Schneier on Security
AUGUST 3, 2018
Humble Bundle sells groups of e-books at ridiculously low prices, DRM free. This month , the bundles are all Wiley titles, including three of my books: Applied Cryptography , Secrets and Lies , and Cryptography Engineering. $15 gets you everything, and they're all DRM-free. Even better, a portion of the proceeds goes to the EFF. As a board member, I've seen the other side of this.
Krebs on Security
AUGUST 16, 2018
An entrepreneur and virtual currency investor is suing AT&T for $224 million, claiming the wireless provider was negligent when it failed to prevent thieves from hijacking his mobile account and stealing millions of dollars in cryptocurrencies. Increasingly frequent, high-profile attacks like these are prompting some experts to say the surest way to safeguard one’s online accounts may be to disconnect them from the mobile providers entirely.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
The Last Watchdog
AUGUST 27, 2018
Distributed denial of service (DDoS) attacks continue to erupt all across the Internet showing not the faintest hint of leveling off, much less declining, any time soon. Related video: How DDoS attacks leverage the Internet’s DNA. To the contrary, DDoS attacks appear to be scaling up and getting more sophisticated in lock step with digital transformation; DDoS attacks today are larger, more varied and come at the targeted website from so many more vectors than ever before.
Troy Hunt
AUGUST 28, 2018
I'm still pretty amazed at how much traction Pwned Passwords has gotten this year. A few months ago, I wrote about Pwned Passwords in Practice which demonstrates a whole heap of great use cases where they've been used in registration, password reset and login flows. Since that time, another big name has come on board too : I love that a service I use every day has taken something I've built and is doing awesome things with it!
Advertisement
How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.
Adam Levin
AUGUST 13, 2018
Security researchers at the recent Black Hat and Def Con security conferences in Las Vegas have placed malware on pacemakers as a proof-of-concept hack to highlight the potential for security vulnerabilities in IoT-enabled medical devices. Another separate demonstration revealed that patients’ vital signs could be falsified in real time. The malware attack on IoT medical devices made it possible for a hacker to deliver shocks to a target’s heart via an unencrypted connection, and as such represe
Thales Cloud Protection & Licensing
AUGUST 21, 2018
The enactment of the European Union’s General Data Protection Regulation (GDPR) is a significant milestone for virtually every international business. Under the standard, organizations need to comply withan extensive set of requirements—or potentially face significant fines for failing to do so. Thales eSecurity and DataStax have come together to draft “Aligning GDPR Requirements with Today’s Hybrid-Cloud Realities,” which outlines a number of the issues organizations need to address to be GDPR
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
Krebs on Security
AUGUST 12, 2018
The Federal Bureau of Investigation (FBI) is warning banks that cybercriminals are preparing to carry out a highly choreographed, global fraud scheme known as an “ATM cash-out,” in which crooks hack a bank or payment card processor and use cloned cards at cash machines around the world to fraudulently withdraw millions of dollars in just a few hours. “The FBI has obtained unspecified reporting indicating cyber criminals are planning to conduct a global Automated Teller Machine
The Last Watchdog
AUGUST 23, 2018
Remember the old adage, you can never be too thin or too rich? The software development world has its own take on that dictum—you can never be too fast. Related: Gamification training targets iGens. Business demand dictates a frenetic pace for delivering new and better technology. To perfect the process, more organizations are taking a DevOps approach—melding software development and software operations simultaneously.
eSecurity Planet
AUGUST 22, 2018
These IT security vendors lead the market through their innovative offerings, range of products and services, customer satisfaction and annual revenue
Adam Levin
AUGUST 27, 2018
Wireless company T-Mobile suffered a data breach affecting more than 2 million of its 77 million customers. The breach resulted in the compromise of names, phone numbers, email addresses, as well as general account information, but not, according to the company, financial information. T-Mobile’s cybersecurity team identified the breach on August 20th, and took steps to stop the “unauthorized data leak,” before alerting affected customers via text within days of the event.
Advertiser: Revenera
In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.
Thales Cloud Protection & Licensing
AUGUST 17, 2018
In this blog, I will present a new and efficient approach to reconciling security vulnerabilities and FIPS 140 security certifications, led by Thales eSecurity in collaboration with NIST/CMVP and FIPS 140 evaluation laboratories. A quick and efficient patch also needs a quick and efficient certification. To maintain security over a product’s lifetime, it is a best practice for companies to implement a vulnerability management process.
Schneier on Security
AUGUST 7, 2018
Interesting research: " Dancing Pigs or Externalities? Measuring the Rationality of. Security Decisions ": Abstract: Accurately modeling human decision-making in security is critical to thinking about when, why, and how to recommend that users adopt certain secure behaviors. In this work, we conduct behavioral economics experiments to model the rationality of end-user security decision-making in a realistic online experimental system simulating a bank account.
Krebs on Security
AUGUST 7, 2018
Police in Florida have arrested a 25-year-old man accused of being part of a multi-state cyber fraud ring that hijacked mobile phone numbers in online attacks that siphoned hundreds of thousands of dollars worth of bitcoin and other cryptocurrencies from victims. On July 18, 2018, Pasco County authorities arrested Ricky Joseph Handschumacher , an employee of the city of Port Richey, Fla, charging him with grand theft and money laundering.
The Last Watchdog
AUGUST 3, 2018
Illicit crypto mining is advancing apace. It was easy to see this coming. It began when threat actors began stealthily embedding crypto mining functionality into the web browsers of unwitting individuals. Cryptojacking was born. And now, the next-level shift is underway. Related article: Illicit crypto mining hits cloud services. Cybercriminals have shifted their focus to burrowing onto company servers and then redirecting those corporate computing resources to crypto mining chores.
Advertisement
The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.
Dark Reading
AUGUST 21, 2018
A growing number of employees have various IoT devices in their homes - where they're also connecting to an enterprise network to do their work. And that means significant threats loom.
Architect Security
AUGUST 24, 2018
Introduction I travel a lot, sometimes alone. I have left hotels almost immediately after checking in because I felt unsafe with the accommodations. Sometimes a hotel will assign a room to two people by mistake, and one person walks in on the other using a valid key (I’ve seen this happen). RFID “hotel master keys” exist. […].
Security Affairs
AUGUST 29, 2018
Cyberstalking is one of the most overlooked crimes. This is exactly why it is among the fastest growing crimes in the world. Learn all there is about cyberstalking here. The internet has been a blessing since its inception. The very concept of globalization has come into existence just because of the internet. The world that was previously unconnected soon became a global village with different cultures and traditions linking together via the information highway.
Schneier on Security
AUGUST 29, 2018
Interesting story of a CIA intelligence network in China that was exposed partly because of a computer-security failure: Although they used some of the same coding, the interim system and the main covert communication platform used in China at this time were supposed to be clearly separated. In theory, if the interim system were discovered or turned over to Chinese intelligence, people using the main system would still be protected -- and there would be no way to trace the communication back to
Speaker: Blackberry, OSS Consultants, & Revenera
Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?
Krebs on Security
AUGUST 1, 2018
Reddit.com today disclosed that a data breach exposed some internal data, as well as email addresses and passwords for some Reddit users. As Web site breaches go, this one doesn’t seem too severe. What’s interesting about the incident is that it showcases once again why relying on mobile text messages (SMS) for two-factor authentication (2FA) can lull companies and end users into a false sense of security.
The Last Watchdog
AUGUST 15, 2018
In a move to blanket the Internet with encrypted website traffic, Google is moving forward with its insistence that straggling website publishers adopt HTTPS Secure Sockets Layer (SSL). Related: How PKI can secure IoT. Google’s Chrome web browser commands a 60% market share. So the search giant has been leading the push to get 100% of websites to jettison HTTP and replace it with HTTPS.
Dark Reading
AUGUST 29, 2018
The right know-how can turn the search engine for Internet-connected devices into a powerful tool for security professionals.
WIRED Threat Level
AUGUST 19, 2018
Your phone number is increasingly tied to your online identity. You need to do everything possible to protect it.
Speaker: Erika R. Bales, Esq.
When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.
Security Affairs
AUGUST 27, 2018
A group of researchers has conducted an interesting study on AT commands attacks on modern Android devices discovering that models of 11 vendors are at risk. A group of researchers from the University of Florida, Stony Brook University, and Samsung Research America, has conducted an interesting research on the set of AT commands that are currently supported on modern Android devices.
Schneier on Security
AUGUST 1, 2018
The UK's GCHQ delivers a brutally blunt assessment of quantum key distribution: QKD protocols address only the problem of agreeing keys for encrypting data. Ubiquitous on-demand modern services (such as verifying identities and data integrity, establishing network sessions, providing access control, and automatic software updates) rely more on authentication and integrity mechanisms -- such as digital signatures -- than on encryption.
Krebs on Security
AUGUST 17, 2018
On Sunday, Aug. 12, KrebsOnSecurity carried an exclusive : The FBI was warning banks about an imminent “ATM cashout” scheme about to unfold across the globe, thanks to a data breach at an unknown financial institution. On Aug. 14, a bank in India disclosed hackers had broken into its servers, stealing nearly $2 million in fraudulent bank transfers and $11.5 million unauthorized ATM withdrawals from more than two dozen cash machines across multiple countries.
Thales Cloud Protection & Licensing
AUGUST 23, 2018
While it’s no surprise to anybody reading this that data breaches are on the rise, the attacks facing healthcare organizations, most recently in Asia, are particularly worrisome. One need not look very far to find examples of the threats facing these entities: In Singapore, 1.5 million SingHealth patient records – including those of Prime Minister Lee Hsien Loong, were compromised in what is being called the Republic’s worst cyber attack.
Speaker: William Hord, Vice President of ERM Services
A well-defined change management process is critical to minimizing the impact that change has on your organization. Leveraging the data that your ERM program already contains is an effective way to help create and manage the overall change management process within your organization. Your ERM program generally assesses and maintains detailed information related to strategy, operations, and the remediation plans needed to mitigate the impact on the organization.
Dark Reading
AUGUST 17, 2018
Simply applying file-based tools and expectations to fileless attacks is a losing strategy. Security teams must also understand the underlying distinctions between the two.
WIRED Threat Level
AUGUST 13, 2018
A new report shows that Google still tracks your location even if you thought you opted out.
Security Affairs
AUGUST 26, 2018
A team of security experts has devised a rogue USB charging cable named USBHarpoon that can be used to compromise a computer in just a few seconds. The team was composed of Olaf Tan and Dennis Goh of RFID Research Group , Vincent Yiu of SYON Security , and the popular Kevin Mitnick. The USBHarpoon takes inspiration on the BadUSB project built by researchers at Security Research Labs lead by Karsten Nohl.
Schneier on Security
AUGUST 1, 2018
We don't know if this is error or deliberate action, but five backdoors have been discovered already this year.
Advertisement
Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.
Expert insights. Personalized for you.
235 
Let's personalize your content