Schneier on Security
OCTOBER 14, 2019
This theoretical paper shows how to factor 2048-bit RSA moduli with a 20-million qubit quantum computer in eight hours. It's interesting work, but I don't want overstate the risk. We know from Shor's Algorithm that both factoring and discrete logs are easy to solve on a large, working quantum computer. Both of those are currently beyond our technological abilities.
Krebs on Security
OCTOBER 15, 2019
“ BriansClub ,” one of the largest underground stores for buying stolen credit card data, has itself been hacked. The data stolen from BriansClub encompasses more than 26 million credit and debit card records taken from hacked online and brick-and-mortar retailers over the past four years, including almost eight million records uploaded to the shop in 2019 alone.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Troy Hunt
OCTOBER 12, 2019
Australia! Geez it's nice to sit amongst the gum trees and listen to the birds, even if it's right in the middle of some fairly miserable weather. I'll continue to be here for the foreseeable future too, at least in one state or another. But being back here hasn't stopped me talking about European laws being handled by a local American website nor commentating on the (now well and truly over) debate about the usefulness of visual identity indicators in browsers.
Tech Republic Security
OCTOBER 15, 2019
If your privacy is more important than Facebook knowing exactly where you are at all times, you might want to disable location tracking.
Advertisement
How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.
Schneier on Security
OCTOBER 15, 2019
Lots of them weren't very good : BSD co-inventor Dennis Ritchie, for instance, used "dmac" (his middle name was MacAlistair); Stephen R. Bourne, creator of the Bourne shell command line interpreter, chose "bourne"; Eric Schmidt, an early developer of Unix software and now the executive chairman of Google parent company Alphabet, relied on "wendy!!!" (the name of his wife); and Stuart Feldman, author of Unix automation tool make and the first Fortran compiler, used "axolotl" (the name of a Mexica
Krebs on Security
OCTOBER 16, 2019
Cybercrime forums have been abuzz this week over news that BriansClub — one of the underground’s largest shops for stolen credit and debit cards — has been hacked, and its inventory of 26 million cards shared with security contacts in the banking industry. Now it appears this brazen heist may have been the result of one of BriansClub’s longtime competitors trying to knock out a rival.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
Tech Republic Security
OCTOBER 15, 2019
The number of attacks on IoT devices in 2019 is nine times greater than the number found in the first half of 2018.
Schneier on Security
OCTOBER 17, 2019
This is interesting research : In a BGP hijack, a malicious actor convinces nearby networks that the best path to reach a specific IP address is through their network. That's unfortunately not very hard to do, since BGP itself doesn't have any security procedures for validating that a message is actually coming from the place it says it's coming from. [.].
Adam Levin
OCTOBER 18, 2019
U.S. mailing services company Pitney-Bowes experienced services outages after a ransomware attack earlier this week. “It has been confirmed that our systems have been affected by a malware attack that encrypted information on some systems and disrupted client access to our services. Our technical and operational teams are making progress to restore the affected systems.
Adam Shostack
OCTOBER 15, 2019
The Cybok project has released its v1 “Risk Management & Governance Knowledge Area”; I was a reviewer. Towards Automated Security Design Flaw Detection is an interesting paper from academics in Belgium and Sweden. Steve Lipner offers “ Lessons learned through 15 years of SDL at work “ Charles Wilson has perspective on threat modeling devices in “ Does That Come in a Large?
Advertiser: Revenera
In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.
Tech Republic Security
OCTOBER 14, 2019
The FBI Cyber Task Force recently issued a Private Industry Notice on how businesses can deal with vulnerabilities tied to token and phone-based multi-factor authentication methods.
Schneier on Security
OCTOBER 18, 2019
Interesting proof of concept : At the CS3sthlm security conference later this month, security researcher Monta Elkins will show how he created a proof-of-concept version of that hardware hack in his basement. He intends to demonstrate just how easily spies, criminals, or saboteurs with even minimal skills, working on a shoestring budget, can plant a chip in enterprise IT equipment to offer themselves stealthy backdoor access.
Thales Cloud Protection & Licensing
OCTOBER 15, 2019
It is the year 2030, and you have had another busy day. As you finish what you thought would be your last espresso and grab your laptop to leave work, your colleague tells you that you need to stay late for an urgent meeting. Panic sets in, but you push past it and put a plan into motion. To pick your daughter up from school, you call a driverless car.
Security Affairs
OCTOBER 15, 2019
Experts discovered a security policy bypass issue in the Sudo utility that is installed as a command on almost every Linux and Unix system. The Sudo utility that is installed as a command on almost every Linux and Unix system is affected by a security policy bypass issue tracked as CVE-2019-14287. The vulnerability could be exploited by an ill-intentioned user or a malicious program to execute arbitrary commands as root on a targeted Linux system, even if the “ sudoers configuration”
Advertisement
The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.
Tech Republic Security
OCTOBER 15, 2019
James Plouffe, cybersecurity consultant for "Mr. Robot" reveals how he helped make hacking a reality on the USA-Network drama series starring Rami Malek and Christian Slater.
Schneier on Security
OCTOBER 18, 2019
Last month, I gave a 15-minute talk in London titled: " Why technologists need to get involved in public policy.". In it, I try to make the case for public-interest technologists. (I also maintain a public-interest tech resources page , which has pretty much everything I can find in this space. If I'm missing something, please let me know.). Boing Boing post.
Daniel Miessler
OCTOBER 13, 2019
This is UL Member Content Subscribe Already a member? Login No related posts.
Dark Reading
OCTOBER 18, 2019
Glitching (or fault-injection) attacks aren't easy (yet). But get ready, because as the IoT grows, these attacks will be a big reason that hardware security should be part of your cybersecurity planning.
Speaker: Blackberry, OSS Consultants, & Revenera
Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?
Tech Republic Security
OCTOBER 16, 2019
Hundreds of fake domains have been set up against some of the presidential candidates through typosquatting, according to a report from digital risk company Digital Shadows.
Security Affairs
OCTOBER 13, 2019
Confiant researchers have discovered a new Mac malware dubbed Tarmac distributed via malvertising campaigns in the US, Italy, and Japan. Security experts at Confiant have discovered a new Mac malware dubbed Tarmac that is distributed via malvertising campaigns in the US, Italy, and Japan. “Malicious ads redirect victims to sites showing popups peddling software updates, mainly Adobe Flash Player updates, that once executed will install first install the OSX/ Shlayer MacOS malware , which t
WIRED Threat Level
OCTOBER 17, 2019
The untold story of how digital detectives unraveled the mystery of Olympic Destroyer—and why the next big cyberattack will be even harder to crack.
Dark Reading
OCTOBER 14, 2019
Beijing likely saved a lot of time and billions of dollars by copying components for its C919 plane from others, a new report from CrowdStrike says.
Advertisement
Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.
Tech Republic Security
OCTOBER 15, 2019
Learn how to secure and protect your Apple Card, both the virtual card and the physical one.
Security Affairs
OCTOBER 14, 2019
Winnti Group is back with a new modular Win backdoor that was used to infect the servers of a high-profile Asian mobile hardware and software manufacturer. Security experts at ESET revealed that Winnti Group continues to update its arsenal, they observed that the China-linked APT group using a new modular Windows backdoor that they used to infect the servers of a high-profile Asian mobile hardware and software manufacturer.
Threatpost
OCTOBER 14, 2019
The company acknowledged it’s using ‘safe browsing’ technology from Tencent, which has ties to the Chinese government.
Dark Reading
OCTOBER 14, 2019
A company's security battle is not between that company and a specific fraudster; rather, it's between the company and connected cybercriminal ecosystem.
Speaker: Erika R. Bales, Esq.
When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.
Tech Republic Security
OCTOBER 16, 2019
TechRepublic's Karen Roby talks with a cryptocurrency expert about blockchain, bitcoin, and IoT-connected devices.
Security Affairs
OCTOBER 14, 2019
Cybercrime gang behind the Emotet malware is targeting organization with external SOC with emails claiming to deliver a SOC “weekly report.”. Introduction. The group behind Emotet malware is getting smarter and smarter in the way the y deliver such a Malware. While the infection schema looks alike from years; the way the group tries to infect victims improves from day to day.
Threatpost
OCTOBER 15, 2019
The bug allows users to bypass privilege restrictions to execute commands as root.
Dark Reading
OCTOBER 15, 2019
Criminals are becoming more sophisticated and targeted in going after enterprise organizations, a new Q2/Q3 report finds.
Speaker: William Hord, Vice President of ERM Services
A well-defined change management process is critical to minimizing the impact that change has on your organization. Leveraging the data that your ERM program already contains is an effective way to help create and manage the overall change management process within your organization. Your ERM program generally assesses and maintains detailed information related to strategy, operations, and the remediation plans needed to mitigate the impact on the organization.
Expert insights. Personalized for you.
219 
Let's personalize your content