Schneier on Security
OCTOBER 14, 2019
This theoretical paper shows how to factor 2048-bit RSA moduli with a 20-million qubit quantum computer in eight hours. It's interesting work, but I don't want overstate the risk. We know from Shor's Algorithm that both factoring and discrete logs are easy to solve on a large, working quantum computer. Both of those are currently beyond our technological abilities.
The Last Watchdog
OCTOBER 16, 2019
Digital commerce has come to revolve around two types of identities: human and machine. Great effort has gone into protecting the former, and yet human identities continue to get widely abused by cyber criminals. By comparison, scant effort has gone into securing the latter. This is so in spite of the fact that machine identities are exploding in numbers and have come to saturate digital transformation.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Tech Republic Security
OCTOBER 15, 2019
The number of attacks on IoT devices in 2019 is nine times greater than the number found in the first half of 2018.
Troy Hunt
OCTOBER 12, 2019
Australia! Geez it's nice to sit amongst the gum trees and listen to the birds, even if it's right in the middle of some fairly miserable weather. I'll continue to be here for the foreseeable future too, at least in one state or another. But being back here hasn't stopped me talking about European laws being handled by a local American website nor commentating on the (now well and truly over) debate about the usefulness of visual identity indicators in browsers.
Advertisement
Many cybersecurity awareness platforms offer massive content libraries, yet they fail to enhance employees’ cyber resilience. Without structured, engaging, and personalized training, employees struggle to retain and apply key cybersecurity principles. Phished.io explains why organizations should focus on interactive, scenario-based learning rather than overwhelming employees with excessive content.
Schneier on Security
OCTOBER 15, 2019
Lots of them weren't very good : BSD co-inventor Dennis Ritchie, for instance, used "dmac" (his middle name was MacAlistair); Stephen R. Bourne, creator of the Bourne shell command line interpreter, chose "bourne"; Eric Schmidt, an early developer of Unix software and now the executive chairman of Google parent company Alphabet, relied on "wendy!!!" (the name of his wife); and Stuart Feldman, author of Unix automation tool make and the first Fortran compiler, used "axolotl" (the name of a Mexica
The Last Watchdog
OCTOBER 15, 2019
If there ever was such a thing as a cybersecurity silver bullet it would do one thing really well: eliminate passwords. Threat actors have proven to be endlessly clever at abusing and misusing passwords. Compromised logins continue to facilitate cyber attacks at all levels, from phishing ruses to credential stuffing to enabling hackers to probe deep inside of a breached network.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
|
Krebs on Security
OCTOBER 16, 2019
Cybercrime forums have been abuzz this week over news that BriansClub — one of the underground’s largest shops for stolen credit and debit cards — has been hacked, and its inventory of 26 million cards shared with security contacts in the banking industry. Now it appears this brazen heist may have been the result of one of BriansClub’s longtime competitors trying to knock out a rival.
Schneier on Security
OCTOBER 17, 2019
This is interesting research : In a BGP hijack, a malicious actor convinces nearby networks that the best path to reach a specific IP address is through their network. That's unfortunately not very hard to do, since BGP itself doesn't have any security procedures for validating that a message is actually coming from the place it says it's coming from. [.].
The Last Watchdog
OCTOBER 14, 2019
The digital footprints of U.S. consumers’ have long been up for grabs. No one stops the tech giants, media conglomerates and online advertisers from intensively monetizing consumers’ online behaviors, largely without meaningful disclosure. Related: The state of ransomware Who knew that much the same thing routinely happens to enterprises? A recent report by network detection and response vendor ExtraHop details how third-party security and analytics tools routinely “ phone home ” in order to exf
Tech Republic Security
OCTOBER 14, 2019
The FBI Cyber Task Force recently issued a Private Industry Notice on how businesses can deal with vulnerabilities tied to token and phone-based multi-factor authentication methods.
Advertisement
The DHS compliance audit clock is ticking on Zero Trust. Government agencies can no longer ignore or delay their Zero Trust initiatives. During this virtual panel discussion—featuring Kelly Fuller Gordon, Founder and CEO of RisX, Chris Wild, Zero Trust subject matter expert at Zermount, Inc., and Principal of Cybersecurity Practice at Eliassen Group, Trey Gannon—you’ll gain a detailed understanding of the Federal Zero Trust mandate, its requirements, milestones, and deadlines.
Thales Cloud Protection & Licensing
OCTOBER 15, 2019
It is the year 2030, and you have had another busy day. As you finish what you thought would be your last espresso and grab your laptop to leave work, your colleague tells you that you need to stay late for an urgent meeting. Panic sets in, but you push past it and put a plan into motion. To pick your daughter up from school, you call a driverless car.
Schneier on Security
OCTOBER 18, 2019
Interesting proof of concept : At the CS3sthlm security conference later this month, security researcher Monta Elkins will show how he created a proof-of-concept version of that hardware hack in his basement. He intends to demonstrate just how easily spies, criminals, or saboteurs with even minimal skills, working on a shoestring budget, can plant a chip in enterprise IT equipment to offer themselves stealthy backdoor access.
Troy Hunt
OCTOBER 17, 2019
It's my first conference back in Australia since probably about May and I'm experiencing a rare luxury - not flying! I'm sticking to driving some big distances just to get a break from the tyranny that is check-in, security and airport lounges. Seriously, it was beginning to do my head in so now it's cruise control and podcasts for me in the foreseeable future.
Tech Republic Security
OCTOBER 15, 2019
Learn how to secure and protect your Apple Card, both the virtual card and the physical one.
Advertisement
Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.
Security Affairs
OCTOBER 15, 2019
Experts discovered a security policy bypass issue in the Sudo utility that is installed as a command on almost every Linux and Unix system. The Sudo utility that is installed as a command on almost every Linux and Unix system is affected by a security policy bypass issue tracked as CVE-2019-14287. The vulnerability could be exploited by an ill-intentioned user or a malicious program to execute arbitrary commands as root on a targeted Linux system, even if the “ sudoers configuration”
Schneier on Security
OCTOBER 18, 2019
Last month, I gave a 15-minute talk in London titled: " Why technologists need to get involved in public policy.". In it, I try to make the case for public-interest technologists. (I also maintain a public-interest tech resources page , which has pretty much everything I can find in this space. If I'm missing something, please let me know.). Boing Boing post.
Adam Levin
OCTOBER 18, 2019
U.S. mailing services company Pitney-Bowes experienced services outages after a ransomware attack earlier this week. “It has been confirmed that our systems have been affected by a malware attack that encrypted information on some systems and disrupted client access to our services. Our technical and operational teams are making progress to restore the affected systems.
Tech Republic Security
OCTOBER 16, 2019
If you need to password protect a zip file, look no farther than the zip command itself.
Advertisement
Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.
Security Affairs
OCTOBER 16, 2019
Security expert Pasquale Fiorillo demonstrates how to hack n RFID/NFC Vending Machine. The affected vendor did not answer to my responsible disclosure request, so I’m here to disclose this “hack” without revealing the name of the vendor itself. The target vending machine uses an insecure NFC Card, MIFARE Classic 1k , that has been affected by multiple vulnerabilities so should not be used in important application.
Adam Shostack
OCTOBER 15, 2019
The Cybok project has released its v1 “Risk Management & Governance Knowledge Area”; I was a reviewer. Towards Automated Security Design Flaw Detection is an interesting paper from academics in Belgium and Sweden. Steve Lipner offers “ Lessons learned through 15 years of SDL at work “ Charles Wilson has perspective on threat modeling devices in “ Does That Come in a Large?
Daniel Miessler
OCTOBER 13, 2019
This is UL Member Content Subscribe Already a member? Login No related posts.
Tech Republic Security
OCTOBER 16, 2019
If you need to password protect a zip file, look no farther than the zip command itself.
Advertisement
How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.
Security Affairs
OCTOBER 14, 2019
Winnti Group is back with a new modular Win backdoor that was used to infect the servers of a high-profile Asian mobile hardware and software manufacturer. Security experts at ESET revealed that Winnti Group continues to update its arsenal, they observed that the China-linked APT group using a new modular Windows backdoor that they used to infect the servers of a high-profile Asian mobile hardware and software manufacturer.
Threatpost
OCTOBER 15, 2019
The bug allows users to bypass privilege restrictions to execute commands as root.
Dark Reading
OCTOBER 18, 2019
Glitching (or fault-injection) attacks aren't easy (yet). But get ready, because as the IoT grows, these attacks will be a big reason that hardware security should be part of your cybersecurity planning.
Tech Republic Security
OCTOBER 15, 2019
James Plouffe, cybersecurity consultant for "Mr. Robot" reveals how he helped make hacking a reality on the USA-Network drama series starring Rami Malek and Christian Slater.
Advertisement
After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!
Security Affairs
OCTOBER 14, 2019
Cybercrime gang behind the Emotet malware is targeting organization with external SOC with emails claiming to deliver a SOC “weekly report.”. Introduction. The group behind Emotet malware is getting smarter and smarter in the way the y deliver such a Malware. While the infection schema looks alike from years; the way the group tries to infect victims improves from day to day.
Threatpost
OCTOBER 16, 2019
Three different loaders and two payloads are hiding in audio files.
Dark Reading
OCTOBER 14, 2019
Beijing likely saved a lot of time and billions of dollars by copying components for its C919 plane from others, a new report from CrowdStrike says.
Tech Republic Security
OCTOBER 16, 2019
TechRepublic's Karen Roby talks with a cryptocurrency expert about blockchain, bitcoin, and IoT-connected devices.
Advertiser: Revenera
In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.
Expert insights. Personalized for you.
264 
Let's personalize your content