Schneier on Security
AUGUST 28, 2019
The Department of Justice wants access to encrypted consumer devices but promises not to infiltrate business products or affect critical infrastructure. Yet that's not possible, because there is no longer any difference between those categories of devices. Consumer devices are critical infrastructure. They affect national security. And it would be foolish to weaken them, even at the request of law enforcement.
Krebs on Security
AUGUST 27, 2019
Imperva , a leading provider of Internet firewall services that help Web sites block malicious cyberattacks, alerted customers on Tuesday that a recent data breach exposed email addresses, scrambled passwords, API keys and SSL certificates for a subset of its firewall users. Redwood Shores, Calif.-based Imperva sells technology and services designed to detect and block various types of malicious Web traffic, from denial-of-service attacks to digital probes aimed at undermining the security of We
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Troy Hunt
AUGUST 26, 2019
Australia! Sunshine, good coffee and back in the water on the tail end of "winter". I'm pretty late doing this week's video as the time has disappeared rather quickly and I'm making the most of it before the next round of events. Be that as it may, there's a bunch of new stuff this week not least of which is the unexpected limit I hit with the Azure API Management consumption tier.
The Last Watchdog
AUGUST 26, 2019
Andrea Carcano’s journey to co-founding a security company in the vanguard of defending critical infrastructure began at a tender age. Related: Why the Golden Age of cyber spying is here Carcano hacked a computer screen at age 14, and that got him intrigued by software controls. He went on to earn a masters degree in cybersecurity, during which time he won a scholarship from the European Commission to craft a proof of concept attack against an industrial control system (ICS.
Advertisement
Many cybersecurity awareness platforms offer massive content libraries, yet they fail to enhance employees’ cyber resilience. Without structured, engaging, and personalized training, employees struggle to retain and apply key cybersecurity principles. Phished.io explains why organizations should focus on interactive, scenario-based learning rather than overwhelming employees with excessive content.
Schneier on Security
AUGUST 30, 2019
Interesting paper by Michael Schwarz, Samuel Weiser, Daniel Gruss. The upshot is that both Intel and AMD have assumed that trusted enclaves will run only trustworthy code. Of course, that's not true. And there are no security mechanisms that can deal with malicious enclaves, because the designers couldn't imagine that they would be necessary. The results are predictable.
Krebs on Security
AUGUST 29, 2019
PerCSoft , a Wisconsin-based company that manages a remote data backup service relied upon by hundreds of dental offices across the country, is struggling to restore access to client systems after falling victim to a ransomware attack. West Allis, Wis.-based PerCSoft is a cloud management provider for Digital Dental Record (DDR), which operates an online data backup service called DDS Safe that archives medical records, charts, insurance documents and other personal information for various denta
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
|
The Last Watchdog
AUGUST 26, 2019
Andrea Carcano’s journey to co-founding a security company in the vanguard of defending critical infrastructure began at a tender age. Related: Why the Golden Age of cyber spying is here Carcano hacked a computer screen at age 14, and that got him intrigued by software controls. He went on to earn a masters degree in cybersecurity, during which time he won a scholarship from the European Commission to craft a proof of concept attack against an industrial control system (ICS.
Schneier on Security
AUGUST 26, 2019
Modern credit card skimmers hidden in self-service gas pumps communicate via Bluetooth. There's now an app that can detect them : The team from the University of California San Diego, who worked with other computer scientists from the University of Illinois, developed an app called Bluetana which not only scans and detects Bluetooth signals, but can actually differentiate those coming from legitimate devices -- like sensors, smartphones, or vehicle tracking hardware -- from card skimmers that ar
Krebs on Security
AUGUST 30, 2019
Many companies are now outsourcing their marketing efforts to cloud-based Customer Relationship Management (CRM) providers. But when accounts at those CRM providers get hacked or phished, the results can be damaging for both the client’s brand and their customers. Here’s a look at a recent CRM-based phishing campaign that targeted customers of Fortune 500 construction equipment vendor United Rentals.
eSecurity Planet
AUGUST 28, 2019
Here are 18 hot IT security startups addressing everything from IoT security and blockchain to artificial intelligence and machine learning.
Advertisement
The DHS compliance audit clock is ticking on Zero Trust. Government agencies can no longer ignore or delay their Zero Trust initiatives. During this virtual panel discussion—featuring Kelly Fuller Gordon, Founder and CEO of RisX, Chris Wild, Zero Trust subject matter expert at Zermount, Inc., and Principal of Cybersecurity Practice at Eliassen Group, Trey Gannon—you’ll gain a detailed understanding of the Federal Zero Trust mandate, its requirements, milestones, and deadlines.
Security Affairs
AUGUST 27, 2019
Security experts from Kaspersky spotted a malware in the free version of the popular PDF creator application CamScanner app. CamScanner is a very popular Phone PDF creator app with more than 100 million downloads on Google Play Store. Experts from Kaspersky have discovered malware in the free Android version of the CamScanner app that could be used by attackers to remotely hack Android devices and steal targets’ data.
Schneier on Security
AUGUST 27, 2019
Interesting analysis of the possibility, feasibility, and efficacy of deliberately fake scientific research, something I had previously speculated about.
WIRED Threat Level
AUGUST 30, 2019
For two years, a handful of websites have indiscriminately hacked thousands of iPhones.
Dark Reading
AUGUST 26, 2019
Overall, account registrations for tech companies are four times more likely to be malicious than legitimate, a new report states.
Advertisement
Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.
Security Affairs
AUGUST 30, 2019
The company behind DDS Safe solution used by hundreds of dental offices was hit by a ransomware attack and it is working to restore access to client data. PerCSoft is a cloud management provider for Digital Dental Record (DDR), that operates the online data backup service called DDS Safe. DDS Safe, is a HIPAA Compliant 3 layered online dental backup system that provides dental offices triple the protection of traditional online back-up solutions.
Schneier on Security
AUGUST 29, 2019
Voice systems are increasingly using AI techniques to determine emotion. A new paper describes an AI-based countermeasure to mask emotion in spoken words. Their method for masking emotion involves collecting speech, analyzing it, and extracting emotional features from the raw signal. Next, an AI program trains on this signal and replaces the emotional indicators in speech, flattening them.
WIRED Threat Level
AUGUST 24, 2019
Xbox eavesdropping, email scammers, and more of the week's top security news.
Thales Cloud Protection & Licensing
AUGUST 30, 2019
Originally published in Forbes on July 29, 2019. Brands are under pressure to protect themselves and their customers from increasingly sophisticated cyber attacks. With daily media headlines and new regulations, consumers have never been more aware of the threats out there. As a result, businesses are being forced to take the issue of cybersecurity more seriously, facing it head on and putting in place the necessary steps (e.g., encryption, two-factor authentication and key management) to protec
Advertisement
Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.
Security Affairs
AUGUST 29, 2019
HackerOne announced that five more hackers have become millionaires thanks to their contributes to the bug bounty programs managed by the platform. Bug bounty platform HackerOne announced that four more hackers have become millionaires after participating in the bug bounty programs managed by the platform. In March, HackerOne announced that two of its members have each earned more than $1 million by participating bug bounty programs.
Dark Reading
AUGUST 27, 2019
Of all of the ransomware variants spotted targeting victims in the first half of 2019, the infamous WannaCry was by far the most prevalent, according to Trend Micro's detection data.
Threatpost
AUGUST 27, 2019
A round of phishing emails purports to be from job seekers - but actually uses a slew of detection evasion tactics to download malware on victim systems.
Thales Cloud Protection & Licensing
AUGUST 27, 2019
This past March at RSAC 2019, Pure Storage and Thales introduced the security industry’s first end-to-end data encryption framework that realizes storage array data reduction efficiencies. Historically, host data encryption and array data reduction are like oil and water – they simply don’t mix. Our partner Vaughn Stewart from Pure Storage wrote about our work together to overcome this problem in this blog post.
Advertisement
How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.
Security Affairs
AUGUST 25, 2019
BadPackets experts observed on August 22 a mass scanning activity targeting Pulse Secure “Pulse Connect Secure” VPN endpoints vulnerable to CVE-2019-11510. On August 22, BadPackets experts observed a mass scanning activity targeting Pulse Secure “Pulse Connect Secure” VPN endpoints vulnerable to CVE-2019-11510. Recently another popular cybersecurity expert, Kevin Beaumont, has also observed attackers attempting to exploit the CVE-2018-13379 in the FortiOS SSL VPN web portal and CVE-2019-11510 fl
Dark Reading
AUGUST 30, 2019
Practical steps municipal governments can take to better prevent and respond to ransomware infections.
WIRED Threat Level
AUGUST 26, 2019
If you think dropping a nuclear bomb into the eye of a hurricane is a bad idea, wait'll you see what they had in mind for the polar ice caps.
Threatpost
AUGUST 26, 2019
The emails are well-crafted and extremely convincing.
Advertisement
After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!
Security Affairs
AUGUST 24, 2019
Researchers at Wordfence reported an ongoing hacking campaign exploiting security flaws in some WordPress plugins. Researchers from Wordfence uncovered an ongoing hacking campaign exploiting security vulnerabilities in some WordPress plugins to redirect visitors to websites under the control of the attackers. The campaign specifically targeted flaws in WordPress plugins developed by the developer NicDark (now renamed as “Endreww”), such as a plugin called Simple 301 Redirects – Addon – Bulk Uplo
Dark Reading
AUGUST 28, 2019
An analysis of a sample published by the US government shows Russian espionage group APT28, also known as Fancy Bear, has stripped down its initial infector in an attempt to defeat ML-based defenses.
CTOVision Cybersecurity
AUGUST 24, 2019
Have you been numbed by constant reports of breaches? They get old for sure, especially since so many have at their core common issues that could have been avoided by application of best practices. Now here is an interesting/new story: A NASA astronaut is accused of hacking her estranged spouse’s bank account from space I […].
Threatpost
AUGUST 28, 2019
TrickBot malware targets users of U.S. mobile carriers Verizon, T-Mobile and Sprint via web injects to steal their PIN codes; enabling SIM swapping attacks.
Advertiser: Revenera
In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.
Expert insights. Personalized for you.
279 
Let's personalize your content