Krebs on Security
MAY 22, 2019
Some of the most convincing email phishing and malware attacks come disguised as nastygrams from a law firm. Such scams typically notify the recipient that he/she is being sued, and instruct them to review the attached file and respond within a few days — or else. Here’s a look at a recent spam campaign that peppered more than 100,000 business email addresses with fake legal threats harboring malware.
Schneier on Security
MAY 24, 2019
Der Spiegel is reporting that the German Ministry for Internal Affairs is planning to require all Internet message services to provide plaintext messages on demand, basically outlawing strong end-to-end encryption. Anyone not complying will be blocked, although the article doesn't say how. (Cory Doctorow has previously explained why this would be impossible.).
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Troy Hunt
MAY 21, 2019
Sometimes the discussion around extended validation certificates (EV) feels a little like flogging a dead horse. In fact, it was only September that I proposed EV certificates are already dead for all sorts of good reasons that have only been reinforced since that time. Yet somehow, the discussion does seem to come up time and again as it did following this recent tweet of mine: Always find comments like this amusing: “The main concern about SSL certificates is that all of them are losing their
Adam Levin
MAY 24, 2019
Google announced a glitch that stored unencrypted passwords belonging to several business customers, a situation that had been exploitable since 2005. In a blog post released this week, the company admitted the passwords of “some” of its G Suite customers had been stored on internal servers without cryptographic protection, also known as a hash. “This issue has been fixed and, again, we have seen no evidence of improper access to or misuse of the affected passwords.
Advertisement
Many cybersecurity awareness platforms offer massive content libraries, yet they fail to enhance employees’ cyber resilience. Without structured, engaging, and personalized training, employees struggle to retain and apply key cybersecurity principles. Phished.io explains why organizations should focus on interactive, scenario-based learning rather than overwhelming employees with excessive content.
Krebs on Security
MAY 24, 2019
The Web site for Fortune 500 real estate title insurance giant First American Financial Corp. [ NYSE:FAF ] leaked hundreds of millions of documents related to mortgage deals going back to 2003, until notified this week by KrebsOnSecurity. The digitized records — including bank account numbers and statements, mortgage and tax records, Social Security numbers, wire transaction receipts, and drivers license images — were available without authentication to anyone with a Web browser.
Schneier on Security
MAY 22, 2019
This clever attack allows someone to uniquely identify a phone when you visit a website, based on data from the accelerometer, gyroscope, and magnetometer sensors. We have developed a new type of fingerprinting attack, the calibration fingerprinting attack. Our attack uses data gathered from the accelerometer, gyroscope and magnetometer sensors found in smartphones to construct a globally unique fingerprint.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
|
Troy Hunt
MAY 19, 2019
Per the beginning of the video, it's out late, I'm jet lagged, all my clothes are dirty and I've had to raid the conference swag cupboard to even find a clean t-shirt. But be that as it may, I'm yet to miss one of these weekly vids in the 2 and a half years I've been doing them and I'm not going to start now! So with that very short intro done, here's this week's and I'll try and be a little more on the ball for the next one.
Krebs on Security
MAY 18, 2019
Ogusers[.]com — a forum popular among people involved in hijacking online accounts and conducting SIM swapping attacks to seize control over victims’ phone numbers — has itself been hacked, exposing the email addresses, hashed passwords, IP addresses and private messages for nearly 113,000 forum users. On May 12, the administrator of OGusers explained an outage to forum members by saying a hard drive failure had erased several months’ worth of private messages, forum post
Schneier on Security
MAY 20, 2019
This law review article by Noam Kolt, titled " Return on Data ," proposes an interesting new way of thinking of privacy law. Abstract: Consumers routinely supply personal data to technology companies in exchange for services. Yet, the relationship between the utility (U) consumers gain and the data (D) they supply -- "return on data" (ROD) -- remains largely unexplored.
The Last Watchdog
MAY 20, 2019
Even if your company issues you a locked-down smartphone, embracing best security practices remains vital Our smartphones. Where would we be without them? Related Q&A: Diligence required of Android users If you’re anything like me, making a phone call is the fifth or sixth reason to reach for your Android or iPhone. Whichever OS you favor, a good portion of the key components that make up your digital life — email, texting, social media, shopping, banking, hobbies, and work duties — now rout
Advertisement
The DHS compliance audit clock is ticking on Zero Trust. Government agencies can no longer ignore or delay their Zero Trust initiatives. During this virtual panel discussion—featuring Kelly Fuller Gordon, Founder and CEO of RisX, Chris Wild, Zero Trust subject matter expert at Zermount, Inc., and Principal of Cybersecurity Practice at Eliassen Group, Trey Gannon—you’ll gain a detailed understanding of the Federal Zero Trust mandate, its requirements, milestones, and deadlines.
Adam Levin
MAY 21, 2019
A leaked database has compromised the personal information of more than 49 million Instagram users, including celebrities and “influencers.”. The information was found on an unsecured database hosted on an Amazon cloud server and includes public-facing information from Instagram accounts as well as personal details, including email addresses and phone numbers.
Dark Reading
MAY 22, 2019
The zero trust model might be the answer to a world in which perimeters are made to be breached. Is it right for your organization?
Schneier on Security
MAY 23, 2019
Summary : Thangrycat is caused by a series of hardware design flaws within Cisco's Trust Anchor module. First commercially introduced in 2013, Cisco Trust Anchor module (TAm) is a proprietary hardware security module used in a wide range of Cisco products, including enterprise routers, switches and firewalls. TAm is the root of trust that underpins all other Cisco security and trustworthy computing mechanisms in these devices.
Threatpost
MAY 24, 2019
New.htaccess injector threat on Joomla and WordPress websites redirects to malicious websites.
Advertisement
Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.
WIRED Threat Level
MAY 21, 2019
On the heels of embarrassing disclosures from Facebook and Twitter, Google reveals its own password bugs—one of which lasted 14 years.
Dark Reading
MAY 24, 2019
The talent gap is too large for any one sector, and cybersecurity vendors have a big role to play in helping to close it.
Schneier on Security
MAY 22, 2019
Yesterday, I visited the NSA. It was Cyber Command's birthday, but that's not why I was there. I visited as part of the Berklett Cybersecurity Project, run out of the Berkman Klein Center and funded by the Hewlett Foundation. (BERKman hewLETT -- get it? We have a web page , but it's badly out of date.). It was a full day of meetings, all unclassified but under the Chatham House Rule.
Threatpost
MAY 23, 2019
As passwords are increasingly viewed as security liabilities, Identity Management solutions are picking up the slack.
Advertisement
Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.
Thales Cloud Protection & Licensing
MAY 21, 2019
Thales’s SafeNet Data Protection on Demand and SafeNet Trusted Access solutions have won the gold award in the Encryption and Identity and Access Management categories of the 2019 Cybersecurity Excellence Awards. As cloud services continue to be rapidly adopted by organizations, securing and controlling access to the data held there is paramount. In fact, with Gartner predicting that the majority of cloud security failures will be the fault of customers through to 2023, security teams are being
Dark Reading
MAY 20, 2019
Still, a new Google study uncovers a bit of good news, too.
Schneier on Security
MAY 21, 2019
Interesting article about how traditional nation-based spycraft is changing. Basically, the Internet makes it increasingly possible to generate a good cover story; cell phone and other electronic surveillance techniques make tracking people easier; and machine learning will make all of this automatic. Meanwhile, Western countries have new laws and norms that put them at a disadvantage over other countries.
Threatpost
MAY 22, 2019
Google said it had stored G Suite enterprise users' passwords in plain text since 2005 marking a giant security faux pas.
Advertisement
How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.
WIRED Threat Level
MAY 19, 2019
Bluetooth and Bluetooth Low Energy are incredibly convenient—but increasingly at the center of a lot of security lapses.
Dark Reading
MAY 21, 2019
They may look familiar to you, and that isn't a coincidence. New threats are often just small twists on old ones.
Schneier on Security
MAY 24, 2019
Recently I've heard Edward Snowden talk about his working at the NSA in Hawaii as being "under a pineapple field." CBS News recently ran a segment on that NSA listening post on Oahu. Not a whole lot of actual information. "We're in office building, in a pineapple field, on Oahu." And part of it is underground -- we see a tunnel. We didn't get to see any pineapples, though.
Threatpost
MAY 22, 2019
The "bestiary" houses six historical threats that combined resulted in at least $95B in damages worldwide.
Advertisement
After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!
eSecurity Planet
MAY 23, 2019
A year after implementation, the European data privacy regulation has improved data handling, but the biggest changes may be yet to come.
Dark Reading
MAY 24, 2019
The increasing number of successful law enforcement actions and prosecutions suggest that cybercriminals have plenty of reason to be looking over their shoulders.
Schneier on Security
MAY 23, 2019
A German auction house is selling an SG-41. It looks beautiful. Starting price is 75,000 euros. My guess is that it will sell for around 100K euros.
Threatpost
MAY 20, 2019
A glitch in Microsoft's Windows 10 update is causing systems to freeze after users tried to use the System Reboot function. Luckily, workarounds exist.
Advertiser: Revenera
In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.
Expert insights. Personalized for you.
279 
Let's personalize your content