Schneier on Security

MAY 14, 2018

A new PGP vulnerability was announced today. Basically, the vulnerability makes use of the fact that modern e-mail programs allow for embedded HTML objects. Essentially, if an attacker can intercept and modify a message in transit, he can insert code that sends the plaintext in a URL to a remote website. Very clever. The EFAIL attacks exploit vulnerabilities in the OpenPGP and S/MIME standards to reveal the plaintext of encrypted emails.

Encryption 191

Encryption Backups Accountability Software 191

Troy Hunt

MAY 17, 2018

We're on a beach! It's the day after 3 pretty intense days of NDC conference and the day before Scott heads back to the UK so beach was an easy decision. The conference went fantastically well and, in all honesty, was the most enjoyable workshop I think I've done out of ~50 of them these last few years. NDC will be back on the Gold Coast next yet, plus of course it will be in Oslo in a few weeks' time then Sydney in September where we'll both do it all again.

128

128

WIRED Threat Level

MAY 15, 2018

Special Counsel Robert Mueller’s job is to make sense of how Russia hacked the 2016 election. But to make sense of Mueller, you have to revisit some of the bloodiest battles of Vietnam.

Hacking 112

Hacking 112

Dark Reading

MAY 17, 2018

Another widespread worm attack is "inevitable," but spreading a different more lucrative or destructive payload, experts say.

95

95

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Software

Schneier on Security

MAY 14, 2018

EFF is reporting that a critical vulnerability has been discovered in PGP and S/MIME. No details have been published yet, but one of the researchers wrote : We'll publish critical vulnerabilities in PGP/GPG and S/MIME email encryption on 2018-05-15 07:00 UTC. They might reveal the plaintext of encrypted emails, including encrypted emails sent in the past.

Encryption 181

Encryption 181

Troy Hunt

MAY 17, 2018

It's a new Pluralsight course! Yes, I know I said that yesterday too , but this is a new new Pluralsight course and it's the second part in our series on Creating a Security-centric Culture. As I wrote there back in Jan, we're doing this course on a quarterly basis and putting it out in front of the paywall so in other words, it's free! It's also a combination of video and screencast which means you see a lot of this: As for the topic in the title, shadow IT has always been an interesting one an

Technology 120

Technology Risk Marketing Passwords 120

Dark Reading

MAY 17, 2018

Two-factor authentication is a common best security practice but not ironclad. Here's how it can be bypassed, and how you can improve security.

Authentication 86

Authentication 86

Schneier on Security

MAY 15, 2018

Researchers have demonstrated the ability to send inaudible commands to voice assistants like Alexa, Siri, and Google Assistant. Over the last two years, researchers in China and the United States have begun demonstrating that they can send hidden commands that are undetectable to the human ear to Apple's Siri, Amazon's Alexa and Google's Assistant.

Artificial Intelligence 173

Artificial Intelligence Technology 173

Troy Hunt

MAY 16, 2018

Just a tad over 5 years ago, I released my first ever Pluralsight course - OWASP Top 10 Web Application Security Risks for ASP.NET. More than 32k people have listened to more than 78k hours of content in this course making it not just the most popular course I've ever released, but also keeping it as my most popular in the library even today by a long way.

InfoSec 118

InfoSec Risk 118

WIRED Threat Level

MAY 17, 2018

Despite improvements to algorithmic filtering, Facebook and Google+ still host scores of ISIS and related content and accounts that sometimes stay up for months.

Accountability 81

Accountability 81

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

eSecurity Planet

MAY 17, 2018

Our guide to the top managed security service providers (MSSPs), based on their ratings in analyst reports the Gartner Magic Quadrant and the IDC MarketScape Vendor Assessment.

72

72

Schneier on Security

MAY 18, 2018

Someone changed the address of UPS corporate headquarters to his own apartment in Chicago. The company discovered it three months later. The problem, of course, is that in the US there isn't any authentication of change-of-address submissions: According to the Postal Service, nearly 37 million change-of-address requests ­ known as PS Form 3575 ­ were submitted in 2017.

Authentication 160

Authentication 160

Dark Reading

MAY 16, 2018

If you don't know what's on your IoT network, you don't know what to protect -- or protect from. These tools provide visibility into your network so you can be safe with (and from) what you see.

IoT 60

IoT 60

WIRED Threat Level

MAY 16, 2018

Project Shield already defends journalists and human rights groups from DDoS attacks. Now, Jigsaw will help political campaigns out as well.

DDOS 76

DDOS 76

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Thales Cloud Protection & Licensing

MAY 17, 2018

For many years, Thales eSecurity has been a solution provider member of the Cloud Security Alliance (CSA), a global organization dedicated to defining and raising awareness of best practices to help ensure a secure cloud computing environment 1. Among CSA’s many activities is its research arm, which include 34 working groups, one of which is called Security Guidance.

Cloud Migration 54

Cloud Migration Engineering 54

Schneier on Security

MAY 16, 2018

The New York Times is reporting about a company called Securus Technologies that gives police the ability to track cell phone locations without a warrant: The service can find the whereabouts of almost any cellphone in the country within seconds. It does this by going through a system typically used by marketers and other companies to get location data from major cellphone carriers, including AT&T, Sprint, T-Mobile and Verizon, documents show.

Mobile 148

Mobile Marketing Technology Surveillance 148

Threatpost

MAY 16, 2018

The vulnerability allows an attacker to execute a malware or other payloads on a client machine by sending malicious messages from the DHCP server.

Malware 63

Malware 63

WIRED Threat Level

MAY 16, 2018

How security researchers caught the creators of counter antivirus services Scan4You.

Antivirus 88

Antivirus Malware 88

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

Thales Cloud Protection & Licensing

MAY 15, 2018

Making payments even in a face-to-face environment is no longer just about using magnetic stripe or chip cards where the security, operating rules, and risks have been long established and well understood by all the actors involved. We are now living in a world where fundamentally different types of devices are being used to initiate payment transactions.

IoT 54

IoT Technology Mobile Risk 54

Schneier on Security

MAY 17, 2018

The White House has eliminated the cybersecurity coordinator position. This seems like a spectacularly bad idea.

Cybersecurity 169

Cybersecurity 169

Dark Reading

MAY 16, 2018

It's time to "do the right thing" when it comes to gender in the hiring and promotion of women in cybersecurity. Four women (and a man named John) offer practical solutions for shifting the balance.

Cybersecurity 51

Cybersecurity 51

WIRED Threat Level

MAY 14, 2018

An attack called eFail overcomes the protections of encrypted email standards PGP and S/MIME.

Encryption 80

Encryption 80

Advertisement

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

Software

Threatpost

MAY 14, 2018

A phishing scam fooled victims by claiming to be Apple and scooping up personal details – including financial information and Apple account information.

Scams 56

Scams Phishing Accountability Social Engineering 56

eSecurity Planet

MAY 17, 2018

We review CenturyLink's Managed Security Services, which monitor 1.3 billion security events per day and serve customers in 60 different countries.

50

50

Dark Reading

MAY 17, 2018

RDP is used by fraudsters to steal and monetize data more often than you might think. But there are ways to stay safe.

Risk 64

Risk 64

WIRED Threat Level

MAY 12, 2018

Hidden Alexa commands, cell phone tracking, and more security news this week.

85

85

Advertisement

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

Cybersecurity

Threatpost

MAY 17, 2018

A team of academic researchers has demonstrated that it's possible to possible to closely mimic legitimate voice commands in order to carry out nefarious actions on these home assistants.

IoT 49

IoT Hacking 49

eSecurity Planet

MAY 17, 2018

We review DXC Technology's managed security services, which are used by more than 40 percent of the Fortune 500.

Technology 58

Technology 58

Dark Reading

MAY 14, 2018

There's a major disconnect between Internet of Things governance and risk management, according to a new report. Follow these five steps to address the risks.

Risk 54

Risk IoT Internet Internet 54

The Falcon's View

MAY 16, 2018

In the traditional parlance of infosec, we've been taught repeatedly that the C-I-A triad (confidentiality, integrity, availability) must be balanced in accordance with the needs of the business. This concept is foundational to all of infosec, ensconced in standards and certification exams and policies. Yet, today, it's essentially wrong, and moreover isn't a helpful starting point for a security discussion.

InfoSec 40

InfoSec Risk Engineering DDOS 40

Advertisement

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

Cybersecurity