Krebs on Security
OCTOBER 24, 2019
When New York-based cloud payroll provider MyPayrollHR unexpectedly shuttered its doors last month and disappeared with $26 million worth of customer payroll deposits , its payment processor Cachet Financial Services ended up funding the bank accounts of MyPayrollHR client company employees anyway, graciously eating a $26 million loss which it is now suing to recover.
Schneier on Security
OCTOBER 23, 2019
There was a successful attack against NordVPN: Based on the command log, another of the leaked secret keys appeared to secure a private certificate authority that NordVPN used to issue digital certificates. Those certificates might be issued for other servers in NordVPN's network or for a variety of other sensitive purposes. The name of the third certificate suggested it could also have been used for many different sensitive purposes, including securing the server that was compromised in the bre
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Adam Levin
OCTOBER 21, 2019
Maintaining workplace safety can seem like a rare form of torture–videos and quizzes and talks and such. For most of us, it’s a necessary chore. But despite the looks among employees with each new H.R. training session, the work that happens in those conference rooms at least in theory translates to profits. The inoculation process of onboarding a new hire is profoundly important to the proper functioning of any organization.
Troy Hunt
OCTOBER 25, 2019
Ah, impending summer on the Gold Coast! It's that time of year when you can just start to sense those warm beach days and it's absolutely my favourite time of year here. Which means. it's time to head off to other events again. Fortunately it's all domestic this time as I head south to Sydney and Melbourne and maintaining my "no fly unless I absolutely have to" stance, it's long, open road drives, copious podcasts and lots of thinking time.
Advertisement
Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.
Krebs on Security
OCTOBER 21, 2019
Antivirus and security giant Avast and virtual private networking (VPN) software provider NordVPN each today disclosed months-long network intrusions that — while otherwise unrelated — shared a common cause: Forgotten or unknown user accounts that granted remote access to internal systems with little more than a password. Based in the Czech Republic, Avast bills itself as the most popular antivirus vendor on the market, with over 435 million users.
Schneier on Security
OCTOBER 22, 2019
Coming out of the Privacy Commissioners' Conference in Albania , Public Voice is launching a petition for an international moratorium on using facial recognition software for mass surveillance. You can sign on as an individual or an organization. I did. You should as well. No, I don't think that countries will magically adopt this moratorium. But it's important for us all to register our dissent.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
Adam Shostack
OCTOBER 23, 2019
I’ve spoken for over a decade against “think like an attacker” and the trap of starting to threat model with a list of attackers. And for my threat modeling book, I cataloged every serious grouping of attackers that I was able to find. And as I was reading “ 12 Ingenious iOS Screen Time Hacks ,” I realized what they’re all missing: kids.
Krebs on Security
OCTOBER 22, 2019
Business-to-business payments provider Billtrust is still recovering from a ransomware attack that began last week. The company said it is in the final stages of bringing all of its systems back online from backups. With more than 550 employees, Lawrence Township, N.J.-based Billtrust is a cloud-based service that lets customers view invoices, pay, or request bills via email or fax.
Schneier on Security
OCTOBER 22, 2019
NIST has completed a study -- it was published last year, but I just saw it recently -- calculating the costs and benefits of the Advanced Encryption Standard. From the conclusion: The result of performing that operation on the series of cumulated benefits extrapolated for the 169 survey respondents finds that present value of benefits from today's perspective is approximately $8.9 billion.
Adam Levin
OCTOBER 22, 2019
In the seventh episode of Third Certainty, Adam Levin explains the dangers of exposed personally identifiable information and shares some tips about how consumers can protect themselves. The post The DoorDash Data Breach – Third Certainty #7 appeared first on Adam Levin.
Advertisement
After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!
Tech Republic Security
OCTOBER 24, 2019
Connected devices are increasingly being targeted by hackers and cybercriminals. Deloitte shares five tips on how companies can better protect their IoT devices.
Thales Cloud Protection & Licensing
OCTOBER 24, 2019
In the spirit of National Cyber Security Awareness Month (NCSAM), my colleague Ashvin Kamaraju wrote about how organizations can use fundamental controls to secure their information technology. Effective digital security doesn’t end at “Secure IT,” however. It’s equally important that organizations protect their IT assets against things like software vulnerabilities, unsecured Wi-Fi connections and unauthorized data exfiltration.
Schneier on Security
OCTOBER 24, 2019
This is really interesting : "A Data-Driven Reflection on 36 Years of Security and Privacy Research," by Aniqua Baset and Tamara Denning: Abstract : Meta-research research about research allows us, as a community, to examine trends in our research and make informed decisions regarding the course of our future research activities. Additionally, overviews of past research are particularly useful for researchers or conferences new to the field.
Security Affairs
OCTOBER 21, 2019
A joint UK and US investigation has revealed that the Russian cyber espionage group Turla carried out cyber attacks masqueraded as Iranian hackers. According to the Financial Times, a joint UK and US investigation revealed that Russia-linked cyberespionage group Turla conducted several cyber attacks in more than 35 countries masqueraded as Iranian hackers.
Advertisement
How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.
Tech Republic Security
OCTOBER 23, 2019
State-sponsored groups take advantage of the lack of effective mobile malware solutions to target mobile users, according to a new report from BlackBerry.
WIRED Threat Level
OCTOBER 21, 2019
Most hackers know how to cover their tracks. But Russia’s elite groups are working at a whole other level.
Schneier on Security
OCTOBER 21, 2019
Interesting details on Olympic Destroyer, the nation-state cyberattack against the 2018 Winter Olympic Games in South Korea. Wired's Andy Greenberg presents evidence that the perpetrator was Russia, and not North Korea or China.
Security Affairs
OCTOBER 19, 2019
A researcher discovered a critical Linux vulnerability, tracked as CVE-2019-17666 , that could be exploited to fully compromise vulnerable machines. Nico Waisman, principal security engineer at Github, discovered a critical Linux flaw, tracked as CVE-2019-17666 , that could be exploited by attackers to fully compromise vulnerable machines. Found this bug on Monday.
Advertiser: Revenera
In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.
Tech Republic Security
OCTOBER 25, 2019
Avivah Litan, vice president and distinguished analyst for Gartner, explains how deepfake videos can be used to distort reality and how people can fight it through AI models and blockchain.
Thales Cloud Protection & Licensing
OCTOBER 23, 2019
Digital transformation (DX) is fundamentally impacting all aspects of the economy across every industry, and nowhere is this truer than in retail. DX technologies such as cloud, mobile payments, IoT, Big Data and others have fundamentally changed retailers’ business models, not only by opening new channels to reach customers, but also in how they communicate with, serve, and support them.
ForAllSecure
OCTOBER 23, 2019
The realization that software is becoming an essential component of our everyday lives was reflected yet again in this year’s Black Hat. Even more solutions are being touted to deal with the ever-growing exposure of software to malicious threats. Unfortunately, a lot of the solutions focus on dealing with the symptoms of our current predicament without addressing the fundamental truth - software is built insecurely despite our best efforts.
Security Affairs
OCTOBER 20, 2019
The news is quite curious, the US military will no longer use 8-inch floppy disks in an antiquated computer (SACCS) to manage nuclear weapons arsenal. It’s official, the US strategic command has announced that it has replaced the 8-inch floppy disks in an ancient computer to receive nuclear launch orders from the President with a “highly-secure solid state digital storage solution.” The use of the 8-inch floppy disks was revealed back in 2014 by the CBS “60 Minutes” TV show. &#
Advertisement
Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.
Tech Republic Security
OCTOBER 23, 2019
TechRepublic's Karen Roby talks with futurist Brian Solis about the trends shaping digital transformation.
Dark Reading
OCTOBER 25, 2019
Turns out, a lot. Get people to fall in love with the security team, and you'll get them to care about security, CISOs say in part 2 of a two-part series about building security culture.
WIRED Threat Level
OCTOBER 22, 2019
Your brain has better things to do than store secure passwords. Get a dedicated password manager to keep your login data synced and secure across all devices.
Security Affairs
OCTOBER 23, 2019
Boffins disclosed a web attack technique (CPDoS attack) that can poison content delivery networks (CDNs) into caching and then serving error pages. Two researchers from the Technical University of Cologne (TH Koln) have devised a new web attack that can be used by threat actors to poison content delivery networks (CDNs) into caching and then serving error pages instead of the legitimate content.
Advertisement
Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!
Tech Republic Security
OCTOBER 23, 2019
Princeton computer science professor Ed Felten says blockchain will enable smart contracts that provide trust to company systems in the future, but there are some myths and misconceptions.
Dark Reading
OCTOBER 23, 2019
As cyberattacks intensify and the skills gap broadens, it's hard not to wonder how much more those in the industry can take before throwing in the towel.
WIRED Threat Level
OCTOBER 20, 2019
Whether it's Facebook, Instagram, Twitter, or Snapchat, lock down who can see what you're up to.
Security Affairs
OCTOBER 19, 2019
Over 600 million UC Browser and UC Browser Mini Android users have been exposed to man-in-the-middle (MiTM) attacks. More than 600 million users of the popular UC Browser and UC Browser Mini Android apps have been exposed to man-in-the-middle (MiTM) attacks by downloading an Android Package Kit (APK) from a third party server over unprotected channels.
Advertisement
Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.
Expert insights. Personalized for you.
170 
Let's personalize your content