Sat.May 05, 2018 - Fri.May 11, 2018

article thumbnail

Ray Ozzie's Encryption Backdoor

Schneier on Security

Last month, Wired published a long article about Ray Ozzie and his supposed new scheme for adding a backdoor in encrypted devices. It's a weird article. It paints Ozzie's proposal as something that "attains the impossible" and "satisfies both law enforcement and privacy purists," when (1) it's barely a proposal, and (2) it's essentially the same key escrow scheme we've been hearing about for decades.

article thumbnail

The Decreasing Usefulness of Positive Visual Security Indicators (and the Importance of Negative Ones)

Troy Hunt

Remember when web security was all about looking for padlocks? I mean in terms of the advice we gave your everyday people, that's what it boiled down to - "look for the padlock before entering passwords or credit card info into a website" Back in the day, this was pretty solid advice too as it gave you confidence not just in the usual confidentiality, integrity and authenticity of the web traffic, but in the legitimacy of the site as well.

Phishing 116
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

How to Keep Hackers Out of Your Facebook and Twitter Accounts

WIRED Threat Level

Scammers, pranksters, and bad actors all want to break into whatever social media accounts they can. Here's how to keep yours safe.

article thumbnail

Properly Framing the Cost of a Data Breach

Dark Reading

The expenses and actions typically associated with a cyberattack are not all created equal. Here's how to explain what's important to the C-suite and board.

article thumbnail

IDC Analyst Report: The Open Source Blind Spot Putting Businesses at Risk

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

article thumbnail

Virginia Beach Police Want Encrypted Radios

Schneier on Security

This article says that the Virginia Beach police are looking to buy encrypted radios. Virginia Beach police believe encryption will prevent criminals from listening to police communications. They said officer safety would increase and citizens would be better protected. Someone should ask them if they want those radios to have a backdoor.

article thumbnail

Weekly Update 86

Troy Hunt

This week, Scott Helme is getting bitten by Aussie critters whilst working from a desert island. He's here on the Gold Coast for the NDC Security event next week so I thought we'd record the update together so we grabbed a couple of cold ones, wandered down to the backyard and recorded there. We cover off a bunch of bits and pieces related to things we're working on together (workshops and Report URI) as well as some (mostly) commonly held views about HTTPS, EV certs and visual indicators.

Passwords 111

More Trending

article thumbnail

Phishing Attack Bypasses Two-Factor Authentication

Dark Reading

Hacker Kevin Mitnick demonstrates a phishing attack designed to abuse multi-factor authentication and take over targets' accounts.

article thumbnail

Airline Ticket Fraud

Schneier on Security

New research: " Leaving on a jet plane: the trade in fraudulently obtained airline tickets :". Abstract: Every day, hundreds of people fly on airline tickets that have been obtained fraudulently. This crime script analysis provides an overview of the trade in these tickets, drawing on interviews with industry and law enforcement, and an analysis of an online blackmarket.

article thumbnail

GandCrab Ransomware Found Hiding on Legitimate Websites

Threatpost

The GandCrab ransomware continues to virulently spread and adapt to shifting cyber-conditions, most recently crawling back into relevance on the back of several large-scale spam campaigns.

article thumbnail

Facial Recognition Tech Is Creepy When It Works—And Creepier When It Doesn’t

WIRED Threat Level

It's a powerful tool, but recent incidents have shown that there's no winning with facial recognition.

93
article thumbnail

Beware of Pixels & Trackers on U.S. Healthcare Websites

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

article thumbnail

Gandcrab Ransomware Exploits Website Vulnerabilities

Dark Reading

Researchers find campaigns distributing Gandcrab by hosting malware on legitimate websites with poor security measures.

article thumbnail

Nutanix and Thales, Hyerconverged & Hypersecure

Thales Cloud Protection & Licensing

The rapid adoption of hyperconverged infrastructure (HCI) solutions have been due to their proven ability to deliver scalability, agility, reduced costs, storage redundancy, and reliability. As the market leader in this space, the Nutanix Enterprise Cloud is on the forefront of integrating virtualization, storage, networking, and security, in a turnkey HCI solution.

article thumbnail

PoS Malware ‘TreasureHunter’ Source Code Leaked

Threatpost

The leak of point-of-sale malware source code is a double-edge sword to researchers who view it as boon to research, but a headache when it comes to inspiring future variants and attacks.

Malware 61
article thumbnail

Microsoft Enabling Javascript in Excel Has Security Pros Anxious

WIRED Threat Level

Enabling JavaScript should make Excel more powerful, but increasing access points makes it even more of a web security nightmare than it already is.

76
article thumbnail

Software Composition Analysis: The New Armor for Your Cybersecurity

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

article thumbnail

The New Security Playbook: Get the Whole Team Involved

Dark Reading

Smart cybersecurity teams are harnessing the power of human intelligence so employees take the right actions.

article thumbnail

It’s Eleven O’Clock. Do You Know If Your Organizational Data Is Safe?

Thales Cloud Protection & Licensing

Data is increasingly amassed and harnessed to accelerate organizational transformation in the new digital economy. But because databases can hold sensitive details, protecting them is imperative. Unprotected data at rest is an attractive target for cybercriminals, and in today’s ever more distributed environment, not a week goes by without hearing of a new data breach.

article thumbnail

New Facebook-Spread Malware Triggers Credential Theft, Cryptomining

Threatpost

A new malware campaign being rapidly spread on Facebook is infecting users' systems to perform credential theft, cryptomining, and click fraud.

Malware 57
article thumbnail

Georgia Hacking Bill SB315 Gets Cybersecurity All Wrong

WIRED Threat Level

Georgia's SB315 discourages security research and encourages hacking back—meaning it's exactly backwards.

Hacking 80
article thumbnail

From Complexity to Clarity: Strategies for Effective Compliance and Security Measures

Speaker: Erika R. Bales, Esq.

When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.

article thumbnail

As Personal Encryption Rises, So Do Backdoor Concerns

Dark Reading

Geopolitical changes drive personal encryption among security pros, who are increasingly worried about encryption backdoors.

article thumbnail

What Is SQL Injection and How Can It Hurt You?

eSecurity Planet

Using SQL injection, hackers can wreak havoc on databases and data-driven applications. Fortunately, there are ways to reduce SQL injection risk.

Risk 46
article thumbnail

Secrets of the Wiper: Inside the World’s Most Destructive Malware

Threatpost

The actors behind this kind of code, whether they’re bent on sending a political message or simply wanting to cover their tracks after data exfiltration, have adopted various techniques to carry out those activities.

Malware 48
article thumbnail

Drone Swarms, North Korean Antivirus, and More Security News This Week

WIRED Threat Level

Bad drones, boobytrapped North Korean antivirus, and more of the week's top security news.

article thumbnail

Successful Change Management with Enterprise Risk Management

Speaker: William Hord, Vice President of ERM Services

A well-defined change management process is critical to minimizing the impact that change has on your organization. Leveraging the data that your ERM program already contains is an effective way to help create and manage the overall change management process within your organization. Your ERM program generally assesses and maintains detailed information related to strategy, operations, and the remediation plans needed to mitigate the impact on the organization.

article thumbnail

Report: More Breaches Despite Increasing Security Budgets

Dark Reading

Lack of security talent, low security awareness among employees, and too much data to analyze tops the list of cyberthreats in the 2018 Cyberthreat Defense Threat Report from CyberEdge group.

article thumbnail

How the Kubernetes Security Response Team Works

eSecurity Planet

VIDEO: Brandon Philips, former CTO of CoreOS, talks about how the Kubernetes security team works and responds to vulnerability reports.

48
article thumbnail

Nigerian BEC Scammers Growing Smarter, More Dangerous

Threatpost

Nigerian-based cybercriminals are growing more dangerous as they add sophisticated tools to their arsenal, including complex remote access trojans, a new report reveals.

Scams 48
article thumbnail

Technical Writing Tips for IT Professionals

Lenny Zeltser

This cheat sheet offers guidelines for IT professionals seeking to improve technical writing skills. To print it, use the one-page PDF version; you can also customize the Word version of the document. General Recommendations. Determine your write-up’s objectives and audience. Keep the write-up as short and simple as possible to achieve the objectives.

article thumbnail

Cover Your SaaS: How to Overcome Security Challenges and Risks For Your Organization

Speaker: Ronald Eddings, Cybersecurity Expert and Podcaster

So, you’ve accomplished an organization-wide SaaS adoption. It started slow, and now just a few team members might be responsible for running Salesforce, Slack, and a few others applications that boost productivity, but it’s all finished. Or is it? Through all the benefits offered by SaaS applications, it’s still a necessity to onboard providers as quickly as possible.

article thumbnail

Electroneum Cryptomining Targets Microsoft IIS 6.0 Vulnerability

Dark Reading

New campaign shows that there are still systems exposed to the year-old CVE-2017-7269 vuln on an operating system that was declared end-of-life three years ago.

55
article thumbnail

Key Steps for Optimizing POS Security

eSecurity Planet

It's not just about PCI DSS compliance – here are three important factors in a POS security solution, plus other ways to avoid credit card breaches.

44
article thumbnail

Vega Stealer Malware Takes Aim at Chrome, Firefox

Threatpost

While it’s a simple payload for now, researchers said Vega has the ability to evolve into something more concerning in the future.

Malware 56
article thumbnail

Who’s more of a threat – insiders or external threat actors?

Thales Cloud Protection & Licensing

In past years’ Thales Data Threat Reports, we asked IT security pros around the world separate questions about whom they believed were the riskiest internal threats and external threats. The results were useful but didn’t allow us to compare which category proved most worrisome. This year, we restructured the two separate questions into a single one, and that gave us some very interesting results about who worries these IT security professionals the most.

article thumbnail

How Preparation and Strategy Can Be Used to Fight and Defeat Any Ransomware Attack

Speaker: Karl Camilleri, Cloud Services Product Manager at phoenixNAP

Did you know that 2021 was a record-breaking year for ransomware? The days of a “once in a while” attack against businesses and organizations are over. Cyberthreats have become a serious issue. With 495.1 million attacks, the threat marked a 148% increase compared to 2020 and was the most expensive year on record! As a result, data protection needs to be a concern for most banks, businesses, and information technology specialists.