This site uses cookies to improve your experience. To help us insure we adhere to various privacy regulations, please select your country/region of residence. If you do not select a country, we will assume you are from the United States. Select your Cookie Settings or view our Privacy Policy and Terms of Use.
Cookie Settings
Cookies and similar technologies are used on this website for proper function of the website, for tracking performance analytics and for marketing purposes. We and some of our third-party providers may use cookie data for various purposes. Please review the cookie settings below and choose your preference.
Used for the proper function of the website
Used for monitoring website traffic and interactions
Cookie Settings
Cookies and similar technologies are used on this website for proper function of the website, for tracking performance analytics and for marketing purposes. We and some of our third-party providers may use cookie data for various purposes. Please review the cookie settings below and choose your preference.
Strictly Necessary: Used for the proper function of the website
Performance/Analytics: Used for monitoring website traffic and interactions
The U.S. Securities and Exchange Commissio n (SEC) is investigating a security failure on the Web site of real estate title insurance giant First American Financial Corp. that exposed more than 885 million personal and financial records tied to mortgage deals going back to 2003, KrebsOnSecurity has learned. First American Financial Corp. In May, KrebsOnSecurity broke the news that the Web site for Santa Ana, Calif.
Boeing left its software unprotected, and researchers have analyzed it for vulnerabilities: At the Black Hat security conference today in Las Vegas, Santamarta, a researcher for security firm IOActive, plans to present his findings, including the details of multiple serious security flaws in the code for a component of the 787 known as a Crew Information Service/Maintenance System.
“All we know is MONEY! Hurry up! Tik Tak, Tik Tak, Tik Tak!” This is an excerpt from a chilling ransom note Baltimore IT officials received from hackers who managed to lock up most of the city’s servers in May. The attackers demanded $76,000, paid in Bitcoin, for a decryption key. Baltimore refused to pay – choosing, instead, to absorb an estimated $18 million in recovery costs.
Hacker Paige Thomson, main suspect in the recent Capital One data breach, may also be responsible for hacking as many as 30 other companies and organizations. . Prosecutors from the Seattle U.S. Attorney’s Office announced the discovery of data from more than 30 targeted entities in the bedroom of Paige Thompson, who was arrested in connection with the Capital One data breach.
Automation is transforming finance but without strong financial oversight it can introduce more risk than reward. From missed discrepancies to strained vendor relationships, accounts payable automation needs a human touch to deliver lasting value. This session is your playbook to get automation right. We’ll explore how to balance speed with control, boost decision-making through human-machine collaboration, and unlock ROI with fewer errors, stronger fraud prevention, and smoother operations.
“ Bluetana ,” a new mobile app that looks for Bluetooth-based payment card skimmers hidden inside gas pumps, is helping police and state employees more rapidly and accurately locate compromised fuel stations across the nation, a study released this week suggests. Data collected in the course of the investigation also reveals some fascinating details that may help explain why these pump skimmers are so lucrative and ubiquitous.
Last month, Attorney General William Barr gave a major speech on encryption policywhat is commonly known as "going dark." Speaking at Fordham University in New York, he admitted that adding backdoors decreases security but that it is worth it. Some hold this view dogmatically, claiming that it is technologically impossible to provide lawful access without weakening security against unlawful access.
Well that's Vegas done. 8 days of absolutely non-stop events that's now pretty much robbed me of my voice but hey, I got a flying cow! Scott and I both spent BSides, Black Hat and DEF CON doing "hallway con" or in other words, wandering around just meeting people. The personal engagement you get from these ad hoc meetups really can't be beat and I appreciate everyone who took the time to come over and say hi.
Well that's Vegas done. 8 days of absolutely non-stop events that's now pretty much robbed me of my voice but hey, I got a flying cow! Scott and I both spent BSides, Black Hat and DEF CON doing "hallway con" or in other words, wandering around just meeting people. The personal engagement you get from these ad hoc meetups really can't be beat and I appreciate everyone who took the time to come over and say hi.
With all the talk of escalating cyber warfare , the spread of counterfeit smartphones and new forms of self-replicating malware , I came away from Black Hat USA 2019 (my 15 th ) marveling, once more, at the panache of modern cyber criminals. Related: Lessons learned from Capital One breach Yet, I also had the chance to speak one-on-one with dozens of security vendors who are innovating like crazy to improve security.
Most Microsoft Windows (ab)users probably welcome the monthly ritual of applying security updates about as much as they look forward to going to the dentist: It always seems like you were there just yesterday, and you never quite know how it’s all going to turn out. Fortunately, this month’s patch batch from Redmond is mercifully light, at least compared to last month.
A researcher abused the GDPR to get information on his fiancee: It is one of the first tests of its kind to exploit the EU's General Data Protection Regulation (GDPR) , which came into force in May 2018. The law shortened the time organisations had to respond to data requests, added new types of information they have to provide, and increased the potential penalty for non-compliance.
If you missed the news about Russian-owned FaceApp going viral, you’ve probably been vacationing on the coast of a dust pond on the dark side of the moon. It highlights the general lack of privacy laws out there, and may herald the start of meaningful legislation. FaceApp allows users to tap into the power of artificial intelligence to see what they might look like with a perfect Hollywood smile, different hair, no hair, facial hair, or, alternately, as a much older version of themsel
Many cybersecurity awareness platforms offer massive content libraries, yet they fail to enhance employees’ cyber resilience. Without structured, engaging, and personalized training, employees struggle to retain and apply key cybersecurity principles. Phished.io explains why organizations should focus on interactive, scenario-based learning rather than overwhelming employees with excessive content.
In the last year, the news media has been full of stories about vicious cyber breaches on municipal governments. From Atlanta to Baltimore to school districts in Louisiana, cyber criminals have launched a wave of ransomware attacks on governments across the country. Related: SMBs struggle to mitigate cyber attacks As city governments struggle to recover access to their data, hackers are already turning their sites on their next targets: small and medium-sized businesses (SMBs).
Originally published in Payments Journal on July 31, 2019. There’s a very tough question on the table that no one can afford to ignore: If more than half of global IT and security executives say they actively fear the exposure of payment card data and other personal identifiable information, why are 70% of them not deploying measures such as encryption to maintain security?
Interesting analysis: " Examining the Anomalies, Explaining the Value: Should the USA FREEDOM Act's Metadata Program be Extended? " by Susan Landau and Asaf Lubin. Abstract: The telephony metadata program which was authorized under Section 215 of the PATRIOT Act, remains one of the most controversial programs launched by the U.S. Intelligence Community (IC) in the wake of the 9/11 attacks.
Wow. Blackhat, Defcon, I didn’t make any of the other conferences going on in Vegas. And coming back it seems like there’s a sea of things to follow up on. A little bit of organization is helping me manage better this year, and so I thought I’d share what’s in my post-conference toolbox. I’m also sharing because I don’t think my workflow is optimal, and would love to learn how you’re working through this in 2019, with its profusion of ways to stay in touch.
The DHS compliance audit clock is ticking on Zero Trust. Government agencies can no longer ignore or delay their Zero Trust initiatives. During this virtual panel discussion—featuring Kelly Fuller Gordon, Founder and CEO of RisX, Chris Wild, Zero Trust subject matter expert at Zermount, Inc., and Principal of Cybersecurity Practice at Eliassen Group, Trey Gannon—you’ll gain a detailed understanding of the Federal Zero Trust mandate, its requirements, milestones, and deadlines.
The FBI is searching for contractors to monitor social media for potential threats, the announcement raises concerns for user privacy. The abuse of social media passwords for malicious purpose is quite common, for this reason, the FBI is searching for contractors to monitor them. However, monitoring activity could threaten user privacy and set up possible conflicts with social media giants, such as Facebook, over privacy. “The Federal Bureau of Investigation (FBI) intends to award a firm f
Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.
Tavis Ormandy, white hat hacker at Google’s Project Zero Team, disclosed technical details of a 20-year-old Windows vulnerability that is still unpatched. The popular cyber security expert Tavis Ormandy, white hat hacker at Google’s Project Zero Team disclosed technical details of 20-year-old vulnerability that is still unpatched. The vulnerability, rated as high-severity, affects all versions of Microsoft Windows from Windows XP.
Apple's FaceID has a liveness detection feature, which prevents someone from unlocking a victim's phone by putting it in front of his face while he's sleeping. That feature has been hacked : Researchers on Wednesday during Black Hat USA 2019 demonstrated an attack that allowed them to bypass a victim's FaceID and log into their phone simply by putting a pair of modified glasses on their face.
I’m excited to be teaming up with Alpha Strike and Limes Security to deliver training in Vienna November 6-8. Details are available at Embedded Systems Security Days.
Fraud is a battle that every organization must face – it’s no longer a question of “if” but “when.” Every organization is a potential target for fraud, and the finance department is often the bullseye. From cleverly disguised emails to fraudulent payment requests, the tactics of cybercriminals are advancing rapidly. Drawing insights from real-world cases and industry expertise, we’ll explore the vulnerabilities in your processes and how to fortify them effectively.
A group of Israeli researchers demonstrated that it is possible to take over the Simatic S7 controller one of the most secure controllers in the industry. A team of Israeli researchers demonstrated that it is possible to take control of the Simatic S7 controller without the knowledge of the operators. The team was composed of researchers from the Cyber ??
Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.
Security expert discovered multiple flaws in 4G routers manufactured by several companies, some of them could allow attackers to take over the devices. G Richter, a security researcher at Pen Test Partners discovered multiple vulnerabilities 4G routers manufactured by different vendors. The issue includes information leak flaws and code execution vulnerabilities.
On June 28, 2018 the governor of California Jerry Brown signed into law with Assembly Bill No. 375 the California Consumer Privacy Act (CCPA), making California the first U.S. state to pass its own data privacy law. Last August, my colleague Ashvin Kamaraju wrote a blog shortly after this took place. The CCPA, which will come into effect on Jan. 1, 2020, grants to the state’s over 40 million people a range of rights comparable to the rights given to European citizens with the General Data Protec
After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!
Input your email to sign up, or if you already have an account, log in here!
Enter your email address to reset your password. A temporary password will be e‑mailed to you.
We organize all of the trending information in your field so you don't have to. Join 28,000+ users and stay up to date on the latest articles your peers are reading.
You know about us, now we want to get to know you!
Let's personalize your content
Let's get even more personalized
We recognize your account from another site in our network, please click 'Send Email' below to continue with verifying your account and setting a password.
273 
Let's personalize your content