The Last Watchdog

AUGUST 23, 2018

Remember the old adage, you can never be too thin or too rich? The software development world has its own take on that dictum—you can never be too fast. Related: Gamification training targets iGens. Business demand dictates a frenetic pace for delivering new and better technology. To perfect the process, more organizations are taking a DevOps approach—melding software development and software operations simultaneously.

Cybersecurity 210

Cybersecurity Software Technology Education 210

Krebs on Security

AUGUST 23, 2018

In September 2017, Equifax disclosed that a failure to patch one of its Internet servers against a pervasive software flaw — in a Web component known as Apache Struts — led to a breach that exposed personal data on 147 million Americans. Now security experts are warning that blueprints showing malicious hackers how to exploit a newly-discovered Apache Struts bug are available online, leaving countless organizations in a rush to apply new updates and plug the security hole before att

Software 194

Software Internet Internet Risk 194

Schneier on Security

AUGUST 23, 2018

Another excellent paper by the Mueller/Stewart team: " Terrorism and Bathtubs: Comparing and Assessing the Risks ": Abstract : The likelihood that anyone outside a war zone will be killed by an Islamist extremist terrorist is extremely small. In the United States, for example, some six people have perished each year since 9/11 at the hands of such terrorists -- vastly smaller than the number of people who die in bathtub drownings.

Risk 167

Risk 167

Thales Cloud Protection & Licensing

AUGUST 21, 2018

The enactment of the European Union’s General Data Protection Regulation (GDPR) is a significant milestone for virtually every international business. Under the standard, organizations need to comply withan extensive set of requirements—or potentially face significant fines for failing to do so. Thales eSecurity and DataStax have come together to draft “Aligning GDPR Requirements with Today’s Hybrid-Cloud Realities,” which outlines a number of the issues organizations need to address to be GDPR

Encryption 119

Encryption Authentication Accountability 119

Advertisement

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

Passwords

The Last Watchdog

AUGUST 20, 2018

More businesses than ever before are choosing to move their IT infrastructure and systems to cloud solutions such as Amazon Web Services and Microsoft Azure. There are many reasons to choose a cloud solution including increased flexibility and scalability, as well as reduced cost. In fact, a recent study of nearly 200 businesses and entrepreneurs found that 76% are looking to cloud solutions in order to increase the efficiency of their business.

Penetration Testing 159

Penetration Testing Passwords Backups Encryption 159

Krebs on Security

AUGUST 22, 2018

Authorities in Santa Clara, Calif. have arrested and charged a 19-year-old area man on suspicion hijacking mobile phone numbers as part of a scheme to steal large sums of bitcoin and other cryptocurrencies. The arrest is the third known law enforcement action this month targeting “SIM swappers,” individuals who specialize in stealing wireless phone numbers and hijacking online financial and social media accounts tied to those numbers.

Mobile 146

Mobile Accountability Cryptocurrency Wireless 146

WIRED Threat Level

AUGUST 22, 2018

Crippled ports. Paralyzed corporations. Frozen government agencies. How a single piece of code crashed the world.

Government 112

Government 112

The Last Watchdog

AUGUST 21, 2018

DevOps has been around for a while now, accelerating the creation of leading edge business applications by blending the development side with the operations side. It should come as no surprise that security is being formally added to DevOps, resulting in an emphasis on a process being referred to as SecOps or DevSecOps. Related: How DevOps played into the Uber hack.

Digital transformation 145

Digital transformation Penetration Testing IoT Risk 145

eSecurity Planet

AUGUST 22, 2018

These IT security vendors lead the market through their innovative offerings, range of products and services, customer satisfaction and annual revenue

Cybersecurity 111

Cybersecurity Marketing 111

Schneier on Security

AUGUST 21, 2018

Modern cars have alarm systems that automatically connect to a remote call center. This makes cars harder to steal, since tripping the alarm causes a quick response. This article describes a theft attempt that tried to neutralize that security system. In the first attack, the thieves just disabled the alarm system and then left. If the owner had not immediately repaired the car, the thieves would have returned the next night and -- no longer working under time pressure -- stolen the car.

134

134

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Software

WIRED Threat Level

AUGUST 19, 2018

Your phone number is increasingly tied to your online identity. You need to do everything possible to protect it.

111

111

Troy Hunt

AUGUST 24, 2018

Home! I got up early today to a balmy 16-degree winter's day as we approach the last week before spring and felt genuinely thankful to be in this location. I've gotta stay home more. This week, there's no new blog posts due to travel commitments so it's a bit shorter, but there's still the usual array of goings on. I update how the Mozilla testing with HIBP is going, I'm going to update my Ubiquiti network at home and I get a bit cranky about people installing spyware on other people's phones.

Spyware 106

Spyware Data breaches 106

Adam Shostack

AUGUST 23, 2018

The image above is the frequency with which streets travel a certain orientation, and it’s a nifty data visualization by Geoff Boeing. What caught my attention was not just the streets of Boston and Charlotte, but the lack of variability shown for Seattle, which is a city with two grids. But then there was this really interesting tidbit, which relates to threat modeling: Kevin Lynch defined “legible” cities as those whose patterns lend themselves to coherent, organized, recognizable, and c

Architecture 100

Architecture 100

Schneier on Security

AUGUST 20, 2018

James Mickens gave an excellent keynote at the USENIX Security Conference last week, talking about the social aspects of security -- racism, sexism, etc. -- and the problems with machine learning and the Internet. Worth watching.

Internet 119

Internet Internet 119

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

WIRED Threat Level

AUGUST 24, 2018

For years, Iran has run its own secret infowar—running a remarkably similar playbook as Russia.

98

98

Security Affairs

AUGUST 22, 2018

Maintainers of the Apache Struts 2 open source development framework has released security updates to address a critical remote code execution vulnerability. Security updates released this week for the Apache Struts 2 open source development framework addressed a critical RCE tracked as CVE-2018-11776. The vulnerability affects Struts versions from 2.3 through 2.3.34, Struts 2.5 through 2.5.16, and possibly unsupported versions of the framework.

Advertising 93

Advertising Hacking 93

Adam Shostack

AUGUST 21, 2018

Wow. Blackhat, Defcon, I didn’t even make the other conferences going on in Vegas. And coming back it seems like there’s a sea of things to follow up on. I think a little bit of organization is helping me manage better this year, and so I thought I’d share what’s in my post-conference toolbox. I’m also sharing because I don’t think my workflow is optimal, and would love to learn from how others are working through this in 2018 with its profusion of ways to sta

100

100

Dark Reading

AUGUST 21, 2018

A growing number of employees have various IoT devices in their homes - where they're also connecting to an enterprise network to do their work. And that means significant threats loom.

IoT 87

IoT 87

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Architect Security

AUGUST 24, 2018

Introduction I travel a lot, sometimes alone. I have left hotels almost immediately after checking in because I felt unsafe with the accommodations. Sometimes a hotel will assign a room to two people by mistake, and one person walks in on the other using a valid key (I’ve seen this happen). RFID “hotel master keys” exist. […].

Personal Security 84

Personal Security 84

Security Affairs

AUGUST 24, 2018

T-Mobile today announced It has suffered a security breach that May have exposed personal information of up to 2 million T-mobile customers. According to the telco giant, the incident affected its US servers on August 20, leaked information includes customers’ name, billing zip code, phone number, email address, account number, and account type (prepaid or postpaid).

Mobile 89

Mobile Data breaches Advertising Accountability 89

WIRED Threat Level

AUGUST 22, 2018

Two close advisers to the president are now convicted felons. Here are six big questions about where this all goes next.

81

81

Dark Reading

AUGUST 21, 2018

Open Secure Access addresses void created by Google, Amazon decision to disallow domain fronting, company says.

Encryption 75

Encryption 75

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

Thales Cloud Protection & Licensing

AUGUST 23, 2018

While it’s no surprise to anybody reading this that data breaches are on the rise, the attacks facing healthcare organizations, most recently in Asia, are particularly worrisome. One need not look very far to find examples of the threats facing these entities: In Singapore, 1.5 million SingHealth patient records – including those of Prime Minister Lee Hsien Loong, were compromised in what is being called the Republic’s worst cyber attack.

Healthcare 72

Healthcare Data breaches Penetration Testing IoT 72

Security Affairs

AUGUST 18, 2018

Security experts have observed increasing cyber espionage activity related to China’s Belt and Road Initiative ( BRI ). The alarm was launched by the experts from cybersecurity firms FireEye and Recorded Future. China’s Belt and Road Initiative (BRI) is a development project for the building of an infrastructure connecting countries in Southeast Asia, Central Asia, the Middle East, Europe, and Africa.

Cyber threats 83

Cyber threats Advertising Malware Government 83

WIRED Threat Level

AUGUST 23, 2018

Researchers have demonstrated that they can discern individual letters on a display based only on the ultrasonic whine it emits.

77

77

Dark Reading

AUGUST 22, 2018

Analysis of 316 million-plus security incidents uncovers most common types of real-world attacks taking place within in-production Web apps in the AWS and Azure cloud ecosystems.

72

72

Advertisement

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

Software

Threatpost

AUGUST 23, 2018

Bridging the divide between hype and reality when it comes to what artificial intelligence and machine learning can do to help protect a business.

Artificial Intelligence 60

Artificial Intelligence DNS 60

Security Affairs

AUGUST 19, 2018

Researchers from Trustwave have uncovered a malspam campaign targeting banks with the FlawedAmmyy RAT. The peculiarity of this malspam campaign i s the unusual use of a Microsoft Office Publisher file to infect victims’ systems. Experts noticed an anomalous spike in the number of emails with a Microsoft Office Publisher file (a.pub attachment) and the subject line, “Payment Advice,” that was sent to domains belonging to banks.

Banking 77

Banking Advertising Malware Cybercrime 77

WIRED Threat Level

AUGUST 22, 2018

Microsoft, Facebook, and others are ramping up efforts to thwart attacks on elections—making the US government look woefully underprepared in the process.

Government 75

Government 75

Dark Reading

AUGUST 24, 2018

Emerging threats over the next two years stem from biometrics, regulations, and insiders.

56

56

Advertisement

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

Cybersecurity