Schneier on Security
AUGUST 6, 2021
Fascinating research: “ Generating Master Faces for Dictionary Attacks with a Network-Assisted Latent Space Evolution.” Abstract: A master face is a face image that passes face-based identity-authentication for a large portion of the population. These faces can be used to impersonate, with a high probability of success, any user, without having access to any user-information.
Daniel Miessler
AUGUST 5, 2021
I’ve always been fascinated by security that was “just good enough” I think lots of security actually qualifies (see The News), but I think fencing (and maybe bike locks) take first prize. As a kid I used to love breaking into stuff. Nighttime construction sites. Abandoned buildings. Whatever. And the older I got the more I started paying attention to how silly most fences are.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Troy Hunt
JULY 31, 2021
The plan this week was to do a super simple update whilst having some time out. In the back yard, sun shining, iPad, Air Pods, all good. Mostly all good - the sound quality on those Air Pods is absolute rubbish. I don't if that's a general truism or there's just something amiss with mine, but the constant fading out is extremely frustrating and I apologise for the sound quality not being up to expectations.
Tech Republic Security
AUGUST 3, 2021
As more companies are considering the shift to a fully or hybrid remote workforce, accelerating plans to acquire digital and cloud services to address increasing cybersecurity risks is necessary.
Advertisement
Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.
Schneier on Security
AUGUST 3, 2021
Forbes has the story : Paragon’s product will also likely get spyware critics and surveillance experts alike rubbernecking: It claims to give police the power to remotely break into encrypted instant messaging communications, whether that’s WhatsApp, Signal, Facebook Messenger or Gmail, the industry sources said. One other spyware industry executive said it also promises to get longer-lasting access to a device, even when it’s rebooted. […].
Bleeping Computer
AUGUST 4, 2021
The LockBit 2.0 ransomware gang is actively recruiting corporate insiders to help them breach and encrypt networks. In return, the insider is promised million-dollar payouts. [.].
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
Tech Republic Security
AUGUST 4, 2021
Companies are pulling out all of the stops to attract top talent in a tight labor market. These tips could help companies attract and retain cybersecurity pros in the months ahead.
Schneier on Security
AUGUST 2, 2021
Of course this is hackable: A sophisticated telecommunications satellite that can be completely repurposed while in space has launched. […]. Because the satellite can be reprogrammed in orbit, it can respond to changing demands during its lifetime. […]. The satellite can detect and characterise any rogue emissions, enabling it to respond dynamically to accidental interference or intentional jamming.
CyberSecurity Insiders
AUGUST 6, 2021
By Natalie Hays, Mailgun by Pathwire. Phishing is pretty awful, whether you fall for a phishing attempt or have phishers pose as you. But how does phishing really happen and, even more importantly, how do you protect yourself? The first 48 hours – phishing edition. Phishing starts with well… the phishing. Someone sends out the attempt, sometimes posing as us, sometimes as a long-lost relative who just got a massive sum of money from an inheritance.
Bleeping Computer
AUGUST 2, 2021
Security researchers have devised a way to block the recently disclosed PetitPotam attack vector that allows hackers to take control of a Windows domain controller easily. [.].
Advertisement
After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!
Tech Republic Security
AUGUST 5, 2021
New analysis includes salary data, cost of living and how easy it is to find a job and identifies cities with the best pay and the most open positions.
Schneier on Security
AUGUST 5, 2021
The facts aren’t news, but Zoom will pay $85M — to the class-action attorneys, and to users — for lying to users about end-to-end encryption, and for giving user data to Facebook and Google without consent. The proposed settlement would generally give Zoom users $15 or $25 each and was filed Saturday at US District Court for the Northern District of California.
Security Boulevard
AUGUST 3, 2021
Data laundering, like money laundering, is the act of acquiring data through an illegal means—whether that’s the dark web or a hacked/stolen database—and then taking that data and running it through a legitimate business or process in order to make the data seem authentic. As both customer bases and companies adapt to modern technologies and. The post Data Laundering Poses Privacy, Security Risks appeared first on Security Boulevard.
Google Security
AUGUST 3, 2021
Posted by Kees Cook, Software Engineer, Google Open Source Security Team To borrow from an excellent analogy between the modern computer ecosystem and the US automotive industry of the 1960s, the Linux kernel runs well: when driving down the highway, you're not sprayed in the face with oil and gasoline, and you quickly get where you want to go. However, in the face of failure, the car may end up on fire, flying off a cliff.
Advertisement
How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.
Tech Republic Security
AUGUST 3, 2021
Protecting systems from bad actors is essential, but all the firewalls in the world are useless against the modern hacker who targets human weaknesses instead of digital ones.
Schneier on Security
AUGUST 6, 2021
It’s sold out , but the pictures are cute. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines here.
Security Boulevard
AUGUST 2, 2021
As vulnerabilities are discovered, advisories are issued, remedies and mitigations are shared and then the onus is on the end user and/or company to do what’s necessary to close the window into their infrastructure. That is what happens in a perfect world, where CISOs and CIOs have fully collaborative relationships with operations and when the.
CyberSecurity Insiders
AUGUST 1, 2021
Author: Dave Armlin, VP Customer Success, ChaosSearch. DevOps has become the dominant software development and deployment methodology over the past decade. In Atlassian’s recently released DevOps Trends Survey , over half of respondents said that their organizations had a dedicated DevOps team and 99% of respondents indicated that DevOps has had a positive impact on their organization.
Advertiser: Revenera
In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.
Tech Republic Security
AUGUST 2, 2021
Leading a team is kind of like when a burglar alarm goes off and "you're the police," says the head of cybersecurity at ExpressVPN.
Heimadal Security
AUGUST 6, 2021
Conti Ransomware operation is known as a ransomware-as-a-service (RaaS). As thoroughly explained by Vladimir, Ransomware-as-a-Service is an illicit ‘parent-affiliate(s)’ business infrastructure, in which operators give tools to affiliates with the goal of carrying out ransomware attacks. A security researcher recently shared a forum post that was created by an angry Conti affiliate.
Malwarebytes
AUGUST 3, 2021
While you read these words, the chances are that somebody, somewhere, is trying to break in to your computer by guessing your password. If your computer is connected to the Internet it can be found, quickly, and if it can be found, somebody will try to break in. And it isn’t like the movies. The criminal hacker trying to guess your password isn’t sat in a darkened room wondering which of your pets’ names to type on their keyboard.
CyberSecurity Insiders
AUGUST 2, 2021
Florida Department of Economic Opportunity (DEO) has hit the news headlines for becoming a victim of a cyber attack that led to data breach of over 57,900 claimant accounts seeking unemployment benefits. Highly placed sources say that the security breach was related to Reemployment Assistance Claims and Benefits Information System aka CONNECT, where hackers reportedly accessed information related to CONNECT Public Claims portal between April 27-July 16,2021.
Advertisement
Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.
Tech Republic Security
AUGUST 4, 2021
Companies in the U.S. were targeted more than those in any other country, according to Accenture's Cyber Incident Response Update.
We Live Security
AUGUST 6, 2021
The first in our series on IIS threats looks at a malicious IIS extension that intercepts server transactions to steal credit card information. The post IIStealer: A server‑side threat to e‑commerce transactions appeared first on WeLiveSecurity.
Security Affairs
JULY 31, 2021
Threat actors that hacked Electronic Arts in June have leaked full data dump stolen from the company after the failure of the negotiation with the victim. In June, hackers have compromised the network of the gaming giant Electronic Arts (EA) and claimed to have stolen approximately 780 GB of data. The stolen data include the source code of the games, the source code of the FrostBite game engine and debug tools, FIFA 21 matchmaking server code, proprietary EA games frameworks, debug tools, SDK,
Bleeping Computer
AUGUST 5, 2021
Security researchers found a new class of DNS vulnerabilities impacting major DNS-as-a-Service (DNSaaS) providers that could allow attackers to access sensitive information from corporate networks. [.].
Advertisement
Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!
Tech Republic Security
AUGUST 2, 2021
Key topics analysts anticipate for these security conferences include supply chain attacks, Microsoft Exchange vulnerabilities and the iPhone/Pegasus spyware incident.
Graham Cluley
AUGUST 6, 2021
Apple announces its plan for detecting child sexual abuse images on users' iPhones and Macs. But it's unlikely to be welcomed by those who hold privacy close to their hearts.
Security Boulevard
AUGUST 3, 2021
Some Italian healthcare websites and their backroom systems have been wiped off the internet by malware. The post Italian Vaccine Sites Shut Down by Ransomware Thugs appeared first on Security Boulevard.
Bleeping Computer
AUGUST 1, 2021
Last week, a new open-source Registry Editor was released that puts Windows Regedit software to shame by supporting a host of advanced features, making editing the Registry easier than ever. [.].
Advertisement
Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.
Expert insights. Personalized for you.
363 
Let's personalize your content