Schneier on Security
JANUARY 14, 2020
The security risks inherent in Chinese-made 5G networking equipment are easy to understand. Because the companies that make the equipment are subservient to the Chinese government, they could be forced to include backdoors in the hardware or software to give Beijing remote access. Eavesdropping is also a risk, although efforts to listen in would almost certainly be detectable.
Krebs on Security
JANUARY 13, 2020
Sources tell KrebsOnSecurity that Microsoft Corp. is slated to release a software update on Tuesday to fix an extraordinarily serious security vulnerability in a core cryptographic component present in all versions of Windows. Those sources say Microsoft has quietly shipped a patch for the bug to branches of the U.S. military and to other high-value customers/targets that manage key Internet infrastructure, and that those organizations have been asked to sign agreements preventing them from dis
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Adam Levin
JANUARY 15, 2020
An unsecured database discovered online has leaked thousands of baby photos and videos. . Bithouse, Inc. left unprotected and accessible online an Elasticsearch database containing nearly 100GB of information associated with its app Peekabo Moments. The leaked data includes photos, videos, and birthdates of babies, as well as 800,000 email addresses, location data as well as detailed device information. .
Tech Republic Security
JANUARY 17, 2020
CES 2020: A "hacked" robot was on display to demonstrate how SigmaDots serverless architecture is poised to fend off IoT security threats.
Advertisement
Many cybersecurity awareness platforms offer massive content libraries, yet they fail to enhance employees’ cyber resilience. Without structured, engaging, and personalized training, employees struggle to retain and apply key cybersecurity principles. Phished.io explains why organizations should focus on interactive, scenario-based learning rather than overwhelming employees with excessive content.
Schneier on Security
JANUARY 15, 2020
Yesterday's Microsoft Windows patches included a fix for a critical vulnerability in the system's crypto library. A spoofing vulnerability exists in the way Windows CryptoAPI (Crypt32.dll) validates Elliptic Curve Cryptography (ECC) certificates. An attacker could exploit the vulnerability by using a spoofed code-signing certificate to sign a malicious executable, making it appear the file was from a trusted, legitimate source.
Krebs on Security
JANUARY 14, 2020
Microsoft today released updates to plug 50 security holes in various flavors of Windows and related software. The patch batch includes a fix for a flaw in Windows 10 and server equivalents of this operating system that prompted an unprecedented public warning from the U.S. National Security Agency. This month also marks the end of mainstream support for Windows 7 , a still broadly-used operating system that will no longer be supplied with security updates.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
|
Tech Republic Security
JANUARY 16, 2020
The most successful email lures don't promise riches, but issue imminent cybersecurity warnings or urgent office messages, a report reveals.
Schneier on Security
JANUARY 16, 2020
Story of how Tiffany & Company moved all of its inventory from one store to another. Short summary: careful auditing and a lot of police.
Krebs on Security
JANUARY 13, 2020
Anyone searching for a primer on how to spot clever phishing links need look no further than those targeting customers of Apple , whose brand by many measures remains among the most-targeted. Past stories here have examined how scammers working with organized gangs try to phish iCloud credentials from Apple customers who have a mobile device that is lost or stolen.
Adam Shostack
JANUARY 16, 2020
In the last few days, we’ve seen two big stories in the realm of cryptography. The first is that SHA-1 breaks are now practical , and those practical breaks impact things like PGP and git. If you have code that depends on SHA-1, its time to fix that. If you have a protocol that uses SHA1, you need to rapidly version cycle. Thinking a bit more strategically, SHA-1 was designed by the NSA, and published in 1993.
Advertisement
The DHS compliance audit clock is ticking on Zero Trust. Government agencies can no longer ignore or delay their Zero Trust initiatives. During this virtual panel discussion—featuring Kelly Fuller Gordon, Founder and CEO of RisX, Chris Wild, Zero Trust subject matter expert at Zermount, Inc., and Principal of Cybersecurity Practice at Eliassen Group, Trey Gannon—you’ll gain a detailed understanding of the Federal Zero Trust mandate, its requirements, milestones, and deadlines.
Tech Republic Security
JANUARY 16, 2020
Security researcher Saleem Rashid "rickrolled" himself to show that the bug could be exploited in the real world to spoof security certificates on machines without Microsoft's patch.
Schneier on Security
JANUARY 14, 2020
This is a current list of where and when I am scheduled to speak: I'm speaking at Indiana University Bloomington on January 30, 2020. I'll be at RSA Conference 2020 in San Francisco. On Wednesday, February 26, at 2:50 PM, I'll be part of a panel on "How to Reduce Supply Chain Risk: Lessons from Efforts to Block Huawei." On Thursday, February 27, at 9:20 AM, I'm giving a keynote on "Hacking Society.".
Adam Levin
JANUARY 13, 2020
The City of Las Vegas successfully averted what could have been a disastrous cyberattack earlier this month. City officials detected a cyberattack January 7, and in response immediately took several services offline, including its public-facing website. . “We do not believe any data was lost from our systems and no personal data was taken. We are unclear as to who was responsible for the compromise, but we will continue to look for potential indications,” the city announced on its Twitter feed.
Adam Shostack
JANUARY 15, 2020
Spudnet is a new game to teach networking and security concepts. The creators were kind enough to send me a pre-production copy, and I can tell you – it looks and feels super solid, and, more importantly, it plays well. The Kickstarter has already met its goals, and while all Kickstarters have risk, the creators clearly have production down.
Advertisement
Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.
Tech Republic Security
JANUARY 15, 2020
Many organizations underestimate the value of their data to skilled and organized cybercriminals, said security provider eSentire.
CTOVision Cybersecurity
JANUARY 12, 2020
Editor’s note: We are aiming this tutorial at the non-technical person. Please share with anyone in your life who could benefit from this. -bg Cyberspace is a complex domain and our adversaries are always seeking new ways to steal information or spread their malicious code or hold our data for ransom. This is the big reason […].
Threatpost
JANUARY 15, 2020
There are five different pillars to implement when moving to a modern, zero-trust security model.
Adam Shostack
JANUARY 12, 2020
Andrew McCarthy has an amazing and impressive photographs of the moon on Instagram. To call these photographs is somewhat provocative. In his trilogy, Ansel Adams focuses (sorry! Not sorry) on composition, exposure, and development. By exposure, he specifically meant exposing film to light in controlled ways that caused chemical reactions on the film, and it remains common to hear photographers talk of ‘an exposure’, in much the same way that we dial phones.
Advertisement
Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.
Tech Republic Security
JANUARY 16, 2020
Now that you have the Observium network monitoring platform installed, it's time to add a host.
WIRED Threat Level
JANUARY 12, 2020
If you have a Facebook account—and even if you don't—the company is going to collect data about you. But you can at least control how it gets used.
Security Affairs
JANUARY 13, 2020
A group of anonymous security researchers that calls itself Intrusion Truth have tracked the activity of a China-linked cyber – e spionage group dubbed APT40. A group of anonymous security researchers that calls itself Intrusion Truth has discovered that a China-linked cyberespionage group, tracked as APT40, uses 13 front companies operating in the island of Hainan to recruit hackers.
Daniel Miessler
JANUARY 13, 2020
[advanced_iframe src=”[link] width=”100%”] No related posts.
Advertisement
How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.
Tech Republic Security
JANUARY 15, 2020
Designed to exploit a vulnerability in Windows 10 and Windows Server 2016 and 2019, the bug could allow an attacker to remotely access and control an infected computer.
WIRED Threat Level
JANUARY 14, 2020
It took decades, but the galaxy finally has a tactical and operational genius. .
Security Affairs
JANUARY 12, 2020
Last week, Senator Tom Cotton (R-Arkansas) introduced a bill that would ban intelligence sharing with countries that use Huawei 5G networks. Senator Tom Cotton (R-Arkansas) has introduced this week a new bill that would ban the sharing of intelligence with countries that use Huawei equipment on their fifth-generation (5G) networks. Since November 2018, the US Government has invited its allies to exclude Chinese equipment from critical infrastructure and 5G architectures over security concerns.
Dark Reading
JANUARY 13, 2020
The Manor Independent School District is investigating a phishing email scam that led to three separate fraudulent transactions.
Advertisement
After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!
Tech Republic Security
JANUARY 14, 2020
Your best bet is to finish a migration to Windows 10 ASAP, but there are other options in the interim, says content delivery company Kollective.
WIRED Threat Level
JANUARY 14, 2020
In a shift toward transparency, the National Security Agency announced a bug that could have left over 900 million PCs vulnerable to attack.
Security Affairs
JANUARY 16, 2020
Researchers published proof-of-concept (PoC) code exploits for a recently-patched CVE-2020-0601 flaw in the Windows operating system reported by NSA. Security researchers have published two proof-of-concept (PoC) code exploits for the recently-patched CVE-2020-0601 vulnerability that has been reported to Microsoft by the US National Security Agency (NSA).
Thales Cloud Protection & Licensing
JANUARY 14, 2020
Today’s innovations and technologies provide tremendous opportunities for enterprises. Along with innovation and technology proliferation, new challenges that will shape business during 2020. The importance of data and the power of being an insights-driven enterprise are increasing the amount of damage that data breaches can cause. The adoption of emerging technologies like 5G will fuel the proliferation of Internet of Things (IoT) that’s often built with only a few security controls and therefo
Advertiser: Revenera
In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.
Expert insights. Personalized for you.
279 
Let's personalize your content