Schneier on Security
SEPTEMBER 5, 2019
A decade ago, the Doghouse was a regular feature in both my email newsletter Crypto-Gram and my blog. In it, I would call out particularly egregious -- and amusing -- examples of cryptographic " snake oil.". I dropped it both because it stopped being fun and because almost everyone converged on standard cryptographic libraries, which meant standard non-snake-oil cryptography.
Adam Levin
SEPTEMBER 4, 2019
The CEO of a UK-based energy firm lost the equivalent of $243,000 after falling for a phone scam that implemented artificial intelligence, specifically a deepfake voice. The Wall Street Journal reported that the CEO of an unnamed UK energy company received a phone call from what sounded like his boss, the CEO of a German parent company, telling him to wire €220,000 (roughly $243,000) to a bank account in Hungary.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Krebs on Security
SEPTEMBER 3, 2019
A 21-year-old man from Vancouver, Wash. has pleaded guilty to federal hacking charges tied to his role in operating the “ Satori ” botnet, a crime machine powered by hacked Internet of Things (IoT) devices that was built to conduct massive denial-of-service attacks targeting Internet service providers, online gaming platforms and Web hosting companies.
The Last Watchdog
SEPTEMBER 4, 2019
The convergence of DevOps and SecOps is steadily gaining traction in the global marketplace. Some fresh evidence of this encouraging trend comes to us by way of shared intelligence from WhiteHat Security. Related: The tie between DevOps and SecOps. Organizations that are all-in leveraging microservices to speed-up application development, on the DevOps side of the house, have begun acknowledging the importance of incorporating SecOps along the way.
Advertisement
Many cybersecurity awareness platforms offer massive content libraries, yet they fail to enhance employees’ cyber resilience. Without structured, engaging, and personalized training, employees struggle to retain and apply key cybersecurity principles. Phished.io explains why organizations should focus on interactive, scenario-based learning rather than overwhelming employees with excessive content.
Schneier on Security
SEPTEMBER 3, 2019
China is being blamed for a massive surveillance operation that targeted Uyghur Muslims. This story broke in waves, the first wave being about the iPhone. Earlier this year, Google's Project Zero found a series of websites that have been using zero-day vulnerabilities to indiscriminately install malware on iPhones that would visit the site. (The vulnerabilities were patched in iOS 12.1.4, released on February 7.).
Adam Levin
SEPTEMBER 5, 2019
As much as I love this one friend of mine, nothing is private when we’re together. You probably have a friend like this. The relationship is really great so you stay friends despite all, but this particular friend simply cannot know something about you without sharing it with others no matter how hard you try to get them to understand it’s totally uncool. .
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
|
The Last Watchdog
SEPTEMBER 6, 2019
Threat intelligence sharing is such a simple concept that holds so much promise for stopping threat actors in their tracks. So why hasn’t it made more of an impact stopping network breaches? Related: Ground zero for cybersecurity research Having covered the cybersecurity industry for the past 15 years, it’s clear to me that there are two primary reasons.
Schneier on Security
SEPTEMBER 4, 2019
Good article in the Washington Post on all the surveillance associated with credit card use.
Adam Shostack
SEPTEMBER 3, 2019
Threat modeling isn’t one task — its a collection of tasks that build on each other to produce more valuable insights. One of the values of the four question frame is that it lets us reduce things into smaller, more assessable building blocks. And in that vein, there are a couple of new, short (4-page), interesting papers from a team at KU Leuven including: Knowledge is Power: Systematic Reuse of Privacy Knowledge for Threat Elicitation.
Advertisement
The DHS compliance audit clock is ticking on Zero Trust. Government agencies can no longer ignore or delay their Zero Trust initiatives. During this virtual panel discussion—featuring Kelly Fuller Gordon, Founder and CEO of RisX, Chris Wild, Zero Trust subject matter expert at Zermount, Inc., and Principal of Cybersecurity Practice at Eliassen Group, Trey Gannon—you’ll gain a detailed understanding of the Federal Zero Trust mandate, its requirements, milestones, and deadlines.
Security Affairs
SEPTEMBER 5, 2019
New problems to Facebook , phone numbers associated with more than 400 million accounts of the social network giant were exposed online. A new privacy incident involved Facebook, according to TechCruch, phone numbers associated with 419 million accounts of the social network giant were exposed online. The data was found by Sanyam Jain, a security researcher and member of the GDI Foundation, who contacted TechCrunch because he was able to contact the owner of the archive. .
Schneier on Security
SEPTEMBER 6, 2019
Many GPS trackers are shipped with the default password 123456. Many users don't change them. We just need to eliminate default passwords. This is an easy win.
Adam Levin
AUGUST 31, 2019
Researchers at Google announced the discovery of a hacking campaign that used hacked websites to deliver malware to iPhones. Project Zero, Google’s security research team, discovered fourteen previously unknown vulnerabilities, called zero day exploits, that were capable of compromising iPhones. Further research revealed a small collection of hacked websites capable of delivering malware to iPhone users visiting those sites.
Thales Cloud Protection & Licensing
SEPTEMBER 4, 2019
The weeklong “hacker summer camp” of the combined Black Hat and DefCon drew over 22,000 attendees to Las Vegas last month. Overall, we continue to think the security industry is still ripe for commoditization, especially from the cloud providers who have the capacity to simply offer features as a default. Last year we thought we saw evidence that security vendors were consolidating and on the cusp of providing higher order services to meet this threat, but we didn’t see much evidence of that str
Advertisement
Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.
Security Affairs
SEPTEMBER 2, 2019
Akamai researcher Larry Cashdollar reported that a cryptocurrency miner that previously hit only Arm-powered IoT devices it now targeting Intel systems. The popular researcher Larry Cashdollar, from Akamai SIRT, announced in exclusive to The Register, that he observed a miner that previously hit only Arm-powered IoT devices targeting Intel systems. The researchers revealed that one of his honeypots was hit by this IoT malware that targets Intel machines running Linux. “I suspect it’s proba
Daniel Miessler
AUGUST 31, 2019
I’ve written before about the paradox of hiring managers not being able to find entry-level cybersecurity candidates, while many people with decent training or even degrees in the field cannot get hired. As it turns out, it’s not really that hard to explain. The Military takes you from zero to hero. In extremely large and long-term-focused organizations—like the Military—this gap is understood, so they spend time building extensive, standardized programs that can take any
Dark Reading
SEPTEMBER 6, 2019
APT3 quietly monitored an NSA attack on its systems and used the information to build a weapon of its own.
Thales Cloud Protection & Licensing
SEPTEMBER 5, 2019
In responding to ever-evolving threats and opportunities, enterprises today must embrace constant motion – a continuous cycle of responding to change and keeping one eye on what’s to come. This underpins the digital transformation imperative most of them face today, and the huge responsibility that rests on the shoulders of the CIO. With many of these transformations, it is not just the premise of keeping up that drives the huge levels of investment we see organisations making – but also the pro
Advertisement
Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.
Security Affairs
SEPTEMBER 4, 2019
Zero-day broker Zerodium has updated the price list for both Android and iOS exploits, with Android ones having surpassed the iOS ones for the first time. For the first time, the price for Android exploits is higher than the iOS ones, this is what has emerged from the updated price list published by the zero-day broker Zerodium. Announcement: We've updated our prices for major Mobile exploits.
Daniel Miessler
SEPTEMBER 2, 2019
This is UL Member Content Subscribe Already a member? Login No related posts.
Dark Reading
SEPTEMBER 5, 2019
It's still unclear who owned the server storing hundreds of millions of records online without a password.
Threatpost
SEPTEMBER 4, 2019
Cybercrooks successfully fooled a company into a large wire transfer using an AI-powered deep fake of a chief executive's voice, according to a report.
Advertisement
How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.
Security Affairs
SEPTEMBER 3, 2019
Criminals have stolen more than €1.5 million from the German bank OLB by cloning customer debit cards and using them to cash out user funds across Brazil. ZDnet first reported that last week cyber criminals have stolen more than €1.5 million from the German bank Oldenburgische Landesbank (OLB) by cloning customer debit cards and using them to cash out user funds across Brazil.
WIRED Threat Level
SEPTEMBER 3, 2019
A newly disclosed vulnerability in Supermicro hardware brings the threat of malicious USBs to corporate servers.
Dark Reading
SEPTEMBER 3, 2019
Scammers leveraged artificial intelligence software to mimic the voice of a chief executive and successfully request $243,000.
Threatpost
SEPTEMBER 5, 2019
Server lacked password protection and included multiple databases with records from the U.S., U.K. and Vietnam.
Advertisement
After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!
Security Affairs
SEPTEMBER 2, 2019
Journalists revealed the role of a mole recruited by the Dutch intelligence in the US-Israeli Stuxnet attack on the Natanz plant in Iran. The story of the Stuxnet attack is still one of the most intriguing case of modern information warfare. The virus was developed by the US and Israel to interfere with the nuclear enrichment program conducted by Iran in the plant of Natanz.
WIRED Threat Level
SEPTEMBER 5, 2019
By releasing its homegrown differential privacy tool, Google will make it easier for any company to boost its privacy bona fides.
Dark Reading
SEPTEMBER 4, 2019
Cybercriminals targeting financial institutions in the UK bypassed Symantec email gateway and other perimeter technologies.
Threatpost
SEPTEMBER 5, 2019
After being hit by a ransomware attack, Massachusetts city New Bedford faced a payout demand of more than $5 million - one of the latest known ransoms ever.
Advertiser: Revenera
In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.
Expert insights. Personalized for you.
274 
Let's personalize your content