Schneier on Security
SEPTEMBER 30, 2019
The United States government's continuing disagreement with the Chinese company Huawei underscores a much larger problem with computer technologies in general: We have no choice but to trust them completely, and it's impossible to verify that they're trustworthy. Solving this problem which is increasingly a national security issue will require us to both make major policy changes and invent new technologies.
Krebs on Security
OCTOBER 1, 2019
A Slovenian man convicted of authoring the destructive and once-prolific Mariposa botnet and running the infamous Darkode cybercrime forum has been arrested in Germany on request from prosecutors in the United States, who’ve recently re-indicted him on related charges. NiceHash CTO Matjaž “Iserdo” Škorjanc, as pictured on the front page of a recent edition of the Slovenian daily Delo.si, is being held by German authorities on a US arrest warrant for operating the destructive
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Troy Hunt
OCTOBER 4, 2019
Well, this will be the last weekly update done overseas for some time as I count down the return to beaches, sunshine and fantastic coffee (yes, I'm confident saying that even whilst in Italy!) It's been a non-stop trip with an attempt of a bit of downtime at the end of it, albeit with limited success. Regardless, this week I'm covering off the last few days travels, reflecting on 10 years of blogging and looking at a really cool use of HIBP related to net neutrality comments lodged at the FCC.
The Last Watchdog
OCTOBER 3, 2019
Sharing intelligence for the greater good is an essential component of making Internet-centric commerce as safe and as private as it needs to be. Related: Automating threat feed analysis Peerlyst is another step in that direction. Started by infosec professionals, Peerlyst takes the characteristics of B2B communications we’ve become accustomed to on Twitter and LinkedIn and directs it toward cybersecurity.
Advertisement
Many cybersecurity awareness platforms offer massive content libraries, yet they fail to enhance employees’ cyber resilience. Without structured, engaging, and personalized training, employees struggle to retain and apply key cybersecurity principles. Phished.io explains why organizations should focus on interactive, scenario-based learning rather than overwhelming employees with excessive content.
Schneier on Security
OCTOBER 1, 2019
Glenn Gerstell, the General Counsel of the NSA, wrote a long and interesting op-ed for the New York Times where he outlined a long list of cyber risks facing the US. There are four key implications of this revolution that policymakers in the national security sector will need to address: The first is that the unprecedented scale and pace of technological change will outstrip our ability to effectively adapt to it.
Adam Levin
OCTOBER 2, 2019
The hacker allegedly behind the Collection #1 and Collection #2 data breaches has claimed responsibility for the compromise of more than 200 million users of a popular iOS and Android gaming app. Online cybersecurity site the Hacker News reported earlier this week that Pakistani hacker Gnosticplayers had gained access to the player database of Zynga’s Scrabble clone called Words with Friends, and the personal information of 218 million users.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
|
Tech Republic Security
OCTOBER 2, 2019
Lure possible attackers into a trap with a Kali Linux honeypot.
Schneier on Security
OCTOBER 4, 2019
Long Twitter thread about the tracking embedded in modern digital televisions. The thread references three academic papers.
The Last Watchdog
SEPTEMBER 30, 2019
Homomorphic encryption has long been something of a Holy Grail in cryptography. Related: Post-quantum cryptography on the horizon For decades, some of our smartest mathematicians and computer scientists have struggled to derive a third way to keep data encrypted — not just the two classical ways, at rest and in transit. The truly astounding feat, aka homomorphic encryption, would be to keep data encrypted while it is being actively used by an application to run computations.
Thales Cloud Protection & Licensing
OCTOBER 1, 2019
I love the Go programming language. It’s easy to use, concise and powerful. These characteristics appeal to the typical programmer’s mindset. Yet, the brevity of the language can be a source of frustration. For example, the core “json” package converts JSON to Go structures yet does nothing to automate this process. If you have a large JSON document to consume, you’ll be writing the corresponding Go structures by hand.
Advertisement
The DHS compliance audit clock is ticking on Zero Trust. Government agencies can no longer ignore or delay their Zero Trust initiatives. During this virtual panel discussion—featuring Kelly Fuller Gordon, Founder and CEO of RisX, Chris Wild, Zero Trust subject matter expert at Zermount, Inc., and Principal of Cybersecurity Practice at Eliassen Group, Trey Gannon—you’ll gain a detailed understanding of the Federal Zero Trust mandate, its requirements, milestones, and deadlines.
Tech Republic Security
OCTOBER 3, 2019
Whether intentionally or unintentionally, employees can pose a significant security risk to company data, according to a new report from data protection firm Code42.
Schneier on Security
OCTOBER 3, 2019
In August, CyberITL completed a large-scale survey of software security practices in the IoT environment, by looking at the compiled software. Data Collected: 22 Vendors 1,294 Products 4,956 Firmware versions 3,333,411 Binaries analyzed Date range of data: 2003-03-24 to 2019-01-24 (varies by vendor, most up to 2018 releases). [.]. This dataset contains products such as home routers, enterprise equipment, smart cameras, security devices, and more.
The Last Watchdog
OCTOBER 4, 2019
It’s clear that managed security services providers (MSSPs) have a ripe opportunity to step into the gap and help small- to medium-sized businesses (SMBs) and small- to medium-sized enterprises (SMEs) meet the daunting challenge of preserving the privacy and security of sensitive data. Related: The case for automated threat feeds analysis Dallas-based Critical Start is making some hay in this space — by striving to extend the roles traditionally played by MSSPs.
Security Affairs
OCTOBER 4, 2019
Google Project Zero researcher Maddie Stone discovered a critical unpatched zero-day vulnerability affecting the Android mobile operating system. Maddie Stone, a member of the Google elite team Project Zero, discovered a critical unpatched zero-day vulnerability affecting the Android mobile operating system. According to the expert, the bug, tracked as CVE-2019-2215, was allegedly being used or sold by the controversial surveillance firm NSO Group.
Advertisement
Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.
Tech Republic Security
OCTOBER 1, 2019
Ransomware continues to present a real cybersecurity threat. Tom Merritt offers five ways you can prevent it from affecting your business.
Schneier on Security
OCTOBER 2, 2019
There's some interesting new research about Russian APT malware: The Russian government has fostered competition among the three agencies, which operate independently from one another, and compete for funds. This, in turn, has resulted in each group developing and hoarding its tools, rather than sharing toolkits with their counterparts, a common sight among Chinese and North Korean state-sponsored hackers.
The Last Watchdog
OCTOBER 3, 2019
Trends in fashion and entertainment come and go. The same holds true for the cyber underground. Related: Leveraging botnets to scale attacks For a long while now, criminal hackers have relied on leveraging low-cost botnet services to blast out cyber attacks as far and wide as they could, indiscriminately. Over the past 18 months or so, a fresh trend has come into vogue.
Security Affairs
OCTOBER 1, 2019
Iran ’s Passive Defense Organization chief Gholamreza Jalali declared that the US government has started its cyber war against the country. Gholamreza Jalali , Iran’s Passive Defense Organization chief, announced that that “America has started its cyber war against Iran, without providing more details. The news was reported by the ISNA news website on October 1, Jalali also added that Iran “ decisively will resort to cyber defense.”.
Advertisement
Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.
Tech Republic Security
OCTOBER 2, 2019
Celebrate Cybersecurity Awareness Month by turning on two-factor authentication and replacing your "fido123" password.
Schneier on Security
OCTOBER 4, 2019
In 1999, I invented the Solitaire encryption algorithm , designed to manually encrypt data using a deck of cards. It was written into the plot of Neal Stephenson's novel Cryptonomicon , and I even wrote an afterward to the book describing the cipher. I don't talk about it much, mostly because I made a dumb mistake that resulted in the algorithm not being reversible.
Adam Shostack
OCTOBER 2, 2019
Podcast with me by OWASP’s Portland, Oregon Chapter in advance of me speaking at their meeting October 9. You can listen here.
Security Affairs
OCTOBER 3, 2019
The Ukrainian police dismantled a bot farm involved in spam campaigns carried out through various services, including email and social networks. Cybercrime is a prolific business, criminal organizations continues to make profits with illegal activities in the cyberspace, but police are ready to contrast them. Cyber experts at the Ukrainian police dismantled a bot farm involved in spam campaigns carried out through various services, including email and social networks. “Cyber ??
Advertisement
How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.
Tech Republic Security
OCTOBER 1, 2019
A cybersecurity expert with the US Navy believes military personnel understand operational risk and should be appointed to corporate boards.
Daniel Miessler
SEPTEMBER 29, 2019
This is UL Member Content Subscribe Already a member? Login No related posts.
Dark Reading
OCTOBER 3, 2019
A new mobile app makes a cybersecurity threat lab available to more small businesses in Los Angeles.
Security Affairs
SEPTEMBER 28, 2019
Researchers are warning of a new variant of recently disclosed SimJacker attack, dubbed WIBattack , that could expose millions of mobile phones to remote hacking. WIBattack is a new variant of the recently discovered Simjacker attack method that could expose millions of mobile phones to remote hacking. A couple of weeks ago, cybersecurity researchers at AdaptiveMobile Security disclosed a critical vulnerability in SIM cards dubbed SimJacker that could be exploited by remote attackers to compromi
Advertisement
After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!
Tech Republic Security
SEPTEMBER 30, 2019
Watch out for suspicious Google Calendar invites and learn how to prevent them from making their way to your calendar.
Thales Cloud Protection & Licensing
OCTOBER 3, 2019
Digital criminals won’t stop targeting the Middle East. I’ve seen numerous attack campaigns targeting this region come to the surface in 2019 alone. Back in April, I remember FireEye discovered that bad actors behind the TRITON custom attack framework had infiltrated a second critical infrastructure organization. That’s less than two years after the company spotted the first TRITON attack where malefactors used TRITON to disrupt a critical infrastructure organization in the Middle East.
Dark Reading
OCTOBER 2, 2019
Quantum computing is real and it's evolving fast. Is the security industry up to the challenge?
Security Affairs
SEPTEMBER 29, 2019
Hackers have stolen more than 218 million records from the popular ‘ Words With Friends’ developed by the mobile social game company Zynga Inc. Do you remember Gnosticplayers ? The popular hacker Gnosticplayers that between February and April disclosed the existence of some massive unreported data breaches in five rounds. He offered for sale almost a billion user records stolen from nearly 45 popular online services.
Advertiser: Revenera
In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.
Expert insights. Personalized for you.
267 
Let's personalize your content