Schneier on Security
SEPTEMBER 30, 2019
The United States government's continuing disagreement with the Chinese company Huawei underscores a much larger problem with computer technologies in general: We have no choice but to trust them completely, and it's impossible to verify that they're trustworthy. Solving this problem which is increasingly a national security issue will require us to both make major policy changes and invent new technologies.
Adam Levin
OCTOBER 2, 2019
The hacker allegedly behind the Collection #1 and Collection #2 data breaches has claimed responsibility for the compromise of more than 200 million users of a popular iOS and Android gaming app. Online cybersecurity site the Hacker News reported earlier this week that Pakistani hacker Gnosticplayers had gained access to the player database of Zynga’s Scrabble clone called Words with Friends, and the personal information of 218 million users.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
The Last Watchdog
SEPTEMBER 30, 2019
Homomorphic encryption has long been something of a Holy Grail in cryptography. Related: Post-quantum cryptography on the horizon For decades, some of our smartest mathematicians and computer scientists have struggled to derive a third way to keep data encrypted — not just the two classical ways, at rest and in transit. The truly astounding feat, aka homomorphic encryption, would be to keep data encrypted while it is being actively used by an application to run computations.
Troy Hunt
SEPTEMBER 29, 2019
It's been a bit of intense country-hopping since the last update so this one is a consolidated "this week in tweets" version. I actually found it kind of interesting going back through the noteworthy incidents of the week in lieu of having original content of my own, see what you think. Given the coming schedule (and a deep, deep desire for a few days of downtime), the next one might be more of the same so I hope it resonates!
Advertisement
Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.
Schneier on Security
OCTOBER 1, 2019
Glenn Gerstell, the General Counsel of the NSA, wrote a long and interesting op-ed for the New York Times where he outlined a long list of cyber risks facing the US. There are four key implications of this revolution that policymakers in the national security sector will need to address: The first is that the unprecedented scale and pace of technological change will outstrip our ability to effectively adapt to it.
Tech Republic Security
OCTOBER 3, 2019
Whether intentionally or unintentionally, employees can pose a significant security risk to company data, according to a new report from data protection firm Code42.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
Thales Cloud Protection & Licensing
OCTOBER 1, 2019
I love the Go programming language. It’s easy to use, concise and powerful. These characteristics appeal to the typical programmer’s mindset. Yet, the brevity of the language can be a source of frustration. For example, the core “json” package converts JSON to Go structures yet does nothing to automate this process. If you have a large JSON document to consume, you’ll be writing the corresponding Go structures by hand.
Schneier on Security
OCTOBER 3, 2019
In August, CyberITL completed a large-scale survey of software security practices in the IoT environment, by looking at the compiled software. Data Collected: 22 Vendors 1,294 Products 4,956 Firmware versions 3,333,411 Binaries analyzed Date range of data: 2003-03-24 to 2019-01-24 (varies by vendor, most up to 2018 releases). [.]. This dataset contains products such as home routers, enterprise equipment, smart cameras, security devices, and more.
Tech Republic Security
OCTOBER 1, 2019
Ransomware continues to present a real cybersecurity threat. Tom Merritt offers five ways you can prevent it from affecting your business.
The Last Watchdog
OCTOBER 3, 2019
Trends in fashion and entertainment come and go. The same holds true for the cyber underground. Related: Leveraging botnets to scale attacks For a long while now, criminal hackers have relied on leveraging low-cost botnet services to blast out cyber attacks as far and wide as they could, indiscriminately. Over the past 18 months or so, a fresh trend has come into vogue.
Advertisement
After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!
Adam Shostack
OCTOBER 2, 2019
Podcast with me by OWASP’s Portland, Oregon Chapter in advance of me speaking at their meeting October 9. You can listen here.
Schneier on Security
OCTOBER 2, 2019
There's some interesting new research about Russian APT malware: The Russian government has fostered competition among the three agencies, which operate independently from one another, and compete for funds. This, in turn, has resulted in each group developing and hoarding its tools, rather than sharing toolkits with their counterparts, a common sight among Chinese and North Korean state-sponsored hackers.
Tech Republic Security
OCTOBER 1, 2019
A cybersecurity expert with the US Navy believes military personnel understand operational risk and should be appointed to corporate boards.
Security Affairs
OCTOBER 1, 2019
Iran ’s Passive Defense Organization chief Gholamreza Jalali declared that the US government has started its cyber war against the country. Gholamreza Jalali , Iran’s Passive Defense Organization chief, announced that that “America has started its cyber war against Iran, without providing more details. The news was reported by the ISNA news website on October 1, Jalali also added that Iran “ decisively will resort to cyber defense.”.
Advertisement
How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.
Thales Cloud Protection & Licensing
OCTOBER 3, 2019
Digital criminals won’t stop targeting the Middle East. I’ve seen numerous attack campaigns targeting this region come to the surface in 2019 alone. Back in April, I remember FireEye discovered that bad actors behind the TRITON custom attack framework had infiltrated a second critical infrastructure organization. That’s less than two years after the company spotted the first TRITON attack where malefactors used TRITON to disrupt a critical infrastructure organization in the Middle East.
Schneier on Security
OCTOBER 4, 2019
In 1999, I invented the Solitaire encryption algorithm , designed to manually encrypt data using a deck of cards. It was written into the plot of Neal Stephenson's novel Cryptonomicon , and I even wrote an afterward to the book describing the cipher. I don't talk about it much, mostly because I made a dumb mistake that resulted in the algorithm not being reversible.
Tech Republic Security
OCTOBER 1, 2019
IT security budgets now average $18.9 million, up from $8.9 million, with savings credited to internal cybersecurity, according to new Kaspersky report.
WIRED Threat Level
OCTOBER 1, 2019
Nearly two decades ago, a company called Interpeak created a network protocol that became an industry standard. It also had severe bugs that are only now coming to light.
Advertiser: Revenera
In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.
Security Affairs
SEPTEMBER 28, 2019
Researchers are warning of a new variant of recently disclosed SimJacker attack, dubbed WIBattack , that could expose millions of mobile phones to remote hacking. WIBattack is a new variant of the recently discovered Simjacker attack method that could expose millions of mobile phones to remote hacking. A couple of weeks ago, cybersecurity researchers at AdaptiveMobile Security disclosed a critical vulnerability in SIM cards dubbed SimJacker that could be exploited by remote attackers to compromi
Schneier on Security
OCTOBER 4, 2019
Long Twitter thread about the tracking embedded in modern digital televisions. The thread references three academic papers.
Tech Republic Security
OCTOBER 3, 2019
Black Hat's Network Operations team members discuss looking for the "bad within the bad." Also, RSA's CTO talks about managing risks to prevent an individual problem from becoming a societal problem.
Dark Reading
SEPTEMBER 28, 2019
Is it rude to ask someone to shut off their Alexa? Ask the family who's written the book on etiquette for nearly 100 years -- the descendants of Emily Post herself.
Advertisement
Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.
Security Affairs
OCTOBER 3, 2019
The Ukrainian police dismantled a bot farm involved in spam campaigns carried out through various services, including email and social networks. Cybercrime is a prolific business, criminal organizations continues to make profits with illegal activities in the cyberspace, but police are ready to contrast them. Cyber experts at the Ukrainian police dismantled a bot farm involved in spam campaigns carried out through various services, including email and social networks. “Cyber ??
Daniel Miessler
SEPTEMBER 29, 2019
This is UL Member Content Subscribe Already a member? Login No related posts.
Tech Republic Security
OCTOBER 2, 2019
Celebrate Cybersecurity Awareness Month by turning on two-factor authentication and replacing your "fido123" password.
Dark Reading
OCTOBER 4, 2019
Microsoft detected the so-called Phosphorus nation-state gang attacking 241 user accounts associated with a US presidential campaign, current and former US government officials, journalists, others.
Advertisement
Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!
Security Affairs
SEPTEMBER 29, 2019
Hackers have stolen more than 218 million records from the popular ‘ Words With Friends’ developed by the mobile social game company Zynga Inc. Do you remember Gnosticplayers ? The popular hacker Gnosticplayers that between February and April disclosed the existence of some massive unreported data breaches in five rounds. He offered for sale almost a billion user records stolen from nearly 45 popular online services.
Thales Cloud Protection & Licensing
OCTOBER 4, 2019
October is Cybersecurity Awareness Month and while IT departments around the globe don’t need a reminder to keep data safe and secure, this is an excellent opportunity to amplify critical cybersecurity efforts across the enterprise. If employees have been slow to download that latest security update, now there’s a timely reason to get a reminder right to the top of their in-box.
Tech Republic Security
SEPTEMBER 30, 2019
Watch out for suspicious Google Calendar invites and learn how to prevent them from making their way to your calendar.
Dark Reading
SEPTEMBER 30, 2019
Stockpiles of stolen information sitting in foreign databases are ready to be exposed the minute there's a working quantum computer in five to ten years. The time to act is now.
Advertisement
Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.
Expert insights. Personalized for you.
233 
Let's personalize your content