Schneier on Security
SEPTEMBER 5, 2019
A decade ago, the Doghouse was a regular feature in both my email newsletter Crypto-Gram and my blog. In it, I would call out particularly egregious -- and amusing -- examples of cryptographic " snake oil.". I dropped it both because it stopped being fun and because almost everyone converged on standard cryptographic libraries, which meant standard non-snake-oil cryptography.
Adam Levin
SEPTEMBER 4, 2019
The CEO of a UK-based energy firm lost the equivalent of $243,000 after falling for a phone scam that implemented artificial intelligence, specifically a deepfake voice. The Wall Street Journal reported that the CEO of an unnamed UK energy company received a phone call from what sounded like his boss, the CEO of a German parent company, telling him to wire €220,000 (roughly $243,000) to a bank account in Hungary.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Krebs on Security
SEPTEMBER 3, 2019
A 21-year-old man from Vancouver, Wash. has pleaded guilty to federal hacking charges tied to his role in operating the “ Satori ” botnet, a crime machine powered by hacked Internet of Things (IoT) devices that was built to conduct massive denial-of-service attacks targeting Internet service providers, online gaming platforms and Web hosting companies.
The Last Watchdog
SEPTEMBER 4, 2019
The convergence of DevOps and SecOps is steadily gaining traction in the global marketplace. Some fresh evidence of this encouraging trend comes to us by way of shared intelligence from WhiteHat Security. Related: The tie between DevOps and SecOps. Organizations that are all-in leveraging microservices to speed-up application development, on the DevOps side of the house, have begun acknowledging the importance of incorporating SecOps along the way.
Advertisement
Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.
Schneier on Security
SEPTEMBER 3, 2019
China is being blamed for a massive surveillance operation that targeted Uyghur Muslims. This story broke in waves, the first wave being about the iPhone. Earlier this year, Google's Project Zero found a series of websites that have been using zero-day vulnerabilities to indiscriminately install malware on iPhones that would visit the site. (The vulnerabilities were patched in iOS 12.1.4, released on February 7.).
Adam Levin
SEPTEMBER 5, 2019
As much as I love this one friend of mine, nothing is private when we’re together. You probably have a friend like this. The relationship is really great so you stay friends despite all, but this particular friend simply cannot know something about you without sharing it with others no matter how hard you try to get them to understand it’s totally uncool. .
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
The Last Watchdog
SEPTEMBER 6, 2019
Threat intelligence sharing is such a simple concept that holds so much promise for stopping threat actors in their tracks. So why hasn’t it made more of an impact stopping network breaches? Related: Ground zero for cybersecurity research Having covered the cybersecurity industry for the past 15 years, it’s clear to me that there are two primary reasons.
Schneier on Security
SEPTEMBER 6, 2019
Many GPS trackers are shipped with the default password 123456. Many users don't change them. We just need to eliminate default passwords. This is an easy win.
Adam Levin
AUGUST 31, 2019
Researchers at Google announced the discovery of a hacking campaign that used hacked websites to deliver malware to iPhones. Project Zero, Google’s security research team, discovered fourteen previously unknown vulnerabilities, called zero day exploits, that were capable of compromising iPhones. Further research revealed a small collection of hacked websites capable of delivering malware to iPhone users visiting those sites.
Adam Shostack
SEPTEMBER 3, 2019
Threat modeling isn’t one task — its a collection of tasks that build on each other to produce more valuable insights. One of the values of the four question frame is that it lets us reduce things into smaller, more assessable building blocks. And in that vein, there are a couple of new, short (4-page), interesting papers from a team at KU Leuven including: Knowledge is Power: Systematic Reuse of Privacy Knowledge for Threat Elicitation.
Advertisement
After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!
Daniel Miessler
AUGUST 31, 2019
I’ve written before about the paradox of hiring managers not being able to find entry-level cybersecurity candidates, while many people with decent training or even degrees in the field cannot get hired. As it turns out, it’s not really that hard to explain. The Military takes you from zero to hero. In extremely large and long-term-focused organizations—like the Military—this gap is understood, so they spend time building extensive, standardized programs that can take any
Schneier on Security
SEPTEMBER 4, 2019
Good article in the Washington Post on all the surveillance associated with credit card use.
Thales Cloud Protection & Licensing
SEPTEMBER 4, 2019
The weeklong “hacker summer camp” of the combined Black Hat and DefCon drew over 22,000 attendees to Las Vegas last month. Overall, we continue to think the security industry is still ripe for commoditization, especially from the cloud providers who have the capacity to simply offer features as a default. Last year we thought we saw evidence that security vendors were consolidating and on the cusp of providing higher order services to meet this threat, but we didn’t see much evidence of that str
Advertisement
How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.
Security Affairs
SEPTEMBER 5, 2019
New problems to Facebook , phone numbers associated with more than 400 million accounts of the social network giant were exposed online. A new privacy incident involved Facebook, according to TechCruch, phone numbers associated with 419 million accounts of the social network giant were exposed online. The data was found by Sanyam Jain, a security researcher and member of the GDI Foundation, who contacted TechCrunch because he was able to contact the owner of the archive. .
Dark Reading
SEPTEMBER 5, 2019
New Bedford, Massachusetts' refusal to pay a $5.3 million ransom highlights how victim towns and cities may be hitting the limit to what they're willing to spend to speed recovery.
Thales Cloud Protection & Licensing
SEPTEMBER 5, 2019
In responding to ever-evolving threats and opportunities, enterprises today must embrace constant motion – a continuous cycle of responding to change and keeping one eye on what’s to come. This underpins the digital transformation imperative most of them face today, and the huge responsibility that rests on the shoulders of the CIO. With many of these transformations, it is not just the premise of keeping up that drives the huge levels of investment we see organisations making – but also the pro
Daniel Miessler
SEPTEMBER 2, 2019
This is UL Member Content Subscribe Already a member? Login No related posts.
Advertiser: Revenera
In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.
Security Affairs
SEPTEMBER 2, 2019
Akamai researcher Larry Cashdollar reported that a cryptocurrency miner that previously hit only Arm-powered IoT devices it now targeting Intel systems. The popular researcher Larry Cashdollar, from Akamai SIRT, announced in exclusive to The Register, that he observed a miner that previously hit only Arm-powered IoT devices targeting Intel systems. The researchers revealed that one of his honeypots was hit by this IoT malware that targets Intel machines running Linux. “I suspect it’s proba
Dark Reading
SEPTEMBER 4, 2019
The cost of breaches will rise by two-thirds over the next five years, exceeding an estimated $5 trillion in 2024, primarily driven by higher fines as more jurisdictions punish companies for lax security.
Threatpost
SEPTEMBER 3, 2019
International cosmetics brand Yves Rocher found itself caught in a third-party data exposure incident that leaked the personal information of millions of customers.
WIRED Threat Level
SEPTEMBER 3, 2019
A newly disclosed vulnerability in Supermicro hardware brings the threat of malicious USBs to corporate servers.
Advertisement
Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.
Security Affairs
SEPTEMBER 4, 2019
Zero-day broker Zerodium has updated the price list for both Android and iOS exploits, with Android ones having surpassed the iOS ones for the first time. For the first time, the price for Android exploits is higher than the iOS ones, this is what has emerged from the updated price list published by the zero-day broker Zerodium. Announcement: We've updated our prices for major Mobile exploits.
Dark Reading
SEPTEMBER 5, 2019
Field-programmable gate arrays are flexible, agile-friendly components that populate many infrastructure and IoT devices - and have recently become the targets of researchers finding vulnerabilities.
Threatpost
SEPTEMBER 5, 2019
After being hit by a ransomware attack, Massachusetts city New Bedford faced a payout demand of more than $5 million - one of the latest known ransoms ever.
Kali Linux
SEPTEMBER 1, 2019
We are pleased to announce that our third release of 2019, Kali Linux 2019.3, is available immediately for download. This release brings our kernel up to version 5.2.9 , and includes various new features across the board with NetHunter, ARM and packages (plus the normal bugs fixes and updates). As promised in our roadmap blog post , there are both user facing and backend updates.
Advertisement
Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!
Security Affairs
SEPTEMBER 3, 2019
Criminals have stolen more than €1.5 million from the German bank OLB by cloning customer debit cards and using them to cash out user funds across Brazil. ZDnet first reported that last week cyber criminals have stolen more than €1.5 million from the German bank Oldenburgische Landesbank (OLB) by cloning customer debit cards and using them to cash out user funds across Brazil.
Dark Reading
SEPTEMBER 5, 2019
Healthcare organizations should be alarmed by the frequency and severity of cyberattacks. Don't assume you're safe from them just because you're compliant with regulations.
Threatpost
SEPTEMBER 4, 2019
Cybercrooks successfully fooled a company into a large wire transfer using an AI-powered deep fake of a chief executive's voice, according to a report.
WIRED Threat Level
SEPTEMBER 5, 2019
By releasing its homegrown differential privacy tool, Google will make it easier for any company to boost its privacy bona fides.
Advertisement
Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.
Expert insights. Personalized for you.
245 
Let's personalize your content