Troy Hunt
JULY 2, 2018
Back in 2011, Microsoft gave me the rather awesome (IMHO) Most Valuable Professional Award for the first time. This is Microsoft's award for community leadership within a technology discipline which for me at the time, was developer security. I'm confident that award came largely due to the work I did on the OWASP Top 10 for.NET Developers series , a 10-part epic blog series that set me on the path to where I am today.
Krebs on Security
JULY 6, 2018
Energy giant ExxonMobil recently sent snail mail letters to its Plenti rewards card members stating that the points program was being replaced with a new one called Exxon Mobil Rewards+. Unfortunately, the letter includes a confusing toll free number and directs customers to a parked page that tries to foist Web browser extensions on visitors. The mailer (the first page of which is screenshotted below) urges customers to visit exxonmobilrewardsplus[dot]com, to download its mobile app, and to cal
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Schneier on Security
JULY 3, 2018
The California legislature unanimously passed the strongest data privacy law in the nation. This is great news, but I have a lot of reservations. The Internet tech companies pressed to get this law passed out of self-defense. A ballot initiative was already going to be voted on in November, one with even stronger data privacy protections. The author of that initiative agreed to pull it if the legislature passed something similar, and that's why it did.
Adam Levin
JULY 2, 2018
If you know anyone who maintains social media accounts and works in law enforcement, and they don’t use an alias, send them this article. Scratch that. If you know anyone who might be targeted by hackers who has too much real information “out there” (i.e., most people), send this article to them. It’s no secret that people with high-profile outward facing jobs have long used aliases–actors, media personalities, professional athletes, models, etc.
Advertisement
How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.
Troy Hunt
JULY 6, 2018
It's a week of tweets! I only wrote the one short blog post this week, but I spent a heap of time on the Twitters arguing with people instead so. that's something? But seriously, there was a huge amount of discussion around HTTPS in particular and some very vocal opinions around its usefulness (or lack thereof), which frankly, had myself and many others tearing their hair out.
Adam Shostack
JULY 5, 2018
Over at the Leviathan blog, Crispin Cowan writes about “ The Calculus Of Threat Modeling.” Crispin and I have collaborated and worked together over the years, and our approaches are explicitly aligned around the four question frame. What are we working on? One of the places where Crispin goes deeper is definitional. He’s very precise about what a security principal is: A principal is any active entity in system with access privileges that are in any way distinct from some other
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
WIRED Threat Level
JULY 2, 2018
For years the Army has tried to recruit talent from Silicon Valley. A new initiative aims to nurture the rising technologists within its own ranks, too.
Dark Reading
JULY 3, 2018
Cybercriminals are increasingly turning to cryptojacking over ransomware for a bigger payday. Here's what enterprises need to know in order to protect their digital assets and bank accounts.
Thales Cloud Protection & Licensing
JULY 3, 2018
For many organizations, July and August are synonymous with holidays. And, while we all want to disconnect, no one does this completely given how connected we all are. Some successfully disconnect from work, but if they check the news on their phone, call an Uber, watch Netflix on an iPad or sign up for a yoga class via an app, they are still very much connected.
Schneier on Security
JULY 6, 2018
The Intercept has a long story about the NSA's domestic interception points. Includes some new Snowden documents.
Advertiser: Revenera
In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.
WIRED Threat Level
JULY 5, 2018
It's never a bad time to audit your app permissions. In fact, it's more important than ever.
eSecurity Planet
JULY 3, 2018
VIDEO: Tom Parker of Accenture Security discusses how organizations should budget for cybersecurity - and make the most of what they already have.
Dark Reading
JULY 5, 2018
SMBs understand they have to focus more on cybersecurity. Here's a look at the areas they say matter most.
Schneier on Security
JULY 5, 2018
At least right now, facial recognition algorithms don't work with Juggalo makeup.
Advertisement
The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.
WIRED Threat Level
JULY 3, 2018
As the push for more digital privacy grows, the question is whether the courts or lawmakers will step up to protect our rights—or if it will fall through the cracks.
Threatpost
JULY 1, 2018
More companies – particularly social media firms – may follow Facebook’s footsteps in turning to bug bounty programs to scout out any data privacy abuse on their platforms, experts say.
Dark Reading
JULY 3, 2018
Others should boost their security controls to get in sync with AB 375. or get ready to be sued hundreds of dollars for each personal record exposed in a breach.
The Security Ledger
JULY 4, 2018
Quantum principles are set to transform the next generation of Internet security, with new quantum-based technologies on tap to improve encryption and data communication which researchers believe could solve some of the limitations with current technology. Security researchers in the United Kingdom are among those leading the move toward quantum. Read the whole entry. » Related Stories Lasers Eyed as Way Forward for Quantum Encryption of Data, Cryptocurrencies Kaspersky Deems Crypto-jacking
Speaker: Blackberry, OSS Consultants, & Revenera
Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?
WIRED Threat Level
JULY 3, 2018
To keep malware at bay, the GEOINT App Store has created a screening process that no commercial platform could ever match.
Threatpost
JULY 1, 2018
More companies – particularly social media firms – may follow Facebook’s footsteps in turning to bug bounty programs to scout out any data privacy abuse on their platforms, experts say.
Dark Reading
JULY 6, 2018
Classic kill chain models that aim to find and stop external attacks don't account for threats from insiders. Here what a modern kill chain should include.
The Security Ledger
JULY 3, 2018
Because of its potential to earn hackers millions in a steady stream of cash, Kaspersky Labs has deemed crypto-jacking the new ransomware in a report that arrived just as researchers spotted two new types of malware targeting the growing popularity of cryptocurrencies. In its report released last Wednesday, Kaspersky declared that crypto-mining. Read the whole entry. » Related Stories Akamai Report finds DDoS Attacks more Sophisticated, Adaptive Evasive new botnet can take over enterprise
Advertisement
Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.
WIRED Threat Level
JUNE 30, 2018
Data leaks, NSA secrets, and more of this week's top security news.
Threatpost
JULY 5, 2018
A look at the underground cybercrime landscape in 2018 shows a dynamic and quick-reacting community in the face of a successful crackdowns by law enforcement.
Dark Reading
JULY 3, 2018
The first half of 2018 saw more cryptocurrency theft than all of 2017 combined, driving a rise in digital money laundering as criminals elude authorities.
eSecurity Planet
JULY 6, 2018
The secret to effective employee security awareness training boils down to three things: Train early, often, and explain why.
Speaker: Erika R. Bales, Esq.
When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.
Adam Levin
JULY 6, 2018
It’s been a long compromise-filled road with billions of victims along the way, but businesses are finally embracing the need for creating a culture where good cyber hygiene is emphasized and rewarded. But how much is enough? It is increasingly common knowledge that email attachments can be dangerous. And most people these days know that they should be using a harder to guess password than “password” or “123qwe.” That said, there’s still a looming threat
Threatpost
JULY 3, 2018
After users complained online that their Galaxy devices are randomly sending photos to contacts, Samsung said it isn't a hardware or software issue.
Dark Reading
JULY 6, 2018
At a Moscow-based security conference, Russian President Vladimir Putin said countries should work together amid the rise of cyberthreats.
Schneier on Security
JULY 6, 2018
Chinese buyers are canceling orders to buy US squid in advance of an expected 25% tariff. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Read my blog posting guidelines here.
Speaker: William Hord, Vice President of ERM Services
A well-defined change management process is critical to minimizing the impact that change has on your organization. Leveraging the data that your ERM program already contains is an effective way to help create and manage the overall change management process within your organization. Your ERM program generally assesses and maintains detailed information related to strategy, operations, and the remediation plans needed to mitigate the impact on the organization.
Expert insights. Personalized for you.
152 
Let's personalize your content