Schneier on Security

JULY 5, 2018

At least right now, facial recognition algorithms don't work with Juggalo makeup.

Software 156

Software Surveillance 156

Krebs on Security

JULY 6, 2018

Energy giant ExxonMobil recently sent snail mail letters to its Plenti rewards card members stating that the points program was being replaced with a new one called Exxon Mobil Rewards+. Unfortunately, the letter includes a confusing toll free number and directs customers to a parked page that tries to foist Web browser extensions on visitors. The mailer (the first page of which is screenshotted below) urges customers to visit exxonmobilrewardsplus[dot]com, to download its mobile app, and to cal

Advertising 153

Advertising Mobile Marketing Engineering 153

Troy Hunt

JULY 2, 2018

Back in 2011, Microsoft gave me the rather awesome (IMHO) Most Valuable Professional Award for the first time. This is Microsoft's award for community leadership within a technology discipline which for me at the time, was developer security. I'm confident that award came largely due to the work I did on the OWASP Top 10 for.NET Developers series , a 10-part epic blog series that set me on the path to where I am today.

Technology 149

Technology 149

WIRED Threat Level

JULY 5, 2018

It's never a bad time to audit your app permissions. In fact, it's more important than ever.

111

111

Advertisement

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

Passwords

Schneier on Security

JULY 3, 2018

The California legislature unanimously passed the strongest data privacy law in the nation. This is great news, but I have a lot of reservations. The Internet tech companies pressed to get this law passed out of self-defense. A ballot initiative was already going to be voted on in November, one with even stronger data privacy protections. The author of that initiative agreed to pull it if the legislature passed something similar, and that's why it did.

Data privacy 151

Data privacy Internet Internet 151

Adam Levin

JULY 2, 2018

If you know anyone who maintains social media accounts and works in law enforcement, and they don’t use an alias, send them this article. Scratch that. If you know anyone who might be targeted by hackers who has too much real information “out there” (i.e., most people), send this article to them. It’s no secret that people with high-profile outward facing jobs have long used aliases–actors, media personalities, professional athletes, models, etc.

Social Engineering 101

Social Engineering Media Identity Theft Engineering 101

WIRED Threat Level

JULY 2, 2018

For years the Army has tried to recruit talent from Silicon Valley. A new initiative aims to nurture the rising technologists within its own ranks, too.

111

111

Schneier on Security

JULY 2, 2018

Interesting research in using traffic analysis to learn things about encrypted traffic. It's hard to know how critical these vulnerabilities are. They're very hard to close without wasting a huge amount of bandwidth. The active attacks are more interesting.

Mobile 145

Mobile Encryption 145

Adam Levin

JULY 6, 2018

It’s been a long compromise-filled road with billions of victims along the way, but businesses are finally embracing the need for creating a culture where good cyber hygiene is emphasized and rewarded. But how much is enough? It is increasingly common knowledge that email attachments can be dangerous. And most people these days know that they should be using a harder to guess password than “password” or “123qwe.” That said, there’s still a looming threat

Risk 100

Risk Cybersecurity Software Hacking 100

Adam Shostack

JULY 5, 2018

Over at the Leviathan blog, Crispin Cowan writes about “ The Calculus Of Threat Modeling.” Crispin and I have collaborated and worked together over the years, and our approaches are explicitly aligned around the four question frame. What are we working on? One of the places where Crispin goes deeper is definitional. He’s very precise about what a security principal is: A principal is any active entity in system with access privileges that are in any way distinct from some other

Engineering 100

Engineering 100

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Software

WIRED Threat Level

JULY 3, 2018

To keep malware at bay, the GEOINT App Store has created a screening process that no commercial platform could ever match.

Malware 100

Malware 100

Schneier on Security

JULY 6, 2018

The Intercept has a long story about the NSA's domestic interception points. Includes some new Snowden documents.

Surveillance 142

Surveillance 142

Dark Reading

JULY 3, 2018

Cybercriminals are increasingly turning to cryptojacking over ransomware for a bigger payday. Here's what enterprises need to know in order to protect their digital assets and bank accounts.

Ransomware 82

Ransomware Banking Accountability 82

eSecurity Planet

JULY 3, 2018

VIDEO: Tom Parker of Accenture Security discusses how organizations should budget for cybersecurity - and make the most of what they already have.

Cybersecurity 66

Cybersecurity 66

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

WIRED Threat Level

JUNE 30, 2018

Data leaks, NSA secrets, and more of this week's top security news.

100

100

Thales Cloud Protection & Licensing

JULY 3, 2018

For many organizations, July and August are synonymous with holidays. And, while we all want to disconnect, no one does this completely given how connected we all are. Some successfully disconnect from work, but if they check the news on their phone, call an Uber, watch Netflix on an iPad or sign up for a yoga class via an app, they are still very much connected.

Encryption 63

Encryption Passwords Data breaches Education 63

Dark Reading

JULY 5, 2018

SMBs understand they have to focus more on cybersecurity. Here's a look at the areas they say matter most.

Cybersecurity 76

Cybersecurity 76

Threatpost

JULY 1, 2018

New macOS malware targets crypto community via chat networks Slack and Discord.

Cryptocurrency 52

Cryptocurrency Malware Hacking 52

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

WIRED Threat Level

JULY 3, 2018

As the push for more digital privacy grows, the question is whether the courts or lawmakers will step up to protect our rights—or if it will fall through the cracks.

95

95

eSecurity Planet

JULY 6, 2018

The secret to effective employee security awareness training boils down to three things: Train early, often, and explain why.

Security Awareness 52

Security Awareness 52

Dark Reading

JULY 5, 2018

The most effective hackers keep things simple, something organizations must take into account.

Accountability 65

Accountability 65

Threatpost

JULY 6, 2018

The July Android Security bulletin tackles 44 vulnerabilities in all, with the bulk rated high in severity.

Mobile 51

Mobile 51

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

The Security Ledger

JULY 4, 2018

Quantum principles are set to transform the next generation of Internet security, with new quantum-based technologies on tap to improve encryption and data communication which researchers believe could solve some of the limitations with current technology. Security researchers in the United Kingdom are among those leading the move toward quantum. Read the whole entry. » Related Stories Lasers Eyed as Way Forward for Quantum Encryption of Data, Cryptocurrencies Kaspersky Deems Crypto-jacking

Encryption 40

Encryption IoT Cryptocurrency Technology 40

Schneier on Security

JULY 6, 2018

Chinese buyers are canceling orders to buy US squid in advance of an expected 25% tariff. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Read my blog posting guidelines here.

110

110

Dark Reading

JULY 5, 2018

A new variant of old malware scans a system before deciding just how to administer pain.

Malware 65

Malware Ransomware 65

Threatpost

JULY 1, 2018

More companies – particularly social media firms – may follow Facebook’s footsteps in turning to bug bounty programs to scout out any data privacy abuse on their platforms, experts say.

Data privacy 47

Data privacy Media Hacking 47

Advertisement

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

Software

The Security Ledger

JULY 3, 2018

Because of its potential to earn hackers millions in a steady stream of cash, Kaspersky Labs has deemed crypto-jacking the new ransomware in a report that arrived just as researchers spotted two new types of malware targeting the growing popularity of cryptocurrencies. In its report released last Wednesday, Kaspersky declared that crypto-mining. Read the whole entry. » Related Stories Akamai Report finds DDoS Attacks more Sophisticated, Adaptive Evasive new botnet can take over enterprise

Ransomware 40

Ransomware Cryptocurrency DDOS Malware 40

Dark Reading

JULY 3, 2018

Others should boost their security controls to get in sync with AB 375. or get ready to be sued hundreds of dollars for each personal record exposed in a breach.

59

59

Dark Reading

JULY 6, 2018

OSX.Dummy depends on substantial help from an unwary victim.

Cryptocurrency 58

Cryptocurrency Malware 58

Dark Reading

JULY 6, 2018

The Israeli hacking firm says its stolen software is worth hundreds of millions of dollars.

Hacking 56

Hacking Software 56

Advertisement

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

Cybersecurity