Expert insights. Personalized for you.
We are often told how particular threats were the responsibility of a certain nation-state, and that there was difference between those nations and cybercriminals. MORE
IAM Definition. Identity and access management (IAM) in enterprise IT is about defining and managing the roles and access privileges of individual network entities (users and devices) to a variety of cloud and on-premises applications. MORE
An Indian security researcher has publicly published a proof-of-concept (PoC) exploit code for a newly discovered flaw impacting Google Chrome and other Chromium-based browsers like Microsoft Edge, Opera, and Brave. MORE
106 With APIs predicted to be the most common attack vector by 2022, an API-first security strategy is critical now more than ever MORE
113 
The FBI arrested a man for allegedly planning a bomb attack against Amazon Web Services (AWS) to kill about 70% of the internet. MORE
A bunch of people recently asked me about Robert Reichel’s post “ How We Threat Model ,” and I wanted to use it to pick up on Threat Model Thursdays, where I talk about process and practices. My goal is always to build, and sometimes that involves criticism. MORE
100 
Microsoft released as open-source the ‘CyberBattleSim Python-based toolkit which is an Enterprise Environment Simulator. Microsoft has recently announced the open-source availability of the Python-based enterprise environment simulator. named ‘CyberBattleSim.’ MORE
More than 500,000 Huawei users have been infected with the Joker malware after downloading apps from the company’s official Android store. More than 500,000 Huawei users were infected with the Joker malware after they have downloaded tainted apps from the company’s official Android store. MORE
Zero trust is a good cybersecurity platform, but experts suggest care to get it right and not disenfranchise users MORE
167 
A new campaign abuses legitimate website contact forms to send URLs that ultimately deliver the IcedID banking Trojan MORE
Machine learning adoption exploded over the past decade, driven in part by the rise of cloud computing, which has made high performance computing and storage more accessible to all businesses. MORE
An SQL database containing the personal data of 1.3 million Clubhouse users was leaked online for free, a few days after LinkedIn and Facebook suffered similar leaks. Researchers from Cyber News have discovered that the personal data of 1.3 MORE
Microsoft today released updates to plug at least 110 security holes in its Windows operating systems and other products. MORE
I get this question a lot: Can distributed/remote training work as well as in person? Especially for threat modeling, where there’s a strong expectation that training involves whiteboards. (I I remember one course in particular, about 15 minutes in, the buyer said: “Let’s get to the whiteboards already!”). ”). And there’s no doubt: people learn by doing. MORE
100 
Someone is selling account information for 21 million customers of ParkMobile , a mobile parking app that’s popular in North America. The stolen data includes customer email addresses, dates of birth, phone numbers, license plate numbers, hashed passwords and mailing addresses. MORE
The second Tuesday of April has been christened “ Identity Management Day ” by the Identity Defined Security Alliance, a trade group that provides free, vendor-neutral cybersecurity resources to businesses. Related: The role of facial recognition. Today, indeed, is a good a time as any to raise awareness about cyber exposures that can result from casually or improperly managing and securing digital identities. MORE
The office of the Director of National Intelligence released its “ Annual Threat Assessment of the U.S. Intelligence Community.” ” Cybersecurity is covered on pages 20-21. Nothing surprising: Cyber threats from nation states and their surrogates will remain acute. MORE
Disclaimer, this was a bit of fun with consent. But there are some worthwhile things to bear in mind. If you’re predictable, then criminals can take advantage of that. MORE
In January, we learned about a Chinese espionage campaign that exploited four zero-days in Microsoft Exchange. MORE
192 COVID-19 has impacted everything over the past year, and mobile app security is no exception. The Synopsys Cybersecurity Research Center (CyRC) took an in-depth look at application security, and discovered just how vulnerable apps that use open source code really are. MORE
One thing I did not expect to see in 2021 is a lot of people complaining about how difficult their SIEM is to operate. Let’s explore this topic for the (n+1)-th time. And let me tell you … that “n” is pretty damn large since my first involvement with SIEM in January 2002 (!)?—? MORE
This is a current list of where and when I am scheduled to speak: I’m keynoting the (all-virtual) RSA Conference 2021 , May 17-20, 2021. I’m keynoting the 5th International Symposium on Cyber Security Cryptology and Machine Learning (via Zoom), July 8-9, 2021. MORE
137 
Adam Levin spoke with NPR about the recent data archive of over 500 million Facebook accounts found on a hacking forum. “It’s serious when phone numbers are out there. The danger when you have phone numbers in particular is a universal identifier,” said Levin. Read the article here. MORE
From remote work and social media to ergonomics and encryption, TechRepublic has dozens of ready-made, downloadable IT policy templates MORE
News : President Biden announced key cybersecurity leadership nominations Monday, proposing Jen Easterly as the next head of the Cybersecurity and Infrastructure Security Agency and John “Chris” Inglis as the first ever national cyber director (NCD). MORE
166 
The cybersecurity poverty line is a term that can help companies understand security gaps and build better awareness. Learn more about it and how it applies to your organization MORE
154 
"What a s**t week". I stand by that statement in the opening couple of minutes of the video and I write this now at midday on Saturday after literally falling asleep on the couch. The Facebook incident just dominated; everything from processing data to writing code to dozens of media interviews. MORE
Researchers build a model to attribute attacks to specific groups based on tactics, techniques and procedures, and then figure out their next move MORE
109 
This post has been brewing for a while, but the catalyst finally came after someone (I'll refer to him as Jimmy) recently emailed me regarding the LOQBOX data breach from 2020. MORE
Google’s Project Zero discovered , and caused to be patched, eleven zero-day exploits against Chrome, Safari, Microsoft Windows, and iOS. MORE
Another month, another national government to bring onto Have I Been Pwned. This time it's the Ukrainian National Cybersecurity Coordination Center who now has access to monitor all their government domains via API domain search, free of charge. MORE
On Monday, the Department of Justice announced that it had cleaned malware (“webshells”) off of hundreds of infected mail systems running Microsoft Exchange. Microsoft has been trying to get folks to apply critical security patches to address a problem that’s being actively exploited. A few minutes ago, I posted a screencapture of Microsoft’s autoupdater going haywire on my Mac. The two stories are intimately related to people not wanting to roll patches. MORE
Unknown hackers attempted to add a backdoor to the PHP source code. It was two malicious commits , with the subject “fix typo” and the names of known PHP developers and maintainers. They were discovered and removed before being pushed out to any users. MORE
This is the second month running that MSAU2 on my Mac has gone haywire. Please fix it. microsoft MORE
130 Schneier on Security
APRIL 15, 2021
The office of the Director of National Intelligence released its “ Annual Threat Assessment of the U.S. Intelligence Community.” ” Cybersecurity is covered on pages 20-21. Nothing surprising: Cyber threats from nation states and their surrogates will remain acute.
Troy Hunt
APRIL 12, 2021
This post has been brewing for a while, but the catalyst finally came after someone (I'll refer to him as Jimmy) recently emailed me regarding the LOQBOX data breach from 2020.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Troy Hunt
APRIL 8, 2021
Another month, another national government to bring onto Have I Been Pwned. This time it's the Ukrainian National Cybersecurity Coordination Center who now has access to monitor all their government domains via API domain search, free of charge.
Schneier on Security
APRIL 9, 2021
Unknown hackers attempted to add a backdoor to the PHP source code. It was two malicious commits , with the subject “fix typo” and the names of known PHP developers and maintainers. They were discovered and removed before being pushed out to any users.
.jpg)
Krebs on Security
APRIL 12, 2021
Someone is selling account information for 21 million customers of ParkMobile , a mobile parking app that’s popular in North America. The stolen data includes customer email addresses, dates of birth, phone numbers, license plate numbers, hashed passwords and mailing addresses.
Adam Levin
APRIL 9, 2021
Adam Levin spoke with NPR about the recent data archive of over 500 million Facebook accounts found on a hacking forum. “It’s serious when phone numbers are out there. The danger when you have phone numbers in particular is a universal identifier,” said Levin. Read the article here.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
Schneier on Security
APRIL 14, 2021
In January, we learned about a Chinese espionage campaign that exploited four zero-days in Microsoft Exchange.
Krebs on Security
APRIL 13, 2021
Microsoft today released updates to plug at least 110 security holes in its Windows operating systems and other products.
Adam Shostack
APRIL 14, 2021
This is the second month running that MSAU2 on my Mac has gone haywire. Please fix it. microsoft
Javvad Malik
APRIL 9, 2021
Disclaimer, this was a bit of fun with consent. But there are some worthwhile things to bear in mind. If you’re predictable, then criminals can take advantage of that.
Troy Hunt
APRIL 9, 2021
"What a s**t week". I stand by that statement in the opening couple of minutes of the video and I write this now at midday on Saturday after literally falling asleep on the couch. The Facebook incident just dominated; everything from processing data to writing code to dozens of media interviews.
Schneier on Security
APRIL 8, 2021
Google’s Project Zero discovered , and caused to be patched, eleven zero-day exploits against Chrome, Safari, Microsoft Windows, and iOS.
The Last Watchdog
APRIL 13, 2021
The second Tuesday of April has been christened “ Identity Management Day ” by the Identity Defined Security Alliance, a trade group that provides free, vendor-neutral cybersecurity resources to businesses. Related: The role of facial recognition. Today, indeed, is a good a time as any to raise awareness about cyber exposures that can result from casually or improperly managing and securing digital identities.
Anton on Security
APRIL 9, 2021
One thing I did not expect to see in 2021 is a lot of people complaining about how difficult their SIEM is to operate. Let’s explore this topic for the (n+1)-th time. And let me tell you … that “n” is pretty damn large since my first involvement with SIEM in January 2002 (!)?—?
Adam Shostack
APRIL 15, 2021
A bunch of people recently asked me about Robert Reichel’s post “ How We Threat Model ,” and I wanted to use it to pick up on Threat Model Thursdays, where I talk about process and practices. My goal is always to build, and sometimes that involves criticism.
Dark Reading
APRIL 13, 2021
With APIs predicted to be the most common attack vector by 2022, an API-first security strategy is critical now more than ever
CSO Magazine
APRIL 12, 2021
Machine learning adoption exploded over the past decade, driven in part by the rise of cloud computing, which has made high performance computing and storage more accessible to all businesses.
Security Affairs
APRIL 11, 2021
More than 500,000 Huawei users have been infected with the Joker malware after downloading apps from the company’s official Android store. More than 500,000 Huawei users were infected with the Joker malware after they have downloaded tainted apps from the company’s official Android store.
Security Boulevard
APRIL 13, 2021
COVID-19 has impacted everything over the past year, and mobile app security is no exception. The Synopsys Cybersecurity Research Center (CyRC) took an in-depth look at application security, and discovered just how vulnerable apps that use open source code really are.
Tech Republic Security
APRIL 14, 2021
From remote work and social media to ergonomics and encryption, TechRepublic has dozens of ready-made, downloadable IT policy templates
Schneier on Security
APRIL 13, 2021
News : President Biden announced key cybersecurity leadership nominations Monday, proposing Jen Easterly as the next head of the Cybersecurity and Infrastructure Security Agency and John “Chris” Inglis as the first ever national cyber director (NCD).
Dark Reading
APRIL 12, 2021
A new campaign abuses legitimate website contact forms to send URLs that ultimately deliver the IcedID banking Trojan
Security Affairs
APRIL 11, 2021
An SQL database containing the personal data of 1.3 million Clubhouse users was leaked online for free, a few days after LinkedIn and Facebook suffered similar leaks. Researchers from Cyber News have discovered that the personal data of 1.3
Adam Shostack
APRIL 14, 2021
On Monday, the Department of Justice announced that it had cleaned malware (“webshells”) off of hundreds of infected mail systems running Microsoft Exchange. Microsoft has been trying to get folks to apply critical security patches to address a problem that’s being actively exploited. A few minutes ago, I posted a screencapture of Microsoft’s autoupdater going haywire on my Mac. The two stories are intimately related to people not wanting to roll patches.
Tech Republic Security
APRIL 12, 2021
The cybersecurity poverty line is a term that can help companies understand security gaps and build better awareness. Learn more about it and how it applies to your organization
Schneier on Security
APRIL 14, 2021
This is a current list of where and when I am scheduled to speak: I’m keynoting the (all-virtual) RSA Conference 2021 , May 17-20, 2021. I’m keynoting the 5th International Symposium on Cyber Security Cryptology and Machine Learning (via Zoom), July 8-9, 2021.
Dark Reading
APRIL 12, 2021
Researchers build a model to attribute attacks to specific groups based on tactics, techniques and procedures, and then figure out their next move
The Hacker News
APRIL 12, 2021
An Indian security researcher has publicly published a proof-of-concept (PoC) exploit code for a newly discovered flaw impacting Google Chrome and other Chromium-based browsers like Microsoft Edge, Opera, and Brave.
Security Affairs
APRIL 10, 2021
The FBI arrested a man for allegedly planning a bomb attack against Amazon Web Services (AWS) to kill about 70% of the internet.
Tech Republic Security
APRIL 8, 2021
Zero trust is a good cybersecurity platform, but experts suggest care to get it right and not disenfranchise users
Security Boulevard
APRIL 11, 2021
We are often told how particular threats were the responsibility of a certain nation-state, and that there was difference between those nations and cybercriminals.
CSO Magazine
APRIL 8, 2021
IAM Definition. Identity and access management (IAM) in enterprise IT is about defining and managing the roles and access privileges of individual network entities (users and devices) to a variety of cloud and on-premises applications.
Adam Shostack
APRIL 13, 2021
I get this question a lot: Can distributed/remote training work as well as in person? Especially for threat modeling, where there’s a strong expectation that training involves whiteboards. (I I remember one course in particular, about 15 minutes in, the buyer said: “Let’s get to the whiteboards already!”). ”). And there’s no doubt: people learn by doing.
Security Affairs
APRIL 12, 2021
Microsoft released as open-source the ‘CyberBattleSim Python-based toolkit which is an Enterprise Environment Simulator. Microsoft has recently announced the open-source availability of the Python-based enterprise environment simulator. named ‘CyberBattleSim.’
Let's personalize your content