Schneier on Security
JUNE 14, 2018
For many years, I have said that complexity is the worst enemy of security. At CyCon earlier this month, Thomas Dullien gave an excellent talk on the subject with far more detail than I've ever provided. Video. Slides.
Krebs on Security
JUNE 13, 2018
In the days following revelations last September that big-three consumer credit bureau Equifax had been hacked and relieved of personal data on nearly 150 million people , many Americans no doubt felt resigned and powerless to control their information. But not Jessamyn West. The 49-year-old librarian from a tiny town in Vermont took Equifax to court.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
The Last Watchdog
JUNE 13, 2018
The most profound threat to corporate networks isn’t the latest, greatest malware. It’s carbon-based life forms. Humans tend to be gullible and impatient. With our affiliations and preferences put in play by search engines and social media, we’re perfect patsies for social engineering. And because we are slaves to convenience, we have a propensity for taking shortcuts when it comes to designing, configuring and using digital systems.
Troy Hunt
JUNE 11, 2018
Running Have I Been Pwned (HIBP) has presented some fascinating insights into all sorts of aspects of how data breaches affect us; the impact on the individual victims such as you and I, of course, but also how they affect the companies involved and increasingly, the role of government and law enforcement in dealing with these incidents. Last week I had an all new situation arise related to that last point and I want to explain it properly here so it makes sense if someone finds themselves in th
Advertisement
Many cybersecurity awareness platforms offer massive content libraries, yet they fail to enhance employees’ cyber resilience. Without structured, engaging, and personalized training, employees struggle to retain and apply key cybersecurity principles. Phished.io explains why organizations should focus on interactive, scenario-based learning rather than overwhelming employees with excessive content.
Schneier on Security
JUNE 13, 2018
Internet censors have a new strategy in their bid to block applications and websites: pressuring the large cloud providers that host them. These providers have concerns that are much broader than the targets of censorship efforts, so they have the choice of either standing up to the censors or capitulating in order to maximize their business. Today's Internet largely reflects the dominance of a handful of companies behind the cloud services, search engines and mobile platforms that underpin the
eSecurity Planet
JUNE 12, 2018
Gartner analyst lists 10 security projects CISOs should consider this year - and 10 they should have already done.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
|
Troy Hunt
JUNE 10, 2018
Wow wow wow! What a week! This video is going out a couple of days late but if ever I had a good excuse for it, this week is the one. Scott and I are in Oslo this week having just flown in from London where we collectively scooped up 3 awards, one each at the European Blogger Awards and the big one (quite literally - the thing weights several kilos), the SC Award for Best Emerging Technology courtesy of Report URI.
Schneier on Security
JUNE 12, 2018
iOS 12, the next release of Apple's iPhone operating system, may include features to prevent someone from unlocking your phone without your permission: The feature essentially forces users to unlock the iPhone with the passcode when connecting it to a USB accessory everytime the phone has not been unlocked for one hour. That includes the iPhone unlocking devices that companies such as Cellebrite or GrayShift make, which police departments all over the world use to hack into seized iPhones.
Adam Shostack
JUNE 14, 2018
Today’s Threat Model Thursday is a look at “ Post-Spectre Threat Model Re-Think ,” from a dozen or so folks at Google. As always, I’m looking at this from a perspective of what can we learn and to encourage dialogue around what makes for a good threat model. What are we working on? From the title, I’d assume Chromium, but there’s a fascinating comment in the introduction that this is wider: “ any software that both (a) runs (native or interpreted) code f
The Last Watchdog
JUNE 14, 2018
The variety of laws and regulations governing how organizations manage and share sensitive information can look like a bowl of alphabet soup: HIPAA, GDPR, SOX, PCI and GLBA. A multinational conglomerate, government contractor, or public university must comply with ten or more, which makes demonstrating regulatory compliance seem like a daunting, even impossible, undertaking.
Advertisement
The DHS compliance audit clock is ticking on Zero Trust. Government agencies can no longer ignore or delay their Zero Trust initiatives. During this virtual panel discussion—featuring Kelly Fuller Gordon, Founder and CEO of RisX, Chris Wild, Zero Trust subject matter expert at Zermount, Inc., and Principal of Cybersecurity Practice at Eliassen Group, Trey Gannon—you’ll gain a detailed understanding of the Federal Zero Trust mandate, its requirements, milestones, and deadlines.
WIRED Threat Level
JUNE 10, 2018
Microsoft's Windows red team probes and prods the world's biggest operating system through the eyes of an adversary.
Dark Reading
JUNE 14, 2018
This often overlooked open source tool uses deep packet inspection to transform network traffic into exceptionally useful, real-time data for security operations.
Threatpost
JUNE 12, 2018
Malware can to worm its way onto Macs thanks to a recently discovered code-signing bypass flaw.
Thales Cloud Protection & Licensing
JUNE 14, 2018
Did you know that every zebra has its own unique stripe pattern? Just like a human fingerprint, every zebra can be identified by their distinctive set of stripes. Luckily, zebras don’t use mobile devices, or manufacturers would be hard at work on stripe recognition technology. But they’d also be working to supplement their stripe recognition and biometrics with behavioral analytics.
Advertisement
Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.
WIRED Threat Level
JUNE 9, 2018
Opinion: The NATO Secretary General explains how the alliance manages the dark side of the web.
Dark Reading
JUNE 15, 2018
Very few organizations have fully incorporated all relevant risks and threats into their current digital strategy, research finds.
Threatpost
JUNE 15, 2018
While other malware families have been searching for new overlay techniques for Android 7 and 8, MysteryBot appears to have found a solution.
NopSec
JUNE 13, 2018
Many of our clients at NopSec have mature web application security programs with their own internal white hat penetration testing personnel. Performing penetration testing in coordination with an agile software development team presents unique challenges as the speed of feature development can make thorough testing of the application difficult to achieve.
Advertisement
Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.
WIRED Threat Level
JUNE 14, 2018
Russia expects as many as 2 million visitors during the 2018 World Cup, most of whom should take extra precautions against the country's many cyber risks.
Dark Reading
JUNE 14, 2018
HealthEquity, which handles more than 3.4 million health savings accounts, was breached when an intruder accessed an employee's email.
eSecurity Planet
JUNE 13, 2018
While there are a lot of things that containers do to help improve security, there are still some missing pieces.
Threatpost
JUNE 14, 2018
World Cup travelers should leave their mobile phones, laptops and tablets behind.
Advertisement
How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.
WIRED Threat Level
JUNE 14, 2018
As recent events have shown, using an encrypted messaging app like WhatsApp or Signal is no privacy panacea.
Dark Reading
JUNE 13, 2018
We deserve a seat at the executive table, and we'll be much better at our jobs once we take it.
Thales Cloud Protection & Licensing
JUNE 12, 2018
The expression “a leopard cannot change its spots” maintains that it is challenging to alter ones’ inherent nature — not only who you are but also what defines you. Your spots, in this case, include your ways, habits, and behaviors. In this age of big data, the concept is fitting, because this kind of information is increasingly being used to identify individuals and even machines.
Threatpost
JUNE 14, 2018
The move escalates tensions between the phone giant and federal law enforcement when it comes to mobile security.
Advertisement
After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!
WIRED Threat Level
JUNE 14, 2018
Jeff Flake and Chris Coons sent Jeff Bezos a letter Thursday with nearly 30 questions about how the company handles user data and privacy.
Dark Reading
JUNE 13, 2018
China and the US are the world's leading sources of distributed denial-of-service botnet attacks.
Schneier on Security
JUNE 15, 2018
It's Cephalopod Week ! "Three hearts, eight arms, can't lose.". As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Read my blog posting guidelines here.
Threatpost
JUNE 13, 2018
The wiper malware affecting 9,000 workstations and 500 servers inside Chile’s largest financial institution turns out to have been a distraction.
Advertiser: Revenera
In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.
Expert insights. Personalized for you.
227 
Let's personalize your content