Sat.Apr 07, 2018 - Fri.Apr 13, 2018

article thumbnail

Obscure E-Mail Vulnerability

Schneier on Security

This vulnerability is a result of an interaction between two different ways of handling e-mail addresses. Gmail ignores dots in addresses, so bruce.schneier@gmail.com is the same as bruceschneier@gmail.com is the same as b.r.u.c.e.schneier@gmail.com. (Note: I do not own any of those email addresses -- if they're even valid.) Netflix doesn't ignore dots, so those are all unique e-mail addresses and can each be used to register an account.

article thumbnail

Microsoft Regional Director (Redux)

Troy Hunt

I received a very nice email this week: Congratulations, your nomination has been accepted to the Microsoft Regional Director program! I am pleased to welcome you back to this worldwide community of technology thought leaders and thank you for being a part of this community. Just over 2 years ago, I first became a Microsoft Regional Director. This is a role that has meant a great deal to me over that time; it's not one you can sit an exam for and no amount of money will buy you one either.

InfoSec 153
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Cambridge Analytica Could Also Access Private Facebook Messages

WIRED Threat Level

A Facebook permission allowed an app to read messages between 1,500 Facebook users and their friends until October 2015—data that Cambridge Analytica could have accessed.

111
111
article thumbnail

Security Product Management at Large Companies vs. Startups

Lenny Zeltser

Is it better to perform product management of information security solutions at a large company or at a startup? Picking the setting that’s right for you isn’t as simple as craving the exuberant energy of a young firm or coveting the resources and brand of an organization that’s been around for a while. Each environment has its challenges and advantages for product managers.

InfoSec 82
article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

COPPA Compliance

Schneier on Security

Interesting research: " 'Won't Somebody Think of the Children?' Examining COPPA Compliance at Scale ": Abstract: We present a scalable dynamic analysis framework that allows for the automatic evaluation of the privacy behaviors of Android apps. We use our system to analyze mobile apps' compliance with the Children's Online Privacy Protection Act (COPPA), one of the few stringent privacy laws in the U.S.

article thumbnail

Word Attachment Delivers FormBook Malware, No Macros Required

Threatpost

A new wave of document attacks targeting inboxes do not require enabling macros in order for adversaries to trigger an infection chain that ultimately delivers FormBook malware.

Malware 78

More Trending

article thumbnail

Best Buy the Latest Victim of Third-Party Security Breach

Dark Reading

Retailer says customer payment and other information may have been exposed via the breach of [24]7.ai online chat provider.

Retail 93
article thumbnail

DARPA Funding in AI-Assisted Cybersecurity

Schneier on Security

DARPA is launching a program aimed at vulnerability discovery via human-assisted AI. The new DARPA program is called CHESS (Computers and Humans Exploring Software Security), and they're holding a proposers day in a week and a half. This is the kind of thing that can dramatically change the offense/defense balance.

article thumbnail

Quant Loader Trojan Spreads Via Microsoft URL Shortcut Files

Threatpost

Researchers are warning of a new email phishing campaign that launches a trojan capable of distributing ransomware and stealing passwords.

article thumbnail

The Questions Zuckerberg Should Have Answered About Russia

WIRED Threat Level

Russian agents used Facebook to influence the 2017 election. Congress missed the chance to delve into what the company knows about it—and how they’ll stop it in 2018.

103
103
article thumbnail

The Tumultuous IT Landscape Is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

article thumbnail

Securing the digital human

Thales Cloud Protection & Licensing

This blog was originally published on Business Reporter. To view the article, please click here. It is strange to think that Google Glass – once the very definition of innovation – is already starting to fade into the collective tech memory. Now off the shelves and overtaken by increasingly advanced AR/VR offerings, it would be forgivable to consider Glass just a short blip in the history of our connected world, but in fact, its history, and its legacy, extend far further than that.

article thumbnail

Cybersecurity Insurance

Schneier on Security

Good article about how difficult it is to insure an organization against Internet attacks, and how expensive the insurance is. Companies like retailers, banks, and healthcare providers began seeking out cyberinsurance in the early 2000s, when states first passed data breach notification laws. But even with 20 years' worth of experience and claims data in cyberinsurance, underwriters still struggle with how to model and quantify a unique type of risk.

Insurance 128
article thumbnail

Vulnerability in San Francisco’s Public Safety Warning Sirens Fixed

Threatpost

A patched vulnerability in San Francisco’s public safety warning siren system suggests other radio-based platforms could also be hacked.

Hacking 72
article thumbnail

A Long-Awaited IoT Crisis Is Here, and Many Devices Aren't Ready

WIRED Threat Level

Some network communication protocol vulnerabilities have been known for more than a decade and still aren't fixed. Now they're being exploited.

IoT 110
article thumbnail

The Importance of User Roles and Permissions in Cybersecurity Software

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

article thumbnail

Stats on the Cybersecurity Skills Shortage: How Bad Is It, Really?

Dark Reading

Is it just a problem of too few security professionals, or are there other reasons enterprises struggle to build infosec teams?

InfoSec 71
article thumbnail

The Digital Security Exchange Is Live

Schneier on Security

Last year I wrote about the Digital Security Exchange. The project is live : The DSX works to strengthen the digital resilience of U.S. civil society groups by improving their understanding and mitigation of online threats. We do this by pairing civil society and social sector organizations with credible and trustworthy digital security experts and trainers who can help them keep their data and networks safe from exposure, exploitation, and attack.

115
115
article thumbnail

The Top 10 Sessions to Catch at RSA Conference 2018

eSecurity Planet

There are hundreds of ways to spend your time at the 2018 RSA Conference, but here are the 10 sessions that people will be talking about.

68
article thumbnail

Mark Zuckerberg Makes Facebook Privacy Sound So Easy

WIRED Threat Level

[In his testimony to Congress, Facebook CEO Mark Zuckerberg repeatedly misrepresented the amount of control Facebook users really have over their data.]([link].

96
article thumbnail

IDC Analyst Report: The Open Source Blind Spot Putting Businesses at Risk

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

article thumbnail

Don’t Trust Android OEM Patching, Claims Researcher

Threatpost

Many Android device manufacturers are not telling the truth when they say they have patched devices, researchers found.

article thumbnail

Nick Jovanovic, VP Federal of Thales eSecurity Federal, Speaks to Media about Data Security

Thales Cloud Protection & Licensing

Nick Jovanovic, VP Federal of Thales eSecurity Federal (a division of TDSI), recently spoke with Federal Tech Talk’s John Gilroy about federal agency data security and key findings from the 2018 Thales Data Threat Report, Federal Government Edition. Federal Tech Talk, which looks at the world of high technology in the U.S. federal government, airs on Federal News Radio, a radio station in the Washington, D.C. region.

Media 48
article thumbnail

Ransomware Up for Businesses, Down for Consumers in Q1

Dark Reading

Ransomware, spyware, and cryptomining were the biggest enterprise threats during an otherwise quiet quarter for malware, researchers report.

article thumbnail

How Android Phones Hide Missed Security Updates From You

WIRED Threat Level

A study finds that Android phones aren't just slow to get patched; sometimes they lie about being patched when they're not.

108
108
article thumbnail

The Cloud Development Environment Adoption Report

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

article thumbnail

New ‘Early Bird’ Code Injection Technique Helps APT33 Evade Detection

Threatpost

Researchers have identified what they are calling an Early Bird code injection technique used by the Iranian group APT33 to burrow the TurnedUp malware inside infected systems while evading anti-malware tools.

Malware 48
article thumbnail

Trust, but Verify: Keeping Watch over Privileged Users

Thales Cloud Protection & Licensing

“Trust but verify” is a Russian proverb President Reagan used as doctrine for nuclear disarmament between the U.S. and the U.S.S.R. in the mid-1980s. Its application was instrumental in ending the nuclear arms race and the threat of war. Today, the same doctrine can be applied to enterprise applications and data that is being threatened by a complex dynamic of attack vectors.

article thumbnail

Cisco, ISARA to Test Hybrid Classic, Quantum-Safe Digital Certificates

Dark Reading

Goal is to make it easier for organizations to handle the migration to quantum computing when it becomes available.

61
article thumbnail

This Radio Hacker Could Hijack Emergency Sirens to Play Any Sound

WIRED Threat Level

Balint Seeber found that cities around the US are leaving their emergency siren radio communication systems unencrypted and vulnerable to spoofing.

90
article thumbnail

Bringing the Cybersecurity Imperative Into Focus

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

article thumbnail

Impact Of Chat Service Breach Expands To Best Buy, Kmart

Threatpost

A breach that exposed the credit card information of Delta Air Lines and Sears Holdings now expands its impact to include Best Buy and Kmart.

Retail 51
article thumbnail

[NEWS] D.C. Court: Accessing Public Information is Not a Computer Crime

Architect Security

[USA] D.C. Court: Accessing Public Information is Not a Computer Crime In a great win for OSINT and general Internet freedom (as the EFF says, “Good news for anyone who uses the Internet as a source of information” LOL), a DC court has ruled that automated tools can be used for collecting information on the […].

article thumbnail

Avoiding the Ransomware Mistakes that Crippled Atlanta

Dark Reading

What made Atlanta an easy target was its outdated use of technology: old computers running on non-supported platforms, which are also a characteristic of many municipalities and most major cities.

article thumbnail

Twitter Bots Post Two-Thirds of Links to Popular Sites on the Platform

WIRED Threat Level

A new study from Pew Research shows that the bulk of links on Twitter don't come from actual humans.

102
102
article thumbnail

Cybersecurity Predictions for 2024

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.