Schneier on Security
NOVEMBER 15, 2017
It only took a week : On Friday, Vietnamese security firm Bkav released a blog post and video showing that -- by all appearances -- they'd cracked FaceID with a composite mask of 3-D-printed plastic, silicone, makeup, and simple paper cutouts, which in combination tricked an iPhone X into unlocking. The article points out that the hack hasn't been independently confirmed, but I have no doubt it's true.
Troy Hunt
NOVEMBER 17, 2017
A bit of a "business as usual" week this one, but then this business is never really "usual"! I start out with a talk at McAfee's MPOWER conference in Sydney and a bit of chatter about some upcoming ones (including the one I still can't talk about. but will next week!). In terms of new things, I've now got my hands on an iPhone X so I spend a bunch of time talking about that.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
WIRED Threat Level
NOVEMBER 17, 2017
Over the course of four recent congressional hearings, Attorney General Jeff Sessions has somehow forgotten dozens of people, places, and events. Here's all of them in one place.
Thales Cloud Protection & Licensing
NOVEMBER 14, 2017
The tsunami of passwords that exist across every aspect of our digital life means that there’s a thriving underground industry of cyber-criminals trying to get at them. To borrow from Shakespeare’s Macbeth: “Each new morn, new widows howl, new orphans cry, new sorrows slap Internet giants on the face”. The modern era of mass data breaches perhaps began in 2009, with the hack of 32 million account credentials held by software developer RockYou, in which a SQL injection attack revealed that passwo
Advertisement
How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.
Schneier on Security
NOVEMBER 13, 2017
This is interesting research and data: With Google accounts as a case-study, we teamed up with the University of California, Berkeley to better understand how hijackers attempt to take over accounts in the wild. From March 2016 to March 2017, we analyzed several black markets to see how hijackers steal passwords and other sensitive data. [.]. Our research tracked several black markets that traded third-party password breaches, as well as 25,000 blackhat tools used for phishing and keylogging.
Lenny Zeltser
NOVEMBER 11, 2017
CrowdStrike acquired Payload Security , the company behind the automated malware analysis sandbox technology Hybrid Analysis , in November 2017. Jan Miller founded Payload Security approximately 3 years earlier. The interview I conducted with Jan in early 2015 captured his mindset at the onset of the journey that led to this milestone. I briefly spoke with Jan again, a few days after the acquisition.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
Thales Cloud Protection & Licensing
NOVEMBER 13, 2017
In June of this year, Thales eSecurity joined the Core Infrastructure Initiative (CII), a project both founded and managed by The Linux Foundation, with the aim of collaboratively enhancing and strengthening the security and resilience of critical Open Source projects. Many of the world’s largest technology companies already belong to the CII, with Thales being officially recognised as the first global security firm to join the initiative.
Schneier on Security
NOVEMBER 14, 2017
The New York Times just published a long article on the Shadow Brokers and their effects on NSA operations. Summary: it's been an operational disaster, the NSA still doesn't know who did it or how, and NSA morale has suffered considerably. This is me on the Shadow Brokers from last May.
Dark Reading
NOVEMBER 15, 2017
Security pros list red flags indicating an insider attack and best practices to protect against accidental and malicious exposure.
WIRED Threat Level
NOVEMBER 14, 2017
Every OnePlus model except for the original shipped with "Engineer Mode," essentially a backdoor for anyone who get their hands on your device.
Advertiser: Revenera
In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.
Thales Cloud Protection & Licensing
NOVEMBER 16, 2017
Jim DeLorenzo, Solutions Marketing Manager, Thales eSecurity. Today, putting the letters ‘GDPR’ into Google will generate over 420,000 news articles, some detailing the expected impact of the regulation, and others casting doubt on businesses and their readiness. Ahead of the May 2018 legislation, we’ve been asking organisations if they’re #FITforGDPR – whether they’re ready to improve their personal data protections, as well as take on the increased accountability for data breaches, should they
Schneier on Security
NOVEMBER 16, 2017
This digital security guide by Motherboard is very good. I put alongside EFF's " Surveillance Self-Defense " and John Scott-Railton's " Digital Security Low Hanging Fruit." There's also " Digital Security and Privacy for Human Rights Defenders.". There are too many of these.
Dark Reading
NOVEMBER 15, 2017
Updated Vulnerability Equities Process provides transparency into how government will handle new vulnerabilities that it discovers in vendor products and services.
WIRED Threat Level
NOVEMBER 14, 2017
A rare court case exposes the all-too-common horror of online harassment that followed when one woman broke off a relationship.
Advertisement
The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.
Threatpost
NOVEMBER 14, 2017
Vietnamese security company Bkav says it has built a proof-of-concept mask that fools Apple’s Face ID technology.
Schneier on Security
NOVEMBER 17, 2017
The White House has released a new version of the Vulnerabilities Equities Process (VEP). This is the inter-agency process by which the US government decides whether to inform the software vendor of a vulnerability it finds, or keep it secret and use it to eavesdrop on or attack other systems. You can read the new policy or the fact sheet , but the best place to start is Cybersecurity Coordinator Rob Joyce's blog post.
eSecurity Planet
NOVEMBER 14, 2017
At SecTor security conference, the Director General for National Cyber Security in the Government of Canada details her government's policies for keeping Canadians safe online.
WIRED Threat Level
NOVEMBER 14, 2017
Yes, twins can unlock each other's iPhones. But kids accessing their parents' devices raises different concerns.
Speaker: Blackberry, OSS Consultants, & Revenera
Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?
Kali Linux
NOVEMBER 14, 2017
Users often request the addition of vulnerability scanners to Kali, most notably the ones that begin with “N”, but due to licensing constraints, we do not include them in the distribution. Fortunately, Kali includes the very capable OpenVAS , which is free and Open-source. Although we briefly covered OpenVAS in the past , we decided to devote a more thorough post to its setup and how to use it more effectively.
Dark Reading
NOVEMBER 17, 2017
The canary in the coalmine died 12 years ago, the law went into effect 19 months ago, but many organizations still won't be ready for the new privacy regulations when enforcement begins in May.
eSecurity Planet
NOVEMBER 16, 2017
Botract attack method revealed at SecTor security conference could enable a botnet to be as resilient and as distributed as the Ethereum blockchain itself.
WIRED Threat Level
NOVEMBER 16, 2017
After hackers exposed a way to freeze the delivery service's security cameras, Amazon will push out a fix later this week.
Advertisement
Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.
Threatpost
NOVEMBER 14, 2017
This month, Microsoft's Patch Tuesday updates tackle fixes for 53 security bugs in Windows, Office, Internet Explorer, Edge, ASP.NET Core,NET Core, and its Chackra Core browser engine.
Dark Reading
NOVEMBER 16, 2017
Understanding how bad guys reuse infrastructure will show you the areas of your network to target when investigating new threats and reiteration of old malware.
eSecurity Planet
NOVEMBER 15, 2017
Complete and total security is impossible, so which IT security technologies will get you to your ideal security posture? We outline your options.
WIRED Threat Level
NOVEMBER 12, 2017
"I would say if this is all confirmed, it does mean Face ID is less secure than Touch ID.".
Speaker: Erika R. Bales, Esq.
When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.
Threatpost
NOVEMBER 14, 2017
Phone maker OnePlus is being blasted for leaving a developer debugging app on its handsets allowing phones to be rooted by an attacker with physical access to the device.
Dark Reading
NOVEMBER 16, 2017
Kaspersky Lab's internal investigation found a backdoor Trojan and other malware on the personal computer of the NSA employee who took home agency hacking tools.
eSecurity Planet
NOVEMBER 15, 2017
The updated NextGen Firewall and Web Application Firewall offerings from Barracuda are ready to tackle cloud application security challenges.
WIRED Threat Level
NOVEMBER 14, 2017
After years of pushing for a more effective emergency alert system, the carriers have finally come around to making improvements.
Speaker: William Hord, Vice President of ERM Services
A well-defined change management process is critical to minimizing the impact that change has on your organization. Leveraging the data that your ERM program already contains is an effective way to help create and manage the overall change management process within your organization. Your ERM program generally assesses and maintains detailed information related to strategy, operations, and the remediation plans needed to mitigate the impact on the organization.
Expert insights. Personalized for you.
182 
Let's personalize your content