Schneier on Security
DECEMBER 4, 2017
I agree with Lorenzo Franceschi-Bicchierai, " Cryptocurrencies aren't 'crypto' ": Lately on the internet, people in the world of Bitcoin and other digital currencies are starting to use the word "crypto" as a catch-all term for the lightly regulated and burgeoning world of digital currencies in general, or for the word "cryptocurrency" -- which probably shouldn't even be called "currency," by the way. [.].
WIRED Threat Level
DECEMBER 5, 2017
The attack uncovers bugs in how more than a dozen programs implement email's creaky protocol.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Elie
DECEMBER 2, 2017
This post provides a retrospective analysis of Mirai — the infamous Internet-of-Things botnet that took down major websites via massive distributed denial-of-service using hundreds of thousands of compromised Internet-Of-Things devices. At its peak in September 2016, Mirai temporarily crippled several high-profile services such as. OVH. , Dyn. , and.
Dark Reading
DECEMBER 5, 2017
Some 70% of simulated attacks on real networks were able to move laterally within the network, while more than half infiltrated the perimeter and exfiltrated data.
Advertisement
Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.
Schneier on Security
DECEMBER 6, 2017
The German Interior Minister is preparing a bill that allows the government to mandate backdoors in encryption. No details about how likely this is to pass. I am skeptical.
WIRED Threat Level
DECEMBER 7, 2017
Opinion: Rep. Will Hurd of Texas argues that quantum computers will rock current security protocols that protect government and financial systems.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
Dark Reading
DECEMBER 6, 2017
Updated version includes changes to some existing guidelines - and adds some new ones.
Schneier on Security
DECEMBER 8, 2017
New research found that many banks offer certificate pinning as a security feature, but fail to authenticate the hostname. This leaves the systems open to man-in-the-middle attacks. From the paper : Abstract : Certificate verification is a crucial stage in the establishment of a TLS connection. A common security flaw in TLS implementations is the lack of certificate hostname verification but, in general, this is easy to detect.
WIRED Threat Level
DECEMBER 5, 2017
A green padlock might make it seem like a site is secure, but increasingly phishers are using it to lure victims into giving up sensitive info.
Threatpost
DECEMBER 5, 2017
TeamViewer says it has issued a hotfix to address a bug that allows users sharing a desktop session to gain control of the other’s computer without permission.
Advertisement
After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!
Dark Reading
DECEMBER 7, 2017
Fictional Grey Sloan Memorial Hospital is locked out of its electronic medical records, but in the real world, healthcare organizations face even greater risks.
Schneier on Security
DECEMBER 5, 2017
Matt Blaze's House testimony on the security of voting machines is an excellent read. (Details on the entire hearing is here.) I have not watched the video.
WIRED Threat Level
DECEMBER 5, 2017
Opinion: A new report from Citizen Lab shows that governments are using commercial spyware to surveil dissidents and journalists.
Elie
DECEMBER 2, 2017
This post provides a retrospective analysis of Mirai — the infamous Internet-of-Things botnet that took down major websites via massive distributed denial-of-service using hundreds of thousands of compromised Internet-Of-Things devices.
Advertisement
How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.
Dark Reading
DECEMBER 6, 2017
Researchers at Black Hat Europe today revealed how a buffer overflow they discovered in the chip's firmware can be abused to take control of a machine - even when it's turned 'off.
eSecurity Planet
DECEMBER 4, 2017
VIDEO: Nadir Izrael, co-founder and CTO of Armis Security, discusses the evolving landscape for Internet of Things security.
WIRED Threat Level
DECEMBER 5, 2017
With the release of Ghostery 8, the popular ad-blocker introduces artificial intelligence and Smart Mode, a whole new level of usability for beginners.
Threatpost
DECEMBER 7, 2017
Using a free tool called Spinner, researchers identified certificate pinning vulnerabilities in mobile banking apps that left customers vulnerable to man-in-the-middle attacks.
Advertiser: Revenera
In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.
Dark Reading
DECEMBER 4, 2017
As government regulation looms, the security industry must take a leading role in determining whether the convenience of the Internet of Things is worth the risk and compromise of unsecured devices.
eSecurity Planet
DECEMBER 5, 2017
Just 2 percent say IoT presents no new security challenges.
WIRED Threat Level
DECEMBER 7, 2017
A new Iran-linked hacking group called APT 34 has been spotted lurking in the networks of financial, energy, telecom, and chemical companies.
Threatpost
DECEMBER 4, 2017
Google beefs up privacy protections on apps distributed via third-party Android marketplaces and Google Play that that collect personal data without user consent.
Advertisement
Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.
Dark Reading
DECEMBER 6, 2017
The former head of cyber for the US State Department calls for agreements across countries to improve government cybersecurity.
eSecurity Planet
DECEMBER 8, 2017
The 4,736 Bitcoin stolen from NiceHash have surged in value over the past few days.
WIRED Threat Level
DECEMBER 2, 2017
A bill to punish hack hiders, Apple bug fix bumbling, and more of the week's top security stories.
Threatpost
DECEMBER 8, 2017
Apple said it has fixed an undisclosed vulnerability in its HomeKit framework that could have allowed unauthorized remote control of HomeKit devices such as smart locks and connected garage door openers.
Advertisement
Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!
Dark Reading
DECEMBER 7, 2017
More than nine years after it infected millions of systems worldwide, the malware continues to be highly active, according to a Trend Micro report.
eSecurity Planet
DECEMBER 5, 2017
Google end 2017 the same way it began the year, by patching media framework flaws.
WIRED Threat Level
DECEMBER 7, 2017
With Project Sopris, Microsoft has a new hardware solution for the next wave of IoT security problems.
Threatpost
DECEMBER 6, 2017
As part of its December Android and Pixel/Nexus security updates, Google has issued patches addressing a bevy of flaws, 11 of which are rated critical.
Advertisement
Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.
Expert insights. Personalized for you.
183 
Let's personalize your content