Schneier on Security
MAY 7, 2018
Last month, Wired published a long article about Ray Ozzie and his supposed new scheme for adding a backdoor in encrypted devices. It's a weird article. It paints Ozzie's proposal as something that "attains the impossible" and "satisfies both law enforcement and privacy purists," when (1) it's barely a proposal, and (2) it's essentially the same key escrow scheme we've been hearing about for decades.
Troy Hunt
MAY 7, 2018
Remember when web security was all about looking for padlocks? I mean in terms of the advice we gave your everyday people, that's what it boiled down to - "look for the padlock before entering passwords or credit card info into a website" Back in the day, this was pretty solid advice too as it gave you confidence not just in the usual confidentiality, integrity and authenticity of the web traffic, but in the legitimacy of the site as well.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Lenny Zeltser
MAY 7, 2018
This cheat sheet offers guidelines for IT professionals seeking to improve technical writing skills. To print it, use the one-page PDF version; you can also customize the Word version of the document. General Recommendations. Determine your write-up’s objectives and audience. Keep the write-up as short and simple as possible to achieve the objectives.
WIRED Threat Level
MAY 6, 2018
Scammers, pranksters, and bad actors all want to break into whatever social media accounts they can. Here's how to keep yours safe.
Advertisement
Many cybersecurity awareness platforms offer massive content libraries, yet they fail to enhance employees’ cyber resilience. Without structured, engaging, and personalized training, employees struggle to retain and apply key cybersecurity principles. Phished.io explains why organizations should focus on interactive, scenario-based learning rather than overwhelming employees with excessive content.
Schneier on Security
MAY 9, 2018
This article says that the Virginia Beach police are looking to buy encrypted radios. Virginia Beach police believe encryption will prevent criminals from listening to police communications. They said officer safety would increase and citizens would be better protected. Someone should ask them if they want those radios to have a backdoor.
Troy Hunt
MAY 11, 2018
This week, Scott Helme is getting bitten by Aussie critters whilst working from a desert island. He's here on the Gold Coast for the NDC Security event next week so I thought we'd record the update together so we grabbed a couple of cold ones, wandered down to the backyard and recorded there. We cover off a bunch of bits and pieces related to things we're working on together (workshops and Report URI) as well as some (mostly) commonly held views about HTTPS, EV certs and visual indicators.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
|
WIRED Threat Level
MAY 9, 2018
It's a powerful tool, but recent incidents have shown that there's no winning with facial recognition.
Schneier on Security
MAY 11, 2018
New research: " Leaving on a jet plane: the trade in fraudulently obtained airline tickets :". Abstract: Every day, hundreds of people fly on airline tickets that have been obtained fraudulently. This crime script analysis provides an overview of the trade in these tickets, drawing on interviews with industry and law enforcement, and an analysis of an online blackmarket.
Thales Cloud Protection & Licensing
MAY 10, 2018
In past years’ Thales Data Threat Reports, we asked IT security pros around the world separate questions about whom they believed were the riskiest internal threats and external threats. The results were useful but didn’t allow us to compare which category proved most worrisome. This year, we restructured the two separate questions into a single one, and that gave us some very interesting results about who worries these IT security professionals the most.
Dark Reading
MAY 8, 2018
The expenses and actions typically associated with a cyberattack are not all created equal. Here's how to explain what's important to the C-suite and board.
Advertisement
The DHS compliance audit clock is ticking on Zero Trust. Government agencies can no longer ignore or delay their Zero Trust initiatives. During this virtual panel discussion—featuring Kelly Fuller Gordon, Founder and CEO of RisX, Chris Wild, Zero Trust subject matter expert at Zermount, Inc., and Principal of Cybersecurity Practice at Eliassen Group, Trey Gannon—you’ll gain a detailed understanding of the Federal Zero Trust mandate, its requirements, milestones, and deadlines.
eSecurity Planet
MAY 7, 2018
Using SQL injection, hackers can wreak havoc on databases and data-driven applications. Fortunately, there are ways to reduce SQL injection risk.
WIRED Threat Level
MAY 5, 2018
Georgia's SB315 discourages security research and encourages hacking back—meaning it's exactly backwards.
Threatpost
MAY 10, 2018
The GandCrab ransomware continues to virulently spread and adapt to shifting cyber-conditions, most recently crawling back into relevance on the back of several large-scale spam campaigns.
Dark Reading
MAY 10, 2018
Better encryption could mean weaker security if you're not careful.
Advertisement
Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.
eSecurity Planet
MAY 11, 2018
VIDEO: Brandon Philips, former CTO of CoreOS, talks about how the Kubernetes security team works and responds to vulnerability reports.
WIRED Threat Level
MAY 9, 2018
For the last three years, Iran has restrained its state-sponsored hackers from disruptive attacks on the West. That ceasefire may now be over.
Threatpost
MAY 10, 2018
The leak of point-of-sale malware source code is a double-edge sword to researchers who view it as boon to research, but a headache when it comes to inspiring future variants and attacks.
Dark Reading
MAY 11, 2018
Researchers find campaigns distributing Gandcrab by hosting malware on legitimate websites with poor security measures.
Advertisement
Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.
eSecurity Planet
MAY 9, 2018
It's not just about PCI DSS compliance – here are three important factors in a POS security solution, plus other ways to avoid credit card breaches.
WIRED Threat Level
MAY 11, 2018
Enabling JavaScript should make Excel more powerful, but increasing access points makes it even more of a web security nightmare than it already is.
Threatpost
MAY 10, 2018
A new malware campaign being rapidly spread on Facebook is infecting users' systems to perform credential theft, cryptomining, and click fraud.
Dark Reading
MAY 11, 2018
Smart cybersecurity teams are harnessing the power of human intelligence so employees take the right actions.
Advertisement
How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.
Thales Cloud Protection & Licensing
MAY 9, 2018
The rapid adoption of hyperconverged infrastructure (HCI) solutions have been due to their proven ability to deliver scalability, agility, reduced costs, storage redundancy, and reliability. As the market leader in this space, the Nutanix Enterprise Cloud is on the forefront of integrating virtualization, storage, networking, and security, in a turnkey HCI solution.
WIRED Threat Level
MAY 5, 2018
Bad drones, boobytrapped North Korean antivirus, and more of the week's top security news.
Threatpost
MAY 11, 2018
While it’s a simple payload for now, researchers said Vega has the ability to evolve into something more concerning in the future.
Dark Reading
MAY 11, 2018
Marketing, PR, and advertising firms are among those being targeted.
Advertisement
After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!
Thales Cloud Protection & Licensing
MAY 8, 2018
Data is increasingly amassed and harnessed to accelerate organizational transformation in the new digital economy. But because databases can hold sensitive details, protecting them is imperative. Unprotected data at rest is an attractive target for cybercriminals, and in today’s ever more distributed environment, not a week goes by without hearing of a new data breach.
Schneier on Security
MAY 11, 2018
Squids used to have shells. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Read my blog posting guidelines here.
Threatpost
MAY 8, 2018
Tech-support scams took off during the year, while whaling/business email compromise was the main threat, accounting for losses of more than $675 million.
Dark Reading
MAY 11, 2018
Isolating critical systems from connectivity isn't a guarantee they can't be hacked.
Advertiser: Revenera
In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.
Expert insights. Personalized for you.
193 
Let's personalize your content