Schneier on Security

AUGUST 20, 2020

Researchers are using recordings of keys being used in locks to create copies. Once they have a key-insertion audio file, SpiKey's inference software gets to work filtering the signal to reveal the strong, metallic clicks as key ridges hit the lock's pins [and you can hear those filtered clicks online here ]. These clicks are vital to the inference analysis: the time between them allows the SpiKey software to compute the key's inter-ridge distances and what locksmiths call the "bitting depth" of

Software 359

Software 359

Tech Republic Security

AUGUST 20, 2020

Cybercriminals have adapted by exploiting improperly secured VPNs, cloud-based services, and business email, says Malwarebytes.

Cybersecurity 215

Cybersecurity 215

Daniel Miessler

AUGUST 20, 2020

Download the Slides. I presented at DEFCON’s Red Team Village on August 8th, and the topic was the automation of common Recon and Security activities. More specifically, it was about how to do those things with common tools like Linux, Bash, Cron, Email, and Slack. My friend Clint Gibler of TL;DR Sec fame graciously created one of his brilliant summaries of the talk, which you can find here.

Information Security 134

Information Security 134

Tech Republic Security

AUGUST 20, 2020

Digital advertising has vulnerabilities, and this type of cybercrime will cost businesses $100 million a day by 2023, but goes almost completely unnoticed, according to adtech company TrafficGuard.

CISO 172

CISO Cybercrime Advertising 172

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Dark Reading

AUGUST 20, 2020

Two recent reports on smart-locks vulnerabilities show that IoT vendors have a bigger job to do in ensuring their products are safely deployed and configured.

IoT 134

IoT Hacking 134

Tech Republic Security

AUGUST 20, 2020

Stanford has replaced logins and passwords with a digital key to improve endpoint security.

CISO 215

CISO Phishing Passwords 215

Tech Republic Security

AUGUST 20, 2020

Security vendor Fortinet found several important similarities between how enterprises responded, and how they plan to adapt, to a future of remote work.

158

158

Threatpost

AUGUST 20, 2020

The proposed law comes as police departments around the country for their use of facial recognition to identify allegedly violent Black Lives Matter protesters.

Government 122

Government 122

Tech Republic Security

AUGUST 20, 2020

A push to provide public cloud services with production-ready confidential computing capabilities able to protect data, applications, and processes.

Banking 164

Banking 164

Threatpost

AUGUST 20, 2020

Cisco has issued a fix for a critical flaw in its Virtual Wide Area Application Services (vWAAS), software for optimizing WAN on virtual private cloud infrastructure.

Software 110

Software 110

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

Dark Reading

AUGUST 20, 2020

Fearful of messing up its implementation, many enterprises are still holding out on MFA. Here's what they need to know.

Authentication 129

Authentication 129

Security Affairs

AUGUST 20, 2020

Google addressed an email spoofing vulnerability affecting Gmail and G Suite a few hours after it was publicly disclosed. Google addressed an email spoofing vulnerability affecting its Gmail and G Suite products a few hours after it was publicly disclosed, but the IT giant was ware of the flaw since April. On Wednesday, the researcher Allison Husain published technical details of the email spoofing vulnerability in a blog post, which also includes a proof-of-concept (PoC) code.

Authentication 103

Authentication Advertising Accountability Hacking 103

Threatpost

AUGUST 20, 2020

The unscheduled security update addresses two "important"-severity flaws in Windows 8.1 and Windows Server 2012.

121

121

Dark Reading

AUGUST 20, 2020

The high profile attack should spur serious board-level conversations around the importance of insider threat prevention.

Hacking 115

Hacking 115

Advertisement

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

Cybersecurity

Security Affairs

AUGUST 20, 2020

Microsoft released an Out-of-Band security update to address privilege escalation flaws in Windows 8.1 and Windows Server 2012 R2 systems. Microsoft released this week an out-of-band security update for Windows 8.1 and Windows Server 2012 R2 systems that address two privilege escalation vulnerabilities in Windows Remote Access. Both vulnerabilities were addressed by Microsoft in August, the August 2020 Patch Tuesday security updates fixed the flaws in Windows 10, Windows 7, and Windows Server 20

Advertising 95

Advertising Hacking Information Security Malware 95

Threatpost

AUGUST 20, 2020

A low-privileged process on a vulnerable machine could allow data harvesting and DoS.

Software 128

Software Artificial Intelligence 128

Dark Reading

AUGUST 20, 2020

Banks have hesitated to adopt many strong security practices, and for understandable reasons. But now is the time to be bold.

Banking 98

Banking 98

Threatpost

AUGUST 20, 2020

The lawsuit alleged that the IBM-owned Weather Channel mobile app did not let users know it was selling their geolocation data.

Data privacy 92

Data privacy Mobile 92

Advertisement

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

Healthcare

Dark Reading

AUGUST 20, 2020

Black Hat USA 2020 was nothing like an in-person event, but it was incredibly useful for all involved, providing even the most grizzled industry veterans with fresh perspectives.

73

73

WIRED Threat Level

AUGUST 20, 2020

The scheme involved 7,000 $94 toothbrushes, according to law enforcement.

113

113

Security Affairs

AUGUST 20, 2020

IBM addressed a shared memory vulnerability in its Db2 data management solutions that could lead to information disclosure. IBM fixed a shared memory vulnerability in its Db2 data management products that can be exploited by malicious local users to access sensitive data. The vulnerability, which is tracked as CVE-2020-4414 , was discovered by researchers from Trustwave, it is caused by the lack of explicit memory protections for the shared memory used by Db2 trace facility.

Advertising 102

Advertising Authentication Hacking Information Security 102

Dark Reading

AUGUST 20, 2020

Two recent reports on smart-locks vulnerabilities show that IoT vendors have a bigger job to do in ensuring their products are safely deployed and configured.

IoT 78

IoT Hacking 78

Advertisement

The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.

Identity Theft

Threatpost

AUGUST 20, 2020

The group has added a management console and a USB worming function to its main malware, Crimson RAT.

Government 79

Government Malware Phishing 79

Dark Reading

AUGUST 20, 2020

Researchers discover a lack of explicit memory protections around the shared memory used by the Db2 trace facility.

89

89

NSTIC

AUGUST 20, 2020

It’s a very different world that we’re living in from the one in which we published the NIST Privacy Framework this past January. These changes have demonstrated that the need for effective privacy programs that can adapt to new risks has never been more important. A skilled workforce is a key pillar of an effective privacy program.

Risk 52

Risk 52

Dark Reading

AUGUST 20, 2020

The U.S. election in November is once again expected to be a target of digital adversaries. Experts at Black Hat USA 2020 highlighted the many election security questions authorities must address.

59

59

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

Cybersecurity

ImmuniWeb

AUGUST 20, 2020

After a successful implementation of SSO login on the Platform, new features boost threat intelligence and attack surface management capacities of ImmuniWeb Discovery.

44

44

Dark Reading

AUGUST 20, 2020

The charges stem from a 2016 attack in which 57 million records were breached.

CSO 85

CSO Hacking 85

Security Affairs

AUGUST 20, 2020

Cisco addressed a critical default credentials vulnerability (CVE-2020-3446) affecting some configurations of its ENCS 5400-W series and CSP 5000-W series appliances. Cisco fixed a critical default credentials vulnerability impacting some configurations of its ENCS 5400-W series and CSP 5000-W series appliances. Cisco Wide Area Application Services (WAAS) is technology developed by Cisco Systems that optimizes the performance of any TCP-based application operating in a wide area network (WAN) en

Hacking 121

Hacking Passwords Software Authentication 121

SecureWorld News

AUGUST 20, 2020

Zero-Day exploits are some of the most challenging vulnerabilities in cybersecurity. They're impossible to predict, and they have the potential to open a Pandora's box of mayhem. But twins at Vanderbilt University just developed a new approach to Zero-Day exploits that can keep you, the Internet of Things (IoT), and your organization one step ahead of hackers.

Cybersecurity 70

Cybersecurity Small Business IoT Government 70

Speaker: Erika R. Bales, Esq.

When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.