Schneier on Security
APRIL 20, 2018
Elections serve two purposes. The first, and obvious, purpose is to accurately choose the winner. But the second is equally important: to convince the loser. To the extent that an election system is not transparently and auditably accurate, it fails in that second purpose. Our election systems are failing, and we need to fix them. Today, we conduct our elections on computers.
Troy Hunt
APRIL 17, 2018
I have a vehement dislike of spam. Right there, that's something you and I have in common because I'm yet to meet a person who says "well actually, I find those Viagra emails I receive every day kinda useful" We get bombarded by spam on a daily basis and quite rightly, people get kinda cranky when they have to deal with it; it's an unwanted invasion that takes a little slice of unnecessary mental processing each time we see it.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
WIRED Threat Level
APRIL 25, 2018
Ray Ozzie thinks his Clear method for unlocking encrypted devices can attain the impossible: It satisfies both law enforcement and privacy purists.
Dark Reading
APRIL 17, 2018
Hackers are craftier than ever, pilfering PII piecemeal so bad actors can combine data to set up schemes to defraud medical practices, steal military secrets and hijack R&D product information.
Speaker: Erroll Amacker
Automation is transforming finance but without strong financial oversight it can introduce more risk than reward. From missed discrepancies to strained vendor relationships, accounts payable automation needs a human touch to deliver lasting value. This session is your playbook to get automation right. We’ll explore how to balance speed with control, boost decision-making through human-machine collaboration, and unlock ROI with fewer errors, stronger fraud prevention, and smoother operations.
Thales Cloud Protection & Licensing
APRIL 4, 2018
Thales eSecurity’s CTO Jon Geater and Peter Carlisle , Thales eSecurity’s VP of Sales, EMEA, were recently featured in major news outlets espousing their opinions about internet-connected devices and the new Cyber Security Export Strategy. Geater, on new UK IoT security guidelines. Earlier this month, the UK government announced guidelines to make internet-connected devices safer.
Elie
APRIL 18, 2018
This post explains why artificial intelligence (AI) is the key to building anti-abuse defenses that keep up with user expectations and combat increasingly sophisticated attacks. This is the first post of a series of four posts dedicated to provide a concise overview of how to harness AI to build robust anti-abuse protections. The remaining three posts delve into the top 10 anti-abuse specific challenges encountered while applying AI to abuse fighting, and how to overcome them.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
|
Troy Hunt
APRIL 23, 2018
Remember the anti-piracy campaign from years back about "You Wouldn't Steal a Car"? This was the rather sensationalist piece put together by the Motion Picture Association of America in an attempt to draw parallels between digital piracy and what they viewed as IRL ("In Real Life") equivalents. Here's a quick recap: The very premise that the young girl sitting in her bedroom in the opening scene is in any way relatable to the guy in the dark alley sliding a slim jim down the Merc
WIRED Threat Level
APRIL 12, 2018
A study finds that Android phones aren't just slow to get patched; sometimes they lie about being patched when they're not.
Dark Reading
APRIL 9, 2018
Retailer says customer payment and other information may have been exposed via the breach of [24]7.ai online chat provider.
Thales Cloud Protection & Licensing
APRIL 16, 2018
The past year has seen a number of high profile security breaches tied to leaky storage servers. Specifically, the leakage of sensitive files connected to misconfigured security protocols on Amazon Simple Storage Service (S3) buckets. In fact, in June, a misconfigured database containing the sensitive personal information of 198 million American voters was left exposed online for nearly two weeks.
Advertisement
Many cybersecurity awareness platforms offer massive content libraries, yet they fail to enhance employees’ cyber resilience. Without structured, engaging, and personalized training, employees struggle to retain and apply key cybersecurity principles. Phished.io explains why organizations should focus on interactive, scenario-based learning rather than overwhelming employees with excessive content.
Elie
APRIL 18, 2018
This post explains why artificial intelligence (AI) is the key to building anti-abuse defenses that keep up with user expectations and combat increasingly sophisticated attacks. This is the first post of a series of four posts dedicated to provide a concise overview of how to harness AI to build robust anti-abuse protections. The remaining three posts will delve into the top 10 anti-abuse specific challenges encountered while applying AI to abuse fighting, and how to overcome them.
Schneier on Security
APRIL 3, 2018
The US Consumer Product Safety Commission is holding hearings on IoT risks: The U.S. Consumer Product Safety Commission (CPSC, Commission, or we) will conduct a public hearing to receive information from all interested parties about potential safety issues and hazards associated with internet-connected consumer products. The information received from the public hearing will be used to inform future Commission risk management work.
Troy Hunt
APRIL 19, 2018
I saw a story pop up this week which made a bunch of headlines and upon sharing it, also sparked some vigorous debate. It all had to do with a 19-year-old bloke in Canada downloading some publicly accessible documents which, as it later turned out, shouldn't have been publicly accessible. Let's start with this video as it pretty succinctly explains the issue in consumer-friendly terms: VIDEO: Nova Scotia's government is accusing a 19-year-old of breaching their government website's secur
WIRED Threat Level
APRIL 10, 2018
A Facebook permission allowed an app to read messages between 1,500 Facebook users and their friends until October 2015—data that Cambridge Analytica could have accessed.
Advertisement
The DHS compliance audit clock is ticking on Zero Trust. Government agencies can no longer ignore or delay their Zero Trust initiatives. During this virtual panel discussion—featuring Kelly Fuller Gordon, Founder and CEO of RisX, Chris Wild, Zero Trust subject matter expert at Zermount, Inc., and Principal of Cybersecurity Practice at Eliassen Group, Trey Gannon—you’ll gain a detailed understanding of the Federal Zero Trust mandate, its requirements, milestones, and deadlines.
eSecurity Planet
APRIL 3, 2018
Compare top 10 DDoS vendors on key characteristics such as use cases, delivery, intelligence, and pricing, to help your enterprise choose the best solution for your DDoS security needs.
Lenny Zeltser
APRIL 9, 2018
Is it better to perform product management of information security solutions at a large company or at a startup? Picking the setting that’s right for you isn’t as simple as craving the exuberant energy of a young firm or coveting the resources and brand of an organization that’s been around for a while. Each environment has its challenges and advantages for product managers.
Elie
APRIL 23, 2018
This post looks at the main challenges that arise when training a classifier to combat fraud and abuse. At a high level, what makes training a classifier to detect fraud and abuse unique is that it deals with data generated by an adversary that actively attempts to evade detection. Sucessfully training a classifier is such adversarial settings requires to overcome the following four challenges: Non stationarity.
Schneier on Security
APRIL 23, 2018
Russia has banned the secure messaging app Telegram. It's making an absolute mess of the ban -- blocking 16 million IP addresses , many belonging to the Amazon and Google clouds -- and it's not even clear that it's working. But, more importantly, I'm not convinced Telegram is secure in the first place. Such a weird story. If you want secure messaging, use Signal.
Advertisement
Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.
Troy Hunt
APRIL 12, 2018
I received a very nice email this week: Congratulations, your nomination has been accepted to the Microsoft Regional Director program! I am pleased to welcome you back to this worldwide community of technology thought leaders and thank you for being a part of this community. Just over 2 years ago, I first became a Microsoft Regional Director. This is a role that has meant a great deal to me over that time; it's not one you can sit an exam for and no amount of money will buy you one either.
WIRED Threat Level
APRIL 11, 2018
Russian agents used Facebook to influence the 2017 election. Congress missed the chance to delve into what the company knows about it—and how they’ll stop it in 2018.
Dark Reading
APRIL 20, 2018
Threat actors generate, launder, spend, and reinvest more than $1.5 trillion in illicit funds, according to a new study on cybercrime's 'web of profit.
Threatpost
APRIL 9, 2018
A new wave of document attacks targeting inboxes do not require enabling macros in order for adversaries to trigger an infection chain that ultimately delivers FormBook malware.
Advertisement
Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.
Elie
APRIL 23, 2018
This post looks at the four main challenges that arise when training a classifier to combat fraud and abuse. This is the second post of a series of four that is dedicated to provide a concise overview of how to harness AI to build robust anti-abuse protections. The first post. explains why AI is key to build robust anti-defenses that keep up with user expectations and increasingly sophisticated attackers.
Schneier on Security
APRIL 24, 2018
Info on the coded signals used by the Colorado Rockies.
Troy Hunt
APRIL 6, 2018
We're in Hawaii! "We" being Scott Helme and myself and we're here for the Loco Moco Sec conference which has been a heap of fun (the location may have played a part in that.) And what a location: Scott joined me for this week's update and we were fresh out of a great talk from the Google Chrome Security PM so have a bit to share there about changes coming to the browser.
WIRED Threat Level
APRIL 16, 2018
New research shows just how prevalent political advertising was from suspicious groups in 2016—including Russian trolls.
Advertisement
How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.
Dark Reading
APRIL 11, 2018
Most exposed data records caused by human error.
Threatpost
APRIL 10, 2018
Researchers are warning of a new email phishing campaign that launches a trojan capable of distributing ransomware and stealing passwords.
Elie
APRIL 18, 2018
While machine learning is integral to innumerable anti-abuse systems including spam and phishing detection, the road to reap its benefits is paved with numerous abuse-specific challenges. Drawing from concrete examples this session will discuss how these challenges are addressed at Google and providea roadmap to anyone interested in applying machine learning to fraud and abuse problems.
Schneier on Security
APRIL 27, 2018
This seems like an absolute disaster: The very short version is that a UK bank, TSB, which had been merged into and then many years later was spun out of Lloyds Bank, was bought by the Spanish bank Banco Sabadell in 2015. Lloyds had continued to run the TSB systems and was to transfer them over to Sabadell over the weekend. It's turned out to be an epic failure, and it's not clear if and when this can be straightened out.
Speaker: Sierre Lindgren
Fraud is a battle that every organization must face – it’s no longer a question of “if” but “when.” Every organization is a potential target for fraud, and the finance department is often the bullseye. From cleverly disguised emails to fraudulent payment requests, the tactics of cybercriminals are advancing rapidly. Drawing insights from real-world cases and industry expertise, we’ll explore the vulnerabilities in your processes and how to fortify them effectively.
Expert insights. Personalized for you.
272 
Let's personalize your content