Schneier on Security
DECEMBER 24, 2020
Interesting analysis of China’s efforts to identify US spies: By about 2010, two former CIA officials recalled, the Chinese security services had instituted a sophisticated travel intelligence program, developing databases that tracked flights and passenger lists for espionage purposes. “We looked at it very carefully,” said the former senior CIA official.
Troy Hunt
DECEMBER 19, 2020
I'm live again! Well, I was live having found enough connectivity in Port Douglas to go back to streaming. I'll still be here next week too and will plan on doing a Christmas morning stream from the same location. I talk a bunch about the trip and what I'm seeing in Aus in the latter part of this video, it's a truly amazing place I'm only just getting to really see extensively now.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Adam Levin
DECEMBER 23, 2020
Law enforcement agencies from the United States and Europe seized domain names and servers belonging to a virtual private network (VPN) provider long linked to online cybercrime. In a press release issued December 22, U.S. Attorney Matthew Schneider announced the action, called “Operation Nova,” which disrupted the activities of a so-called “bulletproof hosting service” in coordination with Europol and law enforcement agencies from Germany, France, Switzerland, and the Netherlands.
Anton on Security
DECEMBER 22, 2020
New Paper: “Future of the SOC: SOC People?—?Skills, Not Tiers” Back in August , we released our first Google/Chronicle?—?Deloitte Security Operations Center (SOC) paper titled “Future of the SOC: Forces shaping modern security operations” ( launch blog , paper PDF ) and promised a series of three more papers covering SOC people, process and technology.
Advertisement
Many cybersecurity awareness platforms offer massive content libraries, yet they fail to enhance employees’ cyber resilience. Without structured, engaging, and personalized training, employees struggle to retain and apply key cybersecurity principles. Phished.io explains why organizations should focus on interactive, scenario-based learning rather than overwhelming employees with excessive content.
Schneier on Security
DECEMBER 22, 2020
The microphones on voice assistants are very sensitive, and can snoop on all sorts of data : In Hey Alexa what did I just type? we show that when sitting up to half a meter away, a voice assistant can still hear the taps you make on your phone, even in presence of noise. Modern voice assistants have two to seven microphones, so they can do directional localisation, just as human ears do, but with greater sensitivity.
Tech Republic Security
DECEMBER 25, 2020
Artificial intelligence will likely help with cybersecurity, though figuring out how to handle ambiguous situations is critical.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
|
Threatpost
DECEMBER 23, 2020
Research shows that microphones on digital assistants are sensitive enough to record what someone is typing on a smartphone to steal PINs and other sensitive info.
Schneier on Security
DECEMBER 21, 2020
Cellebrite announced that it can break Signal. (Note that the company has heavily edited its blog post, but the original — with lots of technical details — was saved by the Wayback Machine.). News article. Slashdot post. The whole story is puzzling. Cellebrite’s details will make it easier for the Signal developers to patch the vulnerability.
Tech Republic Security
DECEMBER 24, 2020
Cybercriminals sometimes use AI to their benefit. In order to defeat these cyber bad guys, security pros and AI should focus on what they do best.
Security Affairs
DECEMBER 21, 2020
While investigating the recent SolarWinds Orion supply-chain attack security researchers discovered another backdoor, tracked SUPERNOVA. The investigation of the SolarWinds Orion supply-chain attack revealed the existence of another backdoor that was likely used by a separate threat actor.
Advertisement
The DHS compliance audit clock is ticking on Zero Trust. Government agencies can no longer ignore or delay their Zero Trust initiatives. During this virtual panel discussion—featuring Kelly Fuller Gordon, Founder and CEO of RisX, Chris Wild, Zero Trust subject matter expert at Zermount, Inc., and Principal of Cybersecurity Practice at Eliassen Group, Trey Gannon—you’ll gain a detailed understanding of the Federal Zero Trust mandate, its requirements, milestones, and deadlines.
Dark Reading
DECEMBER 21, 2020
Let's prioritize bipartisan strategic actions that can ensure our national security and strengthen the economy. Here are five ideas for how to do that.
Schneier on Security
DECEMBER 23, 2020
Bellingcat has investigated the near-fatal poisoning of Alexey Navalny by the Russian GRU back in August. The details display some impressive traffic analysis. Navalny got a confession out of one of the poisoners, displaying some masterful social engineering. Lots of interesting opsec details in all of this.
Tech Republic Security
DECEMBER 21, 2020
Some experts argue that users might actually be the most vital link when it comes to certain types of cyberattacks.
Security Affairs
DECEMBER 19, 2020
The US National Security Agency (NSA) warns of two techniques abused by threat actors for escalating attacks from local networks to cloud infrastructure. The US National Security Agency has published a security advisory that describes two techniques abused in recent attacks against cloud infrastructure. The attack techniques are abused by hackers are using to escalate access from compromised local networks into cloud-based infrastructure.
Advertisement
Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.
CompTIA on Cybersecurity
DECEMBER 22, 2020
As the dust settles on the Solar Winds Orion cyberattack, it's clear that the IT industry needs to take the next step and band together, sharing threat intelligence and cyber best practices to avoid similar hacks in the future.
Threatpost
DECEMBER 21, 2020
Investigation reveals device sector is problem plagued when it comes to security bugs.
Tech Republic Security
DECEMBER 21, 2020
If you want to improve or expand your current skill set, there are a few options you can focus on. Tom Merritt lists five tech skills to master in the coming year.
Security Affairs
DECEMBER 24, 2020
Citrix confirmed that a DDoS attack is targeting Citrix Application Delivery Controller (ADC) networking equipment. The threat actors are using the Datagram Transport Layer Security (DTLS) protocol as an amplification vector in attacks against Citrix appliances with EDT enabled. The DTLS protocol is a communications protocol for securing delay-sensitive apps and services that use datagram transport.
Advertisement
Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.
Adam Shostack
DECEMBER 24, 2020
Scientists have discovered a chunk of amber with a dinosaur tail in it. (Poor dinosaur!) National Geographic has the story , which is not brand-new, but is a nice bit of scientific joy for the day.
Threatpost
DECEMBER 22, 2020
Those buying German Shepherd puppies for Bitcoin online are in for a ruff ride.
Tech Republic Security
DECEMBER 21, 2020
TechRepublic spoke with dozens of experts who said the influx of companies interested in doing more with their data is only increasing.
Security Affairs
DECEMBER 19, 2020
Joker’s Stash, the largest carding marketplace online, was shut down by a coordinated operation conducted by the FBI and the Interpol. Joker’s Stash, the largest carding marketplace online, was shut down as a result of a coordinated operation conducted by the FBI and the Interpol. The Joker’s Stash carding platform has been active since October 7, 2014, it focuses on the sale of stolen payment card details.
Advertisement
How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.
SecurityTrails
DECEMBER 22, 2020
Learn what is JARM, its main benefits, and how can it help to detect malicious servers.
Threatpost
DECEMBER 23, 2020
Just in time for the Christmas holiday, Emotet is sending the gift of Trickbot.
Tech Republic Security
DECEMBER 25, 2020
Creating an oasis of health in your home is getting easier with the help of sensors and IoT devices.
Security Affairs
DECEMBER 19, 2020
NATO announced it is assessing its systems after the SolarWinds supply chain attack that impacted multiple US government agencies. NATO announced it is checking its systems after the SolarWinds supply chain attack to determine if they were infected with a backdoor. “At this time, no evidence of compromise has been found on any NATO networks. Our experts continue to assess the situation, with a view to identifying and mitigating any potential risks to our networks,” a NATO official to
Advertisement
After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!
Dark Reading
DECEMBER 22, 2020
As domains get cheaper, account takeovers get easier, and cloud computing usage expands, email-borne attacks will take advantage.
Threatpost
DECEMBER 24, 2020
The LPE bug could allow an attacker to install programs; view, change, or delete data; or create new accounts with full user rights.
Tech Republic Security
DECEMBER 22, 2020
Learn how to prevent cybercriminals from taking advantage of users' minds that are on "automatic.
Security Affairs
DECEMBER 25, 2020
The North Korea-linked Lazarus APT group has recently launched cyberattacks against at least two organizations involved in COVID-19 research. The North Korea-linked APT group Lazarus has recently launched cyberattacks against two entities involved in COVID-19 research. The activity of the Lazarus APT group surged in 2014 and 2015, its members used mostly custom-tailored malware in their attacks.
Advertiser: Revenera
In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.
Expert insights. Personalized for you.
363 
Let's personalize your content