Troy Hunt
MARCH 13, 2019
This will be short, ranty and to the point: these warnings are getting ridiculous: I know, tell you something you don't know! The whole ugly issue reared its head again on the weekend courtesy of the story in this tweet: I’m not sure if this makes it better or worse. “Cookie walls don't comply with GDPR, says Dutch DPA”: [link] — Troy Hunt (@troyhunt) March 8, 2019.
Schneier on Security
MARCH 14, 2019
This sounds like a good development: a new $10 million contract the Defense Department's Defense Advanced Research Projects Agency (DARPA) has launched to design and build a secure voting system that it hopes will be impervious to hacking. The first-of-its-kind system will be designed by an Oregon-based firm called Galois, a longtime government contractor with experience in designing secure and verifiable systems.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Krebs on Security
MARCH 10, 2019
Very often the most clever component of your typical ATM skimming attack is the hidden pinhole camera used to record customers entering their PINs. These little video bandits can be hidden 100 different ways, but they’re frequently disguised as ATM security features — such as an extra PIN pad privacy cover, or an all-in-one skimmer over the green flashing card acceptance slot at the ATM.
Adam Levin
MARCH 12, 2019
Citrix, a major network software company, had its internal network compromised by what appears to be an international hacking campaign. The company was alerted to the cyberattack by the FBI earlier this month. “While not confirmed, the FBI has advised that the hackers likely used a tactic known as password spraying, a technique that exploits weak passwords.
Advertisement
Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.
The Last Watchdog
MARCH 13, 2019
There are certain things we as consumers have come to do intuitively: brushing our teeth in the morning; looking both ways before crossing a city street; buckling up when we get into a car. Related: What needs to happen to enable driverless transportation — safely. In the not too distant future, each one of us will need to give pause, on a daily basis, to duly consider how we purchase and use Internet of Things devices and services.
Schneier on Security
MARCH 15, 2019
Researchers have found a critical flaw in the Swiss Internet voting system. I was going to write an essay about how this demonstrates that Internet voting is a stupid idea and should never be attempted -- and that this system in particular should never be deployed, even if the found flaw is fixed -- but Cory Doctorow beat me to it : The belief that companies can be trusted with this power defies all logic, but it persists.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
Adam Levin
MARCH 13, 2019
Congress proposed a bill to improve the security of internet-enabled devices called the Internet of Things (IoT) Cybersecurity Improvement Act of 2019. The bipartisan legislation is aimed at establishing standards for any internet-connected device acquired by or used by an employee of the federal government. IoT devices have long been a weak point in the cybersecurity of agencies and organizations and have also been a favorite target for hackers, despite their continuous market growth.
The Last Watchdog
MARCH 12, 2019
When news broke about the crash of a Ethiopian Airlines Boeing 737, the first question that popped into my head was whether an older 737 model, still using the flawed rudder actuator, might have been involved. Related: Historical context of the rudder flaws on older model 737s. Of course it was actually the newest iteration of the 737, the Max 8. I’m no longer covering aviation.
Schneier on Security
MARCH 13, 2019
Facebook is making a new and stronger commitment to privacy. Last month, the company hired three of its most vociferous critics and installed them in senior technical positions. And on Wednesday, Mark Zuckerberg wrote that the company will pivot to focus on private conversations over the public sharing that has long defined the platform, even while conceding that "frankly we don't currently have a strong reputation for building privacy protective services.".
Krebs on Security
MARCH 12, 2019
Microsoft on Tuesday pushed out software updates to fix more than five dozen security vulnerabilities in its Windows operating systems, Internet Explorer , Edge , Office and Sharepoint. If you (ab)use Microsoft products, it’s time once again to start thinking about getting your patches on. Malware or bad guys can remotely exploit roughly one-quarter of the flaws fixed in today’s patch batch without any help from users.
Advertisement
After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!
Adam Shostack
MARCH 13, 2019
The fine folks at AppSecCali have posted videos , including my talks, A Seat At The Table, and Game On! Adding Privacy to Threat Modeling – Adam Shostack & Mark Vinkovits.
The Last Watchdog
MARCH 14, 2019
When Target fired both its CEO and CIO in 2014, it was a wake-up call for senior management. The firings came as a result of a massive data breach which routed through an HVAC contractor’s compromised account. C-suite execs across the land suddenly realized something similar could happen to them. So they began inundating their third-party suppliers with “bespoke assessments” – customized cyber risk audits that were time consuming and redundant.
Schneier on Security
MARCH 12, 2019
Data & Society just published a report entitled " Workplace Monitoring & Surveillance ": This explainer highlights four broad trends in employee monitoring and surveillance technologies: Prediction and flagging tools that aim to predict characteristics or behaviors of employees or that are designed to identify or deter perceived rule-breaking or fraud.
Adam Levin
MARCH 12, 2019
Adam Levin was on a recent episode of CBS This Morning to discuss a police officer accused of using federal databases to prowl for women. “It’s a violation of privacy. It’s a violation of professional ethics. It’s a violation of the codes of conduct of every police department I can think of,” said Levin. See the segment here.
Advertisement
How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.
Adam Shostack
MARCH 14, 2019
There’s only a few times to use a pie chart, but to help you celebrate, there’s how to keep track of your intake:
The Last Watchdog
MARCH 15, 2019
Many of our online activities and behaviors rely on trust. From the consumer side, for example, we trust that the business is legitimate and will take care of the sensitive personal information we share with them. But that level of trust goes much deeper on the organizational side. Related: The case for ‘zero-trust’ authentication. Employees are given credentials that allow them authorized access to corporate networks and databases.
Schneier on Security
MARCH 11, 2019
This is a bad idea : A second innovation will allow "electronic absentee voting" within voters' home precincts. In other words, Russia is set to introduce its first online voting system. The system will be tested in a Moscow neighborhood that will elect a single member to the capital's city council in September. The details of how the experiment will work are not yet known; the State Duma's proposal on Internet voting does not include logistical specifics.
Adam Levin
MARCH 12, 2019
Florida police officer Leonel Marines resigned after a police investigation resulted in allegations that the 12-year veteran of the Bradenton Police Department had been using police data bases like a dating app to locate potential women for fun and maybe more. Protect and Serve, meet self-service. If you think something like this should be impossible, consider how police work: Their lives are on the line, and they need to know who they’re dealing with.
Advertiser: Revenera
In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.
Adam Shostack
MARCH 11, 2019
Bruce Schneier and I wrote an article on Facebook’s privacy changes: “ A New Privacy Constitution for Facebook.
The Last Watchdog
MARCH 13, 2019
It’s hard to believe this month marks the 20th anniversary of the release of the devastating Melissa email virus which spread around the globe in March 1999. Related: The ‘Golden Age’ of cyber espionage is upon us. Melissa was hidden in a weaponized Word document that arrived as an email attachment. When the recipient clicked on the Word doc, a macro silently executed instructions to send a copy of the email, including the infected attachment, to the first 50 people listed as Outlook
Schneier on Security
MARCH 15, 2019
An article I co-wrote -- my first law journal article -- was cited by the Massachusetts Supreme Judicial Court -- the state supreme court -- in a case on compelled decryption. Here's the first, in footnote 1: We understand the word "password" to be synonymous with other terms that cell phone users may be familiar with, such as Personal Identification Number or "passcode.
Security Affairs
MARCH 14, 2019
Experts at security firm Dr. Web revealed that 39% of all existing Counter-Strike 1.6 game servers online are malicious, an attacker is exploiting zero-day flaws in game clients. Bad news for gamers of the popular game Counter-Strike, according to the experts at the security firm Dr. Web, 39% of all existing Counter-Strike 1.6 game servers online are malicious.
Advertisement
Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.
Thales Cloud Protection & Licensing
MARCH 13, 2019
At the 2019 RSA Conference, Pure Storage and Thales introduced Vormetric Transparent Encryption for Efficient Storage – the IT and security industries’ first end-to-end data encryption framework that realizes storage array data reduction. This new capability removes the compromise between encryption and storage efficiency, providing the granular access controls security professionals have come to expect from Thales combined with the industry-leading data reduction technologies from Pure St
eSecurity Planet
MARCH 11, 2019
After five days of sessions, events and demos, what were the key cybersecurity themes that emerged at RSA Conference 2019?
Schneier on Security
MARCH 15, 2019
This is a current list of where and when I am scheduled to speak: I'm teaching a live online class called " Spotlight on Cloud: The Future of Internet Security with Bruce Schneier " on O'Reilly's learning platform, Thursday, April 4, at 10:00 AM PT/1:00 PM ET. The list is maintained on this page.
Security Affairs
MARCH 11, 2019
The security researcher Barak Tawilyhas discovered a severe vulnerability, tracked as CVE-2019-9580, in the popular, open source event-driven platform StackStorm. According to the expert, the flaw could be exploited by a remote attacker to trick developers into executing arbitrary commands on targeted services. StackStorm has been used to automate workflows in many industries, it allows developers to configure actions, workflows, and scheduled tasks, to perform some operations on large-scale ser
Advertisement
Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!
Dark Reading
MARCH 15, 2019
Security hardware doesn't have to be expensive or complex to do the job. Here are seven examples of low-cost hardware that could fill a need in your security operations.
Thales Cloud Protection & Licensing
MARCH 15, 2019
I was really looking forward to participating in RSA 2019 and it was a great event. There was tremendous energy and buzz in our booth and on the show floor. The lively interactions in our booth validated that the Vormetric product line is still highly relevant and solves many of today’s challenges as customers move controls closer to the data, and also migrate their data to the cloud.
eSecurity Planet
MARCH 13, 2019
We define DevSecOps, how it relates to DevOps, and how security can be built into the application development process with minimal disruption.
Security Affairs
MARCH 9, 2019
Security experts at Pen Test Partners discovered several vulnerabilities in two smart car alarm systems put three million vehicles globally at risk of hack. The flaws could be exploited by attackers to disable the alarm, as well as track and unlock the vehicles using it, or to start and stop the engine even when the car was moving. The experts also demonstrated that it is possible to snoop on drivers’ conversations through a microphone that is built into one of the car alarm systems, ̶
Advertisement
Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.
Expert insights. Personalized for you.
245 
Let's personalize your content