Sat.Mar 31, 2018 - Fri.Apr 06, 2018

article thumbnail

Public Hearing on IoT Risks

Schneier on Security

The US Consumer Product Safety Commission is holding hearings on IoT risks: The U.S. Consumer Product Safety Commission (CPSC, Commission, or we) will conduct a public hearing to receive information from all interested parties about potential safety issues and hazards associated with internet-connected consumer products. The information received from the public hearing will be used to inform future Commission risk management work.

IoT 185
article thumbnail

Weekly Update 81 (Hawaii Edition)

Troy Hunt

We're in Hawaii! "We" being Scott Helme and myself and we're here for the Loco Moco Sec conference which has been a heap of fun (the location may have played a part in that.) And what a location: Scott joined me for this week's update and we were fresh out of a great talk from the Google Chrome Security PM so have a bit to share there about changes coming to the browser.

Mobile 130
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Thales Executives Speak to Press about UK Cybersecurity Developments

Thales Cloud Protection & Licensing

Thales eSecurity’s CTO Jon Geater and Peter Carlisle , Thales eSecurity’s VP of Sales, EMEA, were recently featured in major news outlets espousing their opinions about internet-connected devices and the new Cyber Security Export Strategy. Geater, on new UK IoT security guidelines. Earlier this month, the UK government announced guidelines to make internet-connected devices safer.

article thumbnail

Fin7: The Billion-Dollar Hacking Group Behind a String of Big Breaches

WIRED Threat Level

Fin7, also known as JokerStash, Carbanak, and other names, is one of the most successful criminal hacking groups in the world.

Hacking 106
article thumbnail

IDC Analyst Report: The Open Source Blind Spot Putting Businesses at Risk

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

article thumbnail

Musical Ciphers

Schneier on Security

Interesting history.

article thumbnail

Top 10 Distributed Denial of Service (DDoS) Vendors

eSecurity Planet

Compare top 10 DDoS vendors on key characteristics such as use cases, delivery, intelligence, and pricing, to help your enterprise choose the best solution for your DDoS security needs.

DDOS 64

More Trending

article thumbnail

A 200-Year-Old Idea Offers a New Way to Trace Stolen Bitcoins

WIRED Threat Level

Cambridge researchers point to an 1816 precedent that could fundamentally change how "dirty" Bitcoins are tracked.

106
106
article thumbnail

Insecure SCADA Systems Blamed in Rash of Pipeline Data Network Attacks

Threatpost

After a cyberattack shut down numerous pipeline communication networks this week experts are stressing the importance of securing third-party systems in supervisory control and data acquisition (SCADA) environments.

article thumbnail

How to Build a Cybersecurity Incident Response Plan

Dark Reading

Being hit by a cyberattack is going to be painful. But it can be less painful if you're prepared, and these best practices can help.

article thumbnail

Mark your calendars: Mandatory data-breach notification rules come into force November 1

Privacy and Cybersecurity Law

via Anca Sattler, Dentons Canada LLP. The federal government released an Order in Council , dated March 26, 2018, announcing that the mandatory data-breach notification rules will come into force on November 1, on the recommendation of Navdeep Bains, Minister of Industry, Science and Economic Development. After nearly three years, sections 10, 11, and 14, subsections 17(1) and (4) and sections 19 and 22 to 25 of the Digital Privacy Act, Chapter 32 will come into effect to amend the Personal Info

article thumbnail

Beware of Pixels & Trackers on U.S. Healthcare Websites

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

article thumbnail

DC's Stingray Mess Won't Get Cleaned Up

WIRED Threat Level

DHS this week confirmed that Washington, DC is littered with fake cell tower surveillance devices, but nothing will likely be done to fix it.

article thumbnail

Intel Halts Spectre Fixes On Older Chips, Citing Limited Ecosystem Support

Threatpost

Intel has halted patches for older chips addressing the Spectre vulnerability, according to a recent microcode update.

75
article thumbnail

Hudson's Bay Brands Hacked, 5 Million Credit Card Accounts Stolen

Dark Reading

The infamous Carbanak/FIN7 cybercrime syndicate breached Saks and Lord & Taylor and is now selling some of the stolen credit card accounts on the Dark Web.

article thumbnail

Mark your calendars: Mandatory data-breach notification rules come into force November 1

Privacy and Cybersecurity Law

The federal government released an Order in Council, dated March 26, 2018, announcing that the mandatory data-breach notification rules will […].

article thumbnail

Software Composition Analysis: The New Armor for Your Cybersecurity

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

article thumbnail

Facebook Messenger's 'Unsend' Feature Is What Happens When You Scramble

WIRED Threat Level

It's good that Facebook is addressing its many privacy woes, but reacting rather than planning leaves some fixes feeling half-baked.

80
article thumbnail

Mirai Variant Targets Financial Sector With IoT DDoS Attacks

Threatpost

Researchers said a Mirai botnet variant, possibly linked to the IoTroop or Reaper botnet, was leveraged in attacks against the financial sector.

IoT 60
article thumbnail

Panera Bread Leaves Millions of Customer Records Exposed Online

Dark Reading

Personal information exposed in plain text for months on Panerabread.com and the company's response failed to rise to the challenge.

62
article thumbnail

Akamai DDoS Mitigation Solution: Overview and Analysis

eSecurity Planet

We review Akamai's DDoS solution, which handles up to 8 Tbps of network capacity while mitigating DNS-based DDoS attacks and protecting DNS services.

DDOS 53
article thumbnail

From Complexity to Clarity: Strategies for Effective Compliance and Security Measures

Speaker: Erika R. Bales, Esq.

When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.

article thumbnail

Google Bans All Cryptomining Extensions From the Chrome Store

WIRED Threat Level

As cryptojacking takes over the web, Google will put a stop to cryptomining extensions that prey on unsuspecting installers.

82
article thumbnail

Privacy Advocates Blast Facebook After Data Scraping Scandal

Threatpost

Privacy advocates are up in arms after Facebook CEO Mark Zuckerberg said most of the two billion users of the social network may have had their data scraped by malicious actors using a reverse search tool.

Media 49
article thumbnail

One-Third of Internal User Accounts Are 'Ghost Users'

Dark Reading

Attackers and malware can easily move laterally through an organization, thanks to inadequate access controls on file systems and a proliferation of inactive but enabled users.

article thumbnail

Imperva Incapsula: DDoS Protection Overview and Analysis

eSecurity Planet

We review Imperva Incapsula's DDoS protection capabilities, which filter traffic through a series of progressive challenges that block attacks without slowing legitimate traffic.

DDOS 40
article thumbnail

Successful Change Management with Enterprise Risk Management

Speaker: William Hord, Vice President of ERM Services

A well-defined change management process is critical to minimizing the impact that change has on your organization. Leveraging the data that your ERM program already contains is an effective way to help create and manage the overall change management process within your organization. Your ERM program generally assesses and maintains detailed information related to strategy, operations, and the remediation plans needed to mitigate the impact on the organization.

article thumbnail

Paul Nakasone Will Have to Balance NSA Needs With US Cyber Command Background

WIRED Threat Level

The appointment of Paul Nakasone raises the question again: Should the NSA and Cyber Command be controlled by one man?

81
article thumbnail

Panera Bread Slammed After Keeping Massive Data Leak Quiet For Eight Months

Threatpost

Panera is in hot water after sitting on a massive data leak for eight months on its website - and then trying to downplay the amount of customers impacted by the leak.

article thumbnail

Is Security Accelerating Your Business?

Dark Reading

With an ever-growing list of security and compliance requirements, security can hinder or slow business initiatives. Is your security department stuck in slow gear or can it go faster?

49
article thumbnail

Verisign DDoS Protection Services: Overview and Analysis

eSecurity Planet

We review Verisign’s DDoS mitigation capabilities, which include monitoring and mitigation services, as well as the ability to ingest threat data from an enterprise’s existing security systems.

DDOS 40
article thumbnail

Cover Your SaaS: How to Overcome Security Challenges and Risks For Your Organization

Speaker: Ronald Eddings, Cybersecurity Expert and Podcaster

So, you’ve accomplished an organization-wide SaaS adoption. It started slow, and now just a few team members might be responsible for running Salesforce, Slack, and a few others applications that boost productivity, but it’s all finished. Or is it? Through all the benefits offered by SaaS applications, it’s still a necessity to onboard providers as quickly as possible.

article thumbnail

Cyberinsurance Tries to Tackle the Unpredictable World of Hacks

WIRED Threat Level

Insuring against hacks and breaches can be a lucrative business—but also presents unique challenges.

Hacking 79
article thumbnail

Intel Tells Remote Keyboard Users to Delete App After Critical Bug Found

Threatpost

Intel said it is lights out for its Remote Keyboard app just as security researchers find three vulnerabilities that let local attackers inject keystrokes in sessions.

Mobile 47
article thumbnail

Businesses Fear 'Catastrophic Consequences' of Unsecured IoT

Dark Reading

Only 29% of respondents in a new IoT security survey say they actively monitor the risk of connected devices used by third parties.

IoT 56
article thumbnail

AlienVault vs Splunk: Top SIEM Solutions Compared

eSecurity Planet

A look at the strengths and weaknesses of AlienVault and Splunk, two leading SIEM solutions.

58
article thumbnail

How Preparation and Strategy Can Be Used to Fight and Defeat Any Ransomware Attack

Speaker: Karl Camilleri, Cloud Services Product Manager at phoenixNAP

Did you know that 2021 was a record-breaking year for ransomware? The days of a “once in a while” attack against businesses and organizations are over. Cyberthreats have become a serious issue. With 495.1 million attacks, the threat marked a 148% increase compared to 2020 and was the most expensive year on record! As a result, data protection needs to be a concern for most banks, businesses, and information technology specialists.