Krebs on Security

JULY 6, 2018

Energy giant ExxonMobil recently sent snail mail letters to its Plenti rewards card members stating that the points program was being replaced with a new one called Exxon Mobil Rewards+. Unfortunately, the letter includes a confusing toll free number and directs customers to a parked page that tries to foist Web browser extensions on visitors. The mailer (the first page of which is screenshotted below) urges customers to visit exxonmobilrewardsplus[dot]com, to download its mobile app, and to cal

Advertising 150

Advertising Mobile Marketing Engineering 150

Troy Hunt

JULY 2, 2018

Back in 2011, Microsoft gave me the rather awesome (IMHO) Most Valuable Professional Award for the first time. This is Microsoft's award for community leadership within a technology discipline which for me at the time, was developer security. I'm confident that award came largely due to the work I did on the OWASP Top 10 for.NET Developers series , a 10-part epic blog series that set me on the path to where I am today.

Technology 148

Technology 148

Schneier on Security

JULY 3, 2018

The California legislature unanimously passed the strongest data privacy law in the nation. This is great news, but I have a lot of reservations. The Internet tech companies pressed to get this law passed out of self-defense. A ballot initiative was already going to be voted on in November, one with even stronger data privacy protections. The author of that initiative agreed to pull it if the legislature passed something similar, and that's why it did.

Data privacy 144

Data privacy Internet Internet 144

Adam Levin

JULY 2, 2018

If you know anyone who maintains social media accounts and works in law enforcement, and they don’t use an alias, send them this article. Scratch that. If you know anyone who might be targeted by hackers who has too much real information “out there” (i.e., most people), send this article to them. It’s no secret that people with high-profile outward facing jobs have long used aliases–actors, media personalities, professional athletes, models, etc.

Social Engineering 101

Social Engineering Media Identity Theft Engineering 101

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Software

Adam Shostack

JULY 5, 2018

Over at the Leviathan blog, Crispin Cowan writes about “ The Calculus Of Threat Modeling.” Crispin and I have collaborated and worked together over the years, and our approaches are explicitly aligned around the four question frame. What are we working on? One of the places where Crispin goes deeper is definitional. He’s very precise about what a security principal is: A principal is any active entity in system with access privileges that are in any way distinct from some other

Engineering 100

Engineering 100

Troy Hunt

JULY 6, 2018

It's a week of tweets! I only wrote the one short blog post this week, but I spent a heap of time on the Twitters arguing with people instead so. that's something? But seriously, there was a huge amount of discussion around HTTPS in particular and some very vocal opinions around its usefulness (or lack thereof), which frankly, had myself and many others tearing their hair out.

DDOS 114

DDOS Passwords Cryptocurrency Data breaches 114

Adam Levin

JULY 6, 2018

It’s been a long compromise-filled road with billions of victims along the way, but businesses are finally embracing the need for creating a culture where good cyber hygiene is emphasized and rewarded. But how much is enough? It is increasingly common knowledge that email attachments can be dangerous. And most people these days know that they should be using a harder to guess password than “password” or “123qwe.” That said, there’s still a looming threat

Risk 100

Risk Cybersecurity Software Hacking 100

WIRED Threat Level

JULY 2, 2018

For years the Army has tried to recruit talent from Silicon Valley. A new initiative aims to nurture the rising technologists within its own ranks, too.

110

110

Dark Reading

JULY 3, 2018

Cybercriminals are increasingly turning to cryptojacking over ransomware for a bigger payday. Here's what enterprises need to know in order to protect their digital assets and bank accounts.

Ransomware 82

Ransomware Banking Accountability 82

Schneier on Security

JULY 6, 2018

The Intercept has a long story about the NSA's domestic interception points. Includes some new Snowden documents.

Surveillance 136

Surveillance 136

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

eSecurity Planet

JULY 3, 2018

VIDEO: Tom Parker of Accenture Security discusses how organizations should budget for cybersecurity - and make the most of what they already have.

Cybersecurity 77

Cybersecurity 77

WIRED Threat Level

JULY 5, 2018

It's never a bad time to audit your app permissions. In fact, it's more important than ever.

110

110

Thales Cloud Protection & Licensing

JULY 3, 2018

For many organizations, July and August are synonymous with holidays. And, while we all want to disconnect, no one does this completely given how connected we all are. Some successfully disconnect from work, but if they check the news on their phone, call an Uber, watch Netflix on an iPad or sign up for a yoga class via an app, they are still very much connected.

Encryption 63

Encryption Passwords Data breaches Education 63

Schneier on Security

JULY 5, 2018

At least right now, facial recognition algorithms don't work with Juggalo makeup.

Software 149

Software Surveillance 149

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Dark Reading

JULY 5, 2018

SMBs understand they have to focus more on cybersecurity. Here's a look at the areas they say matter most.

Cybersecurity 76

Cybersecurity 76

WIRED Threat Level

JULY 3, 2018

As the push for more digital privacy grows, the question is whether the courts or lawmakers will step up to protect our rights—or if it will fall through the cracks.

78

78

eSecurity Planet

JULY 6, 2018

The secret to effective employee security awareness training boils down to three things: Train early, often, and explain why.

Security Awareness 69

Security Awareness 69

Threatpost

JULY 1, 2018

More companies – particularly social media firms – may follow Facebook’s footsteps in turning to bug bounty programs to scout out any data privacy abuse on their platforms, experts say.

Data privacy 47

Data privacy Media Hacking 47

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

Dark Reading

JULY 3, 2018

Others should boost their security controls to get in sync with AB 375. or get ready to be sued hundreds of dollars for each personal record exposed in a breach.

59

59

WIRED Threat Level

JULY 3, 2018

To keep malware at bay, the GEOINT App Store has created a screening process that no commercial platform could ever match.

Malware 82

Malware 82

The Security Ledger

JULY 4, 2018

Quantum principles are set to transform the next generation of Internet security, with new quantum-based technologies on tap to improve encryption and data communication which researchers believe could solve some of the limitations with current technology. Security researchers in the United Kingdom are among those leading the move toward quantum. Read the whole entry. » Related Stories Lasers Eyed as Way Forward for Quantum Encryption of Data, Cryptocurrencies Kaspersky Deems Crypto-jacking

Encryption 40

Encryption IoT Cryptocurrency Technology 40

Threatpost

JULY 1, 2018

More companies – particularly social media firms – may follow Facebook’s footsteps in turning to bug bounty programs to scout out any data privacy abuse on their platforms, experts say.

Data privacy 43

Data privacy Media Hacking 43

Advertisement

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

Software

Dark Reading

JULY 6, 2018

Classic kill chain models that aim to find and stop external attacks don't account for threats from insiders. Here what a modern kill chain should include.

Accountability 53

Accountability 53

WIRED Threat Level

JUNE 30, 2018

Data leaks, NSA secrets, and more of this week's top security news.

81

81

The Security Ledger

JULY 3, 2018

Because of its potential to earn hackers millions in a steady stream of cash, Kaspersky Labs has deemed crypto-jacking the new ransomware in a report that arrived just as researchers spotted two new types of malware targeting the growing popularity of cryptocurrencies. In its report released last Wednesday, Kaspersky declared that crypto-mining. Read the whole entry. » Related Stories Akamai Report finds DDoS Attacks more Sophisticated, Adaptive Evasive new botnet can take over enterprise

Ransomware 40

Ransomware Cryptocurrency DDOS Malware 40

Threatpost

JULY 5, 2018

A look at the underground cybercrime landscape in 2018 shows a dynamic and quick-reacting community in the face of a successful crackdowns by law enforcement.

Cybercrime 46

Cybercrime Hacking 46

Advertisement

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

Cybersecurity

Dark Reading

JULY 3, 2018

The first half of 2018 saw more cryptocurrency theft than all of 2017 combined, driving a rise in digital money laundering as criminals elude authorities.

Cryptocurrency 51

Cryptocurrency 51

Schneier on Security

JULY 6, 2018

Chinese buyers are canceling orders to buy US squid in advance of an expected 25% tariff. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Read my blog posting guidelines here.

108

108

Dark Reading

JULY 6, 2018

At a Moscow-based security conference, Russian President Vladimir Putin said countries should work together amid the rise of cyberthreats.

Cybersecurity 55

Cybersecurity 55

Dark Reading

JULY 5, 2018

Financial services firms in Britain have three months to explain how they would stay up and running in the event of an attack or service disruption.

Backups 52

Backups Banking Financial Services 52

Advertisement

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

Cybersecurity