Tue.Aug 25, 2020

article thumbnail

Identifying People by Their Browsing Histories

Schneier on Security

Interesting paper: " Replication: Why We Still Can't Browse in Peace: On the Uniqueness and Reidentifiability of Web Browsing Histories ": We examine the threat to individuals' privacy based on the feasibility of reidentifying users through distinctive profiles of their browsing history visible to websites and third parties. This work replicates and extends the 2012 paper Why Johnny Can't Browse in Peace: On the Uniqueness of Web Browsing History Patterns [ 48 ].

article thumbnail

Protest App Bridgefy Riddled with Vulnerabilities

Adam Levin

A messaging app popular with activists and protesters around the globe was found to have several major vulnerabilities that could compromise user privacy. Bridgefy is a mesh messaging app that lets users send and receive texts to others nearby without requiring an internet connection. While the developers of the app say it’s ideal for communicating during large gatherings, natural disasters, or in school settings, the app’s publicized security and encryption features have made it a favorite for

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

IoT botnets: Smart homes ripe for a new type of cyberattack

Tech Republic Security

The burgeoning smart home device market has given rise to digital intrusion and potential energy market manipulation on a massive scale.

IoT 214
article thumbnail

The Fatal Flaw in Data Security

Dark Reading

Simply stated: No matter how sophisticated your security software is, data cannot be simultaneously used and secured. But that may be changing soon.

Software 123
article thumbnail

IDC Analyst Report: The Open Source Blind Spot Putting Businesses at Risk

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

article thumbnail

Lazarus Group Targets Cryptocurrency Firms Via LinkedIn Messages

Threatpost

The North Korean-linked APT's latest campaign shows that it is shifting focus to target the cryptocurrency and financial verticals.

article thumbnail

Election Security's Sticky Problem: Attackers Who Don't Attack Votes

Dark Reading

If election defenders are protecting votes, and adversaries are attacking something else entirely, both sides might claim success, "Operation BlackOut" simulation shows.

108
108

More Trending

article thumbnail

Phishing Attack Used Box to Land in Victim Inboxes

Dark Reading

A phishing attack targeting government and security organizations used a legitimate Box page with Microsoft 365 branding to trick victims.

article thumbnail

Shoring Up the 2020 Election: Secure Vote Tallies Aren’t the Problem

Threatpost

With many in the public sphere warning about a potential compromise of the integrity of the Presidential Election, security researchers instead flag online resources and influence campaigns as the biggest problem areas.

article thumbnail

Online Business Fraud Down, Consumer Fraud Up

Dark Reading

Criminals are changing tactics to match changing business conditions in the coronavirus pandemic, according to a new report.

88
article thumbnail

Learning About Structure-Aware Fuzzing and Finding JSON Bugs to Boot

ForAllSecure

Introduction. What do JSON, YAML, and HTTP have in common? They’re all examples of ubiquitous data serialization and transmission standards, making them great targets for testing with fuzzing. While fuzzing has found many bugs in these kinds of targets, they all have requirements for structure in order for data to be considered “valid.” Handling these structure requirements intelligently is the key to finding the next level of bugs that others may have missed!

59
article thumbnail

Beware of Pixels & Trackers on U.S. Healthcare Websites

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

article thumbnail

Three Easy Ways to Avoid Meow-like Database Attacks

Dark Reading

The largest problem facing database security today is the disconnect between security teams and DBAs beginning from the moment of configuration and continuing throughout the database lifecycle.

64
article thumbnail

Application Security Assessment: Protect from Threats in the G Suite Marketplace

Spinone

Third-party applications can greatly extend the functionality and capabilities of your public cloud environments. However, they can also introduce potential security implications as well. This threat makes companies seek application security assessment tools that can eliminate risks while not turning down the advantages of using public SaaS completely.

article thumbnail

McAfee ESM Named a 2020 Gartner Peer Insights Customers’ Choice for SIEM

McAfee

The McAfee team is very proud to announce that once again McAfee was named a Gartner Peer Insights Customers’ Choice for SIEM for its McAfee Enterprise Security Manager (ESM) Solution , a recognition of high satisfaction from a number of reviews by verified end-user professionals. We are most appreciative of our customers who support our solutions and share their opinions through forums like Gartner Peer Insights.

article thumbnail

NBlog Aug 26 - ISMS templates

Notice Bored

Systematically checking through ISO/IEC 27001:2013 for all the documentation requirements is an interesting exercise. Some documents are identified explicitly in the standard and are clearly mandatory, while many others are only noted in passing, often in ambiguous terms or merely alluded-to. which can make it tricky to both comply with the standard and persuade the certification auditors of that.

Risk 52
article thumbnail

Software Composition Analysis: The New Armor for Your Cybersecurity

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

article thumbnail

NEW TECH: Trend Micro flattens cyber risks — from software development to deployment

The Last Watchdog

Long before this awful pandemic hit us, cloud migration had attained strong momentum in the corporate sector. As Covid19 rages on, thousands of large to mid-sized enterprises are now slamming pedal to the metal on projects to switch over to cloud-based IT infrastructure. A typical example is a Seattle-based computer appliance supplier that had less than 10 percent of its 5,000 employees set up to work remotely prior to the pandemic.

article thumbnail

Learning About Structure-Aware Fuzzing and Finding JSON Bugs to Boot

ForAllSecure

Introduction. What do JSON, YAML, and HTTP have in common? They’re all examples of ubiquitous data serialization and transmission standards, making them great targets for testing with fuzzing. While fuzzing has found many bugs in these kinds of targets, they all have requirements for structure in order for data to be considered “valid.” Handling these structure requirements intelligently is the key to finding the next level of bugs that others may have missed!

article thumbnail

Google Project Zero expert found 3 flaws in Apache Web Server

Security Affairs

Administrators of servers running Apache have to update their installs immediately to fix multiple vulnerabilities disclosed by a Google researcher. Apache Foundation released the 2.4.46 version to address three flaws affecting its web server software that could be potentially exploited by attackers, under specific conditions, to execute arbitrary code or to trigger a DoS condition by crashing the server.

article thumbnail

Learning About Structure-Aware Fuzzing and Finding JSON Bugs to Boot

ForAllSecure

Introduction. What do JSON, YAML, and HTTP have in common? They’re all examples of ubiquitous data serialization and transmission standards, making them great targets for testing with fuzzing. While fuzzing has found many bugs in these kinds of targets, they all have requirements for structure in order for data to be considered “valid.” Handling these structure requirements intelligently is the key to finding the next level of bugs that others may have missed!

article thumbnail

From Complexity to Clarity: Strategies for Effective Compliance and Security Measures

Speaker: Erika R. Bales, Esq.

When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.

article thumbnail

Your COVID-19 Status Just Got Hacked, State Warns

SecureWorld News

If you've watched any action flicks during the pandemic, you've probably seen it: a battle between different sides results in a lot of collateral damage. We are already seeing some of the collateral damage in the real life battle between criminal hackers and law enforcement across the United States. And in at least one state, we know residents have now had their COVID-19 status hacked and exposed.

Hacking 63