Schneier on Security

MAY 3, 2019

The Crypto Wars have been waging off-and-on for a quarter-century. On one side is law enforcement, which wants to be able to break encryption, to access devices and communications of terrorists and criminals. On the other are almost every cryptographer and computer security expert, repeatedly explaining that there's no way to provide this capability without also weakening the security of every user of those devices and communications systems.

Cybersecurity 248

Cybersecurity Technology Government Internet 248

The Last Watchdog

APRIL 29, 2019

In today’s complex IT environments, a million things can go wrong, though only a few systems touch everything. Related: Why Active Directory is so heavily targeted For companies running Microsoft Windows, one such touch-all systems is Active Directory, or AD, the software that organizes and provides access to information across the breadth of Windows systems.

Backups 207

Backups Ransomware Accountability Malware 207

Krebs on Security

MAY 3, 2019

A Pennsylvania credit union is suing financial industry technology giant Fiserv , alleging that “baffling” security vulnerabilities in the company’s software are “wreaking havoc” on its customers. The credit union said the investigation that fueled the lawsuit was prompted by a 2018 KrebsOnSecurity report about glaring security weaknesses in a Fiserv platform that exposed personal and financial details of customers across hundreds of bank Web sites.

Banking 207

Banking Accountability Passwords Technology 207

Troy Hunt

MAY 2, 2019

It's the last one from home for a few weeks, both for Scott and myself. Whilst I head off to the US for a couple of weeks, he's back home to the UK before other Europe travel then we'll both end up back on the Gold Coast in a few weeks time before the AusCERT conference. This week, we're talking about how kids are so good at circumventing things like parental controls and how maybe - just maybe - talking to your goods and using some social techniques is a better (or at least complimentary) appro

Marketing 150

Marketing 150

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Software

Schneier on Security

MAY 2, 2019

Politico has a long article making the case that the lead GDPR regulator, Ireland, has too cozy a relationship with Silicon Valley tech companies to effectively regulate their privacy practices. Despite its vows to beef up its threadbare regulatory apparatus, Ireland has a long history of catering to the very companies it is supposed to oversee, having wooed top Silicon Valley firms to the Emerald Isle with promises of low taxes, open access to top officials, and help securing funds to build gli

Data privacy 244

Data privacy Software Cybersecurity 244

The Last Watchdog

MAY 2, 2019

Small and midsize businesses — so-called SMBs — face an acute risk of sustaining a crippling cyberattack. This appears to be even more true today than it was when I began writing about business cyber risks at USA TODAY more than a decade ago. Related: ‘Malvertising’ threat explained However, one small positive step is that company decision makers today, at least, don’t have their heads in the sand.

Risk 182

Risk Cyber Risk Cyber threats Banking 182

Adam Levin

MAY 2, 2019

Adam Levin was featured on a short video on TicToc by Bloomberg, where he discussed the trade-offs between security and convenience for mobile banking and payment apps. “As business tries in its technological innovation to make things more convenient, you end up with the conundrum between convenience and security.” Levin said. See the video below, or on Bloomberg.com : ?.

Mobile 100

Mobile Banking Technology 100

Schneier on Security

MAY 1, 2019

Mark Risher of Google extols the virtues of security keys: I'll say it again for the people in the back: with Security Keys, instead of the *user* needing to verify the site, the *site* has to prove itself to the key. Good security these days is about human factors; we have to take the onus off of the user as much as we can. Furthermore, this "proof" from the site to the key is only permitted over close physical proximity (like USB, NFC, or Bluetooth).

Social Engineering 230

Social Engineering Backups Authentication Passwords 230

The Last Watchdog

APRIL 30, 2019

If your company is participating in the global supply chain, either as a first-party purchaser of goods and services from other organizations, or as a third-party supplier, sooner or later you’ll encounter the NIST Cybersecurity Framework. Related: How NIST protocols fit SMBs The essence of the NIST CSF is showing up in the privacy regulations now being enforced in Europe, as well as in a number of U.S. states.

Cybersecurity 173

Cybersecurity Insurance Cyber Insurance Risk 173

WIRED Threat Level

APRIL 30, 2019

Mueller is done and Rosenstein is on his way out the door, but federal and state authorities around the country are still investigating the president and those in his orbit.

111

111

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

Security Affairs

APRIL 29, 2019

A cyber survey conducted by the United Kingdom’s National Cyber Security Centre (NCSC) revealed that ‘123456’ is still the most hacked password. Security experts at the United Kingdom’s National Cyber Security Centre (NCSC) analyzed the 100,000 most-commonly re-occurring breached passwords using data from Have I Been Pwned (HIBP). Have I Been Pwned allows users to search across multiple data breaches to see if their email address has been compromised.

Passwords 111

Passwords Accountability Data breaches Advertising 111

Schneier on Security

APRIL 29, 2019

Someone is stealing millions of dollars worth of Ethereum by guessing users' private keys. Normally this should be impossible, but lots of keys seem to be very weak. Researchers are unsure how those weak keys are being generated and used. Their paper is here.

Encryption 226

Encryption Cryptocurrency Hacking 226

The Last Watchdog

MAY 1, 2019

Defending a company network is a dynamic, multi-faceted challenge that continues to rise in complexity, year after year after year. Related: Why diversity in training is a good thing. Yet there is a single point of failure common to just about all network break-ins: humans. Social engineering, especially phishing, continues to trigger the vast majority of breach attempts.

Social Engineering 166

Social Engineering Engineering Phishing Banking 166

Thales Cloud Protection & Licensing

MAY 1, 2019

Over the last two election cycles, we’ve seen an increased focus on election security, hacking and fraud. While many state and government officials are under no illusion that they are safe from a digital attack, concern should run deeper than election integrity. Most federal security issues are a result of well-known long-standing vulnerabilities that agencies have not addressed.

Digital transformation 105

Digital transformation Cybersecurity Data breaches Encryption 105

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Security Affairs

APRIL 27, 2019

Experts at Cisco Talos group disclosed a dozen vulnerabilities uncovered in Sierra Wireless AirLink gateways and routers, including several serious flaws. Researchers at Cisco Talos group disclosed a dozen vulnerabilities affecting Sierra Wireless AirLink gateways and routers, including several serious flaws. Some of the flaws could be exploited to execute arbitrary code, modify passwords, and change system settings, Sierra Wireless AirLink gateways and routers are widely used in enterprise envi

Wireless 110

Wireless Passwords IoT Advertising 110

Adam Shostack

APRIL 30, 2019

Heriot-Watt University in Scotland is hosting a “ Workshop on Serious Games for Cyber Security ,” May 21-22.

100

100

The Last Watchdog

MAY 2, 2019

While the internet and social media have been very positive for businesses, there remains an inherent risk when it comes to how brands manage their Facebook, Twitter, and Instagram accounts. Related: Defusing weaponized documents While social media on every platform has benefits, there remains risks that must be addressed so as to keep your companies’ image and data safe.

Media 138

Media Marketing Risk Passwords 138

Dark Reading

MAY 1, 2019

Breach of India-based outsourcing giant involved a remote access tool and a post-exploitation tool, according to an analysis by Flashpoint.

Hacking 97

Hacking 97

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

Security Affairs

APRIL 28, 2019

A new variant of the AESDDoS bot is exploiting a recent vulnerability in the Atlassian collaborative software Confluence. Security experts at Trend Micro have spotted a new variant of AESDDoS botnet that is exploiting a recently discovered vulnerability in the Atlassian collaborative software Confluence. The flaw exploited in the attacks, tracked as CVE-2019-3396 , is a server-side template injection vulnerability that resides in the Widget Connector macro in Confluence Server.

DDOS 110

DDOS Malware Advertising Software 110

WIRED Threat Level

MAY 3, 2019

A group of likely Chinese hackers has poisoned the software of seven companies in just the last three years.

Software 109

Software Hacking 109

Threatpost

APRIL 29, 2019

Millions of security cameras, baby monitors and "smart" doorbells are open to hijack - and no solution is currently available.

IoT 94

IoT 94

Dark Reading

MAY 2, 2019

Deploying focused edge protection on-site extends security beyond the network level to shield millions of previously exposed devices, apps, and control systems.

87

87

Advertisement

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

Software

Security Affairs

MAY 2, 2019

The Department of Energy confirmed that in March a cyber event disrupted power grid operations in California, Wyoming, and Utah. The Department of Energy confirmed that on March 2019, between 9 a.m. and 7 p.m., a cyber event disrupted energy grid operations in California, Wyoming, and Utah. The news was first reported by E&E News, a “cyber event” interrupted grid operations in parts of the western United States in March, according to a report posted by the Department of Energy.

Energy and Utilities 111

Energy and Utilities Cyber Attacks Hacking Media 111

WIRED Threat Level

APRIL 29, 2019

If you're going up against an army of the undead, maybe plan a little better.

112

112

Threatpost

MAY 1, 2019

Ricardo Milos joined Ben 10, Adventure Time and We Bare Bear videos on its websites over the weekend.

Hacking 100

Hacking 100

Dark Reading

APRIL 29, 2019

Organizations impacted by breach, which gave attackers illegal access to a database containing sensitive account information, need to check their container images.

Accountability 82

Accountability Passwords 82

Advertisement

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

Cybersecurity

Security Affairs

MAY 3, 2019

German police have shut down one of the world’s largest black marketplace in the darkweb, the ‘Wall Street Market,’ and arrested its operators. The German police, with the support of Europol, Dutch police and the FBI, has shut down one of the world’s largest black marketplace in the darkweb , the ‘Wall Street Market,’ and arrested three operators allegedly running it.

Marketing 111

Marketing Cryptocurrency Cybercrime Advertising 111

eSecurity Planet

APRIL 30, 2019

Organizations remain under attack both from within and without. We highlight current and emerging risks and the protections organizations need.

Risk 77

Risk 77

Threatpost

MAY 2, 2019

Researchers warn customers to reconsider the use of the camera’s remote access feature if the device is monitoring highly sensitive areas of their household or company.

IoT 70

IoT Hacking 70

Dark Reading

APRIL 29, 2019

A flaw in the software used to remotely access cameras and monitoring devices could allow hackers to easily take control of millions of pieces of the IoT.

IoT 83

IoT Software 83

Advertisement

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

Cybersecurity