Schneier on Security
DECEMBER 21, 2018
Someone is flying a drone over Gatwick Airport in order to disrupt service: Chris Woodroofe, Gatwick's chief operating officer, said on Thursday afternoon there had been another drone sighting which meant it was impossible to say when the airport would reopen. He told BBC News: "There are 110,000 passengers due to fly today, and the vast majority of those will see cancellations and disruption.
Krebs on Security
DECEMBER 19, 2018
Microsoft today released an emergency software patch to plug a critical security hole in its Internet Explorer (IE) Web browser that attackers are already using to break into Windows computers. The software giant said it learned about the weakness ( CVE-2018-8653 ) after receiving a report from Google about a new vulnerability being used in targeted attacks.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Adam Shostack
DECEMBER 17, 2018
SANS has announced a new boardgame, “ Pivots and Payloads ,” that “takes you through pen test methodology, tactics, and tools with many possible setbacks that defenders can utilize to hinder forward progress for a pen tester or attacker. The game helps you learn while you play. It’s also a great way to showcase to others what pen testers do and how they do it.” If you register for their webinar, which is on Wednesday the 19th, they’ll send you some posters ver
Adam Levin
DECEMBER 20, 2018
The US National Aeronautics and Space Administration has announced that it experienced a data breach in October. In an internal memo sent to employees, the agency disclosed that its “cybersecurity personnel began investigating a possible compromise of NASA servers,” and that they had “determined that information from one of the servers containing Social Security numbers and other PII data of current and former NASA employees may have been compromised.”.
Advertisement
Many cybersecurity awareness platforms offer massive content libraries, yet they fail to enhance employees’ cyber resilience. Without structured, engaging, and personalized training, employees struggle to retain and apply key cybersecurity principles. Phished.io explains why organizations should focus on interactive, scenario-based learning rather than overwhelming employees with excessive content.
Schneier on Security
DECEMBER 17, 2018
A new variant of the Shamoon malware has destroyed signifigant amounts of data at a UAE "heavy engineering company" and the Italian oil and gas contractor Saipem. Shamoon is the Iranian malware that was targeted against the Saudi Arabian oil company, Saudi Aramco, in 2012 and 2016. We have no idea if this new variant is also Iranian in origin, or if it is someone else entirely using the old Iranian code base.
Krebs on Security
DECEMBER 18, 2018
Virtually all companies like to say they take their customers’ privacy and security seriously, make it a top priority, blah blah. But you’d be forgiven if you couldn’t tell this by studying the executive leadership page of each company’s Web site. That’s because very few of the world’s biggest companies list any security executives in their highest ranks.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
|
Adam Levin
DECEMBER 17, 2018
A bug on Facebook gave app developers unauthorized access to the photos of as many as 6.8 million users. The bug, which affected Facebook’s photo API, was active from September 13 through September 25, when it was discovered by Facebook and fixed. September 25 was coincidentally the same day the company announced a massive security breach that affected 30 million users.
Schneier on Security
DECEMBER 18, 2018
Peter Swire proposes a a pedagogic framework for teaching cybersecurity policy. Specifically, he makes real the old joke about adding levels to the OSI networking stack: an organizational layer, a government layer, and an international layer.
Krebs on Security
DECEMBER 20, 2018
Authorities in the United States this week brought criminal hacking charges against three men as part of an unprecedented, international takedown targeting 15 different “booter” or “stresser” sites — attack-for-hire services that helped paying customers launch tens of thousands of digital sieges capable of knocking Web sites and entire network providers offline.
The Last Watchdog
DECEMBER 20, 2018
From a certain perspective, 2018 hasn’t been as dramatic a cybersecurity year as 2017, in that we haven’t seen as many global pandemics like WannaCry. Related: WannaCry signals worse things to come. Still, Ransomware, zero-day exploits, and phishing attacks, were among the biggest threats facing IT security teams this year. 2018 has not been a d ull y ear as far as breaches.
Advertisement
The DHS compliance audit clock is ticking on Zero Trust. Government agencies can no longer ignore or delay their Zero Trust initiatives. During this virtual panel discussion—featuring Kelly Fuller Gordon, Founder and CEO of RisX, Chris Wild, Zero Trust subject matter expert at Zermount, Inc., and Principal of Cybersecurity Practice at Eliassen Group, Trey Gannon—you’ll gain a detailed understanding of the Federal Zero Trust mandate, its requirements, milestones, and deadlines.
Security Affairs
DECEMBER 19, 2018
U.S. National Aeronautics and Space Administration (NASA) notifies employees of a data breach that exposed social security numbers and other personal information. According to the data breach notification, hackers have breached at least one of the agency’s servers, the security breach impacted both past and present employees. . Website SpaceRef published a data breach notification note sent by the NASA to its employees, the Agency informed them of an ongoing investigation due to an intrusion int
Schneier on Security
DECEMBER 19, 2018
The US House of Representatives Committee on Oversight and Government Reform has just released a comprehensive report on the 2017 Equifax hack. It's a great piece of writing, with a detailed timeline, root cause analysis, and lessons learned. Lance Spitzner also commented on this. Here is my testimony before before the House Subcommittee on Digital Commerce and Consumer Protection last November.
Threatpost
DECEMBER 20, 2018
The intimate recordings paint a detailed picture of a man's life.
Dark Reading
DECEMBER 18, 2018
Before the wrapping paper starts flying, here's some welcome cybersecurity advice to share with friends and family.
Advertisement
Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.
Security Affairs
DECEMBER 16, 2018
U.S. Ballistic Missile Defense Systems Fail Cybersecurity Audit. US DoD Inspector General’s report revealed United States’ ballistic missile defense systems (BMDS) fail to implements cyber security requirements. The U.S. Department of Defense Inspector General published a report this week that revealed that lack of adequate cybersecurity for the protection of the United States’ ballistic missile defense systems (BMDS).
eSecurity Planet
DECEMBER 18, 2018
Former West Point professor Greg Conti explains how military doctrines apply to cyber security, and what lessons enterprises can learn from that.
WIRED Threat Level
DECEMBER 17, 2018
Frustrated by Twitter's silence on abuse against women, Amnesty International crowdsourced its own data and found that the platform was especially toxic for black women.
Adam Levin
DECEMBER 18, 2018
The cyberattack on the Marriott hotel chain that exposed the information of up to 500 million guests was most likely conducted by Chinese state-affiliated hackers, according to a preliminary investigation. Unnamed government sources for the New York Times and Washington Post familiar with the investigation of the breach have said that the methods utilized by the hackers, as well as the targeted data both suggest that the attacks are linked to the Chinese Ministry of State Security.
Advertisement
Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.
Security Affairs
DECEMBER 19, 2018
Researchers at Palo Alto Networks discovered that the Russian-linked Sofacy APT has written a new version of their Zebrocy backdoor using the Go programming language. The Sofacy APT group has been active since at least 2007 and it has targeted governments, militaries, and security organizations worldwide. The group was involved also in the string of attacks that targeted 2016 Presidential election.
Dark Reading
DECEMBER 21, 2018
Amazon mistakenly sent one user's Alexa recordings to a stranger but neglected to disclose the error.
eSecurity Planet
DECEMBER 21, 2018
We examine 7 cybersecurity research reports released in December -- and the controls organizations should consider implementing to reduce risk.
Lenny Zeltser
DECEMBER 20, 2018
My new writing course for cybersecurity professionals teaches how to write better reports, emails, and other content we regularly create. It captures my experience of writing in the field for over two decades and incorporates insights from other community members. It’s a course I wish I could’ve attended when I needed to improve my own security writing skills.
Advertisement
How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.
Security Affairs
DECEMBER 20, 2018
Microsoft has issued an out-of-band security update to fix a critical zero-day flaw in the Internet Explorer (IE) browser. Microsoft has rolled out an out-of-band security update to address a critical zero-day vulnerability affecting the Internet Explorer (IE) browser. According to the tech giant, attackers already exploited in the wild the vulnerability tracked as CVE-2018-8653.
Threatpost
DECEMBER 18, 2018
The malware does its best to obfuscate SEO injection in WordPress and evade notice from web admins.
Dark Reading
DECEMBER 18, 2018
Steganography via tweet images gave attackers a way to pass on malicious instructions to Trojan, researchers say.
WIRED Threat Level
DECEMBER 17, 2018
A new report for the Senate exposes how the IRA used every major social media platform to target Americans before and after the 2016 election.
Advertisement
After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!
Security Affairs
DECEMBER 21, 2018
2018 was the year of the Internet of Things (IoT), massive attacks and various botnets hit smart devices, These are 5 IoT Security Predictions for 2019. Insights from VDOO’s leadership. 2018 was the year of the Internet of Things (IoT) – massive attacks and various botnets, a leap in regulation and standards, and increased adoption of IoT devices by consumers and enterprises, despite the existence of security and privacy concerns. 2019 will continue these trends but at a faster pace.
Elie
DECEMBER 20, 2018
This post looks at two-factor authentication adoption in the wild, highlights the disparity of support between the various categories of websites, and illuminates how fragmented the two factor ecosystem is in terms of standard adoption. Performing a longitudinal analysis highlights that the adoption rate of 2FA (two-factor authentication) has been mostly stagnant over the last five years, despite the ever increasing number of accounts hijacked due to the. reuse of passwords found in data breache
Dark Reading
DECEMBER 17, 2018
Cyberattacks reportedly targeted US Defense contractor.
Thales Cloud Protection & Licensing
DECEMBER 20, 2018
A few weeks ago, the National Academies of Sciences, Engineering and Medicine published a new report exploring the progress and prospects – or lack of – around quantum computing. Highlighting several technical and financial problems that need to be overcome before a functional quantum computer can be built, the report states it’s too early to even predict a timeline for the development of the technology.
Advertiser: Revenera
In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.
Expert insights. Personalized for you.
253 
Let's personalize your content