Krebs on Security
JULY 24, 2020
Thousands of people graduate from colleges and universities each year with cybersecurity or computer science degrees only to find employers are less than thrilled about their hands-on, foundational skills. Here’s a look at a recent survey that identified some of the bigger skills gaps, and some thoughts about how those seeking a career in these fields can better stand out from the crowd.
Troy Hunt
JULY 24, 2020
I love this setup! A huge amount of research went into this but the PC, screens, cameras lights and all the other bits are working really well together. I did my first interview with this setup today and I think I'm actually going to be sticking with the mood lighting for most on-video events now: Fun @InfosecWhiskey interview this morning. I’m running with this lighting setup, just a couple of Hue Go lights and the screens, a beautiful pic from the camera setup.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Schneier on Security
JULY 21, 2020
This hack targets the firmware on modern power supplies. (Yes, power supplies are also computers.). Normally, when a phone is connected to a power brick with support for fast charging, the phone and the power adapter communicate with each other to determine the proper amount of electricity that can be sent to the phone without damaging the device -- the more juice the power adapter can send, the faster it can charge the phone.
Tech Republic Security
JULY 23, 2020
Beware - cybercriminals could be spending days rooting around in employee inboxes for information they can sell to other crooks, or use to mount further attacks.
Advertisement
How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.
Krebs on Security
JULY 23, 2020
In May 2019, KrebsOnSecurity broke the news that the website of mortgage title insurance giant First American Financial Corp. had exposed approximately 885 million records related to mortgage deals going back to 2003. On Wednesday, regulators in New York announced that First American was the target of their first ever cybersecurity enforcement action in connection with the incident, charges that could bring steep financial penalties.
Adam Levin
JULY 24, 2020
Navigation and wearable device company Garmin experienced a widespread outage after a successful ransomware attack July 23. Recent reports have confirmed that the outage was caused by WastedLocker, a ransomware often used to specifically target and disrupt business operations, and closely associated with Evil Corp, the hacking group behind a $100 million crime spree that began in 2011.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
Tech Republic Security
JULY 20, 2020
Spending on security products and services for 2020 could increase as much as 5.6%, or as little as 2.5%, depending on the economic impact of the coronavirus on IT budgets, says Canalys.
Daniel Miessler
JULY 19, 2020
I was thinking about the recent Twitter hack the other day and thought of a simple technique for evaluating possible threat actors of information warfare campaigns. I’m sure this is obvious to true practitioners in this space, and that what I’m describing probably has a formal name and more robust methodology, but I think this is useful just as a quick shortcut for non-experts.
Adam Levin
JULY 23, 2020
The U.S. Justice Department has accused two Chinese hackers of conducting a massive campaign of intellectual property theft, including Covid-19 vaccine research. In the indictment filed in early July and unsealed earlier this week, the Justice Department accused Li Xiaoyu and Dong Jiazhi of stealing terabytes of research and data over the last several years.
Schneier on Security
JULY 22, 2020
Fawkes is a system for manipulating digital images so that they aren't recognized by facial recognition systems. At a high level, Fawkes takes your personal images, and makes tiny, pixel-level changes to them that are invisible to the human eye, in a process we call image cloaking. You can then use these "cloaked" photos as you normally would, sharing them on social media, sending them to friends, printing them or displaying them on digital devices, the same way you would any other photo.
Advertiser: Revenera
In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.
Tech Republic Security
JULY 23, 2020
Malicious attacks disguised as Microsoft Office files increased 176%, according to SonicWall's midyear threat report.
Adam Shostack
JULY 24, 2020
There’s a post from Helen L. of the UK’s NCSC, A sociotechnical approach to cyber security. Her post shares the context of socio-technical approaches, discussed the (re-named) RISCS institute, and shares the current problem book. The post and the problem book are both worth a careful read. (I’m honored to be an advisor to the RISCS Institute, and have had some minor input into the problems book.).
Daniel Miessler
JULY 20, 2020
This is a Member-only episode. Members get the newsletter every week, and have access to the Member Portal with all existing Member content. Non-members get every other episode. Sign in. or…. Become a member and get immediate access. —. If you get value from this content, you can support it directly by becoming a member. Being a member gets you access to the newsletter every week instead of just twice a month, access to the UL Slack Channel, the UL Book Club, the UL Archives, and access to futur
Schneier on Security
JULY 23, 2020
I just co-authored a paper on the legal risks of doing machine learning research, given the current state of the Computer Fraud and Abuse Act: Abstract: Adversarial Machine Learning is booming with ML researchers increasingly targeting commercial ML systems such as those used in Facebook, Tesla, Microsoft, IBM, Google to demonstrate vulnerabilities.
Advertisement
The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.
Tech Republic Security
JULY 21, 2020
By hosting phishing pages at a legitimate cloud service, cybercriminals try to avoid arousing suspicion, says Check Point Research.
Lenny Zeltser
JULY 22, 2020
10 years after the initial release of REMnux , I’m thrilled to announce that REMnux version 7 is now available. This Linux distribution for malware analysis includes hundreds of new and classic tools for examining executables, documents, scripts, and other forms of malicious code. To start using REMnux v7, you can: Download REMnux as a virtual appliance Set up a dedicated REMnux system from scratch Add REMnux to an existing Ubuntu 18.04 host Run REMnux distro as a Docker container.
Security Affairs
JULY 23, 2020
Smartwatch and wearable device maker Garmin had to shut down some of its connected services and call centers following a ransomware attack. On July 23, smartwatch and wearables maker Garmin has shut down several of its services due to a ransomware attack that targeted its internal network and some production systems. “We are currently experiencing an outage that affects Garmin.com and Garmin Connect,” reads a statement published by the company on its website. “This outage also
Jane Frankland
JULY 24, 2020
‘Will you walk into my parlour?” said the Spider to the Fly, ‘Tis the prettiest little parlour that ever you did spy; The way into my parlour is up a winding stair, And I've a many curious things to show when you are there.'. The ‘Spider and the Fly’ is a famous poem by the Victorian author Mary Howitt. First published in 1828, it tells the story of a spider who ensnares a fly through the use of seduction and flattery.
Speaker: Blackberry, OSS Consultants, & Revenera
Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?
Tech Republic Security
JULY 22, 2020
Phishing campaigns, deceptive domains, and malicious apps are just some of the tactics that have taken advantage of the virus and its repercussions, says Check Point Research.
WIRED Threat Level
JULY 22, 2020
Twitter's new policy won't make the conspiracy group disappear. But experts say it could dramatically reduce its ability to spread.
Adam Shostack
JULY 21, 2020
It will come as no surprise to regular readers of this blog that I prefer the written word to audio and video, but 2020 being 2020, I now have a YouTube Channel , with the first video below:
Security Affairs
JULY 20, 2020
Another telco company was hit by a ransomware, roughly 18,000 computers belonging to Telecom Argentina were infected over the weekend. Telecom Argentina , one of the largest internet service providers in Argentina, was hit by a ransomware attack. Ransomware operators infected roughly 18,000 computers during the weekend and now are asking for a $7.5 million ransom.
Advertisement
Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.
Tech Republic Security
JULY 23, 2020
The shadow IT genie is out of the bottle and offers benefits and threats. Learn some tips from the experts on how to effectively harness shadow IT in your company.
WIRED Threat Level
JULY 19, 2020
You deserve privacy. Here's how to check your phone, laptop, and online accounts to make sure no one's looking over your shoulder.
Threatpost
JULY 23, 2020
The flaw exists in Cisco's network security Firepower Threat Defense (FTD) software and its Adaptive Security Appliance (ASA) software.
Security Affairs
JULY 19, 2020
ATM maker Diebold Nixdorf is warning banks a new ATM black box attack technique that was recently employed in cyber thefts in Europe. Black box attacks are a type of jackpotting attack aimed at forcing an ATM to dispense the cash by sending a command through a “black box” device. In this attack, a black box device, such as a mobile device or a Raspberry, is physically connected to the ATM and is used by the attackers to send commands to the machine.
Speaker: Erika R. Bales, Esq.
When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.
Tech Republic Security
JULY 22, 2020
TransUnion surveyed consumers in six countries and found that phishing was the preferred method of attack 27% of the time.
WIRED Threat Level
JULY 24, 2020
A previously unreported Fancy Bear campaign persisted for well over a year—and indicates that the notorious group has broadened its focus.
Dark Reading
JULY 24, 2020
Robotic Process Automation (RPA) is the next big thing in innovation and digital strategy. But what security details are overlooked in the rush to implement bots?
Security Affairs
JULY 24, 2020
ADIF, a Spanish state-owned railway infrastructure manager under the responsibility of the Ministry of Development, was hit by REVil ransomware operators. Administrador de Infraestructuras Ferroviarias (ADIF) , a Spanish state-owned railway infrastructure manager was hit by REVil ransomware operators. ADIF ( Administrador de Infraestructuras Ferroviarias ) is charged with the management of most of Spain’s railway infrastructure, that is the track, signaling and stations.
Speaker: William Hord, Vice President of ERM Services
A well-defined change management process is critical to minimizing the impact that change has on your organization. Leveraging the data that your ERM program already contains is an effective way to help create and manage the overall change management process within your organization. Your ERM program generally assesses and maintains detailed information related to strategy, operations, and the remediation plans needed to mitigate the impact on the organization.
Expert insights. Personalized for you.
363 
Let's personalize your content