This site uses cookies to improve your experience. To help us insure we adhere to various privacy regulations, please select your country/region of residence. If you do not select a country, we will assume you are from the United States. Select your Cookie Settings or view our Privacy Policy and Terms of Use.
Cookie Settings
Cookies and similar technologies are used on this website for proper function of the website, for tracking performance analytics and for marketing purposes. We and some of our third-party providers may use cookie data for various purposes. Please review the cookie settings below and choose your preference.
Used for the proper function of the website
Used for monitoring website traffic and interactions
Cookie Settings
Cookies and similar technologies are used on this website for proper function of the website, for tracking performance analytics and for marketing purposes. We and some of our third-party providers may use cookie data for various purposes. Please review the cookie settings below and choose your preference.
Strictly Necessary: Used for the proper function of the website
Performance/Analytics: Used for monitoring website traffic and interactions
A new PGP vulnerability was announced today. Basically, the vulnerability makes use of the fact that modern e-mail programs allow for embedded HTML objects. Essentially, if an attacker can intercept and modify a message in transit, he can insert code that sends the plaintext in a URL to a remote website. Very clever. The EFAIL attacks exploit vulnerabilities in the OpenPGP and S/MIME standards to reveal the plaintext of encrypted emails.
We're on a beach! It's the day after 3 pretty intense days of NDC conference and the day before Scott heads back to the UK so beach was an easy decision. The conference went fantastically well and, in all honesty, was the most enjoyable workshop I think I've done out of ~50 of them these last few years. NDC will be back on the Gold Coast next yet, plus of course it will be in Oslo in a few weeks' time then Sydney in September where we'll both do it all again.
Special Counsel Robert Mueller’s job is to make sense of how Russia hacked the 2016 election. But to make sense of Mueller, you have to revisit some of the bloodiest battles of Vietnam.
Many cybersecurity awareness platforms offer massive content libraries, yet they fail to enhance employees’ cyber resilience. Without structured, engaging, and personalized training, employees struggle to retain and apply key cybersecurity principles. Phished.io explains why organizations should focus on interactive, scenario-based learning rather than overwhelming employees with excessive content.
Researchers have demonstrated the ability to send inaudible commands to voice assistants like Alexa, Siri, and Google Assistant. Over the last two years, researchers in China and the United States have begun demonstrating that they can send hidden commands that are undetectable to the human ear to Apple's Siri, Amazon's Alexa and Google's Assistant.
It's a new Pluralsight course! Yes, I know I said that yesterday too , but this is a new new Pluralsight course and it's the second part in our series on Creating a Security-centric Culture. As I wrote there back in Jan, we're doing this course on a quarterly basis and putting it out in front of the paywall so in other words, it's free! It's also a combination of video and screencast which means you see a lot of this: As for the topic in the title, shadow IT has always been an interesting one an
EFF is reporting that a critical vulnerability has been discovered in PGP and S/MIME. No details have been published yet, but one of the researchers wrote : We'll publish critical vulnerabilities in PGP/GPG and S/MIME email encryption on 2018-05-15 07:00 UTC. They might reveal the plaintext of encrypted emails, including encrypted emails sent in the past.
Just a tad over 5 years ago, I released my first ever Pluralsight course - OWASP Top 10 Web Application Security Risks for ASP.NET. More than 32k people have listened to more than 78k hours of content in this course making it not just the most popular course I've ever released, but also keeping it as my most popular in the library even today by a long way.
Our guide to the top managed security service providers (MSSPs), based on their ratings in analyst reports the Gartner Magic Quadrant and the IDC MarketScape Vendor Assessment.
The DHS compliance audit clock is ticking on Zero Trust. Government agencies can no longer ignore or delay their Zero Trust initiatives. During this virtual panel discussion—featuring Kelly Fuller Gordon, Founder and CEO of RisX, Chris Wild, Zero Trust subject matter expert at Zermount, Inc., and Principal of Cybersecurity Practice at Eliassen Group, Trey Gannon—you’ll gain a detailed understanding of the Federal Zero Trust mandate, its requirements, milestones, and deadlines.
Someone changed the address of UPS corporate headquarters to his own apartment in Chicago. The company discovered it three months later. The problem, of course, is that in the US there isn't any authentication of change-of-address submissions: According to the Postal Service, nearly 37 million change-of-address requests known as PS Form 3575 were submitted in 2017.
Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.
Despite improvements to algorithmic filtering, Facebook and Google+ still host scores of ISIS and related content and accounts that sometimes stay up for months.
Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.
The New York Times is reporting about a company called Securus Technologies that gives police the ability to track cell phone locations without a warrant: The service can find the whereabouts of almost any cellphone in the country within seconds. It does this by going through a system typically used by marketers and other companies to get location data from major cellphone carriers, including AT&T, Sprint, T-Mobile and Verizon, documents show.
If you don't know what's on your IoT network, you don't know what to protect -- or protect from. These tools provide visibility into your network so you can be safe with (and from) what you see.
A phishing scam fooled victims by claiming to be Apple and scooping up personal details – including financial information and Apple account information.
How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.
Christopher Wylie testified before the Senate Judiciary Committee Wednesday that Cambridge Analytica specialized in "disinformation, spreading rumors, *kompromat*, and propaganda.".
For many years, Thales eSecurity has been a solution provider member of the Cloud Security Alliance (CSA), a global organization dedicated to defining and raising awareness of best practices to help ensure a secure cloud computing environment 1. Among CSA’s many activities is its research arm, which include 34 working groups, one of which is called Security Guidance.
After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!
Making payments even in a face-to-face environment is no longer just about using magnetic stripe or chip cards where the security, operating rules, and risks have been long established and well understood by all the actors involved. We are now living in a world where fundamentally different types of devices are being used to initiate payment transactions.
A team of academic researchers has demonstrated that it's possible to possible to closely mimic legitimate voice commands in order to carry out nefarious actions on these home assistants.
In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.
We organize all of the trending information in your field so you don't have to. Join 28,000+ users and stay up to date on the latest articles your peers are reading.
You know about us, now we want to get to know you!
Let's personalize your content
Let's get even more personalized
We recognize your account from another site in our network, please click 'Send Email' below to continue with verifying your account and setting a password.
212 
Let's personalize your content