Schneier on Security

OCTOBER 8, 2019

Two speakers were censored at the Australian Information Security Association's annual conference this week in Melbourne. Thomas Drake , former NSA employee and whistleblower, was scheduled to give a talk on the golden age of surveillance, both government and corporate. Suelette Dreyfus , lecturer at the University of Melbourne, was scheduled to give a talk on her work -- funded by the EU government -- on anonymous whistleblowing technologies like Dropbox and how they reduce corruption in countr

Government 238

Government Surveillance Technology Information Security 238

Adam Levin

OCTOBER 8, 2019

The FBI is warning businesses about a new series of cyberattacks that can circumvent multi-factor authentication (MFA). In a Private Industry Notification (PIN), the FBI warned businesses that “cyber actors” had been observed, “circumventing multi-factor authentication through common social engineering and technical attacks.” The report went on to describe several scenarios where hackers bypassed MFA protections, accessing target networks and stored data.

Authentication 210

Authentication Cyber Attacks Social Engineering Engineering 210

The Last Watchdog

OCTOBER 10, 2019

Cloud Access Security Brokers – aka “caz-bees” — have come a long way in a short time. CASBs, a term coined by tech industry consultancy Gartner, first cropped about seven years ago to help organizations enforce security and governance policies as they commenced, in earnest, their march into the cloud. Related: Implications of huge Capital One breach CASBs supplied a comprehensive set of tools to monitor and manage the multitude of fresh cyber risks spinning out of the rise in in corporate

Risk 200

Risk Cloud Migration Engineering Cyber Risk 200

Adam Shostack

OCTOBER 9, 2019

Trail of Bits released a threat model for Kubernetes. There’s some context from Aaron Small, who made the project happen. Continuum has a blog and a spreadsheet on threat modeling lambdas (as a category, not specific to Amazon Lambda), and also a post on threat modeling with CAPEC. Ntrepid has released a blog posts on “Threat Modeling for Managed Attribution” ( part 1 , part 2 , part 3 ) The W3C has updated the questionnaire it uses for web feature development, including questi

189

189

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Software

Schneier on Security

OCTOBER 9, 2019

Interesting : German investigators said Friday they have shut down a data processing center installed in a former NATO bunker that hosted sites dealing in drugs and other illegal activities. Seven people were arrested. [.]. Thirteen people aged 20 to 59 are under investigation in all, including three German and seven Dutch citizens, Brauer said. Authorities arrested seven of them, citing the danger of flight and collusion.

Telecommunications 226

Telecommunications Marketing Hacking 226

Tech Republic Security

OCTOBER 10, 2019

IBM, McAfee and international consortium OASIS are coming together to offer the world a way to develop open source security technologies.

Cybersecurity 167

Cybersecurity Technology 167

Thales Cloud Protection & Licensing

OCTOBER 10, 2019

It’s hard to believe it’s mid-October. Along with autumn, comes National Cybersecurity Awareness Month (NCSAM). The NCSAM 2019 focuses on personal accountability. Driven through mass public engagement, the ‘Own IT. Secure. IT. Protect IT.’ theme will help to encourage personal accountability and proactive behavior in digital privacy, security best practices, common cyber threats and cybersecurity careers.

Encryption 115

Encryption Cloud Migration Digital transformation Firewall 115

Schneier on Security

OCTOBER 10, 2019

Free Wi-Fi hotspots can track your location , even if you don't connect to them. This is because your phone or computer broadcasts a unique MAC address. What distinguishes location-based marketing hotspot providers like Zenreach and Euclid is that the personal information you enter in the captive portal­ -- like your email address, phone number, or social media profile­ -- can be linked to your laptop or smartphone's Media Access Control (MAC) address.

Mobile 220

Mobile Media Marketing Surveillance 220

Tech Republic Security

OCTOBER 8, 2019

Computerized auto dialers deliver pre-recorded phone calls with 60 billion expected in 2019 alone. Here's how to handle robocalls.

Scams 164

Scams 164

The Last Watchdog

OCTOBER 7, 2019

It seems like any discussion of cybersecurity these days invariably circles back to automation. Our growing fixation with leveraging artificial intelligence to extract profits from Big Data – for both constructive and criminal ends—is the order of the day. Related: Why Cyber Pearl Harbor is upon us Vigilante is a cybersecurity startup that cuts against that grain.

Artificial Intelligence 138

Artificial Intelligence Cyber Risk Big data DDOS 138

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

Security Affairs

OCTOBER 11, 2019

With the right cybersecurity certifications, you can attain your goals seamlessly and in a fast way and speed up your career. Cyber attacks are making headlines almost every day in today’s era. The attacks have increased both in number and complexity. Because of this natural demand, it is now crucial for companies and specialized firms to reinforce and invest in professionals to face a problem that technology can’t solve.

Cybersecurity 111

Cybersecurity Information Security Penetration Testing Advertising 111

Schneier on Security

OCTOBER 8, 2019

A new iOS exploit allows jailbreaking of pretty much all version of the iPhone. This is a huge deal for Apple, but at least it doesn't allow someone to remotely hack people's phones. Some details : I wanted to learn how Checkm8 will shape the iPhone experience­ -- particularly as it relates to security­ -- so I spoke at length with axi0mX on Friday.

Malware 220

Malware Hacking 220

Tech Republic Security

OCTOBER 9, 2019

A new study says financial services organizations experienced an average of 10 attacks a year and spent an average of $1.3 million to restore services after each DNS attack.

Financial Services 133

Financial Services DNS 133

Daniel Miessler

OCTOBER 6, 2019

[advanced_iframe src=”[link] width=”100%” height=”7000px”] No related posts.

Information Security 100

Information Security 100

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Security Affairs

OCTOBER 7, 2019

Researchers at Fortinet’s FortiGuard Labs have publicly disclosed a critical remote code execution vulnerability affecting some models of D-Link routers. Security experts at Fortinet’s FortiGuard Labs disclosed a remote code execution vulnerability tracked as CVE-2019-16920. The vulnerability is an unauthenticated command injection issue that was discovered on September 2019.

Authentication 111

Authentication Advertising Firmware Hacking 111

Schneier on Security

OCTOBER 10, 2019

Kaspersky has a detailed blog post about a new piece of sophisticated malware that it's calling Reductor. The malware is able to compromise TLS traffic by infecting the computer with hacked TLS engine substituted on the fly, "marking" infected TLS handshakes by compromising the underlining random-number generator, and adding new digital certificates.

Malware 216

Malware Engineering Encryption Hacking 216

Tech Republic Security

OCTOBER 8, 2019

Users still have to juggle far too many passwords, which leads to password sharing, reuse, and other bad habits, according to a new report from password manager LastPass.

Passwords 131

Passwords Password Management Authentication 131

Dark Reading

OCTOBER 9, 2019

How a new open source initiative for interoperable security tools and a wave of consolidation could finally provide some relief for overwhelmed security analysts and SOCs.

92

92

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

Security Affairs

OCTOBER 11, 2019

Good news for the victims of the Nemty Ransomware , security researchers have released a free decryptor that could be used to recover files. I have great news for the victims of the recently discovered Nemty Ransomware , security researchers have released a free decryptor tool that could be used to recover files. In mid-August, the Nemty ransomware appeared in the threat landscape, the name of the ransomware comes after the extension it adds to the encrypted file names.

Ransomware 110

Ransomware Advertising Encryption Malware 110

Schneier on Security

OCTOBER 11, 2019

I just published my third collection of essays: We Have Root. This book covers essays from 2013 to 2017. (The first two are Schneier on Security and Carry On.). There is nothing in this book is that is not available for free on my website; but if you'd like these essays in an easy-to-carry paperback book format, you can order a signed copy here. External vendor links, including for ebook versions, here.

215

215

Tech Republic Security

OCTOBER 8, 2019

Over three quarters of US businesses have faced cyberattacks in the past 12 months, with 86% of US firms experiencing attacks feeling let down by their antivirus.

Antivirus 134

Antivirus Software 134

Dark Reading

OCTOBER 10, 2019

One in four malicious URLs employed a legitimate domain, making it more difficult for potential victims to spot possible dangers, a mid-year report finds.

95

95

Advertisement

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

Software

Security Affairs

OCTOBER 6, 2019

The UK’s National Cyber Security Centre (NCSC) warns of attacks exploiting recently disclosed VPN vulnerabilities in Fortinet, Palo Alto Networks and Pulse Secure. According to the UK’s National Cyber Security Centre (NCSC), advanced persistent threat (APT) groups have been exploiting recently disclosed VPN vulnerabilities in enterprise VPN products in attacks in the wild.

VPN 108

VPN Advertising Healthcare Data breaches 108

Schneier on Security

OCTOBER 7, 2019

Ed Snowden has published a book of his memoirs: Permanent Record. I have not read it yet, but I want to point you all towards two pieces of writing about the book. The first is an excellent review of the book and Snowden in general by SF writer and essayist Jonathan Lethem, who helped make a short film about Snowden in 2014. The second is an essay looking back at the Snowden revelations and what they mean.

Government 214

Government 214

Tech Republic Security

OCTOBER 7, 2019

As the internet begins to split into different versions in different countries, the laws that govern data are changing. Tom Merritt explains five things you need to know about the splinternet.

Internet 126

Internet Internet Government 126

WIRED Threat Level

OCTOBER 6, 2019

From rogue USB sticks to Chrome extensions gone wild, here is a quick guide to some basic risks you should look out for.

Cybersecurity 108

Cybersecurity Risk 108

Advertisement

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

Cybersecurity

Security Affairs

OCTOBER 6, 2019

A database containing details of 92 million Brazilians was auctioned by a threat actor on underground forums along with a search service focused on Brazilians. Someone is auctioning on several restricted underground forums a database containing personal information of 92 million Brazilian citizens. The threat actor, registered as X4Crow, is also advertising a search service that allows retrieving detailed information on Brazilian citizens.

Advertising 107

Advertising Cybercrime Education Authentication 107

Schneier on Security

OCTOBER 11, 2019

Kaspersky has uncovered an Uzbeki hacking operation, mostly due to incompetence on the part of the government hackers. The group's lax operational security includes using the name of a military group with ties to the SSS to register a domain used in its attack infrastructure; installing Kaspersky's antivirus software on machines it uses to write new malware, allowing Kaspersky to detect and grab malicious code still in development before it's deployed; and embedding a screenshot of one of its de

Government 213

Government Malware Antivirus Hacking 213

Tech Republic Security

OCTOBER 8, 2019

With the shortage of cybersecurity professionals in the US, UT's program aims to develop individuals who can mitigate security risks in healthcare.

Healthcare 129

Healthcare Cybersecurity Risk 129

Dark Reading

OCTOBER 10, 2019

In the arms race of computer security, it's never been more important to develop an adversarial mindset that can identify assumptions and determine if and how they can be violated.

85

85

Advertisement

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

Cybersecurity