Tech Republic Security

NOVEMBER 22, 2016

Attacks on IoT devices are an increasing threat. Here are a few expert tactics to ensure your company's data and networks are safe.

IoT 168

IoT 168

Scary Beasts Security

NOVEMBER 14, 2016

Overview A vulnerability and a separate logic error exist in the gstreamer 0.10.x player for NSF music files. Combined, they allow for very reliable exploitation and the bypass of 64-bit ASLR, DEP, etc. The reliability is provided by the presence of a turing complete “scripting” inside a music player. NSF files are music files from the Nintendo Entertainment System.

Banking 139

Banking Media Risk Engineering 139

Adam Shostack

NOVEMBER 30, 2016

There’s a really interesting podcast with Robert Hurlbut Chris Romeo and Tony UcedaVelez on the PASTA approach to threat modeling. The whole podcast is interesting, especially hearing Chris and Tony discuss how an organization went from STRIDE to CAPEC and back again. There’s a section where they discuss the idea of “think like an attacker,” and Chris brings up some of what I’ve written (“ ‘Think Like an Attacker’ is an opt-in mistake.”) I th

Risk 100

Risk 100

Elie

NOVEMBER 9, 2016

In-depth research publications, industry talks and blog posts about Google security, research at Google and cybersecurity in general in open-access.

Cybersecurity 48

Cybersecurity 48

Speaker: Erroll Amacker

Automation is transforming finance but without strong financial oversight it can introduce more risk than reward. From missed discrepancies to strained vendor relationships, accounts payable automation needs a human touch to deliver lasting value. This session is your playbook to get automation right. We’ll explore how to balance speed with control, boost decision-making through human-machine collaboration, and unlock ROI with fewer errors, stronger fraud prevention, and smoother operations.

Risk

Spinone

NOVEMBER 28, 2016

Ransomware is currently one of the fastest-growing security threats facing individuals and organizations today. Ransomware works by infiltrating a user’s PC or mobile device via malicious software that is usually installed unintentionally after clicking a link in an email or because it is posing as something else. Once installed, the software uses cryptography to prevent the user from accessing his or her files and demands a sum of money to be paid before the files are unencrypted.

Ransomware 40

Ransomware Backups Malware Software 40

Privacy and Cybersecurity Law

NOVEMBER 23, 2016

On November 10, 2016, the U.S. Federal Trade Commission (FTC) released new guidance for businesses and consumers on the impact […].

Ransomware 40

Ransomware Consumer Protection Marketing Data breaches 40

Scary Beasts Security

NOVEMBER 21, 2016

Overview A powerful heap corruption vulnerability exists in the gstreamer decoder for the FLIC file format. Presented here is an 0day exploit for this vulnerability. This decoder is generally present in the default install of modern Linux desktops, including Ubuntu 16.04 and Fedora 24. Gstreamer classifies its decoders as “good”, “bad” or “ugly”. Despite being quite buggy, and not being a format at all necessary on a modern desktop, the FLIC decoder is classified as “good”, almost guaranteeing i

Media 101

Media Engineering Hacking Risk 101

Adam Shostack

NOVEMBER 28, 2016

In September, we shared the news that for its 50th year, the people of Gävle paid an extra $100,000 to secure the goat. Sadly, it seems to have not helped. Today, the goat tweeted: Oh no, such a short amount of time with you my friends. The obvious lesson is that the Swedes have a ransomware problem, and the goat should stop clicking on links in email.

Ransomware 100

Ransomware 100

Tech Republic Security

NOVEMBER 21, 2016

The Dark Web isn't all bad news. A study by security firm Terbium Labs found that over half of the encrypted internet consists of legal traffic, and instances of hacking and fraud were shockingly low.

Encryption 168

Encryption Internet Internet Hacking 168

Tech Republic Security

NOVEMBER 22, 2016

Online shopping is easy and convenient, and more people are doing it than ever before. The rise in e-commerce also gives cybercriminals more opportunities to rob you blind. Here's how to stay safe.

167

167

Advertisement

Many cybersecurity awareness platforms offer massive content libraries, yet they fail to enhance employees’ cyber resilience. Without structured, engaging, and personalized training, employees struggle to retain and apply key cybersecurity principles. Phished.io explains why organizations should focus on interactive, scenario-based learning rather than overwhelming employees with excessive content.

Cyber threats

Tech Republic Security

NOVEMBER 23, 2016

We work hard to provide in-depth investigative tech journalism. Here's what we've reported in 2016.

Hacking 167

Hacking 167

Tech Republic Security

NOVEMBER 18, 2016

The New York district attorney recently released a report calling for smartphone manufacturers to create operating systems that allow them to more easily access user data.

Encryption 167

Encryption Manufacturing 167

Tech Republic Security

NOVEMBER 17, 2016

IBM and the Ponemon Institute's 2016 Cyber Resilient Organization study found that cyber resilience among enterprise organizations is dropping.

168

168

Tech Republic Security

NOVEMBER 15, 2016

Security firm Kryptowire recently discovered a backdoor in some budget Android phones that secretly sends information like text messages, location data, and call logs to a server in China.

168

168

Advertisement

The DHS compliance audit clock is ticking on Zero Trust. Government agencies can no longer ignore or delay their Zero Trust initiatives. During this virtual panel discussion—featuring Kelly Fuller Gordon, Founder and CEO of RisX, Chris Wild, Zero Trust subject matter expert at Zermount, Inc., and Principal of Cybersecurity Practice at Eliassen Group, Trey Gannon—you’ll gain a detailed understanding of the Federal Zero Trust mandate, its requirements, milestones, and deadlines.

Cybersecurity

Tech Republic Security

NOVEMBER 16, 2016

Don't let big data compliance risks take you by surprise. Here are three steps to take today to ease your big data compliance concerns.

Big data 167

Big data Risk 167

Tech Republic Security

NOVEMBER 11, 2016

The FBI has a long legacy of being at the forefront of technology, but managing those systems while keeping up with the latest advances in tech is an unforgiving task.

Cybersecurity 167

Cybersecurity Technology 167

Tech Republic Security

NOVEMBER 3, 2016

For a deep penetrating scan of your Linux servers and desktops, turn to the Lynis auditing tool. Check out how to install and use Lynis.

167

167

Tech Republic Security

NOVEMBER 7, 2016

Voter fraud has been a hot topic this election cycle, but there are still two fundamental questions to be asked: Can widescale election fraud happen and if so will hackers be the ones to pull it off?

Hacking 167

Hacking 167

Advertisement

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

Passwords

Tech Republic Security

NOVEMBER 2, 2016

Security expert rails against the bad advice that everybody follows and the industry's addiction to hyperbole.

Passwords 167

Passwords 167

Tech Republic Security

NOVEMBER 28, 2016

If you have Linux servers that depend upon encryption, you owe it to yourself to beef up the system entropy. Here's how to do so with haveged.

Encryption 167

Encryption 167

Tech Republic Security

NOVEMBER 23, 2016

Microsoft has been granted more time to change how Windows 10 collects data about users in order to comply with the French data protection act.

Data collection 167

Data collection 167

Tech Republic Security

NOVEMBER 14, 2016

Microsoft recently penned a blog post explaining some of the security updates in the Windows 10 Anniversary Edition, especially dealing with protecting against ransomware.

Ransomware 167

Ransomware 167

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Software

Tech Republic Security

NOVEMBER 17, 2016

A new bill, recently passed by both parliamentary houses, requires UK ISPs to store user internet history for up to a year, and to decrypt data as needed for police investigations.

Internet 167

Internet Internet 167

Tech Republic Security

NOVEMBER 7, 2016

Over the next five years, the UK government will invest heavily in cybersecurity, including new authentication methods such as Fast IDentity Online (FIDO).

Authentication 167

Authentication Cybersecurity Government 167

Tech Republic Security

NOVEMBER 18, 2016

You can download apps to audit your privacy, but who's to say those apps aren't a security risk themselves? Here are five tips for maintaining your privacy in the always-connected world.

Risk 167

Risk 167

Tech Republic Security

NOVEMBER 30, 2016

A curated list of cybersecurity audiobooks to help you better understand the history of computing, who hacks and why, and the future of cyber-defense.

Cybersecurity 167

Cybersecurity Hacking 167

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Tech Republic Security

NOVEMBER 29, 2016

According to a survey by data firm Carbonite 74% of small business owners fear Washington politicians are not doing enough to protect companies against cyberattack.

Small Business 167

Small Business 167

Tech Republic Security

NOVEMBER 10, 2016

Password security is essential. We have more passwords than ever before and most of us don't take them seriously. You can keep yourself safe with a password manager: Here are five worth checking out.

Password Management 167

Password Management Passwords 167

Tech Republic Security

NOVEMBER 23, 2016

In a recent blog post, the social media company clarified the acceptable use of its public APIs, pushing back against tweets being used to track protesters and activists.

Surveillance 167

Surveillance Media 167

Tech Republic Security

NOVEMBER 9, 2016

This comprehensive guide covers everything you need to know about password management app LastPass, including its newly announced free cross-platform access.

Password Management 167

Password Management Passwords 167

Speaker: Sierre Lindgren

Fraud is a battle that every organization must face – it’s no longer a question of “if” but “when.” Every organization is a potential target for fraud, and the finance department is often the bullseye. From cleverly disguised emails to fraudulent payment requests, the tactics of cybercriminals are advancing rapidly. Drawing insights from real-world cases and industry expertise, we’ll explore the vulnerabilities in your processes and how to fortify them effectively.

Scams