Troy Hunt
NOVEMBER 29, 2017
Last week I wrote about my upcoming congressional testimony and wow - you guys are awesome! Seriously, the feedback there was absolutely sensational and it's helped shape what I'll be saying to the US Congress, including lifting specific wording and phrases provided by some of you. Thank you! As I explained in that first blog post, I'm required to submit a written testimony 48 hours in advance of the event.
Schneier on Security
DECEMBER 1, 2017
A Turkish Airlines flight made an emergency landing because someone named his wireless network (presumably from his smartphone) "bomb on board.". In 2006, I wrote an essay titled " Refuse to be Terrorized." (I am also reminded of my 2007 essay, " The War on the Unexpected." A decade later, it seems that the frequency of incidents like the one above is less, although not zero.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
WIRED Threat Level
DECEMBER 1, 2017
The Justice Department has struck a plea deal with Nghia Hoang Pho, a programmer in the NSA's elite operations unit, for taking his highly classified work home with him.
Thales Cloud Protection & Licensing
NOVEMBER 28, 2017
At Thales eSecurity we are always eager to obtain data on how the world perceives threats to personal data, because it has the potential to inform us on how to make our everyday lives more safe and secure. Together with an independent firm, we recently conducted a survey of 1,000 consumers across the U.S. and UK and found that ownership of internet-connected cars is on the rise.
Advertisement
How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.
Troy Hunt
NOVEMBER 30, 2017
Last week, I was sitting next to a croc-infested river in the middle of nowhere (relatively speaking). This week, I'm in front of the United States Capital having just spoken to the very people who create the laws that govern not just the US but let's face it, have a significant impact on the rest of the world. Today was just one of those moments that make you go. whoa.
Schneier on Security
NOVEMBER 28, 2017
This is an interesting tactic, and there's a video of it being used: The theft took just one minute and the Mercedes car, stolen from the Elmdon area of Solihull on 24 September, has not been recovered. In the footage, one of the men can be seen waving a box in front of the victim's house. The device receives a signal from the key inside and transmits it to the second box next to the car.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
Thales Cloud Protection & Licensing
NOVEMBER 29, 2017
In the month of October, I wrote about reducing scope for PCI DSS. In this blog, I take it a step further with a discussion about the options available for securing data. Not all types of encryption give you the coverage and flexibility you need. There’s no one-size-fits-all solution for protecting account data; every organization is different, faces different threats and has different security objectives that (ideally) go beyond PCI DSS compliance.
eSecurity Planet
DECEMBER 1, 2017
The data is unusually sensitive, including full credit card and bank account numbers as well as images of Social Security cards and driver's licenses.
Schneier on Security
NOVEMBER 29, 2017
The cell phones we carry with us constantly are the most perfect surveillance device ever invented, and our laws haven't caught up to that reality. That might change soon. This week, the Supreme Court will hear a case with profound implications on your security and privacy in the coming years. The Fourth Amendment's prohibition of unlawful search and seizure is a vital right that protects us all from police overreach, and the way the courts interpret it is increasingly nonsensical in our compute
WIRED Threat Level
DECEMBER 1, 2017
Further analysis of North Korea's latest ICBM launch shows that the country can likely land a nuclear weapon anywhere in the continental United States.
Advertiser: Revenera
In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.
Threatpost
NOVEMBER 28, 2017
A major bug in Apple’s macOS High Sierra gives anyone with physical access to a system running the latest version of the OS root access simply by putting "root" in the user name field.
Dark Reading
NOVEMBER 30, 2017
Washington AG files multimillion-dollar consumer protection lawsuit; multiple states also confirm they are investigating the Uber breach, which means more lawsuits may follow.
Schneier on Security
NOVEMBER 27, 2017
Uber was hacked, losing data on 57 million driver and rider accounts. The company kept it quiet for over a year. The details are particularly damning : The two hackers stole data about the company's riders and drivers Â-- including phone numbers, email addresses and names -- from a third-party server and then approached Uber and demanded $100,000 to delete their copy of the data, the employees said.
WIRED Threat Level
NOVEMBER 28, 2017
The FCC's net neutrality public comment period was overrun with bots, making it all but impossible for any one voice to be heard. That's not how this is supposed to work.
Advertisement
The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.
Threatpost
NOVEMBER 30, 2017
A Cisco Systems security advisory is urges users of its WebEx platform to patch six vulnerabilities that could allow attackers to execute remote code.
Dark Reading
NOVEMBER 29, 2017
Greg Touhill's advice for security leaders includes knowing the value of information, hardening their workforce, and prioritizing security by design.
Schneier on Security
NOVEMBER 30, 2017
ZDNet is reporting about another data leak, this one from US Army's Intelligence and Security Command (INSCOM), which is also within to the NSA. The disk image, when unpacked and loaded, is a snapshot of a hard drive dating back to May 2013 from a Linux-based server that forms part of a cloud-based intelligence sharing system, known as Red Disk. The project, developed by INSCOM's Futures Directorate, was slated to complement the Army's so-called distributed common ground system (DCGS), a legacy
WIRED Threat Level
NOVEMBER 29, 2017
Opinion: The US argues that police can access cell phone records freely because customers volunteer that data. But cell phones are no longer optional.
Speaker: Blackberry, OSS Consultants, & Revenera
Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?
Threatpost
NOVEMBER 28, 2017
For the second time in ten days, researchers at UpGuard released sensitive data belonging to the United States Defense Department that was stored insecurely online.
Dark Reading
NOVEMBER 28, 2017
The rise of artificial intelligence, machine learning, hivenets, and next-generation morphic malware is leading to an arms race that enterprises must prepare for now.
Schneier on Security
NOVEMBER 28, 2017
By David Gurteen I've just spent a few days in Riyadh where I gave a talk and run a Knowledge Café as part of a KM Forum entitled "Knowledge Management Utilization in Realizing Saudi Vision 2030" organized by the Naseej Academy. Saudi Vision 2030 is a plan to reduce Saudi Arabia's dependence on oil, diversify its economy, and develop public service sectors such as health, education, infrastructure, recreation, and tourism.
WIRED Threat Level
NOVEMBER 28, 2017
A Turkish company found a glaring flaw in Apple's desktop operating system that gives anyone deep access, no password required.
Advertisement
Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.
Threatpost
NOVEMBER 30, 2017
Researchers say a new remote access Trojan dubbed UBoatRAT is targeting individuals or organizations linked to South Korea or video games industry.
Dark Reading
NOVEMBER 28, 2017
Karim Baratov admits he worked on behalf of Russia's FSB.
eSecurity Planet
NOVEMBER 27, 2017
That's a 35 percent increase over the previous quarter.
WIRED Threat Level
DECEMBER 1, 2017
Opinion: Two senators from opposing parties argue that voting machines should be considered critical infrastructure, and funded accordingly.
Speaker: Erika R. Bales, Esq.
When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.
Threatpost
NOVEMBER 27, 2017
Qihoo 360 Netlab researchers reported on Friday that they are tracking an uptick in activity associated with what it said is a variant of the Mirai botnet.
Dark Reading
NOVEMBER 27, 2017
The ride-sharing company's decisions leading to a 2016 data breach and its handling of the incident should serve as a cautionary tale for enterprises facing a breach.
Spinone
DECEMBER 1, 2017
Organizations moving to the public cloud are faced with serious challenges to security and security related processes. Generally speaking, organizations maintaining on-premise infrastructure have total control over security and policies related to securing access to data, data loss prevention, and data security. When moving to the public cloud however, how can organizations provide this same, […] The post Spin.AI Releases Google Workspace Security Policies first appeared on SpinOne.
WIRED Threat Level
NOVEMBER 29, 2017
A new analysis of the FCC's net neutrality comment period shows millions of fake or duplicate email addresses and other alarming absurdities.
Speaker: William Hord, Vice President of ERM Services
A well-defined change management process is critical to minimizing the impact that change has on your organization. Leveraging the data that your ERM program already contains is an effective way to help create and manage the overall change management process within your organization. Your ERM program generally assesses and maintains detailed information related to strategy, operations, and the remediation plans needed to mitigate the impact on the organization.
Expert insights. Personalized for you.
219 
Let's personalize your content