Schneier on Security

FEBRUARY 11, 2020

The Swiss cryptography firm Crypto AG sold equipment to governments and militaries around the world for decades after World War II. They were owned by the CIA: But what none of its customers ever knew was that Crypto AG was secretly owned by the CIA in a highly classified partnership with West German intelligence. These spy agencies rigged the company's devices so they could easily break the codes that countries used to send encrypted messages.

Encryption 355

Encryption Government Accountability 355

Troy Hunt

FEBRUARY 11, 2020

I don't know exactly why the recent uptick, but lately I've had a bunch of people ask me if I've tried the Brave web browser. Why they'd ask me that is much more obvious: Brave is a privacy-focused browser that nukes ads and trackers. It also has some cool built-in stuff like the ability to create a new private browsing window in Tor rather than just your classic incognito window that might ditch all your cookies and browsing history but still connect to the internet directly from your own IP ad

Internet 256

Internet Internet 256

Adam Levin

FEBRUARY 10, 2020

As if cybersecurity weren’t already a red-letter issue, the United States and, most likely, its allies–in other words, the global economic community–are in Iran’s cyber sites, a major player in cyber warfare and politically divisive disinformation campaigns. The “slap” as Ayatollah Ali Khamenei described it was a ballistic missile attack on a target that had three hours to get out of harm’s way.

Passwords 245

Passwords Phishing Password Management Accountability 245

Krebs on Security

FEBRUARY 10, 2020

The U.S. Justice Department today unsealed indictments against four Chinese officers of the People’s Liberation Army (PLA) accused of perpetrating the 2017 hack against consumer credit bureau Equifax that led to the theft of personal data on nearly 150 million Americans. DOJ officials said the four men were responsible for carrying out the largest theft of sensitive personal information by state-sponsored hackers ever recorded.

Hacking 233

Hacking Identity Theft Government Phishing 233

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Schneier on Security

FEBRUARY 14, 2020

Interesting collision of real-world and Internet security: The ceremony sees several trusted internet engineers (a minimum of three and up to seven) from across the world descend on one of two secure locations -- one in El Segundo, California, just south of Los Angeles, and the other in Culpeper, Virginia -- both in America, every three months. Once in place, they run through a lengthy series of steps and checks to cryptographically sign the digital key pairs used to secure the internet's root z

Internet 323

Internet Internet Engineering DNS 323

Adam Shostack

FEBRUARY 11, 2020

My course, “ Repudiation in Depth ” is now live on Linkedin Learning. This is the fourth course I’ve created, starting with “ Learning Threat Modeling “, and courses on “ spoofing “, “ tampering “, and now, repudiation. (You can probably see where this is going, and I’m making great strides towards the goal.

Engineering 225

Engineering Software 225

Krebs on Security

FEBRUARY 14, 2020

In May 2013, the U.S. Justice Department seized Liberty Reserve , alleging the virtual currency service acted as a $6 billion financial hub for the cybercrime world. Prompted by assurances that the government would one day afford Liberty Reserve users a chance to reclaim any funds seized as part of the takedown, KrebsOnSecurity filed a claim shortly thereafter to see if and when this process might take place.

Identity Theft 207

Identity Theft Government Scams Cybercrime 207

Schneier on Security

FEBRUARY 12, 2020

Motherboard has a long article on apps -- Edison, Slice, and Cleanfox -- that spy on your email by scraping your screen, and then sell that information to others: Some of the companies listed in the J.P. Morgan document sell data sourced from "personal inboxes," the document adds. A spokesperson for J.P. Morgan Research, the part of the company that created the document, told Motherboard that the research "is intended for institutional clients.

Marketing 304

Marketing Surveillance 304

Tech Republic Security

FEBRUARY 10, 2020

If you don't follow these Kubernetes deployments security best practices from Portshift, your containers, their underlying technologies, and your data could be at risk.

Technology 198

Technology Risk 198

Daniel Miessler

FEBRUARY 10, 2020

[advanced_iframe src=”[link] width=”100%”]. —. If you get value from this content, you can support it directly by becoming a member. Being a member gets you access to the newsletter every week instead of just twice a month, access to the UL Slack Channel, the UL Book Club, the UL Archives, and access to future member-only content.

Information Security 130

Information Security 130

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

Security Affairs

FEBRUARY 9, 2020

Iran comes under cyber-attack again, a massive offensive brought down a large portion of the Iranian access to the Internet. Iran infrastructures are under attack, a massive cyberattack brought down a large portion of the Iranian access to the Internet, according to the experts the national connectivity fell to 75%. The N etBlocks internet observatory, which tracks disruptions and shutdowns, observed yesterday (February 8, 2019) a massive outage of the country’s connectivity to the Interne

DDOS 139

DDOS Internet Internet Telecommunications 139

Schneier on Security

FEBRUARY 10, 2020

Last month, engineers at Google published a very curious privacy bug in Apple's Safari web browser. Apple's Intelligent Tracking Prevention, a feature designed to reduce user tracking, has vulnerabilities that themselves allow user tracking. Some details : ITP detects and blocks tracking on the web. When you visit a few websites that happen to load the same third-party resource, ITP detects the domain hosting the resource as a potential tracker and from then on sanitizes web requests to that dom

Architecture 275

Architecture Engineering Surveillance 275

Tech Republic Security

FEBRUARY 11, 2020

As an alternative to an on-site DNS server, this cloud-hosted DNS service lets you block, filter, and analyze activity across your network and devices.

DNS 181

DNS 181

WIRED Threat Level

FEBRUARY 14, 2020

The encryption app is putting a $50 million infusion from WhatsApp cofounder Brian Acton to good use, building out features to help it go mainstream.

Encryption 144

Encryption 144

Advertisement

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

Healthcare

Security Affairs

FEBRUARY 13, 2020

Microsoft is recommending administrators to disable the SMBv1 network communication protocol on Exchange servers to prevent malware attacks. Microsoft is urging administrators to disable the SMBv1 protocol on Exchange servers as a countermeasure against malware threats like TrickBot and Emotet. “To make sure that your Exchange organization is better protected against the latest threats (for example Emotet, TrickBot or WannaCry to name a few) we recommend disabling SMBv1 if it’s enabled on

Authentication 131

Authentication Malware Advertising Hacking 131

Schneier on Security

FEBRUARY 13, 2020

The United States is one of the few democracies without some formal data protection agency, and we need one. Senator Gillibrand just proposed creating one.

286

286

Tech Republic Security

FEBRUARY 13, 2020

CEOs are generally from a finance/business track, rather than a technology one--why their traditional agenda and practices must change.

Technology 192

Technology 192

Threatpost

FEBRUARY 14, 2020

Flaws in the blockchain app some states plan to use in the 2020 election allow bad actors to alter or cancel someone’s vote or expose their private info.

Encryption 118

Encryption Mobile Hacking 118

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

Cybersecurity

Security Affairs

FEBRUARY 13, 2020

The popular Italian hacktivist collective LulzSec ITA claimed via Twitter to have hacked three Italian universities. The popular Italian hacktivist collective LulzSec ITA has announced via Twitter the hack of three Italian universities, highlighting the importance of the cybersecurity for our society. Abbiamo fatto visita a @UnivRoma3 , nella speranza che oltre alla sicurezza, possa migliorare anche il futuro dei nostri giovani!

Hacking 129

Hacking Data breaches Advertising Education 129

Schneier on Security

FEBRUARY 14, 2020

This is a current list of where and when I am scheduled to speak: I'll be at RSA Conference 2020 in San Francisco. On Wednesday, February 26, at 2:50 PM, I'll be part of a panel on "How to Reduce Supply Chain Risk: Lessons from Efforts to Block Huawei." On Thursday, February 27, at 9:20 AM, I'm giving a keynote on "Hacking Society.". I'm speaking at SecIT by Heise in Hannover, Germany on March 26, 2020.

Risk 202

Risk Hacking 202

Tech Republic Security

FEBRUARY 13, 2020

The Identity Theft Resource Center warns that businesses of all sizes should be vigilant about data security. The COO offers advice about passwords, cloud security, and patch management.

Password Management 162

Password Management Passwords Identity Theft Data breaches 162

Thales Cloud Protection & Licensing

FEBRUARY 11, 2020

The shift toward cloud-native applications is changing the building blocks of IT. Development and maintenance of infrastructure and applications in-house just isn’t an option anymore in many cases. Cloud-native application development and the use of containers and orchestration frameworks like Kubernetes offer undeniable advantages in performance, portability and scale.

Authentication 101

Authentication Encryption Risk Software 101

Advertisement

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

Cybersecurity

Security Affairs

FEBRUARY 13, 2020

Huawei can secretly tap into communications through the networking equipment, states a U.S. official , while White House urge allies to ban the Chinese giant. This week The Wall Street Journal reported that U.S. officials say Huawei can covertly access telecom networks where its equipment is installed. “U.S. officials say Huawei Technologies Co. can covertly access mobile-phone networks around the world through “back doors” designed for use by law enforcement, as Washington tries to persua

Manufacturing 128

Manufacturing Advertising Surveillance Architecture 128

Threatpost

FEBRUARY 10, 2020

The new tactic used by Emotet allows the malware to infect nearby insecure Wi-Fi networks - and their devices - via brute force loops.

Hacking 119

Hacking Malware Passwords Ransomware 119

Tech Republic Security

FEBRUARY 14, 2020

Researchers say hackers can alter, stop, or expose how an individual user has voted through the Voatz app.

211

211

WIRED Threat Level

FEBRUARY 11, 2020

Equifax. Anthem. Marriott. OPM. The data that China has amassed about US citizens will power its intelligence activities for a generation.

Hacking 111

Hacking 111

Speaker: Erika R. Bales, Esq.

When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.

Security Affairs

FEBRUARY 8, 2020

Hackers have infected with a piece of malware some IoT devices running Windows 7 designed by three of the world’s largest manufacturers. Security experts from TrapX reported that some IoT devices running Windows 7 have been infected with a piece of malware, is it a supply chain attack? The experts reported that several IoT devices at some major manufacturers have been infected with a cryptocurrency miner in October 2019.

Manufacturing 123

Manufacturing IoT Malware Cryptocurrency 123

Thales Cloud Protection & Licensing

FEBRUARY 12, 2020

The shift toward cloud-native applications is changing the building blocks of IT. Development and maintenance of infrastructure and applications in-house just isn’t an option anymore in many cases. Cloud-native application development and the use of containers and orchestration frameworks like Kubernetes offer undeniable advantages in performance, portability and scale.

Authentication 91

Authentication Encryption Risk Software 91

Tech Republic Security

FEBRUARY 11, 2020

Security and compliance are key factors to consider when outsourcing your data center, according to a report from data center provider US Signal.

177

177

Threatpost

FEBRUARY 13, 2020

A new Data Protection Agency would overhaul federal regulation efforts around data privacy - but experts are skeptical that the U.S. government can get it right.

Data privacy 101

Data privacy Government 101

Speaker: William Hord, Vice President of ERM Services

A well-defined change management process is critical to minimizing the impact that change has on your organization. Leveraging the data that your ERM program already contains is an effective way to help create and manage the overall change management process within your organization. Your ERM program generally assesses and maintains detailed information related to strategy, operations, and the remediation plans needed to mitigate the impact on the organization.

Risk