Schneier on Security
APRIL 23, 2018
Russia has banned the secure messaging app Telegram. It's making an absolute mess of the ban -- blocking 16 million IP addresses , many belonging to the Amazon and Google clouds -- and it's not even clear that it's working. But, more importantly, I'm not convinced Telegram is secure in the first place. Such a weird story. If you want secure messaging, use Signal.
Troy Hunt
APRIL 23, 2018
Remember the anti-piracy campaign from years back about "You Wouldn't Steal a Car"? This was the rather sensationalist piece put together by the Motion Picture Association of America in an attempt to draw parallels between digital piracy and what they viewed as IRL ("In Real Life") equivalents. Here's a quick recap: The very premise that the young girl sitting in her bedroom in the opening scene is in any way relatable to the guy in the dark alley sliding a slim jim down the Merc
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
WIRED Threat Level
APRIL 22, 2018
The mythical creature's popularity says a lot about the psychology of password creation.
Elie
APRIL 23, 2018
This post looks at the main challenges that arise when training a classifier to combat fraud and abuse. At a high level, what makes training a classifier to detect fraud and abuse unique is that it deals with data generated by an adversary that actively attempts to evade detection. Sucessfully training a classifier is such adversarial settings requires to overcome the following four challenges: Non stationarity.
Advertisement
Many cybersecurity awareness platforms offer massive content libraries, yet they fail to enhance employees’ cyber resilience. Without structured, engaging, and personalized training, employees struggle to retain and apply key cybersecurity principles. Phished.io explains why organizations should focus on interactive, scenario-based learning rather than overwhelming employees with excessive content.
Schneier on Security
APRIL 24, 2018
Info on the coded signals used by the Colorado Rockies.
Troy Hunt
APRIL 27, 2018
When I launched Pwned Passwords in August , I honestly didn't know how much it would be used. I made 320M SHA-1 password hashes downloadable and also stood up an API to query the data "as a service" by either a plain text password or a SHA-1 hash. (Incidentally, for anyone about to lose their mind over SHA-1, read that launch post as to why that hashing algorithm is used.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
|
Elie
APRIL 23, 2018
This post looks at the four main challenges that arise when training a classifier to combat fraud and abuse. This is the second post of a series of four that is dedicated to provide a concise overview of how to harness AI to build robust anti-abuse protections. The first post. explains why AI is key to build robust anti-defenses that keep up with user expectations and increasingly sophisticated attackers.
Schneier on Security
APRIL 27, 2018
This seems like an absolute disaster: The very short version is that a UK bank, TSB, which had been merged into and then many years later was spun out of Lloyds Bank, was bought by the Spanish bank Banco Sabadell in 2015. Lloyds had continued to run the TSB systems and was to transfer them over to Sabadell over the weekend. It's turned out to be an epic failure, and it's not clear if and when this can be straightened out.
Troy Hunt
APRIL 27, 2018
This week. I'm tired. A two-day remote workshop on London hours meant very unfriendly times for me here in Aus but hey, it beats jet lag! So just a very short intro this time, I recorded the update this morning whilst I was rather a lot more awake so I'll let that do the talking. Enjoy! iTunes podcast | Google Play Music podcast | RSS podcast. Reference.
WIRED Threat Level
APRIL 25, 2018
Ray Ozzie thinks his Clear method for unlocking encrypted devices can attain the impossible: It satisfies both law enforcement and privacy purists.
Advertisement
The DHS compliance audit clock is ticking on Zero Trust. Government agencies can no longer ignore or delay their Zero Trust initiatives. During this virtual panel discussion—featuring Kelly Fuller Gordon, Founder and CEO of RisX, Chris Wild, Zero Trust subject matter expert at Zermount, Inc., and Principal of Cybersecurity Practice at Eliassen Group, Trey Gannon—you’ll gain a detailed understanding of the Federal Zero Trust mandate, its requirements, milestones, and deadlines.
Thales Cloud Protection & Licensing
APRIL 23, 2018
By Peter Galvin, Chief Strategy & Marketing Officer, Thales eSecurity. Today, organizations are rapidly adopting cloud technology. Many organizations have implemented a cloud first philosophy, requiring that any new applications or IT investments start with the cloud. And not just one cloud, but organizations are investing in multiple clouds and SaaS applications.
Schneier on Security
APRIL 25, 2018
The ISO has rejected two symmetric encryption algorithms: SIMON and SPECK. These algorithms were both designed by the NSA and made public in 2013. They are optimized for small and low-cost processors like IoT devices. The risk of using NSA-designed ciphers, of course, is that they include NSA-designed backdoors. Personally, I doubt that they're backdoored.
Dark Reading
APRIL 26, 2018
As IAM companies try to stretch 'identity context' into all points of the cybersecurity market, identity is becoming 'its own solar system.
WIRED Threat Level
APRIL 25, 2018
Researchers found—and helped fix—a flaw in Vingcard RFID locks that would let hackers break into any room in hotels around the world.
Advertisement
Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.
Threatpost
APRIL 24, 2018
The Ukrainian Energy Ministry has been hit by a ransomware attack – and for once it looks like this is the work of amateurs, not nation-state attackers bent on making a geopolitical point. However, the bad actors appear to have made use of the recently patched Drupal vulnerability, pointing out yet once again that patch […].
Schneier on Security
APRIL 26, 2018
It's Lt. Gen. Paul Nakasone. I know nothing about him.
Dark Reading
APRIL 26, 2018
In an attempt to steal financial data, the attack bribes users with coupons in exchange for taking an online quiz.
WIRED Threat Level
APRIL 25, 2018
Researchers didn't have to hack Amazon's Alexa voice assistant to use it for eavesdropping. They just took advantage of the system in place.
Advertisement
Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.
Threatpost
APRIL 25, 2018
Researchers discovered a flaw in Amazon’s Alexa virtual assistant that enabled them to eavesdrop on consumers with smart devices – and automatically transcribe every word said.
Schneier on Security
APRIL 23, 2018
This acoustic technology identifies individuals by their ear shapes. No information about either false positives or false negatives.
Dark Reading
APRIL 26, 2018
The migration of valuable data to the cloud is piquing the interest of cybercrimimals. But there are ways to fight back.
WIRED Threat Level
APRIL 27, 2018
Joy Reid may have very well been the target of a malicious breach. Or she's just the latest person to blame hackers for her past mistakes.
Advertisement
How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.
Threatpost
APRIL 24, 2018
A freshly minted attack group dubbed Orangeworm has been uncovered, deploying a custom backdoor in mostly healthcare-related environments. It’s bent on laser-focused, comprehensive corporate espionage, with a noisy attack vector that shows that it’s unlikely to be related to nation-state actors. Researchers first found Orangeworm in the form of an interesting binary in 2016, and […].
Schneier on Security
APRIL 24, 2018
" Do Not Disturb " is a Macintosh app that send an alert when the lid is opened. The idea is to detect computer tampering. Wire article : Do Not Disturb goes a step further than just the push notification. Using the Do Not Disturb iOS app, a notified user can send themselves a picture snapped with the laptop's webcam to catch the perpetrator in the act, or they can shut down the computer remotely.
Elie
APRIL 23, 2018
In-depth research publications, industry talks and blog posts about Google security, research at Google and cybersecurity in general in open-access.
WIRED Threat Level
APRIL 21, 2018
Xbox hacking, LinkedIn bugs, and more security news this week.
Advertisement
After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!
Threatpost
APRIL 26, 2018
Microsoft has released new Spectre mitigations for Windows 10, which include Intel microcode fixes for CPUs running on Windows.
Dark Reading
APRIL 27, 2018
Total fraud against kids amounted to $2.6 billion and more than $540 million in out-of-pocket costs to families, a new report finds.
eSecurity Planet
APRIL 27, 2018
The flaw is driven by a security configuration initially documented by SAP over a decade ago.
Thales Cloud Protection & Licensing
APRIL 23, 2018
RSA 2018 kicked off on a high note with Thales eSecurity’s annual partner/customer happy hour , and the week just got better from there. Our hard-working staff remained energetic and unflappable, as it juggled various roles: guiding conference attendees through the Cyber Escape Room; walking booth visitors through demos of the Thales eSecurity product line; managing giveaways (the URB-E scooter proved highly popular!
Advertiser: Revenera
In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.
Expert insights. Personalized for you.
213 
Let's personalize your content