Schneier on Security
JANUARY 8, 2019
No one doubts that artificial intelligence (AI) and machine learning (ML) will transform cybersecurity. We just don't know how , or when. While the literature generally focuses on the different uses of AI by attackers and defenders and the resultant arms race between the two I want to talk about software vulnerabilities. All software contains bugs.
Krebs on Security
JANUARY 8, 2019
Buying heavily discounted, popular software from second-hand sources online has always been something of an iffy security proposition. But purchasing steeply discounted licenses for cloud-based subscription products like recent versions of Microsoft Office can be an extremely risky transaction, mainly because you may not have full control over who has access to your data.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Troy Hunt
JANUARY 8, 2019
Time and time again, I get emails and DMs from people that effectively boil down to this: Hey, that paste that just appeared in Have I Been Pwned is from Spotify, looks like they've had a data breach Many years ago, I introduced the concept of pastes to HIBP and what they essentially boil down to is monitoring Pastebin and a bunch of other services for when a trove of email addresses is dumped online.
Adam Levin
JANUARY 9, 2019
The ongoing shutdown of the U.S. Government has impacted federal cybersecurity according to several reports. The roughly 800,000 federal workers currently on furlough include: 45% of staff from the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency , which is tasked with defending critical infrastructure from cyber and physical threats. 80% of the National Protection and Programs Directorate , which oversees the Office of Cyber and Infrastructure Analysis and the
Advertisement
Many cybersecurity awareness platforms offer massive content libraries, yet they fail to enhance employees’ cyber resilience. Without structured, engaging, and personalized training, employees struggle to retain and apply key cybersecurity principles. Phished.io explains why organizations should focus on interactive, scenario-based learning rather than overwhelming employees with excessive content.
Schneier on Security
JANUARY 10, 2019
Good essay on the inherent vulnerabilities in the cell phone standards and the market barriers to fixing them. So far, industry and policymakers have largely dragged their feet when it comes to blocking cell-site simulators and SS7 attacks. Senator Ron Wyden, one of the few lawmakers vocal about this issue, sent a letter in August encouraging the Department of Justice to "be forthright with federal courts about the disruptive nature of cell-site simulators.
Krebs on Security
JANUARY 10, 2019
Street thieves who specialize in cashing out stolen credit and debit cards increasingly are hedging their chances of getting caught carrying multiple counterfeit cards by relying on Fuze Cards , a smartcard technology that allows users to store dozens of cards on a single device, the U.S. Secret Service warns. A Fuze card can store up to 30 credit/debit cards.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
|
Adam Shostack
JANUARY 10, 2019
My Linkedin Learning course is getting really strong positive feedback. Today, I want to peel back the cover a bit, and talk about how it came to be. Before I struck a deal with Linkedin, I talked to some of the other popular training sites. Many of them will buy you a microphone and some screen recording software, and you go to town! They even “let” you edit your own videos.
Schneier on Security
JANUARY 7, 2019
This is clever: How the attack works: Attacker added tens of malicious servers to the Electrum wallet network. Users of legitimate Electrum wallets initiate a Bitcoin transaction. If the transaction reaches one of the malicious servers, these servers reply with an error message that urges users to download a wallet app update from a malicious website (GitHub repo).
Krebs on Security
JANUARY 9, 2019
Microsoft on Tuesday released updates to fix roughly four dozen security issues with its Windows operating systems and related software. All things considered, this first Patch Tuesday of 2019 is fairly mild, bereft as it is of any new Adobe Flash updates or zero-day exploits. But there are a few spicy bits to keep in mind. Read on for the gory details.
The Last Watchdog
JANUARY 7, 2019
When CyberTown, USA is fully built out, it’s backers envision it emerging as the world’s premier technology hub for cybersecurity and data science. DataTribe , a Fulton, MD-based cybersecurity startup incubator, has been a key backer of this ambitious urban redevelopment project , which broke ground last October in Port Covington, MD, once a bustling train stop on the south side of Baltimore.
Advertisement
The DHS compliance audit clock is ticking on Zero Trust. Government agencies can no longer ignore or delay their Zero Trust initiatives. During this virtual panel discussion—featuring Kelly Fuller Gordon, Founder and CEO of RisX, Chris Wild, Zero Trust subject matter expert at Zermount, Inc., and Principal of Cybersecurity Practice at Eliassen Group, Trey Gannon—you’ll gain a detailed understanding of the Federal Zero Trust mandate, its requirements, milestones, and deadlines.
Adam Shostack
JANUARY 10, 2019
I’m excited to be able to share “ Announcement: IriusRisk Threat Modeling Platform 2.0 Released.” If you’re looking to scale your enterprise threat modeling program, this is worth a look.
Schneier on Security
JANUARY 11, 2019
Nice work : One attraction of a vein based system over, say, a more traditional fingerprint system is that it may be typically harder for an attacker to learn how a user's veins are positioned under their skin, rather than lifting a fingerprint from a held object or high quality photograph, for example. But with that said, Krissler and Albrecht first took photos of their vein patterns.
Security Affairs
JANUARY 11, 2019
Victims of the PyLocky Ransomware can use a tool released by security researcher Mike Bautista at Cisco Talos group to decrypt their files for free. I have good and bad news for the victims of the PyLocky Ransomware. The good news is that security researcher Mike Bautista at Cisco Talos group released a decryption tool that allows them to decrypt their files for free.
The Last Watchdog
JANUARY 7, 2019
The heyday of traditional corporate IT networks has come and gone. In 2019, and moving ahead, look for legacy IT business networks to increasingly intersect with a new class of networks dedicated to controlling the operations of a IoT-enabled services of all types, including smart buildings, IoT-enabled healthcare services and driverless cars. Related: Why the golden age of cyber espionage is upon us.
Advertisement
Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.
Adam Shostack
JANUARY 6, 2019
I’ve updated the blog theme. Please let me know if I broke anything.
Schneier on Security
JANUARY 9, 2019
The EU is offering "bug bounties on Free Software projects that the EU institutions rely on.". Slashdot thread.
Security Affairs
JANUARY 10, 2019
Experts disclosed three flaws in the systemd , a software suite that provides fundamental building blocks for Linux operating systems. Security firm Qualys has disclosed three flaws (CVE-2018-16864, CVE-2018-16865, and CVE-2018-16866 ) in a component of systemd , a software suite that provides fundamental building blocks for a Linux operating system used in most major Linux distributions.
Dark Reading
JANUARY 7, 2019
We need more stringent controls and government action to prevent a catastrophic disaster.
Advertisement
Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.
eSecurity Planet
JANUARY 10, 2019
Container security pros offer their tips to keep Kubernetes deployments safe and secure.
Threatpost
JANUARY 11, 2019
As the shutdown continues into its 21st day, dozens of.gov websites haven't renewed their TLS certificates.
Security Affairs
JANUARY 8, 2019
The cryptocurrency exchange Coinbase suspended the trading of Ethereum Classic (ETC) after double-spend attacks worth $1.1 Million. The cryptocurrency exchange Coinbase has suspended the trading of Ethereum Classic (ETC) after double-spend attacks that consist in spending digital coins twice. Ethereum Classic (ETC) is the original unforked Ethereum blockchain, the attacks resulted in the loss of $1.1 million worth of the digital currency. 51% attack refers to an attack on a blockchain by a group
Dark Reading
JANUARY 11, 2019
It is great to have heroes, but the real security heroes are the men and women who keep the bad guys out while fighting their own organizations at the same time.
Advertisement
How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.
Thales Cloud Protection & Licensing
JANUARY 8, 2019
Personally, I find the daily announcement of a company losing control of their employees’, partners’, or customers’ data depressing. My home state, California had 259 formally reported breaches in 2018 alone! It doesn’t matter where in the world you are, many companies are not properly protecting your data and hackers are very good at seeking those companies out.
Threatpost
JANUARY 10, 2019
The attacks, targeting several countries to redirect traffic and harvest credentials, have been linked to Iran.
Security Affairs
JANUARY 6, 2019
The Dark Overlord published the first batch of decryption keys for 650 confidential documents related to the 9/11 terrorist attacks. The Dark Overlord hacking group claims to have stolen a huge trove of documents from the British insurance company Hiscox, Hackers stole “hundreds of thousands of documents,” including tens of thousands files related to the 9/11 terrorist attacks.
Dark Reading
JANUARY 11, 2019
Among the problems: TLS certificates are expiring and websites are becoming inaccessible.
Advertisement
After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!
WIRED Threat Level
JANUARY 8, 2019
The special counsel has lots of unfinished business on his to-do list this year, including a final report. Here's a rundown.
Threatpost
JANUARY 9, 2019
As the hype at CES demonstrates, 5G is the newest and shiniest tech bauble out there: but security concerns loom.
Security Affairs
JANUARY 7, 2019
Experts from security firm Pen Test Partners reported that tens of thousands of hot tubs are currently vulnerable to cyber attacks. Security experts at Pen Test Partners have discovered thousands of connected hot tubs vulnerable to remote cyber attacks. The hot tubs could be remotely controlled by an app, dubbed Balboa Water App, that lack of authentication mechanisms. “The mobile app connects to a Wi-Fi access point on the tub.
Dark Reading
JANUARY 11, 2019
A new CSA report addresses the issue of breach responsibility as more organizations move ERP application data the cloud.
Advertiser: Revenera
In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.
Expert insights. Personalized for you.
277 
Let's personalize your content