Schneier on Security
AUGUST 16, 2019
Boeing left its software unprotected, and researchers have analyzed it for vulnerabilities: At the Black Hat security conference today in Las Vegas, Santamarta, a researcher for security firm IOActive, plans to present his findings, including the details of multiple serious security flaws in the code for a component of the 787 known as a Crew Information Service/Maintenance System.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Krebs on Security
AUGUST 12, 2019
The U.S. Securities and Exchange Commissio n (SEC) is investigating a security failure on the Web site of real estate title insurance giant First American Financial Corp. that exposed more than 885 million personal and financial records tied to mortgage deals going back to 2003, KrebsOnSecurity has learned. First American Financial Corp. In May, KrebsOnSecurity broke the news that the Web site for Santa Ana, Calif.
Adam Levin
AUGUST 15, 2019
Hacker Paige Thomson, main suspect in the recent Capital One data breach, may also be responsible for hacking as many as 30 other companies and organizations. . Prosecutors from the Seattle U.S. Attorney’s Office announced the discovery of data from more than 30 targeted entities in the bedroom of Paige Thompson, who was arrested in connection with the Capital One data breach.
Advertisement
Many cybersecurity awareness platforms offer massive content libraries, yet they fail to enhance employees’ cyber resilience. Without structured, engaging, and personalized training, employees struggle to retain and apply key cybersecurity principles. Phished.io explains why organizations should focus on interactive, scenario-based learning rather than overwhelming employees with excessive content.
Schneier on Security
AUGUST 14, 2019
Last month, Attorney General William Barr gave a major speech on encryption policywhat is commonly known as "going dark." Speaking at Fordham University in New York, he admitted that adding backdoors decreases security but that it is worth it. Some hold this view dogmatically, claiming that it is technologically impossible to provide lawful access without weakening security against unlawful access.
Troy Hunt
AUGUST 10, 2019
Well that's Vegas done. 8 days of absolutely non-stop events that's now pretty much robbed me of my voice but hey, I got a flying cow! Scott and I both spent BSides, Black Hat and DEF CON doing "hallway con" or in other words, wandering around just meeting people. The personal engagement you get from these ad hoc meetups really can't be beat and I appreciate everyone who took the time to come over and say hi.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
|
The Last Watchdog
AUGUST 14, 2019
With all the talk of escalating cyber warfare , the spread of counterfeit smartphones and new forms of self-replicating malware , I came away from Black Hat USA 2019 (my 15 th ) marveling, once more, at the panache of modern cyber criminals. Related: Lessons learned from Capital One breach Yet, I also had the chance to speak one-on-one with dozens of security vendors who are innovating like crazy to improve security.
Schneier on Security
AUGUST 12, 2019
Interesting analysis: " Examining the Anomalies, Explaining the Value: Should the USA FREEDOM Act's Metadata Program be Extended? " by Susan Landau and Asaf Lubin. Abstract: The telephony metadata program which was authorized under Section 215 of the PATRIOT Act, remains one of the most controversial programs launched by the U.S. Intelligence Community (IC) in the wake of the 9/11 attacks.
Troy Hunt
AUGUST 16, 2019
I made it out of Vegas! That was a rather intense 8 days and if I'm honest, returning to the relative tranquillity of Oslo has been lovely (not to mention the massive uptick in coffee quality). But just as the US to Europe jet lag passes, it's time to head back to Aus for a bit and go through the whole cycle again. And just on that, I've found that diet makes a hell of a difference in coping with this sort of thing: The number one most effective way I’ve found for coping with jet lag, stress, cr
Krebs on Security
AUGUST 13, 2019
Most Microsoft Windows (ab)users probably welcome the monthly ritual of applying security updates about as much as they look forward to going to the dentist: It always seems like you were there just yesterday, and you never quite know how it’s all going to turn out. Fortunately, this month’s patch batch from Redmond is mercifully light, at least compared to last month.
Advertisement
The DHS compliance audit clock is ticking on Zero Trust. Government agencies can no longer ignore or delay their Zero Trust initiatives. During this virtual panel discussion—featuring Kelly Fuller Gordon, Founder and CEO of RisX, Chris Wild, Zero Trust subject matter expert at Zermount, Inc., and Principal of Cybersecurity Practice at Eliassen Group, Trey Gannon—you’ll gain a detailed understanding of the Federal Zero Trust mandate, its requirements, milestones, and deadlines.
The Last Watchdog
AUGUST 12, 2019
In the last year, the news media has been full of stories about vicious cyber breaches on municipal governments. From Atlanta to Baltimore to school districts in Louisiana, cyber criminals have launched a wave of ransomware attacks on governments across the country. Related: SMBs struggle to mitigate cyber attacks As city governments struggle to recover access to their data, hackers are already turning their sites on their next targets: small and medium-sized businesses (SMBs).
Schneier on Security
AUGUST 14, 2019
Several high-security electronic locks are vulnerable to side-channel attacks involving power monitoring.
Adam Levin
AUGUST 12, 2019
If you missed the news about Russian-owned FaceApp going viral, you’ve probably been vacationing on the coast of a dust pond on the dark side of the moon. It highlights the general lack of privacy laws out there, and may herald the start of meaningful legislation. FaceApp allows users to tap into the power of artificial intelligence to see what they might look like with a perfect Hollywood smile, different hair, no hair, facial hair, or, alternately, as a much older version of themsel
Thales Cloud Protection & Licensing
AUGUST 13, 2019
Originally published in Payments Journal on July 31, 2019. There’s a very tough question on the table that no one can afford to ignore: If more than half of global IT and security executives say they actively fear the exposure of payment card data and other personal identifiable information, why are 70% of them not deploying measures such as encryption to maintain security?
Advertisement
Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.
Adam Shostack
AUGUST 13, 2019
Wow. Blackhat, Defcon, I didn’t make any of the other conferences going on in Vegas. And coming back it seems like there’s a sea of things to follow up on. A little bit of organization is helping me manage better this year, and so I thought I’d share what’s in my post-conference toolbox. I’m also sharing because I don’t think my workflow is optimal, and would love to learn how you’re working through this in 2019, with its profusion of ways to stay in touch.
Schneier on Security
AUGUST 15, 2019
Apple's FaceID has a liveness detection feature, which prevents someone from unlocking a victim's phone by putting it in front of his face while he's sleeping. That feature has been hacked : Researchers on Wednesday during Black Hat USA 2019 demonstrated an attack that allowed them to bypass a victim's FaceID and log into their phone simply by putting a pair of modified glasses on their face.
Security Affairs
AUGUST 12, 2019
The FBI is searching for contractors to monitor social media for potential threats, the announcement raises concerns for user privacy. The abuse of social media passwords for malicious purpose is quite common, for this reason, the FBI is searching for contractors to monitor them. However, monitoring activity could threaten user privacy and set up possible conflicts with social media giants, such as Facebook, over privacy. “The Federal Bureau of Investigation (FBI) intends to award a firm f
WIRED Threat Level
AUGUST 13, 2019
Security researcher Joseph Tartaro thought NULL would make a fun license plate. He's never been more wrong.
Advertisement
Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.
Dark Reading
AUGUST 15, 2019
But incidents involving SSNs, addresses, birth dates were smaller than in previous years.
Adam Shostack
AUGUST 15, 2019
I’m excited to be teaming up with Alpha Strike and Limes Security to deliver training in Vienna November 6-8. Details are available at Embedded Systems Security Days.
Security Affairs
AUGUST 16, 2019
USBSamurai — A Remotely Controlled Malicious USB HID Injecting Cable for less than 10$. than 10$. The Video is self-explanatory. ( Wanna know how to make it? Read the article below.) . All started with this Tweet last April, when I wanted a damn cheap USB implant capable of injecting keystrokes. It had to be: Remotely Controllable Fast in Typing Tiny as f k Cheaper than a bottle of Vodka.
Threatpost
AUGUST 12, 2019
An elevation-of-privilege bug allows attackers to run any program on a target machine with high privileges.
Advertisement
How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.
Dark Reading
AUGUST 12, 2019
A new initiative to pull data from social media platforms may clash with policies prohibiting the use of information for mass surveillance.
Security Affairs
AUGUST 13, 2019
Tavis Ormandy, white hat hacker at Google’s Project Zero Team, disclosed technical details of a 20-year-old Windows vulnerability that is still unpatched. The popular cyber security expert Tavis Ormandy, white hat hacker at Google’s Project Zero Team disclosed technical details of 20-year-old vulnerability that is still unpatched. The vulnerability, rated as high-severity, affects all versions of Microsoft Windows from Windows XP.
Thales Cloud Protection & Licensing
AUGUST 15, 2019
On June 28, 2018 the governor of California Jerry Brown signed into law with Assembly Bill No. 375 the California Consumer Privacy Act (CCPA), making California the first U.S. state to pass its own data privacy law. Last August, my colleague Ashvin Kamaraju wrote a blog shortly after this took place. The CCPA, which will come into effect on Jan. 1, 2020, grants to the state’s over 40 million people a range of rights comparable to the rights given to European citizens with the General Data Protec
Advertisement
After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!
WIRED Threat Level
AUGUST 10, 2019
Researchers have discovered a flaw in the GSM standard used by AT&T and T-Mobile that would allow hackers to listen in.
Dark Reading
AUGUST 15, 2019
More businesses are recognizing the need for cyber insurance as part of an overall security strategy. Here are some key points to consider when evaluating, purchasing, and relying on a policy.
Security Affairs
AUGUST 11, 2019
A group of Israeli researchers demonstrated that it is possible to take over the Simatic S7 controller one of the most secure controllers in the industry. A team of Israeli researchers demonstrated that it is possible to take control of the Simatic S7 controller without the knowledge of the operators. The team was composed of researchers from the Cyber ??
Threatpost
AUGUST 14, 2019
A bug in an obscure legacy Windows protocol can lead to serious real-world privilege-escalation attacks.
Advertiser: Revenera
In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.
Expert insights. Personalized for you.
274 
Let's personalize your content