Schneier on Security

FEBRUARY 20, 2018

It's not a great solution, but it's : The process of using postcards containing a specific code will be required for advertising that mentions a specific candidate running for a federal office, Katie Harbath, Facebook's global director of policy programs, said. The requirement will not apply to issue-based political ads, she said. "If you run an ad mentioning a candidate, we are going to mail you a postcard and you will have to use that code to prove you are in the United States," Harbath said a

Advertising 146

Advertising 146

Troy Hunt

FEBRUARY 23, 2018

Every now and then, I look at one of the videos I've just recorded and only realise then how tired I look. This was one of those weeks and it was absolutely jam-packed! There was some awesome stuff and there was some very frustrating stuff. Let me add briefly to the latter here: The joy of participating in online communities is that we have these melting pots of diverse backgrounds and ideas all coming together in the one place.

Data breaches 128

Data breaches Passwords Hacking 128

WIRED Threat Level

FEBRUARY 23, 2018

Paul Manafort’s longtime deputy is cooperating with the special prosecutor, so we may soon have answers to these questions hovering around the Russia investigation.

111

111

Thales Cloud Protection & Licensing

FEBRUARY 21, 2018

Sixty-four percent of the more than 1,200 senior security executives from around the world, whom we surveyed for the 2018 Thales Data Threat Report (DTR), believe artificial intelligence (AI) “increases data security by recognizing and alerting on attacks,” while 43% believe AI “results in increased threats due to use as a hacking tool.”. They’re both right.

Artificial Intelligence 89

Artificial Intelligence Big data Government Technology 89

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Schneier on Security

FEBRUARY 23, 2018

I joined a letter supporting the Secure Elections Act (S. 2261): The Secure Elections Act strikes a careful balance between state and federal action to secure American voting systems. The measure authorizes appropriation of grants to the states to take important and time-sensitive actions, including: Replacing insecure paperless voting systems with new equipment that will process a paper ballot; Implementing post-election audits of paper ballots or records to verify electronic tallies; Conductin

Accountability 135

Accountability Risk Cybersecurity 135

Dark Reading

FEBRUARY 23, 2018

With threats featuring everything from nation-states to sleep states, the sessions taking place from March 20-23 in Singapore are relevant to security experts around the world.

73

73

eSecurity Planet

FEBRUARY 20, 2018

Intrusion detection and prevention systems spot hackers as they attempt to breach a network. We review eight of the top IDPS appliances to help you choose.

63

63

Schneier on Security

FEBRUARY 21, 2018

Researchers have discovered new variants of Spectre and Meltdown. The software mitigations for Spectre and Meltdown seem to block these variants, although the eventual CPU fixes will have to be expanded to account for these new attacks.

Accountability 135

Accountability Software Malware 135

Threatpost

FEBRUARY 22, 2018

A security researcher found Coinhive code hidden on a Los Angeles Times’ webpage that was secretly using visitors’ devices to mine cryptocurrency.

Cryptocurrency 63

Cryptocurrency Malware 63

WIRED Threat Level

FEBRUARY 22, 2018

For over a decade, US Customs and Border Patrol has been unable to verify the cryptographic signatures on e-Passports, because they never installed the right software.

Software 103

Software 103

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

Dark Reading

FEBRUARY 21, 2018

Cryptominers have emerged as a major threat to organizations worldwide. Here are seven you cannot afford to ignore.

71

71

Schneier on Security

FEBRUARY 19, 2018

Interesting history of the security of walls: Dún Aonghasa presents early evidence of the same principles of redundant security measures at work in 13th century castles, 17th century star-shaped artillery fortifications, and even "defense in depth" security architecture promoted today by the National Institute of Standards and Technology , the Nuclear Regulatory Commission , and countless other security organizations world-wide.

Architecture 132

Architecture Technology 132

Threatpost

FEBRUARY 21, 2018

Google Project Zero researchers are warning of two critical remote code vulnerabilities in popular versions of uTorrent's web-based BitTorrent client and its uTorrent Classic desktop client.

DNS 56

DNS Hacking 56

WIRED Threat Level

FEBRUARY 20, 2018

The cast of characters revealed in the special counsel's epic indictment is drawn from the overlapping circles of oligarchs, spooks, and mob figures.

108

108

Advertisement

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

Healthcare

eSecurity Planet

FEBRUARY 20, 2018

We review Trend Micro's intrusion prevention solution, which blocks malicious traffic at up to 120 Gbps while providing comprehensive threat intelligence.

58

58

Schneier on Security

FEBRUARY 22, 2018

People harassing women by delivering anonymous packages purchased from Amazon. On the one hand, there is nothing new here. This could have happened decades ago, pre-Internet. But the Internet makes this easier, and the article points out that using prepaid gift cards makes this anonymous. I am curious how much these differences make a difference in kind, and what can be done about it.

Internet 121

Internet Internet 121

Dark Reading

FEBRUARY 21, 2018

There's a hazard that comes with introducing any new element into patient care whether it's a new drug or a connected device. These four steps will help keep patients safe.

Healthcare 53

Healthcare IoT 53

WIRED Threat Level

FEBRUARY 23, 2018

Facebook is locking users out of their accounts until they download antivirus software that sometimes doesn't even work on their computers.

Antivirus 107

Antivirus Malware Accountability Software 107

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

Cybersecurity

Threatpost

FEBRUARY 20, 2018

Researchers are warning users about the Coldroot remote access Trojan that is going undetected by AV engines and targets MacOS computers.

Engineering 57

Engineering Malware 57

eSecurity Planet

FEBRUARY 21, 2018

A look at the strengths and weaknesses of ArcSight and IBM QRadar, two leading SIEM solutions.

65

65

Dark Reading

FEBRUARY 22, 2018

How cyber vulnerabilities on sensors can lead to production outage and financial loss.

IoT 77

IoT 77

WIRED Threat Level

FEBRUARY 20, 2018

Security researcher at FireEye break down the arsenal of APT37, a North Korean hacker team coming into focus as a rising threat.

98

98

Advertisement

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

Cybersecurity

Threatpost

FEBRUARY 23, 2018

Drupal has patched several vulnerabilities – both moderately critical and critical – in two versions of its content management system platform.

52

52

eSecurity Planet

FEBRUARY 23, 2018

How to conduct a data protection impact assessment (DPIA) and why it is critical for GDPR compliance.

57

57

Dark Reading

FEBRUARY 22, 2018

Cybersecurity today is more than an IT issue. It's a product quality issue, a customer service issue, an operational issue, and an executive issue. Here's why.

Cybersecurity 51

Cybersecurity 51

WIRED Threat Level

FEBRUARY 17, 2018

The most chilling aspect of that blockbuster Mueller indictment? The bureaucracy behind Russia's onslaught.

Internet 101

Internet Internet 101

Speaker: Erika R. Bales, Esq.

When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.

Threatpost

FEBRUARY 20, 2018

Developer Flight Sim Labs is in hot water after acknowledging that it has installed malware in its flight simulator product that it said targets pirate users of its software.

Malware 43

Malware Software Passwords 43

Spinone

FEBRUARY 23, 2018

Google Workspace (formerly G Suite) is a vital part of many companies’ workflow. Every company needs to have a clear picture of how their data is accessed, shared (including sharing outside/in violation of policies), and protected from digital threats. Using CASB is a way to address these issues. But what, exactly, is Google Workspace CASB, […] The post Google Workspace Data Protection for Enterprise and Education first appeared on SpinOne.

Education 40

Education 40

Dark Reading

FEBRUARY 22, 2018

New agency guidance statement also says company officials, execs can't trade stocks if they have unannounced information on a security breach at the company.

Risk 51

Risk Cybersecurity 51

WIRED Threat Level

FEBRUARY 20, 2018

The recent rash of cryptojacking attacks has hit a Tesla database that contained potentially sensitive information.

Cryptocurrency 91

Cryptocurrency 91

Speaker: William Hord, Vice President of ERM Services

A well-defined change management process is critical to minimizing the impact that change has on your organization. Leveraging the data that your ERM program already contains is an effective way to help create and manage the overall change management process within your organization. Your ERM program generally assesses and maintains detailed information related to strategy, operations, and the remediation plans needed to mitigate the impact on the organization.

Risk