Schneier on Security
FEBRUARY 28, 2020
Google presented its system of using deep-learning techniques to identify malicious email attachments: At the RSA security conference in San Francisco on Tuesday, Google's security and anti-abuse research lead Elie Bursztein will present findings on how the new deep-learning scanner for documents is faring against the 300 billion attachments it has to process each week.
Krebs on Security
FEBRUARY 28, 2020
The U.S. Federal Communications Commission (FCC) today proposed fines of more than $200 million against the nation’s four largest wireless carriers for selling access to their customers’ location information without taking adequate precautions to prevent unauthorized access to that data. While the fines would be among the largest the FCC has ever levied, critics say the penalties don’t go far enough to deter wireless carriers from continuing to sell customer location data.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Troy Hunt
FEBRUARY 25, 2020
Back in 2016, I wrote a blog post about the Martin Lewis Money show featuring HIBP and how it drove an unprecedented spike of traffic to the service, ultimately knocking it offline for a brief period of time. They'd given me a heads up as apparently, that's what the program has a habit of doing: I Just wanted to get in contact to let you know we're featuring 'have I been pwned?
Adam Levin
FEBRUARY 25, 2020
The number of stalkerware apps detected on smartphones increased in 2019, a full 60% over the previous year according to a new report released by Kaspersky Labs. . The anti-virus company’s annual mobile malware report said stalkerware reports increased from 40,286 in 2019 to 67,500 in 2019, figures derived from data gleaned from Kaspersky product users that consented to provide statistical data for research purposes.
Advertisement
Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.
Schneier on Security
FEBRUARY 25, 2020
This is good news : Whenever you visit a website -- even if it's HTTPS enabled -- the DNS query that converts the web address into an IP address that computers can read is usually unencrypted. DNS-over-HTTPS, or DoH, encrypts the request so that it can't be intercepted or hijacked in order to send a user to a malicious site. [.]. But the move is not without controversy.
Krebs on Security
FEBRUARY 26, 2020
On Monday, networking hardware maker Zyxel released security updates to plug a critical security hole in its network attached storage (NAS) devices that is being actively exploited by crooks who specialize in deploying ransomware. Today, Zyxel acknowledged the same flaw is present in many of its firewall products. This week’s story on the Zyxel patch was prompted by the discovery that exploit code for attacking the flaw was being sold in the cybercrime underground for $20,000.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
Tech Republic Security
FEBRUARY 27, 2020
Facebook is the latest tech company to cancel or withdraw from a conference as tech trade shows around the globe are impacted by novel coronavirus (COVID-19). Here's what you need to know.
Schneier on Security
FEBRUARY 26, 2020
The New York Times is reporting on the NSA's phone metadata program, which the NSA shut down last year: A National Security Agency system that analyzed logs of Americans' domestic phone calls and text messages cost $100 million from 2015 to 2019, but yielded only a single significant investigation, according to a newly declassified study. Moreover, only twice during that four-year period did the program generate unique information that the F.B.I. did not already possess, said the study, which wa
Krebs on Security
FEBRUARY 24, 2020
Patch comes amid active exploitation by ransomware gangs. Networking hardware vendor Zyxel today released an update to fix a critical flaw in many of its network attached storage (NAS) devices that can be used to remotely commandeer them. The patch comes 12 days after KrebsOnSecurity alerted the company that precise instructions for exploiting the vulnerability were being sold for $20,000 in the cybercrime underground.
Adam Shostack
FEBRUARY 26, 2020
As a member of the BlackHat Review Board, I would love to see more work on Human Factors presented there. Over the past few years, we’ve developed an interesting track with good material year over year. The 2020 call for papers is open and closes April 6th. I wrote a short blog post on what we look for. The BlackHat CFP calls for work which has not been published elsewhere.
Advertisement
After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!
Tech Republic Security
FEBRUARY 24, 2020
Google's reCAPTCHA Enterprise and Web Risk API get a general release; Chronicle Security gets boosts from new threat detection and timelining features.
Schneier on Security
FEBRUARY 24, 2020
The Times of London is reporting that Russian agents are in Ireland probing transatlantic communications cables. Ireland is the landing point for undersea cables which carry internet traffic between America, Britain and Europe. The cables enable millions of people to communicate and allow financial transactions to take place seamlessly. Garda and military sources believe the agents were sent by the GRU, the military intelligence branch of the Russian armed forces which was blamed for the nerve a
The Last Watchdog
FEBRUARY 24, 2020
Along with Richard Stiennon , I belong to a small circle of journalists and tech industry analysts who’ve been paying close attention to cybersecurity since Bill Gates curtailed commercial work on Windows to rivet Microsoft’s attention on defending its software code. Related: The role of PKI is securing digital transformation That was in 2002. Back then, email spam was a nuisance evolving into a potent attack vector, and the top malware innovators were script kiddies seeking bragging rights.
Adam Levin
FEBRUARY 24, 2020
The U.S. Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) issued an advisory following a ransomware attack on a natural gas compression facility. In the warning, CISA announced that a “cyber threat actor used a Spearphising Link to obtain initial access to the organization’s information technology (IT) network before pivoting to its OT network.
Advertisement
How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.
Tech Republic Security
FEBRUARY 25, 2020
For security reasons, you might need to create a Linux user without the ability to log in. Jack Wallen shows you how.
Schneier on Security
FEBRUARY 28, 2020
For years, Humble Bundle has been selling great books at a "pay what you can afford" model. This month, they're featuring as many as nineteen cybersecurity books for as little as $1, including four of mine. These are digital copies, all DRM-free. Part of the money goes to support the EFF or Let's Encrypt. (The default is 15%, and you can change that.
Daniel Miessler
FEBRUARY 25, 2020
[advanced_iframe src=”[link] width=”100%”]. —. If you get value from this content, you can support it directly by becoming a member. Being a member gets you access to the newsletter every week instead of just twice a month, access to the UL Slack Channel, the UL Book Club, the UL Archives, and access to future member-only content.
Adam Levin
FEBRUARY 27, 2020
The global coronavirus pandemic has created a fertile field for cybercriminals seeking to prey upon the fears of their victims. In the latest episode of Third Certainty, Adam Levin discusses how people can protect themselves online. The post Protecting Against Coronavirus Scams – Third Certainty #12 appeared first on Adam Levin.
Advertiser: Revenera
In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.
Tech Republic Security
FEBRUARY 28, 2020
Vishal Salvi says investing time and developing influence are the keys to making the shift to a secure-by-design mindset.
Schneier on Security
FEBRUARY 27, 2020
This law journal article discusses the role of class-action litigation to secure the Internet of Things. Basically, the article postulates that (1) market realities will produce insecure IoT devices, and (2) political failures will leave that industry unregulated. Result: insecure IoT. It proposes proactive class action litigation against manufacturers of unsafe and unsecured IoT devices before those devices cause unnecessary injury or death.
Security Affairs
FEBRUARY 24, 2020
The FBI recommends using longer passwords composed of multiple words into a long string of at least 15 characters instead of short passwords including special characters. Recent guidance from the National Institute of Standards and Technology (NIST) highlights that the password length is much more important than password complexity. The recommendations are part of the Protected Voices initiative launched by the FBI to help 2020 political campaigns and American voters protect against online forei
WIRED Threat Level
FEBRUARY 26, 2020
Security analyst John Strand had a contract to test a correctional facility’s defenses. He sent the best person for the job: his mother.
Advertisement
Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.
Tech Republic Security
FEBRUARY 27, 2020
Spam, ransomware, and malware continue to haunt organizations, but bad actors are also cooking up new spins on these tried-and-true methods, according to security company Fortinet.
Elie
FEBRUARY 25, 2020
This talk provides a comprehensive analysis of the malicious documents that target users and corporate inboxes, an in-depth analysis of the latest evasion tactics used by attackers and what Google is doing about it.
Security Affairs
FEBRUARY 23, 2020
ISS , the multinational Denmark-based facility services company, was hit with a malware that shuts down shared IT services worldwide. ISS , the Danish multinational services company announced it was hit with malware, in response to the incident the firm disabled access to shared IT services worldwide. ISS services include cleaning services, support services, property services, catering services, security services and facility management services.
Thales Cloud Protection & Licensing
FEBRUARY 25, 2020
The Verizon 2019 Data Breach Investigations Report advises organizations to deploy multifactor authentication throughout all systems and discourage password reuse. MFA awareness is not new to CISOs or IT teams. And yet, according to Norton , data breaches for 2019 included 3,800 publicly disclosed breaches, 4.1 billion records exposed, and a more than 54% increase in the number of reported breaches vs. the first half of 2018.
Advertisement
Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!
Tech Republic Security
FEBRUARY 24, 2020
Cisco's 2020 CISO Benchmark Study links a robust patch policy and collaboration to smaller data breaches.
Elie
FEBRUARY 24, 2020
Everyday Gmail defenses analyze billions of attachments to prevent malicious documents from reaching the inboxes of its users whether they are end-users or corporate ones. This talk provides a comprehensive analysis of the malicious documents that target users and corporate inboxes, an in-depth analysis of the latest evasion tactics used by attackers and what Google is doing about it.
Security Affairs
FEBRUARY 22, 2020
Google announced to have removed nearly 600 Android apps in the official Play Store that were violating two ad-related policies. Google removed from the official Play Store nearly 600 Android apps that were violating two ad-related policies, it also banned the same apps from Google AdMob and Google Ad Manager. “As part of our ongoing efforts — along with help from newly developed technologies — today we’re announcing nearly 600 apps have been removed from the Google Play Store and banned f
Dark Reading
FEBRUARY 24, 2020
Server-side request forgery is a dangerous attack method that is also becoming an issue for the cloud. Here are some of the basics to help keep your Web server from turning against you.
Advertisement
Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.
Expert insights. Personalized for you.
324 
Let's personalize your content