Schneier on Security
JUNE 14, 2018
For many years, I have said that complexity is the worst enemy of security. At CyCon earlier this month, Thomas Dullien gave an excellent talk on the subject with far more detail than I've ever provided. Video. Slides.
The Last Watchdog
JUNE 13, 2018
The most profound threat to corporate networks isn’t the latest, greatest malware. It’s carbon-based life forms. Humans tend to be gullible and impatient. With our affiliations and preferences put in play by search engines and social media, we’re perfect patsies for social engineering. And because we are slaves to convenience, we have a propensity for taking shortcuts when it comes to designing, configuring and using digital systems.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Krebs on Security
JUNE 13, 2018
In the days following revelations last September that big-three consumer credit bureau Equifax had been hacked and relieved of personal data on nearly 150 million people , many Americans no doubt felt resigned and powerless to control their information. But not Jessamyn West. The 49-year-old librarian from a tiny town in Vermont took Equifax to court.
Troy Hunt
JUNE 11, 2018
Running Have I Been Pwned (HIBP) has presented some fascinating insights into all sorts of aspects of how data breaches affect us; the impact on the individual victims such as you and I, of course, but also how they affect the companies involved and increasingly, the role of government and law enforcement in dealing with these incidents. Last week I had an all new situation arise related to that last point and I want to explain it properly here so it makes sense if someone finds themselves in th
Advertisement
Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.
Schneier on Security
JUNE 13, 2018
Internet censors have a new strategy in their bid to block applications and websites: pressuring the large cloud providers that host them. These providers have concerns that are much broader than the targets of censorship efforts, so they have the choice of either standing up to the censors or capitulating in order to maximize their business. Today's Internet largely reflects the dominance of a handful of companies behind the cloud services, search engines and mobile platforms that underpin the
The Last Watchdog
JUNE 14, 2018
Threat actors in the hunt for vulnerable targets often look first to ubiquitous platforms. It makes perfect sense for them to do so. Related article: Triaging open-source exposures. Finding a coding or design flaw on Windows OS can point the way to unauthorized to access to a treasure trove of company networks that use Windows. The same holds true for probing widely used open source protocols, as occurred when Heartbleed and Shellshock came to light.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
Troy Hunt
JUNE 10, 2018
Wow wow wow! What a week! This video is going out a couple of days late but if ever I had a good excuse for it, this week is the one. Scott and I are in Oslo this week having just flown in from London where we collectively scooped up 3 awards, one each at the European Blogger Awards and the big one (quite literally - the thing weights several kilos), the SC Award for Best Emerging Technology courtesy of Report URI.
Schneier on Security
JUNE 12, 2018
iOS 12, the next release of Apple's iPhone operating system, may include features to prevent someone from unlocking your phone without your permission: The feature essentially forces users to unlock the iPhone with the passcode when connecting it to a USB accessory everytime the phone has not been unlocked for one hour. That includes the iPhone unlocking devices that companies such as Cellebrite or GrayShift make, which police departments all over the world use to hack into seized iPhones.
The Last Watchdog
JUNE 14, 2018
The variety of laws and regulations governing how organizations manage and share sensitive information can look like a bowl of alphabet soup: HIPAA, GDPR, SOX, PCI and GLBA. A multinational conglomerate, government contractor, or public university must comply with ten or more, which makes demonstrating regulatory compliance seem like a daunting, even impossible, undertaking.
WIRED Threat Level
JUNE 14, 2018
Russia expects as many as 2 million visitors during the 2018 World Cup, most of whom should take extra precautions against the country's many cyber risks.
Advertisement
After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!
eSecurity Planet
JUNE 12, 2018
Gartner analyst lists 10 security projects CISOs should consider this year - and 10 they should have already done.
Dark Reading
JUNE 14, 2018
This often overlooked open source tool uses deep packet inspection to transform network traffic into exceptionally useful, real-time data for security operations.
Thales Cloud Protection & Licensing
JUNE 14, 2018
Did you know that every zebra has its own unique stripe pattern? Just like a human fingerprint, every zebra can be identified by their distinctive set of stripes. Luckily, zebras don’t use mobile devices, or manufacturers would be hard at work on stripe recognition technology. But they’d also be working to supplement their stripe recognition and biometrics with behavioral analytics.
WIRED Threat Level
JUNE 10, 2018
Microsoft's Windows red team probes and prods the world's biggest operating system through the eyes of an adversary.
Advertisement
How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.
NopSec
JUNE 13, 2018
Many of our clients at NopSec have mature web application security programs with their own internal white hat penetration testing personnel. Performing penetration testing in coordination with an agile software development team presents unique challenges as the speed of feature development can make thorough testing of the application difficult to achieve.
Dark Reading
JUNE 14, 2018
HealthEquity, which handles more than 3.4 million health savings accounts, was breached when an intruder accessed an employee's email.
Thales Cloud Protection & Licensing
JUNE 12, 2018
The expression “a leopard cannot change its spots” maintains that it is challenging to alter ones’ inherent nature — not only who you are but also what defines you. Your spots, in this case, include your ways, habits, and behaviors. In this age of big data, the concept is fitting, because this kind of information is increasingly being used to identify individuals and even machines.
WIRED Threat Level
JUNE 14, 2018
Jeff Flake and Chris Coons sent Jeff Bezos a letter Thursday with nearly 30 questions about how the company handles user data and privacy.
Advertiser: Revenera
In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.
Threatpost
JUNE 11, 2018
Researchers found three vulnerabilities in Foscam connected security cameras that could enable a bad actor to gain root access knowing only the camera’s IP address.
Dark Reading
JUNE 15, 2018
Very few organizations have fully incorporated all relevant risks and threats into their current digital strategy, research finds.
eSecurity Planet
JUNE 13, 2018
While there are a lot of things that containers do to help improve security, there are still some missing pieces.
WIRED Threat Level
JUNE 12, 2018
The arrest of dozens of alleged Nigerian email scammers and their associates is a small, but important, first step toward tackling an enormous problem.
Advertisement
Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.
Threatpost
JUNE 15, 2018
While other malware families have been searching for new overlay techniques for Android 7 and 8, MysteryBot appears to have found a solution.
Dark Reading
JUNE 14, 2018
Realizing the wide scope of fraud should be at the top of every business executive's to-do list. Here's some practical advice to help you stay safe.
Schneier on Security
JUNE 15, 2018
It's Cephalopod Week ! "Three hearts, eight arms, can't lose.". As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Read my blog posting guidelines here.
WIRED Threat Level
JUNE 15, 2018
Roger Clark allegedly served as Ross Ulbricht's Silk Road consigliere. Friday, the feds announced his extradition from Thailand.
Advertisement
Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!
Threatpost
JUNE 12, 2018
One of the most serious issues is a critical remote code execution vulnerability in the Windows DNS, which could allow an attacker to take full control of the targeted machine.
Dark Reading
JUNE 13, 2018
Researchers dig into four types of cyberattacks targeting blockchain, how they work, and why early adopters are the easiest targets.
Schneier on Security
JUNE 11, 2018
On May 25, the FBI asked us all to reboot our routers. The story behind this request is one of sophisticated malware and unsophisticated home-network security, and it's a harbinger of the sorts of pervasive threats from nation-states, criminals and hackers that we should expect in coming years. VPNFilter is a sophisticated piece of malware that infects mostly older home and small-office routers made by Linksys, MikroTik, Netgear, QNAP and TP-Link.
WIRED Threat Level
JUNE 14, 2018
As recent events have shown, using an encrypted messaging app like WhatsApp or Signal is no privacy panacea.
Advertisement
Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.
Expert insights. Personalized for you.
193 
Let's personalize your content