Sat.Mar 03, 2018 - Fri.Mar 09, 2018

article thumbnail

Extracting Secrets from Machine Learning Systems

Schneier on Security

This is fascinating research about how the underlying training data for a machine-learning system can be inadvertently exposed. Basically, if a machine-learning system trains on a dataset that contains secret information, in some cases an attacker can query the system to extract that secret information. My guess is that there is a lot more research to be done here.

171
171
article thumbnail

Weekly Update 77 (Seattle Edition)

Troy Hunt

I'm in Seattle! This has been a mega week at the Microsoft MVP and Regional Director summits and as I say in the video, I'm actually a little run down now that it's all done. But I've had a wonderful week of meeting a heap of people and seeing some very cool stuff from Microsoft, especially around Azure which remains one of my favourite tech things.

Passwords 112
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

How Dutch Police Took Over Hansa, a Top Dark Web Market

WIRED Threat Level

Dutch police detail for the first time how they secretly hijacked Hansa, Europe's most popular dark web market.

Marketing 112
article thumbnail

2018 Global Data Regulations & Compliance Heat Up – Are you Ready?

Thales Cloud Protection & Licensing

Every year, new regulations and compliance orders come into play that impact businesses across the world. This year, the major regulation that will be implemented, is the European Union’s General Data Protection Regulation (GDPR) , which takes effect on May 25, 2018. GDPR enables consumers to view, limit and control how companies collect and process their personal data.

article thumbnail

Prevent Data Breaches With Zero-Trust Enterprise Password Management

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

article thumbnail

Security Vulnerabilities in Smart Contracts

Schneier on Security

Interesting research: " Finding The Greedy, Prodigal, and Suicidal Contracts at Scale ": Abstract: Smart contracts -- stateful executable objects hosted on blockchains like Ethereum -- carry billions of dollars worth of coins and cannot be updated once deployed. We present a new systematic characterization of a class of trace vulnerabilities , which result from analyzing multiple invocations of a contract over its lifetime.

163
163
article thumbnail

6 Questions to Ask Your Cloud Provider Right Now

Dark Reading

Experts share the security-focused issues all businesses should explore when researching and using cloud services.

70

More Trending

article thumbnail

How to Prepare for the Future of Healthcare Digital Security

Thales Cloud Protection & Licensing

Healthcare’s IT evolution has brought numerous security challenges including regulations, the use of digitally transformative technologies that have created huge amounts of data to store and protect, and the extraordinary value of electronic personal health information (ePHI) to cybercriminals. In this blog post, I’ll discuss how healthcare enterprises can not only meet these challenges, but go beyond compliance to best practice to secure their data and their reputations.

article thumbnail

Intimate Partner Threat

Schneier on Security

Princeton's Karen Levy has a good article computer security and the intimate partner threat: When you learn that your privacy has been compromised, the common advice is to prevent additional access -- delete your insecure account, open a new one, change your password. This advice is such standard protocol for personal security that it's almost a no-brainer.

Passwords 151
article thumbnail

POS Malware Found at 160 Applebee’s Restaurant Locations

Threatpost

Malware found on POS systems at Applebee's restaurants potentially stole customer credit card information.

Malware 64
article thumbnail

Leaked NSA Tool 'Territorial Dispute' Reveals the Agency's List of Enemy Hackers

WIRED Threat Level

A leaked NSA tool offers a glimpse into what the NSA knows about the hacking operations of adversaries—some of which may still be secretly ongoing.

Hacking 111
article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

ArcSight vs Splunk: Top SIEM Solutions Compared

eSecurity Planet

We compare ArcSight and Splunk, two top SIEM solutions rated highly by users and analysts.

60
article thumbnail

New DDoS Reflection-Attack Variant

Schneier on Security

This is worrisome: DDoS vandals have long intensified their attacks by sending a small number of specially designed data packets to publicly available services. The services then unwittingly respond by sending a much larger number of unwanted packets to a target. The best known vectors for these DDoS amplification attacks are poorly secured domain name system resolution servers , which magnify volumes by as much as 50 fold, and network time protocol , which increases volumes by about 58 times.

DDOS 144
article thumbnail

Hunting down Gooligan — retrospective analysis

Elie

This talk provides a retrospective on how during 2017 Check Point and Google jointly hunted down Gooligan – one of the largest Android botnets at the time. Beside its scale what makes Gooligan a worthwhile case-study is its heavy reliance on stolen oauth tokens to attack Google Play’s API, an approach previously unheard of in malware. This talk starts by providing an in-depth analysis of how Gooligan’s kill-chain works from infection and exploitation to system-wide compromise.

Malware 59
article thumbnail

Ad-Blocker Ghostery Just Went Open Source—And Has a New Business Model

WIRED Threat Level

Ghostery, Edward Snowden’s preferred ad-blocker, details how a privacy tool can actually make money without being gross.

108
108
article thumbnail

The Tumultuous IT Landscape Is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

article thumbnail

Insider Threat Seriously Undermining Healthcare Cybersecurity

Dark Reading

Two separate reports suggest insiders - of the malicious and careless variety - pose more of a problem in healthcare than any other sector.

article thumbnail

History of the US Army Security Agency

Schneier on Security

Interesting history of the US Army Security Agency in the early years of Cold War Germany.

131
131
article thumbnail

Cryptomining Gold Rush: One Gang Rakes In $7M Over 6 Months

Threatpost

Report outlines lucrative rise of nefarious cyrptoming groups and their complex new business models.

Hacking 52
article thumbnail

Reddit Still Hosts Links to Russian Propaganda Sites

WIRED Threat Level

Reddit has deleted hundreds of Russian troll accounts, but the links they shared remain, forming a digital trail of the Internet Research Agency's actions on the platform.

Internet 108
article thumbnail

The Importance of User Roles and Permissions in Cybersecurity Software

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

article thumbnail

7 University-Connected Cyber Ranges to Know Now

Dark Reading

Universities are beginning to add cyber ranges to the facilities for teaching cyber security to students and professionals.

52
article thumbnail

OURSA Conference

Schneier on Security

Responding to the lack of diversity at the RSA Conference, a group of security experts have announced a competing one-day conference: OUR Security Advocates, or OURSA. It's in San Francisco, and it's during RSA, so you can attend both.

126
126
article thumbnail

IRS Warns About New Cyber Scam Targeting Taxpayers

Privacy and Cybersecurity Law

Last month, the United States (US) Internal Revenue Service (IRS) issued a warning to US taxpayers that cyber criminals are increasing their […].

Scams 52
article thumbnail

Router-Hacking "Slingshot" Spy Operation Compromised More Than 100 Targets

WIRED Threat Level

A sophisticated hacking campaign used routers as a stepping stone to plant spyware deep in target machines across the Middle East and Africa.

Hacking 106
article thumbnail

IDC Analyst Report: The Open Source Blind Spot Putting Businesses at Risk

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

article thumbnail

Microsoft Windows Defender Prevents 400,000 Dofoil Infections

Dark Reading

Improved anti-malware detection prevented spread of cryptomining software this week, says Microsoft.

Malware 52
article thumbnail

Kali Linux in the Windows App Store

Kali Linux

No, really…this isn’t clickbait. For the past few weeks, we’ve been working with the Microsoft WSL team to get Kali Linux introduced into the Microsoft App Store as an official WSL distribution and today we’re happy to announce the availability of the “Kali Linux” Windows application. For Windows 10 users, this means you can simply enable WSL, search for Kali in the Windows store, and install it with a single click.

article thumbnail

KACE Systems Management Appliance: Patch Management Overview and Analysis

eSecurity Planet

We review the KACE Systems Management Appliance, a patch and endpoint management solution that can patch 20,000 machines in four hours.

50
article thumbnail

Pennsylvania Sues Uber Over Data Breach Disclosure

WIRED Threat Level

Pennsylvania’s attorney general filed a lawsuit against the ride-hailing giant Monday for failing to disclose a massive hack for over a year—and may not be the last.

article thumbnail

The Cloud Development Environment Adoption Report

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

article thumbnail

Identity Management: Where It Stands, Where It's Going

Dark Reading

How companies are changing the approach to identity management as people become increasingly digital.

52
article thumbnail

KMIP: The Cure for the Common Key Management Headache

Thales Cloud Protection & Licensing

In many organizations, the proliferation of encryption deployments has been directly proportional to the rise in disparate key repositories—and associated key management headaches. The Key Management Interoperability Protocol (KMIP) represents a cure to this common malady. Read on to learn more about the standard and why its usage is starting to see explosive growth.

article thumbnail

Vulnerability in Robots Can Lead To Costly Ransomware Attacks

Threatpost

A vulnerability recently found in several robots on the market can enable hackers to cause them to stop working, curse at customers, or even perform violent movements as part of ransomware attacks.

article thumbnail

Newly Found Equifax Victims, Apple Vulnerabilities, and More Security News This Week

WIRED Threat Level

A higher Equifax tally, Apple vulnerabilities, and more of the week's top security news.

96
article thumbnail

Bringing the Cybersecurity Imperative Into Focus

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!