Schneier on Security
NOVEMBER 8, 2017
Testimony and Statement for the Record of Bruce Schneier. Fellow and Lecturer, Belfer Center for Science and International Affairs, Harvard Kennedy School. Fellow, Berkman Center for Internet and Society at Harvard Law School. Hearing on "Securing Consumers' Credit Data in the Age of Digital Commerce". Before the. Subcommittee on Digital Commerce and Consumer Protection.
Troy Hunt
NOVEMBER 9, 2017
Here's something I hear quite a bit when talking about security things: Our site isn't a target, it doesn't have anything valuable on it. This is usually the retort that comes back in defence of some pretty shady practices and in the mind of the defendant, it's a perfectly reasonable position. They don't collect any credentials, they don't have any payment info and in many cases, the site is simply a static representation of content that rarely changes.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Elie
NOVEMBER 9, 2017
In this paper, we present the first longitudinal measurement study of the underground ecosystem fueling credential theft and assess the risk it poses to millions of users. Over the course of March, 2016–March, 2017, we identify 788,000 potential victims of off-theshelf keyloggers; 12.4 million potential victims of phishing kits; and 1.9 billion usernames and passwords exposed via data breaches and traded on blackmarket forums.
WIRED Threat Level
NOVEMBER 5, 2017
Bitcoin and other cryptocurrencies have exploded in value—making them an ever-more attractive target for scammers and hackers. Here's how to protect investment.
Advertisement
How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.
Schneier on Security
NOVEMBER 7, 2017
There's a new criminal tactic involving hacking an e-mail account of a company that handles high-value transactions and diverting payments. Here it is in real estate : The scam generally works like this: Hackers find an opening into a title company's or realty agent's email account, track upcoming home purchases scheduled for settlements -- the pricier the better -- then assume the identity of the title agency person handling the transaction.
Troy Hunt
NOVEMBER 9, 2017
Loads of bits and pieces this week ranging from travel (including something truly awesome that I can't go into detail on just yet) to Report URI to HIBP. There's also the competition for the Lenovo ThinkPad where I talk about the 4 finalists and if you're reading this within about 18 hours of me posting it, you can still vote for them here: It's time to vote!
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
WIRED Threat Level
NOVEMBER 10, 2017
The internet is awash in theories about Facebook using your smartphone's microphone to eavesdrop on your conversations. It's not. Here's why.
Schneier on Security
NOVEMBER 9, 2017
Embedded in this story about infidelity and a mid-flight altercation, there's an interesting security tidbit: The woman had unlocked her husband's phone using his thumb impression when he was sleeping.
eSecurity Planet
NOVEMBER 9, 2017
The combined company will lend visibility into how the email habits of users align with a business security, legal and compliance requirements.
Threatpost
NOVEMBER 10, 2017
IBM’s X-Force Research team reports hackers attacking Brazilian banks are using the Windows scripting tool called AutoIt to reduces the likelihood of antivirus software detection.
Advertiser: Revenera
In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.
WIRED Threat Level
NOVEMBER 6, 2017
A simple misconfiguration spiraled into outages for internet service providers and large internet platforms around the US.
Schneier on Security
NOVEMBER 6, 2017
Daphne Caruana Galizia was a Maltese journalist whose anti-corruption investigations exposed powerful people. She was murdered in October by a car bomb. Galizia used WhatsApp to communicate securely with her sources. Now that she is dead, the Maltese police want to break into her phone or the app, and find out who those sources were. One journalist reports : Part of Daphne's destroyed smart phone was elevated from the scene.
Spinone
NOVEMBER 6, 2017
Some people believe that Artificial Intelligence (AI) has the ability to amplify our natural human intelligence, as long as it remains in good hands. Let’s take a closer look at AI and how it can benefit – or negatively influence – our lives in the near future. Artificial intelligence is progressing at a rapid pace and we often associate it with science fiction movies where we see robots performing human-like tasks.
eSecurity Planet
NOVEMBER 10, 2017
Certificate authorities, key signings and DNS records are some of the ways Blockchain could make data and the web more secure and prevent DDoS attacks
Advertisement
The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.
WIRED Threat Level
NOVEMBER 10, 2017
The Department of Defense's bug bounty program was a smashing success. And other government agencies have taken notice.
Schneier on Security
NOVEMBER 10, 2017
It's a lot more chemistry than I understand: Invisible inks based on "smart" fluorescent materials have been shining brightly (if only you could see them) in the data-encryption/decryption arena lately. But some of the materials are costly or difficult to prepare, and many of these inks remain somewhat visible when illuminated with ambient or ultraviolet light.
Threatpost
NOVEMBER 9, 2017
Developers using the Twilio platform to build enterprise mobile communications apps have put call and text data at risk for exposure.
eSecurity Planet
NOVEMBER 10, 2017
23 percent haven't yet determined whether it's relevant to their organization.
Speaker: Blackberry, OSS Consultants, & Revenera
Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?
WIRED Threat Level
NOVEMBER 9, 2017
After ProPublica journalists wrote about hate groups, the trolls retaliated by signing them up for thousands of subscriptions. That was only the beginning.
Schneier on Security
NOVEMBER 9, 2017
This is a pilot project in Australia: Individuals who have shared intimate, nude or sexual images with partners and are worried that the partner (or ex-partner) might distribute them without their consent can use Messenger to send the images to be "hashed." This means that the company converts the image into a unique digital fingerprint that can be used to identify and block any attempts to re-upload that same image.
Threatpost
NOVEMBER 10, 2017
Threatpost editors Mike Mimoso and Tom Spring discuss the week's information security news.
eSecurity Planet
NOVEMBER 7, 2017
NeuVector will use the funds to bulk up its engineering and sales operations amid intensifying demand for its solution.
Advertisement
Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.
WIRED Threat Level
NOVEMBER 7, 2017
Kremlin hackers are adapting their phishing tactics with both the latest software vulnerabilities and the latest news, new McAfee findings show.
Schneier on Security
NOVEMBER 10, 2017
Squid fisherman in Argentina have asked regulators to start the squid season earlier in 2018. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Read my blog posting guidelines here.
Thales Cloud Protection & Licensing
NOVEMBER 7, 2017
In order to talk about any specialized field of knowledge, you need a common language with agreed upon terms, definitions and some level of accepted industry standards. Cybersecurity is no different. But as the industry has evolved, this critical foundational concept has somehow taken a backseat. As both the public and private sector embrace digital transformation and face an increasingly sophisticated threat scape, presidential executive orders have sought to remedy that problem.
eSecurity Planet
NOVEMBER 8, 2017
76 percent are rethinking their security strategies as a result.
Speaker: Erika R. Bales, Esq.
When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.
WIRED Threat Level
NOVEMBER 9, 2017
How a program called Mimikatz became one of the world's most widespread and powerful hacking tools.
WIRED Threat Level
NOVEMBER 7, 2017
That Netflix phishing scheme has been around for months—and it's clever enough to stick around.
WIRED Threat Level
NOVEMBER 7, 2017
Heads up, iPhone owners. iOS 11 comes with a batch of security features that merit your attention.
WIRED Threat Level
NOVEMBER 8, 2017
With its latest update, Chrome's going to quash the junky redirects that turn the web into a house or horror.
Speaker: William Hord, Vice President of ERM Services
A well-defined change management process is critical to minimizing the impact that change has on your organization. Leveraging the data that your ERM program already contains is an effective way to help create and manage the overall change management process within your organization. Your ERM program generally assesses and maintains detailed information related to strategy, operations, and the remediation plans needed to mitigate the impact on the organization.
Expert insights. Personalized for you.
207 
Let's personalize your content