Schneier on Security
JULY 24, 2019
Yesterday, Attorney General William Barr gave a major speech on encryption policy -- what is commonly known as "going dark." Speaking at Fordham University in New York, he admitted that adding backdoors decreases security but that it is worth it. Some hold this view dogmatically, claiming that it is technologically impossible to provide lawful access without weakening security against unlawful access.
Krebs on Security
JULY 25, 2019
Much has been written about the need to further secure our elections, from ensuring the integrity of voting machines to combating fake news. But according to a report quietly issued by a California grand jury this week, more attention needs to be paid to securing social media and email accounts used by election officials at the state and local level.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Troy Hunt
JULY 26, 2019
What. A. Week. I've been in San Fran meeting with a whole bunch of potential purchasers for HIBP and it's been. intense. Daunting. Exciting. It's actually an amazing feeling to see my "little" project come to this where I'm sitting in a room with some of the most awesome tech companies whilst flanked by bankers in suits. I try and give a bit of insight into that in this week's video, keeping in mind of course that I'm a bit limited by how much detail I can go into right now.
Adam Levin
JULY 25, 2019
The U.S. National Security Agency announced the formation of a new Cybersecurity Directorate earlier this week. Effective October 1, the directorate’a mission is will be the creation of a “major organization that unifies NSA’s foreign intelligence and cyber defense missions,” according to the agency’s website. It will be led by Anne Neuberger, the former NSA deputy director of operations and lead of the Russia Small Group.
Advertisement
How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.
Schneier on Security
JULY 22, 2019
More nation-state activity in cyberspace, this time from Russia : Per the different reports in Russian media, the files indicate that SyTech had worked since 2009 on a multitude of projects since 2009 for FSB unit 71330 and for fellow contractor Quantum. Projects include: Nautilus -- a project for collecting data about social media users (such as Facebook, MySpace, and LinkedIn).
Adam Shostack
JULY 20, 2019
Today is the 50th Anniversary of “One small step for a man, one giant leap for mankind.” It’s an event worth celebrating, in the same way we celebrate Yuri’s Night. The holy days — the holidays — that we celebrate say a great deal about us. They shape who we are. The controversies that emerge when we try to add (Martin Luther King) or remove a holiday (Columbus Day) are controversies because they express who we are, and how that could be changing.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
Adam Levin
JULY 22, 2019
Equifax has reached a settlement for the 2017 data breach that exposed the Social Security numbers and personal information of nearly 150 million people. The proposed deal with the U.S. Consumer Financial Protection Bureau (CFPB), the Federal Trade Commission and attorneys representing 48 states would cost the company a maximum of $700 million and would bring to a close several investigations as well as settle all class action lawsuits against the company. . $175 million of the proposed fine wou
Schneier on Security
JULY 24, 2019
According to a survey : "68% of the security professionals surveyed believe it's a programmer's job to write secure code, but they also think less than half of developers can spot security holes." And that's a problem. Nearly half of security pros surveyed, 49%, said they struggle to get developers to make remediation of vulnerabilities a priority. Worse still, 68% of security professionals feel fewer than half of developers can spot security vulnerabilities later in the life cycle.
Adam Shostack
JULY 26, 2019
There was a really interesting paper at the Workshop on the Economics of Information Security. The paper is “ Valuing CyberSecurity Research Datasets.” The paper focuses on the value of the IMPACT data sharing platform at DHS, and how the availability of data shapes the research that’s done. On its way to that valuation, a very useful contribution of the paper is the analysis of types of research data which exist, and the purposes for which it can be used: Note that there has b
Security Affairs
JULY 20, 2019
SyTech , a contractor for the Federal Security Service of the Russian Federation (FSB) has been hacked, attackers stole data about interna l projects. Attackers have hacked SyTech, a contractor for the Federal Security Service of the Russian Federation (FSB), and exfiltrated data about interna l projects. According to the Russian media, SyTech has been working with FSB since 2009, in particular, they contributed to several projects for FSB unit 71330 and for fellow contractor Quantum.
Advertiser: Revenera
In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.
Adam Levin
JULY 24, 2019
If ever the shrug emoji belonged in a blog post, today is the day. The tech giant reached a $5 billion settlement for misrepresenting the way it handles user privacy, the SEC fined it $100 million for lying to investors about the risks associated with the misuse user information, and, still later in the day, Facebook admitted that it was the target of an FTC anti-trust investigation.
Schneier on Security
JULY 23, 2019
The French army is going to put together a team of science fiction writers to help imagine future threats. Leaving aside the question of whether science fiction writers are better or worse at envisioning nonfictional futures, this isn't new. The US Department of Homeland Security did the same thing over a decade ago, and I wrote about it back then: A couple of years ago, the Department of Homeland Security hired a bunch of science fiction writers to come in for a day and think of ways terrorists
Dark Reading
JULY 23, 2019
Six steps for creating a work environment that challenges, stimulates, rewards, and constantly engages employees fighting the good fight against cybercriminals.
Security Affairs
JULY 25, 2019
A new wave of cyber attacks carried out by a China-linked APT group hit German blue-chip companies BASF, Siemens, Henkel and others. On Wednesday, German blue-chip companies BASF, Siemens, Henkel along with a host of others confirmed they had been targeted by a wave of cyber attacks. German media reported that the cyber attacks were launched by China-linked cyberespionage group.
Advertisement
The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.
Threatpost
JULY 23, 2019
A Spearphone attacker can use the accelerometer in LG and Samsung phones to remotely eavesdrop on any audio that's played on speakerphone, including calls, music and voice assistant responses.
Schneier on Security
JULY 26, 2019
Add to the "not very smart criminals" file : According to court documents, Tinley provided software services for Siemens' Monroeville, PA offices for nearly ten years. Among the work he was asked to perform was the creation of spreadsheets that the company was using to manage equipment orders. The spreadsheets included custom scripts that would update the content of the file based on current orders stored in other, remote documents, allowing the company to automate inventory and order management
Dark Reading
JULY 24, 2019
DEF CON's Voting Village and AI Village team up with r00tz Asylum to let kids explore simulated campaign financial disclosure portals and disinformation campaigns.
Security Affairs
JULY 26, 2019
LibreOffice users have to know that their unpatched computers could be hacked by simply opening a specially crafted document. Bad news for LibreOffice users, the popular free and open-source office suite is affected by an unpatched remote code execution vulnerability. Recently, LibreOffice released the latest version 6.2.5 that addresses two severe flaws tracked as CVE-2019-9848 and CVE-2019-9849.
Speaker: Blackberry, OSS Consultants, & Revenera
Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?
WIRED Threat Level
JULY 21, 2019
For all the attention on sophisticated nation-state attacks, the malware that’s most likely to hit your phone is much more mundane.
Threatpost
JULY 23, 2019
A patch does not yet exist for a critical buffer overflow vulnerability in VLC Media Player that could enable remote code execution.
Dark Reading
JULY 22, 2019
In the wake of recent fines levied against British Airways, Marriott, and Facebook, companies are starting to take data privacy and security more seriously.
Security Affairs
JULY 23, 2019
ESET researchers reported that China-linked cyberespionage group APT15 has been using a previously undocumented backdoor for more than two years. Security researchers at ESET reported that China-linked threat actor APT15 (aka Ke3chang , Mirage , Vixen Panda , Royal APT and Playful Dragon) has been using a previously undocumented backdoor for more than two years.
Advertisement
Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.
The Last Watchdog
JULY 22, 2019
WIRED Threat Level
JULY 26, 2019
A settlement with the FTC means Equifax will pay victims of its breach $125 or more. Make sure it pay ups.
Dark Reading
JULY 22, 2019
In a settlement with the FTC, consumers affected by the breach are eligible for up to $20,000 in a cash settlement, depending on damages they can prove.
Security Affairs
JULY 21, 2019
Hackers breached at least 62 college and university networks exploiting a flaw in Ellucian Banner Web Tailor, a module of the Ellucian Banner ERP. US Department of Education warned that hackers have breached at least 62 college and university networks by exploiting a vulnerability in the Ellucian Banner Web Tailor module of the Ellucian Banner ERP. The module is used by colleges and universities to customize their web applications.
Speaker: Erika R. Bales, Esq.
When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.
Threatpost
JULY 24, 2019
In the second of a two part series discussing recent ransomware attacks against municipalities, Shawn Taylor with Forescout talks about how cities can protect themselves.
WIRED Threat Level
JULY 23, 2019
Robert Mueller will testify before Congress Wednesday in two separate hearings. You can watch it right here, but first make sure to manage your expectations.
Dark Reading
JULY 26, 2019
Data leaks from business logic flaws are not well understood and difficult to identify before they reach production environments. Here's how to find and prevent them.
Security Affairs
JULY 21, 2019
Security experts at Emsisoft released a second decryptor in a few days, this time announced a free decryptor for the ZeroFucks ransomware. A few days ago, the experts at Emsisoft released a free decryptor for the Ims00rry ransomware , now the malware team announced the released of a decryptor for the ZeroFucks ransomware. Victims of the ZeroFucks ransomware don’t have to pay the ransom, they only need to download the decryptor form the link below: Download the ZeroFucks Decryptor Here.
Speaker: William Hord, Vice President of ERM Services
A well-defined change management process is critical to minimizing the impact that change has on your organization. Leveraging the data that your ERM program already contains is an effective way to help create and manage the overall change management process within your organization. Your ERM program generally assesses and maintains detailed information related to strategy, operations, and the remediation plans needed to mitigate the impact on the organization.
Expert insights. Personalized for you.
264 
Let's personalize your content