Schneier on Security
FEBRUARY 28, 2020
Google presented its system of using deep-learning techniques to identify malicious email attachments: At the RSA security conference in San Francisco on Tuesday, Google's security and anti-abuse research lead Elie Bursztein will present findings on how the new deep-learning scanner for documents is faring against the 300 billion attachments it has to process each week.
Krebs on Security
FEBRUARY 28, 2020
The U.S. Federal Communications Commission (FCC) today proposed fines of more than $200 million against the nation’s four largest wireless carriers for selling access to their customers’ location information without taking adequate precautions to prevent unauthorized access to that data. While the fines would be among the largest the FCC has ever levied, critics say the penalties don’t go far enough to deter wireless carriers from continuing to sell customer location data.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Troy Hunt
FEBRUARY 25, 2020
Back in 2016, I wrote a blog post about the Martin Lewis Money show featuring HIBP and how it drove an unprecedented spike of traffic to the service, ultimately knocking it offline for a brief period of time. They'd given me a heads up as apparently, that's what the program has a habit of doing: I Just wanted to get in contact to let you know we're featuring 'have I been pwned?
Adam Levin
FEBRUARY 25, 2020
The number of stalkerware apps detected on smartphones increased in 2019, a full 60% over the previous year according to a new report released by Kaspersky Labs. . The anti-virus company’s annual mobile malware report said stalkerware reports increased from 40,286 in 2019 to 67,500 in 2019, figures derived from data gleaned from Kaspersky product users that consented to provide statistical data for research purposes.
Advertisement
Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.
Schneier on Security
FEBRUARY 25, 2020
This is good news : Whenever you visit a website -- even if it's HTTPS enabled -- the DNS query that converts the web address into an IP address that computers can read is usually unencrypted. DNS-over-HTTPS, or DoH, encrypts the request so that it can't be intercepted or hijacked in order to send a user to a malicious site. [.]. But the move is not without controversy.
Krebs on Security
FEBRUARY 26, 2020
On Monday, networking hardware maker Zyxel released security updates to plug a critical security hole in its network attached storage (NAS) devices that is being actively exploited by crooks who specialize in deploying ransomware. Today, Zyxel acknowledged the same flaw is present in many of its firewall products. This week’s story on the Zyxel patch was prompted by the discovery that exploit code for attacking the flaw was being sold in the cybercrime underground for $20,000.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
Adam Shostack
FEBRUARY 27, 2020
The Berryville Institute of Machine Learning (BIML) has released “ An Architectural Risk Analysis of Machine Learning Systems.” This is an important step in the journey to systematic, structured, and comprehensive security analysis of machine learning systems, and we can contrast it with the work at Microsoft I blogged about last month. As always, my goal is to look at published threat models to see what we can learn.
Schneier on Security
FEBRUARY 26, 2020
The New York Times is reporting on the NSA's phone metadata program, which the NSA shut down last year: A National Security Agency system that analyzed logs of Americans' domestic phone calls and text messages cost $100 million from 2015 to 2019, but yielded only a single significant investigation, according to a newly declassified study. Moreover, only twice during that four-year period did the program generate unique information that the F.B.I. did not already possess, said the study, which wa
Krebs on Security
FEBRUARY 24, 2020
Patch comes amid active exploitation by ransomware gangs. Networking hardware vendor Zyxel today released an update to fix a critical flaw in many of its network attached storage (NAS) devices that can be used to remotely commandeer them. The patch comes 12 days after KrebsOnSecurity alerted the company that precise instructions for exploiting the vulnerability were being sold for $20,000 in the cybercrime underground.
Tech Republic Security
FEBRUARY 25, 2020
For security reasons, you might need to create a Linux user without the ability to log in. Jack Wallen shows you how.
Advertisement
Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.
The Last Watchdog
FEBRUARY 24, 2020
Along with Richard Stiennon , I belong to a small circle of journalists and tech industry analysts who’ve been paying close attention to cybersecurity since Bill Gates curtailed commercial work on Windows to rivet Microsoft’s attention on defending its software code. Related: The role of PKI is securing digital transformation That was in 2002. Back then, email spam was a nuisance evolving into a potent attack vector, and the top malware innovators were script kiddies seeking bragging rights.
Schneier on Security
FEBRUARY 24, 2020
The Times of London is reporting that Russian agents are in Ireland probing transatlantic communications cables. Ireland is the landing point for undersea cables which carry internet traffic between America, Britain and Europe. The cables enable millions of people to communicate and allow financial transactions to take place seamlessly. Garda and military sources believe the agents were sent by the GRU, the military intelligence branch of the Russian armed forces which was blamed for the nerve a
Adam Shostack
FEBRUARY 26, 2020
As a member of the BlackHat Review Board, I would love to see more work on Human Factors presented there. Over the past few years, we’ve developed an interesting track with good material year over year. The 2020 call for papers is open and closes April 6th. I wrote a short blog post on what we look for. The BlackHat CFP calls for work which has not been published elsewhere.
Tech Republic Security
FEBRUARY 27, 2020
Cybersecurity is an imperfect science, similar to infectious disease control, according to McAfee CTO.
Advertisement
After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!
WIRED Threat Level
FEBRUARY 26, 2020
Security analyst John Strand had a contract to test a correctional facility’s defenses. He sent the best person for the job: his mother.
Schneier on Security
FEBRUARY 28, 2020
For years, Humble Bundle has been selling great books at a "pay what you can afford" model. This month, they're featuring as many as nineteen cybersecurity books for as little as $1, including four of mine. These are digital copies, all DRM-free. Part of the money goes to support the EFF or Let's Encrypt. (The default is 15%, and you can change that.
Security Affairs
FEBRUARY 23, 2020
ISS , the multinational Denmark-based facility services company, was hit with a malware that shuts down shared IT services worldwide. ISS , the Danish multinational services company announced it was hit with malware, in response to the incident the firm disabled access to shared IT services worldwide. ISS services include cleaning services, support services, property services, catering services, security services and facility management services.
Tech Republic Security
FEBRUARY 28, 2020
Vishal Salvi says investing time and developing influence are the keys to making the shift to a secure-by-design mindset.
Advertisement
How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.
Dark Reading
FEBRUARY 24, 2020
Security experts discuss the threats putting mobile devices at risk and how businesses can better defend against them.
Schneier on Security
FEBRUARY 27, 2020
This law journal article discusses the role of class-action litigation to secure the Internet of Things. Basically, the article postulates that (1) market realities will produce insecure IoT devices, and (2) political failures will leave that industry unregulated. Result: insecure IoT. It proposes proactive class action litigation against manufacturers of unsafe and unsecured IoT devices before those devices cause unnecessary injury or death.
Security Affairs
FEBRUARY 22, 2020
Google announced to have removed nearly 600 Android apps in the official Play Store that were violating two ad-related policies. Google removed from the official Play Store nearly 600 Android apps that were violating two ad-related policies, it also banned the same apps from Google AdMob and Google Ad Manager. “As part of our ongoing efforts — along with help from newly developed technologies — today we’re announcing nearly 600 apps have been removed from the Google Play Store and banned f
Tech Republic Security
FEBRUARY 28, 2020
Karen Roby interviewed an expert about a different threat than COVID-19 brings.
Advertiser: Revenera
In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.
Adam Levin
FEBRUARY 24, 2020
The U.S. Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) issued an advisory following a ransomware attack on a natural gas compression facility. In the warning, CISA announced that a “cyber threat actor used a Spearphising Link to obtain initial access to the organization’s information technology (IT) network before pivoting to its OT network.
Daniel Miessler
FEBRUARY 25, 2020
[advanced_iframe src=”[link] width=”100%”]. —. If you get value from this content, you can support it directly by becoming a member. Being a member gets you access to the newsletter every week instead of just twice a month, access to the UL Slack Channel, the UL Book Club, the UL Archives, and access to future member-only content.
Security Affairs
FEBRUARY 27, 2020
Let me share with you the result of a one-night long analysis of major black marketplaces searching for anything related to the coronavirus epidemic. Recently I have received many questions from journalists and colleagues about the activity in the dark web related to the coronavirus epidemic, here you are what I have found digging in the major black marketplaces.
Tech Republic Security
FEBRUARY 24, 2020
Google's reCAPTCHA Enterprise and Web Risk API get a general release; Chronicle Security gets boosts from new threat detection and timelining features.
Advertisement
Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.
Adam Levin
FEBRUARY 27, 2020
The global coronavirus pandemic has created a fertile field for cybercriminals seeking to prey upon the fears of their victims. In the latest episode of Third Certainty, Adam Levin discusses how people can protect themselves online. The post Protecting Against Coronavirus Scams – Third Certainty #12 appeared first on Adam Levin.
Dark Reading
FEBRUARY 28, 2020
Disinformation goes far beyond just influencing election outcomes. Here's what security pros need to know.
Security Affairs
FEBRUARY 28, 2020
Ghostcat flaw affects all versions of Apache Tomcat and could be exploited by hackers to read configuration files or install backdoors on vulnerable servers. All versions of Apache Tomcat are affected by a vulnerability dubbed Ghostcat that could be exploited by attackers to read configuration files or install backdoors on vulnerable servers. The vulnerability, tracked as CVE-2020-1938 , affects the Tomcat AJP protocol and was discovered by the Chinese cybersecurity firm Chaitin Tech.
Tech Republic Security
FEBRUARY 28, 2020
Karen Roby interviewed a cybersecurity expert about a different threat than COVID-19 brings.
Advertisement
Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!
Expert insights. Personalized for you.
332 
Let's personalize your content