Schneier on Security

APRIL 9, 2018

This vulnerability is a result of an interaction between two different ways of handling e-mail addresses. Gmail ignores dots in addresses, so bruce.schneier@gmail.com is the same as bruceschneier@gmail.com is the same as b.r.u.c.e.schneier@gmail.com. (Note: I do not own any of those email addresses -- if they're even valid.) Netflix doesn't ignore dots, so those are all unique e-mail addresses and can each be used to register an account.

Accountability 253

Accountability Scams Phishing 253

Troy Hunt

APRIL 12, 2018

I received a very nice email this week: Congratulations, your nomination has been accepted to the Microsoft Regional Director program! I am pleased to welcome you back to this worldwide community of technology thought leaders and thank you for being a part of this community. Just over 2 years ago, I first became a Microsoft Regional Director. This is a role that has meant a great deal to me over that time; it's not one you can sit an exam for and no amount of money will buy you one either.

InfoSec 155

InfoSec Technology Media Internet 155

WIRED Threat Level

APRIL 12, 2018

A study finds that Android phones aren't just slow to get patched; sometimes they lie about being patched when they're not.

111

111

Dark Reading

APRIL 9, 2018

Retailer says customer payment and other information may have been exposed via the breach of [24]7.ai online chat provider.

Retail 93

Retail 93

Advertisement

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

Passwords

Schneier on Security

APRIL 13, 2018

Interesting research: " 'Won't Somebody Think of the Children?' Examining COPPA Compliance at Scale ": Abstract: We present a scalable dynamic analysis framework that allows for the automatic evaluation of the privacy behaviors of Android apps. We use our system to analyze mobile apps' compliance with the Children's Online Privacy Protection Act (COPPA), one of the few stringent privacy laws in the U.S.

Advertising 156

Advertising Mobile 156

Lenny Zeltser

APRIL 9, 2018

Is it better to perform product management of information security solutions at a large company or at a startup? Picking the setting that’s right for you isn’t as simple as craving the exuberant energy of a young firm or coveting the resources and brand of an organization that’s been around for a while. Each environment has its challenges and advantages for product managers.

InfoSec 82

InfoSec Marketing Information Security Technology 82

Threatpost

APRIL 9, 2018

A new wave of document attacks targeting inboxes do not require enabling macros in order for adversaries to trigger an infection chain that ultimately delivers FormBook malware.

Malware 78

Malware Hacking 78

Schneier on Security

APRIL 10, 2018

DARPA is launching a program aimed at vulnerability discovery via human-assisted AI. The new DARPA program is called CHESS (Computers and Humans Exploring Software Security), and they're holding a proposers day in a week and a half. This is the kind of thing that can dramatically change the offense/defense balance.

Cybersecurity 148

Cybersecurity Software 148

Dark Reading

APRIL 11, 2018

Most exposed data records caused by human error.

77

77

WIRED Threat Level

APRIL 9, 2018

Facebook has released a tool that lets you see if you were caught up in the Cambridge Analytica fiasco—and what other apps know about you know.

112

112

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Software

Threatpost

APRIL 10, 2018

Researchers are warning of a new email phishing campaign that launches a trojan capable of distributing ransomware and stealing passwords.

Phishing 78

Phishing Passwords Ransomware Social Engineering 78

Schneier on Security

APRIL 12, 2018

Good article about how difficult it is to insure an organization against Internet attacks, and how expensive the insurance is. Companies like retailers, banks, and healthcare providers began seeking out cyberinsurance in the early 2000s, when states first passed data breach notification laws. But even with 20 years' worth of experience and claims data in cyberinsurance, underwriters still struggle with how to model and quantify a unique type of risk.

Insurance 135

Insurance Cybersecurity Data breaches Retail 135

Dark Reading

APRIL 11, 2018

Is it just a problem of too few security professionals, or are there other reasons enterprises struggle to build infosec teams?

InfoSec 71

InfoSec Cybersecurity 71

WIRED Threat Level

APRIL 9, 2018

Some network communication protocol vulnerabilities have been known for more than a decade and still aren't fixed. Now they're being exploited.

IoT 111

IoT 111

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

Threatpost

APRIL 10, 2018

A patched vulnerability in San Francisco’s public safety warning siren system suggests other radio-based platforms could also be hacked.

Hacking 72

Hacking Software Government 72

Schneier on Security

APRIL 11, 2018

Last year I wrote about the Digital Security Exchange. The project is live : The DSX works to strengthen the digital resilience of U.S. civil society groups by improving their understanding and mitigation of online threats. We do this by pairing civil society and social sector organizations with credible and trustworthy digital security experts and trainers who can help them keep their data and networks safe from exposure, exploitation, and attack.

118

118

Dark Reading

APRIL 10, 2018

Unencrypted radio protocol that controls sirens left alert system at risk.

Risk 64

Risk 64

WIRED Threat Level

APRIL 11, 2018

Russian agents used Facebook to influence the 2017 election. Congress missed the chance to delve into what the company knows about it—and how they’ll stop it in 2018.

111

111

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Threatpost

APRIL 13, 2018

Many Android device manufacturers are not telling the truth when they say they have patched devices, researchers found.

Manufacturing 66

Manufacturing 66

Thales Cloud Protection & Licensing

APRIL 11, 2018

This blog was originally published on Business Reporter. To view the article, please click here. It is strange to think that Google Glass – once the very definition of innovation – is already starting to fade into the collective tech memory. Now off the shelves and overtaken by increasingly advanced AR/VR offerings, it would be forgivable to consider Glass just a short blip in the history of our connected world, but in fact, its history, and its legacy, extend far further than that.

Digital transformation 59

Digital transformation Internet Internet Artificial Intelligence 59

Dark Reading

APRIL 10, 2018

Users aren't shy about sharing the technique and payload in a new attack.

Internet 63

Internet Internet Mobile 63

WIRED Threat Level

APRIL 9, 2018

A new study from Pew Research shows that the bulk of links on Twitter don't come from actual humans.

111

111

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

Threatpost

APRIL 10, 2018

Critical vulnerabilities are divided into four CVEs tied to Adobe Flash Player and Adobe InDesign CC.

59

59

eSecurity Planet

APRIL 12, 2018

There are hundreds of ways to spend your time at the 2018 RSA Conference, but here are the 10 sessions that people will be talking about.

51

51

Dark Reading

APRIL 9, 2018

Outside attackers still the biggest problem - except in healthcare.

Healthcare 63

Healthcare Ransomware 63

WIRED Threat Level

APRIL 10, 2018

[In his testimony to Congress, Facebook CEO Mark Zuckerberg repeatedly misrepresented the amount of control Facebook users really have over their data.]([link].

110

110

Advertisement

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

Software

Threatpost

APRIL 10, 2018

Verizon pegged ransomware as the most prevalent malware in its 2018 Data Breach Investigations Report.

Ransomware 59

Ransomware Data breaches Malware DDOS 59

Thales Cloud Protection & Licensing

APRIL 12, 2018

Nick Jovanovic, VP Federal of Thales eSecurity Federal (a division of TDSI), recently spoke with Federal Tech Talk’s John Gilroy about federal agency data security and key findings from the 2018 Thales Data Threat Report, Federal Government Edition. Federal Tech Talk, which looks at the world of high technology in the U.S. federal government, airs on Federal News Radio, a radio station in the Washington, D.C. region.

Media 48

Media System Administration Government Threat Reports 48

Dark Reading

APRIL 13, 2018

Goal is to make it easier for organizations to handle the migration to quantum computing when it becomes available.

61

61

WIRED Threat Level

APRIL 10, 2018

Balint Seeber found that cities around the US are leaving their emergency siren radio communication systems unencrypted and vulnerable to spoofing.

108

108

Advertisement

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

Cybersecurity