Schneier on Security

MAY 3, 2019

The Crypto Wars have been waging off-and-on for a quarter-century. On one side is law enforcement, which wants to be able to break encryption, to access devices and communications of terrorists and criminals. On the other are almost every cryptographer and computer security expert, repeatedly explaining that there's no way to provide this capability without also weakening the security of every user of those devices and communications systems.

Cybersecurity 254

Cybersecurity Technology Government Internet 254

Krebs on Security

MAY 3, 2019

A Pennsylvania credit union is suing financial industry technology giant Fiserv , alleging that “baffling” security vulnerabilities in the company’s software are “wreaking havoc” on its customers. The credit union said the investigation that fueled the lawsuit was prompted by a 2018 KrebsOnSecurity report about glaring security weaknesses in a Fiserv platform that exposed personal and financial details of customers across hundreds of bank Web sites.

Banking 220

Banking Accountability Passwords Technology 220

The Last Watchdog

APRIL 29, 2019

In today’s complex IT environments, a million things can go wrong, though only a few systems touch everything. Related: Why Active Directory is so heavily targeted For companies running Microsoft Windows, one such touch-all systems is Active Directory, or AD, the software that organizes and provides access to information across the breadth of Windows systems.

Backups 207

Backups Ransomware Accountability Malware 207

Troy Hunt

MAY 2, 2019

It's the last one from home for a few weeks, both for Scott and myself. Whilst I head off to the US for a couple of weeks, he's back home to the UK before other Europe travel then we'll both end up back on the Gold Coast in a few weeks time before the AusCERT conference. This week, we're talking about how kids are so good at circumventing things like parental controls and how maybe - just maybe - talking to your goods and using some social techniques is a better (or at least complimentary) appro

Marketing 166

Marketing 166

Advertisement

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

Passwords

Schneier on Security

MAY 2, 2019

Politico has a long article making the case that the lead GDPR regulator, Ireland, has too cozy a relationship with Silicon Valley tech companies to effectively regulate their privacy practices. Despite its vows to beef up its threadbare regulatory apparatus, Ireland has a long history of catering to the very companies it is supposed to oversee, having wooed top Silicon Valley firms to the Emerald Isle with promises of low taxes, open access to top officials, and help securing funds to build gli

Data privacy 251

Data privacy Software Cybersecurity 251

Krebs on Security

MAY 3, 2019

Federal investigators in the United States, Germany and the Netherlands announced today the arrest and charging of three German nationals and a Brazilian man as the alleged masterminds behind the Wall Street Market (WSM), one of the world’s largest dark web bazaars that allowed vendors to sell illegal drugs, counterfeit goods and malware. Now, at least one former WSM administrator is reportedly trying to extort money from WSM vendors and buyers (supposedly including Yours Truly) — i

Marketing 203

Marketing Accountability Scams Engineering 203

WIRED Threat Level

MAY 3, 2019

A group of likely Chinese hackers has poisoned the software of seven companies in just the last three years.

Software 111

Software Hacking 111

Schneier on Security

MAY 1, 2019

Mark Risher of Google extols the virtues of security keys: I'll say it again for the people in the back: with Security Keys, instead of the *user* needing to verify the site, the *site* has to prove itself to the key. Good security these days is about human factors; we have to take the onus off of the user as much as we can. Furthermore, this "proof" from the site to the key is only permitted over close physical proximity (like USB, NFC, or Bluetooth).

Social Engineering 236

Social Engineering Backups Authentication Passwords 236

Security Affairs

MAY 2, 2019

The Department of Energy confirmed that in March a cyber event disrupted power grid operations in California, Wyoming, and Utah. The Department of Energy confirmed that on March 2019, between 9 a.m. and 7 p.m., a cyber event disrupted energy grid operations in California, Wyoming, and Utah. The news was first reported by E&E News, a “cyber event” interrupted grid operations in parts of the western United States in March, according to a report posted by the Department of Energy.

Energy and Utilities 111

Energy and Utilities Cyber Attacks Hacking Media 111

The Last Watchdog

APRIL 30, 2019

If your company is participating in the global supply chain, either as a first-party purchaser of goods and services from other organizations, or as a third-party supplier, sooner or later you’ll encounter the NIST Cybersecurity Framework. Related: How NIST protocols fit SMBs The essence of the NIST CSF is showing up in the privacy regulations now being enforced in Europe, as well as in a number of U.S. states.

Cybersecurity 173

Cybersecurity Insurance Cyber Insurance Risk 173

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Software

WIRED Threat Level

APRIL 30, 2019

Mueller is done and Rosenstein is on his way out the door, but federal and state authorities around the country are still investigating the president and those in his orbit.

112

112

Schneier on Security

APRIL 29, 2019

Someone is stealing millions of dollars worth of Ethereum by guessing users' private keys. Normally this should be impossible, but lots of keys seem to be very weak. Researchers are unsure how those weak keys are being generated and used. Their paper is here.

Encryption 232

Encryption Cryptocurrency Hacking 232

Security Affairs

MAY 3, 2019

German police have shut down one of the world’s largest black marketplace in the darkweb, the ‘Wall Street Market,’ and arrested its operators. The German police, with the support of Europol, Dutch police and the FBI, has shut down one of the world’s largest black marketplace in the darkweb , the ‘Wall Street Market,’ and arrested three operators allegedly running it.

Marketing 111

Marketing Cryptocurrency Cybercrime Advertising 111

The Last Watchdog

MAY 1, 2019

Defending a company network is a dynamic, multi-faceted challenge that continues to rise in complexity, year after year after year. Related: Why diversity in training is a good thing. Yet there is a single point of failure common to just about all network break-ins: humans. Social engineering, especially phishing, continues to trigger the vast majority of breach attempts.

Social Engineering 166

Social Engineering Engineering Phishing Banking 166

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

WIRED Threat Level

APRIL 29, 2019

If you're going up against an army of the undead, maybe plan a little better.

112

112

Thales Cloud Protection & Licensing

MAY 1, 2019

Over the last two election cycles, we’ve seen an increased focus on election security, hacking and fraud. While many state and government officials are under no illusion that they are safe from a digital attack, concern should run deeper than election integrity. Most federal security issues are a result of well-known long-standing vulnerabilities that agencies have not addressed.

Digital transformation 105

Digital transformation Cybersecurity Data breaches Encryption 105

Security Affairs

APRIL 29, 2019

A cyber survey conducted by the United Kingdom’s National Cyber Security Centre (NCSC) revealed that ‘123456’ is still the most hacked password. Security experts at the United Kingdom’s National Cyber Security Centre (NCSC) analyzed the 100,000 most-commonly re-occurring breached passwords using data from Have I Been Pwned (HIBP). Have I Been Pwned allows users to search across multiple data breaches to see if their email address has been compromised.

Passwords 111

Passwords Accountability Data breaches Advertising 111

The Last Watchdog

MAY 2, 2019

While the internet and social media have been very positive for businesses, there remains an inherent risk when it comes to how brands manage their Facebook, Twitter, and Instagram accounts. Related: Defusing weaponized documents While social media on every platform has benefits, there remains risks that must be addressed so as to keep your companies’ image and data safe.

Media 138

Media Marketing Risk Passwords 138

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

WIRED Threat Level

APRIL 27, 2019

Mueller report fallout, a biometrics database, and more of the week's top security news.

111

111

Threatpost

MAY 1, 2019

Ricardo Milos joined Ben 10, Adventure Time and We Bare Bear videos on its websites over the weekend.

Hacking 100

Hacking 100

Security Affairs

APRIL 27, 2019

Docker became aware of unauthorized access to a Docker Hub database that exposed sensitive information for roughly 190,000 users. Docker notified its users that an unauthorized entity gained access to a Docker Hub database that exposed sensitive information for roughly 190,000 users. The exposed information included some usernames and hashed passwords, as well as tokens for GitHub and Bitbucket repositories.

Hacking 111

Hacking Data breaches Passwords Advertising 111

Adam Levin

MAY 2, 2019

Adam Levin was featured on a short video on TicToc by Bloomberg, where he discussed the trade-offs between security and convenience for mobile banking and payment apps. “As business tries in its technological innovation to make things more convenient, you end up with the conundrum between convenience and security.” Levin said. See the video below, or on Bloomberg.com : ?.

Mobile 100

Mobile Banking Technology 100

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

Adam Shostack

APRIL 30, 2019

Heriot-Watt University in Scotland is hosting a “ Workshop on Serious Games for Cyber Security ,” May 21-22.

100

100

Threatpost

APRIL 29, 2019

Hardware that supports pirated video streaming content comes packed with malware.

Malware 98

Malware Marketing Hacking 98

Security Affairs

MAY 2, 2019

A flaw in Dell SupportAssist, a pre-installed tool on most Dell computers, could be exploited by hackers to compromise them remotely. The security researcher Bill Demirkapi (17) has discovered a critical remote code execution vulnerability in the Dell SupportAssist utility that is pre-installed on most Dell computers. The vulnerability could be exploited by hackers to compromise systems remotely.

Hacking 111

Hacking Software DNS 111

Dark Reading

MAY 1, 2019

Breach of India-based outsourcing giant involved a remote access tool and a post-exploitation tool, according to an analysis by Flashpoint.

Hacking 97

Hacking 97

Advertisement

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

Software

WIRED Threat Level

APRIL 30, 2019

Securepairs.org is pushing back against a tech industry that wants independent repair legislation to be scary.

87

87

Threatpost

APRIL 29, 2019

Millions of security cameras, baby monitors and "smart" doorbells are open to hijack - and no solution is currently available.

IoT 94

IoT 94

Security Affairs

APRIL 28, 2019

Researchers devised a new side-channel attack in Qualcomm technology, widely used by most Android smartphones, that could expose private keys. Researchers have uncovered a new side-channel attack that could be exploited by attackers to extract sensitive data from Qualcomm secure keystore, including private keys, and passwords. The attack potentially impacts most of the modern Android devices that use Qualcomm chips, including popular Snapdragon models 820, 835, 845 and 855.

Advertising 111

Advertising Technology Mobile Passwords 111

Dark Reading

MAY 3, 2019

Enterprise cloud security is making real progress, but emerging technologies call for security teams to keep up the pace.

Technology 94

Technology 94

Advertisement

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

Cybersecurity