Troy Hunt
NOVEMBER 14, 2017
I run a workshop titled Hack Yourself First in which people usually responsible for building web apps get to try their hand at breaking them. As it turns out, breaking websites is a heap of fun (with the obvious caveats) and people really get into the exercises. The first one that starts to push people into territory that's usually unfamiliar to builders is the module on XSS.
Schneier on Security
NOVEMBER 15, 2017
It only took a week : On Friday, Vietnamese security firm Bkav released a blog post and video showing that -- by all appearances -- they'd cracked FaceID with a composite mask of 3-D-printed plastic, silicone, makeup, and simple paper cutouts, which in combination tricked an iPhone X into unlocking. The article points out that the hack hasn't been independently confirmed, but I have no doubt it's true.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
WIRED Threat Level
NOVEMBER 17, 2017
Over the course of four recent congressional hearings, Attorney General Jeff Sessions has somehow forgotten dozens of people, places, and events. Here's all of them in one place.
Thales Cloud Protection & Licensing
NOVEMBER 14, 2017
The tsunami of passwords that exist across every aspect of our digital life means that there’s a thriving underground industry of cyber-criminals trying to get at them. To borrow from Shakespeare’s Macbeth: “Each new morn, new widows howl, new orphans cry, new sorrows slap Internet giants on the face”. The modern era of mass data breaches perhaps began in 2009, with the hack of 32 million account credentials held by software developer RockYou, in which a SQL injection attack revealed that passwo
Speaker: Erroll Amacker
Automation is transforming finance but without strong financial oversight it can introduce more risk than reward. From missed discrepancies to strained vendor relationships, accounts payable automation needs a human touch to deliver lasting value. This session is your playbook to get automation right. We’ll explore how to balance speed with control, boost decision-making through human-machine collaboration, and unlock ROI with fewer errors, stronger fraud prevention, and smoother operations.
Troy Hunt
NOVEMBER 17, 2017
A bit of a "business as usual" week this one, but then this business is never really "usual"! I start out with a talk at McAfee's MPOWER conference in Sydney and a bit of chatter about some upcoming ones (including the one I still can't talk about. but will next week!). In terms of new things, I've now got my hands on an iPhone X so I spend a bunch of time talking about that.
Schneier on Security
NOVEMBER 13, 2017
This is interesting research and data: With Google accounts as a case-study, we teamed up with the University of California, Berkeley to better understand how hijackers attempt to take over accounts in the wild. From March 2016 to March 2017, we analyzed several black markets to see how hijackers steal passwords and other sensitive data. [.]. Our research tracked several black markets that traded third-party password breaches, as well as 25,000 blackhat tools used for phishing and keylogging.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
|
Thales Cloud Protection & Licensing
NOVEMBER 13, 2017
In June of this year, Thales eSecurity joined the Core Infrastructure Initiative (CII), a project both founded and managed by The Linux Foundation, with the aim of collaboratively enhancing and strengthening the security and resilience of critical Open Source projects. Many of the world’s largest technology companies already belong to the CII, with Thales being officially recognised as the first global security firm to join the initiative.
eSecurity Planet
NOVEMBER 16, 2017
Botract attack method revealed at SecTor security conference could enable a botnet to be as resilient and as distributed as the Ethereum blockchain itself.
Schneier on Security
NOVEMBER 16, 2017
This digital security guide by Motherboard is very good. I put alongside EFF's " Surveillance Self-Defense " and John Scott-Railton's " Digital Security Low Hanging Fruit." There's also " Digital Security and Privacy for Human Rights Defenders.". There are too many of these.
WIRED Threat Level
NOVEMBER 14, 2017
A rare court case exposes the all-too-common horror of online harassment that followed when one woman broke off a relationship.
Advertisement
Many cybersecurity awareness platforms offer massive content libraries, yet they fail to enhance employees’ cyber resilience. Without structured, engaging, and personalized training, employees struggle to retain and apply key cybersecurity principles. Phished.io explains why organizations should focus on interactive, scenario-based learning rather than overwhelming employees with excessive content.
Dark Reading
NOVEMBER 15, 2017
Security pros list red flags indicating an insider attack and best practices to protect against accidental and malicious exposure.
eSecurity Planet
NOVEMBER 14, 2017
At SecTor security conference, the Director General for National Cyber Security in the Government of Canada details her government's policies for keeping Canadians safe online.
Schneier on Security
NOVEMBER 14, 2017
The New York Times just published a long article on the Shadow Brokers and their effects on NSA operations. Summary: it's been an operational disaster, the NSA still doesn't know who did it or how, and NSA morale has suffered considerably. This is me on the Shadow Brokers from last May.
WIRED Threat Level
NOVEMBER 14, 2017
Yes, twins can unlock each other's iPhones. But kids accessing their parents' devices raises different concerns.
Advertisement
The DHS compliance audit clock is ticking on Zero Trust. Government agencies can no longer ignore or delay their Zero Trust initiatives. During this virtual panel discussion—featuring Kelly Fuller Gordon, Founder and CEO of RisX, Chris Wild, Zero Trust subject matter expert at Zermount, Inc., and Principal of Cybersecurity Practice at Eliassen Group, Trey Gannon—you’ll gain a detailed understanding of the Federal Zero Trust mandate, its requirements, milestones, and deadlines.
Threatpost
NOVEMBER 14, 2017
Vietnamese security company Bkav says it has built a proof-of-concept mask that fools Apple’s Face ID technology.
eSecurity Planet
NOVEMBER 15, 2017
Complete and total security is impossible, so which IT security technologies will get you to your ideal security posture? We outline your options.
Schneier on Security
NOVEMBER 17, 2017
The White House has released a new version of the Vulnerabilities Equities Process (VEP). This is the inter-agency process by which the US government decides whether to inform the software vendor of a vulnerability it finds, or keep it secret and use it to eavesdrop on or attack other systems. You can read the new policy or the fact sheet , but the best place to start is Cybersecurity Coordinator Rob Joyce's blog post.
WIRED Threat Level
NOVEMBER 12, 2017
"I would say if this is all confirmed, it does mean Face ID is less secure than Touch ID.".
Advertisement
Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.
Lenny Zeltser
NOVEMBER 11, 2017
CrowdStrike acquired Payload Security , the company behind the automated malware analysis sandbox technology Hybrid Analysis , in November 2017. Jan Miller founded Payload Security approximately 3 years earlier. The interview I conducted with Jan in early 2015 captured his mindset at the onset of the journey that led to this milestone. I briefly spoke with Jan again, a few days after the acquisition.
eSecurity Planet
NOVEMBER 17, 2017
The attacks present a particular threat to small businesses.
Dark Reading
NOVEMBER 15, 2017
Updated Vulnerability Equities Process provides transparency into how government will handle new vulnerabilities that it discovers in vendor products and services.
WIRED Threat Level
NOVEMBER 16, 2017
After hackers exposed a way to freeze the delivery service's security cameras, Amazon will push out a fix later this week.
Speaker: Sierre Lindgren
Fraud is a battle that every organization must face – it’s no longer a question of “if” but “when.” Every organization is a potential target for fraud, and the finance department is often the bullseye. From cleverly disguised emails to fraudulent payment requests, the tactics of cybercriminals are advancing rapidly. Drawing insights from real-world cases and industry expertise, we’ll explore the vulnerabilities in your processes and how to fortify them effectively.
Thales Cloud Protection & Licensing
NOVEMBER 16, 2017
Jim DeLorenzo, Solutions Marketing Manager, Thales eSecurity. Today, putting the letters ‘GDPR’ into Google will generate over 420,000 news articles, some detailing the expected impact of the regulation, and others casting doubt on businesses and their readiness. Ahead of the May 2018 legislation, we’ve been asking organisations if they’re #FITforGDPR – whether they’re ready to improve their personal data protections, as well as take on the increased accountability for data breaches, should they
eSecurity Planet
NOVEMBER 15, 2017
The updated NextGen Firewall and Web Application Firewall offerings from Barracuda are ready to tackle cloud application security challenges.
Dark Reading
NOVEMBER 14, 2017
Some 40% of disclosed vulns as of Q3 are rated as severe, new Risk Based Security data shows.
WIRED Threat Level
NOVEMBER 14, 2017
Every OnePlus model except for the original shipped with "Engineer Mode," essentially a backdoor for anyone who get their hands on your device.
Advertisement
Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.
Threatpost
NOVEMBER 15, 2017
Cisco Systems issued patch that fixes a critical vulnerability impacting 12 products running the Cisco Voice Operating System software.
eSecurity Planet
NOVEMBER 15, 2017
The company doesn't yet know how many locations were affected.
Dark Reading
NOVEMBER 17, 2017
Quad9 blocks malicious sites used in phishing, other nefarious activity.
WIRED Threat Level
NOVEMBER 14, 2017
After years of pushing for a more effective emergency alert system, the carriers have finally come around to making improvements.
Advertisement
After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!
Expert insights. Personalized for you.
258 
Let's personalize your content