Schneier on Security

OCTOBER 31, 2019

Interesting story. I always recommend using a random number generator like Fortuna , even if you're using a hardware random source. It's just safer.

221

221

Krebs on Security

OCTOBER 30, 2019

Top domain name registrars NetworkSolutions.com , Register.com and Web.com are asking customers to reset their passwords after discovering an intrusion in August 2019 in which customer account information was accessed. A notice to customers at notice.web.com. “On October 16, 2019, Web.com determined that a third-party gained unauthorized access to a limited number of its computer systems in late August 2019, and as a result, account information may have been accessed,” Web.com said i

Passwords 181

Passwords Accountability Encryption Data breaches 181

Tech Republic Security

NOVEMBER 1, 2019

Capture the Flag challenge encourages women to pursue cybersecurity careers and connects experts with newcomers

Cybersecurity 150

Cybersecurity 150

The Last Watchdog

OCTOBER 29, 2019

If your daily screen time is split between a laptop browser and a smartphone, you may have noticed that a few browser web pages are beginning to match the slickness of their mobile apps. Related: The case for a microservices firewall Netflix and Airbnb are prime examples of companies moving to single-page applications, or SPAs , in order to make their browser webpages as responsive as their mobile apps.

Mobile 140

Mobile Digital transformation Data breaches Firewall 140

Speaker: Erroll Amacker

Automation is transforming finance but without strong financial oversight it can introduce more risk than reward. From missed discrepancies to strained vendor relationships, accounts payable automation needs a human touch to deliver lasting value. This session is your playbook to get automation right. We’ll explore how to balance speed with control, boost decision-making through human-machine collaboration, and unlock ROI with fewer errors, stronger fraud prevention, and smoother operations.

Risk

Schneier on Security

OCTOBER 28, 2019

In an extraordinary essay , the former FBI general counsel Jim Baker makes the case for strong encryption over government-mandated backdoors: In the face of congressional inaction, and in light of the magnitude of the threat, it is time for governmental authorities­ -- including law enforcement­ -- to embrace encryption because it is one of the few mechanisms that the United States and its allies can use to more effectively protect themselves from existential cybersecurity threats, particularly

Encryption 177

Encryption Cybersecurity Internet Internet 177

Krebs on Security

OCTOBER 29, 2019

Reporting on the exposure of some 26 million stolen credit cards leaked from a top underground cybercrime store highlighted some persistent and hard truths. Most notably, that the world’s largest financial institutions tend to have a much better idea of which merchants and bank cards have been breached than do the thousands of smaller banks and credit unions across the United States.

Banking 159

Banking Cybercrime Accountability Technology 159

Security Affairs

OCTOBER 31, 2019

Roughly 21 million login credentials for Fortune 500 companies are available for sale, in plain text, in multiple forums and black market places in the dark web. More than 21 million login credentials belonging to Fortune 500 companies are available for sale in various places on the dark web. Experts at ImmuniWeb discovered that 21,040,296 login credentials for 500 Fortune companies are offered in plain text on multiple services in the dark web.

Passwords 106

Passwords Telecommunications Advertising Retail 106

Schneier on Security

OCTOBER 30, 2019

WhatsApp is suing the Israeli cyberweapons arms manufacturer NSO Group in California court: WhatsApp's lawsuit, filed in a California court on Tuesday, has demanded a permanent injunction blocking NSO from attempting to access WhatsApp computer systems and those of its parent company, Facebook. It has also asked the court to rule that NSO violated US federal law and California state law against computer fraud, breached their contracts with WhatsApp and "wrongfully trespassed" on Facebook's prope

Manufacturing 146

Manufacturing Spyware Hacking 146

Adam Shostack

NOVEMBER 1, 2019

Recently, I’ve seen four cybersecurity approaches for medical devices, and we can learn by juxtaposing them. The Principles and Practices for Medical Device Cybersecurity is a process-centered and comprehensive document from the International Medical Device Regulators Forum. It covers pre- and post- market considerations, as well as information sharing and coordinated vuln disclosure.

Manufacturing 100

Manufacturing Marketing Software Cybersecurity 100

Tech Republic Security

OCTOBER 29, 2019

The ServiceNow and Ponemon study found an average 24% increase in cybersecurity spending and a 17% rise in attacks.

Cybersecurity 133

Cybersecurity 133

Advertisement

Many cybersecurity awareness platforms offer massive content libraries, yet they fail to enhance employees’ cyber resilience. Without structured, engaging, and personalized training, employees struggle to retain and apply key cybersecurity principles. Phished.io explains why organizations should focus on interactive, scenario-based learning rather than overwhelming employees with excessive content.

Cyber threats

Daniel Miessler

OCTOBER 28, 2019

This is UL Member Content Subscribe Already a member? Login No related posts.

Information Security 100

Information Security 100

Schneier on Security

NOVEMBER 1, 2019

Kathryn Waldron at R Street has collected all of the different resources and methodologies for measuring cybersecurity.

Cybersecurity 137

Cybersecurity 137

Adam Shostack

OCTOBER 28, 2019

The Economist Reflects on Liberalism is the sort of in-depth writing and thinking that makes the magazine so great: “ Reinventing Liberalism for the 21st century.” Evading Machine Learning Malware Classifiers , from the winner of the Defcon Machine Learning Static Evasion Competition. The general counsel of the NSA and former general counsel of the FBI have editorials on encryption.

Encryption 100

Encryption Malware 100

Tech Republic Security

OCTOBER 29, 2019

Learn how to make specific folders and files on OneDrive more secure by using Personal Vault.

128

128

Advertisement

The DHS compliance audit clock is ticking on Zero Trust. Government agencies can no longer ignore or delay their Zero Trust initiatives. During this virtual panel discussion—featuring Kelly Fuller Gordon, Founder and CEO of RisX, Chris Wild, Zero Trust subject matter expert at Zermount, Inc., and Principal of Cybersecurity Practice at Eliassen Group, Trey Gannon—you’ll gain a detailed understanding of the Federal Zero Trust mandate, its requirements, milestones, and deadlines.

Cybersecurity

Daniel Miessler

OCTOBER 27, 2019

[advanced_iframe src=”[link] width=”100%” height=”7000px”] No related posts.

Information Security 100

Information Security 100

Schneier on Security

OCTOBER 29, 2019

The Carnegie Endowment for Peace published a comprehensive report on ICT (information and communication technologies) supply-chain security and integrity. It's a good read, but nothing that those who are following this issue don't already know.

Technology 131

Technology 131

Security Affairs

OCTOBER 31, 2019

Two hackers have pleaded guilty to hacking Uber and LinkedIn’s Lynda.com service in 2016 and attempted to extort money from the two companies. Brandon Charles Glover and Vasile Mereacre are two hackers that have pleaded guilty to hacking Uber and LinkedIn’s Lynda.com service in 2016. The defendants have also attempted to extort money from the companies requesting them to pay ‘bug bounties’ to avoid publicly disclose the data breaches.

Data breaches 96

Data breaches Hacking Advertising Accountability 96

Tech Republic Security

OCTOBER 31, 2019

Locating and blocking unwanted open ports in Linux should be a task every network admin knows how to do.

122

122

Advertisement

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

Passwords

Thales Cloud Protection & Licensing

OCTOBER 31, 2019

We’ve all watched a horror film and said “why are you doing that?!” as the main characters walk aimlessly down to a basement filled with chain saws or shouted, “are you stupid?!!” as they decide that it’s a good idea to hitchhike alone in the dark. While these fictional horror stories are created simply to frighten the audience, real-world businesses are just as guilty of making naïve decisions when it comes to protecting sensitive data, but with very scary consequences that exist.

Encryption 88

Encryption Backups Authentication Data privacy 88

WIRED Threat Level

OCTOBER 29, 2019

Alexa, Siri, and Google Assistant now all give you ways to opt out of human transcription of your voice snippets. Do it.

Artificial Intelligence 76

Artificial Intelligence 76

Security Affairs

OCTOBER 26, 2019

asty PHP7 remote code execution bug exploited in the wild. Experts warn of a remote code execution vulnerability in PHP7, tracked as CVE-2019-11043, has been exploited in attacks in the wild. A remote code execution vulnerability in PHP7, tracked as CVE-2019-11043, has been exploited in attacks in the wild. On October 22, the security expert Omar Ganiev announced via Twitter the availability of a “freshly patched” remote code execution vulnerability in PHP-FPM , the FastCGI Process Manager

Hacking 88

Hacking Advertising Information Security 88

Tech Republic Security

OCTOBER 30, 2019

Jack Wallen offers up his best advice for avoiding malware on Android.

Malware 122

Malware 122

Speaker: Sierre Lindgren

Fraud is a battle that every organization must face – it’s no longer a question of “if” but “when.” Every organization is a potential target for fraud, and the finance department is often the bullseye. From cleverly disguised emails to fraudulent payment requests, the tactics of cybercriminals are advancing rapidly. Drawing insights from real-world cases and industry expertise, we’ll explore the vulnerabilities in your processes and how to fortify them effectively.

Scams

Thales Cloud Protection & Licensing

OCTOBER 29, 2019

Today, I’m excited to share that Ground Labs , a market leader in data discovery has entered a strategic partnership with Thales. Our joint objective is to empower the discovery and remediation of sensitive data. Unlike alternative solutions that can leave sensitive data exposed or compromised, the joint solution will enable organizations to automatically find and classify sensitive data across heterogeneous environments, understand the risks, and mitigate them through policy-based remediation…a

Risk 86

Risk Big data Technology Data privacy 86

WIRED Threat Level

OCTOBER 28, 2019

Fancy Bear has attacked 16 anti-doping agencies around the world, indicating that its Olympics grudge is far from over.

Hacking 76

Hacking 76

Security Affairs

NOVEMBER 1, 2019

One of the two flaws in Chrome addressed by Google, CVE-2019-13720, was exploited in a campaign that experts attribute to Korea-linked threat actors. This week Google released security updates to address two high severity vulnerabilities in the Chrome browser, one of which is a zero-day flaw actively exploited in attacks in the wild to hijack computers.

Advertising 79

Advertising Encryption Hacking Information Security 79

Tech Republic Security

OCTOBER 31, 2019

Reported cyberattacks against K-12 schools in the US have hit 301 so far in 2019 compared to 124 in 2018 and 218 in 2017, according to a new report from security provider Barracuda Networks.

122

122

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Software

Dark Reading

OCTOBER 28, 2019

The database was open for approximately one week before the problem was discovered.

66

66

WIRED Threat Level

OCTOBER 28, 2019

As data hijackers continue to target local governments and hospitals, legislators remain stymied over how best to address the problem.

Ransomware 73

Ransomware Government 73

Security Affairs

NOVEMBER 1, 2019

Google released security updates to address two high severity flaws in Chrome, one of which is actively exploited in attacks in the wild to hijack computers. Google released security updates to address two high severity vulnerabilities in the Chrome browser, one of which is a zero-day flaw actively exploited in attacks in the wild to hijack computers.

Advertising 76

Advertising Hacking Information Security 76

Tech Republic Security

OCTOBER 28, 2019

Alternative data allows businesses to discover trends and financial opportunities without compromising consumer privacy. Tom Merritt explains the five things you need to know about alternative data.

122

122

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!