Schneier on Security
FEBRUARY 28, 2020
Google presented its system of using deep-learning techniques to identify malicious email attachments: At the RSA security conference in San Francisco on Tuesday, Google's security and anti-abuse research lead Elie Bursztein will present findings on how the new deep-learning scanner for documents is faring against the 300 billion attachments it has to process each week.
Krebs on Security
FEBRUARY 28, 2020
The U.S. Federal Communications Commission (FCC) today proposed fines of more than $200 million against the nation’s four largest wireless carriers for selling access to their customers’ location information without taking adequate precautions to prevent unauthorized access to that data. While the fines would be among the largest the FCC has ever levied, critics say the penalties don’t go far enough to deter wireless carriers from continuing to sell customer location data.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Troy Hunt
FEBRUARY 25, 2020
Back in 2016, I wrote a blog post about the Martin Lewis Money show featuring HIBP and how it drove an unprecedented spike of traffic to the service, ultimately knocking it offline for a brief period of time. They'd given me a heads up as apparently, that's what the program has a habit of doing: I Just wanted to get in contact to let you know we're featuring 'have I been pwned?
Adam Levin
FEBRUARY 25, 2020
The number of stalkerware apps detected on smartphones increased in 2019, a full 60% over the previous year according to a new report released by Kaspersky Labs. . The anti-virus company’s annual mobile malware report said stalkerware reports increased from 40,286 in 2019 to 67,500 in 2019, figures derived from data gleaned from Kaspersky product users that consented to provide statistical data for research purposes.
Advertisement
How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.
Schneier on Security
FEBRUARY 25, 2020
This is good news : Whenever you visit a website -- even if it's HTTPS enabled -- the DNS query that converts the web address into an IP address that computers can read is usually unencrypted. DNS-over-HTTPS, or DoH, encrypts the request so that it can't be intercepted or hijacked in order to send a user to a malicious site. [.]. But the move is not without controversy.
Krebs on Security
FEBRUARY 26, 2020
On Monday, networking hardware maker Zyxel released security updates to plug a critical security hole in its network attached storage (NAS) devices that is being actively exploited by crooks who specialize in deploying ransomware. Today, Zyxel acknowledged the same flaw is present in many of its firewall products. This week’s story on the Zyxel patch was prompted by the discovery that exploit code for attacking the flaw was being sold in the cybercrime underground for $20,000.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
Tech Republic Security
FEBRUARY 27, 2020
Facebook is the latest tech company to cancel or withdraw from a conference as tech trade shows around the globe are impacted by novel coronavirus (COVID-19). Here's what you need to know.
Schneier on Security
FEBRUARY 24, 2020
The Times of London is reporting that Russian agents are in Ireland probing transatlantic communications cables. Ireland is the landing point for undersea cables which carry internet traffic between America, Britain and Europe. The cables enable millions of people to communicate and allow financial transactions to take place seamlessly. Garda and military sources believe the agents were sent by the GRU, the military intelligence branch of the Russian armed forces which was blamed for the nerve a
Adam Levin
FEBRUARY 24, 2020
The U.S. Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) issued an advisory following a ransomware attack on a natural gas compression facility. In the warning, CISA announced that a “cyber threat actor used a Spearphising Link to obtain initial access to the organization’s information technology (IT) network before pivoting to its OT network.
Adam Shostack
FEBRUARY 26, 2020
As a member of the BlackHat Review Board, I would love to see more work on Human Factors presented there. Over the past few years, we’ve developed an interesting track with good material year over year. The 2020 call for papers is open and closes April 6th. I wrote a short blog post on what we look for. The BlackHat CFP calls for work which has not been published elsewhere.
Advertiser: Revenera
In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.
Tech Republic Security
FEBRUARY 24, 2020
Google's reCAPTCHA Enterprise and Web Risk API get a general release; Chronicle Security gets boosts from new threat detection and timelining features.
Schneier on Security
FEBRUARY 28, 2020
For years, Humble Bundle has been selling great books at a "pay what you can afford" model. This month, they're featuring as many as nineteen cybersecurity books for as little as $1, including four of mine. These are digital copies, all DRM-free. Part of the money goes to support the EFF or Let's Encrypt. (The default is 15%, and you can change that.
Adam Levin
FEBRUARY 27, 2020
The global coronavirus pandemic has created a fertile field for cybercriminals seeking to prey upon the fears of their victims. In the latest episode of Third Certainty, Adam Levin discusses how people can protect themselves online. The post Protecting Against Coronavirus Scams – Third Certainty #12 appeared first on Adam Levin.
Daniel Miessler
FEBRUARY 25, 2020
[advanced_iframe src=”[link] width=”100%”]. —. If you get value from this content, you can support it directly by becoming a member. Being a member gets you access to the newsletter every week instead of just twice a month, access to the UL Slack Channel, the UL Book Club, the UL Archives, and access to future member-only content.
Advertisement
The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.
Tech Republic Security
FEBRUARY 25, 2020
For security reasons, you might need to create a Linux user without the ability to log in. Jack Wallen shows you how.
Schneier on Security
FEBRUARY 27, 2020
This law journal article discusses the role of class-action litigation to secure the Internet of Things. Basically, the article postulates that (1) market realities will produce insecure IoT devices, and (2) political failures will leave that industry unregulated. Result: insecure IoT. It proposes proactive class action litigation against manufacturers of unsafe and unsecured IoT devices before those devices cause unnecessary injury or death.
The Last Watchdog
FEBRUARY 24, 2020
Along with Richard Stiennon , I belong to a small circle of journalists and tech industry analysts who’ve been paying close attention to cybersecurity since Bill Gates curtailed commercial work on Windows to rivet Microsoft’s attention on defending its software code. Related: The role of PKI is securing digital transformation That was in 2002. Back then, email spam was a nuisance evolving into a potent attack vector, and the top malware innovators were script kiddies seeking bragging rights.
WIRED Threat Level
FEBRUARY 26, 2020
Security analyst John Strand had a contract to test a correctional facility’s defenses. He sent the best person for the job: his mother.
Speaker: Blackberry, OSS Consultants, & Revenera
Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?
Tech Republic Security
FEBRUARY 28, 2020
Vishal Salvi says investing time and developing influence are the keys to making the shift to a secure-by-design mindset.
Security Affairs
FEBRUARY 22, 2020
The infamous Joker malware has found a way to bypass the security checks to be published in the official Play Store, new clicker was found by experts. The fight to the Joker malware (aka Bread) begun in September 2019 when security experts at Google removed from the official Play Store 24 apps because they were infected with a new spyware tracked as “ the Joker. ”.
Elie
FEBRUARY 25, 2020
This talk provides a comprehensive analysis of the malicious documents that target users and corporate inboxes, an in-depth analysis of the latest evasion tactics used by attackers and what Google is doing about it.
Dark Reading
FEBRUARY 24, 2020
Server-side request forgery is a dangerous attack method that is also becoming an issue for the cloud. Here are some of the basics to help keep your Web server from turning against you.
Advertisement
Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.
Tech Republic Security
FEBRUARY 24, 2020
Cisco's 2020 CISO Benchmark Study links a robust patch policy and collaboration to smaller data breaches.
Security Affairs
FEBRUARY 24, 2020
The FBI recommends using longer passwords composed of multiple words into a long string of at least 15 characters instead of short passwords including special characters. Recent guidance from the National Institute of Standards and Technology (NIST) highlights that the password length is much more important than password complexity. The recommendations are part of the Protected Voices initiative launched by the FBI to help 2020 political campaigns and American voters protect against online forei
Elie
FEBRUARY 24, 2020
Everyday Gmail defenses analyze billions of attachments to prevent malicious documents from reaching the inboxes of its users whether they are end-users or corporate ones. This talk provides a comprehensive analysis of the malicious documents that target users and corporate inboxes, an in-depth analysis of the latest evasion tactics used by attackers and what Google is doing about it.
Dark Reading
FEBRUARY 24, 2020
Security experts discuss the threats putting mobile devices at risk and how businesses can better defend against them.
Speaker: Erika R. Bales, Esq.
When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.
Tech Republic Security
FEBRUARY 27, 2020
Spam, ransomware, and malware continue to haunt organizations, but bad actors are also cooking up new spins on these tried-and-true methods, according to security company Fortinet.
Security Affairs
FEBRUARY 22, 2020
Google announced to have removed nearly 600 Android apps in the official Play Store that were violating two ad-related policies. Google removed from the official Play Store nearly 600 Android apps that were violating two ad-related policies, it also banned the same apps from Google AdMob and Google Ad Manager. “As part of our ongoing efforts — along with help from newly developed technologies — today we’re announcing nearly 600 apps have been removed from the Google Play Store and banned f
Threatpost
FEBRUARY 28, 2020
The security industry has the perfect skillset and adversarial defense outlook to deal with some of the emerging societal issues in today's world, said security technologist Bruce Schneier.
Dark Reading
FEBRUARY 26, 2020
Good security programs start with a mindset that it's not about the tools, it's what you do with them. Here's how to get out of a reactive fire-drill mode with vulnerability management.
Speaker: William Hord, Vice President of ERM Services
A well-defined change management process is critical to minimizing the impact that change has on your organization. Leveraging the data that your ERM program already contains is an effective way to help create and manage the overall change management process within your organization. Your ERM program generally assesses and maintains detailed information related to strategy, operations, and the remediation plans needed to mitigate the impact on the organization.
Expert insights. Personalized for you.
302 
Let's personalize your content