Adam Shostack

JANUARY 2, 2025

It starts: Recently, I was at a private event on security by design. My latest at Dark Reading draws attention to how Microsoft can fix ransomware tomorrow. My latest article at Dark Reading is Microsoft Can Fix Ransomware Tomorrow.

Ransomware 246

Ransomware Encryption Software 246

Adam Shostack

JANUARY 2, 2025

A new paper on 'Pandemic Scale Cyber Events Josiah Dykstra and I have a new pre-print at Arxiv, Handling Pandemic-Scale Cyber Threats: Lessons from COVID-19. While the nature of these threats differs, the responses to COVID-19 illustrate valuable lessons that can guide preparation and response to cyber events.

Cyber threats 130

Cyber threats Government Cybersecurity 130

Joseph Steinberg

MARCH 24, 2025

In addition, Steinberg will discuss recent events, and explore how various government attempts to protect consumers have proven counterproductive worsening our collective cybersecurity posture instead of improving it and how governments can better keep us safe from cybercriminals.

Artificial Intelligence 130

Artificial Intelligence Cybersecurity Data breaches Government 130

Tech Republic Security

JULY 24, 2024

Remind employees to be wary of fake apps and too-good-to-be-true streaming options on the eve of the Games.

eCommerce 208

eCommerce Malware 208

Troy Hunt

MARCH 30, 2025

I've no doubt whatsoever this is a net-positive event that will do way more good than harm. I saw a lot of "if it can happen to Troy, it can happen to anyone" sort of commentary and whilst it feels a bit of obnoxious for me to be saying it that way, I appreciate the sentiment and the awareness it drives.

Phishing 209

Phishing Data breaches Scams 209

Schneier on Security

JUNE 14, 2024

The event will also be available via Zoom. I’m speaking at the TEDxBillings Democracy Event in Billings, Montana, USA, on July 19, 2024. I’m speaking on “Reimagining Democracy in the Age of AI” at the Bozeman Library in Bozeman, Montana, USA, July 18, 2024. The list is maintained on this page.

289

289

Penetration Testing

APRIL 6, 2025

A security researcher has recently disclosed technical details and proof-of-concept (PoC) exploit code for a vulnerability in the Linux kernel’s Performance Events system component. This flaw, identified as CVE-2023-6931, carries a CVSS score of 7.8, indicating a high severity risk.

Risk 111

Risk Cybersecurity 111

The Last Watchdog

NOVEMBER 12, 2024

Scott Kannry , CEO, Axio Kannry The SEC is serious about companies disclosing the details of an event if it is relevant to investors. Jim Routh, Chief Trust Officer, Saviynt Routh These events represent a clear shift in the regulatory landscape. Want to stay out of trouble?

CISO 263

CISO CSO Risk Cyber threats 263

Schneier on Security

SEPTEMBER 14, 2024

The event runs from September 24 through 26, 2024, and my keynote is at 8:45 AM ET on the 24th. The event will be held on October 22 and 23, 2024, and my talk is at 9:15 AM ET on October 22, 2024. This is a current list of where and when I am scheduled to speak: I’m speaking at eCrime 2024 in Boston, Massachusetts, USA.

269

269

Security Affairs

NOVEMBER 11, 2024

Amazon and AWS systems remain secure, and we have not experienced a security event. We were notified about a security event at one of our property management vendors that impacted several of its customers including Amazon. Exposed data did not include Social Security numbers or financial information.

Data breaches 122

Data breaches Hacking Ransomware Technology 122

Adam Shostack

JANUARY 28, 2025

Building on our recent paper about pandemic-scale cyber events , we submitted 14 recommendations to further improve the plan. Our comments on the National Cyber Incident Plan Josiah Dykstra and I have some comments on the National Cyber Incident Response Plan updates.

Government 147

Government 147

Troy Hunt

FEBRUARY 25, 2025

Plus, I spent from then until now in Sydney at various meetings and events which was great, but didn't do a lot for my productivity. Yeah, so that didn't stop, and the stealer log processing and new feature building just absolutely swamped me.

170

170

Schneier on Security

JANUARY 8, 2024

The event is like that; the format results in a firehose of interesting. It’s a two-day event. This is important for an interdisciplinary event. The final piece of the workshop is the social events. And even though a shorter event would be easier to deal with, the numbers all fit together in a way that’s hard to change.

Technology 287

Technology 287

Joseph Steinberg

APRIL 7, 2025

And, of course, all versions of Cybersecurity For Dummies also help guide people to recovering in the event that their computers, phones, or information has already been compromised.

Cybersecurity 187

Cybersecurity Artificial Intelligence Backups Encryption 187

Security Affairs

OCTOBER 24, 2024

On day two of Pwn2Own Ireland 2024 , hackers demonstrated attacks against 51 zero-day vulnerabilities, earning a total of $358,625, prizes that we have sum to the $516,250 earned by participants on the first day of the event. ” reads the announcement published by ZDI.

Hacking 125

Hacking Information Security 125

Joseph Steinberg

DECEMBER 7, 2021

For more details, or to register for the event, please visit: [link]. Achieving this requires a structured approach and a positive cybersecurity culture that includes not just the IT team but everyone in the organization. What are the critical factors for cybersecurity success? What are the key challenges for security leaders now and beyond?

Artificial Intelligence 363

Artificial Intelligence Cybersecurity Technology 363

Security Affairs

OCTOBER 10, 2024

The Mongolian Skimmer captures final data entries using the beforeunload event, ensures cross-browser compatibility with various event-handling techniques, and employs anti-debugging tactics by monitoring formatting changes to detect and evade debugging attempts.

Data collection 123

Data collection Engineering Malware Hacking 123

Schneier on Security

JULY 14, 2024

The event will also be available via Zoom. I’m speaking at the TEDxBillings Democracy Event in Billings, Montana, USA, on July 19, 2024. The list is maintained on this page.

243

243

Schneier on Security

AUGUST 14, 2024

The event runs from September 24 through 26, 2024, and my keynote is on the 24th. This is a current list of where and when I am scheduled to speak: I’m speaking at eCrime 2024 in Boston, Massachusetts, USA. The list is maintained on this page.

278

278

Security Boulevard

DECEMBER 17, 2024

CrowdStrike and Salt Security have extended their alliance to make it simpler to feed application programming interface (API) security data directly into a security information event management (SIEM) platform. The post CrowdStrike Allies With Salt Security to Improve API Security appeared first on Security Boulevard.

Security Awareness 114

Security Awareness Cybersecurity 114

Adam Shostack

JANUARY 2, 2025

How should we think about the risk of a unique event? Note that this isnt a coin flip, where we can measure across many events, and use those flips to test our theories. In fact, as the book Against the Gods discusses, folks like Pascal and Fermat had an extended conversation about the interrupted game problem. Consider the Sky Crane.

Risk 130

Risk Insurance Engineering Marketing 130

Trend Micro

MARCH 4, 2025

Trend Micro Managed XDR assisted in an investigation of a B2B BEC attack that unveiled an entangled mesh weaved by the threat actor with the help of a compromised server, ensnaring three business partners in a scheme that spanned for days.

B2B 138

B2B Cyber threats 138

Schneier on Security

FEBRUARY 2, 2023

These days, dozens of teams from around the world compete in weekend-long marathon events held all over the world. In 2016, DARPA ran a similarly styled event for artificial intelligence (AI). There was a traditional human–team capture-the-flag event at DEFCON that same year. Inexplicably, DARPA never repeated the event.

Artificial Intelligence 314

Artificial Intelligence Technology Software Hacking 314

Security Affairs

OCTOBER 30, 2024

” FakeCall relies on the Monitoring Dialer Activity service to monitor events from the com.skt.prod.dialer package (the stock dialer app), potentially allowing it to detect when the user is attempting to make calls using apps other than the malware itself. Upon detecting specific events (e.g.,

Banking 128

Banking Malware Accountability Phishing 128

Krebs on Security

SEPTEMBER 18, 2024

Recently, these scammers have branched out into offering fake streaming services for nearly any kind of event advertised on Facebook. Apkdownloadweb has a Facebook page , which shows a number of “live video” teasers for sports events that have already happened, and says its domain is apkdownloadweb[.]com. net for DNS.

Scams 65

Scams DNS Internet Internet 65

Security Affairs

JANUARY 2, 2025

” DoubleClickjacking exploits timing differences between mousedown and onclick events to hijack user actions. “By exploiting the event timing between clicks, attackers can seamlessly swap out benign UI elements for sensitive ones in the blink of an eye. ” concludes the post.

Accountability 115

Accountability Authentication Hacking Information Security 115

Google Security

MARCH 7, 2025

Between these two events, our bug hunters were rewarded $370,000 (and plenty of swag). Follow the Google VRP channel on X to stay tuned on future events. This year, we had a heightened focus on Android Automotive OS and WearOS, bringing actual automotive devices to multiple live hacking events and conferences. for $50,000 .

Mobile 100

Mobile Hacking Engineering Technology 100

Schneier on Security

MAY 8, 2023

The DEF CON event will rely on an evaluation platform developed by Scale AI, a California company that produces training for AI applications. At DEF CON this year, Anthropic, Google, Hugging Face, Microsoft, NVIDIA, OpenAI and Stability AI will all open up their models for attack.

Hacking 275

Hacking Artificial Intelligence 275

Schneier on Security

APRIL 1, 2022

These techniques are not new, but they’re increasingly popular : …some forms of MFA are stronger than others, and recent events show that these weaker forms aren’t much of a hurdle for some hackers to clear.

Authentication 363

Authentication Hacking Passwords 363

Schneier on Security

DECEMBER 27, 2023

No passcode fallback is available in the event that the user is unable to complete Face ID or Touch ID authentication. For especially sensitive actions, including changing the password of the Apple ID account associated with the iPhone, the feature adds a security delay on top of biometric authentication.

Authentication 329

Authentication Passwords Accountability 329

Joseph Steinberg

JULY 23, 2024

During this webinar, you will learn how this global outage happened, what other security risks may be on the horizon, what lessons we can all learn from recent events, and what individuals, businesses, and governments can do to avoid similar disasters in the future.

Artificial Intelligence 286

Artificial Intelligence Cybersecurity Government Technology 286

Security Boulevard

NOVEMBER 12, 2024

Originating from the conference’s events located at the Las Vegas Convention Center ; and via the organizations YouTube channel. Authors/Presenters: Samy Kamkar Our sincere appreciation to DEF CON , and the Presenters/Authors for publishing their erudite DEF CON 32 content.

Education 104

Education Cybersecurity 104

Troy Hunt

SEPTEMBER 17, 2024

That she was able to do that and teach a room full of hundreds of technology professionals things they almost certainly hadn't seen before makes it all the more remarkable, and I'm very happy to now share the full video from that event in June with you all: If you watch nothing else in this video, fast forward through to the 55-minute mark (..)

Technology 299

Technology 299

Security Boulevard

JANUARY 17, 2025

Cohesity has extended its Cyber Event Response Team (CERT) service to include third-party providers of incident response platforms, including Palo Alto Networks Unit 42, Arctic Wolf, Sophos, Fenix24 and Semperis. The post Cohesity Extends Services Reach to Incident Response Platforms appeared first on Security Boulevard.

Cybersecurity 109

Cybersecurity 109

Schneier on Security

MAY 15, 2023

“Gaining the kind of control required to compromise a software build system is generally a non-trivial event that requires a great deal of skill and possibly some luck.” Consequently, MSI doesn’t provide the same kind of key revocation capabilities. Delivering a signed payload isn’t as easy as all that.

Software 299

Software Ransomware 299

Security Affairs

JANUARY 5, 2025

The backdoor can drop additional payloads, block input, clear event logs, wipe clipboard, delete browser data, and erase profiles for apps like Skype and Telegram. Google researchers provided event rules within Google Security Operations to dete ctPLAYFULGHOST activity.

Malware 127

Malware Encryption Phishing Hacking 127

Schneier on Security

JANUARY 12, 2022

Researchers have figured how how to intercept and fake an iPhone reboot: We’ll dissect the iOS system and show how it’s possible to alter a shutdown event, tricking a user that got infected into thinking that the phone has been powered off, but in fact, it’s still running.

Malware 355

Malware Software Hacking 355