Schneier on Security

JULY 4, 2019

Pretty horrible story of a US journalist who had his computer and phone searched at the border when returning to the US from Mexico. After I gave him the password to my iPhone, Moncivias spent three hours reviewing hundreds of photos and videos and emails and calls and texts, including encrypted messages on WhatsApp, Signal, and Telegram. It was the digital equivalent of tossing someone's house: opening cabinets, pulling out drawers, and overturning furniture in hopes of finding something -- any

Passwords 269

Passwords Media Encryption Internet 269

Troy Hunt

JULY 1, 2019

Early last year, I announced that I was making HIBP data on government domains for the UK and Australia freely accessible to them via searches of their respective TLDs. The Spanish government followed a few months later with each getting unbridled access to search their own domains via an authenticated API. As I explained in that initial post, the rationale was to help the departments tasked with looking after the exposure of their digital assets by unifying search and monitoring capabilities so

Government 232

Government Data breaches Authentication 232

Adam Levin

JULY 2, 2019

The former CIO of Equifax has been sentenced to prison for selling his stock in the company before news of its 2017 data breach was publicly announced. Jun Ying, the former Chief Information Office of Equifax U.S. Information Solutions, sold his shares in the company for over $950,000 ten days before the company admitted that its data had been accessed by hackers.

Data breaches 195

Data breaches 195

The Last Watchdog

JULY 1, 2019

As the presidential debate season ramps up, the specter of nation-state sponsored hackers wreaking havoc, once more, with U.S. elections, looms all too large. It’s easy to get discouraged by developments such as Sen. McConnell recently blocking a bi-partisan bill to fund better election security , as well as the disclosure that his wife, Transportation Security Elaine Chao, has accepted money from voting machine lobbyists.

Cyber Risk 159

Cyber Risk DNS Phishing Backups 159

Advertisement

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

Passwords

Schneier on Security

JULY 5, 2019

My Applied Cryptography is on a list of books banned in Oregon prisons. It's not me -- and it's not cryptography -- it's that the prisons ban books that teach people to code. The subtitle is "Algorithms, Protocols, and Source Code in C" -- and that's the reason. My more recent Cryptography Engineering is a much better book for prisoners, anyway.

Engineering 263

Engineering 263

Troy Hunt

JULY 2, 2019

I've become especially reflective of my career this year, especially as Project Svalbard marches forward and I look back on what it's taken to get here. Especially as I have more discussions around the various turning points in my professional life, there's one that stands out above most others: my first MVP award. This is not a path I planned, in fact when I originally got that award I referred to myself as The Accidental MVP.

InfoSec 192

InfoSec Media Cybersecurity 192

Adam Shostack

JULY 5, 2019

Google Docs has chosen to red-underline the word “feasible,” which, as you can see, is in its dictionary, to suggest “possible.” “Possible,” possibly, was not the word I selected, because it means something different. Good writing is direct. Good writing respects the reader. Good writing doesn’t tax the reader accidentally.

Engineering 124

Engineering Software 124

Schneier on Security

JULY 1, 2019

Wow, is this an embarrassing bug : Yubico is recalling a line of security keys used by the U.S. government due to a firmware flaw. The company issued a security advisory today that warned of an issue in YubiKey FIPS Series devices with firmware versions 4.4.2 and 4.4.4 that reduced the randomness of the cryptographic keys it generates. The security keys are used by thousands of federal employees on a daily basis, letting them securely log-on to their devices by issuing one-time passwords.

Firmware 254

Firmware Passwords Government Encryption 254

Troy Hunt

JULY 5, 2019

After a very non-stop Cyber Week in Israel, I'm back in Oslo working through the endless emails and other logistics related to Project Svalbard. In my haste this week, I put out a really poorly worded tweet which I've tried to clarify in this week's video. On more positive news, the Austrian government came on board HIBP and my MVP status got renewed for the 9th time.

Government 158

Government 158

Thales Cloud Protection & Licensing

JULY 3, 2019

I recently had the pleasure of sharing some industry insights from our 2019 Data Threat Report-Federal Edition on Cyberwire’s Daily Podcast –specifically addressing the gap in security responsibility many federal agencies face today as they move tremendous amounts of sensitive data into multicloud environments. We also discussed a new digital landscape where perimeter defense is no longer effective.

Government 120

Government Cloud Migration IoT Encryption 120

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Software

WIRED Threat Level

JULY 5, 2019

Ransomware attacks, supply chain hacks, escalating tensions with Iran—the first six months of 2019 have been anything but boring.

Cybersecurity 112

Cybersecurity Hacking Ransomware 112

Schneier on Security

JULY 2, 2019

Google has released an open-source cryptographic tool: Private Join and Compute. From a Wired article : Private Join and Compute uses a 1970s methodology known as "commutative encryption" to allow data in the data sets to be encrypted with multiple keys, without it mattering which order the keys are used in. This is helpful for multiparty computation, where you need to apply and later peel away multiple layers of encryption without affecting the computations performed on the encrypted data.

Encryption 254

Encryption 254

Security Affairs

JULY 5, 2019

Eurofins Scientific, the UK’s biggest provider of forensic services, has paid a ransom to demand to recover its data after a ransomware attack. Eurofins Scientific, the UK’s largest police forensics lab contractor, announced to have paid a ransom to crooks to recover its data after a ransomware had been encrypted them. The company is based in Brussels and manages more than 800 laboratories all over the world.

Ransomware 111

Ransomware Advertising Insurance Encryption 111

Dark Reading

JULY 3, 2019

There are important lessons to be learned from a crisis, even the ones that are more fiction than fact.

Manufacturing 111

Manufacturing 111

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

WIRED Threat Level

JULY 2, 2019

Opinion: We've been assured that facial recognition technology is secure, reliable, and accurate. That's far from certain.

Technology 112

Technology 112

Schneier on Security

JULY 5, 2019

New research from Science : " Civic honesty around the globe ": Abstract: Civic honesty is essential to social capital and economic development, but is often in conflict with material self-interest. We examine the trade-off between honesty and self-interest using field experiments in 355 cities spanning 40 countries around the globe. We turned in over 17,000 lost wallets with varying amounts of money at public and private institutions, and measured whether recipients contacted the owner to retur

250

250

Security Affairs

JULY 4, 2019

Austin Thompson (23) from Utah, the hacker who carried out massive DDoS attacks on Sony, EA, and Steam gets a 27-months prison sentence. The hacker who brought offline with massive DDoS attacks online gaming networks between December 2013 and January 2014 has been sentenced to 27 months in prison. Austin Thompson (23) from Utah hit the principal gamins networks in 2013 and 2014, including Sony Online Entertainment. “Austin Thompson of Utah was sentenced in federal court today to 27 months

DDOS 111

DDOS Computers and Electronics Advertising Internet 111

Dark Reading

JULY 2, 2019

'PASTA' hardware and software kit now retails for $28,300.

Retail 109

Retail Hacking Software 109

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

WIRED Threat Level

JULY 2, 2019

To prove a point about common location-sharing apps, I asked my wife to use them to spy on me.

111

111

Schneier on Security

JULY 3, 2019

They're a thing : Developers say digital plates utilize "advanced telematics" -- to collect tolls, pay for parking and send out Amber Alerts when a child is abducted. They also help recover stolen vehicles by changing the display to read "Stolen," thereby alerting everyone within eyeshot. This makes no sense to me. The numbers are static. License plates being low-tech are a feature, not a bug.

Surveillance 241

Surveillance 241

Security Affairs

JULY 4, 2019

Tens of VMware products are affected by recently discovered SACK Panic and SACK Slowness Linux kernel vulnerabilities. At least 30 VMware products are affected by recently discovered SACK Panic and SACK Slowness Linux kernel vulnerabilities. The vulnerabilities could be exploited by a remote unauthenticated attacker to trigger a denial-of-service (DoS) condition and reboot vulnerable systems.

Advertising 111

Advertising Firewall Hacking Software 111

Threatpost

JULY 3, 2019

Amazon's acknowledgment that it saves Alexa voice recordings - even sometimes after consumers manually delete their interaction history - has thrust voice assistant privacy policies into the spotlight once again.

Data privacy 106

Data privacy IoT 106

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

WIRED Threat Level

JULY 1, 2019

Almost every month in 2019 so far has seen reports of a local government falling prey to ransomware, but this series of attacks belies an even broader threat.

Ransomware 111

Ransomware Government Hacking 111

Dark Reading

JULY 1, 2019

The court's IT department is meeting with external agencies to determine the scope and severity of the cyberattack.

Ransomware 103

Ransomware 103

Security Affairs

JULY 5, 2019

The Federal Bureau of Investigation (FBI) issued a warning on Twitter regarding sextortion campaigns that are targeting teenagers in the United States. The FBI issued a warning on Twitter regarding sextortion attacks that are targeting teenagers in the United States. The internet connects you with the world. Do you know who in the world is connecting with you?

Scams 111

Scams Internet Internet Advertising 111

Threatpost

JULY 1, 2019

A widespread malware campaign, ongoing since 2014, was using Facebook accounts and posts to spread malware through URL links.

Accountability 93

Accountability Malware Media Hacking 93

Advertisement

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

Software

WIRED Threat Level

JUNE 29, 2019

Robert Mueller will testify, malware wrecks IoT, and more of the week's top security news.

IoT 95

IoT Malware Hacking 95

Dark Reading

JULY 2, 2019

A wave of new MacOS malware over the past month includes a zero-day exploit and other attack code.

Malware 100

Malware 100

Security Affairs

JUNE 30, 2019

Explorer, Mozilla Firefox, Google Chrome, and Opera, no matter which web browser you use, here’s what you need to know to protect them against attacks. There are a number of web browsers available for surfing sites and accessing the content. The most popular and widely used are Internet Explorer, Mozilla Firefox, Google Chrome, and Opera. No matter which browser you use there are certain security leaks in each one of them.

Software 111

Software Internet Internet Small Business 111

Threatpost

JULY 2, 2019

A new malware is targeting Macs with new tactics to sniff out antivirus and virtual machines.

Malware 88

Malware Antivirus Mobile 88

Advertisement

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

Cybersecurity