Sat.May 19, 2018 - Fri.May 25, 2018

article thumbnail

Another Spectre-Like CPU Vulnerability

Schneier on Security

Google and Microsoft researchers have disclosed another Spectre-like CPU side-channel vulnerability, called " Speculative Store Bypass." Like the others, the fix will slow the CPU down. The German tech site Heise reports that more are coming. I'm not surprised. Writing about Spectre and Meltdown in January, I predicted that we'll be seeing a lot more of these sorts of vulnerabilities.

157
157
article thumbnail

New Pluralsight Course: Bug Bounties for Companies

Troy Hunt

Try publishing something to the internet - anything - and see how it long it takes before something nasty is probing away at it. Brand new website, new domain and it's mere hours (if not minutes) before requests for wp-admin are in the logs. Yes, I know it's not a Wordpress site but that doesn't matter, the bots don't care. But that's just indiscriminate scanning, nothing personal; how about deliberate and concerted attacks more specifically designed to get into your things?

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Stealthy, Destructive Malware Infects Half a Million Routers

WIRED Threat Level

Cisco researchers discover a new router malware outbreak that might also be the next cyberwar attack in Ukraine.

Malware 111
article thumbnail

Most Expensive Data Breaches Start with Third Parties: Report

Dark Reading

Data breach costs increased 24% for enterprise victims and 36% for SMBs from 2017 to 2018, researchers found.

article thumbnail

Prevent Data Breaches With Zero-Trust Enterprise Password Management

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

article thumbnail

Font Steganography

Schneier on Security

Interesting research in steganography at the font level.

article thumbnail

Weekly Update 88

Troy Hunt

Well it's all quietened down here with Scott gone so it's back to business as usual, which means, well, it's not very quiet at all! I've been in Sydney this week talking at one of our big banks and as I say in this week's update, getting out there amongst companies dealing with their unique cyber challenges is always interesting: #cyber pic.twitter.com/CIMDhPfKIP — Troy Hunt (@troyhunt) May 23, 2018.

More Trending

article thumbnail

Google to Delete 'Secure' Label from HTTPS Sites

Dark Reading

Google acknowledges HTTPS as the Internet standard with plans to remove 'secure' from all HTTPS sites.

article thumbnail

Japan's Directorate for Signals Intelligence

Schneier on Security

The Intercept has a long article on Japan's equivalent of the NSA: the Directorate for Signals Intelligence. Interesting, but nothing really surprising. The directorate has a history that dates back to the 1950s; its role is to eavesdrop on communications. But its operations remain so highly classified that the Japanese government has disclosed little about its work ­ even the location of its headquarters.

article thumbnail

Communicating About Cybersecurity in Plain English

Lenny Zeltser

When cybersecurity professionals communicate with regular, non-technical people about IT and security, they often use language that virtually guarantees that the message will be ignored or misunderstood. This is often a problem for information security and privacy policies, which are written by subject-matter experts for people who lack the expertise.

article thumbnail

How the LAPD Uses Data to Predict Crime

WIRED Threat Level

The Los Angeles Police Department is using "predictive policing" to prevent crime, but this innovative approach has its problems.

111
111
article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

What Israel's Elite Defense Force Unit 8200 Can Teach Security about Diversity

Dark Reading

Unit 8200 doesn't follow a conventional recruiting model. Technical knowledge isn't a requirement. The unit values traits that emphasize problem-solving and interpersonal skills, and it uses hiring processes that build female leaders.

64
article thumbnail

Detecting Lies through Mouse Movements

Schneier on Security

Interesting research: " The detection of faked identity using unexpected questions and mouse dynamics ," by Merulin Monaro, Luciano Gamberini, and Guiseppe Sartori. Abstract: The detection of faked identities is a major problem in security. Current memory-detection techniques cannot be used as they require prior knowledge of the respondent's true identity.

146
146
article thumbnail

John Grimm, Senior Director of IoT Security Strategy, speaks to the CyberWire Podcast

Thales Cloud Protection & Licensing

John Grimm, Thales eSecurity’s Senior Director of IoT Security Strategy, recently spoke with CyberWire’s Dave Bittner about key findings and trends from Thales eSecurity’s 2018 Global Encryption Trends Study. The CyberWire is a free, community-driven cybersecurity news service based in Baltimore. A sampling of John’s comments: The lynchpin of any good encryption system is how well you protect the key.

IoT 59
article thumbnail

You Can Send Invisible Messages With Subtle Font Tweaks

WIRED Threat Level

Researchers have developed a new technique called FontCode that hides secrets in plain sight.

110
110
article thumbnail

The Tumultuous IT Landscape Is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

article thumbnail

10 Free DevOps-Friendly Security Tools Developers Will Love

Dark Reading

Start building an affordable DevSecOps automation toolchain with these free application security tools.

63
article thumbnail

Security and Human Behavior (SHB 2018)

Schneier on Security

I'm at Carnegie Mellon University, at the eleventh Workshop on Security and Human Behavior. SHB is a small invitational gathering of people studying various aspects of the human side of security, organized each year by Alessandro Acquisti, Ross Anderson, and myself. The 50 or so people in the room include psychologists, economists, computer security researchers, sociologists, political scientists, neuroscientists, designers, lawyers, philosophers, anthropologists, business school professors, and

135
135
article thumbnail

Attackers Cashing In On Cryptocurrency With Increased Scams

Threatpost

As the popularity around cryptocurrency has continued to rise in 2018, it has also paved an easy path for cash-hungry scammers to launch “cryptocurrency giveaway scams.”.

article thumbnail

After Meltdown and Spectre, Another Scary Chip Flaw Emerges

WIRED Threat Level

A new processor vulnerability known as Speculative Store Bypass could expose user data on a huge swath of devices.

110
110
article thumbnail

The Importance of User Roles and Permissions in Cybersecurity Software

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

article thumbnail

Android Malware Comes Baked into Some New Tablets, Phones

Dark Reading

Ad-loading malware is being built into the firmware and operating system of some new tablets and phones from three major manufacturers.

Malware 61
article thumbnail

Supermarket Shoplifting

Schneier on Security

The rise of self-checkout has caused a corresponding rise in shoplifting.

Scams 128
article thumbnail

Ransomware: An Enterprise Perspective

Thales Cloud Protection & Licensing

In 2016, I provided predictions in an article entitled The (Immediate) Future of Ransomware. I indicated ransomware was going to grow and find other vectors for infection outside of simply malware links. Those predictions come true on a massive scale in particular with the WannaCry and Petya outbreaks, driven by system vulnerability vectors just as I foresaw.

article thumbnail

Don’t Freak Out About That Amazon Alexa Eavesdropping Situation

WIRED Threat Level

You should certainly understand the risks of having a smart speaker in your home, but there’s a perfectly good explanation for how that rogue message might have gotten sent.

Risk 109
article thumbnail

IDC Analyst Report: The Open Source Blind Spot Putting Businesses at Risk

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

article thumbnail

6 Steps for Applying Data Science to Security

Dark Reading

Two experts share their data science know-how in a tutorial focusing on internal DNS query analysis.

DNS 59
article thumbnail

How to Stop Advanced Persistent Threats

eSecurity Planet

The security professional's guide to advanced persistent threats and how to stop and prevent them.

52
article thumbnail

VPNFilter Malware Infects 500k Routers Including Linksys, MikroTik, NETGEAR

Threatpost

Researchers warn of malware infecting 500,000 popular routers in a campaign mostly targeting the Ukraine, but also 54 other countries.

Malware 50
article thumbnail

‘Significant’ FBI Error Reignites Data Encryption Debate

WIRED Threat Level

FBI stats about inaccessible cellphones were inflated, undermining already controversial bureau claims about the threat of encryption.

article thumbnail

The Cloud Development Environment Adoption Report

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

article thumbnail

Bridging the Cybersecurity Talent Gap

Dark Reading

There's no one surefire way of fixing the problem, which endangers everyone's security. There are, however, several options we should try.

article thumbnail

Highlights from Cloud Expo Asia Hong Kong 2018

Thales Cloud Protection & Licensing

The rules of risk taking. What kind of person are you? Are you a risk taker or someone who like to play it safe? Is your organization one that takes risk, or is it risk averse? Let’s take digital transformation , for example. Most organizations want to embrace it, but feel constricted due to data privacy concerns and compliance regulations. However, companies that can’t or won’t find a path forward run the risk (pun intended!

article thumbnail

Intel Responds to Spectre-Like Flaw In CPUs

Threatpost

Intel on Monday acknowledged that its processors are vulnerable to another Spectre-like speculative execution side channel flaw that could allow attackers to access information.

48
article thumbnail

Facebook Is Beefing Up Its Two-Factor Authentication

WIRED Threat Level

The update, now available to most users, comes several months after Facebook was criticized for spamming users' two-factor authentication phone numbers.

article thumbnail

Bringing the Cybersecurity Imperative Into Focus

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!