis published by Talos. “These
Advertisement
Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.
Expert insights. Personalized for you.
258 
Let's personalize your content