Schneier on Security

JANUARY 19, 2018

Interesting research: " Long-term market implications of data breaches, not ," by Russell Lange and Eric W. Burger. Abstract : This report assesses the impact disclosure of data breaches has on the total returns and volatility of the affected companies' stock, with a focus on the results relative to the performance of the firms' peer industries, as represented through selected indices rather than the market as a whole.

Marketing 295

Marketing Financial Services Data breaches Healthcare 295

Troy Hunt

JANUARY 31, 2018

This is probably the most self-explanatory blog post title I've ever written! But be that as it may, it deserves some explanation as to how I've arrived at this point and like many great ideas, it began over some beers. I've just arrived home to the Gold Coast in Australia which I frequently describe to people as "the sunny part of the sunny country" I'm literally sitting on a beach writing this blog post and frankly, I'd like to spend more time here.

Hacking 171

Hacking Media 171

Thales Cloud Protection & Licensing

JANUARY 31, 2018

Data breaches are the new normal. According to our 2018 Global Data Threat Report , 67% of enterprises have been breached, with that percentage rate growing every year. Regardless of the security measures and efforts put in place, organizations need to act as if a successful cyberattack is not a question of “if” but “when.”. As organizations continue to embrace digital transformation, greater amounts of sensitive data is created, stored and transferred in digital form putting more data at risk.

Digital transformation 130

Digital transformation Data breaches Encryption Cloud Migration 130

WIRED Threat Level

JANUARY 16, 2018

Megan Squire doesn’t consider herself to be antifa and pushes digital activism instead, passing along information to those who might put it to real-world use—who might weaponize it.

111

111

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Dark Reading

JANUARY 23, 2018

Following these tips can improve your security visibility and standardize management across hybrid environments.

103

103

Threatpost

JANUARY 21, 2018

Russian authorities have broken up a crime ring involving a hacker and willing gas-station employees who have used malicious software to cheat customers of gas.

Software 76

Software Government Malware Hacking 76

Troy Hunt

JANUARY 19, 2018

It's NDC London! I'm pushing this week's update out a little later due to the different time zones and frankly, due to it being an absolutely non-stop week of events. I talk about those, about how I'm trying to tackle breach disclosures now and about some upcoming events. Next week is Norway and Denmark and I'll be coming to you a little later due to a totally jam-packed Friday, more from me then. iTunes podcast | Google Play Music podcast | RSS podcast.

116

116

Thales Cloud Protection & Licensing

JANUARY 25, 2018

This morning we announced, in tandem with our partner 451 Research, the Global Edition of the 2018 Thales Data Threat Report. It’s abundantly clear that medium to larger enterprises (the focus of the report and underlying survey) are finding it harder than ever to protect their sensitive data. The twin drivers of the problem are increased threats and the drive to digitally transform how organizations deliver value and revenue.

Digital transformation 96

Digital transformation Threat Reports Big data Data breaches 96

WIRED Threat Level

JANUARY 7, 2018

The uncanny coincidences among the Meltdown and Spectre discoveries raise questions about "bug collisions"—and the safety of the NSA's hidden vulnerability collection.

111

111

Dark Reading

JANUARY 11, 2018

How security practitioners can incorporate expert knowledge into machine learning algorithms that reveal security insights, safeguard data, and keep attackers out.

Cybersecurity 88

Cybersecurity 88

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

Andrew Hay

JANUARY 10, 2018

Whether we like it or not, the way we architect, utilize, and secure the networks and systems under our control has changed. When servers were safely tucked away behind corporate firewalls and perimeter-deployed intrusion prevention controls, organizations became complacent and dependent on their host security. Unfortunately, inadequately architected security controls that rely solely on broad network-based protection can make the migration of an organization’s systems to private, public, and hy

Architecture 68

Architecture Firewall Technology 68

Schneier on Security

JANUARY 5, 2018

The security of pretty much every computer on the planet has just gotten a lot worse, and the only real solution -- which of course is not a solution -- is to throw them all away and buy new ones. On Wednesday, researchers just announced a series of major security vulnerabilities in the microprocessors at the heart of the world's computers for the past 15-20 years.

Firmware 194

Firmware Software Engineering Phishing 194

Troy Hunt

JANUARY 27, 2018

I'm in Denmark! Well I'm just in Denmark, I'm about to head out the hotel door and into 30 hours of travel which isn't exactly fun, but that's the nature of living on the other side of the world to pretty much everything. This week's update is a little late as my Friday was absolutely non-stop in Denmark. I talk about that below including the preceding days involving some pretty full on sledding in Norway, workshops, talks, ice, slush and snow.

InfoSec 115

InfoSec Password Management Passwords 115

Thales Cloud Protection & Licensing

JANUARY 4, 2018

We are in the midst of a digital revolution impacting every aspect of our everyday lives. At the center of the revolution is data, which is available in more forms, volume, depth and complexity since the beginnings of the computer revolution. Earlier this year , IDC predicted the world’s volume of data would expand to 163 zettabytes by 2025 – a tenfold rise in the total.

Digital transformation 95

Digital transformation Artificial Intelligence Mobile Technology 95

Advertisement

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

Healthcare

WIRED Threat Level

JANUARY 31, 2018

The special counsel is under attack, but if Robert Mueller gets fired, the investigation into Trump’s Russia ties and obstruction of justice could keep going.

111

111

Dark Reading

JANUARY 24, 2018

Major DDoS attacks cost some organizations more than $100,000 in 2017, according to a new NETSCOUT Arbor report.

DDOS 94

DDOS 94

Lenny Zeltser

JANUARY 21, 2018

This cheat sheet offers advice for product managers of new IT solutions at startups and enterprises. To print it, use the one-page PDF version; you can also edit the Word version to customize it for you own needs. Responsibilities of a Product Manager. Determine what to build, not how to build it. Envision the future pertaining to product domain. Align product roadmap to business strategy.

Technology 64

Technology Marketing Accountability Information Security 64

Schneier on Security

JANUARY 4, 2018

After a week or so of rumors, everyone is now reporting about the Spectre and Meltdown attacks against pretty much every modern processor out there. These are side-channel attacks where one process can spy on other processes. They affect computers where an untrusted browser window can execute code, phones that have multiple apps running at the same time, and cloud computing networks that run lots of different processes at once.

Architecture 170

Architecture 170

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

Cybersecurity

Threatpost

JANUARY 10, 2018

The debate over the government's authority to access private encrypted data on digital devices was amplified when the Federal Bureau of Investigation Director Christopher Wray called unbreakable encryption an 'urgent public safety issue.'.

Encryption 62

Encryption Government Mobile 62

Thales Cloud Protection & Licensing

JANUARY 5, 2018

( Originally posted to CenturyLink’s blog on November 10 ). To help save time and money, a growing number of enterprises are storing sensitive customer data in the public cloud. Increasingly, they’re also leveraging multiple cloud providers. According to IDC, nearly 80% of IT organizations currently deploy multi-cloud or plan to implement multi-cloud environments within 12 months.

Encryption 91

Encryption Technology Media 91

WIRED Threat Level

JANUARY 16, 2018

Vacant buildings are more than just an economic threat. They're also a public safety concern. And it turns out they have their own sort of gravitational pull.

106

106

Dark Reading

JANUARY 24, 2018

To benefit from automation, we need to review incident response processes to find the areas where security analysts can engage in more critical thought and problem-solving.

73

73

Speaker: Erika R. Bales, Esq.

When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.

eSecurity Planet

JANUARY 9, 2018

IT experts share some their tips on updating IT systems and business processes to comply with the EU's strict new data privacy regulations.

Data privacy 67

Data privacy 67

Schneier on Security

JANUARY 29, 2018

In November, the company Strava released an anonymous data-visualization map showing all the fitness activity by everyone using the app. Over this weekend, someone realized that it could be used to locate secret military bases: just look for repeated fitness activity in the middle of nowhere. News article.

157

157

Kali Linux

JANUARY 29, 2018

“Whether you’re new to the fight, or a seasoned pro, don’t stop training…” This statement, like the video that introduced it, has real punch. We did this on purpose to get you fired up, excited about your training, and to kickstart your journey. If it worked, and you’re in the fight, welcome aboard! If you haven’t jumped in for whatever reason, we want to introduce you to the plethora of resources we’ve made available to help you master Kali Linux

Penetration Testing 52

Penetration Testing Encryption Firewall Social Engineering 52

Thales Cloud Protection & Licensing

JANUARY 11, 2018

Cindy Provin is a 20-year veteran at Thales. This month, she became the CEO for Thales eSecurity. Previously, she served as the President for Thales eSecurity Americas, and Chief Strategy & Marketing Officer for Thales eSecurity. In her new role as CEO, Cindy will be responsible for leading a world-class organization and delivering a portfolio of security solutions to protect data wherever it is created, shared or stored.

Digital transformation 89

Digital transformation Marketing Cybersecurity 89

Speaker: William Hord, Vice President of ERM Services

A well-defined change management process is critical to minimizing the impact that change has on your organization. Leveraging the data that your ERM program already contains is an effective way to help create and manage the overall change management process within your organization. Your ERM program generally assesses and maintains detailed information related to strategy, operations, and the remediation plans needed to mitigate the impact on the organization.

Risk

WIRED Threat Level

JANUARY 21, 2018

Opinion: Researchers from Yale Privacy Lab argue that the scourge of trackers in Android apps means users should stop using the Google Play store.

Malware 110

Malware 110

Dark Reading

JANUARY 8, 2018

A malware tool for stealthily installing software that mines the Monero virtual currency looks like the handiwork of North Korean threat actors, AlienVault says.

Malware 76

Malware Cryptocurrency Software 76

Threatpost

JANUARY 29, 2018

ATM maker NCR Corp. is warning that cyber criminals are hacking U.S. cash machines with malware that can drain machines dry of cash.

Malware 68

Malware Hacking 68

Schneier on Security

JANUARY 26, 2018

On January 3, the world learned about a series of major security vulnerabilities in modern microprocessors. Called Spectre and Meltdown, these vulnerabilities were discovered by several different researchers last summer, disclosed to the microprocessors' manufacturers, and patched­ -- at least to the extent possible. This news isn't really any different from the usual endless stream of security vulnerabilities and patches, but it's also a harbinger of the sorts of security problems we're going t

Manufacturing 155

Manufacturing Software Banking Advertising 155

Advertisement

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

Cybersecurity