Sat.Mar 31, 2018 - Fri.Apr 06, 2018

article thumbnail

Public Hearing on IoT Risks

Schneier on Security

The US Consumer Product Safety Commission is holding hearings on IoT risks: The U.S. Consumer Product Safety Commission (CPSC, Commission, or we) will conduct a public hearing to receive information from all interested parties about potential safety issues and hazards associated with internet-connected consumer products. The information received from the public hearing will be used to inform future Commission risk management work.

IoT 214
article thumbnail

Weekly Update 81 (Hawaii Edition)

Troy Hunt

We're in Hawaii! "We" being Scott Helme and myself and we're here for the Loco Moco Sec conference which has been a heap of fun (the location may have played a part in that.) And what a location: Scott joined me for this week's update and we were fresh out of a great talk from the Google Chrome Security PM so have a bit to share there about changes coming to the browser.

Mobile 143
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

A 200-Year-Old Idea Offers a New Way to Trace Stolen Bitcoins

WIRED Threat Level

Cambridge researchers point to an 1816 precedent that could fundamentally change how "dirty" Bitcoins are tracked.

111
111
article thumbnail

Thales Executives Speak to Press about UK Cybersecurity Developments

Thales Cloud Protection & Licensing

Thales eSecurity’s CTO Jon Geater and Peter Carlisle , Thales eSecurity’s VP of Sales, EMEA, were recently featured in major news outlets espousing their opinions about internet-connected devices and the new Cyber Security Export Strategy. Geater, on new UK IoT security guidelines. Earlier this month, the UK government announced guidelines to make internet-connected devices safer.

article thumbnail

Prevent Data Breaches With Zero-Trust Enterprise Password Management

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

article thumbnail

Subverting Backdoored Encrryption

Schneier on Security

This is a really interesting research result. This paper proves that two parties can create a secure communications channel using a communications system with a backdoor. It's a theoretical result, so it doesn't talk about how easy that channel is to create. And the assumptions on the adversary are pretty reasonable: that each party can create his own randomness, and that the government isn't literally eavesdropping on every single part of the network at all times.

article thumbnail

Intel Halts Spectre Fixes On Older Chips, Citing Limited Ecosystem Support

Threatpost

Intel has halted patches for older chips addressing the Spectre vulnerability, according to a recent microcode update.

75

More Trending

article thumbnail

Top 10 Distributed Denial of Service (DDoS) Vendors

eSecurity Planet

Compare top 10 DDoS vendors on key characteristics such as use cases, delivery, intelligence, and pricing, to help your enterprise choose the best solution for your DDoS security needs.

DDOS 71
article thumbnail

Musical Ciphers

Schneier on Security

Interesting history.

article thumbnail

How to Build a Cybersecurity Incident Response Plan

Dark Reading

Being hit by a cyberattack is going to be painful. But it can be less painful if you're prepared, and these best practices can help.

article thumbnail

Facebook Messenger's 'Unsend' Feature Is What Happens When You Scramble

WIRED Threat Level

It's good that Facebook is addressing its many privacy woes, but reacting rather than planning leaves some fixes feeling half-baked.

109
109
article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

Mirai Variant Targets Financial Sector With IoT DDoS Attacks

Threatpost

Researchers said a Mirai botnet variant, possibly linked to the IoTroop or Reaper botnet, was leveraged in attacks against the financial sector.

IoT 60
article thumbnail

AlienVault vs Splunk: Top SIEM Solutions Compared

eSecurity Planet

A look at the strengths and weaknesses of AlienVault and Splunk, two leading SIEM solutions.

60
article thumbnail

Unpatched Vulnerabilities the Source of Most Data Breaches

Dark Reading

New studies show how patching continues to dog most organizations - with real consequences.

article thumbnail

DC's Stingray Mess Won't Get Cleaned Up

WIRED Threat Level

DHS this week confirmed that Washington, DC is littered with fake cell tower surveillance devices, but nothing will likely be done to fix it.

article thumbnail

The Tumultuous IT Landscape Is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

article thumbnail

Insecure SCADA Systems Blamed in Rash of Pipeline Data Network Attacks

Threatpost

After a cyberattack shut down numerous pipeline communication networks this week experts are stressing the importance of securing third-party systems in supervisory control and data acquisition (SCADA) environments.

article thumbnail

RSA Conference 2018: Security Takes Center Stage

Thales Cloud Protection & Licensing

RSA Conference 2018 is just under two weeks away, and there isn’t a better moment to talk about data security and privacy. The theme for RSA this year is ‘Now Matters.’ Based on the countless data breaches, hacks and ransomware attacks that occurred in the past year, now certainly matters We saw new forms of ransomware with the WannaCry and Petya attacks that took place in the Spring of 2017 as a result of the Shadow Broker’s NSA data dump.

article thumbnail

Panera Bread Leaves Millions of Customer Records Exposed Online

Dark Reading

Personal information exposed in plain text for months on Panerabread.com and the company's response failed to rise to the challenge.

62
article thumbnail

Paul Nakasone Will Have to Balance NSA Needs With US Cyber Command Background

WIRED Threat Level

The appointment of Paul Nakasone raises the question again: Should the NSA and Cyber Command be controlled by one man?

107
107
article thumbnail

The Importance of User Roles and Permissions in Cybersecurity Software

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

article thumbnail

Google’s April Android Security Bulletin Warns of 9 Critical Bugs

Threatpost

Google updates its Android OS to address its own OS and component partners Qualcomm and Broadcom.

Mobile 58
article thumbnail

Akamai DDoS Mitigation Solution: Overview and Analysis

eSecurity Planet

We review Akamai's DDoS solution, which handles up to 8 Tbps of network capacity while mitigating DNS-based DDoS attacks and protecting DNS services.

DDOS 57
article thumbnail

3 Security Measures That Can Actually Be Measured

Dark Reading

The massive budgets devoted to cybersecurity need to come with better metrics.

article thumbnail

Security News This Week: Julian Assange Has Lost His Internet Privileges

WIRED Threat Level

As always, we’ve rounded up all the news we didn’t break or cover in depth this week.

Internet 106
article thumbnail

IDC Analyst Report: The Open Source Blind Spot Putting Businesses at Risk

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

article thumbnail

Delta, Sears Breaches Blamed on Malware Attack Against a Third-Party Chat Service

Threatpost

Security experts say breaches impacting Delta Air Lines and Sears customers is tied to malware planted on a third-party chat service.

Malware 54
article thumbnail

The Multi-Cloud Era Creates New Encryption Challenges

Thales Cloud Protection & Licensing

Key Findings from the 2018 Global Encryption Trends Study. Data is the lifeblood of a successful business in today’s world, but the balance of using it effectively and protecting it properly is pushing enterprises to the brink. With more organizations using multiple cloud providers to store and process their data, while at the same time needing to demonstrate compliance with increasingly stringent regulations, it’s essential to have a data protection strategy that is up to the task.

article thumbnail

Supply Chain Attacks Could Pose Biggest Threat to Healthcare

Dark Reading

Healthcare organizations often overlook the supply chain, which researchers say is their most vulnerable facet.

article thumbnail

Google Bans All Cryptomining Extensions From the Chrome Store

WIRED Threat Level

As cryptojacking takes over the web, Google will put a stop to cryptomining extensions that prey on unsuspecting installers.

103
103
article thumbnail

The Cloud Development Environment Adoption Report

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

article thumbnail

Panera Bread Slammed After Keeping Massive Data Leak Quiet For Eight Months

Threatpost

Panera is in hot water after sitting on a massive data leak for eight months on its website - and then trying to downplay the amount of customers impacted by the leak.

article thumbnail

Radware DDoS Protection and Mitigation: Overview and Analysis

eSecurity Planet

We review Radware’s DDoS solutions, which include always-on detection, prevention, scrubbing and mitigation capabilities.

DDOS 45
article thumbnail

Businesses Fear 'Catastrophic Consequences' of Unsecured IoT

Dark Reading

Only 29% of respondents in a new IoT security survey say they actively monitor the risk of connected devices used by third parties.

IoT 56
article thumbnail

Cyberinsurance Tries to Tackle the Unpredictable World of Hacks

WIRED Threat Level

Insuring against hacks and breaches can be a lucrative business—but also presents unique challenges.

Hacking 100
article thumbnail

Bringing the Cybersecurity Imperative Into Focus

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!