Schneier on Security

JANUARY 19, 2018

Interesting research: " Long-term market implications of data breaches, not ," by Russell Lange and Eric W. Burger. Abstract : This report assesses the impact disclosure of data breaches has on the total returns and volatility of the affected companies' stock, with a focus on the results relative to the performance of the firms' peer industries, as represented through selected indices rather than the market as a whole.

Marketing 302

Marketing Financial Services Data breaches Healthcare 302

Troy Hunt

JANUARY 19, 2018

It's NDC London! I'm pushing this week's update out a little later due to the different time zones and frankly, due to it being an absolutely non-stop week of events. I talk about those, about how I'm trying to tackle breach disclosures now and about some upcoming events. Next week is Norway and Denmark and I'll be coming to you a little later due to a totally jam-packed Friday, more from me then. iTunes podcast | Google Play Music podcast | RSS podcast.

116

116

WIRED Threat Level

JANUARY 16, 2018

Megan Squire doesn’t consider herself to be antifa and pushes digital activism instead, passing along information to those who might put it to real-world use—who might weaponize it.

111

111

Dark Reading

JANUARY 17, 2018

Serverless architectures take away business responsibility for server management, but security should still be top of mind.

Architecture 78

Architecture 78

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Schneier on Security

JANUARY 15, 2018

No More Ransom is a central repository of keys and applications for ransomware, so people can recover their data without paying. It's not complete, of course, but is pretty good against older strains of ransomware. The site is a joint effort by Europol, the Dutch police, Kaspersky, and McAfee.

Ransomware 140

Ransomware Encryption 140

Threatpost

JANUARY 18, 2018

A massive mobile espionage campaign has been collecting troves of sensitive personal information since 2012, according to a new report from the Electronic Frontier Foundation and security firm Lookout.

Mobile 52

Mobile Government Malware 52

Dark Reading

JANUARY 16, 2018

ICEBRG Security Research team's finding highlights an often-overlooked threat.

88

88

Schneier on Security

JANUARY 17, 2018

Interesting article by Major General Hao Yeli, Chinese People's Liberation Army (ret.), a senior advisor at the China International Institute for Strategic Society, Vice President of China Institute for Innovation and Development Strategy, and the Chair of the Guanchao Cyber Forum. Against the background of globalization and the internet era, the emerging cyber sovereignty concept calls for breaking through the limitations of physical space and avoiding misunderstandings based on perceptions of

Government 134

Government Internet Internet Firewall 134

Threatpost

JANUARY 16, 2018

A bug in Lenovo’s Enterprise Networking Operating System could allow an attacker to launch an authentication bypass attack.

Authentication 60

Authentication 60

WIRED Threat Level

JANUARY 14, 2018

It's a new name for an old argument: that public agencies fighting crime and terrorism must have access to our private communications—for our own good.

Encryption 89

Encryption 89

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

Dark Reading

JANUARY 19, 2018

While the attack surface has increased exponentially because of the cloud and everything-as-a-service providers, there are still ways in which host companies can harden supply chain security.

Cyber Attacks 52

Cyber Attacks 52

Schneier on Security

JANUARY 16, 2018

Jim Risen writes a long and interesting article about his battles with the US government and the New York Times to report government secrets.

Government 117

Government 117

Threatpost

JANUARY 17, 2018

Researchers have discovered Android malware with spy capabilities never seen before such as allowing attackers to capture encrypted WhatsApp chat sessions.

Malware 46

Malware Encryption Mobile Hacking 46

WIRED Threat Level

JANUARY 17, 2018

When researchers put a popular criminal justice algorithm up against a bunch of Mechanical Turks, they came out about even.

90

90

Advertisement

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

Healthcare

Dark Reading

JANUARY 17, 2018

New research categorizes CISOs into four distinct groups based on factors related to workforce, governance, and security controls.

CISO 59

CISO Government 59

Schneier on Security

JANUARY 18, 2018

Interesting.

154

154

eSecurity Planet

JANUARY 19, 2018

The IT and software solutions that help businesses meet the EU's tough new data privacy regulation.

Technology 59

Technology Data privacy Software 59

WIRED Threat Level

JANUARY 18, 2018

New details about Triton malware should put industrial systems and critical infrastructure on notice.

Malware 96

Malware 96

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

Cybersecurity

Dark Reading

JANUARY 19, 2018

Revenues and reputation have taken a hit in the wake of the US Department of Homeland Security's decision to prohibit use of its products and services by the feds, the company says.

Government 48

Government 48

Threatpost

JANUARY 17, 2018

Hackers are exploiting three Microsoft Office vulnerabilities to spread the Zyklon HTTP malware.

Malware 59

Malware Cryptocurrency Hacking 59

eSecurity Planet

JANUARY 19, 2018

We review Flexera Corporate Software Inspector, a patch management solution for Windows, Mac OS and Red Hat Linux.

Software 53

Software 53

WIRED Threat Level

JANUARY 18, 2018

New research advances techniques for finding and exploiting known vulnerabilities in IoT devices automatically.

IoT 88

IoT 88

Advertisement

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

Cybersecurity

Dark Reading

JANUARY 17, 2018

Threat actors from both nations ramped up their activities sharply in 2017, Flashpoint says in a new threat intelligence report.

56

56

Threatpost

JANUARY 19, 2018

A so-called ‘text bomb’ flaw in Apple’s iPhone and Mac computers that causes devices to crash or restart will be patched next week, according to multiple sources.

Mobile 42

Mobile Hacking 42

eSecurity Planet

JANUARY 19, 2018

We review SolarWinds Patch Manager, a patch management solution focused on Windows servers and workstations and third-party products.

48

48

WIRED Threat Level

JANUARY 13, 2018

Meltdown, Spectre, malicious Android apps, and more of the week's top security news.

86

86

Speaker: Erika R. Bales, Esq.

When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.

Dark Reading

JANUARY 16, 2018

Doubling down on outdated security practices while the number of users leveraging your enterprise network grows is a race to the bottom for businesses moving to distributed workflows.

43

43

Spinone

JANUARY 13, 2018

As the security threat landscape evolves, enterprise organizations continuously invest into data protection solutions aimed at preventing massive data breaches, Ransomware, phishing scams and other sophisticated cyber attacks. Looking back at 2017 Spinbackup has made it a priority to offer state-of-the-art solutions to the problems above. So take a cup of coffee, relax, and have a look at our best articles providing solutions to your most serious G Suite security concerns.

Backups 40

Backups Scams Data breaches Education 40

eSecurity Planet

JANUARY 19, 2018

We review BMC BladeLogic Server Automation, a server configuration tool that also offers patch management for Microsoft, Linux, and other OSes.

44

44

WIRED Threat Level

JANUARY 13, 2018

And where was the federal government?

Government 107

Government 107

Speaker: William Hord, Vice President of ERM Services

A well-defined change management process is critical to minimizing the impact that change has on your organization. Leveraging the data that your ERM program already contains is an effective way to help create and manage the overall change management process within your organization. Your ERM program generally assesses and maintains detailed information related to strategy, operations, and the remediation plans needed to mitigate the impact on the organization.

Risk