Schneier on Security
DECEMBER 24, 2020
Interesting analysis of China’s efforts to identify US spies: By about 2010, two former CIA officials recalled, the Chinese security services had instituted a sophisticated travel intelligence program, developing databases that tracked flights and passenger lists for espionage purposes. “We looked at it very carefully,” said the former senior CIA official.
Troy Hunt
DECEMBER 19, 2020
I'm live again! Well, I was live having found enough connectivity in Port Douglas to go back to streaming. I'll still be here next week too and will plan on doing a Christmas morning stream from the same location. I talk a bunch about the trip and what I'm seeing in Aus in the latter part of this video, it's a truly amazing place I'm only just getting to really see extensively now.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Adam Levin
DECEMBER 23, 2020
Law enforcement agencies from the United States and Europe seized domain names and servers belonging to a virtual private network (VPN) provider long linked to online cybercrime. In a press release issued December 22, U.S. Attorney Matthew Schneider announced the action, called “Operation Nova,” which disrupted the activities of a so-called “bulletproof hosting service” in coordination with Europol and law enforcement agencies from Germany, France, Switzerland, and the Netherlands.
Anton on Security
DECEMBER 22, 2020
New Paper: “Future of the SOC: SOC People?—?Skills, Not Tiers” Back in August , we released our first Google/Chronicle?—?Deloitte Security Operations Center (SOC) paper titled “Future of the SOC: Forces shaping modern security operations” ( launch blog , paper PDF ) and promised a series of three more papers covering SOC people, process and technology.
Advertisement
Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.
Schneier on Security
DECEMBER 22, 2020
The microphones on voice assistants are very sensitive, and can snoop on all sorts of data : In Hey Alexa what did I just type? we show that when sitting up to half a meter away, a voice assistant can still hear the taps you make on your phone, even in presence of noise. Modern voice assistants have two to seven microphones, so they can do directional localisation, just as human ears do, but with greater sensitivity.
Tech Republic Security
DECEMBER 21, 2020
Some experts argue that users might actually be the most vital link when it comes to certain types of cyberattacks.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
WIRED Threat Level
DECEMBER 20, 2020
The crooks used emulators to mimic the phones of more than 16,000 customers whose mobile bank accounts had been compromised.
Schneier on Security
DECEMBER 23, 2020
Bellingcat has investigated the near-fatal poisoning of Alexey Navalny by the Russian GRU back in August. The details display some impressive traffic analysis. Navalny got a confession out of one of the poisoners, displaying some masterful social engineering. Lots of interesting opsec details in all of this.
Tech Republic Security
DECEMBER 21, 2020
If you want to improve or expand your current skill set, there are a few options you can focus on. Tom Merritt lists five tech skills to master in the coming year.
Security Affairs
DECEMBER 21, 2020
The IT giants VMware and Cisco revealed they were impacted by the recently disclosed SolarWinds supply chain attack. VMware and Cisco confirmed to have been both impacted by the recent SolarWinds hack. A recent advisory published by the NSA is warning that Russian state-sponsored hackers are exploiting the recently patched CVE-2020-4006 VMware flaw to steal sensitive information from their targets.
Advertisement
Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.
Threatpost
DECEMBER 23, 2020
Research shows that microphones on digital assistants are sensitive enough to record what someone is typing on a smartphone to steal PINs and other sensitive info.
Schneier on Security
DECEMBER 21, 2020
Cellebrite announced that it can break Signal. (Note that the company has heavily edited its blog post, but the original — with lots of technical details — was saved by the Wayback Machine.). News article. Slashdot post. The whole story is puzzling. Cellebrite’s details will make it easier for the Signal developers to patch the vulnerability.
Tech Republic Security
DECEMBER 24, 2020
Cybercriminals sometimes use AI to their benefit. In order to defeat these cyber bad guys, security pros and AI should focus on what they do best.
Security Affairs
DECEMBER 24, 2020
Citrix confirmed that a DDoS attack is targeting Citrix Application Delivery Controller (ADC) networking equipment. The threat actors are using the Datagram Transport Layer Security (DTLS) protocol as an amplification vector in attacks against Citrix appliances with EDT enabled. The DTLS protocol is a communications protocol for securing delay-sensitive apps and services that use datagram transport.
Advertisement
After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!
Dark Reading
DECEMBER 21, 2020
Let's prioritize bipartisan strategic actions that can ensure our national security and strengthen the economy. Here are five ideas for how to do that.
WIRED Threat Level
DECEMBER 19, 2020
All the most important stories about the biggest hack in years.
Tech Republic Security
DECEMBER 25, 2020
Artificial intelligence will likely help with cybersecurity, though figuring out how to handle ambiguous situations is critical.
Security Affairs
DECEMBER 19, 2020
The US National Security Agency (NSA) warns of two techniques abused by threat actors for escalating attacks from local networks to cloud infrastructure. The US National Security Agency has published a security advisory that describes two techniques abused in recent attacks against cloud infrastructure. The attack techniques are abused by hackers are using to escalate access from compromised local networks into cloud-based infrastructure.
Advertisement
How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.
CompTIA on Cybersecurity
DECEMBER 22, 2020
As the dust settles on the Solar Winds Orion cyberattack, it's clear that the IT industry needs to take the next step and band together, sharing threat intelligence and cyber best practices to avoid similar hacks in the future.
WIRED Threat Level
DECEMBER 19, 2020
Not all SolarWinds victims are created equal.
Tech Republic Security
DECEMBER 25, 2020
Creating an oasis of health in your home is getting easier with the help of sensors and IoT devices.
Security Affairs
DECEMBER 19, 2020
Joker’s Stash, the largest carding marketplace online, was shut down by a coordinated operation conducted by the FBI and the Interpol. Joker’s Stash, the largest carding marketplace online, was shut down as a result of a coordinated operation conducted by the FBI and the Interpol. The Joker’s Stash carding platform has been active since October 7, 2014, it focuses on the sale of stolen payment card details.
Advertiser: Revenera
In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.
Threatpost
DECEMBER 21, 2020
Investigation reveals device sector is problem plagued when it comes to security bugs.
Adam Shostack
DECEMBER 24, 2020
Scientists have discovered a chunk of amber with a dinosaur tail in it. (Poor dinosaur!) National Geographic has the story , which is not brand-new, but is a nice bit of scientific joy for the day.
Tech Republic Security
DECEMBER 21, 2020
TechRepublic spoke with dozens of experts who said the influx of companies interested in doing more with their data is only increasing.
Security Affairs
DECEMBER 25, 2020
The North Korea-linked Lazarus APT group has recently launched cyberattacks against at least two organizations involved in COVID-19 research. The North Korea-linked APT group Lazarus has recently launched cyberattacks against two entities involved in COVID-19 research. The activity of the Lazarus APT group surged in 2014 and 2015, its members used mostly custom-tailored malware in their attacks.
Advertisement
Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.
Threatpost
DECEMBER 22, 2020
Those buying German Shepherd puppies for Bitcoin online are in for a ruff ride.
SecurityTrails
DECEMBER 22, 2020
Learn what is JARM, its main benefits, and how can it help to detect malicious servers.
Tech Republic Security
DECEMBER 23, 2020
Jack Wallen takes one more opportunity to remind Android device owners to use those phones with a great deal of caution; otherwise, they could become victims of malware.
Security Affairs
DECEMBER 19, 2020
NATO announced it is assessing its systems after the SolarWinds supply chain attack that impacted multiple US government agencies. NATO announced it is checking its systems after the SolarWinds supply chain attack to determine if they were infected with a backdoor. “At this time, no evidence of compromise has been found on any NATO networks. Our experts continue to assess the situation, with a view to identifying and mitigating any potential risks to our networks,” a NATO official to
Advertisement
Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!
Expert insights. Personalized for you.
361 
Let's personalize your content