Schneier on Security

MAY 2, 2018

This is interesting: Creating these defenses is the goal of NIST's lightweight cryptography initiative, which aims to develop cryptographic algorithm standards that can work within the confines of a simple electronic device. Many of the sensors, actuators and other micromachines that will function as eyes, ears and hands in IoT networks will work on scant electrical power and use circuitry far more limited than the chips found in even the simplest cell phone.

IoT 237

IoT Encryption 237

Troy Hunt

MAY 3, 2018

Ah JavaScript, the answer to - and cause of - all our problems on the web today! Just kidding, jQuery has solved all our JS problems now. But seriously, JS is a major component of so much of what we build online these days and as with our other online things, the security posture of it is enormously important to understand. Recently, I teamed up with good mate and fellow Pluralsight author Aaron Powell who spends his life writing JS things.

149

149

WIRED Threat Level

MAY 3, 2018

On World Password Day, Twitter discloses a major gaffe that left user passwords potentially vulnerable.

Passwords 111

Passwords 111

eSecurity Planet

MAY 2, 2018

Your company's website does not have to be the next victim of a SQL injection breach. Here's how to prevent SQL injection attacks.

111

111

Speaker: Erroll Amacker

Automation is transforming finance but without strong financial oversight it can introduce more risk than reward. From missed discrepancies to strained vendor relationships, accounts payable automation needs a human touch to deliver lasting value. This session is your playbook to get automation right. We’ll explore how to balance speed with control, boost decision-making through human-machine collaboration, and unlock ROI with fewer errors, stronger fraud prevention, and smoother operations.

Risk

Schneier on Security

MAY 1, 2018

Researchers at Princeton University have released IoT Inspector , a tool that analyzes the security and privacy of IoT devices by examining the data they send across the Internet. They've already used the tool to study a bunch of different IoT devices. From their blog post : Finding #3: Many IoT Devices Contact a Large and Diverse Set of Third Parties In many cases, consumers expect that their devices contact manufacturers' servers, but communication with other third-party destinations may not b

IoT 197

IoT Manufacturing Encryption DNS 197

Troy Hunt

MAY 1, 2018

The more time that goes by and the more deeply I give it thought, the more convinced I am that the web is held together with sticky tape. No - cyber-sticky tape! Because especially when it comes to security, there are fundamental and inherent shortcomings in everything from HTTP to HTML and many of the other acronyms that make the web work as it does today.

Government 149

Government 149

Elie

APRIL 29, 2018

This post looks at the main difficulties faced while using a classifier to block attacks: handling mistakes and uncertainty such that the overall system remains secure and usable. At a high level, the main difficulty faced when using a classifier to block attacks is how to handle mistakes. The need to handle errors correctly can be broken down into two challenges: how to strike the right balance between false positives and false negatives, to ensure that your product remains safe when your class

Accountability 88

Accountability Artificial Intelligence 88

Schneier on Security

MAY 3, 2018

Interesting symmetric cipher: LC4 : Abstract: ElsieFour (LC4) is a low-tech cipher that can be computed by hand; but unlike many historical ciphers, LC4 is designed to be hard to break. LC4 is intended for encrypted communication between humans only, and therefore it encrypts and decrypts plaintexts and ciphertexts consisting only of the English letters A through Z plus a few other characters.

Encryption 171

Encryption Authentication 171

Troy Hunt

MAY 4, 2018

It's a (new) weekly update! Lights are in, things are much brighter and. I think it was a bit too bright and the camera was pointed too high. This is all experimentation, folks, and I appreciate everyone's input as I tune things to try and get a consistent, quality result. Still, as someone said whilst I was mucking around with all this, the audio quality is great and that's what people are ultimately listening to so that's a fantastic start.

Passwords 125

Passwords Data breaches 125

WIRED Threat Level

MAY 2, 2018

The troubled data firm, which improperly accessed the data of up to 87 million Facebook users, has ceased operations.

111

111

Advertisement

Many cybersecurity awareness platforms offer massive content libraries, yet they fail to enhance employees’ cyber resilience. Without structured, engaging, and personalized training, employees struggle to retain and apply key cybersecurity principles. Phished.io explains why organizations should focus on interactive, scenario-based learning rather than overwhelming employees with excessive content.

Cyber threats

Elie

APRIL 29, 2018

This post looks at the main difficulty faced while using a classifier to block attacks: handling mistakes and uncertainty such that the overall system remains secure and usable. This is the third post in a series of four that is dedicated to providing a concise overview of how to use artificial intelligence (AI) to build robust anti-abuse protections.

Accountability 88

Accountability Artificial Intelligence 88

Schneier on Security

APRIL 30, 2018

Researchers have disclosed a massive vulnerability in the VingCard eletronic lock system, used in hotel rooms around the world: With a $300 Proxmark RFID card reading and writing tool, any expired keycard pulled from the trash of a target hotel, and a set of cryptographic tricks developed over close to 15 years of on-and-off analysis of the codes Vingcard electronically writes to its keycards, they found a method to vastly narrow down a hotel's possible master key code.

Firmware 169

Firmware Advertising Hacking 169

Dark Reading

MAY 4, 2018

When you simply heap technology onto a system, you limit your hiring pool and spread your employees too thin. Focus on your people instead.

Technology 78

Technology 78

WIRED Threat Level

MAY 3, 2018

Dutch researchers have pushed the mind-bending Rowhammer hacking technique one more step towards a practical attack.

Hacking 111

Hacking 111

Advertisement

The DHS compliance audit clock is ticking on Zero Trust. Government agencies can no longer ignore or delay their Zero Trust initiatives. During this virtual panel discussion—featuring Kelly Fuller Gordon, Founder and CEO of RisX, Chris Wild, Zero Trust subject matter expert at Zermount, Inc., and Principal of Cybersecurity Practice at Eliassen Group, Trey Gannon—you’ll gain a detailed understanding of the Federal Zero Trust mandate, its requirements, milestones, and deadlines.

Cybersecurity

Andrew Hay

APRIL 30, 2018

I had the pleasure of being interviewed by Eleanor Dallaway, Editor and Publisher – Infosecurity Magazine, on RSA Conference Television (RSAC TV) last week at the annual RSA Security Conference. In the interview, we spoke of what I had observed on the show floor, the state of the security industry, and I describe my perfect customer in information security.

Information Security 74

Information Security 74

Schneier on Security

MAY 4, 2018

Micah Lee ran a two-year experiment designed to detect whether or not his laptop was ever tampered with. The results are inconclusive, but demonstrate how difficult it can be to detect laptop tampering.

167

167

eSecurity Planet

APRIL 30, 2018

VIDEO: Tom Corn, Senior Vice President and GM of Security Products at VMware, details the core pillars of cybersecurity at his company.

Cybersecurity 70

Cybersecurity 70

WIRED Threat Level

MAY 3, 2018

By fine-tuning social engineering techniques and targeting small businesses, Nigerian scammers have kept well ahead of defenses.

Social Engineering 110

Social Engineering Small Business Engineering 110

Advertisement

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

Passwords

Dark Reading

MAY 4, 2018

Multiple groups operating under the China state-sponsored Winnti umbrella have been targeting organizations in the US, Japan, and elsewhere, says ProtectWise.

68

68

Threatpost

APRIL 30, 2018

Twitter is the latest company to face backlash for how it handles data privacy after disclosing that it sold data access to a Cambridge Analytica-linked researcher.

Data privacy 61

Data privacy Media 61

eSecurity Planet

MAY 3, 2018

Our picks for top GRC products, compliance solutions that are growing in importance thanks to data privacy and security regulations like GDPR.

Government 66

Government Data privacy Risk 66

WIRED Threat Level

APRIL 28, 2018

A major DDoS for hire site gets taken down, the CIA has a card game that you can play soon too, and more security news this week.

DDOS 96

DDOS 96

Speaker: Sierre Lindgren

Fraud is a battle that every organization must face – it’s no longer a question of “if” but “when.” Every organization is a potential target for fraud, and the finance department is often the bullseye. From cleverly disguised emails to fraudulent payment requests, the tactics of cybercriminals are advancing rapidly. Drawing insights from real-world cases and industry expertise, we’ll explore the vulnerabilities in your processes and how to fortify them effectively.

Scams

Dark Reading

MAY 1, 2018

These five steps can show you how to start building your foundational privacy program for the EU's General Data Protection Regulation.

65

65

Threatpost

MAY 1, 2018

The apps are deemed malicious by doing things such as capturing pictures and audio when the app is closed, or making an unusually large amount of network calls.

61

61

Thales Cloud Protection & Licensing

MAY 1, 2018

The cyber community is often reminded of past events such as large-scale data breaches and vicious cyberattacks that caused mass destruction and caught the publics’ attention. This month marks the one-year anniversary of the WannaCry ransomware attack that seized operating systems across the globe and caused businesses up to $4 billion in damages. The WannaCry virus was able to spread thanks to the Shadow Brokers’ NSA data dump which exposed EternalBlue to the public and was quickly abused by cy

Ransomware 59

Ransomware Encryption Data privacy Data breaches 59

eSecurity Planet

MAY 3, 2018

We review Riskonnect's GRC solution, which boasts 52,000 users worldwide in more than 80 countries.

56

56

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Software

Dark Reading

MAY 3, 2018

Fraudsters are taking advantage of new EU privacy laws to demand personal information from Airbnb users.

65

65

Threatpost

MAY 2, 2018

Facebook hopes to improve data privacy with a new feature letting users flush their history so that it is cleared from their account.

Data privacy 56

Data privacy Accountability Media 56

Thales Cloud Protection & Licensing

MAY 3, 2018

Streamlining operations and improving security. Large data scale breaches have led an increasing number of companies to embrace comprehensive encryption strategies to protect their assets. According to our 2018 Global Encryption Trends Study , 43% of respondents report that their organization has an encryption strategy they apply across the enterprise, compared with 15% in 2005.

Encryption 54

Encryption Architecture Software Risk 54

Privacy and Cybersecurity Law

MAY 2, 2018

The Canadian Radio-television and Telecommunications Commission (CRTC) has announced the first undertaking and fine involving text message violations under Canada’s […].

Telecommunications 52

Telecommunications Marketing 52

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!