Tech Republic Security
NOVEMBER 15, 2016
Security firm Kryptowire recently discovered a backdoor in some budget Android phones that secretly sends information like text messages, location data, and call logs to a server in China.
Adam Shostack
NOVEMBER 30, 2016
There’s a really interesting podcast with Robert Hurlbut Chris Romeo and Tony UcedaVelez on the PASTA approach to threat modeling. The whole podcast is interesting, especially hearing Chris and Tony discuss how an organization went from STRIDE to CAPEC and back again. There’s a section where they discuss the idea of “think like an attacker,” and Chris brings up some of what I’ve written (“ ‘Think Like an Attacker’ is an opt-in mistake.”) I th
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Scary Beasts Security
NOVEMBER 15, 2016
Overview A confluence of two risky design choices, combined with various implementation issues, makes drive-by downloads possible with Google Chrome on Fedora. In total, with the risky design choices first, the issues are: Chrome will auto download files to a user’s desktop with no confirmation. Fedora’s “tracker” software will auto crawl downloaded files to index them, including media files.
Elie
NOVEMBER 9, 2016
In-depth research publications, industry talks and blog posts about Google security, research at Google and cybersecurity in general in open-access.
Advertisement
How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.
Spinone
NOVEMBER 23, 2016
As more and more companies move to cloud services to increase productivity and reduce costs, we are seeing a shift in how businesses are working with digital technologies and their needs and requirements are also changing to fit these new ways of working. The adoption of cloud computing for storage and other services continues to grow, and with it comes new concerns about security and privacy.
Privacy and Cybersecurity Law
NOVEMBER 4, 2016
Germany to audit 500 companies The German data protection authorities have announced today that they have chosen 500 companies throughout […].
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
Adam Shostack
NOVEMBER 28, 2016
In September, we shared the news that for its 50th year, the people of Gävle paid an extra $100,000 to secure the goat. Sadly, it seems to have not helped. Today, the goat tweeted: Oh no, such a short amount of time with you my friends. The obvious lesson is that the Swedes have a ransomware problem, and the goat should stop clicking on links in email.
Scary Beasts Security
NOVEMBER 24, 2016
Overview Recently (Nov 21st, 2016), I published an 0day exploit against the gstreamer FLIC decoder, here on my blog. The response time from gstreamer upstream was impressive: a patch in 1 day or so that fixed not only the immediate issue but also some similar bugs in other functions in the decoder. More on those other bugs in another post. Here is the git commit.
Tech Republic Security
NOVEMBER 18, 2016
You can download apps to audit your privacy, but who's to say those apps aren't a security risk themselves? Here are five tips for maintaining your privacy in the always-connected world.
Tech Republic Security
NOVEMBER 21, 2016
The Dark Web isn't all bad news. A study by security firm Terbium Labs found that over half of the encrypted internet consists of legal traffic, and instances of hacking and fraud were shockingly low.
Advertiser: Revenera
In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.
Tech Republic Security
NOVEMBER 7, 2016
Voter fraud has been a hot topic this election cycle, but there are still two fundamental questions to be asked: Can widescale election fraud happen and if so will hackers be the ones to pull it off?
Tech Republic Security
NOVEMBER 17, 2016
A new bill, recently passed by both parliamentary houses, requires UK ISPs to store user internet history for up to a year, and to decrypt data as needed for police investigations.
Tech Republic Security
NOVEMBER 18, 2016
The New York district attorney recently released a report calling for smartphone manufacturers to create operating systems that allow them to more easily access user data.
Tech Republic Security
NOVEMBER 11, 2016
The FBI has a long legacy of being at the forefront of technology, but managing those systems while keeping up with the latest advances in tech is an unforgiving task.
Advertisement
The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.
Tech Republic Security
NOVEMBER 14, 2016
Microsoft recently penned a blog post explaining some of the security updates in the Windows 10 Anniversary Edition, especially dealing with protecting against ransomware.
Tech Republic Security
NOVEMBER 28, 2016
The new report details increased risks to Android and Apple products and the top 10 Windows malware programs of 2016. Here's what your business needs to know to stay safe.
Tech Republic Security
NOVEMBER 17, 2016
Attempts to stem the quantity of data that Windows 10 gathers on users continue to this day. Here are the options available if you're uncomfortable with how much data the OS hoovers up.
Tech Republic Security
NOVEMBER 10, 2016
Password security is essential. We have more passwords than ever before and most of us don't take them seriously. You can keep yourself safe with a password manager: Here are five worth checking out.
Speaker: Blackberry, OSS Consultants, & Revenera
Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?
Tech Republic Security
NOVEMBER 1, 2016
Half of employees say that their company does not have rules about using social media at work. Here's what you need to craft a social media policy to protect your data and avoid legal trouble.
Tech Republic Security
NOVEMBER 17, 2016
IBM and the Ponemon Institute's 2016 Cyber Resilient Organization study found that cyber resilience among enterprise organizations is dropping.
Tech Republic Security
NOVEMBER 23, 2016
In a recent blog post, the social media company clarified the acceptable use of its public APIs, pushing back against tweets being used to track protesters and activists.
Tech Republic Security
NOVEMBER 3, 2016
For a deep penetrating scan of your Linux servers and desktops, turn to the Lynis auditing tool. Check out how to install and use Lynis.
Speaker: Erika R. Bales, Esq.
When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.
Tech Republic Security
NOVEMBER 3, 2016
The UK's Government Communication Headquarters (GCHQ) are some of the best code breakers in the world. Think you have what it takes to be a cryptanalyst? Find out here.
Tech Republic Security
NOVEMBER 9, 2016
This comprehensive guide covers everything you need to know about password management app LastPass, including its newly announced free cross-platform access.
Tech Republic Security
NOVEMBER 7, 2016
Over the next five years, the UK government will invest heavily in cybersecurity, including new authentication methods such as Fast IDentity Online (FIDO).
Tech Republic Security
NOVEMBER 22, 2016
Attacks on IoT devices are an increasing threat. Here are a few expert tactics to ensure your company's data and networks are safe.
Speaker: William Hord, Vice President of ERM Services
A well-defined change management process is critical to minimizing the impact that change has on your organization. Leveraging the data that your ERM program already contains is an effective way to help create and manage the overall change management process within your organization. Your ERM program generally assesses and maintains detailed information related to strategy, operations, and the remediation plans needed to mitigate the impact on the organization.
Tech Republic Security
NOVEMBER 30, 2016
A curated list of cybersecurity audiobooks to help you better understand the history of computing, who hacks and why, and the future of cyber-defense.
Tech Republic Security
NOVEMBER 28, 2016
SCADA systems need to be secure, yet according to one expert, firewalls are not up to the task, and should be replaced with Unidirectional Security Gateways. Learn what to look for in a USG.
Tech Republic Security
NOVEMBER 17, 2016
If you're concerned about the security of your Apache server, these four tips will go a long way to keeping that system secure.
Tech Republic Security
NOVEMBER 4, 2016
OAuth 2.0 allows apps to verify credentials with Facebook or Google logins. One problem: over 41% of apps using OAuth 2.0 aren't actually validating user info, allowing account hijacks.
Advertisement
Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.
Expert insights. Personalized for you.
167 
Let's personalize your content