Schneier on Security
NOVEMBER 12, 2019
The Wall Street Journal has a story about how two people were identified as the perpetrators of a ransomware scheme. They were found because -- as generally happens -- they made mistakes covering their tracks. They were investigated because they had the bad luck of locking up Washington, DC's video surveillance cameras a week before the 2017 inauguration.
Krebs on Security
NOVEMBER 13, 2019
In July 2016, KrebsOnSecurity published a story identifying a Toronto man as the author of the Orcus RAT , a software product that’s been marketed on underground forums and used in countless malware attacks since its creation in 2015. This week, Canadian authorities criminally charged him with orchestrating an international malware scheme. An advertisement for Orcus RAT.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Troy Hunt
NOVEMBER 9, 2019
It's a late, early in the day, hazy, bush-firey Aussie weekly update with a whole bunch of various bits and pieces of interest from throughout the week. The references below will give you a sense of how much I've jammed into this week so I won't repeat it all here in the intro, but I reckon it's a really interesting mix of different things across the industry.
Adam Shostack
NOVEMBER 13, 2019
The more I learn about threat modeling, the more I think the toughest part is how we answer the question: “What can go wrong?” Perhaps that’s “finding threats.” Maybe it’s “discovering” or “eliciting” them. Maybe it’s analogizing from threats we know about. I’m not yet even sure what to call it.
Advertisement
How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.
Schneier on Security
NOVEMBER 15, 2019
Really interesting research: TPM-FAIL: TPM meets Timing and Lattice Attacks , by Daniel Moghimi, Berk Sunar, Thomas Eisenbarth, and Nadia Heninger. Abstract: Trusted Platform Module (TPM) serves as a hardware-based root of trust that protects cryptographic keys from privileged system and physical adversaries. In this work, we per-form a black-box timing analysis of TPM 2.0 devices deployed on commodity computers.
Krebs on Security
NOVEMBER 11, 2019
Orvis , a Vermont-based retailer that specializes in high-end fly fishing equipment and other sporting goods, leaked hundreds of internal passwords on Pastebin.com for several weeks last month, exposing credentials the company used to manage everything from firewalls and routers to administrator accounts and database servers, KrebsOnSecurity has learned.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
The Last Watchdog
NOVEMBER 12, 2019
There’s little doubt that the shift to quantum computing will open new horizons of digital commerce. But it’s also plain as day that the mainstreaming of quantum processing power will profoundly exacerbate cybersecurity exposures. Related: The ‘post quantum crytpo’ race is on This isn’t coming as any surprise to IT department heads. In fact, there’s widespread recognition in corporate circles that the planning to address fresh cyber risks associated with quantum computing should hav
Schneier on Security
NOVEMBER 14, 2019
Technologists and policymakers largely inhabit two separate worlds. It's an old problem, one that the British scientist CP Snow identified in a 1959 essay entitled The Two Cultures. He called them sciences and humanities, and pointed to the split as a major hindrance to solving the world's problems. The essay was influential -- but 60 years later, nothing has changed.
Troy Hunt
NOVEMBER 9, 2019
It's a late, early in the day, hazy, bush-firey Aussie weekly update with a whole bunch of various bits and pieces of interest from throughout the week. The references below will give you a sense of how much I've jammed into this week so I won't repeat it all here in the intro, but I reckon it's a really interesting mix of different things across the industry.
Tech Republic Security
NOVEMBER 14, 2019
The same threat actor has been observed targeting companies in the US, Italy, and Germany, according to a new report from security provider Proofpoint.
Advertiser: Revenera
In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.
Adam Levin
NOVEMBER 12, 2019
Google is collecting the health record data of millions of U.S. citizens, raising serious concerns about patient privacy. According to a recent story published in The Wall Street Journal , Google has partnered with Ascension, the nation’s second largest health care system for Project Nightingale. . The partnership gives Google full, non-anonymized access to “lab results, doctor diagnoses and hospitalization records… and amounts to a complete health history, including patient names and date
Schneier on Security
NOVEMBER 13, 2019
Autonomous systems are going to have to do much better than this. The Uber car that hit and killed Elaine Herzberg in Tempe, Ariz., in March 2018 could not recognize all pedestrians, and was being driven by an operator likely distracted by streaming video, according to documents released by the U.S. National Transportation Safety Board (NTSB) this week.
Security Affairs
NOVEMBER 12, 2019
New problems for Facebook, it seems that the social networking giant is secretly using the camera while iPhone users are scrolling their feed. Is this another privacy issue for Facebook? The iPhone users Joshua Maddux speculates that Facebook might be actively using your camera without your knowledge while you’re scrolling your feed. Maddux published footage on Twitter that shows the camera o n his iPhone that is active while he scrolls through his feed.
Tech Republic Security
NOVEMBER 15, 2019
Wi-Fi hotspots, public charging stations, and travel planning sites seem helpful, but they could actually be a traveler's worst nightmare.
Advertisement
The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.
Dark Reading
NOVEMBER 13, 2019
C-suite execs must set an example of good practices while also supporting the IT department with enough budget to protect the organization from next-generation cyberattacks.
Schneier on Security
NOVEMBER 11, 2019
Interesting : Siri, Alexa, and Google Assistant are vulnerable to attacks that use lasers to inject inaudible -- and sometimes invisible -- commands into the devices and surreptitiously cause them to unlock doors, visit websites, and locate, unlock, and start vehicles, researchers report in a research paper published on Monday. Dubbed Light Commands, the attack works against Facebook Portal and a variety of phones.
Daniel Miessler
NOVEMBER 13, 2019
This is UL Member Content Subscribe Already a member? Login No related posts.
Tech Republic Security
NOVEMBER 14, 2019
An IBM X-Force Red team member explains how her background in makeup and sales helps her social engineering career. Also, she demonstrates how cybercriminals can easily clone your work ID badge.
Speaker: Blackberry, OSS Consultants, & Revenera
Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?
Security Affairs
NOVEMBER 10, 2019
Experts believe Artificial intelligence (AI) could introduce new cybersecurity concerns, and that the upcoming 5G network could pose new risks as well. Information Risk Management (IRM) recently published its 2019 Risky Business Report. The document shows the results of polling decision-makers in the cybersecurity and risk management sectors to get their expert opinions on things like the changing threat landscape, corporate decision-making about cybersecurity and other pertinent topics.
Schneier on Security
NOVEMBER 14, 2019
This is a current list of where and when I am scheduled to speak: I'm speaking on " Securing a World of Physically Capable Computers " at the Indian Institute of Science in Bangalore, India on December 12, 2019. The list is maintained on this page.
Dark Reading
NOVEMBER 15, 2019
Degrees, certifications, and experience are all important to career development, but mastering the people side of the equation may matter a whole lot more, CISOs say.
Tech Republic Security
NOVEMBER 14, 2019
The sector has been hit by more data breaches than any other this year as criminal groups devise more advanced hacking methods, says threat intelligence company IntSights.
Advertisement
Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.
Security Affairs
NOVEMBER 12, 2019
On S unday , the Mexican state-owned oil company PetrĂ³leos Mexicanos (Pemex) was infected with the DoppelPaymer ransomware. On Sunday, a piece of the DoppelPaymer ransomware infected systems of the Mexican state-owned oil company PetrĂ³leos Mexicanos (Pemex) taking down part of its network. The ransom amount for Pemex is 565 BTC currently… Also, DoppelPaymer's TOR site's text was updated sometimes & now have this: "Also, we have gathered all your private sensitive data.
WIRED Threat Level
NOVEMBER 15, 2019
From the 2017 French election to the Olympics to NotPetya, the same group's fingerprints have appeared again and again.
Threatpost
NOVEMBER 14, 2019
The campaign is consistent with emerging tactics from bad actors to use increasingly sophisticated social engineering and spoofing to deliver malware.
Tech Republic Security
NOVEMBER 13, 2019
Lots of PHI, low security, and multiple entry points make hospitals the perfect target for hackers and ransomware attacks are up 45% in Q3.
Speaker: Erika R. Bales, Esq.
When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.
Security Affairs
NOVEMBER 15, 2019
Sergiy P. , the administrator of DDoS-for-hire services was sentenced to 13 months in prison, and additional three years of supervised release. Sergiy P. Usatyuk , a man that was operating several DDoS-for-hire services was sentenced to 13 months in prison, and additional three years of supervised release. DDoS-for-hire services , aka stressers or booters , allows crooks to launch large scale DDoS attacks by paying a subscription fee. “An Orland Park, Illinois, resident was sentenced yeste
ForAllSecure
NOVEMBER 11, 2019
Introduction. This summer, I utilized ForAllSecure Mayhem, a next-generation fuzz testing solution, to analyze software that are heavily used. I felt these types of components in particular deserve more scrutiny from a security perspective. It is often believed that software that is frequently reused is more secure, because it has been reviewed by many developers.
Dark Reading
NOVEMBER 14, 2019
The security measures companies take today may not be enough for tomorrow's cyber assault, but switching to a proactive, risk-based framework may better protect your organization.
Tech Republic Security
NOVEMBER 15, 2019
Nearly half (47%) of executives believe they will be at a greater security risk in the next year, a Chubb and NCMM report found.
Speaker: William Hord, Vice President of ERM Services
A well-defined change management process is critical to minimizing the impact that change has on your organization. Leveraging the data that your ERM program already contains is an effective way to help create and manage the overall change management process within your organization. Your ERM program generally assesses and maintains detailed information related to strategy, operations, and the remediation plans needed to mitigate the impact on the organization.
Expert insights. Personalized for you.
216 
Let's personalize your content