Schneier on Security

JANUARY 18, 2018

Interesting.

206

206

Troy Hunt

JANUARY 14, 2018

I don't know how many data breaches I'm sitting on that I'm yet to process. 100? 200? It's hard to tell because often I'm sent collections of multiple incidents in a single archive, often there's junk in there and often there's redundancy across those collections. All I really know is that there's hundreds of gigabytes spread across thousands of files.

Data breaches 202

Data breaches Passwords Accountability Media 202

WIRED Threat Level

JANUARY 16, 2018

Megan Squire doesn’t consider herself to be antifa and pushes digital activism instead, passing along information to those who might put it to real-world use—who might weaponize it.

111

111

Dark Reading

JANUARY 16, 2018

ICEBRG Security Research team's finding highlights an often-overlooked threat.

88

88

Speaker: Erroll Amacker

Automation is transforming finance but without strong financial oversight it can introduce more risk than reward. From missed discrepancies to strained vendor relationships, accounts payable automation needs a human touch to deliver lasting value. This session is your playbook to get automation right. We’ll explore how to balance speed with control, boost decision-making through human-machine collaboration, and unlock ROI with fewer errors, stronger fraud prevention, and smoother operations.

Risk

Schneier on Security

JANUARY 19, 2018

Interesting research: " Long-term market implications of data breaches, not ," by Russell Lange and Eric W. Burger. Abstract : This report assesses the impact disclosure of data breaches has on the total returns and volatility of the affected companies' stock, with a focus on the results relative to the performance of the firms' peer industries, as represented through selected indices rather than the market as a whole.

Marketing 381

Marketing Financial Services Data breaches Healthcare 381

Troy Hunt

JANUARY 19, 2018

It's NDC London! I'm pushing this week's update out a little later due to the different time zones and frankly, due to it being an absolutely non-stop week of events. I talk about those, about how I'm trying to tackle breach disclosures now and about some upcoming events. Next week is Norway and Denmark and I'll be coming to you a little later due to a totally jam-packed Friday, more from me then. iTunes podcast | Google Play Music podcast | RSS podcast.

143

143

Thales Cloud Protection & Licensing

JANUARY 18, 2018

There has always been a battle between business efficiency and security since the invention of shared compute and data resources. Enterprise risk managers continue to swing the pendulum between business risk and security risk, depending on new demands versus new threats. Today’s enterprises have experienced this pendulum shift as cloud has become more relevant.

Encryption 88

Encryption Risk Phishing Authentication 88

Schneier on Security

JANUARY 15, 2018

No More Ransom is a central repository of keys and applications for ransomware, so people can recover their data without paying. It's not complete, of course, but is pretty good against older strains of ransomware. The site is a joint effort by Europol, the Dutch police, Kaspersky, and McAfee.

Ransomware 185

Ransomware Encryption 185

eSecurity Planet

JANUARY 19, 2018

The IT and software solutions that help businesses meet the EU's tough new data privacy regulation.

Technology 82

Technology Data privacy Software 82

WIRED Threat Level

JANUARY 16, 2018

Vacant buildings are more than just an economic threat. They're also a public safety concern. And it turns out they have their own sort of gravitational pull.

111

111

Advertisement

Many cybersecurity awareness platforms offer massive content libraries, yet they fail to enhance employees’ cyber resilience. Without structured, engaging, and personalized training, employees struggle to retain and apply key cybersecurity principles. Phished.io explains why organizations should focus on interactive, scenario-based learning rather than overwhelming employees with excessive content.

Cyber threats

Dark Reading

JANUARY 17, 2018

Serverless architectures take away business responsibility for server management, but security should still be top of mind.

Architecture 78

Architecture 78

Schneier on Security

JANUARY 17, 2018

Interesting article by Major General Hao Yeli, Chinese People's Liberation Army (ret.), a senior advisor at the China International Institute for Strategic Society, Vice President of China Institute for Innovation and Development Strategy, and the Chair of the Guanchao Cyber Forum. Against the background of globalization and the internet era, the emerging cyber sovereignty concept calls for breaking through the limitations of physical space and avoiding misunderstandings based on perceptions of

Government 174

Government Internet Internet Firewall 174

eSecurity Planet

JANUARY 19, 2018

Patch management might be the single most important security tool. We review 9 of the top patch management solutions.

70

70

WIRED Threat Level

JANUARY 18, 2018

New details about Triton malware should put industrial systems and critical infrastructure on notice.

Malware 109

Malware 109

Advertisement

The DHS compliance audit clock is ticking on Zero Trust. Government agencies can no longer ignore or delay their Zero Trust initiatives. During this virtual panel discussion—featuring Kelly Fuller Gordon, Founder and CEO of RisX, Chris Wild, Zero Trust subject matter expert at Zermount, Inc., and Principal of Cybersecurity Practice at Eliassen Group, Trey Gannon—you’ll gain a detailed understanding of the Federal Zero Trust mandate, its requirements, milestones, and deadlines.

Cybersecurity

Dark Reading

JANUARY 16, 2018

Here's a list of gotchas that often slip past overburdened security pros.

61

61

Schneier on Security

JANUARY 16, 2018

Jim Risen writes a long and interesting article about his battles with the US government and the New York Times to report government secrets.

Government 143

Government 143

eSecurity Planet

JANUARY 19, 2018

We review Flexera Corporate Software Inspector, a patch management solution for Windows, Mac OS and Red Hat Linux.

Software 68

Software 68

WIRED Threat Level

JANUARY 17, 2018

When researchers put a popular criminal justice algorithm up against a bunch of Mechanical Turks, they came out about even.

107

107

Advertisement

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

Passwords

Threatpost

JANUARY 16, 2018

A bug in Lenovo’s Enterprise Networking Operating System could allow an attacker to launch an authentication bypass attack.

Authentication 60

Authentication 60

Thales Cloud Protection & Licensing

JANUARY 16, 2018

I have been in the security space for many decades. Although security technologies and processes have vastly improved, it seems that we are losing the battle as more and more data breaches are reported in the news. The wide adoption of the cloud has added to the concern for most enterprise risk officers. Due to increasing risk, favoring business efficiency over security — especially when dealing with cloud services — is no longer an accepted approach.

Encryption 59

Encryption Risk Data breaches Technology 59

Dark Reading

JANUARY 17, 2018

New research categorizes CISOs into four distinct groups based on factors related to workforce, governance, and security controls.

CISO 59

CISO Government 59

WIRED Threat Level

JANUARY 14, 2018

It's a new name for an old argument: that public agencies fighting crime and terrorism must have access to our private communications—for our own good.

Encryption 106

Encryption 106

Speaker: Sierre Lindgren

Fraud is a battle that every organization must face – it’s no longer a question of “if” but “when.” Every organization is a potential target for fraud, and the finance department is often the bullseye. From cleverly disguised emails to fraudulent payment requests, the tactics of cybercriminals are advancing rapidly. Drawing insights from real-world cases and industry expertise, we’ll explore the vulnerabilities in your processes and how to fortify them effectively.

Scams

Threatpost

JANUARY 17, 2018

Hackers are exploiting three Microsoft Office vulnerabilities to spread the Zyklon HTTP malware.

Malware 59

Malware Cryptocurrency Hacking 59

eSecurity Planet

JANUARY 19, 2018

We review Red Hat Satellite, a patch management solution for enterprise Linux systems.

58

58

Dark Reading

JANUARY 17, 2018

Threat actors from both nations ramped up their activities sharply in 2017, Flashpoint says in a new threat intelligence report.

56

56

WIRED Threat Level

JANUARY 13, 2018

Meltdown, Spectre, malicious Android apps, and more of the week's top security news.

104

104

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Software

Threatpost

JANUARY 18, 2018

A massive mobile espionage campaign has been collecting troves of sensitive personal information since 2012, according to a new report from the Electronic Frontier Foundation and security firm Lookout.

Mobile 52

Mobile Government Malware 52

eSecurity Planet

JANUARY 19, 2018

We review Ivanti Patch, a range of patch management solutions for small companies through large enterprises.

52

52

Dark Reading

JANUARY 16, 2018

These seven approaches can change the way you tackle problems.

54

54

WIRED Threat Level

JANUARY 18, 2018

New research advances techniques for finding and exploiting known vulnerabilities in IoT devices automatically.

IoT 102

IoT 102

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!