Schneier on Security
JANUARY 23, 2018
This is a clever attack. After gaining control of the coin-mining software, the malware replaces the wallet address the computer owner uses to collect newly minted currency with an address controlled by the attacker. From then on, the attacker receives all coins generated, and owners are none the wiser unless they take time to manually inspect their software configuration.
Troy Hunt
JANUARY 24, 2018
Usually when we talk about information security, we're talking about the mechanics of how things work. The attacker broke into a system due to a reused password, there was SQL injection because queries weren't parameterised or the company got ransomware'd because they didn't patch their things. These are all good discussions - essential discussions - but there's a broader and perhaps even more important one that we need to have and that's about the security culture within organisations.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Thales Cloud Protection & Licensing
JANUARY 25, 2018
This morning we announced, in tandem with our partner 451 Research, the Global Edition of the 2018 Thales Data Threat Report. It’s abundantly clear that medium to larger enterprises (the focus of the report and underlying survey) are finding it harder than ever to protect their sensitive data. The twin drivers of the problem are increased threats and the drive to digitally transform how organizations deliver value and revenue.
WIRED Threat Level
JANUARY 23, 2018
In the haste to address the Meltdown and Spectre vulnerabilities that shook the computer industry, several clumsy patch attempts have had to be pulled.
Advertisement
Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.
Schneier on Security
JANUARY 26, 2018
On January 3, the world learned about a series of major security vulnerabilities in modern microprocessors. Called Spectre and Meltdown, these vulnerabilities were discovered by several different researchers last summer, disclosed to the microprocessors' manufacturers, and patched -- at least to the extent possible. This news isn't really any different from the usual endless stream of security vulnerabilities and patches, but it's also a harbinger of the sorts of security problems we're going t
Dark Reading
JANUARY 23, 2018
Following these tips can improve your security visibility and standardize management across hybrid environments.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
WIRED Threat Level
JANUARY 21, 2018
Opinion: Researchers from Yale Privacy Lab argue that the scourge of trackers in Android apps means users should stop using the Google Play store.
Schneier on Security
JANUARY 22, 2018
Kaspersky Labs is reporting on a new piece of sophisticated malware: We observed many web landing pages that mimic the sites of mobile operators and which are used to spread the Android implants. These domains have been registered by the attackers since 2015. According to our telemetry, that was the year the distribution campaign was at its most active.
eSecurity Planet
JANUARY 26, 2018
A look at how security vendors that are employing artificial intelligence and machine learning to help IT security teams.
Dark Reading
JANUARY 24, 2018
Major DDoS attacks cost some organizations more than $100,000 in 2017, according to a new NETSCOUT Arbor report.
Advertisement
After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!
WIRED Threat Level
JANUARY 25, 2018
As the so-called Doomsday Clock ticks even closer to midnight, a reminder of just how easy it is to slip into nuclear war.
Schneier on Security
JANUARY 24, 2018
This is clever : Researchers at Ben Gurion University in Beer Sheva, Israel have built a proof-of-concept system for counter-surveillance against spy drones that demonstrates a clever, if not exactly simple, way to determine whether a certain person or object is under aerial surveillance. They first generate a recognizable pattern on whatever subject -- a window, say -- someone might want to guard from potential surveillance.
Threatpost
JANUARY 21, 2018
Russian authorities have broken up a crime ring involving a hacker and willing gas-station employees who have used malicious software to cheat customers of gas.
Dark Reading
JANUARY 24, 2018
To benefit from automation, we need to review incident response processes to find the areas where security analysts can engage in more critical thought and problem-solving.
Advertisement
How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.
WIRED Threat Level
JANUARY 23, 2018
Thanks to Tinder's patchwork use of HTTPS, researchers found they could reconstruct someone's entire experience in the app.
Schneier on Security
JANUARY 25, 2018
A new vulnerability in WhatsApp has been discovered : the researchers unearthed far more significant gaps in WhatsApp's security: They say that anyone who controls WhatsApp's servers could effortlessly insert new people into an otherwise private group, even without the permission of the administrator who ostensibly controls access to that conversation.
Thales Cloud Protection & Licensing
JANUARY 24, 2018
November 2017 saw one of Australia’s biggest ever data breaches, in which sensitive personal information regarding almost 50,000 consumers and 5,000 public servants was exposed online. Around the same time, US fashion retailer Forever 21 admitted that hackers had collected customers’ credit card information from its stores’ point of sale terminals over much of 2017, and the information of nearly 1.2 billion Indian citizens was reported to have been made publicly available when the country’s nati
Lenny Zeltser
JANUARY 21, 2018
This cheat sheet offers advice for product managers of new IT solutions at startups and enterprises. To print it, use the one-page PDF version; you can also edit the Word version to customize it for you own needs. Responsibilities of a Product Manager. Determine what to build, not how to build it. Envision the future pertaining to product domain. Align product roadmap to business strategy.
Advertiser: Revenera
In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.
WIRED Threat Level
JANUARY 26, 2018
Scouring the blockchain, researchers found years-old evidence tying Silk Road transaction to users' public accounts.
Schneier on Security
JANUARY 22, 2018
The EFF and Lookout are reporting on a new piece of spyware operating out of Lebanon. It primarily targets mobile devices compromised by fake secure messaging clients like Signal and WhatsApp. From the Lookout announcement: Dark Caracal has operated a series of multi-platform campaigns starting from at least January 2012, according to our research. The campaigns span across 21+ countries and thousands of victims.
Dark Reading
JANUARY 22, 2018
Hacktivists driven by political, religious, and other causes commonly exploit basic vulnerabilities to spread their messages, researchers say.
eSecurity Planet
JANUARY 24, 2018
Curious about DMARC? Learn how to set up a basic DMARC email security policy, including SPF and DKIM, in this eSecurity Planet tutorial.
Advertisement
Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.
WIRED Threat Level
JANUARY 22, 2018
Pixek, an end-to-end encrypted photo app, could point to the future of searchable cloud data storage.
Threatpost
JANUARY 25, 2018
Dueling browsers, Mozilla Firefox and Google Chrome, have patched bugs and beefed up security.
Dark Reading
JANUARY 22, 2018
New Kroll Annual Global Fraud & Risk Report says 86% of companies worldwide experienced security incidents and information theft and loss in the past twelve months.
The Falcon's View
JANUARY 25, 2018
There are shenanigans afoot, I tell ya; shenanigans! I was recently contacted by an intermediary asking if I'd be interested in writing a paid blog post slamming analysts, to be published on my own blog site, and then promoted by the vendor. No real details were given other than the expectation to slam analyst firms, but once I learned who was funding the initiative, it became pretty clear what was going on.
Advertisement
Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!
WIRED Threat Level
JANUARY 20, 2018
False alarms, free speech, and more of the week's top security news.
Threatpost
JANUARY 26, 2018
Over 2,000 WordPress sites are infected as part of a keylogger campaign that leverages an old malicious script.
Dark Reading
JANUARY 26, 2018
Experts say it's not enough to just post data classification guidelines and revisit the topic once a year. Companies have to build in privacy by design.
Spinone
JANUARY 24, 2018
Cyber attacks should be of great concern for businesses of any size in this day and age. Data breaches are reaching epidemic levels, with 46 data records being stolen every second. As cyber security threat detection is essential for digital health of any organization, you need to identify the risk sources: external or internal. Most companies focus on reducing the threats from outside the business.
Advertisement
Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.
Expert insights. Personalized for you.
304 
Let's personalize your content