Schneier on Security

OCTOBER 31, 2019

Interesting story. I always recommend using a random number generator like Fortuna , even if you're using a hardware random source. It's just safer.

187

187

Krebs on Security

OCTOBER 30, 2019

Top domain name registrars NetworkSolutions.com , Register.com and Web.com are asking customers to reset their passwords after discovering an intrusion in August 2019 in which customer account information was accessed. A notice to customers at notice.web.com. “On October 16, 2019, Web.com determined that a third-party gained unauthorized access to a limited number of its computer systems in late August 2019, and as a result, account information may have been accessed,” Web.com said i

Passwords 142

Passwords Accountability Encryption Data breaches 142

The Last Watchdog

OCTOBER 29, 2019

If your daily screen time is split between a laptop browser and a smartphone, you may have noticed that a few browser web pages are beginning to match the slickness of their mobile apps. Related: The case for a microservices firewall Netflix and Airbnb are prime examples of companies moving to single-page applications, or SPAs , in order to make their browser webpages as responsive as their mobile apps.

Mobile 140

Mobile Digital transformation Data breaches Firewall 140

Adam Shostack

NOVEMBER 1, 2019

Recently, I’ve seen four cybersecurity approaches for medical devices, and we can learn by juxtaposing them. The Principles and Practices for Medical Device Cybersecurity is a process-centered and comprehensive document from the International Medical Device Regulators Forum. It covers pre- and post- market considerations, as well as information sharing and coordinated vuln disclosure.

Manufacturing 100

Manufacturing Marketing Software Cybersecurity 100

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Software

Schneier on Security

OCTOBER 28, 2019

In an extraordinary essay , the former FBI general counsel Jim Baker makes the case for strong encryption over government-mandated backdoors: In the face of congressional inaction, and in light of the magnitude of the threat, it is time for governmental authorities­ -- including law enforcement­ -- to embrace encryption because it is one of the few mechanisms that the United States and its allies can use to more effectively protect themselves from existential cybersecurity threats, particularly

Encryption 156

Encryption Cybersecurity Internet Internet 156

Krebs on Security

OCTOBER 29, 2019

Reporting on the exposure of some 26 million stolen credit cards leaked from a top underground cybercrime store highlighted some persistent and hard truths. Most notably, that the world’s largest financial institutions tend to have a much better idea of which merchants and bank cards have been breached than do the thousands of smaller banks and credit unions across the United States.

Banking 123

Banking Cybercrime Accountability Technology 123

Adam Shostack

OCTOBER 28, 2019

The Economist Reflects on Liberalism is the sort of in-depth writing and thinking that makes the magazine so great: “ Reinventing Liberalism for the 21st century.” Evading Machine Learning Malware Classifiers , from the winner of the Defcon Machine Learning Static Evasion Competition. The general counsel of the NSA and former general counsel of the FBI have editorials on encryption.

Encryption 100

Encryption Malware 100

Schneier on Security

OCTOBER 30, 2019

WhatsApp is suing the Israeli cyberweapons arms manufacturer NSO Group in California court: WhatsApp's lawsuit, filed in a California court on Tuesday, has demanded a permanent injunction blocking NSO from attempting to access WhatsApp computer systems and those of its parent company, Facebook. It has also asked the court to rule that NSO violated US federal law and California state law against computer fraud, breached their contracts with WhatsApp and "wrongfully trespassed" on Facebook's prope

Manufacturing 126

Manufacturing Spyware Hacking 126

Tech Republic Security

OCTOBER 28, 2019

Alternative data allows businesses to discover trends and financial opportunities without compromising consumer privacy. Tom Merritt explains the five things you need to know about alternative data.

95

95

Daniel Miessler

OCTOBER 27, 2019

[advanced_iframe src=”[link] width=”100%” height=”7000px”] No related posts.

Information Security 100

Information Security 100

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

Thales Cloud Protection & Licensing

OCTOBER 31, 2019

We’ve all watched a horror film and said “why are you doing that?!” as the main characters walk aimlessly down to a basement filled with chain saws or shouted, “are you stupid?!!” as they decide that it’s a good idea to hitchhike alone in the dark. While these fictional horror stories are created simply to frighten the audience, real-world businesses are just as guilty of making naïve decisions when it comes to protecting sensitive data, but with very scary consequences that exist.

Encryption 88

Encryption Backups Authentication Data privacy 88

Schneier on Security

OCTOBER 29, 2019

The Carnegie Endowment for Peace published a comprehensive report on ICT (information and communication technologies) supply-chain security and integrity. It's a good read, but nothing that those who are following this issue don't already know.

Technology 117

Technology 117

Tech Republic Security

OCTOBER 28, 2019

Nielsen released predictions for the next decade at the Gartner IT Symposium/Xpo 2019 and CPG and retail supply chains will need automation, blockchain and enhanced analytics to improve security.

Retail 93

Retail Technology 93

Daniel Miessler

OCTOBER 28, 2019

This is UL Member Content Subscribe Already a member? Login No related posts.

Information Security 100

Information Security 100

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Thales Cloud Protection & Licensing

OCTOBER 29, 2019

Today, I’m excited to share that Ground Labs , a market leader in data discovery has entered a strategic partnership with Thales. Our joint objective is to empower the discovery and remediation of sensitive data. Unlike alternative solutions that can leave sensitive data exposed or compromised, the joint solution will enable organizations to automatically find and classify sensitive data across heterogeneous environments, understand the risks, and mitigate them through policy-based remediation…a

Risk 86

Risk Big data Technology Data privacy 86

Schneier on Security

NOVEMBER 1, 2019

Kathryn Waldron at R Street has collected all of the different resources and methodologies for measuring cybersecurity.

Cybersecurity 121

Cybersecurity 121

Tech Republic Security

OCTOBER 31, 2019

Reported cyberattacks against K-12 schools in the US have hit 301 so far in 2019 compared to 124 in 2018 and 218 in 2017, according to a new report from security provider Barracuda Networks.

93

93

Security Affairs

OCTOBER 31, 2019

Roughly 21 million login credentials for Fortune 500 companies are available for sale, in plain text, in multiple forums and black market places in the dark web. More than 21 million login credentials belonging to Fortune 500 companies are available for sale in various places on the dark web. Experts at ImmuniWeb discovered that 21,040,296 login credentials for 500 Fortune companies are offered in plain text on multiple services in the dark web.

Passwords 100

Passwords Telecommunications Advertising Retail 100

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

WIRED Threat Level

OCTOBER 28, 2019

Fancy Bear has attacked 16 anti-doping agencies around the world, indicating that its Olympics grudge is far from over.

Hacking 75

Hacking 75

ForAllSecure

OCTOBER 30, 2019

How many potholes did you encounter on your way into work today? How many of them did you report to the city? Vulnerability reporting works much the same way. Developers find bugs – and vulnerabilities – and don’t always report them. Unfortunately, the manual process to diagnose and report each one is a deterrent. That manual process is holding automated tools back.

Software 52

Software System Administration Cybersecurity Risk 52

Tech Republic Security

NOVEMBER 1, 2019

Capture the Flag challenge encourages women to pursue cybersecurity careers and connects experts with newcomers

Cybersecurity 117

Cybersecurity 117

Security Affairs

OCTOBER 26, 2019

asty PHP7 remote code execution bug exploited in the wild. Experts warn of a remote code execution vulnerability in PHP7, tracked as CVE-2019-11043, has been exploited in attacks in the wild. A remote code execution vulnerability in PHP7, tracked as CVE-2019-11043, has been exploited in attacks in the wild. On October 22, the security expert Omar Ganiev announced via Twitter the availability of a “freshly patched” remote code execution vulnerability in PHP-FPM , the FastCGI Process Manager

Hacking 89

Hacking Advertising Information Security 89

Advertisement

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

Software

WIRED Threat Level

OCTOBER 29, 2019

Alexa, Siri, and Google Assistant now all give you ways to opt out of human transcription of your voice snippets. Do it.

Artificial Intelligence 75

Artificial Intelligence 75

Dark Reading

OCTOBER 28, 2019

Security experts say voting by app adds another level of risk, as mobile-voting pilots expand for overseas military and voters with disabilities.

Mobile 58

Mobile Risk 58

Tech Republic Security

OCTOBER 28, 2019

A new report from IntSights details the many ways cybercriminals break into a new generation of highly digitized cars.

Software 113

Software 113

Security Affairs

OCTOBER 31, 2019

Two hackers have pleaded guilty to hacking Uber and LinkedIn’s Lynda.com service in 2016 and attempted to extort money from the two companies. Brandon Charles Glover and Vasile Mereacre are two hackers that have pleaded guilty to hacking Uber and LinkedIn’s Lynda.com service in 2016. The defendants have also attempted to extort money from the companies requesting them to pay ‘bug bounties’ to avoid publicly disclose the data breaches.

Data breaches 83

Data breaches Hacking Advertising Accountability 83

Advertisement

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

Cybersecurity

WIRED Threat Level

OCTOBER 28, 2019

As data hijackers continue to target local governments and hospitals, legislators remain stymied over how best to address the problem.

Ransomware 54

Ransomware Government 54

Dark Reading

OCTOBER 31, 2019

APT41's new campaign is latest to highlight trend by Chinese threat groups to attack upstream service providers as a way to reach its intended targets, FireEye says.

52

52

Tech Republic Security

OCTOBER 29, 2019

The ServiceNow and Ponemon study found an average 24% increase in cybersecurity spending and a 17% rise in attacks.

Cybersecurity 108

Cybersecurity 108

Security Affairs

OCTOBER 29, 2019

Group-IB discovered details for 1.3 million Indian payment cards available for sale on Joker’s Stash, it is the largest card database ever. Group-IB , a Singapore-based cybersecurity company that specializes in preventing cyberattacks, has detected that a huge database presumably holding the total of more than 1.3 million credit and debit card records of mostly Indian banks’ customers was uploaded to Joker’s Stash on October 28.

Banking 75

Banking Marketing Advertising Cybersecurity 75

Advertisement

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

Cybersecurity