Schneier on Security
NOVEMBER 16, 2020
Blockchain voting is a spectacularly dumb idea for a whole bunch of reasons. I have generally quoted Matt Blaze : Why is blockchain voting a dumb idea? Glad you asked. For starters: It doesn’t solve any problems civil elections actually have. It’s basically incompatible with “software independence”, considered an essential property.
Tech Republic Security
NOVEMBER 16, 2020
Implementing appropriate data privacy is critical for company operations and success. Learn some of the challenges and solutions recommended to do the job right.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
The Last Watchdog
NOVEMBER 16, 2020
Most of time we take for granted the degree to which fundamental components of civilization are steeped in mathematics. Everything from science and engineering to poetry and music rely on numeric calculations. Albert Einstein once observed that “pure mathematics is, in its way, the poetry of logical ideas.” Related: How Multi Party Computation is disrupting encrypti on An accomplished violinist, Einstein, no doubt, appreciated the symmetry of his metaphor.
Tech Republic Security
NOVEMBER 16, 2020
These hackers are finding security bugs--and getting paid for it. That's changing the dynamics of cybersecurity.
Advertisement
How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.
Threatpost
NOVEMBER 16, 2020
Bumble fumble: An API bug exposed personal information of users like political leanings, astrological signs, education, and even height and weight, and their distance away in miles.
Tech Republic Security
NOVEMBER 16, 2020
IT leaders are placing an increased, permanent focus on the value of data, digital transformation, and security, a new survey finds.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
Tech Republic Security
NOVEMBER 16, 2020
Follow these steps to better protect your Zoom account with a second layer of authentication.
Threatpost
NOVEMBER 16, 2020
Lazarus Group is believed to be behind a spate of attacks that leverage stolen digital certificates tied to browser software that secures communication with government and financial websites in South Korea.
Tech Republic Security
NOVEMBER 16, 2020
You might not make a million dollars, but hackers are making good money from reporting vulnerabilities.
Security Affairs
NOVEMBER 16, 2020
Researchers discovered an ElasticSearch database exposed online that contained data for over 100000 compromised Facebook accounts. Researchers at vpnMentor discovered an ElasticSearch database exposed online that contained an archive of over 100.000 compromised Facebook accounts. The archive was used by crooks as part of a global hacking campaign against users of the social network. “We discovered the scam via an unsecured database used by the fraudsters to store private data belonging to
Advertiser: Revenera
In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.
Threatpost
NOVEMBER 16, 2020
Cybercriminals left an ElasticSearch database exposed, revealing a global attack that compromised Facebook accounts and used them to scam others.
Dark Reading
NOVEMBER 16, 2020
From securing the Nightingale hospitals to tackling threats to vaccine research and production, a large part of the National Cyber Security Centre's (NCSC) recent work in the UK has been related to the coronavirus pandemic, as Ron Alalouff discovered when reporting on its Annual Review.
Security Affairs
NOVEMBER 16, 2020
North Korea-linked Lazarus APT group is behind new campaigns against South Korean supply chains that leverage stolen security certificates. . Security experts from ESET reported that North-Korea-linked Lazarus APT (aka HIDDEN COBRA ) is behind cyber campaigns targeting South Korean supply chains. According to the experts the nation-state actors leverage stolen security certificates from two separate, legitimate South Korean companies. .
Threatpost
NOVEMBER 16, 2020
The bugs tracked as CVE-2020–8271, CVE-2020–8272 and CVE-2020–8273 exist in the Citrix SD-WAN Center.
Advertisement
Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.
Dark Reading
NOVEMBER 16, 2020
The analysis of an industrial ransomware attack reveals common tactics and proactive steps that businesses can take to avoid similar incidents.
Herjavec Group
NOVEMBER 16, 2020
Black Friday and Cyber Monday are approaching. Make sure to share this with all of your employees. Los Angeles, Calif. – Nov. 16, 2020. Someone you know will be hacked the weekend after Thanksgiving. Over the next two weeks your employees will be bombarded with ads for the best deals on TVs, computers, laptops, cars, clothes, shoes – you name it.
Dark Reading
NOVEMBER 16, 2020
Two new capabilities in version 5.4.3 let hosts and co-hosts pause Zoom meetings to remove and report disruptive attendees.
Fox IT
NOVEMBER 16, 2020
Threat Intel Analyst: Antonis Terefos ( @Tera0017 ) Data Scientist: Anne Postma ( @A_Postma ). 1. Introduction. TA505 is a sophisticated and innovative threat actor, with plenty of cybercrime experience, that engages in targeted attacks across multiple sectors and geographies for financial gain. Over time, TA505 evolved from a lesser partner to a mature, self-subsisting and versatile crime operation with a broad spectrum of targets.
Advertisement
The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.
Dark Reading
NOVEMBER 16, 2020
We're at an inflection point. The threats we face are dynamic, emerging, and global. Are you ready?
Security Affairs
NOVEMBER 16, 2020
Security experts from Sucuri analyzing a software skimmer that is abusing its brand name in order to evade detection. Researchers at Sucuri analyzed a software skimmer that is using their brand name in order to evade detection. The e-skimmer is a base64-encoded JavaScript blob that attackers inject into target webpages. During a routine investigation, the researchers found the web skimmer that pretends to be related to Sucuri , the malicious code was injected into the database of a Magento site
NSTIC
NOVEMBER 16, 2020
Three years ago, NIST published the first version of Special Publication (SP) 800-181, the National Initiative for Cybersecurity Education (NICE) Cybersecurity Workforce Framework. Since then, cybersecurity has changed. In the last year the way we think about how we do work has changed, too. Drastically. In order to keep pace with these changes and increase flexibility of the NICE Framework so that it meets the needs of multiple stakeholder groups across both public and private sectors, NIST ann
ImmuniWeb
NOVEMBER 16, 2020
The Monetary Authority of Singapore (MAS) has issued a set of recommendations addressing Open Source Software security and TPRM program to keep your business secure amid the pandemic.
Advertisement
The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.
Thales Cloud Protection & Licensing
NOVEMBER 16, 2020
Healthcare Organizations Need to Adapt Their Data Protection Policies to the New Threat Environment. sparsh. Tue, 11/17/2020 - 06:44. Healthcare providers are at the epicenter of the fight against coronavirus. While the pandemic accelerated their digital transformation initiatives, it also expanded their threat surface and opened up opportunities for cybercriminals.
Duo's Security Blog
NOVEMBER 16, 2020
In the security industry there is an adage that usability needs to be sacrificed in the name of increasing security. The equation has traditionally been zero sum: increase usability, decrease security and vice-versa. However, at Duo we work hard to give customers fine-tune control over their security posture while maintaining and improving a user experience that is simple and easy to use.
Trend Micro
NOVEMBER 16, 2020
We analyze how CVE-2020-17053 was found and how it works.
Digital Shadows
NOVEMBER 16, 2020
ShadowTalk hosts Stefano, Kim, Dylan, and Adam bring you the latest in threat intelligence. This week they cover: RegretLocker’s approach. The post ShadowTalk Update: RegretLocker, OceanLotus, Millions Seized in Cryptocurrency, and more! first appeared on Digital Shadows.
Speaker: Blackberry, OSS Consultants, & Revenera
Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?
Veracode Security
NOVEMBER 16, 2020
As a security professional reading through version 11 of our State of Software Security (SOSS) report , the first statistic that probably stands out to you is that 76 percent of applications have security flaws. It???s encouraging to see that only 24 percent of those security flaws are high-severity, but ultimately, having security flaws in more than three-fourths of applications means there is still work to be done.
Trend Micro
NOVEMBER 16, 2020
There’s an old myth still in circulation that Macs are invulnerable to hackers and cybercriminals—but is it true? The short answer is no.
Dark Reading
NOVEMBER 16, 2020
Noted security researcher Peiter Zatko joins the social network as head of security.
Veracode Security
NOVEMBER 16, 2020
In 2017, we started a blog series talking about how to securely implement a crypto-system in java. How to Get Started Using Java Cryptography Securely touches upon the basics of Java crypto, followed by posts around various crypto primitives Cryptographically Secure Pseudo-Random Number Generator ( CSPRNG ), Encryption/Decryption , and Message Digests.
Speaker: Erika R. Bales, Esq.
When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.
Expert insights. Personalized for you.
323 
Let's personalize your content