Krebs on Security

JULY 6, 2018

Energy giant ExxonMobil recently sent snail mail letters to its Plenti rewards card members stating that the points program was being replaced with a new one called Exxon Mobil Rewards+. Unfortunately, the letter includes a confusing toll free number and directs customers to a parked page that tries to foist Web browser extensions on visitors. The mailer (the first page of which is screenshotted below) urges customers to visit exxonmobilrewardsplus[dot]com, to download its mobile app, and to cal

Advertising 186

Advertising Mobile Marketing Engineering 186

Troy Hunt

JULY 2, 2018

Back in 2011, Microsoft gave me the rather awesome (IMHO) Most Valuable Professional Award for the first time. This is Microsoft's award for community leadership within a technology discipline which for me at the time, was developer security. I'm confident that award came largely due to the work I did on the OWASP Top 10 for.NET Developers series , a 10-part epic blog series that set me on the path to where I am today.

Technology 182

Technology 182

Schneier on Security

JULY 5, 2018

At least right now, facial recognition algorithms don't work with Juggalo makeup.

Software 175

Software Surveillance 175

WIRED Threat Level

JULY 5, 2018

It's never a bad time to audit your app permissions. In fact, it's more important than ever.

111

111

Speaker: Erroll Amacker

Automation is transforming finance but without strong financial oversight it can introduce more risk than reward. From missed discrepancies to strained vendor relationships, accounts payable automation needs a human touch to deliver lasting value. This session is your playbook to get automation right. We’ll explore how to balance speed with control, boost decision-making through human-machine collaboration, and unlock ROI with fewer errors, stronger fraud prevention, and smoother operations.

Risk

Adam Levin

JULY 2, 2018

If you know anyone who maintains social media accounts and works in law enforcement, and they don’t use an alias, send them this article. Scratch that. If you know anyone who might be targeted by hackers who has too much real information “out there” (i.e., most people), send this article to them. It’s no secret that people with high-profile outward facing jobs have long used aliases–actors, media personalities, professional athletes, models, etc.

Social Engineering 101

Social Engineering Media Identity Theft Engineering 101

Troy Hunt

JULY 6, 2018

It's a week of tweets! I only wrote the one short blog post this week, but I spent a heap of time on the Twitters arguing with people instead so. that's something? But seriously, there was a huge amount of discussion around HTTPS in particular and some very vocal opinions around its usefulness (or lack thereof), which frankly, had myself and many others tearing their hair out.

Passwords 140

Passwords DDOS Cryptocurrency Data breaches 140

WIRED Threat Level

JULY 2, 2018

For years the Army has tried to recruit talent from Silicon Valley. A new initiative aims to nurture the rising technologists within its own ranks, too.

111

111

Adam Levin

JULY 6, 2018

It’s been a long compromise-filled road with billions of victims along the way, but businesses are finally embracing the need for creating a culture where good cyber hygiene is emphasized and rewarded. But how much is enough? It is increasingly common knowledge that email attachments can be dangerous. And most people these days know that they should be using a harder to guess password than “password” or “123qwe.” That said, there’s still a looming threat

Risk 100

Risk Cybersecurity Software Hacking 100

Adam Shostack

JULY 5, 2018

Over at the Leviathan blog, Crispin Cowan writes about “ The Calculus Of Threat Modeling.” Crispin and I have collaborated and worked together over the years, and our approaches are explicitly aligned around the four question frame. What are we working on? One of the places where Crispin goes deeper is definitional. He’s very precise about what a security principal is: A principal is any active entity in system with access privileges that are in any way distinct from some other

Engineering 100

Engineering 100

Schneier on Security

JULY 2, 2018

Interesting research in using traffic analysis to learn things about encrypted traffic. It's hard to know how critical these vulnerabilities are. They're very hard to close without wasting a huge amount of bandwidth. The active attacks are more interesting.

Mobile 164

Mobile Encryption 164

Advertisement

Many cybersecurity awareness platforms offer massive content libraries, yet they fail to enhance employees’ cyber resilience. Without structured, engaging, and personalized training, employees struggle to retain and apply key cybersecurity principles. Phished.io explains why organizations should focus on interactive, scenario-based learning rather than overwhelming employees with excessive content.

Cyber threats

WIRED Threat Level

JULY 3, 2018

To keep malware at bay, the GEOINT App Store has created a screening process that no commercial platform could ever match.

Malware 101

Malware 101

Dark Reading

JULY 3, 2018

Cybercriminals are increasingly turning to cryptojacking over ransomware for a bigger payday. Here's what enterprises need to know in order to protect their digital assets and bank accounts.

Ransomware 82

Ransomware Banking Accountability 82

eSecurity Planet

JULY 3, 2018

VIDEO: Tom Parker of Accenture Security discusses how organizations should budget for cybersecurity - and make the most of what they already have.

Cybersecurity 77

Cybersecurity 77

Schneier on Security

JULY 6, 2018

The Intercept has a long story about the NSA's domestic interception points. Includes some new Snowden documents.

Surveillance 161

Surveillance 161

Advertisement

The DHS compliance audit clock is ticking on Zero Trust. Government agencies can no longer ignore or delay their Zero Trust initiatives. During this virtual panel discussion—featuring Kelly Fuller Gordon, Founder and CEO of RisX, Chris Wild, Zero Trust subject matter expert at Zermount, Inc., and Principal of Cybersecurity Practice at Eliassen Group, Trey Gannon—you’ll gain a detailed understanding of the Federal Zero Trust mandate, its requirements, milestones, and deadlines.

Cybersecurity

WIRED Threat Level

JUNE 30, 2018

Data leaks, NSA secrets, and more of this week's top security news.

100

100

Dark Reading

JULY 5, 2018

SMBs understand they have to focus more on cybersecurity. Here's a look at the areas they say matter most.

Cybersecurity 76

Cybersecurity 76

eSecurity Planet

JULY 6, 2018

The secret to effective employee security awareness training boils down to three things: Train early, often, and explain why.

Security Awareness 69

Security Awareness 69

Thales Cloud Protection & Licensing

JULY 3, 2018

For many organizations, July and August are synonymous with holidays. And, while we all want to disconnect, no one does this completely given how connected we all are. Some successfully disconnect from work, but if they check the news on their phone, call an Uber, watch Netflix on an iPad or sign up for a yoga class via an app, they are still very much connected.

Encryption 63

Encryption Passwords Data breaches Education 63

Advertisement

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

Passwords

WIRED Threat Level

JULY 3, 2018

As the push for more digital privacy grows, the question is whether the courts or lawmakers will step up to protect our rights—or if it will fall through the cracks.

95

95

Dark Reading

JULY 5, 2018

The most effective hackers keep things simple, something organizations must take into account.

Accountability 65

Accountability 65

Threatpost

JULY 1, 2018

New macOS malware targets crypto community via chat networks Slack and Discord.

Cryptocurrency 52

Cryptocurrency Malware Hacking 52

The Security Ledger

JULY 4, 2018

Quantum principles are set to transform the next generation of Internet security, with new quantum-based technologies on tap to improve encryption and data communication which researchers believe could solve some of the limitations with current technology. Security researchers in the United Kingdom are among those leading the move toward quantum. Read the whole entry. » Related Stories Lasers Eyed as Way Forward for Quantum Encryption of Data, Cryptocurrencies Kaspersky Deems Crypto-jacking

Encryption 40

Encryption IoT Cryptocurrency Technology 40

Speaker: Sierre Lindgren

Fraud is a battle that every organization must face – it’s no longer a question of “if” but “when.” Every organization is a potential target for fraud, and the finance department is often the bullseye. From cleverly disguised emails to fraudulent payment requests, the tactics of cybercriminals are advancing rapidly. Drawing insights from real-world cases and industry expertise, we’ll explore the vulnerabilities in your processes and how to fortify them effectively.

Scams

Schneier on Security

JULY 6, 2018

Chinese buyers are canceling orders to buy US squid in advance of an expected 25% tariff. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Read my blog posting guidelines here.

117

117

Dark Reading

JULY 5, 2018

A new variant of old malware scans a system before deciding just how to administer pain.

Malware 65

Malware Ransomware 65

Threatpost

JULY 6, 2018

The July Android Security bulletin tackles 44 vulnerabilities in all, with the bulk rated high in severity.

Mobile 51

Mobile 51

The Security Ledger

JULY 3, 2018

Because of its potential to earn hackers millions in a steady stream of cash, Kaspersky Labs has deemed crypto-jacking the new ransomware in a report that arrived just as researchers spotted two new types of malware targeting the growing popularity of cryptocurrencies. In its report released last Wednesday, Kaspersky declared that crypto-mining. Read the whole entry. » Related Stories Akamai Report finds DDoS Attacks more Sophisticated, Adaptive Evasive new botnet can take over enterprise

Ransomware 40

Ransomware Cryptocurrency DDOS Malware 40

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Software

Dark Reading

JULY 3, 2018

Others should boost their security controls to get in sync with AB 375. or get ready to be sued hundreds of dollars for each personal record exposed in a breach.

59

59

Dark Reading

JULY 6, 2018

OSX.Dummy depends on substantial help from an unwary victim.

Cryptocurrency 58

Cryptocurrency Malware 58

Dark Reading

JULY 6, 2018

The Israeli hacking firm says its stolen software is worth hundreds of millions of dollars.

Hacking 56

Hacking Software 56

Dark Reading

JULY 6, 2018

At a Moscow-based security conference, Russian President Vladimir Putin said countries should work together amid the rise of cyberthreats.

Cybersecurity 55

Cybersecurity 55

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!