Troy Hunt
MARCH 4, 2020
Since launching version 2 of Pwned Passwords with the k-anonymity model just over 2 years ago now, the thing has really gone nuts (read that blog post for background otherwise nothing from here on will make much sense). All sorts of organisations are employing the service to keep passwords from previous data breaches from being used again and subsequently, putting their customers at heightened risk.
Krebs on Security
MARCH 3, 2020
Last week, KrebsOnSecurity reported to health insurance provider Blue Shield of California that its Web site was flagged by multiple security products as serving malicious content. Blue Shield quickly removed the unauthorized code. An investigation determined it was injected by a browser extension installed on the computer of a Blue Shield employee who’d edited the Web site in the past month.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Schneier on Security
MARCH 4, 2020
The BBC is reporting a vulnerability in the Let's Encrypt certificate service: In a notification email to its clients, the organisation said: "We recently discovered a bug in the Let's Encrypt certificate authority code. "Unfortunately, this means we need to revoke the certificates that were affected by this bug, which includes one or more of your certificates.
Tech Republic Security
MARCH 2, 2020
Without regulation and strong proactive measures, 5G networks remain vulnerable to cyberattacks, and the responsibility falls on businesses and governments.
Advertisement
How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.
Troy Hunt
MARCH 5, 2020
This is the big one. It's all HIBP and Project Svalbard top to bottom this week and I've chosen to exclude everything else in its favour. This is just such an essential part of not just the HIBP narrative, but indeed the narrative of my career and what gets me up each day. So here it is, the video insights version to the announcement post from a few days ago.
Krebs on Security
MARCH 2, 2020
A large number of French critical infrastructure firms were hacked as part of an extended malware campaign that appears to have been orchestrated by at least one attacker based in Morocco, KrebsOnSecurity has learned. An individual thought to be involved has earned accolades from the likes of Apple , Dell , and Microsoft for helping to find and fix security vulnerabilities in their products.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
Tech Republic Security
MARCH 3, 2020
Cybercriminals are finding new ways to get malware on mobile devices, including abusing Android's accessibility features, according to a McAfee report.
Adam Shostack
MARCH 5, 2020
Amazon has released a set of documents, “ Updates to Device Security Requirements for Alexa Built-in Products.” I want to look at these as a specific way to express a threat model, which is threat modeling along the supply chain, talk about the proliferation of this different kind of model, and what it means for engineering. (More precisely, since I don’t have an Amazon developer account, I’m going to look at the blog post, and infer some stuff about the underlying docume
The Last Watchdog
MARCH 6, 2020
Cyber threats now command the corporate sector’s full attention. It’s reached the point where some CEOs have even begun adjusting their personal online habits to help protect themselves, and by extension, the organizations they lead. Corporate consultancy PwC’s recent poll of 1,600 CEOs worldwide found that cyber attacks are now considered the top hinderance to corporate performance, followed by the shortage of skilled workers and the inability to keep up with rapid tech advances.
Schneier on Security
MARCH 2, 2020
Privacy International has the details : Key facts: Despite Facebook claim, "Download Your Information" doesn't provide users with a list of all advertisers who uploaded a list with their personal data. As a user this means you can't exercise your rights under GDPR because you don't know which companies have uploaded data to Facebook. Information provided about the advertisers is also very limited (just a name and no contact details), preventing users from effectively exercising their rights.
Advertiser: Revenera
In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.
Tech Republic Security
MARCH 6, 2020
How confident are you with the security of your WordPress deployments? If you're not 100% confident, you need to make use of the wpscan tool.
Adam Shostack
MARCH 2, 2020
At Blackhat this summer, I’ll be offering threat modeling training at Blackhat. Last year, these sold out quickly, so don’t wait! This hands-on, interactive class will focus on learning to threat model by executing each of the steps. Students will start threat modeling early on day 1, followed by an understanding of traps that they might fall into, and then progressing through the four questions: what are we working on, what can go wrong, what are we going to do about it and did we d
The Last Watchdog
MARCH 2, 2020
Security information and event management (SIEM) is evolving and integrating with security orchestration, automation, and response (SOAR) to add real value in the cybersecurity space. Related : How SOAR Is Helping to Address the Cybersecurity Skills Gap SIEM is useful for detecting potential security incidents and triggering alerts, but the addition of a SOAR solution brings these alerts to another level by triaging the data and adopting remediation measures where required.
Schneier on Security
MARCH 6, 2020
One follow-on to the story of Crypto AG being owned by the CIA: this interview with a Washington Post reporter. The whole thing is worth reading or listening to, but I was struck by these two quotes at the end: in South America, for instance, many of the governments that were using Crypto machines were engaged in assassination campaigns. Thousands of people were being disappeared, killed.
Advertisement
The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.
Tech Republic Security
MARCH 4, 2020
How confident are you with the security of your WordPress deployments? If you're not 100% confident, you need to make use of the wpscan tool.
Thales Cloud Protection & Licensing
MARCH 6, 2020
Disconnecting from your mobile device, laptop or tablet can be as good as a holiday. Simply taking a pause from email and social media in favor of a good book or conversation is known to increase your mood and life satisfaction. But it’s also a chance to step back and re-evaluate our online usage. In my family, we regularly ‘unplug’ and use the opportunity to discuss cyber awareness and topics such as the risks to our family information, how we can improve personal safety, and what are we doing
The Last Watchdog
MARCH 4, 2020
Wider use of Internet of Things systems that can make daily living safer, healthier and more convenient is on the immediate horizon. However, to fully capture the benefits of an IoT-centric economy, a cauldron of privacy and security concerns must first be quelled. Related : The promise and pitfalls of IoT At the technology level, two fundamental things must get accomplished.
Security Affairs
MARCH 1, 2020
This week, several media reported that agents of the Russian intelligence reportedly went to Ireland to inspect the undersea cables. The Sunday Times reported that Russian intelligence agents have been sent to Ireland to gather detailed information on the undersea cables that connect Europe to North America. The news is alarming, intelligence agencies fear that Russia plans to carry out new cyber-espionage operations by tapping the undersea cables or even sabotage them. “Russia has sent in
Speaker: Blackberry, OSS Consultants, & Revenera
Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?
Tech Republic Security
MARCH 3, 2020
Security risks are important considerations with IoT initiatives. A Kaspersky report includes steps to take to prevent an IoT-targeted attack.
Thales Cloud Protection & Licensing
MARCH 3, 2020
This blog is co-written with Shian Sung from Keyfactor. In today’s development environment, it’s important for every organization to utilize code signing as a way to ensure that the applications and updates they deliver are trusted. This starts from the build process and goes all the way through to the release in order to develop code that maintains a strong root of trust, and with a high degree of authenticity and integrity.
Dark Reading
MARCH 4, 2020
There are many challenges to safely carrying data and equipment on international travels, but the right policy can make navigating the challenges easier and more successful.
Security Affairs
MARCH 5, 2020
New problems for the wireless carrier T-Mobile that disclosed a data breach that exposed some of the customers’ personal information. The wireless carrier T-Mobile was victims of a sophisticated cyber attack that targeted its email vendor. A data breach notification published by the telecommunications giant on its website revealed that the security breach impacted both employees and customers. “Our Cybersecurity team recently identified and shut down a malicious attack against our e
Advertisement
Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.
Tech Republic Security
MARCH 4, 2020
The coronavirus is spurring questions and concerns in the tech industry. Get tips about remote work, interviewing and hiring, travel, and cybersecurity, as well as the latest news.
Threatpost
MARCH 2, 2020
A security error in the Walgreens mobile app may have leaked customers' full names, prescriptions and shipping addresses.
Dark Reading
MARCH 6, 2020
Security pros detail the common and concerning ways attackers target enterprise cloud environments.
Security Affairs
MARCH 2, 2020
SurfingAttack is an attacking technique that allows to wake up mobile device and control them using voice commands encoded in ultrasonic waves. SurfingAttack is a hacking technique that sees voice commands encoded in ultrasonic waves silently activate a mobile phone’s digital assistant. The technique could be used to do several actions such as making phone calls or reading text messages.
Speaker: Erika R. Bales, Esq.
When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.
Tech Republic Security
MARCH 4, 2020
Despite an increase in usage, a Valimail report found that of the 933,000 organizational domains with DMARC, only 13% are at enforcement.
Threatpost
MARCH 3, 2020
Cyber attack at Visser Precision, which builds custom parts for the aerospace and automotive industries, reveals sensitive company data.
Dark Reading
MARCH 6, 2020
The former Supreme Allied Commander of NATO gives Dark Reading his take on the greatest cyber threats our nation and its businesses face today.
Security Affairs
MARCH 3, 2020
Cybaze-Yoroi ZLab analyzed a new implant employed by a North Korea-linked APT group, tracked as Kimsuky, in attacks on South Korea. I ntroduction. Recently we have observed a significant increase in state-sponsored operations carried out by threat actors worldwide. APT34 , Gamaredon , and Transparent Tribe are a few samples of the recently uncovered campaigns, the latter was spotted after four years of apparent inactivity.
Speaker: William Hord, Vice President of ERM Services
A well-defined change management process is critical to minimizing the impact that change has on your organization. Leveraging the data that your ERM program already contains is an effective way to help create and manage the overall change management process within your organization. Your ERM program generally assesses and maintains detailed information related to strategy, operations, and the remediation plans needed to mitigate the impact on the organization.
Expert insights. Personalized for you.
275 
Let's personalize your content