Krebs on Security
FEBRUARY 11, 2020
Microsoft today released updates to plug nearly 100 security holes in various versions of its Windows operating system and related software, including a zero-day vulnerability in Internet Explorer (IE) that is actively being exploited. Also, Adobe has issued a bevy of security updates for its various products, including Flash Player and Adobe Reader/Acrobat.
Schneier on Security
FEBRUARY 11, 2020
The Swiss cryptography firm Crypto AG sold equipment to governments and militaries around the world for decades after World War II. They were owned by the CIA: But what none of its customers ever knew was that Crypto AG was secretly owned by the CIA in a highly classified partnership with West German intelligence. These spy agencies rigged the company's devices so they could easily break the codes that countries used to send encrypted messages.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Troy Hunt
FEBRUARY 11, 2020
I don't know exactly why the recent uptick, but lately I've had a bunch of people ask me if I've tried the Brave web browser. Why they'd ask me that is much more obvious: Brave is a privacy-focused browser that nukes ads and trackers. It also has some cool built-in stuff like the ability to create a new private browsing window in Tor rather than just your classic incognito window that might ditch all your cookies and browsing history but still connect to the internet directly from your own IP ad
Adam Levin
FEBRUARY 10, 2020
As if cybersecurity weren’t already a red-letter issue, the United States and, most likely, its allies–in other words, the global economic community–are in Iran’s cyber sites, a major player in cyber warfare and politically divisive disinformation campaigns. The “slap” as Ayatollah Ali Khamenei described it was a ballistic missile attack on a target that had three hours to get out of harm’s way.
Advertisement
Many cybersecurity awareness platforms offer massive content libraries, yet they fail to enhance employees’ cyber resilience. Without structured, engaging, and personalized training, employees struggle to retain and apply key cybersecurity principles. Phished.io explains why organizations should focus on interactive, scenario-based learning rather than overwhelming employees with excessive content.
Krebs on Security
FEBRUARY 10, 2020
The U.S. Justice Department today unsealed indictments against four Chinese officers of the People’s Liberation Army (PLA) accused of perpetrating the 2017 hack against consumer credit bureau Equifax that led to the theft of personal data on nearly 150 million Americans. DOJ officials said the four men were responsible for carrying out the largest theft of sensitive personal information by state-sponsored hackers ever recorded.
Schneier on Security
FEBRUARY 14, 2020
Interesting collision of real-world and Internet security: The ceremony sees several trusted internet engineers (a minimum of three and up to seven) from across the world descend on one of two secure locations -- one in El Segundo, California, just south of Los Angeles, and the other in Culpeper, Virginia -- both in America, every three months. Once in place, they run through a lengthy series of steps and checks to cryptographically sign the digital key pairs used to secure the internet's root z
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
|
Adam Shostack
FEBRUARY 11, 2020
My course, “ Repudiation in Depth ” is now live on Linkedin Learning. This is the fourth course I’ve created, starting with “ Learning Threat Modeling “, and courses on “ spoofing “, “ tampering “, and now, repudiation. (You can probably see where this is going, and I’m making great strides towards the goal.
Krebs on Security
FEBRUARY 14, 2020
In May 2013, the U.S. Justice Department seized Liberty Reserve , alleging the virtual currency service acted as a $6 billion financial hub for the cybercrime world. Prompted by assurances that the government would one day afford Liberty Reserve users a chance to reclaim any funds seized as part of the takedown, KrebsOnSecurity filed a claim shortly thereafter to see if and when this process might take place.
Schneier on Security
FEBRUARY 12, 2020
Motherboard has a long article on apps -- Edison, Slice, and Cleanfox -- that spy on your email by scraping your screen, and then sell that information to others: Some of the companies listed in the J.P. Morgan document sell data sourced from "personal inboxes," the document adds. A spokesperson for J.P. Morgan Research, the part of the company that created the document, told Motherboard that the research "is intended for institutional clients.
Tech Republic Security
FEBRUARY 14, 2020
Researchers say hackers can alter, stop, or expose how an individual user has voted through the Voatz app.
Advertisement
The DHS compliance audit clock is ticking on Zero Trust. Government agencies can no longer ignore or delay their Zero Trust initiatives. During this virtual panel discussion—featuring Kelly Fuller Gordon, Founder and CEO of RisX, Chris Wild, Zero Trust subject matter expert at Zermount, Inc., and Principal of Cybersecurity Practice at Eliassen Group, Trey Gannon—you’ll gain a detailed understanding of the Federal Zero Trust mandate, its requirements, milestones, and deadlines.
Security Affairs
FEBRUARY 13, 2020
The popular Italian hacktivist collective LulzSec ITA claimed via Twitter to have hacked three Italian universities. The popular Italian hacktivist collective LulzSec ITA has announced via Twitter the hack of three Italian universities, highlighting the importance of the cybersecurity for our society. Abbiamo fatto visita a @UnivRoma3 , nella speranza che oltre alla sicurezza, possa migliorare anche il futuro dei nostri giovani!
WIRED Threat Level
FEBRUARY 14, 2020
The encryption app is putting a $50 million infusion from WhatsApp cofounder Brian Acton to good use, building out features to help it go mainstream.
Schneier on Security
FEBRUARY 13, 2020
The United States is one of the few democracies without some formal data protection agency, and we need one. Senator Gillibrand just proposed creating one.
Tech Republic Security
FEBRUARY 13, 2020
Hackers are adopting organized crime tactics to make billions from victims all over the globe.
Advertisement
Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.
Security Affairs
FEBRUARY 13, 2020
Huawei can secretly tap into communications through the networking equipment, states a U.S. official , while White House urge allies to ban the Chinese giant. This week The Wall Street Journal reported that U.S. officials say Huawei can covertly access telecom networks where its equipment is installed. “U.S. officials say Huawei Technologies Co. can covertly access mobile-phone networks around the world through “back doors” designed for use by law enforcement, as Washington tries to persua
WIRED Threat Level
FEBRUARY 13, 2020
New research from MIT shows that the Voatz app appears to have some glaring security holes.
Schneier on Security
FEBRUARY 10, 2020
Last month, engineers at Google published a very curious privacy bug in Apple's Safari web browser. Apple's Intelligent Tracking Prevention, a feature designed to reduce user tracking, has vulnerabilities that themselves allow user tracking. Some details : ITP detects and blocks tracking on the web. When you visit a few websites that happen to load the same third-party resource, ITP detects the domain hosting the resource as a potential tracker and from then on sanitizes web requests to that dom
Tech Republic Security
FEBRUARY 13, 2020
CEOs are generally from a finance/business track, rather than a technology one--why their traditional agenda and practices must change.
Advertisement
Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.
Security Affairs
FEBRUARY 14, 2020
A Russian court fined Twitter and Facebook 4 million rubles each for refusing to store the personal data of Russian citizens on local servers. At the end of January, Russia’s telecommunications watchdog Roskomnadzor instituted administrative proceedings against Facebook and Twitter after they refused to store data of Russian users on servers located in the country.
Daniel Miessler
FEBRUARY 10, 2020
[advanced_iframe src=”[link] width=”100%”]. —. If you get value from this content, you can support it directly by becoming a member. Being a member gets you access to the newsletter every week instead of just twice a month, access to the UL Slack Channel, the UL Book Club, the UL Archives, and access to future member-only content.
Schneier on Security
FEBRUARY 14, 2020
This is a current list of where and when I am scheduled to speak: I'll be at RSA Conference 2020 in San Francisco. On Wednesday, February 26, at 2:50 PM, I'll be part of a panel on "How to Reduce Supply Chain Risk: Lessons from Efforts to Block Huawei." On Thursday, February 27, at 9:20 AM, I'm giving a keynote on "Hacking Society.". I'm speaking at SecIT by Heise in Hannover, Germany on March 26, 2020.
Tech Republic Security
FEBRUARY 13, 2020
A Positive Technologies study finds 82% of web application vulnerabilities lie in the source code.
Advertisement
How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.
Security Affairs
FEBRUARY 10, 2020
Malaysia’s MyCERT issued a security alert to warn of a hacking campaign targeting government officials that was carried out by the China-linked APT40 group. Malaysia’s Computer Emergency Response Team (MyCERT) warns of a cyber espionage campaign carried out by the China-linked APT40 group aimed at Malaysian government officials. The attackers aimed at stealing confidential documents from government systems after having infected them with malware. “ MyCERT observed an increase i
Dark Reading
FEBRUARY 13, 2020
What happens when understaffed security teams at home and abroad are sequestered in physical quarantine zones?
Threatpost
FEBRUARY 10, 2020
The new tactic used by Emotet allows the malware to infect nearby insecure Wi-Fi networks - and their devices - via brute force loops.
Tech Republic Security
FEBRUARY 10, 2020
If you don't follow these Kubernetes deployments security best practices from Portshift, your containers, their underlying technologies, and your data could be at risk.
Advertisement
After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!
Security Affairs
FEBRUARY 9, 2020
Iran comes under cyber-attack again, a massive offensive brought down a large portion of the Iranian access to the Internet. Iran infrastructures are under attack, a massive cyberattack brought down a large portion of the Iranian access to the Internet, according to the experts the national connectivity fell to 75%. The N etBlocks internet observatory, which tracks disruptions and shutdowns, observed yesterday (February 8, 2019) a massive outage of the country’s connectivity to the Interne
Dark Reading
FEBRUARY 13, 2020
Security pros need be on high alert from now until Tax Day on April 15. Here are seven ways to help keep your company safe.
Threatpost
FEBRUARY 14, 2020
Flaws in the blockchain app some states plan to use in the 2020 election allow bad actors to alter or cancel someone’s vote or expose their private info.
Tech Republic Security
FEBRUARY 11, 2020
Security and compliance are key factors to consider when outsourcing your data center, according to a report from data center provider US Signal.
Advertiser: Revenera
In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.
Expert insights. Personalized for you.
63 
Let's personalize your content