Schneier on Security
JUNE 8, 2018
When Marc Zuckerberg testified before both the House and the Senate last month, it became immediately obvious that few US lawmakers had any appetite to regulate the pervasive surveillance taking place on the internet. Right now, the only way we can force these companies to take our privacy more seriously is through the market. But the market is broken.
Troy Hunt
JUNE 8, 2018
I'm not sure how I found myself in a European award program, maybe it's like Australians in Eurovision ? But somehow, I wiggled my way into The European Security Blogger Awards and before even having a chance to come down off the high that was last week's Award for Information Security Excellence at the AusCERT conference in Australia , this happened: @troyhunt hey mate, you just won the EU security blogger of the year.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
WIRED Threat Level
JUNE 3, 2018
Beyond big data, officers are increasingly turning to software and predictive analytics from companies like Palantir to anticipate when and where misdeeds are likely to occur.
Dark Reading
JUNE 2, 2018
Most home office users need to simply power cycle their routers and disable remote access; enterprises with work-at-home employees should move NAS behind the firewall.
Advertisement
How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.
Schneier on Security
JUNE 4, 2018
Last week, researchers disclosed vulnerabilities in a large number of encrypted email clients: specifically, those that use OpenPGP and S/MIME, including Thunderbird and AppleMail. These are serious vulnerabilities : An attacker who can alter mail sent to a vulnerable client can trick that client into sending a copy of the plaintext to a web server controlled by that attacker.
Thales Cloud Protection & Licensing
JUNE 5, 2018
A few years ago, the term cryptocurrency was only used among the tech elite and the only type available for purchase was Bitcoin. Fast forward to 2018 when the average consumer is able to invest and has a pick of over 1,800 different kinds of cryptocurrencies to choose from. It doesn’t come as much of surprise that people are eager to learn more about this new space and profitable industry.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
Dark Reading
JUNE 5, 2018
A researcher found email addresses and hashed passwords of nearly 92.3 million users stored on a server outside MyHeritage.
Schneier on Security
JUNE 5, 2018
Ross Anderson has a new paper on cryptocurrency exchanges. From his blog : Bitcoin Redux explains what's going wrong in the world of cryptocurrencies. The bitcoin exchanges are developing into a shadow banking system, which do not give their customers actual bitcoin but rather display a "balance" and allow them to transact with others. However if Alice sends Bob a bitcoin, and they're both customers of the same exchange, it just adjusts their balances rather than doing anything on the blockchain
Lenny Zeltser
JUNE 2, 2018
If you’re in the business of safeguarding data and the systems that process it, what do you call your profession? Are you in cybersecurity? Information security? Computer security, perhaps? The words we use, and the way in which the meaning we assign to them evolves, reflects the reality behind our language. If we examine the factors that influence our desire to use one security title over the other, we’ll better understand the nature of the industry and its driving forces.
WIRED Threat Level
JUNE 5, 2018
The tech giant will officially acquire the legendary developer platform. The question now is what happens to some of the code it hosts.
Advertiser: Revenera
In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.
Dark Reading
JUNE 8, 2018
The default sharing setting was accidentally changed for millions of accounts during a four-day period last month.
Schneier on Security
JUNE 6, 2018
We all know that it happens: when we see a security warning too often -- and without effect -- we start tuning it out. A new paper uses fMRI, eye tracking, and field studies to prove it.
Threatpost
JUNE 5, 2018
An analysis of 10,000 mobile apps has found that a significant portion of them are open to web API hijacking – thanks to inconsistencies between app and server logic in web APIs.
WIRED Threat Level
JUNE 8, 2018
By expanding the case against Marcus Hutchins, the Department of Justice has signaled a troubling interpretation of cybersecurity law.
Advertisement
The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.
Dark Reading
JUNE 5, 2018
IOActive researcher will demonstrate at Black Hat USA how satellite equipment can be 'weaponized.
Kali Linux
JUNE 5, 2018
UPDATE NOV 2019 This post is out of date as of 2019 as powershell has been added to the primary repos. Just do a: apt update && apt -y install powershell And you will have powershell on your system. Old Post You may already be aware that you can safely add external repositories to your Kali Linux installation but you may not be aware that one of the many repositories available online includes one from Microsoft that includes PowerShell.
Thales Cloud Protection & Licensing
JUNE 6, 2018
Gartner defines digital risk management as “the integrated management of risks associated with digital business components, such as cloud, mobile, social, big data, third-party technology providers, OT and the IoT.” And, as we’ve all seen, the failure to manage digital risks can have a negative impact on the reputation, operations and market value of affected enterprises.
WIRED Threat Level
JUNE 4, 2018
The next version of Safari takes on ad-trackers more aggressively than ever.
Speaker: Blackberry, OSS Consultants, & Revenera
Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?
Dark Reading
JUNE 4, 2018
Cloud-based WAFs protect applications without the costs and complexity of on-prem hardware. Here's what to keep in mind as you browse the growing market.
Threatpost
JUNE 8, 2018
A Facebook glitch in May set millions of posts that users composed to “public" for ten days.
eSecurity Planet
JUNE 6, 2018
Vulnerabilities abound and cybercriminals are more aggressive than ever, but enterprises and security vendors are responding.
WIRED Threat Level
JUNE 7, 2018
In late May, millions of Facebook users had new posts set to public by default.
Advertisement
Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.
Dark Reading
JUNE 4, 2018
Soccer-themed emails and Web pages target fans with fake giveaways and the chance to snag overpriced, illegitimate 'guest tickets.
Threatpost
JUNE 6, 2018
Researchers said they now believe the malware has infected twice the number of router brands than previously stated and that the malware packs a much deadlier punch.
Spinone
JUNE 8, 2018
Organizations are having difficult times trying to keep up with the security levels needed to eliminate or at least minimize modern cyber security problems. As technologies evolve, so do the skills of cyber criminals. The main goal of advanced mechanisms to combat the growing numbers of attacks is to identify the weak points before the hackers do. From identity theft to credit card numbers being taken away, Machine Learning and Artificial Intelligence play an instrumental role in establishing ne
WIRED Threat Level
JUNE 6, 2018
While ditching TLS 1.0 encryption will benefit the payments ecosystem, it'll be rough going for those with older devices.
Speaker: Erika R. Bales, Esq.
When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.
Dark Reading
JUNE 8, 2018
Insider threats -- desktop attacks, security awareness, caffeine -- all worthy contenders in our cartoon caption competition. And the winners are.
Threatpost
JUNE 7, 2018
Amazon, Target and Walmart have pulled the bears from their online markets; but it's the installed base of the connected cuddlies that should be of greater concern.
Troy Hunt
JUNE 8, 2018
I don't normally do back-to-back blog posts, but this was no normal week! I just posted about how I won the European Security Blogger Award Grand Prix Prize for the Best Overall Security Blog and per the title of this post, a couple of hours later Scott Helme and I backed it up with this at the SC Awards : To us! ?? #SCAwards2018 pic.twitter.com/Gv7hhzT9T2 — Report URI (@reporturi) June 5, 2018.
WIRED Threat Level
JUNE 6, 2018
Alexander Nix testified before Parliament, but provided more bluster than answers.
Speaker: William Hord, Vice President of ERM Services
A well-defined change management process is critical to minimizing the impact that change has on your organization. Leveraging the data that your ERM program already contains is an effective way to help create and manage the overall change management process within your organization. Your ERM program generally assesses and maintains detailed information related to strategy, operations, and the remediation plans needed to mitigate the impact on the organization.
Expert insights. Personalized for you.
142 
Let's personalize your content