Krebs on Security
DECEMBER 18, 2018
Virtually all companies like to say they take their customers’ privacy and security seriously, make it a top priority, blah blah. But you’d be forgiven if you couldn’t tell this by studying the executive leadership page of each company’s Web site. That’s because very few of the world’s biggest companies list any security executives in their highest ranks.
Schneier on Security
DECEMBER 21, 2018
Someone is flying a drone over Gatwick Airport in order to disrupt service: Chris Woodroofe, Gatwick's chief operating officer, said on Thursday afternoon there had been another drone sighting which meant it was impossible to say when the airport would reopen. He told BBC News: "There are 110,000 passengers due to fly today, and the vast majority of those will see cancellations and disruption.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Adam Levin
DECEMBER 18, 2018
The U.S. Ballistic Missile Defense System (BMDS) falls short of critical cybersecurity standards, according to an audit issued by the Department of Defense Inspector General. The report issued by the Inspector General’s office details several basic lapses in security protocols at five separate locations, including: A lack of multifactor authentication to access BMDS technical information.
Adam Shostack
DECEMBER 17, 2018
SANS has announced a new boardgame, “ Pivots and Payloads ,” that “takes you through pen test methodology, tactics, and tools with many possible setbacks that defenders can utilize to hinder forward progress for a pen tester or attacker. The game helps you learn while you play. It’s also a great way to showcase to others what pen testers do and how they do it.” If you register for their webinar, which is on Wednesday the 19th, they’ll send you some posters ver
Advertisement
Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.
Krebs on Security
DECEMBER 19, 2018
Microsoft today released an emergency software patch to plug a critical security hole in its Internet Explorer (IE) Web browser that attackers are already using to break into Windows computers. The software giant said it learned about the weakness ( CVE-2018-8653 ) after receiving a report from Google about a new vulnerability being used in targeted attacks.
Schneier on Security
DECEMBER 17, 2018
A new variant of the Shamoon malware has destroyed signifigant amounts of data at a UAE "heavy engineering company" and the Italian oil and gas contractor Saipem. Shamoon is the Iranian malware that was targeted against the Saudi Arabian oil company, Saudi Aramco, in 2012 and 2016. We have no idea if this new variant is also Iranian in origin, or if it is someone else entirely using the old Iranian code base.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
Adam Shostack
DECEMBER 21, 2018
Lance Cottrell has a blog “ The Why and How of High ROI Security Advisory Boards ” over at the Ntrepid blog. I’m pleased to be a part of the board he’s discussing, and will quibble slightly — I don’t think it’s easy to maximize the value of the board. It’s taken effort on the part of both Ntrepid staff and executives and also the board, and the result is clearly high value.
Krebs on Security
DECEMBER 20, 2018
Authorities in the United States this week brought criminal hacking charges against three men as part of an unprecedented, international takedown targeting 15 different “booter” or “stresser” sites — attack-for-hire services that helped paying customers launch tens of thousands of digital sieges capable of knocking Web sites and entire network providers offline.
Schneier on Security
DECEMBER 18, 2018
Peter Swire proposes a a pedagogic framework for teaching cybersecurity policy. Specifically, he makes real the old joke about adding levels to the OSI networking stack: an organizational layer, a government layer, and an international layer.
Adam Levin
DECEMBER 17, 2018
A bug on Facebook gave app developers unauthorized access to the photos of as many as 6.8 million users. The bug, which affected Facebook’s photo API, was active from September 13 through September 25, when it was discovered by Facebook and fixed. September 25 was coincidentally the same day the company announced a massive security breach that affected 30 million users.
Advertisement
After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!
The Last Watchdog
DECEMBER 20, 2018
From a certain perspective, 2018 hasn’t been as dramatic a cybersecurity year as 2017, in that we haven’t seen as many global pandemics like WannaCry. Related: WannaCry signals worse things to come. Still, Ransomware, zero-day exploits, and phishing attacks, were among the biggest threats facing IT security teams this year. 2018 has not been a d ull y ear as far as breaches.
WIRED Threat Level
DECEMBER 17, 2018
Frustrated by Twitter's silence on abuse against women, Amnesty International crowdsourced its own data and found that the platform was especially toxic for black women.
Schneier on Security
DECEMBER 19, 2018
The US House of Representatives Committee on Oversight and Government Reform has just released a comprehensive report on the 2017 Equifax hack. It's a great piece of writing, with a detailed timeline, root cause analysis, and lessons learned. Lance Spitzner also commented on this. Here is my testimony before before the House Subcommittee on Digital Commerce and Consumer Protection last November.
Adam Levin
DECEMBER 18, 2018
The cyberattack on the Marriott hotel chain that exposed the information of up to 500 million guests was most likely conducted by Chinese state-affiliated hackers, according to a preliminary investigation. Unnamed government sources for the New York Times and Washington Post familiar with the investigation of the breach have said that the methods utilized by the hackers, as well as the targeted data both suggest that the attacks are linked to the Chinese Ministry of State Security.
Advertisement
How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.
Security Affairs
DECEMBER 19, 2018
U.S. National Aeronautics and Space Administration (NASA) notifies employees of a data breach that exposed social security numbers and other personal information. According to the data breach notification, hackers have breached at least one of the agency’s servers, the security breach impacted both past and present employees. . Website SpaceRef published a data breach notification note sent by the NASA to its employees, the Agency informed them of an ongoing investigation due to an intrusion int
Lenny Zeltser
DECEMBER 20, 2018
My new writing course for cybersecurity professionals teaches how to write better reports, emails, and other content we regularly create. It captures my experience of writing in the field for over two decades and incorporates insights from other community members. It’s a course I wish I could’ve attended when I needed to improve my own security writing skills.
Elie
DECEMBER 20, 2018
This post looks at two-factor authentication adoption in the wild, highlights the disparity of support between the various categories of websites, and illuminates how fragmented the two factor ecosystem is in terms of standard adoption. Performing a longitudinal analysis highlights that the adoption rate of 2FA (two-factor authentication) has been mostly stagnant over the last five years, despite the ever increasing number of accounts hijacked due to the. reuse of passwords found in data breache
eSecurity Planet
DECEMBER 18, 2018
Former West Point professor Greg Conti explains how military doctrines apply to cyber security, and what lessons enterprises can learn from that.
Advertiser: Revenera
In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.
Security Affairs
DECEMBER 16, 2018
U.S. Ballistic Missile Defense Systems Fail Cybersecurity Audit. US DoD Inspector General’s report revealed United States’ ballistic missile defense systems (BMDS) fail to implements cyber security requirements. The U.S. Department of Defense Inspector General published a report this week that revealed that lack of adequate cybersecurity for the protection of the United States’ ballistic missile defense systems (BMDS).
Thales Cloud Protection & Licensing
DECEMBER 20, 2018
A few weeks ago, the National Academies of Sciences, Engineering and Medicine published a new report exploring the progress and prospects – or lack of – around quantum computing. Highlighting several technical and financial problems that need to be overcome before a functional quantum computer can be built, the report states it’s too early to even predict a timeline for the development of the technology.
WIRED Threat Level
DECEMBER 17, 2018
A new report for the Senate exposes how the IRA used every major social media platform to target Americans before and after the 2016 election.
eSecurity Planet
DECEMBER 21, 2018
We examine 7 cybersecurity research reports released in December -- and the controls organizations should consider implementing to reduce risk.
Advertisement
Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.
Security Affairs
DECEMBER 20, 2018
Security researcher SandboxEscaper released a working proof-of-concept (PoC) exploit for a new Windows zero-day vulnerability. Hacker Discloses New Unpatched Windows Zero-Day Exploit On Twitter. The security researcher SandboxEscaper is back and for the third time in a few months, released proof-of-concept (PoC) exploit for a new zero-day vulnerability affecting Microsoft’s Windows OS.
Dark Reading
DECEMBER 19, 2018
In 2019, usable security will become the new buzzword and signal a rejection of the argument that there must be a trade-off between convenience and security and privacy.
WIRED Threat Level
DECEMBER 17, 2018
A Senate report finds that Russia's Internet Research Agency was far more active, and more successful, on Instagram in 2017 than on Facebook or Twitter.
Thales Cloud Protection & Licensing
DECEMBER 18, 2018
Many years ago, a board member said to me, “We’ve employed you to do information security, so why do we have to do anything?” This was fairly typical. My experience in the past has been that information/cyber security professionals have often been relegated to giving advice on the threat landscape and risks, and then futilely lobbying the board for visibility and resources to put appropriate controls in place.
Advertisement
Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!
Security Affairs
DECEMBER 20, 2018
Hack the Air Force 3.0 – The US DoD announced that more than 30 white hat hackers earned $130,000 for more than 120 vulnerabilities. The U.S. Defense Department, along with bug bounty platform HackerOne, presented the results of the third bug bounty program Hack the Air Force. The program started on October 19 and lasted more than four weeks, it finished on November 22.
Dark Reading
DECEMBER 18, 2018
Before the wrapping paper starts flying, here's some welcome cybersecurity advice to share with friends and family.
WIRED Threat Level
DECEMBER 20, 2018
A new DOJ indictment outlines how Chinese hackers allegedly compromised data from companies in a dozen countries in a single intrusion.
Spinone
DECEMBER 21, 2018
Ransomware has arguably been the most commonly talked about topic in the security world regarding risks to organizations and their data. In the past few years, ransomware has made a name for itself with its destructive nature and high-profile headlines, with large numbers of organizations being affected in large scale ransomware infections, such as Petya and now Bad Rabbit and others.
Advertisement
Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.
Expert insights. Personalized for you.
239 
Let's personalize your content