Sat.Mar 03, 2018 - Fri.Mar 09, 2018

article thumbnail

Extracting Secrets from Machine Learning Systems

Schneier on Security

This is fascinating research about how the underlying training data for a machine-learning system can be inadvertently exposed. Basically, if a machine-learning system trains on a dataset that contains secret information, in some cases an attacker can query the system to extract that secret information. My guess is that there is a lot more research to be done here.

160
160
article thumbnail

Weekly Update 77 (Seattle Edition)

Troy Hunt

I'm in Seattle! This has been a mega week at the Microsoft MVP and Regional Director summits and as I say in the video, I'm actually a little run down now that it's all done. But I've had a wonderful week of meeting a heap of people and seeing some very cool stuff from Microsoft, especially around Azure which remains one of my favourite tech things.

Passwords 112
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

2018 Global Data Regulations & Compliance Heat Up – Are you Ready?

Thales Cloud Protection & Licensing

Every year, new regulations and compliance orders come into play that impact businesses across the world. This year, the major regulation that will be implemented, is the European Union’s General Data Protection Regulation (GDPR) , which takes effect on May 25, 2018. GDPR enables consumers to view, limit and control how companies collect and process their personal data.

article thumbnail

Reddit Still Hosts Links to Russian Propaganda Sites

WIRED Threat Level

Reddit has deleted hundreds of Russian troll accounts, but the links they shared remain, forming a digital trail of the Internet Research Agency's actions on the platform.

article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

Security Vulnerabilities in Smart Contracts

Schneier on Security

Interesting research: " Finding The Greedy, Prodigal, and Suicidal Contracts at Scale ": Abstract: Smart contracts -- stateful executable objects hosted on blockchains like Ethereum -- carry billions of dollars worth of coins and cannot be updated once deployed. We present a new systematic characterization of a class of trace vulnerabilities , which result from analyzing multiple invocations of a contract over its lifetime.

155
155
article thumbnail

Hunting down Gooligan — retrospective analysis

Elie

This talk provides a retrospective on how during 2017 Check Point and Google jointly hunted down Gooligan – one of the largest Android botnets at the time. Beside its scale what makes Gooligan a worthwhile case-study is its heavy reliance on stolen oauth tokens to attack Google Play’s API, an approach previously unheard of in malware. This talk starts by providing an in-depth analysis of how Gooligan’s kill-chain works from infection and exploitation to system-wide compromise.

Malware 59

More Trending

article thumbnail

Leaked NSA Tool 'Territorial Dispute' Reveals the Agency's List of Enemy Hackers

WIRED Threat Level

A leaked NSA tool offers a glimpse into what the NSA knows about the hacking operations of adversaries—some of which may still be secretly ongoing.

Hacking 98
article thumbnail

Intimate Partner Threat

Schneier on Security

Princeton's Karen Levy has a good article computer security and the intimate partner threat: When you learn that your privacy has been compromised, the common advice is to prevent additional access -- delete your insecure account, open a new one, change your password. This advice is such standard protocol for personal security that it's almost a no-brainer.

Passwords 142
article thumbnail

KACE Systems Management Appliance: Patch Management Overview and Analysis

eSecurity Planet

We review the KACE Systems Management Appliance, a patch and endpoint management solution that can patch 20,000 machines in four hours.

68
article thumbnail

Kali Linux in the Windows App Store

Kali Linux

No, really…this isn’t clickbait. For the past few weeks, we’ve been working with the Microsoft WSL team to get Kali Linux introduced into the Microsoft App Store as an official WSL distribution and today we’re happy to announce the availability of the “Kali Linux” Windows application. For Windows 10 users, this means you can simply enable WSL, search for Kali in the Windows store, and install it with a single click.

article thumbnail

The Tumultuous IT Landscape Is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

article thumbnail

How Dutch Police Took Over Hansa, a Top Dark Web Market

WIRED Threat Level

Dutch police detail for the first time how they secretly hijacked Hansa, Europe's most popular dark web market.

Marketing 111
article thumbnail

New DDoS Reflection-Attack Variant

Schneier on Security

This is worrisome: DDoS vandals have long intensified their attacks by sending a small number of specially designed data packets to publicly available services. The services then unwittingly respond by sending a much larger number of unwanted packets to a target. The best known vectors for these DDoS amplification attacks are poorly secured domain name system resolution servers , which magnify volumes by as much as 50 fold, and network time protocol , which increases volumes by about 58 times.

DDOS 138
article thumbnail

6 Questions to Ask Your Cloud Provider Right Now

Dark Reading

Experts share the security-focused issues all businesses should explore when researching and using cloud services.

70
article thumbnail

ArcSight vs Splunk: Top SIEM Solutions Compared

eSecurity Planet

We compare ArcSight and Splunk, two top SIEM solutions rated highly by users and analysts.

76
article thumbnail

The Importance of User Roles and Permissions in Cybersecurity Software

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

article thumbnail

Pennsylvania Sues Uber Over Data Breach Disclosure

WIRED Threat Level

Pennsylvania’s attorney general filed a lawsuit against the ride-hailing giant Monday for failing to disclose a massive hack for over a year—and may not be the last.

article thumbnail

OURSA Conference

Schneier on Security

Responding to the lack of diversity at the RSA Conference, a group of security experts have announced a competing one-day conference: OUR Security Advocates, or OURSA. It's in San Francisco, and it's during RSA, so you can attend both.

122
122
article thumbnail

IRS Warns About New Cyber Scam Targeting Taxpayers

Privacy and Cybersecurity Law

Last month, the United States (US) Internal Revenue Service (IRS) issued a warning to US taxpayers that cyber criminals are increasing their […].

Scams 52
article thumbnail

KMIP: The Cure for the Common Key Management Headache

Thales Cloud Protection & Licensing

In many organizations, the proliferation of encryption deployments has been directly proportional to the rise in disparate key repositories—and associated key management headaches. The Key Management Interoperability Protocol (KMIP) represents a cure to this common malady. Read on to learn more about the standard and why its usage is starting to see explosive growth.

article thumbnail

IDC Analyst Report: The Open Source Blind Spot Putting Businesses at Risk

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

article thumbnail

Router-Hacking "Slingshot" Spy Operation Compromised More Than 100 Targets

WIRED Threat Level

A sophisticated hacking campaign used routers as a stepping stone to plant spyware deep in target machines across the Middle East and Africa.

Hacking 87
article thumbnail

History of the US Army Security Agency

Schneier on Security

Interesting history of the US Army Security Agency in the early years of Cold War Germany.

126
126
article thumbnail

Insider Threat Seriously Undermining Healthcare Cybersecurity

Dark Reading

Two separate reports suggest insiders - of the malicious and careless variety - pose more of a problem in healthcare than any other sector.

article thumbnail

POS Malware Found at 160 Applebee’s Restaurant Locations

Threatpost

Malware found on POS systems at Applebee's restaurants potentially stole customer credit card information.

Malware 64
article thumbnail

The Cloud Development Environment Adoption Report

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

article thumbnail

How Leaked NSA Spy Tool 'EternalBlue' Became a Hacker Favorite

WIRED Threat Level

EternalBlue leaked to the public nearly a year ago. It's wreaked havoc ever since.

109
109
article thumbnail

IRS Warns About New Cyber Scam Targeting Taxpayers

Privacy and Cybersecurity Law

Last month, the United States (US) Internal Revenue Service (IRS) issued a warning to US taxpayers that cyber criminals are increasing their efforts to steal more detailed financial information from taxpayers in order to provide a more detailed, realistic tax return and better impersonate legitimate taxpayers. These efforts include targeting tax professionals, human resource departments, businesses, and other enterprises that store large amounts of sensitive financial information.

Scams 40
article thumbnail

Privilege Abuse Attacks: 4 Common Scenarios

Dark Reading

It doesn't matter if the threat comes from a disgruntled ex-employee or an insider anticipating financial gain, privilege abuse patterns are pretty much the same, and they're easy to avoid.

49
article thumbnail

Vulnerability in Robots Can Lead To Costly Ransomware Attacks

Threatpost

A vulnerability recently found in several robots on the market can enable hackers to cause them to stop working, curse at customers, or even perform violent movements as part of ransomware attacks.

article thumbnail

Bringing the Cybersecurity Imperative Into Focus

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

article thumbnail

Ad-Blocker Ghostery Just Went Open Source—And Has a New Business Model

WIRED Threat Level

Ghostery, Edward Snowden’s preferred ad-blocker, details how a privacy tool can actually make money without being gross.

89
article thumbnail

Cisco Firepower NGIPS: IDPS Product Overview and Analysis

eSecurity Planet

We review Cisco's Next-Generation Intrusion Prevention System, which can defend small branch offices up to large enterprises against security breaches

40
article thumbnail

How Guccifer 2.0 Got 'Punk'd' by a Security Researcher

Dark Reading

Security expert and former Illinois state senate candidate John Bambenek details his two months of online interaction with the 'unsupervised cutout' who shared with him more stolen DCCC documents.

48
article thumbnail

Security Camera Found Riddled With Bugs

Threatpost

Hanwha is patching 13 vulnerabilities in its SmartCam security camera that allows attackers to take control of the device, use it to gain further network access or just brick it.

DNS 44
article thumbnail

Cybersecurity Predictions for 2024

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.