Schneier on Security

JULY 4, 2019

Pretty horrible story of a US journalist who had his computer and phone searched at the border when returning to the US from Mexico. After I gave him the password to my iPhone, Moncivias spent three hours reviewing hundreds of photos and videos and emails and calls and texts, including encrypted messages on WhatsApp, Signal, and Telegram. It was the digital equivalent of tossing someone's house: opening cabinets, pulling out drawers, and overturning furniture in hopes of finding something -- any

Passwords 264

Passwords Media Encryption Internet 264

Troy Hunt

JULY 1, 2019

Early last year, I announced that I was making HIBP data on government domains for the UK and Australia freely accessible to them via searches of their respective TLDs. The Spanish government followed a few months later with each getting unbridled access to search their own domains via an authenticated API. As I explained in that initial post, the rationale was to help the departments tasked with looking after the exposure of their digital assets by unifying search and monitoring capabilities so

Government 231

Government Data breaches Authentication 231

Adam Levin

JULY 2, 2019

The former CIO of Equifax has been sentenced to prison for selling his stock in the company before news of its 2017 data breach was publicly announced. Jun Ying, the former Chief Information Office of Equifax U.S. Information Solutions, sold his shares in the company for over $950,000 ten days before the company admitted that its data had been accessed by hackers.

Data breaches 195

Data breaches 195

The Last Watchdog

JULY 1, 2019

As the presidential debate season ramps up, the specter of nation-state sponsored hackers wreaking havoc, once more, with U.S. elections, looms all too large. It’s easy to get discouraged by developments such as Sen. McConnell recently blocking a bi-partisan bill to fund better election security , as well as the disclosure that his wife, Transportation Security Elaine Chao, has accepted money from voting machine lobbyists.

Cyber Risk 159

Cyber Risk DNS Phishing Backups 159

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Software

Schneier on Security

JULY 5, 2019

My Applied Cryptography is on a list of books banned in Oregon prisons. It's not me -- and it's not cryptography -- it's that the prisons ban books that teach people to code. The subtitle is "Algorithms, Protocols, and Source Code in C" -- and that's the reason. My more recent Cryptography Engineering is a much better book for prisoners, anyway.

Engineering 258

Engineering 258

Troy Hunt

JULY 2, 2019

I've become especially reflective of my career this year, especially as Project Svalbard marches forward and I look back on what it's taken to get here. Especially as I have more discussions around the various turning points in my professional life, there's one that stands out above most others: my first MVP award. This is not a path I planned, in fact when I originally got that award I referred to myself as The Accidental MVP.

InfoSec 175

InfoSec Media Cybersecurity 175

Adam Shostack

JULY 5, 2019

Google Docs has chosen to red-underline the word “feasible,” which, as you can see, is in its dictionary, to suggest “possible.” “Possible,” possibly, was not the word I selected, because it means something different. Good writing is direct. Good writing respects the reader. Good writing doesn’t tax the reader accidentally.

Engineering 124

Engineering Software 124

Schneier on Security

JULY 1, 2019

Wow, is this an embarrassing bug : Yubico is recalling a line of security keys used by the U.S. government due to a firmware flaw. The company issued a security advisory today that warned of an issue in YubiKey FIPS Series devices with firmware versions 4.4.2 and 4.4.4 that reduced the randomness of the cryptographic keys it generates. The security keys are used by thousands of federal employees on a daily basis, letting them securely log-on to their devices by issuing one-time passwords.

Firmware 247

Firmware Passwords Government Encryption 247

Troy Hunt

JULY 5, 2019

After a very non-stop Cyber Week in Israel, I'm back in Oslo working through the endless emails and other logistics related to Project Svalbard. In my haste this week, I put out a really poorly worded tweet which I've tried to clarify in this week's video. On more positive news, the Austrian government came on board HIBP and my MVP status got renewed for the 9th time.

Government 142

Government 142

Thales Cloud Protection & Licensing

JULY 3, 2019

I recently had the pleasure of sharing some industry insights from our 2019 Data Threat Report-Federal Edition on Cyberwire’s Daily Podcast –specifically addressing the gap in security responsibility many federal agencies face today as they move tremendous amounts of sensitive data into multicloud environments. We also discussed a new digital landscape where perimeter defense is no longer effective.

Government 120

Government Cloud Migration IoT Encryption 120

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

Security Affairs

JUNE 30, 2019

Explorer, Mozilla Firefox, Google Chrome, and Opera, no matter which web browser you use, here’s what you need to know to protect them against attacks. There are a number of web browsers available for surfing sites and accessing the content. The most popular and widely used are Internet Explorer, Mozilla Firefox, Google Chrome, and Opera. No matter which browser you use there are certain security leaks in each one of them.

Software 111

Software Internet Internet Small Business 111

Schneier on Security

JULY 2, 2019

Google has released an open-source cryptographic tool: Private Join and Compute. From a Wired article : Private Join and Compute uses a 1970s methodology known as "commutative encryption" to allow data in the data sets to be encrypted with multiple keys, without it mattering which order the keys are used in. This is helpful for multiparty computation, where you need to apply and later peel away multiple layers of encryption without affecting the computations performed on the encrypted data.

Encryption 247

Encryption 247

Threatpost

JULY 3, 2019

Amazon's acknowledgment that it saves Alexa voice recordings - even sometimes after consumers manually delete their interaction history - has thrust voice assistant privacy policies into the spotlight once again.

Data privacy 106

Data privacy IoT 106

WIRED Threat Level

JULY 5, 2019

Ransomware attacks, supply chain hacks, escalating tensions with Iran—the first six months of 2019 have been anything but boring.

Cybersecurity 111

Cybersecurity Hacking Ransomware 111

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Security Affairs

JUNE 30, 2019

Medtronic and the US government have warned that some Medtronic MiniMed insulin pumps are vulnerable to cyber attacks. Medtronic and the United States government have warned of a security vulnerability affecting some Medtronic MiniMed insulin pumps that could be exploited by hackers. The Department of Homeland Security (DHS) and Medtronic, and the Food and Drug Administration (FDA) have published a press release of a high-severity flaw affecting models of insulin pumps belonging to MiniMed 508 a

Hacking 111

Hacking Wireless Healthcare Advertising 111

Schneier on Security

JULY 5, 2019

New research from Science : " Civic honesty around the globe ": Abstract: Civic honesty is essential to social capital and economic development, but is often in conflict with material self-interest. We examine the trade-off between honesty and self-interest using field experiments in 355 cities spanning 40 countries around the globe. We turned in over 17,000 lost wallets with varying amounts of money at public and private institutions, and measured whether recipients contacted the owner to retur

243

243

Dark Reading

JULY 3, 2019

Russian-speaking group has sent thousands of emails containing new malware to individuals working at financial institutions in the US, United Arab Emirates, and Singapore.

Malware 92

Malware 92

WIRED Threat Level

JULY 2, 2019

Opinion: We've been assured that facial recognition technology is secure, reliable, and accurate. That's far from certain.

Technology 111

Technology 111

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

Security Affairs

JULY 4, 2019

Austin Thompson (23) from Utah, the hacker who carried out massive DDoS attacks on Sony, EA, and Steam gets a 27-months prison sentence. The hacker who brought offline with massive DDoS attacks online gaming networks between December 2013 and January 2014 has been sentenced to 27 months in prison. Austin Thompson (23) from Utah hit the principal gamins networks in 2013 and 2014, including Sony Online Entertainment. “Austin Thompson of Utah was sentenced in federal court today to 27 months

DDOS 111

DDOS Computers and Electronics Advertising Internet 111

Schneier on Security

JULY 3, 2019

They're a thing : Developers say digital plates utilize "advanced telematics" -- to collect tolls, pay for parking and send out Amber Alerts when a child is abducted. They also help recover stolen vehicles by changing the display to read "Stolen," thereby alerting everyone within eyeshot. This makes no sense to me. The numbers are static. License plates being low-tech are a feature, not a bug.

Surveillance 233

Surveillance 233

Dark Reading

JULY 2, 2019

As nation-states and rogue actors increasingly probe critical infrastructure, policy and technology experts worry that satellite and space systems are on the front lines.

Cybersecurity 91

Cybersecurity Technology 91

WIRED Threat Level

JULY 1, 2019

Almost every month in 2019 so far has seen reports of a local government falling prey to ransomware, but this series of attacks belies an even broader threat.

Ransomware 93

Ransomware Government Hacking 93

Advertisement

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

Software

Security Affairs

JULY 5, 2019

Eurofins Scientific, the UK’s biggest provider of forensic services, has paid a ransom to demand to recover its data after a ransomware attack. Eurofins Scientific, the UK’s largest police forensics lab contractor, announced to have paid a ransom to crooks to recover its data after a ransomware had been encrypted them. The company is based in Brussels and manages more than 800 laboratories all over the world.

Ransomware 111

Ransomware Advertising Insurance Encryption 111

Threatpost

JULY 1, 2019

A widespread malware campaign, ongoing since 2014, was using Facebook accounts and posts to spread malware through URL links.

Accountability 93

Accountability Malware Media Hacking 93

Dark Reading

JULY 2, 2019

The common belief that encryption enables bad behavior primarily used by thieves, international terrorists, and other villainous characters is simply not true. Here's why.

Encryption 86

Encryption 86

WIRED Threat Level

JULY 2, 2019

To prove a point about common location-sharing apps, I asked my wife to use them to spy on me.

99

99

Advertisement

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

Cybersecurity

Security Affairs

JULY 3, 2019

Google released the July 2019 security patches for the Android OS that address a total of 33 vulnerabilities, including 9 issues rated as Critical. The most severe flaw addressed by Google is a critical security issue (CVE-2019-2106) affecting the Media framework that could be exploited by a remote attacker to execute arbitrary code within the context of a privileged process. “The most severe vulnerability in this section could enable a remote attacker using a specially crafted file to exe

Media 107

Media Advertising Mobile Information Security 107

Threatpost

JULY 5, 2019

Two researchers are being singled out in what are called PGP poisoning or flood attacks that render the authentication tool unusable for victims.

Authentication 74

Authentication Hacking 74

Dark Reading

JULY 3, 2019

Microsoft patched a serious vulnerability in the Microsoft Outlook client in 2017, but an Iranian group continues to exploit the flaw.

97

97

Spinone

JULY 1, 2019

A survey, conducted by Intermedia, found that 89% of ex-employees retained access to corporate apps containing sensitive information, including G Suite after they leave the company. What is even more disturbing, 49% of them admitted to logging into a corporate account after their employment contract ended. The consequences of such data security violation can be (and usually are) disastrous: data leaks, breaches, deletions.

Accountability 65

Accountability Backups Passwords Mobile 65

Advertisement

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

Cybersecurity