Adam Levin
SEPTEMBER 4, 2020
The controversial collection of details on billions of American phone calls by the National Security Agency (NSA) was illegal and possibly unconstitutional, according to a ruling by a federal appeals court. Under the NSA program, information and metadata from calls placed by U.S. citizens were collected in bulk and screened for possible connections to terrorist activity.
Troy Hunt
SEPTEMBER 4, 2020
I kicked off a little bit earlier on this one in order to wrap up before the Burning Minds keynote, and it's interesting to see just how much difference that little sliver of sunlight makes to the video quality. Check the very start of the video versus the very end; this is the sunset slipping through the crack in the fully drawn blinds, make a massive difference.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Schneier on Security
SEPTEMBER 4, 2020
The company Edgenuity sells AI systems for grading tests. Turns out that they just search for keywords without doing any actual semantic analysis.
Tech Republic Security
SEPTEMBER 4, 2020
This campaign tries to steal account credentials by convincing users that their email service has quarantined three messages, says Cofense.
Advertisement
How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.
Daniel Miessler
SEPTEMBER 4, 2020
Shoshana Zuboff came out with a brilliant work called Surveillance Capitalism a while back, which I reviewed here. It talked about not just the threat of the tech itself but how that tech could be used to control the behavior of populations. I highly recommend it. Cory Doctorow, of Down and Out in the Magic Kingdom and Little Brother fame just came out with a rebuttal, essentially saying no—it’s not the tech that’s the problem, but rather that the companies wielding the tech ar
Tech Republic Security
SEPTEMBER 4, 2020
If you migrated to a different iPhone or Android device and need to transfer Google Authenticator to the new hardware, follow these steps.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
Tech Republic Security
SEPTEMBER 4, 2020
Dubbed PyVil, the new remote access trojan goes after passwords, documents, browser cookies, and email credentials, says Cybereason.
Security Affairs
SEPTEMBER 4, 2020
A school district in North Carolina disclosed a data breach after having unencrypted files stolen during a SunCrypt Ransomware attack. The Haywood County School district in North Carolina has suffered a data breach after having unencrypted files stolen during a SunCrypt Ransomware attack. The ransomware attack took place on August 24th, 2020, but at the time the family of malware that infected the school district was not revealed.
Tech Republic Security
SEPTEMBER 4, 2020
The iOS 14, iPadOS 14, and tvOS 14 anti-tracking feature is on hold until early 2021 to give developers time to make the necessary changes, according to Apple.
Security Affairs
SEPTEMBER 4, 2020
Warner Music Group (WMG) disclosed a data breach affecting US-based e-commerce stores, the compromise appears to be a Magecart attack. Warner Music Group (WMG) is a major music company with interests in recorded music, music publishing and artist services. The company has disclosed a data breach that impacted customers’ personal and financial information, the incident affected several US-based e-commerce stores.
Advertiser: Revenera
In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.
Tech Republic Security
SEPTEMBER 4, 2020
Mayor Pete Buttigieg's former CISO and Splunk security advisor Mick Baccio explains the cybersecurity best practices he learned from protecting a presidential candidate's campaign.
Threatpost
SEPTEMBER 4, 2020
The company committed to more transparency about app flaws, with an advisory page aimed at keeping the community better informed of security vulnerabilities.
Tech Republic Security
SEPTEMBER 4, 2020
The Snapdragon 8cx Gen 2 5G chip is designed to bring 5G to commercial and consumer Always On, Always Connected PCs. The processor supports Wi-Fi 6 and offers productivity and security benefits.
Threatpost
SEPTEMBER 4, 2020
A phishing campaign uses overlay screens and email 'quarantine' policies to steal targets' Microsoft Outlook credentials.
Advertisement
Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.
Tech Republic Security
SEPTEMBER 4, 2020
Mayor Pete Buttigieg's former CISO and Splunk security advisor Mick Baccio explains the cybersecurity best practices he learned from protecting a presidential candidate's campaign.
WIRED Threat Level
SEPTEMBER 4, 2020
Police increasingly ask Google and other tech firms for data about who was where, when. Two judges ruled the investigative tool invalid in a Chicago case.
Dark Reading
SEPTEMBER 4, 2020
It's all fun and games until someone loses their V-Bucks, right? Here's how cyberattackers are cheating the gaming biz -- and winning big.
Threatpost
SEPTEMBER 4, 2020
If the social-media behemoth finds a bug in another platform's code, the project has 90 days to remediate before Facebook goes public.
Advertisement
The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.
Dark Reading
SEPTEMBER 4, 2020
Marketing officers may have accepted ad fraud as a cost of doing business, but infosec pros take heed -- fraud can be a step to more significant attacks. Here's what to know and how to take action.
Threatpost
SEPTEMBER 4, 2020
Cybersecurity researchers Brian Gorenc and Dustin Childs talk about the biggest vulnerability disclosure challenges in IoT and the industrial vertical.
Dark Reading
SEPTEMBER 4, 2020
It's "anything goes," according to renowned hacker the Grugq, who drew a bright line between cyberwar and cyber warfare at this week's virtual Disclosure Conference.
Threatpost
SEPTEMBER 4, 2020
Cybercriminals can use social media in many ways in order to trick employees.
Advertisement
The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.
Dark Reading
SEPTEMBER 4, 2020
Today's enterprises depend on mission-critical applications to keep them productive, help better serve customers, and keep up with demand. It's important that they also know the risks.
ForAllSecure
SEPTEMBER 4, 2020
Researchers from VDA Labs used ForAllSecure Mayhem to discover a stack overflow ( CVE-2020-15359 ) in a popular open source sound utility, MP3Gain. MP3Gain analyzes and adjusts MP3 files so that they have the same volume by using statistical analysis to determine what those levels should be. The researchers at VDA Labs said in a blog post “a bad actor could use this bug to develop an exploit, which could result in something like the compromise of a workstation running MP3Gain.” VDA L
Dark Reading
SEPTEMBER 4, 2020
The number of DDoS attacks affecting educational resources was far higher between February and June 2020 compared with 2019.
Veracode Security
SEPTEMBER 4, 2020
When it comes to application security (AppSec), it???s important to note that no one testing type can uncover every flaw. Each tool is designed with a different area of focus, along with various speeds and costs ??? so it???s necessary to employ a mix of testing types. A good way to think about AppSec testing types is to compare them to health exams.
Speaker: Blackberry, OSS Consultants, & Revenera
Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?
Dark Reading
SEPTEMBER 4, 2020
A ruling in an appeal by four men convicted of material support for terrorism finds that the National Security Agency's metadata collection program not only violated the prevailing law at the time but was also likely unconstitutional.
WIRED Threat Level
SEPTEMBER 4, 2020
To protect the election, the platform will limit message forwarding to five people at a time.
Dark Reading
SEPTEMBER 4, 2020
The months-long breach hit financial details for customers.
Schneier on Security
SEPTEMBER 4, 2020
Asa ika means "morning squid" in Japanese. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Read my blog posting guidelines here.
Speaker: Erika R. Bales, Esq.
When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.
Expert insights. Personalized for you.
260 
Let's personalize your content