Schneier on Security

MAY 2, 2018

This is interesting: Creating these defenses is the goal of NIST's lightweight cryptography initiative, which aims to develop cryptographic algorithm standards that can work within the confines of a simple electronic device. Many of the sensors, actuators and other micromachines that will function as eyes, ears and hands in IoT networks will work on scant electrical power and use circuitry far more limited than the chips found in even the simplest cell phone.

IoT 172

IoT Encryption 172

Troy Hunt

MAY 1, 2018

The more time that goes by and the more deeply I give it thought, the more convinced I am that the web is held together with sticky tape. No - cyber-sticky tape! Because especially when it comes to security, there are fundamental and inherent shortcomings in everything from HTTP to HTML and many of the other acronyms that make the web work as it does today.

Government 122

Government 122

WIRED Threat Level

MAY 3, 2018

By fine-tuning social engineering techniques and targeting small businesses, Nigerian scammers have kept well ahead of defenses.

Social Engineering 105

Social Engineering Small Business Engineering 105

eSecurity Planet

MAY 2, 2018

Your company's website does not have to be the next victim of a SQL injection breach. Here's how to prevent SQL injection attacks.

101

101

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Schneier on Security

MAY 1, 2018

Researchers at Princeton University have released IoT Inspector , a tool that analyzes the security and privacy of IoT devices by examining the data they send across the Internet. They've already used the tool to study a bunch of different IoT devices. From their blog post : Finding #3: Many IoT Devices Contact a Large and Diverse Set of Third Parties In many cases, consumers expect that their devices contact manufacturers' servers, but communication with other third-party destinations may not b

IoT 150

IoT Manufacturing Encryption DNS 150

Troy Hunt

MAY 3, 2018

Ah JavaScript, the answer to - and cause of - all our problems on the web today! Just kidding, jQuery has solved all our JS problems now. But seriously, JS is a major component of so much of what we build online these days and as with our other online things, the security posture of it is enormously important to understand. Recently, I teamed up with good mate and fellow Pluralsight author Aaron Powell who spends his life writing JS things.

121

121

Andrew Hay

APRIL 30, 2018

I had the pleasure of being interviewed by Eleanor Dallaway, Editor and Publisher – Infosecurity Magazine, on RSA Conference Television (RSAC TV) last week at the annual RSA Security Conference. In the interview, we spoke of what I had observed on the show floor, the state of the security industry, and I describe my perfect customer in information security.

Information Security 74

Information Security 74

Schneier on Security

MAY 3, 2018

Interesting symmetric cipher: LC4 : Abstract: ElsieFour (LC4) is a low-tech cipher that can be computed by hand; but unlike many historical ciphers, LC4 is designed to be hard to break. LC4 is intended for encrypted communication between humans only, and therefore it encrypts and decrypts plaintexts and ciphertexts consisting only of the English letters A through Z plus a few other characters.

Encryption 131

Encryption Authentication 131

Troy Hunt

MAY 4, 2018

It's a (new) weekly update! Lights are in, things are much brighter and. I think it was a bit too bright and the camera was pointed too high. This is all experimentation, folks, and I appreciate everyone's input as I tune things to try and get a consistent, quality result. Still, as someone said whilst I was mucking around with all this, the audio quality is great and that's what people are ultimately listening to so that's a fantastic start.

Passwords 110

Passwords Data breaches 110

WIRED Threat Level

MAY 2, 2018

The troubled data firm, which improperly accessed the data of up to 87 million Facebook users, has ceased operations.

108

108

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

Dark Reading

MAY 4, 2018

When you simply heap technology onto a system, you limit your hiring pool and spread your employees too thin. Focus on your people instead.

Technology 78

Technology 78

Schneier on Security

MAY 4, 2018

Micah Lee ran a two-year experiment designed to detect whether or not his laptop was ever tampered with. The results are inconclusive, but demonstrate how difficult it can be to detect laptop tampering.

126

126

Thales Cloud Protection & Licensing

MAY 1, 2018

The cyber community is often reminded of past events such as large-scale data breaches and vicious cyberattacks that caused mass destruction and caught the publics’ attention. This month marks the one-year anniversary of the WannaCry ransomware attack that seized operating systems across the globe and caused businesses up to $4 billion in damages. The WannaCry virus was able to spread thanks to the Shadow Brokers’ NSA data dump which exposed EternalBlue to the public and was quickly abused by cy

Ransomware 59

Ransomware Encryption Data privacy Data breaches 59

WIRED Threat Level

MAY 3, 2018

On World Password Day, Twitter discloses a major gaffe that left user passwords potentially vulnerable.

Passwords 110

Passwords 110

Advertisement

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

Healthcare

Dark Reading

MAY 4, 2018

Multiple groups operating under the China state-sponsored Winnti umbrella have been targeting organizations in the US, Japan, and elsewhere, says ProtectWise.

68

68

Threatpost

APRIL 30, 2018

Twitter is the latest company to face backlash for how it handles data privacy after disclosing that it sold data access to a Cambridge Analytica-linked researcher.

Data privacy 61

Data privacy Media 61

Thales Cloud Protection & Licensing

MAY 3, 2018

Streamlining operations and improving security. Large data scale breaches have led an increasing number of companies to embrace comprehensive encryption strategies to protect their assets. According to our 2018 Global Encryption Trends Study , 43% of respondents report that their organization has an encryption strategy they apply across the enterprise, compared with 15% in 2005.

Encryption 54

Encryption Architecture Software Risk 54

WIRED Threat Level

APRIL 29, 2018

There are a ton of claims around AI and cybersecurity that don't quite add up. Here's what's really going on.

Cybersecurity 102

Cybersecurity 102

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

Cybersecurity

Dark Reading

MAY 1, 2018

Despite heightened awareness of the security implications many users still continue to reuse passwords and rarely if ever change them, a LogMeIn survey shows.

Passwords 64

Passwords 64

Privacy and Cybersecurity Law

MAY 2, 2018

The Canadian Radio-television and Telecommunications Commission (CRTC) has announced the first undertaking and fine involving text message violations under Canada’s […].

Telecommunications 52

Telecommunications Marketing 52

Kali Linux

APRIL 29, 2018

This Kali release is the first to include the Linux 4.15 kernel, which includes the x86 and x64 fixes for the much-hyped Spectre and Meltdown vulnerabilities. It also includes much better support for AMD GPUs and support for AMD Secure Encrypted Virtualization , which allows for encrypting virtual machine memory such that even the hypervisor can’t access it.

Encryption 52

Encryption 52

WIRED Threat Level

APRIL 28, 2018

A major DDoS for hire site gets taken down, the CIA has a card game that you can play soon too, and more security news this week.

DDOS 76

DDOS 76

Advertisement

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

Cybersecurity

Dark Reading

MAY 1, 2018

Researchers get hold of a copy of Kim Jong Un regime's mysterious internal 'SiliVaccine' antivirus software provided only to its citizens - and find a few surprises.

Software 62

Software Antivirus 62

Threatpost

MAY 1, 2018

The apps are deemed malicious by doing things such as capturing pictures and audio when the app is closed, or making an unusually large amount of network calls.

61

61

Elie

APRIL 29, 2018

This post looks at the main difficulty faced while using a classifier to block attacks: handling mistakes and uncertainty such that the overall system remains secure and usable.

48

48

eSecurity Planet

APRIL 30, 2018

VIDEO: Tom Corn, Senior Vice President and GM of Security Products at VMware, details the core pillars of cybersecurity at his company.

Cybersecurity 60

Cybersecurity 60

Speaker: Erika R. Bales, Esq.

When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.

Dark Reading

MAY 1, 2018

These five steps can show you how to start building your foundational privacy program for the EU's General Data Protection Regulation.

65

65

Threatpost

APRIL 30, 2018

Thanks to auto-play, it’s possible to crash Windows systems by simply inserting the drive into the USB port, no further user interaction necessary.

Hacking 59

Hacking 59

Privacy and Cybersecurity Law

MAY 2, 2018

The Canadian Radio-television and Telecommunications Commission (CRTC) has announced the first undertaking and fine involving text message violations under Canada’s Anti-Spam Legislation (CASL). This first, involves Quebec-based 514-BILLETS, a ticket broker for sporting and cultural events. Between July 2014 and January 2016, the CRTC alleges 514-BILLETS sent text messages to recipients without their consent.

Telecommunications 40

Telecommunications Media Marketing 40

eSecurity Planet

MAY 3, 2018

We review the Nasdaq BWise eGRC platform, which has modules for internal audit, risk management, compliance & policy management, information security and sustainability performance management.

Information Security 40

Information Security Risk 40

Speaker: William Hord, Vice President of ERM Services

A well-defined change management process is critical to minimizing the impact that change has on your organization. Leveraging the data that your ERM program already contains is an effective way to help create and manage the overall change management process within your organization. Your ERM program generally assesses and maintains detailed information related to strategy, operations, and the remediation plans needed to mitigate the impact on the organization.

Risk