Schneier on Security

JANUARY 26, 2018

On January 3, the world learned about a series of major security vulnerabilities in modern microprocessors. Called Spectre and Meltdown, these vulnerabilities were discovered by several different researchers last summer, disclosed to the microprocessors' manufacturers, and patched­ -- at least to the extent possible. This news isn't really any different from the usual endless stream of security vulnerabilities and patches, but it's also a harbinger of the sorts of security problems we're going t

Manufacturing 188

Manufacturing Software Banking Advertising 188

Troy Hunt

JANUARY 24, 2018

Usually when we talk about information security, we're talking about the mechanics of how things work. The attacker broke into a system due to a reused password, there was SQL injection because queries weren't parameterised or the company got ransomware'd because they didn't patch their things. These are all good discussions - essential discussions - but there's a broader and perhaps even more important one that we need to have and that's about the security culture within organisations.

Education 184

Education CISO Encryption Passwords 184

WIRED Threat Level

JANUARY 26, 2018

Scouring the blockchain, researchers found years-old evidence tying Silk Road transaction to users' public accounts.

Accountability 111

Accountability 111

Thales Cloud Protection & Licensing

JANUARY 25, 2018

This morning we announced, in tandem with our partner 451 Research, the Global Edition of the 2018 Thales Data Threat Report. It’s abundantly clear that medium to larger enterprises (the focus of the report and underlying survey) are finding it harder than ever to protect their sensitive data. The twin drivers of the problem are increased threats and the drive to digitally transform how organizations deliver value and revenue.

Digital transformation 96

Digital transformation Threat Reports Big data Data breaches 96

Advertisement

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

Passwords

Schneier on Security

JANUARY 22, 2018

Kaspersky Labs is reporting on a new piece of sophisticated malware: We observed many web landing pages that mimic the sites of mobile operators and which are used to spread the Android implants. These domains have been registered by the attackers since 2015. According to our telemetry, that was the year the distribution campaign was at its most active.

Malware 180

Malware Government Spyware Hacking 180

Dark Reading

JANUARY 24, 2018

Major DDoS attacks cost some organizations more than $100,000 in 2017, according to a new NETSCOUT Arbor report.

DDOS 94

DDOS 94

Thales Cloud Protection & Licensing

JANUARY 23, 2018

Gartner predicts that the worldwide public cloud services market will grow 17 percent in 2018 to $287.8 billion, up from $246.8 billion in 2017. While the increase in cloud migration is by no means a new trend, we are seeing more and more organizations seeking cloud-like consolidation, whether on-premises or in a private or public cloud. Consolidation is becoming the norm, and it is critical that organizations, whether consolidating internally or externally, have a secure multi-tenant environmen

Cloud Migration 81

Cloud Migration System Administration Architecture Firewall 81

Schneier on Security

JANUARY 24, 2018

This is clever : Researchers at Ben Gurion University in Beer Sheva, Israel have built a proof-of-concept system for counter-surveillance against spy drones that demonstrates a clever, if not exactly simple, way to determine whether a certain person or object is under aerial surveillance. They first generate a recognizable pattern on whatever subject­ -- a window, say -- someone might want to guard from potential surveillance.

Surveillance 171

Surveillance Encryption 171

Dark Reading

JANUARY 22, 2018

Latest version targets systems running ARC processors.

IoT 87

IoT Malware 87

WIRED Threat Level

JANUARY 23, 2018

Thanks to Tinder's patchwork use of HTTPS, researchers found they could reconstruct someone's entire experience in the app.

Encryption 111

Encryption 111

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Software

eSecurity Planet

JANUARY 26, 2018

A look at how security vendors that are employing artificial intelligence and machine learning to help IT security teams.

Artificial Intelligence 79

Artificial Intelligence Cybersecurity 79

Schneier on Security

JANUARY 25, 2018

A new vulnerability in WhatsApp has been discovered : the researchers unearthed far more significant gaps in WhatsApp's security: They say that anyone who controls WhatsApp's servers could effortlessly insert new people into an otherwise private group, even without the permission of the administrator who ostensibly controls access to that conversation.

Encryption 167

Encryption 167

Threatpost

JANUARY 21, 2018

Russian authorities have broken up a crime ring involving a hacker and willing gas-station employees who have used malicious software to cheat customers of gas.

Software 76

Software Government Malware Hacking 76

WIRED Threat Level

JANUARY 23, 2018

In the haste to address the Meltdown and Spectre vulnerabilities that shook the computer industry, several clumsy patch attempts have had to be pulled.

111

111

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

Dark Reading

JANUARY 24, 2018

To benefit from automation, we need to review incident response processes to find the areas where security analysts can engage in more critical thought and problem-solving.

73

73

Schneier on Security

JANUARY 23, 2018

This is a clever attack. After gaining control of the coin-mining software, the malware replaces the wallet address the computer owner uses to collect newly minted currency with an address controlled by the attacker. From then on, the attacker receives all coins generated, and owners are none the wiser unless they take time to manually inspect their software configuration.

Cryptocurrency 323

Cryptocurrency Malware Software Scams 323

Threatpost

JANUARY 25, 2018

Dueling browsers, Mozilla Firefox and Google Chrome, have patched bugs and beefed up security.

73

73

WIRED Threat Level

JANUARY 21, 2018

Opinion: Researchers from Yale Privacy Lab argue that the scourge of trackers in Android apps means users should stop using the Google Play store.

Malware 111

Malware 111

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Dark Reading

JANUARY 22, 2018

Hacktivists driven by political, religious, and other causes commonly exploit basic vulnerabilities to spread their messages, researchers say.

72

72

Schneier on Security

JANUARY 22, 2018

The EFF and Lookout are reporting on a new piece of spyware operating out of Lebanon. It primarily targets mobile devices compromised by fake secure messaging clients like Signal and WhatsApp. From the Lookout announcement: Dark Caracal has operated a series of multi-platform campaigns starting from at least January 2012, according to our research. The campaigns span across 21+ countries and thousands of victims.

Malware 157

Malware Spyware Manufacturing Mobile 157

Threatpost

JANUARY 26, 2018

Over 2,000 WordPress sites are infected as part of a keylogger campaign that leverages an old malicious script.

Cryptocurrency 66

Cryptocurrency Malware 66

WIRED Threat Level

JANUARY 22, 2018

Pixek, an end-to-end encrypted photo app, could point to the future of searchable cloud data storage.

Encryption 109

Encryption 109

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

Dark Reading

JANUARY 23, 2018

All the things you might think are covered but that don't actually fall under most policies.

Cyber Insurance 69

Cyber Insurance Insurance 69

Lenny Zeltser

JANUARY 21, 2018

This cheat sheet offers advice for product managers of new IT solutions at startups and enterprises. To print it, use the one-page PDF version; you can also edit the Word version to customize it for you own needs. Responsibilities of a Product Manager. Determine what to build, not how to build it. Envision the future pertaining to product domain. Align product roadmap to business strategy.

Technology 64

Technology Marketing Accountability Information Security 64

Thales Cloud Protection & Licensing

JANUARY 24, 2018

November 2017 saw one of Australia’s biggest ever data breaches, in which sensitive personal information regarding almost 50,000 consumers and 5,000 public servants was exposed online. Around the same time, US fashion retailer Forever 21 admitted that hackers had collected customers’ credit card information from its stores’ point of sale terminals over much of 2017, and the information of nearly 1.2 billion Indian citizens was reported to have been made publicly available when the country’s nati

Encryption 63

Encryption Data privacy Digital transformation Data breaches 63

WIRED Threat Level

JANUARY 20, 2018

False alarms, free speech, and more of the week's top security news.

Malware 108

Malware 108

Advertisement

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

Software

Dark Reading

JANUARY 25, 2018

Last year, cybercriminals shifted from consumer to enterprise targets and leveraged ransomware as their weapon of choice.

Ransomware 68

Ransomware 68

Threatpost

JANUARY 22, 2018

Researchers have found three Sega game apps that connect to insecure servers and risk leaking user data.

Risk 63

Risk Mobile 63

eSecurity Planet

JANUARY 24, 2018

Curious about DMARC? Learn how to set up a basic DMARC email security policy, including SPF and DKIM, in this eSecurity Planet tutorial.

51

51

The Falcon's View

JANUARY 25, 2018

There are shenanigans afoot, I tell ya; shenanigans! I was recently contacted by an intermediary asking if I'd be interested in writing a paid blog post slamming analysts, to be published on my own blog site, and then promoted by the vendor. No real details were given other than the expectation to slam analyst firms, but once I learned who was funding the initiative, it became pretty clear what was going on.

Marketing 40

Marketing Architecture 40

Advertisement

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

Cybersecurity