Schneier on Security

NOVEMBER 11, 2020

Proctoring an online exam is hard. It’s hard to be sure that the student isn’t cheating, maybe by having reference materials at hand, or maybe by substituting someone else to take the exam for them. There are a variety of companies that provide online proctoring services, but they’re uniformly mediocre : The remote proctoring industry offers a range of services, from basic video links that allow another human to observe students as they take exams to algorithmic tools that use

Artificial Intelligence 297

Artificial Intelligence Education Technology Software 297

Javvad Malik

NOVEMBER 11, 2020

The last quarter of the year is also known as predictions season. It’s the time where those who consider themselves to be wise and enlightened rub their chin thoughtfully and spout the wisdom of what the future holds. I should know, in my days as an industry analyst I was often called upon as a digital Nostradamus. But predictions are no easy feat, and there is a dilemma associated with it… which I call the Predictions Dilemma (contact me for all your branding and marketing needs).

Marketing 130

Marketing Ransomware 130

The Last Watchdog

NOVEMBER 11, 2020

As a tradeoff for enjoying our digital lives, we’ve learned to live with password overload and even tolerate two-factor authentication. But now, at long last, we’re on the brink of eliminating passwords altogether, once and for all. Related: CEOs quit Tweeting to protect their companies A confluence of technical and social developments points to username-and-password logons becoming obsolete over the next few years.

Authentication 118

Authentication VPN Passwords Hacking 118

Dark Reading

NOVEMBER 11, 2020

Employees are often your first line of security defense when the bad guys come calling -- providing your workers are properly trained. Security leaders share how they're raising awareness.

Security Awareness 132

Security Awareness Security Defenses 132

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Javvad Malik

NOVEMBER 11, 2020

I worked for a couple of years with Chris Doman when I was at AlienVault. In his spare time Chris ran a popular threat intelligence portal called ThreatCrowd which AlienVault acquired when they hired him. Chris is not only one of the smartest people I’ve worked with, but also one of the nicest. I enjoyed collaborating with him over the years and learnt a lot from him. .

Marketing 100

Marketing Technology Software Cybersecurity 100

Dark Reading

NOVEMBER 11, 2020

Disinformation campaigns are now designed not only to influence how voters fill out their ballots, but also how confident they are in the entire process. How do legislators, media organizations, security professionals, and voters respond?

Media 126

Media 126

PCI perspectives

NOVEMBER 11, 2020

On 28 October 2022, the Payment Application Data Security Standard (PA-DSS) program will officially close. In this blog, Jake Marcinko, PCI SSC Senior Manager, Emerging Standards, shares how PA-DSS compares to its successor, the PCI Secure Software Standard, a standard within the PCI Software Security Framework (SSF); and Tracey Harrington, PCI SSC Manager, Certification Programs, offers key timelines and suggestions on how to prepare your organization to make the transition.

Software 107

Software 107

Security Affairs

NOVEMBER 11, 2020

The alleged decompiled source code for the Cobalt Strike post-exploitation toolkit has been leaked online in a GitHub repository. The decompiled source code for the Cobalt Strike post-exploitation toolkit has allegedly been leaked online in a GitHub repository. Source Bleeping Computer. Cobalt Strike is a legitimate penetration testing toolkit and threat emulation software that allows attackers to deploy payloads, dubbed “beacons,” on compromised devices to remotely create shells, ex

Penetration Testing 113

Penetration Testing Software Hacking Information Security 113

Dark Reading

NOVEMBER 11, 2020

The National Science Foundation awarded a grant to Georgia State University (GSU) to come up with innovative ways to thwart the supply chains for counterfeiting, loan- and unemployment fraud.

Cybercrime 103

Cybercrime 103

Security Affairs

NOVEMBER 11, 2020

The European Union this week agreed to tighten up rules for the sale and export of dual-use technology. European Parliament votes to tighten up rules for the sale and export of surveillance and encryption technology. EU lawmakers and the European Council aim to update controls for the sale of dual-use solutions such as surveillance spyware, facial recognition systems and drones to prevent authoritarian government abusing them for censorship and to persecute political opponents and dissidents vio

Technology 98

Technology Surveillance Government Spyware 98

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

Threatpost

NOVEMBER 11, 2020

Both Nvidia and Intel faced severe security issues this week - including a high-severity bug in Nvidia's GeForce NOW.

Hacking 121

Hacking 121

Security Affairs

NOVEMBER 11, 2020

Mozilla and Google have already fixed the critical flaws in Firefox and Chrome exploited by bug bounty hunters at 2020 Tianfu Cup hacking contest. Mozilla and Google have already addressed the critical Firefox and Chrome vulnerabilities that were recently exploited by white hat hackers at the 2020 Tianfu Cup hacking contest. The vulnerability in Chrome exploited by hackers at the 2020 Tianfu Cup, tracked as CVE-2020-16016, is an inappropriate implementation issue that resided in the base compo

Hacking 95

Hacking Government Accountability Cybersecurity 95

Threatpost

NOVEMBER 11, 2020

Philippines COVID-KAYA app allowed for unauthorized access typically protected by ‘superuser’ credentials and also may have exposed patient data.

Healthcare 104

Healthcare Data breaches Technology Mobile 104

Security Affairs

NOVEMBER 11, 2020

A former Microsoft worker was sentenced to nine years in prison for a scheme to steal $10 million in digital currency. Volodymyr Kvashuk (26), a former Microsoft software engineer, was sentenced this week to nine years in prison for a scheme to steal $10 million in digital currency. Kvashuk is a Ukrainian citizen living in Renton, Washngton, was responsible for helping test Microsoft’s online retail sales platform.

Identity Theft 95

Identity Theft Retail Engineering Software 95

Advertisement

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

Cybersecurity

Dark Reading

NOVEMBER 11, 2020

New analysis of attacks and breaches -- to the tune of more than $20 million in damages and losses of at least 20 million records -- underscores the importance of planning for these events.

125

125

Security Affairs

NOVEMBER 11, 2020

Microsoft Patch Tuesday updates for November 2020 address 112 flaws, including a Windows bug that was chained with Chrome issues in attacks. Microsoft Patch Tuesday updates for November 2020 address 112 vulnerabilities in multiple products, including Microsoft Windows, Office and Office Services and Web Apps, Internet Explorer (IE), Edge (EdgeHTML-based and Chromium-based), ChakraCore, Exchange Server, Microsoft Dynamics, Azure Sphere, Windows Defender, Microsoft Teams, and Visual Studio.

Internet 94

Internet Internet Hacking Information Security 94

Threatpost

NOVEMBER 11, 2020

Three security vulnerabilities can be chained to enable unauthenticated remote code execution.

124

124

Dark Reading

NOVEMBER 11, 2020

Using a series of processes, infosec pros can then tap automated data hygiene to find and fix files that attackers key in on.

InfoSec 110

InfoSec Ransomware 110

Advertisement

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

Healthcare

Threatpost

NOVEMBER 11, 2020

Following a Nov. 3 ransomware attack against Campari, Ragnar Locker group took out public Facebook ads threatening to release stolen data.

Ransomware 98

Ransomware Malware Hacking 98

Dark Reading

NOVEMBER 11, 2020

Although we saw workforce gains this year, 56% of businesses surveyed report staff shortages are putting their organization at risk.

Risk 106

Risk 106

WIRED Threat Level

NOVEMBER 11, 2020

It's time to do something about those photos and videos automatically saving to your camera roll.

104

104

Threatpost

NOVEMBER 11, 2020

The flaw stems from an issue with the ingress packet processing function of Cisco IOS XR software.

Software 103

Software 103

Advertisement

The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.

Identity Theft

Dark Reading

NOVEMBER 11, 2020

When marketing opts for "extra-departmental IT," coordination and communication are required to keep things secured.

Marketing 98

Marketing 98

Threatpost

NOVEMBER 11, 2020

Seven mobile apps for Android sneakily charge fans of Minecraft and Roblox hundreds of dollars per month.

Mobile 95

Mobile Scams Malware 95

Fox IT

NOVEMBER 11, 2020

Author: Jelle Vergeer. Introduction. A while ago we had a forensics case in which a Linux server was compromised and a modified OpenSSH binary was loaded into the memory of a webserver. The modified OpenSSH binary was used as a backdoor to the system for the attackers. The customer had pcaps and a hypervisor snapshot of the system on the moment it was compromised.

Encryption 76

Encryption Authentication Software Passwords 76

ImmuniWeb

NOVEMBER 11, 2020

The so-called Strong AI is a scientific term to define an AI capable to fully substitute human, often seen in Hollywood movies where machines defeat humans. In 2020, we did a solid step towards the Strong AI, but it’s still not here.

75

75

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

Cybersecurity

Thales Cloud Protection & Licensing

NOVEMBER 11, 2020

Is Confidential Computing Ready for Prime Time? sparsh. Thu, 11/12/2020 - 06:03. The Promise of Confidential Computing. To some, confidential computing is one of the remaining Holy Grails of data security: secure protection of data in use at scale and at a commodity price point. Are current technologies ready to live up to this promise? Confidential computing is a generic industry term that describes the process of securing data in use.

Architecture 62

Architecture Encryption Technology Firmware 62

Dark Reading

NOVEMBER 11, 2020

The 26-year-old was convicted earlier this year of wire fraud, money laundering, and filing false tax returns, among other charges.

Engineering 83

Engineering Software 83

SecureWorld News

NOVEMBER 11, 2020

A credible looking and fake IRS email is slamming tens of thousands of inboxes across the United States. Did you get one of these emails? Or perhaps something similar that seems like it probably did not come from the IRS? We'll look at how to tell if emails you get from the IRS are really from hackers and how to report it. However, we'll start with a recent example of an IRS cyber crime scam.

Scams 58

Scams Phishing Identity Theft Accountability 58

Dark Reading

NOVEMBER 11, 2020

Platforms, open source tools, and other toolkits for penetration testers and other security practitioners will be showcased at the early December virtual event.

64

64

Speaker: Erika R. Bales, Esq.

When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.